This document introduces bgpdump2, a tool for full BGP route comparison written in C. It provides several capabilities for working with and analyzing BGP RIB files including supporting compression formats, building routing tables, longest prefix matching, and comparing two route tables. Bgpdump2 aims to allow for detailed investigation and full comparison of RIB files, filling gaps from existing BGP analysis tools. It outputs route information and statistics in different formats and for individual peers for further research.
BMP (BGP Monitoring Protocol) allows routers to send BGP peer route updates and statistics to external monitoring stations. It provides access to the pre-policy routing table (Adj-RIB-In) of peers on an ongoing basis. Cisco supports BMP in IOS-XE and IOS-XR routers. OpenBMP is an open-source BMP collector that stores updates in a MySQL database for analysis.
Ccnp enterprise workbook v1.0 bgp zero to heroSagarR24
The document contains instructions for configuring a basic BGP lab on routers ATTR26, VODAFONER27, and VODAFONER28. It provides the configuration commands to enable interfaces, BGP neighbor relationships, and network advertisements on each router. It also includes output from show commands to verify the basic BGP neighbor status and routing tables. Debug commands are included to capture BGP packet details during the session establishment between VODAFONER28 and its neighbor.
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...Anne Nicolas
The in-kernel Berkeley Packet Filter (BPF) has been enhanced in recent kernels to do much more than just filtering packets. It can now run user-defined programs on events, such as on tracepoints, kprobes, uprobes, and perf_events, allowing advanced performance analysis tools to be created. These can be used in production as the BPF virtual machine is sandboxed and will reject unsafe code, and are already in use at Netflix.
Beginning with the bpf() syscall in 3.18, enhancements have been added in many kernel versions since, with major features for BPF analysis landing in Linux 4.1, 4.4, 4.7, and 4.9. Specific capabilities these provide include custom in-kernel summaries of metrics, custom latency measurements, and frequency counting kernel and user stack traces on events. One interesting case involves saving stack traces on wake up events, and associating them with the blocked stack trace: so that we can see the blocking stack trace and the waker together, merged in kernel by a BPF program (that particular example is in the kernel as samples/bpf/offwaketime).
This talk will discuss the new BPF capabilities for performance analysis and debugging, and demonstrate the new open source tools that have been developed to use it, many of which are in the Linux Foundation iovisor bcc (BPF Compiler Collection) project. These include tools to analyze the CPU scheduler, TCP performance, file system performance, block I/O, and more.
Brendan Gregg, Netflix
Kernel Recipes 2017: Performance Analysis with BPFBrendan Gregg
Talk by Brendan Gregg at Kernel Recipes 2017 (Paris): "The in-kernel Berkeley Packet Filter (BPF) has been enhanced in recent kernels to do much more than just filtering packets. It can now run user-defined programs on events, such as on tracepoints, kprobes, uprobes, and perf_events, allowing advanced performance analysis tools to be created. These can be used in production as the BPF virtual machine is sandboxed and will reject unsafe code, and are already in use at Netflix.
Beginning with the bpf() syscall in 3.18, enhancements have been added in many kernel versions since, with major features for BPF analysis landing in Linux 4.1, 4.4, 4.7, and 4.9. Specific capabilities these provide include custom in-kernel summaries of metrics, custom latency measurements, and frequency counting kernel and user stack traces on events. One interesting case involves saving stack traces on wake up events, and associating them with the blocked stack trace: so that we can see the blocking stack trace and the waker together, merged in kernel by a BPF program (that particular example is in the kernel as samples/bpf/offwaketime).
This talk will discuss the new BPF capabilities for performance analysis and debugging, and demonstrate the new open source tools that have been developed to use it, many of which are in the Linux Foundation iovisor bcc (BPF Compiler Collection) project. These include tools to analyze the CPU scheduler, TCP performance, file system performance, block I/O, and more."
The document discusses using Git and git-svn to manage version control for Bioconductor packages. It recommends cloning specific revisions of packages from the Bioconductor Subversion repository using git-svn to get the full history while avoiding downloading the entire repository. It provides examples of common Git and git-svn commands that can be used for making changes locally and committing them back to the Subversion repository. The workflow suggested makes changes on a local Git branch tracking the remote Subversion branch, then cherry-picks the commits to other branches as needed.
The document summarizes a tutorial on using the Score-P profiling tool to analyze performance of proxy applications. The tutorial covers Score-P profiling and tracing workflow, capabilities, and demonstrates its use through case studies on various proxy apps like AMG, Laghos, PICSARlite, and NEKbone. Attendees will learn how to instrument code, conduct profiling and tracing runs, and analyze results to find hot regions and scaling trends.
Modeling and Control Robot Arm using Gazebo, MoveIt!, ros_controlByeongKyu Ahn
본 문서는 8축 로봇팔을 Gazebo, ROS, MovieIt을 이용한 시뮬레이션 과정에 대한 것으로 제2회 오로카 세미나(http://cafe.naver.com/openrt.cafe)에서 발표되었습니다.
