low overhead system tracing with ebpf
play

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps - PowerPoint PPT Presentation

Jul 11, 2023 •364 likes •632 views

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018 Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF You don't need to know how to operate

  1. Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

  2. Low-Overhead System Tracing With eBPF

  3. Low-Overhead System Tracing With eBPF

  4. Low-Overhead System Tracing With eBPF

  5. You don't need to know how to operate an X-ray machine, but you do need to know that if you swallow a penny, an X-ray is an option! ~ www.bredangregg.com

  6. EVOLUTION OF BPF REGISTER BASED (2) EXPOSED TO USER SPACE LESSER COPIES KERNEL FILTERS BPF VIRTUAL BPF SYSTEM CALL MACHINE Before 1992 2013 Today ----------------------------------------------------------------------- 1993 2014 CLASSIC PKT. FILTERING EXTENDED BPF ADDTL. PROBES UPROBES, KPROBES STACK BASED IMPROVED ISA & eBPF MAPS USDT, TRACEPOINTS KERNEL -> USPACE COPIES MORE REGISTERS (10)

  7. tcpdump -n "dst host 192.168.1.1 and dst port 23"

  8. HOW BPF WORKS ? # Credits : https://suchakra.wordpress.com/

  9. BCC (BPF COMPILER COLLECTION) https://github.com/iovisor/bcc • Lead Developer – Brenden Blanco • #Credits : Sasha Goldshtein

  11. BCC Tools [examples…]

  12. BCC Tools [examples…]

  13. BCC Tools [examples…]

  14. BCC Tools [examples…]

  15. Flamegraphs [ BCC/BPF Visualizations ]

  16. Call Stacks No. of Samples Flamegraphs [ BCC/BPF Visualizations] (Source : https://blog.cloudflare.com/tracing-system-cpu-on-debian-stretch/)

  17. BPF and Containers

  18. BPF and containers… • Namespaces Restricts Visibility • mnt CONTAINER • pid PID X net • . . . • PID Y HOST

  19. BPF and containers… • Namespaces Restricts Quota/Usage • CGroups • cpu CONTAINER 1 CONTAINER 2 • mem blkio • . . . • HOST CPU SHARES

  20. BPF and containers… • Namespaces • CGroups • Analysis from the host 0x7f82b510ddda • PID Mappings (/sys/fs/cgroup/docker/*) 0x7f82b510999d • Symbol file locations 0x7f82b510f665 0x7f82b510t546

  21. BPF and containers… • Namespaces BCC APP APP TOOLS ON CONTAINER 1 CONTAINER 2 HOST • CGroups • Analysis from the host • PID Mappings (/sys/fs/cgroup*) • Symbol file locations KERNEL EVENTS • Deployment Methodologies

  22. BPF and containers… • Namespaces APP APP BCC CONTAINER 1 CONTAINER 2 CONTAINER 3 • CGroups • Analysis from the host • PID Mappings (/sys/fs/cgroup*) • Symbol file locations KERNEL EVENTS • Deployment Methodologies

  23. DEMO NETWORKING OBSERVABILITY SECURITY

  24. BPF Implementations… - Seccomp Control system calls made by a process • - Cilium Controls Networking, Security and Load Balancing for containers • - Weavescope Observability into containerized application stacks like Docker and Kubernetes • - Iptables Bpfilter implementations to optimize ingress/outgress security rules • - Systemtap BPF backend for optimizations •

  25. References @Follow Sasha Goldshtein (goldshtn) https://github.com/iovisor/bcc http://man7.org/linux/man-pages/man2/bpf.2.html Brendan Gregg (brendangregg) http://brendangregg.com/ebpf.html https://github.com/goldshtn/linux-tracing-workshop Suchakra (tuxology) https://suchakra.wordpress.com/ - eBPF Julia Evans (b0rk) https://blog.yadutaf.fr/ - Networking & eBPF https://jvns.ca/blog/2017/07/05/linux-tracing-systems/ https://www.youtube.com/watch?v=aaTQM7wcmfk – Kernel Meetup | eBPF https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/ https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/ https://lwn.net/Articles/740157/ - Thorough eBPF intro https://developers.redhat.com/blog/2017/12/13/introducing-stapbpf-systemtaps-new-bpf-backend/ https://lwn.net/Articles/747551/ - BPF comes to firewalls

  26. Thank You ! akshay.kapoor@sap.com akskap akskap akskap

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

System call tracing overhead Jrg Zinke Potsdam University Institute for Computer Science

System call tracing overhead Jrg Zinke Potsdam University Institute for Computer Science

System call tracing overhead Jrg Zinke Potsdam University Institute for Computer Science Operating Systems and Distributed Systems Dresden, 2009/10/29 Outline Introduction 1 2 System call Related work 3 Ptrace 4 Systrace 5 6

893 views • 51 slides
New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

<Insert Picture Here> New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015 Overview BPF eBPF eBPF main concepts and elements eBPF

601 views • 42 slides
Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi

Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi

Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi hirzel@colorado.edu trishulc@microsoft.com FDDO4 December 2001 Austin, Texas Low-overhead temporal profiling Low overhead Intended

628 views • 17 slides
eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

# biolatency.bt Attaching 3 probes... Tracing block device I/O... Hit Ctrl-C to end. eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 | | [512, 1K) 10 |@

