linux 4 x tracing
play

Linux 4.x Tracing: Performance Analysis with bcc/BPF Brendan Gregg - PowerPoint PPT Presentation

Mar 29, 2023 •156 likes •864 views

Linux 4.x Tracing: Performance Analysis with bcc/BPF Brendan Gregg Senior Performance Architect Mar 2017 Linux tracing in the last 3 years How do we use these superpowers? Take aways 1. Understanding the value of Linux tracing superpowers

  1. Linux 4.x Tracing: Performance Analysis with bcc/BPF Brendan Gregg Senior Performance Architect Mar 2017

  2. Linux tracing in the last 3 years…

  3. How do we use these superpowers?

  4. Take aways 1. Understanding the value of Linux tracing superpowers 2. Upgrade to Linux 4.4+ (4.9 is beDer) 3. Ask for eBPF support in your perf analysis/monitoring tools

  6. Ye Olde BPF Berkeley Packet Filter OpVmizes packet filter # tcpdump host 127.0.0.1 and port 22 -d (000) ldh [12] performance (001) jeq #0x800 jt 2 jf 18 (002) ld [26] (003) jeq #0x7f000001 jt 6 jf 4 (004) ld [30] 2 x 32-bit registers (005) jeq #0x7f000001 jt 6 jf 18 & scratch memory (006) ldb [23] (007) jeq #0x84 jt 10 jf 8 (008) jeq #0x6 jt 10 jf 9 User-defined bytecode (009) jeq #0x11 jt 10 jf 18 executed by an in-kernel (010) ldh [20] (011) jset #0x1fff jt 18 jf 12 sandboxed virtual machine (012) ldxb 4*([14]&0xf) (013) ldh [x + 14] Steven McCanne and Van Jacobson, 1993 [...]

  7. Enhanced BPF aka eBPF or just "BPF" 10 x 64-bit registers maps (hashes) acIons Alexei Starovoitov, 2014+

  8. Enhanced BPF Use Cases User-Defined BPF Programs Kernel SDN ConfiguraIon RunIme Event Targets sockets DDoS MiIgaIon verifier kprobes Intrusion DetecIon uprobes BPF Container Security tracepoints BPF acVons perf_events Observability …

  9. Enhanced BPF is in Linux

  10. Demo

  11. New Observability Tools • Efficient, producVon safe, useful metrics: # biolatency -mT 1 Tracing block device I/O... Hit Ctrl-C to end. 06:20:16 msecs : count distribution 0 -> 1 : 36 |**************************************| 2 -> 3 : 1 |* | 4 -> 7 : 3 |*** | 8 -> 15 : 17 |***************** | 16 -> 31 : 33 |********************************** | 32 -> 63 : 7 |******* | 64 -> 127 : 6 |****** | […] These CLI tools may be useful even if you never use them, as examples of what to implement in GUIs

  12. New VisualizaVons and GUIs Eg, Neclix self-service UI: Flame Graphs Tracing Reports … Should be open sourced; you may also build/buy your own

  13. Introducing enhanced BPF BPF TRACING

  14. A Linux Tracing Timeline - 1990’s: StaVc tracers, prototype dynamic tracers - 2000: LTT + DProbes (dynamic tracing; not integrated) - 2004: kprobes (2.6.9) - 2005: DTrace (not Linux), SystemTap (out-of-tree) - 2008: irace (2.6.27) - 2009: perf_events (2.6.31) - 2009: tracepoints (2.6.32) - 2010-2016: irace & perf_events enhancements - 2012: uprobes (3.5) - 2014-2017: enhanced BPF patches: supporIng tracing events - 2016-2017: irace hist triggers also: LTTng, ktap, sysdig, ...

  15. Linux Events & BPF Support BPF output Linux 4.7 Linux 4.9 Linux 4.4 BPF stacks Linux 4.6 Linux 4.3 Linux 4.1 (version BPF support arrived) Linux 4.9

  16. Event Tracing Efficiency E.g., tracing TCP retransmits Kernel Old way : packet capture send 1. read tcpdump buffer 2. dump receive 1. read Analyzer 2. process file system disks 3. print New way : dynamic tracing tcp_retransmit_skb() Tracer 1. configure 2. read

  17. BPF Tracing Internals Observability Program Kernel load staVc tracing verifier BPF BPF program bytecode tracepoints aDach dynamic tracing event config BPF kprobes uprobes per-event data async output sampling, PMCs copy perf_events maps staVsVcs

