Slide 1

Slide 1 text

Liz Rice Chief Open Source Officer, Isovalent Chair, CNCF Technical Oversight Committee @lizrice eBPF  Superpowers for Networking, Observability & Security

Slide 2

Slide 2 text

@lizrice extended Berkeley Packet Filter What is eBPF?

Slide 3

Slide 3 text

@lizrice Makes the kernel programmable What is eBPF?

Slide 4

Slide 4 text

@lizrice userspace kernel app eBPF program event Run custom code in the kernel

Slide 5

Slide 5 text

@lizrice demo github.com/lizrice/ebpf-beginners

Slide 6

Slide 6 text

@lizrice SEC("kprobe/sys_execve") int hello(void *ctx) { bpf_printk("I'm alive!"); return 0; } eBPF Hello World $ sudo ./hello bash-20241 [004] d... 84210.752785: 0: I'm alive! bash-20242 [004] d... 84216.321993: 0: I'm alive! bash-20243 [004] d... 84225.858880: 0: I'm alive! Info about process that called execve syscall + userspace code to load eBPF program

Slide 7

Slide 7 text

@lizrice Programmable kernel in Kubernetes land

Slide 8

Slide 8 text

@lizrice userspace kernel pod container pod container container One kernel per host

Slide 9

Slide 9 text

@lizrice userspace kernel app app pods networking access files create containers One kernel per host

Slide 10

Slide 10 text

@lizrice userspace kernel app app pods networking access files create containers Kernel aware of everything on the host

Slide 11

Slide 11 text

@lizrice userspace app kernel app pods networking access files create containers eBPF programs can be aware of everything

Slide 12

Slide 12 text

@lizrice demo Kubernetes-aware network flows

Slide 13

Slide 13 text

@lizrice

Slide 14

Slide 14 text

@lizrice eBPF apps have a view across the entire node

Slide 15

Slide 15 text

@lizrice eBPF apps have a view across the entire node enabling network efficiency

Slide 16

Slide 16 text

@lizrice host pod app socket veth veth eth0 iptables conntrack iptables INPUT Linux routing iptables PREROUTING mangle iptables conntrack iptables FORWARD Linux routing iptables PREROUTING nat iptables POSTROUTING mangle iptables PREROUTING mangle iptables POSTROUTING nat

Slide 17

Slide 17 text

@lizrice host pod app socket veth veth eth0 iptables conntrack iptables INPUT Linux routing iptables PREROUTING mangle Linux routing

Slide 18

Slide 18 text

@lizrice Cilium eBPF Receive path) https://cilium.io/blog/2021/05/11/cni-benchmark

Slide 19

Slide 19 text

@lizrice TCP RR  higher is better https://cilium.io/blog/2021/05/11/cni-benchmark

Slide 20

Slide 20 text

@lizrice eBPF apps have a view across the entire node

Slide 21

Slide 21 text

@lizrice eBPF apps have a view across the entire node without any app or config changes

Slide 22

Slide 22 text

@lizrice - Nathan LeClaire @dotpem

Slide 23

Slide 23 text

@lizrice userspace pod container sidecar container A sidecar has a view across one pod

Slide 24

Slide 24 text

@lizrice userspace pod container sidecar container my-app.yaml containers: - name: my-app ... - name: my-app-init … - name: my-sidecar ... Sidecars need YAML

Slide 25

Slide 25 text

@lizrice userspace pod container container my-app.yaml containers: - name: my-app ... - name: my-app-init … eBPF does not need any app changes kernel

Slide 26

Slide 26 text

@lizrice eBPF in cloud native

Slide 27

Slide 27 text

@lizrice Process visibility

Slide 28

Slide 28 text

@lizrice eBPF makes the Linux kernel programmable

Slide 29

Slide 29 text

@lizrice Not just for Linux... Not just for Linux...

Slide 30

Slide 30 text

ebpf.io | cilium.io | isovalent.com @lizrice Thank you