This document represent working process for simulation 8-dof robot arm using Gazebo, ROS, MoveIt. And, this document presented on 2nd OROCA seminar in KOREA.
BMP (BGP Monitoring Protocol) allows routers to send BGP peer route updates and statistics to external monitoring stations. It provides access to the pre-policy routing table (Adj-RIB-In) of peers on an ongoing basis. Cisco supports BMP in IOS-XE and IOS-XR routers. OpenBMP is an open-source BMP collector that stores updates in a MySQL database for analysis.
Ccnp enterprise workbook v1.0 bgp zero to heroSagarR24
The document contains instructions for configuring a basic BGP lab on routers ATTR26, VODAFONER27, and VODAFONER28. It provides the configuration commands to enable interfaces, BGP neighbor relationships, and network advertisements on each router. It also includes output from show commands to verify the basic BGP neighbor status and routing tables. Debug commands are included to capture BGP packet details during the session establishment between VODAFONER28 and its neighbor.
Kernel Recipes 2017 - Performance analysis Superpowers with Linux BPF - Brend...Anne Nicolas
The in-kernel Berkeley Packet Filter (BPF) has been enhanced in recent kernels to do much more than just filtering packets. It can now run user-defined programs on events, such as on tracepoints, kprobes, uprobes, and perf_events, allowing advanced performance analysis tools to be created. These can be used in production as the BPF virtual machine is sandboxed and will reject unsafe code, and are already in use at Netflix.
Beginning with the bpf() syscall in 3.18, enhancements have been added in many kernel versions since, with major features for BPF analysis landing in Linux 4.1, 4.4, 4.7, and 4.9. Specific capabilities these provide include custom in-kernel summaries of metrics, custom latency measurements, and frequency counting kernel and user stack traces on events. One interesting case involves saving stack traces on wake up events, and associating them with the blocked stack trace: so that we can see the blocking stack trace and the waker together, merged in kernel by a BPF program (that particular example is in the kernel as samples/bpf/offwaketime).
This talk will discuss the new BPF capabilities for performance analysis and debugging, and demonstrate the new open source tools that have been developed to use it, many of which are in the Linux Foundation iovisor bcc (BPF Compiler Collection) project. These include tools to analyze the CPU scheduler, TCP performance, file system performance, block I/O, and more.
Brendan Gregg, Netflix
Kernel Recipes 2017: Performance Analysis with BPFBrendan Gregg
Talk by Brendan Gregg at Kernel Recipes 2017 (Paris): "The in-kernel Berkeley Packet Filter (BPF) has been enhanced in recent kernels to do much more than just filtering packets. It can now run user-defined programs on events, such as on tracepoints, kprobes, uprobes, and perf_events, allowing advanced performance analysis tools to be created. These can be used in production as the BPF virtual machine is sandboxed and will reject unsafe code, and are already in use at Netflix.
Beginning with the bpf() syscall in 3.18, enhancements have been added in many kernel versions since, with major features for BPF analysis landing in Linux 4.1, 4.4, 4.7, and 4.9. Specific capabilities these provide include custom in-kernel summaries of metrics, custom latency measurements, and frequency counting kernel and user stack traces on events. One interesting case involves saving stack traces on wake up events, and associating them with the blocked stack trace: so that we can see the blocking stack trace and the waker together, merged in kernel by a BPF program (that particular example is in the kernel as samples/bpf/offwaketime).
This talk will discuss the new BPF capabilities for performance analysis and debugging, and demonstrate the new open source tools that have been developed to use it, many of which are in the Linux Foundation iovisor bcc (BPF Compiler Collection) project. These include tools to analyze the CPU scheduler, TCP performance, file system performance, block I/O, and more."
The document discusses using Git and git-svn to manage version control for Bioconductor packages. It recommends cloning specific revisions of packages from the Bioconductor Subversion repository using git-svn to get the full history while avoiding downloading the entire repository. It provides examples of common Git and git-svn commands that can be used for making changes locally and committing them back to the Subversion repository. The workflow suggested makes changes on a local Git branch tracking the remote Subversion branch, then cherry-picks the commits to other branches as needed.
The document summarizes a tutorial on using the Score-P profiling tool to analyze performance of proxy applications. The tutorial covers Score-P profiling and tracing workflow, capabilities, and demonstrates its use through case studies on various proxy apps like AMG, Laghos, PICSARlite, and NEKbone. Attendees will learn how to instrument code, conduct profiling and tracing runs, and analyze results to find hot regions and scaling trends.
Modeling and Control Robot Arm using Gazebo, MoveIt!, ros_controlByeongKyu Ahn
본 문서는 8축 로봇팔을 Gazebo, ROS, MovieIt을 이용한 시뮬레이션 과정에 대한 것으로 제2회 오로카 세미나(http://cafe.naver.com/openrt.cafe)에서 발표되었습니다.