933 views • 39 slides
File System Performance File System Performance Memory mapped files - Avoid system call overhead

File System Performance File System Performance Memory mapped files - Avoid system call overhead

CS510 Operating System Foundations Jonathan Walpole File System Performance File System Performance Memory mapped files - Avoid system call overhead Buffer cache - Avoid disk I/O overhead Careful data placement on disk - Avoid seek overhead

742 views • 61 slides
Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Linux Plumbers Conference 2019 eBPF conf Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall mathieu.desnoyers@efcios.com Restartable Sequences (RSEQ) in a nutshell System call registering

457 views • 9 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -> NFP

668 views • 24 slides
Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

FOSDEM20 Brussels, 2020-02-01 Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q. Monnet eBPF Update 2/18 eBPF Basics New Features eBPF Universe eBPF Basics Q. Monnet

531 views • 18 slides
Analyzing DPDK applications with eBPF Sharpening the toolset Stephen Hemminger Fosdem, February

Analyzing DPDK applications with eBPF Sharpening the toolset Stephen Hemminger Fosdem, February

Analyzing DPDK applications with eBPF Sharpening the toolset Stephen Hemminger Fosdem, February 1, 2020 Microsoft 1 Table of Contents Introduction Packet Capture Tracing Lttng Bpftrace Performance Conclusion 2 Introduction Ancient

875 views • 60 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium project fosdem17, February 4, 2017 Daniel Borkmann eBPF in tcs cls bpf and XDP February 4, 2017 1 / 11 Big Picture: eBPF and Networking eBPF:

476 views • 11 slides
Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek

Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek

Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek Philipp Lengauer 2015-11-05 Configuration Hell OpenJDK 8 681 VM parameters (1300+ including tracing and debugging flags) ~ 10 205 configurations

329 views • 14 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

429 views • 39 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface Removal problem Evaluates an improved global illumination model shadows ideal specular reflections ideal specular refractions

586 views • 19 slides
Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh,

Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh,

Kubernetes networking with Calico Hemanth Nakkina, Solution Architect, Ericsson Abhijeet Singh, Director, AT&T Uday T Kumar, Solution Architect, Ericsson There is no such thing as Container Networking Kelsey Hightower,

928 views • 9 slides
Rethinking the Linux kernel Thomas Graf Cilium Project, Co-Founder & CTO, Isovalent

Rethinking the Linux kernel Thomas Graf Cilium Project, Co-Founder & CTO, Isovalent

Rethinking the Linux kernel Thomas Graf Cilium Project, Co-Founder & CTO, Isovalent Remember GeoCities? 2 Cameron Askin: Camerons World What enabled this evolution? Programmable Platform Markup Only (HTML) 3 Programmability

467 views • 24 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Life on Earth FROM CHEMISTRY TO BIOLOGY You re all atoms, in Earthly proportions. By number

Life on Earth FROM CHEMISTRY TO BIOLOGY You re all atoms, in Earthly proportions. By number

Life on Earth FROM CHEMISTRY TO BIOLOGY You re all atoms, in Earthly proportions. By number of atoms: H 55% O 28% C 10% N 5% Water is Special Three-quarters of the Earth s surface is submerged in water The abundance of

453 views • 29 slides
KO UNIVERSITY the perfect partner for R&D http://www.ku.edu.tr ABOUT KO UNIVERSITY

KO UNIVERSITY the perfect partner for R&D http://www.ku.edu.tr ABOUT KO UNIVERSITY

KO UNIVERSITY the perfect partner for R&D http://www.ku.edu.tr ABOUT KO UNIVERSITY Established by Vehbi Ko Foundation in 1993 as a non- profit private university in stanbul, Ko University continually strives to: Be a center of

832 views • 13 slides
10 th Annual General Meeting 15 July 2020 IMPORTANT NOTICE This presentation shall be read in

10 th Annual General Meeting 15 July 2020 IMPORTANT NOTICE This presentation shall be read in

10 th Annual General Meeting 15 July 2020 IMPORTANT NOTICE This presentation shall be read in conjunction with Mapletree Industrial Trusts (MIT) financial statements for the financial year ended 31 March 2020. This presentation is for

436 views • 33 slides
Construction of a Mathematical Model of a Cell as a Challenge for Science in the 21 Century and

Construction of a Mathematical Model of a Cell as a Challenge for Science in the 21 Century and

Enabling Grids for E-sciencE Construction of a Mathematical Model of a Cell as a Challenge for Science in the 21 Century and EGEE Project Victor Lakhno Institute of Mathematical Problems of Biology RAS EGEE User Forum CERN, 01-03.03.2006

440 views • 12 slides
PRESENTATION An ISO 9001-2015 Certified Company DSIR Recognized R&D Facility D&B D-U-N-S

PRESENTATION An ISO 9001-2015 Certified Company DSIR Recognized R&D Facility D&B D-U-N-S

CORPORATE PRESENTATION An ISO 9001-2015 Certified Company DSIR Recognized R&D Facility D&B D-U-N-S Number 65-061-8049 Symphony Pharma Life Sciences July 2019 Page 2 ABOUT US Established in 2008 Technology driven organization

671 views • 20 slides

More recommend