Upgrade to Pro — share decks privately, control downloads, hide ads and more …

eBPF in Microservices Observability

Avatar for JBD JBD
August 18, 2021
Programming
1
1.7k

eBPF in Microservices Observability

Avatar for JBD

JBD

August 18, 2021
Tweet

More Decks by JBD

See All by JBD
eBPF in Microservices Observability at eBPF Day
Avatar for JBD rakyll
1
2.2k
OpenTelemetry at AWS
Avatar for JBD rakyll
1
1.9k
Debugging Code Generation in Go
Avatar for JBD rakyll
5
1.6k
Are you ready for production?
Avatar for JBD rakyll
8
2.9k
Servers are doomed to fail
Avatar for JBD rakyll
3
1.6k
Serverless Containers
Avatar for JBD rakyll
1
280
Critical Path Analysis
Avatar for JBD rakyll
0
690
Monitoring and Debugging Containers
Avatar for JBD rakyll
2
1.1k
CPDD
Avatar for JBD rakyll
0
4.3k

Other Decks in Programming

See All in Programming
PostgreSQL を使った快適な go test 環境を求めて
Avatar for Kotaro Otaka otakakot
0
400
Railsの気持ちを考えながらコントローラとビューを整頓する/tidying-rails-controllers-and-views-as-rails-think
Avatar for MOROHASHI Kyosuke moro
4
370
AIプロダクト時代のQAエンジニアに求められること
Avatar for imtnd imtnd
2
700
「やめとこ」がなくなった — 1月にZennを始めて22本書いた AI共創開発のリアル
Avatar for atani atani14
0
350
nuget-server - あなたが必要だったNuGetサーバー
Avatar for Kouji Matsui kekyo
PRO
0
170
Raku Raku Notion 20260128
Avatar for hareyaka hareyakayuruyaka
0
430
20260228_JAWS_Beginner_Kansai
Avatar for Takuya Yonezawa takuyay0ne
5
440
モジュラモノリスにおける境界をGoのinternalパッケージで守る
Avatar for magavel magavel
0
3.4k
浮動小数の比較について
Avatar for Kishikawa Katsumi kishikawakatsumi
0
380
社内規程RAGの精度を73.3% → 100%に改善した話
Avatar for oharu121 oharu121
13
7.5k
米国のサイバーセキュリティタイムラインと見る Goの暗号パッケージの進化
Avatar for tom twinkle tomtwinkle
2
420
2026年は Rust 置き換えが流行る! / 20260220-niigata-5min-tech
Avatar for girigiribauer girigiribauer
0
220

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
Ethics towards AI in product and experience design
Avatar for Skipper Chong Warson skipperchong
2
210
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
133
19k
svc-hook: hooking system calls on ARM64 by binary rewriting
Avatar for Akira Moroo retrage
2
140
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
122
21k
AI: The stuff that nobody shows you
Avatar for John Nunemaker jnunemaker
PRO
3
350
Odyssey Design
Avatar for Ryan Kendrick rkendrick25
PRO
2
530
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
77
5.3k
Utilizing Notion as your number one productivity tool
Avatar for Mfonobong Umondia mfonobong
4
240
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
120
Highjacked: Video Game Concept Design
Avatar for Ryan Kendrick rkendrick25
PRO
1
310

Transcript

  1. @rakyll eBPF in Microservices Observability Jaana Dogan Principal Engineer, AWS

    [email protected]

  2. @rakyll About me • Not a Linux developer. • Working

    on monitoring, observability and performance. • Multi-tenancy and microservices focus.

  3. @rakyll

  4. @rakyll How does eBPF work? process JIT compiler Verifier Sockets

    TCP/IP BPF Maps code (accessible from the user space)

  5. @rakyll Where can eBPF hook into? - Kernel and user

    functions - System calls - Network events - Kernel tracepoints

  6. @rakyll Challenges in microservices

  7. @rakyll Challenges in microservices We don’t just monitor VMs or

    processes. We monitor critical paths.

  8. @rakyll What’s next? service service database storage service

  9. @rakyll What’s next? service service database storage service

  10. @rakyll Challenges in microservices Context matters. Downstream stack don’t have

    context.

  11. @rakyll What’s next? process Linux kernel process process M:N Problem

  12. @rakyll What’s next? process Linux kernel process process RPCs M:N

    Problem

  13. @rakyll What’s next? process Linux kernel process process RPCs container

    container M:N Problem

  14. @rakyll What’s next? process Linux kernel process process RPCs container

    container Kubernetes pod, ECS task M:N Problem

  15. @rakyll Challenges in microservices We initially debug RPCs. We debug

    functions or syscalls secondarily.

  16. @rakyll Challenges in microservices Too much data. Need runtime controls

    to modify the collection.

  17. @rakyll Challenges in microservices Instrumentation is a two-year roadmap. Data

    is not consistent.

  18. @rakyll Networking observability is core. Out of the box instrumentation

    is essential. Extensibility in runtime is critical. Decoration and enrichment is needed.

  19. @rakyll How does eBPF help?

  20. @rakyll Network Diagnostics TCP, UDP, HTTP, gRPC metrics Inspect protocols

    (MySQL, Postgres, ...)

  21. @rakyll Service Maps

  22. @rakyll Distributed Traces Automatically create request span if a trace

    header is present. GET /users HTTP/1.1 Host: users.service Accept-Encoding: gzip, deflate Connection: Keep-Alive Traceparent: 00-4bf92f3577b34da6a3ce929d0e0e4736-00f067aa0ba902b7-01

  23. @rakyll Fleet-wide Profiling context kernel

  24. @rakyll Decorating with Context eBPF agent process JIT compiler Verifier

    Sockets TCP/IP BPF Maps API Server

  25. @rakyll Runtime Extensibility eBPF agent process JIT compiler Verifier Sockets

    TCP/IP BPF Maps code

  26. @rakyll Examples - Cillium/Hubble - Pixie - Flowmill

  27. @rakyll What’s next? - High level language to write probes.

    - Make eBPF agents widely available. - More platforms supporting eBPF. - Reusable eBPF event processing.

  28. @rakyll Thank you Jaana Dogan [email protected]