This document represent working process for simulation 8-dof robot arm using Gazebo, ROS, MoveIt. And, this document presented on 2nd OROCA seminar in KOREA.
eBPF (extended Berkeley Packet Filters) is a modern kernel technology that can be used to introduce dynamic tracing into a system that wasn't prepared or instrumented in any way. The tracing programs run in the kernel, are guaranteed to never crash or hang your system, and can probe every module and function -- from the kernel to user-space frameworks such as Node and Ruby.
In this workshop, you will experiment with Linux dynamic tracing first-hand. First, you will explore BCC, the BPF Compiler Collection, which is a set of tools and libraries for dynamic tracing. Many of your tracing needs will be answered by BCC, and you will experiment with memory leak analysis, generic function tracing, kernel tracepoints, static tracepoints in user-space programs, and the "baked" tools for file I/O, network, and CPU analysis. You'll be able to choose between working on a set of hands-on labs prepared by the instructors, or trying the tools out on your own test system.
Next, you will hack on some of the bleeding edge tools in the BCC toolkit, and build a couple of simple tools of your own. You'll be able to pick from a curated list of GitHub issues for the BCC project, a set of hands-on labs with known "school solutions", and an open-ended list of problems that need tools for effective analysis. At the end of this workshop, you will be equipped with a toolbox for diagnosing issues in the field, as well as a framework for building your own tools when the generic ones do not suffice.
pg_proctab: Accessing System Stats in PostgreSQLMark Wong
pg_proctab is a collection of PostgreSQL stored functions that provide access to the operating system process table using SQL. We'll show you which functions are available and where they collect the data, and give examples of their use to collect processor and I/O statistics on SQL queries. These stored functions currently only work on Linux-based systems.
The document discusses using pg_proctab, a PostgreSQL extension that provides functions to query operating system process and statistics tables from within PostgreSQL. It demonstrates how to use pg_proctab to monitor CPU and memory usage, I/O, and other process-level metrics for queries. The document also shows how to generate custom reports on database activity and performance by taking snapshots before and after queries and analyzing the differences.
LibreOffice 4 under NetBSD with pkgsrc (en)Ryo ONODERA
The Makefile summarizes the steps to build and package LibreOffice 4.x for NetBSD using pkgsrc. It specifies the version as 4.1.3.2, sets categories and maintainer, defines extraction and build directories, lists additional files to download, and sets configuration options like disabling unneeded features to optimize the build.
This document discusses various techniques for collecting and analyzing malware samples, including using honeypots, honeyclients, and malware tracking sites to retrieve files. It also covers static analysis of samples using tools like Yara rules to detect malware signatures and Viper for binary analysis. Sample analysis can identify malware family or variant matches and compile time/import details.
Talk for PerconaLive 2016 by Brendan Gregg. Video: https://www.youtube.com/watch?v=CbmEDXq7es0 . "Systems performance provides a different perspective for analysis and tuning, and can help you find performance wins for your databases, applications, and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes six important areas of Linux systems performance in 50 minutes: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events), static tracing (tracepoints), and dynamic tracing (kprobes, uprobes), and much advice about what is and isn't important to learn. This talk is aimed at everyone: DBAs, developers, operations, etc, and in any environment running Linux, bare-metal or the cloud."
MeetBSDCA 2014 Performance Analysis for BSD, by Brendan Gregg. A tour of five relevant topics: observability tools, methodologies, benchmarking, profiling, and tracing. Tools summarized include pmcstat and DTrace.
Piwik elasticsearch kibana at OSC Tokyo 2016 SpringTakashi Yamamoto
1. This document discusses using Piwik, fluentd, elasticsearch, and kibana to analyze Piwik web analytics data. Fluentd is used to collect and parse Apache access logs from Piwik and forward the data to elasticsearch for storage and indexing. Kibana queries and visualizes the elasticsearch data.
2. Instructions are provided for installing fluentd, elasticsearch, and building RPM packages for kibana on Red Hat 6 and 7. Configuration details explain how to setup fluentd input, filtering, and output plugins to ingest Piwik log data from Apache logs and store it in elasticsearch.
3. The elasticsearch and kibana installations provide visualization of the Piwik web analytics data for
Video: https://www.youtube.com/watch?v=uibLwoVKjec . Talk by Brendan Gregg for Sysdig CCWFS 2016. Abstract:
"You have a system with an advanced programmatic tracer: do you know what to do with it? Brendan has used numerous tracers in production environments, and has published hundreds of tracing-based tools. In this talk he will share tips and know-how for creating CLI tracing tools and GUI visualizations, to solve real problems effectively. Programmatic tracing is an amazing superpower, and this talk will show you how to wield it!"
OSSNA 2017 Performance Analysis Superpowers with Linux BPFBrendan Gregg
Talk by Brendan Gregg for OSSNA 2017. "Advanced performance observability and debugging have arrived built into the Linux 4.x series, thanks to enhancements to Berkeley Packet Filter (BPF, or eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been investigating its use for new observability tools, monitoring, security uses, and more. This talk will be a dive deep on these new tracing, observability, and debugging capabilities, which sooner or later will be available to everyone who uses Linux. Whether you’re doing analysis over an ssh session, or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance.