  18. Introducing bcc BPF COMPILER COLLECTION

  19. bcc • BPF Compiler CollecVon Tracing layers: – hDps://github.com/iovisor/bcc – Lead developer: Brenden Blanco … bcc tool bcc tool • Includes tracing tools bcc … • Provides BPF front-ends: Python lua – Python front-ends – Lua user – C++ kernel – C helper libraries Kernel – golang (gobpf) BPF Events

  20. Raw BPF samples/bpf/sock_example.c 87 lines truncated

  21. C/BPF samples/bpf/tracex1_kern.c 58 lines truncated

  22. bcc/BPF (C & Python) bcc examples/tracing/bitehist.py enIre program

  23. ply/BPF hDps://github.com/iovisor/ply/blob/master/README.md enIre program

  24. The Tracing Landscape, Mar 2017 (my opinion) (less brutal) ply/BPF dtrace4L. ktap sysdig (many) perf Ease of use stap LTTng (hist triggers) irace recent changes bcc/BPF (mature) (alpha) C/BPF (brutal) Stage of Raw BPF Development Scope & Capability

  25. For end-users PERFORMANCE ANALYSIS WITH BCC/BPF

  26. Pre-BPF: Linux Perf Analysis in 60s 1. uptime 2. dmesg -T | tail 3. vmstat 1 4. mpstat -P ALL 1 5. pidstat 1 6. iostat -xz 1 7. free -m 8. sar -n DEV 1 9. sar -n TCP,ETCP 1 10. top hDp://techblog.neclix.com/2015/11/linux-performance-analysis-in-60s.html

  27. bcc InstallaVon • hDps://github.com/iovisor/bcc/blob/master/INSTALL.md • eg, Ubuntu Xenial: # echo "deb [trusted=yes] https://repo.iovisor.org/apt/xenial xenial-nightly main" |\ 
 sudo tee /etc/apt/sources.list.d/iovisor.list # sudo apt-get update # sudo apt-get install bcc-tools – Also available as an Ubuntu snap – Ubuntu 16.04 is good, 16.10 beDer: more tools work • Installs many tools – In /usr/share/bcc/tools, and …/tools/old for older kernels

  28. bcc tools

  29. bcc General Performance Checklist 1. execsnoop 2. opensnoop 3. ext4slower (…) 4. biolatency 5. biosnoop 6. cachestat 7. tcpconnect 8. tcpaccept 9. tcpretrans 10. gethostlatency 11. runqlat 12. profile

  30. 1. execsnoop • Trace new processes and debug short-lived process issues: # execsnoop PCOMM PID RET ARGS bash 15887 0 /usr/bin/man ls preconv 15894 0 /usr/bin/preconv -e UTF-8 man 15896 0 /usr/bin/tbl man 15897 0 /usr/bin/nroff -mandoc -rLL=169n -rLT=169n -Tutf8 man 15898 0 /usr/bin/pager -s nroff 15900 0 /usr/bin/locale charmap nroff 15901 0 /usr/bin/groff -mtty-char -Tutf8 -mandoc -rLL=169n ... groff 15902 0 /usr/bin/troff -mtty-char -mandoc -rLL=169n -rLT=16... groff 15903 0 /usr/bin/grotty […] Efficient: only traces exec()

  31. 2. opensnoop • Find config, log, and data files, and inefficient file usage: # opensnoop PID COMM FD ERR PATH 27159 catalina.sh 3 0 /apps/tomcat8/bin/setclasspath.sh 4057 redis-server 5 0 /proc/4057/stat 2360 redis-server 5 0 /proc/2360/stat 30668 sshd 4 0 /proc/sys/kernel/ngroups_max 30668 sshd 4 0 /etc/group 30668 sshd 4 0 /root/.ssh/authorized_keys 30668 sshd -1 2 /var/run/nologin 30668 sshd -1 2 /etc/nologin 30668 sshd 4 0 /etc/login.defs 30668 sshd 4 0 /etc/passwd […] Like "strace -feopen", but system-wide and low overhead

