Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
eBPF in Microservices Observability
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
JBD
August 18, 2021
Programming
1
1.7k
eBPF in Microservices Observability
JBD
August 18, 2021
Tweet
Share
More Decks by JBD
See All by JBD
eBPF in Microservices Observability at eBPF Day
rakyll
1
2.2k
OpenTelemetry at AWS
rakyll
1
1.9k
Debugging Code Generation in Go
rakyll
5
1.6k
Are you ready for production?
rakyll
8
2.9k
Servers are doomed to fail
rakyll
3
1.6k
Serverless Containers
rakyll
1
270
Critical Path Analysis
rakyll
0
680
Monitoring and Debugging Containers
rakyll
2
1.1k
CPDD
rakyll
0
4.3k
Other Decks in Programming
See All in Programming
AIによるイベントストーミング図からのコード生成 / AI-powered code generation from Event Storming diagrams
nrslib
2
1.9k
[KNOTS 2026登壇資料]AIで拡張‧交差する プロダクト開発のプロセス および携わるメンバーの役割
hisatake
0
300
ぼくの開発環境2026
yuzneri
0
240
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
momok47
0
200
余白を設計しフロントエンド開発を 加速させる
tsukuha
7
2.1k
MUSUBIXとは
nahisaho
0
140
15年続くIoTサービスの SREエンジニアが挑む 分散トレーシング導入
melonps
2
230
プロダクトオーナーから見たSOC2 _SOC2ゆるミートアップ#2
kekekenta
0
220
IFSによる形状設計/デモシーンの魅力 @ 慶應大学SFC
gam0022
1
310
MDN Web Docs に日本語翻訳でコントリビュート
ohmori_yusuke
0
660
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
tetutetu214
2
120
Fluid Templating in TYPO3 14
s2b
0
130
Featured
See All Featured
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
230
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
0
1.1k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
650
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.1k
Making the Leap to Tech Lead
cromwellryan
135
9.7k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
0
160
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.1k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
470
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
0
260
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
310
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
260
Transcript
@rakyll eBPF in Microservices Observability Jaana Dogan Principal Engineer, AWS
[email protected]
@rakyll About me • Not a Linux developer. • Working
on monitoring, observability and performance. • Multi-tenancy and microservices focus.
@rakyll
@rakyll How does eBPF work? process JIT compiler Verifier Sockets
TCP/IP BPF Maps code (accessible from the user space)
@rakyll Where can eBPF hook into? - Kernel and user
functions - System calls - Network events - Kernel tracepoints
@rakyll Challenges in microservices
@rakyll Challenges in microservices We don’t just monitor VMs or
processes. We monitor critical paths.
@rakyll What’s next? service service database storage service
@rakyll What’s next? service service database storage service
@rakyll Challenges in microservices Context matters. Downstream stack don’t have
context.
@rakyll What’s next? process Linux kernel process process M:N Problem
@rakyll What’s next? process Linux kernel process process RPCs M:N
Problem
@rakyll What’s next? process Linux kernel process process RPCs container
container M:N Problem
@rakyll What’s next? process Linux kernel process process RPCs container
container Kubernetes pod, ECS task M:N Problem
@rakyll Challenges in microservices We initially debug RPCs. We debug
functions or syscalls secondarily.
@rakyll Challenges in microservices Too much data. Need runtime controls
to modify the collection.
@rakyll Challenges in microservices Instrumentation is a two-year roadmap. Data
is not consistent.
@rakyll Networking observability is core. Out of the box instrumentation
is essential. Extensibility in runtime is critical. Decoration and enrichment is needed.
@rakyll How does eBPF help?
@rakyll Network Diagnostics TCP, UDP, HTTP, gRPC metrics Inspect protocols
(MySQL, Postgres, ...)
@rakyll Service Maps
@rakyll Distributed Traces Automatically create request span if a trace
header is present. GET /users HTTP/1.1 Host: users.service Accept-Encoding: gzip, deflate Connection: Keep-Alive Traceparent: 00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01
@rakyll Fleet-wide Profiling context kernel
@rakyll Decorating with Context eBPF agent process JIT compiler Verifier
Sockets TCP/IP BPF Maps API Server
@rakyll Runtime Extensibility eBPF agent process JIT compiler Verifier Sockets
TCP/IP BPF Maps code
@rakyll Examples - Cillium/Hubble - Pixie - Flowmill
@rakyll What’s next? - High level language to write probes.
- Make eBPF agents widely available. - More platforms supporting eBPF. - Reusable eBPF event processing.
@rakyll Thank you Jaana Dogan
[email protected]
rakyll
nrslib
hisatake
yuzneri
momok47
tsukuha
nahisaho
melonps
kekekenta
gam0022
ohmori_yusuke
tetutetu214
s2b
inesmontani
aleyda
nmsamuel
cromwellryan
minecr
charlesmeaden
kimpetersen
reverentgeek
tmiket
![@rakyll Thank you Jaana Dogan [email protected]](https://files.speakerdeck.com/presentations/b6a155889fd74dba8bd968671af5e2d3/slide_27.jpg){kind=link}