This talk will also demonstrate the new open source tools that have been developed, which make use of kernel- and user-level dynamic tracing (kprobes and uprobes), and kernel- and user-level static tracing (tracepoints). These tools provide new insights for file system and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations."
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
BGP is the routing protocol used between autonomous systems (AS) on the Internet to exchange routing and reachability information. It uses path vector routing to exchange routing information between ASes and allows for policies to influence path selection. BGP attributes like AS path, next hop, local preference, and communities are used to apply policies and influence the best path selection. Techniques like route reflection and confederations help scale the internal BGP mesh within a large AS.
The document provides information on systemd service management commands. It shows examples of using systemctl to start, stop, restart, and check the status of the httpd service. It also displays the output of systemctl status httpd which shows details about the loaded unit, active state, process IDs, and log entries for the Apache HTTP Server service.
Linux 4.x Tracing Tools: Using BPF SuperpowersBrendan Gregg
Talk for USENIX LISA 2016 by Brendan Gregg.
"Linux 4.x Tracing Tools: Using BPF Superpowers
The Linux 4.x series heralds a new era of Linux performance analysis, with the long-awaited integration of a programmable tracer: Enhanced BPF (eBPF). Formally the Berkeley Packet Filter, BPF has been enhanced in Linux to provide system tracing capabilities, and integrates with dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). This has allowed dozens of new observability tools to be developed so far: for example, measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived.
In this talk I'll show you how to use BPF in the Linux 4.x series, and I'll summarize the different tools and front ends available, with a focus on iovisor bcc. bcc is an open source project to provide a Python front end for BPF, and comes with dozens of new observability tools (many of which I developed). These tools include new BPF versions of old classics, and many new tools, including: execsnoop, opensnoop, funccount, trace, biosnoop, bitesize, ext4slower, ext4dist, tcpconnect, tcpretrans, runqlat, offcputime, offwaketime, and many more. I'll also summarize use cases and some long-standing issues that can now be solved, and how we are using these capabilities at Netflix."
You have a system with an advanced programmatic tracer: do you know what to do with it? Brendan has used numerous tracers in production environments, and has published hundreds of tracing-based tools. In this talk he will share tips and know-how for creating CLI tracing tools and GUI visualizations, to solve real problems effectively. Programmatic tracing is an amazing superpower, and this talk will show you how to wield it!
This document provides an overview of Linux performance monitoring tools including mpstat, top, htop, vmstat, iostat, free, strace, and tcpdump. It discusses what each tool measures and how to use it to observe system performance and diagnose issues. The tools presented provide visibility into CPU usage, memory usage, disk I/O, network traffic, and system call activity which are essential for understanding workload performance on Linux systems.
Talk by Brendan Gregg for USENIX LISA 2019: Linux Systems Performance. Abstract: "
Systems performance is an effective discipline for performance analysis and tuning, and can help you find performance wins for your applications and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes the topic for everyone, touring six important areas of Linux systems performance: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events) and tracing (Ftrace, bcc/BPF, and bpftrace/BPF), and much advice about what is and isn't important to learn. This talk is aimed at everyone: developers, operations, sysadmins, etc, and in any environment running Linux, bare metal or the cloud."
This document provides information on monitoring Linux system resources and performance. It discusses tools like vmstat, sar, iostat for monitoring CPU usage, memory usage, I/O usage, and other metrics. It also covers Linux processes, memory management, and block device monitoring.
Imagine you're tackling one of these evasive performance issues in the field, and your go-to monitoring checklist doesn't seem to cut it. There are plenty of suspects, but they are moving around rapidly and you need more logs, more data, more in-depth information to make a diagnosis. Maybe you've heard about DTrace, or even used it, and are yearning for a similar toolkit, which can plug dynamic tracing into a system that wasn't prepared or instrumented in any way.
Hopefully, you won't have to yearn for a lot longer. eBPF (extended Berkeley Packet Filters) is a kernel technology that enables a plethora of diagnostic scenarios by introducing dynamic, safe, low-overhead, efficient programs that run in the context of your live kernel. Sure, BPF programs can attach to sockets; but more interestingly, they can attach to kprobes and uprobes, static kernel tracepoints, and even user-mode static probes. And modern BPF programs have access to a wide set of instructions and data structures, which means you can collect valuable information and analyze it on-the-fly, without spilling it to huge files and reading them from user space.
