Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
Liz Rice Chief Open Source Officer, Isovalent Chair, CNCF Technical Oversight Committee @lizrice eBPF Superpowers for Networking, Observability & Security
Slide 2
Slide 2 text
@lizrice extended Berkeley Packet Filter What is eBPF?
Slide 3
Slide 3 text
@lizrice Makes the kernel programmable What is eBPF?
Slide 4
Slide 4 text
@lizrice userspace kernel app eBPF program event Run custom code in the kernel
Slide 5
Slide 5 text
@lizrice demo github.com/lizrice/ebpf-beginners
Slide 6
Slide 6 text
@lizrice SEC("kprobe/sys_execve") int hello(void *ctx) { bpf_printk("I'm alive!"); return 0; } eBPF Hello World $ sudo ./hello bash-20241 [004] d... 84210.752785: 0: I'm alive! bash-20242 [004] d... 84216.321993: 0: I'm alive! bash-20243 [004] d... 84225.858880: 0: I'm alive! Info about process that called execve syscall + userspace code to load eBPF program
Slide 7
Slide 7 text
@lizrice Programmable kernel in Kubernetes land
Slide 8
Slide 8 text
@lizrice userspace kernel pod container pod container container One kernel per host
Slide 9
Slide 9 text
@lizrice userspace kernel app app pods networking access files create containers One kernel per host
Slide 10
Slide 10 text
@lizrice userspace kernel app app pods networking access files create containers Kernel aware of everything on the host
Slide 11
Slide 11 text
@lizrice userspace app kernel app pods networking access files create containers eBPF programs can be aware of everything
Slide 12
Slide 12 text
@lizrice demo Kubernetes-aware network flows
Slide 13
Slide 13 text
@lizrice
Slide 14
Slide 14 text
@lizrice eBPF apps have a view across the entire node
Slide 15
Slide 15 text
@lizrice eBPF apps have a view across the entire node enabling network efficiency
Slide 16
Slide 16 text
@lizrice host pod app socket veth veth eth0 iptables conntrack iptables INPUT Linux routing iptables PREROUTING mangle iptables conntrack iptables FORWARD Linux routing iptables PREROUTING nat iptables POSTROUTING mangle iptables PREROUTING mangle iptables POSTROUTING nat
Slide 17
Slide 17 text
@lizrice host pod app socket veth veth eth0 iptables conntrack iptables INPUT Linux routing iptables PREROUTING mangle Linux routing
Slide 18
Slide 18 text
@lizrice Cilium eBPF Receive path) https://cilium.io/blog/2021/05/11/cni-benchmark
Slide 19
Slide 19 text
@lizrice TCP RR higher is better https://cilium.io/blog/2021/05/11/cni-benchmark
Slide 20
Slide 20 text
@lizrice eBPF apps have a view across the entire node
Slide 21
Slide 21 text
@lizrice eBPF apps have a view across the entire node without any app or config changes
Slide 22
Slide 22 text
@lizrice - Nathan LeClaire @dotpem
Slide 23
Slide 23 text
@lizrice userspace pod container sidecar container A sidecar has a view across one pod
Slide 24
Slide 24 text
@lizrice userspace pod container sidecar container my-app.yaml containers: - name: my-app ... - name: my-app-init … - name: my-sidecar ... Sidecars need YAML
Slide 25
Slide 25 text
@lizrice userspace pod container container my-app.yaml containers: - name: my-app ... - name: my-app-init … eBPF does not need any app changes kernel
Slide 26
Slide 26 text
@lizrice eBPF in cloud native
Slide 27
Slide 27 text
@lizrice Process visibility
Slide 28
Slide 28 text
@lizrice eBPF makes the Linux kernel programmable
Slide 29
Slide 29 text
@lizrice Not just for Linux... Not just for Linux...
Slide 30
Slide 30 text
ebpf.io | cilium.io | isovalent.com @lizrice Thank you