Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up
for free
eBPF in Microservices Observability
JBD
August 18, 2021
Programming
1
880
eBPF in Microservices Observability
JBD
August 18, 2021
Tweet
Share
More Decks by JBD
See All by JBD
rakyll
1
1.4k
rakyll
5
1.2k
rakyll
8
1.7k
rakyll
3
1.2k
rakyll
1
140
rakyll
0
160
rakyll
2
900
rakyll
0
3.7k
rakyll
2
260
Other Decks in Programming
See All in Programming
s6323859
2
930
ttskch
12
14k
kishikawakatsumi
7
1.4k
beberlei
0
140
satoshin
2
160
tkmru
0
830
hexarf
2
230
sidepelican
3
200
satoshi0212
3
280
whatyouhide
0
240
yasaichi
36
12k
pkino
0
210
Featured
See All Featured
jponch
106
5.3k
trallard
24
1.2k
marktimemedia
14
660
erikaheidi
27
5k
holman
294
130k
reverentgeek
34
2.4k
bryan
105
11k
hatefulcrawdad
256
17k
morganepeng
30
1.7k
chrislema
174
14k
deanohume
294
28k
pauljervisheath
195
16k
Transcript
@rakyll eBPF in Microservices Observability Jaana Dogan Principal Engineer, AWS
jbd@amazon.com
@rakyll About me • Not a Linux developer. • Working
on monitoring, observability and performance. • Multi-tenancy and microservices focus.
@rakyll
@rakyll How does eBPF work? process JIT compiler Verifier Sockets
TCP/IP BPF Maps code (accessible from the user space)
@rakyll Where can eBPF hook into? - Kernel and user
functions - System calls - Network events - Kernel tracepoints
@rakyll Challenges in microservices
@rakyll Challenges in microservices We don’t just monitor VMs or
processes. We monitor critical paths.
@rakyll What’s next? service service database storage service
@rakyll What’s next? service service database storage service
@rakyll Challenges in microservices Context matters. Downstream stack don’t have
context.
@rakyll What’s next? process Linux kernel process process M:N Problem
@rakyll What’s next? process Linux kernel process process RPCs M:N
Problem
@rakyll What’s next? process Linux kernel process process RPCs container
container M:N Problem
@rakyll What’s next? process Linux kernel process process RPCs container
container Kubernetes pod, ECS task M:N Problem
@rakyll Challenges in microservices We initially debug RPCs. We debug
functions or syscalls secondarily.
@rakyll Challenges in microservices Too much data. Need runtime controls
to modify the collection.
@rakyll Challenges in microservices Instrumentation is a two-year roadmap. Data
is not consistent.
@rakyll Networking observability is core. Out of the box instrumentation
is essential. Extensibility in runtime is critical. Decoration and enrichment is needed.
@rakyll How does eBPF help?
@rakyll Network Diagnostics TCP, UDP, HTTP, gRPC metrics Inspect protocols
(MySQL, Postgres, ...)
@rakyll Service Maps
@rakyll Distributed Traces Automatically create request span if a trace
header is present. GET /users HTTP/1.1 Host: users.service Accept-Encoding: gzip, deflate Connection: Keep-Alive Traceparent: 00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01
@rakyll Fleet-wide Profiling context kernel
@rakyll Decorating with Context eBPF agent process JIT compiler Verifier
Sockets TCP/IP BPF Maps API Server
@rakyll Runtime Extensibility eBPF agent process JIT compiler Verifier Sockets
TCP/IP BPF Maps code
@rakyll Examples - Cillium/Hubble - Pixie - Flowmill
@rakyll What’s next? - High level language to write probes.
- Make eBPF agents widely available. - More platforms supporting eBPF. - Reusable eBPF event processing.
@rakyll Thank you Jaana Dogan jbd@amazon.com
rakyll
s6323859
ttskch
kishikawakatsumi
beberlei
satoshin
tkmru
hexarf
sidepelican
satoshi0212
whatyouhide
yasaichi
pkino
jponch
trallard
marktimemedia
erikaheidi
holman
reverentgeek
bryan
hatefulcrawdad
morganepeng
chrislema
deanohume
pauljervisheath