In this talk, we will introduce BCC, the BPF Compiler Collection, which is an open set of tools and libraries for dynamic tracing on Linux. Some tools are easy and ready to use, such as execsnoop, fileslower, and memleak. Other tools such as trace and argdist require more sophistication and can be used as a Swiss Army knife for a variety of scenarios. We will spend most of the time demonstrating the power of modern dynamic tracing -- from memory leaks to static probes in Ruby, Node, and Java programs, from slow file I/O to monitoring network traffic. Finally, we will discuss building our own tools using the Python and Lua bindings to BCC, and its LLVM backend.
eBPF (extended Berkeley Packet Filters) is a modern kernel technology that can be used to introduce dynamic tracing into a system that wasn't prepared or instrumented in any way. The tracing programs run in the kernel, are guaranteed to never crash or hang your system, and can probe every module and function -- from the kernel to user-space frameworks such as Node and Ruby.
In this workshop, you will experiment with Linux dynamic tracing first-hand. First, you will explore BCC, the BPF Compiler Collection, which is a set of tools and libraries for dynamic tracing. Many of your tracing needs will be answered by BCC, and you will experiment with memory leak analysis, generic function tracing, kernel tracepoints, static tracepoints in user-space programs, and the "baked" tools for file I/O, network, and CPU analysis. You'll be able to choose between working on a set of hands-on labs prepared by the instructors, or trying the tools out on your own test system.
Next, you will hack on some of the bleeding edge tools in the BCC toolkit, and build a couple of simple tools of your own. You'll be able to pick from a curated list of GitHub issues for the BCC project, a set of hands-on labs with known "school solutions", and an open-ended list of problems that need tools for effective analysis. At the end of this workshop, you will be equipped with a toolbox for diagnosing issues in the field, as well as a framework for building your own tools when the generic ones do not suffice.
pg_proctab: Accessing System Stats in PostgreSQLMark Wong
pg_proctab is a collection of PostgreSQL stored functions that provide access to the operating system process table using SQL. We'll show you which functions are available and where they collect the data, and give examples of their use to collect processor and I/O statistics on SQL queries. These stored functions currently only work on Linux-based systems.
The document discusses using pg_proctab, a PostgreSQL extension that provides functions to query operating system process and statistics tables from within PostgreSQL. It demonstrates how to use pg_proctab to monitor CPU and memory usage, I/O, and other process-level metrics for queries. The document also shows how to generate custom reports on database activity and performance by taking snapshots before and after queries and analyzing the differences.
LibreOffice 4 under NetBSD with pkgsrc (en)Ryo ONODERA
The Makefile summarizes the steps to build and package LibreOffice 4.x for NetBSD using pkgsrc. It specifies the version as 4.1.3.2, sets categories and maintainer, defines extraction and build directories, lists additional files to download, and sets configuration options like disabling unneeded features to optimize the build.
This document discusses various techniques for collecting and analyzing malware samples, including using honeypots, honeyclients, and malware tracking sites to retrieve files. It also covers static analysis of samples using tools like Yara rules to detect malware signatures and Viper for binary analysis. Sample analysis can identify malware family or variant matches and compile time/import details.
Talk for PerconaLive 2016 by Brendan Gregg. Video: https://www.youtube.com/watch?v=CbmEDXq7es0 . "Systems performance provides a different perspective for analysis and tuning, and can help you find performance wins for your databases, applications, and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes six important areas of Linux systems performance in 50 minutes: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events), static tracing (tracepoints), and dynamic tracing (kprobes, uprobes), and much advice about what is and isn't important to learn. This talk is aimed at everyone: DBAs, developers, operations, etc, and in any environment running Linux, bare-metal or the cloud."
MeetBSDCA 2014 Performance Analysis for BSD, by Brendan Gregg. A tour of five relevant topics: observability tools, methodologies, benchmarking, profiling, and tracing. Tools summarized include pmcstat and DTrace.
Piwik elasticsearch kibana at OSC Tokyo 2016 SpringTakashi Yamamoto
1. This document discusses using Piwik, fluentd, elasticsearch, and kibana to analyze Piwik web analytics data. Fluentd is used to collect and parse Apache access logs from Piwik and forward the data to elasticsearch for storage and indexing. Kibana queries and visualizes the elasticsearch data.
2. Instructions are provided for installing fluentd, elasticsearch, and building RPM packages for kibana on Red Hat 6 and 7. Configuration details explain how to setup fluentd input, filtering, and output plugins to ingest Piwik log data from Apache logs and store it in elasticsearch.
3. The elasticsearch and kibana installations provide visualization of the Piwik web analytics data for
Video: https://www.youtube.com/watch?v=uibLwoVKjec . Talk by Brendan Gregg for Sysdig CCWFS 2016. Abstract:
"You have a system with an advanced programmatic tracer: do you know what to do with it? Brendan has used numerous tracers in production environments, and has published hundreds of tracing-based tools. In this talk he will share tips and know-how for creating CLI tracing tools and GUI visualizations, to solve real problems effectively. Programmatic tracing is an amazing superpower, and this talk will show you how to wield it!"