  32. 3. ext4slower • Trace slow FS I/O, to beDer idenVfy I/O issues and outliers: # ext4slower 1 Tracing ext4 operations slower than 1 ms TIME COMM PID T BYTES OFF_KB LAT(ms) FILENAME 06:49:17 bash 3616 R 128 0 7.75 cksum 06:49:17 cksum 3616 R 39552 0 1.34 [ 06:49:17 cksum 3616 R 96 0 5.36 2to3-2.7 06:49:17 cksum 3616 R 96 0 14.94 2to3-3.4 06:49:17 cksum 3616 R 10320 0 6.82 411toppm 06:49:17 cksum 3616 R 65536 0 4.01 a2p 06:49:17 cksum 3616 R 55400 0 8.77 ab 06:49:17 cksum 3616 R 36792 0 16.34 aclocal-1.14 […] More reliable and complete indicator than measuring disk I/O latency Also: btrfsslower, xfsslower, zfsslower

  33. 4. biolatency • IdenVfy mulVmodal latency and outliers with a histogram: # biolatency -mT 1 The "count" column is Tracing block device I/O... Hit Ctrl-C to end. summarized in-kernel 06:20:16 msecs : count distribution 0 -> 1 : 36 |**************************************| 2 -> 3 : 1 |* | 4 -> 7 : 3 |*** | 8 -> 15 : 17 |***************** | 16 -> 31 : 33 |********************************** | 32 -> 63 : 7 |******* | 64 -> 127 : 6 |****** | […] Average latency (iostat/sar) may not be represenVVve with mulVple modes or outliers

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Linux 4.x Tracing Tools Using BPF Superpowers Brendan Gregg, NeElix bgregg@neElix.com December

Linux 4.x Tracing Tools Using BPF Superpowers Brendan Gregg, NeElix bgregg@neElix.com December

Linux 4.x Tracing Tools Using BPF Superpowers Brendan Gregg, NeElix bgregg@neElix.com December 49, 2016 | Boston, MA www.usenix.org/lisa16 #lisa16 Demo Gme GIVE ME 15 MINUTES AND I'LL CHANGE YOUR VIEW OF LINUX TRACING

814 views • 68 slides
Linux Plumbers Conference Tracing Summit 2012 Interoperability Between Tracing Tools with the

Linux Plumbers Conference Tracing Summit 2012 Interoperability Between Tracing Tools with the

Linux Plumbers Conference Tracing Summit 2012 Interoperability Between Tracing Tools with the Common Trace Format (CTF) E-mail: mathieu.desnoyers@efficios.com Mathieu Desnoyers August 30th, 2012 1 > Presenter Mathieu Desnoyers

421 views • 24 slides
New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

<Insert Picture Here> New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015 Overview BPF eBPF eBPF main concepts and elements eBPF

601 views • 42 slides
LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux

LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux

LinuxCon Europe 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux distribution. E-mail: mathieu.desnoyers@efficios.com Mathieu Desnoyers October 26th, 2011 1 > Buzzword compliant ! LTT: Linux Trace Toolkit

438 views • 32 slides
HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers

HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers

HyperTracing Tracing Through Virtualization Layers Abderrahmane Benbachir Linux Plumbers Conference, September, 2017 cole Polytechnique de Montral Laboratoire DORSAL What is hypertracing? Hy Hypertra racing cing = Offloading traces from

450 views • 8 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace,

Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace,

Tracing and Profiling MySQL Mostly with Linux tools: from strace and gdb to ftrace, bpftrace, perf and dynamic probes Valerii Kravchuk, Principal Support Engineer, MariaDB vkravchuk@gmail.com 1 Who am I? Valerii (aka Valeriy ) Kravchuk :

549 views • 27 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
Linux Plumbers Conference 2011 LTTng 2.0 : Application, Library and Kernel tracing within your

Linux Plumbers Conference 2011 LTTng 2.0 : Application, Library and Kernel tracing within your

Linux Plumbers Conference 2011 LTTng 2.0 : Application, Library and Kernel tracing within your Linux distribution. E-mail: mathieu.desnoyers@efficios.com Mathieu Desnoyers September 9th, 2011 1 > Presenter Mathieu Desnoyers

421 views • 23 slides
Using the Linux Tracing Infrastructure Jan Altenberg Linutronix GmbH Jan Altenberg Linutronix

Using the Linux Tracing Infrastructure Jan Altenberg Linutronix GmbH Jan Altenberg Linutronix

Using the Linux Tracing Infrastructure Jan Altenberg Linutronix GmbH Jan Altenberg Linutronix GmbH 1 Overview . Linutronix GmbH Jan Altenberg 9 Tracecompass . . 8 Kernelshark . . 7 trace-cmd . . 6 uprobes . 5 kprobes . . . 4

