Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Native eBPF Superpowers

Cloud Native eBPF Superpowers

Brendan Gregg called eBPF “Superpowers for Linux”, and in this talk Liz discusses why it’s a foundational technology for a new generation of cloud native operations tools, covering questions such as:
- What is eBPF?
- How is it unleashing a new wave of innovation?
- How does it enable detailed insights into application behaviour, without having to modify applications in any way?

Even if you’re not a Linux kernel aficionado you’ll leave this talk with an understanding of what eBPF is, and how it enables high-performance tools for connecting, managing and securing applications in the cloud.

676c8aec28ade455c442e648abfa1db5?s=128

Liz Rice

June 02, 2021
Tweet

Transcript

  1. Liz Rice Chief Open Source Officer, Isovalent Chair, CNCF Technical

    Oversight Committee @lizrice eBPF  Superpowers for Networking, Observability & Security
  2. @lizrice extended Berkeley Packet Filter What is eBPF?

  3. @lizrice Makes the kernel programmable What is eBPF?

  4. @lizrice userspace kernel app eBPF program event Run custom code

    in the kernel
  5. @lizrice demo github.com/lizrice/ebpf-beginners

  6. @lizrice SEC("kprobe/sys_execve") int hello(void *ctx) { bpf_printk("I'm alive!"); return 0;

    } eBPF Hello World $ sudo ./hello bash-20241 [004] d... 84210.752785: 0: I'm alive! bash-20242 [004] d... 84216.321993: 0: I'm alive! bash-20243 [004] d... 84225.858880: 0: I'm alive! Info about process that called execve syscall + userspace code to load eBPF program
  7. @lizrice Programmable kernel in Kubernetes land

  8. @lizrice userspace kernel pod container pod container container One kernel

    per host
  9. @lizrice userspace kernel app app pods networking access files create

    containers One kernel per host
  10. @lizrice userspace kernel app app pods networking access files create

    containers Kernel aware of everything on the host
  11. @lizrice userspace app kernel app pods networking access files create

    containers eBPF programs can be aware of everything
  12. @lizrice demo Kubernetes-aware network flows

  13. @lizrice

  14. @lizrice eBPF apps have a view across the entire node

  15. @lizrice eBPF apps have a view across the entire node

    enabling network efficiency
  16. @lizrice host pod app socket veth veth eth0 iptables conntrack

    iptables INPUT Linux routing iptables PREROUTING mangle iptables conntrack iptables FORWARD Linux routing iptables PREROUTING nat iptables POSTROUTING mangle iptables PREROUTING mangle iptables POSTROUTING nat
  17. @lizrice host pod app socket veth veth eth0 iptables conntrack

    iptables INPUT Linux routing iptables PREROUTING mangle Linux routing
  18. @lizrice Cilium eBPF Receive path) https://cilium.io/blog/2021/05/11/cni-benchmark

  19. @lizrice TCP RR  higher is better https://cilium.io/blog/2021/05/11/cni-benchmark

  20. @lizrice eBPF apps have a view across the entire node

  21. @lizrice eBPF apps have a view across the entire node

    without any app or config changes
  22. @lizrice - Nathan LeClaire @dotpem

  23. @lizrice userspace pod container sidecar container A sidecar has a

    view across one pod
  24. @lizrice userspace pod container sidecar container my-app.yaml containers: - name:

    my-app ... - name: my-app-init … - name: my-sidecar ... Sidecars need YAML
  25. @lizrice userspace pod container container my-app.yaml containers: - name: my-app

    ... - name: my-app-init … eBPF does not need any app changes kernel
  26. @lizrice eBPF in cloud native

  27. @lizrice Process visibility

  28. @lizrice eBPF makes the Linux kernel programmable

  29. @lizrice Not just for Linux... Not just for Linux...

  30. ebpf.io | cilium.io | isovalent.com @lizrice Thank you