OSSNA 2017 Performance Analysis Superpowers with Linux BPFBrendan Gregg
Talk by Brendan Gregg for OSSNA 2017. "Advanced performance observability and debugging have arrived built into the Linux 4.x series, thanks to enhancements to Berkeley Packet Filter (BPF, or eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been investigating its use for new observability tools, monitoring, security uses, and more. This talk will be a dive deep on these new tracing, observability, and debugging capabilities, which sooner or later will be available to everyone who uses Linux. Whether you’re doing analysis over an ssh session, or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance.
This talk will also demonstrate the new open source tools that have been developed, which make use of kernel- and user-level dynamic tracing (kprobes and uprobes), and kernel- and user-level static tracing (tracepoints). These tools provide new insights for file system and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations."
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
BGP is the routing protocol used between autonomous systems (AS) on the Internet to exchange routing and reachability information. It uses path vector routing to exchange routing information between ASes and allows for policies to influence path selection. BGP attributes like AS path, next hop, local preference, and communities are used to apply policies and influence the best path selection. Techniques like route reflection and confederations help scale the internal BGP mesh within a large AS.
The document provides information on systemd service management commands. It shows examples of using systemctl to start, stop, restart, and check the status of the httpd service. It also displays the output of systemctl status httpd which shows details about the loaded unit, active state, process IDs, and log entries for the Apache HTTP Server service.
Linux 4.x Tracing Tools: Using BPF SuperpowersBrendan Gregg
Talk for USENIX LISA 2016 by Brendan Gregg.
"Linux 4.x Tracing Tools: Using BPF Superpowers
The Linux 4.x series heralds a new era of Linux performance analysis, with the long-awaited integration of a programmable tracer: Enhanced BPF (eBPF). Formally the Berkeley Packet Filter, BPF has been enhanced in Linux to provide system tracing capabilities, and integrates with dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). This has allowed dozens of new observability tools to be developed so far: for example, measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived.
In this talk I'll show you how to use BPF in the Linux 4.x series, and I'll summarize the different tools and front ends available, with a focus on iovisor bcc. bcc is an open source project to provide a Python front end for BPF, and comes with dozens of new observability tools (many of which I developed). These tools include new BPF versions of old classics, and many new tools, including: execsnoop, opensnoop, funccount, trace, biosnoop, bitesize, ext4slower, ext4dist, tcpconnect, tcpretrans, runqlat, offcputime, offwaketime, and many more. I'll also summarize use cases and some long-standing issues that can now be solved, and how we are using these capabilities at Netflix."
You have a system with an advanced programmatic tracer: do you know what to do with it? Brendan has used numerous tracers in production environments, and has published hundreds of tracing-based tools. In this talk he will share tips and know-how for creating CLI tracing tools and GUI visualizations, to solve real problems effectively. Programmatic tracing is an amazing superpower, and this talk will show you how to wield it!
This document provides an overview of Linux performance monitoring tools including mpstat, top, htop, vmstat, iostat, free, strace, and tcpdump. It discusses what each tool measures and how to use it to observe system performance and diagnose issues. The tools presented provide visibility into CPU usage, memory usage, disk I/O, network traffic, and system call activity which are essential for understanding workload performance on Linux systems.
Talk by Brendan Gregg for USENIX LISA 2019: Linux Systems Performance. Abstract: "
Systems performance is an effective discipline for performance analysis and tuning, and can help you find performance wins for your applications and the kernel. However, most of us are not performance or kernel engineers, and have limited time to study this topic. This talk summarizes the topic for everyone, touring six important areas of Linux systems performance: observability tools, methodologies, benchmarking, profiling, tracing, and tuning. Included are recipes for Linux performance analysis and tuning (using vmstat, mpstat, iostat, etc), overviews of complex areas including profiling (perf_events) and tracing (Ftrace, bcc/BPF, and bpftrace/BPF), and much advice about what is and isn't important to learn. This talk is aimed at everyone: developers, operations, sysadmins, etc, and in any environment running Linux, bare metal or the cloud."
This document provides information on monitoring Linux system resources and performance. It discusses tools like vmstat, sar, iostat for monitoring CPU usage, memory usage, I/O usage, and other metrics. It also covers Linux processes, memory management, and block device monitoring.
Imagine you're tackling one of these evasive performance issues in the field, and your go-to monitoring checklist doesn't seem to cut it. There are plenty of suspects, but they are moving around rapidly and you need more logs, more data, more in-depth information to make a diagnosis. Maybe you've heard about DTrace, or even used it, and are yearning for a similar toolkit, which can plug dynamic tracing into a system that wasn't prepared or instrumented in any way.
Hopefully, you won't have to yearn for a lot longer. eBPF (extended Berkeley Packet Filters) is a kernel technology that enables a plethora of diagnostic scenarios by introducing dynamic, safe, low-overhead, efficient programs that run in the context of your live kernel. Sure, BPF programs can attach to sockets; but more interestingly, they can attach to kprobes and uprobes, static kernel tracepoints, and even user-mode static probes. And modern BPF programs have access to a wide set of instructions and data structures, which means you can collect valuable information and analyze it on-the-fly, without spilling it to huge files and reading them from user space.