944 views • 52 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org

Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org

Ftrace Linux Kernel Tracing Steven Rostedt srostedt@redhat.com rostedt@goodmis.org http://people.redhat.com/srostedt/ trace-tokyo-2010.odp Who am I? What is Ftrace? What is Ftrace? Traces the internal operations of the kernel What is

542 views • 50 slides
Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface Removal problem Evaluates an improved global illumination model shadows ideal specular reflections ideal specular refractions

586 views • 19 slides
Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II Overview Last lecture Ray tracing I Basic ray tracing What is possible? Recursive ray tracing algorithm Intersection

873 views • 84 slides
Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows Acceleration Data Structures Antialiasing (getting rid of jaggies) for Ray Tracing Glossy reflection Motion blur Depth of field (focus)

940 views • 10 slides
Linux Systems Performance Brendan Gregg Senior Performance Engineer USENIX LISA 2019, Portland,

Linux Systems Performance Brendan Gregg Senior Performance Engineer USENIX LISA 2019, Portland,

Oct, 2019 Linux Systems Performance Brendan Gregg Senior Performance Engineer USENIX LISA 2019, Portland, Oct 28-30 Experience: A 3x Perf Difgerence mpstat load averages: serverA 90, serverB 17 serverA# mpstat 10 Linux 4.4.0-130-generic

652 views • 64 slides
Zoonotic Infections I have nothing to disclose Carol Glaser, DVM, MPVM, MD Pediatric Infectious

Zoonotic Infections I have nothing to disclose Carol Glaser, DVM, MPVM, MD Pediatric Infectious

Zoonotic Infections I have nothing to disclose Carol Glaser, DVM, MPVM, MD Pediatric Infectious Diseases University of California, San Francisco Outline What is a Zoonosis? Overview of Zoonoses Potpourri of topics Case presentation of

336 views • 16 slides
The Paradoxes of Confirmation Suppose we give up counting how often we see an event as the measure

The Paradoxes of Confirmation Suppose we give up counting how often we see an event as the measure

The Paradoxes of Confirmation Suppose we give up counting how often we see an event as the measure of its probability and instead move to looking at how expected an event is. At the start of the reading for today, John Leslie says the following:

238 views • 13 slides
Machine Learning - MT 2017 7 Bayesian Approach to Machine Learning Christoph Haase University of

Machine Learning - MT 2017 7 Bayesian Approach to Machine Learning Christoph Haase University of

Machine Learning - MT 2017 7 Bayesian Approach to Machine Learning Christoph Haase University of Oxford October 23, 2017 Frequentist vs Bayesian Approaches Different views on probability: Frequentists: Probability of an event represents

469 views • 32 slides
Rewriting Pointer Dereferences in bcc with Clang Paul Chaignon Orange Labs, France February 3,

Rewriting Pointer Dereferences in bcc with Clang Paul Chaignon Orange Labs, France February 3,

The bcc Project Clang Rewriter in bcc Rewriting Pointer Dereferences in bcc with Clang Paul Chaignon Orange Labs, France February 3, 2019 FOSDEM 2019, January 2, 2019 The bcc Project Clang Rewriter in bcc The bcc Project 1/19 FOSDEM

560 views • 27 slides
Basics of Skin Cancer Large majority caused by sun exposure Often sun exposure before age

Basics of Skin Cancer Large majority caused by sun exposure Often sun exposure before age

Basics of Skin Cancer Large majority caused by sun exposure Often sun exposure before age 20 Detection and Treatment of Non- Persons who burn easily and tan poorly are at Melanoma Skin Cancers greatest risk Toby Maurer, MD

446 views • 19 slides
11/8/2014 Cutaneous Carcinomas Most common malignancy in world Otolaryngology-Head and Neck

11/8/2014 Cutaneous Carcinomas Most common malignancy in world Otolaryngology-Head and Neck

11/8/2014 Cutaneous Carcinomas Most common malignancy in world Otolaryngology-Head and Neck Surgery Ivan El-Sayed, MD, FACS Update changes in trends, staging, and Director Center for Minimally Invasive Skull Base Surgery. management

377 views • 18 slides
Introduction to low-level profjling and tracing EuroPython 2019 / Basel 2019-07-11 Christian

Introduction to low-level profjling and tracing EuroPython 2019 / Basel 2019-07-11 Christian

Introduction to low-level profjling and tracing EuroPython 2019 / Basel 2019-07-11 Christian Heimes Principal Software Engineer christian@python.org / cheimes@redhat.com @ChristianHeimes Our systems block every 5 minutes. We are loosing

942 views • 71 slides

More recommend