In this talk, we will introduce BCC, the BPF Compiler Collection, which is an open set of tools and libraries for dynamic tracing on Linux. Some tools are easy and ready to use, such as execsnoop, fileslower, and memleak. Other tools such as trace and argdist require more sophistication and can be used as a Swiss Army knife for a variety of scenarios. We will spend most of the time demonstrating the power of modern dynamic tracing -- from memory leaks to static probes in Ruby, Node, and Java programs, from slow file I/O to monitoring network traffic. Finally, we will discuss building our own tools using the Python and Lua bindings to BCC, and its LLVM backend.
Similar to Ietf92 ohara-full-route-compare-tool-2015-03-25-grow (20)
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
1. Bgpdump2: A Tool for Full
BGP Route Comparison
Yasuhiro Ohara
yasu@nttv6.jp
NTT Communications
Corporation
2. Motivation
• Handle BGP RIB as File
– save it, move it, compare it
– handy for research input
– health check, past analysis, future model
– As an ISP, how are we doing ?
• Need for modification to add new features
– peer statistics
– per peer route table
– longest match using routing table
– diff of two peer route table
3. AS
AS
AS
route collector, route
monitor, peers
route
collector
route
monitor
route
monitor
route
monitor
eBGP
Peer Table
peer 1
peer 2
peer 3
Routes
1.0.0.0/24
peer 1's entry
peer 3's entry
Save
The RIB dump file
4. Existing tools
• libbgpdump
– written in C. <https://bitbucket.org/ripencc/bgpdump/wiki/Home>
• zebra-‐‑‒dump-‐‑‒parser
– written in Perl. <https://github.com/rfc1036/zebra-‐‑‒dump-‐‑‒parser>
• java-‐‑‒mrt library
– written in Java. <https://github.com/paaguti/java-‐‑‒mrt>
• UCLA bgpparser
– written in C++. <http://irl.cs.ucla.edu/software/bgpparser.html>
• mrtparse
– written in Python. <https://github.com/YoshiyukiYamauchi/mrtparse>
• openbgpd bgpctl
– written in C. <http://cvsweb.openbsd.org/cgi-‐‑‒bin/cvsweb/src/usr.sbin/
bgpctl/>
• pybgpdump
– writen in Python. <https://jon.oberheide.org/pybgpdump/>
5. bgpdump2 summary
• Full scratch in C (4000-‐‑‒ lines)
• Open-‐‑‒source software
– <https://github.com/yasuhiro-‐‑‒ohara-‐‑‒ntt/bgpdump2>
• Capability:
– supported: bz2 and gzip, MRT TABLE_̲DUMP_̲V2 format,
ipv4 / ipv6
– show statistics per peers (e.g., #routes, #nexthops)
– routing table construction, longest-‐‑‒match table lookup
• Good for detailed investigation of a RIB file
• Good for full-‐‑‒route comparison
7. libbgpdump compatible mode
• not finished: e.g., support for community, localpref, etc., are not yet
completed.
% ./src/bgpdump2 ../routeviews/oregon-‐‑‒ix2/rib.20150319.0000.bz2 -‐‑‒
m | head -‐‑‒3
TABLE_̲DUMP2|1426723200|B|203.189.128.233|23673|0.0.0.0/0|
23673 9902|INCOMPLETE|203.189.128.233|0|0|0|NAG||
TABLE_̲DUMP2|1426723200|B|213.144.128.203|13030|1.0.0.0/24|
13030 15169|INCOMPLETE|213.144.128.203|0|1|0|NAG||
TABLE_̲DUMP2|1426723200|B|198.129.33.85|293|1.0.0.0/24|293
15169|INCOMPLETE|198.129.33.85|0|0|0|NAG||
13. routing table lookup
(longest-‐‑‒match)
• Routing Table (PATRICIA) can be created.
• one address lookup.
% ./src/bgpdump2 ../routeviews/oregon-‐‑‒ix2/rib.20150319.0000.bz2 -‐‑‒p
19 -‐‑‒l 8.8.8.8
looking up an address: 8.8.8.8
8.8.8.0/24 129.250.0.11 origin_̲as: 15169 as-‐‑‒path[2]: 2914 15169
• a list of address lookup contained in a file.
% ./src/bgpdump2 ../routeviews/oregon-‐‑‒ix2/rib.20150319.0000.bz2 -‐‑‒p
19 -‐‑‒L ../test-‐‑‒lookup.txt
50.0.0.0/16 129.250.0.11 origin_̲as: 7065 as-‐‑‒path[3]: 2914 8121 7065
100.0.0.0/16 129.250.0.11 origin_̲as: 701 as-‐‑‒path[2]: 2914 701
150.0.0.0: no route found.
200.0.0.0: no route found.
14. Diffs a peer against others
• script/compare-‐‑‒peer-‐‑‒with-‐‑‒others.sh
• marks
udiff:
<: the prefix is in left and unreachable in right (maybe
partially).
+: the prefix is only in right (but it is reachable in left).
): the prefix is in right, and is covered by a shorter prefix in left
that is unreachable in right. (i.e., the shorter is '<')
>: the prefix is in right and unreachable in left (maybe
partially).
-‐‑‒: the prefix is only in left (but it is reachable in right).
(: the prefix is in left, and is covered by a shorter prefix in right
that is unreachable in left. (i.e., the shorter is '>')
17. ranking in appearance count of
whois descr
180
88 TFN-‐‑‒TWTaiwanFixedNetwork,TelcoandNetworkServiceProvider.,TW
60 VOXILITY-‐‑‒ASVoxilityS.R.L.,RO
60 FPT-‐‑‒AS-‐‑‒APTheCorporationforFinancing&PromotingTechnology,VN
42 SCRR-‐‑‒10796-‐‑‒TimeWarnerCableInternetLLC,US
37 TAIWANMOBILE-‐‑‒ASTaiwanMobileCo.,Ltd.,TW
33 XTGLOBALXTGLOBALNETWORKSLTD.,RO
32 DATAFRAMELO-‐‑‒DataframeLogistics,Inc.,US
28 ONE-‐‑‒NET-‐‑‒HKINTERNET-‐‑‒SOLUTION-‐‑‒HK,CN
24 VNPT-‐‑‒AS-‐‑‒VNVNPTCorp,VN
Apparently 2914:4429 community tag: do not advertise in Asia.
http://www.us.ntt.net/support/policy/routing.cfm
18. route count on multiple files
% ./bgpdump2 –c rib.20150101.bz2 rib.20150102.bz2 rib.
20150103.bz2 rib.20150104.bz2 ......
#timestamp,peer1,peer2,...
1407758405,0,499472,503874,502451,502850,500615,499234
,500185,0
#timestamp,peer1,peer2,...
1407762003,0,499591,503978,502564,502961,500720,499354
,500311,0
#timestamp,peer1,peer2,...
1407765605,0,499535,503932,502515,502920,500673,499296
,500264,0
so you can produce a figure like next slides.
19. full route number
• peer[13] was empty.
• The R script is also
provided.
460000470000480000490000
NumberofRoutes
●●●●●●●●●●●●●●●●●●●●●●●
●
●
●●●
●●●●●●●●●●●●●●●●●●●●
●●●●●●●
●●●●●●●
●●
●●●●
●●●●
●●●●●
●●●
●●●
●●●
●●●●
Number of Full Routes
●0 1 2 3 5 7 11
2014−01−0109:00:19
2014−01−0509:00:19
2014−01−0909:00:19
2014−01−1309:00:19
2014−01−1709:00:18
2014−01−2109:00:18
2014−01−2509:00:19
2014−01−2909:00:19
2014−02−0209:00:20
2014−02−0609:00:20
2014−02−1009:00:19
2014−02−1409:00:20
2014−02−1809:00:20
2014−02−2209:00:21
2014−02−2609:00:21
2014−03−0209:00:20
2014−03−0609:00:20
2014−03−1009:00:21
2014−03−1409:00:22
2014−03−1809:00:21
2014−03−2209:00:21
2014−03−2609:00:22
2014−03−3009:00:21
% sh full-‐‑‒route-‐‑‒number.sh -‐‑‒p 0 -‐‑‒p 1 -‐‑‒p 2 -‐‑‒p 3 -‐‑‒p 5 -‐‑‒p 7 -‐‑‒p 11 –p 13
../../../routeviews/oregon2-‐‑‒summary/rib.20140{1,2,3}*.bz2
24. Discussion
• Issue: peer table is changing in the RIB files.
• Philosophical Question: what is the thing BGP full
route routing table ?
– They change over time.
– They change depending on the observation point
• Even 2914's in Oregon and Tokyo are different.
– Will the common set among BGP Full-‐‑‒Routes be of help in
any way ?
• Can we evaluate ISP's quality based on the BGP
routes it has ? (I guess we can but don't know how
yet)
• Does this tool contribute to debugging the BGP
routes ? (Yes, it seems, at least as a trigger)
25. Features to be added
• REGEXP in AS_̲PATH
• match (REGEXP?) on NEXT_̲HOP
– by John Kemp
• REGEXP in AS_̲PATH AND Match
(REGEXP) in COMMUNITY tags.
• Name resolution using Team-‐‑‒Cymru
26. Wrap up
• An open-‐‑‒source tool is newly developed to analyze
BGP dump: bgpdump2.
– currently support only RIB dump and only bz2
• New features
– per peer statistics, per peer display of routes
– diffs
– PATRICIA-‐‑‒based routing lookup (longest-‐‑‒match)
• Open for feature requests.
• Possibly helps
– BGP route debugging incl. route leaks
– ISP comparison
– analysis, and/or research