low overhead system tracing with ebpf
play

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps - PowerPoint PPT Presentation

Jul 11, 2023 •364 likes •632 views

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018 Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF You don't need to know how to operate

  1. Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

  2. Low-Overhead System Tracing With eBPF

  3. Low-Overhead System Tracing With eBPF

  4. Low-Overhead System Tracing With eBPF

  5. You don't need to know how to operate an X-ray machine, but you do need to know that if you swallow a penny, an X-ray is an option! ~ www.bredangregg.com

  6. EVOLUTION OF BPF REGISTER BASED (2) EXPOSED TO USER SPACE LESSER COPIES KERNEL FILTERS BPF VIRTUAL BPF SYSTEM CALL MACHINE Before 1992 2013 Today ----------------------------------------------------------------------- 1993 2014 CLASSIC PKT. FILTERING EXTENDED BPF ADDTL. PROBES UPROBES, KPROBES STACK BASED IMPROVED ISA & eBPF MAPS USDT, TRACEPOINTS KERNEL -> USPACE COPIES MORE REGISTERS (10)

  7. tcpdump -n "dst host 192.168.1.1 and dst port 23"

  8. HOW BPF WORKS ? # Credits : https://suchakra.wordpress.com/

  9. BCC (BPF COMPILER COLLECTION) https://github.com/iovisor/bcc • Lead Developer – Brenden Blanco • #Credits : Sasha Goldshtein

  11. BCC Tools [examples…]

  12. BCC Tools [examples…]

  13. BCC Tools [examples…]

  14. BCC Tools [examples…]

  15. Flamegraphs [ BCC/BPF Visualizations ]

  16. Call Stacks No. of Samples Flamegraphs [ BCC/BPF Visualizations] (Source : https://blog.cloudflare.com/tracing-system-cpu-on-debian-stretch/)

  17. BPF and Containers

  18. BPF and containers… • Namespaces Restricts Visibility • mnt CONTAINER • pid PID X net • . . . • PID Y HOST

  19. BPF and containers… • Namespaces Restricts Quota/Usage • CGroups • cpu CONTAINER 1 CONTAINER 2 • mem blkio • . . . • HOST CPU SHARES

  20. BPF and containers… • Namespaces • CGroups • Analysis from the host 0x7f82b510ddda • PID Mappings (/sys/fs/cgroup/docker/*) 0x7f82b510999d • Symbol file locations 0x7f82b510f665 0x7f82b510t546

  21. BPF and containers… • Namespaces BCC APP APP TOOLS ON CONTAINER 1 CONTAINER 2 HOST • CGroups • Analysis from the host • PID Mappings (/sys/fs/cgroup*) • Symbol file locations KERNEL EVENTS • Deployment Methodologies

  22. BPF and containers… • Namespaces APP APP BCC CONTAINER 1 CONTAINER 2 CONTAINER 3 • CGroups • Analysis from the host • PID Mappings (/sys/fs/cgroup*) • Symbol file locations KERNEL EVENTS • Deployment Methodologies

  23. DEMO NETWORKING OBSERVABILITY SECURITY

  24. BPF Implementations… - Seccomp Control system calls made by a process • - Cilium Controls Networking, Security and Load Balancing for containers • - Weavescope Observability into containerized application stacks like Docker and Kubernetes • - Iptables Bpfilter implementations to optimize ingress/outgress security rules • - Systemtap BPF backend for optimizations •

  25. References @Follow Sasha Goldshtein (goldshtn) https://github.com/iovisor/bcc http://man7.org/linux/man-pages/man2/bpf.2.html Brendan Gregg (brendangregg) http://brendangregg.com/ebpf.html https://github.com/goldshtn/linux-tracing-workshop Suchakra (tuxology) https://suchakra.wordpress.com/ - eBPF Julia Evans (b0rk) https://blog.yadutaf.fr/ - Networking & eBPF https://jvns.ca/blog/2017/07/05/linux-tracing-systems/ https://www.youtube.com/watch?v=aaTQM7wcmfk – Kernel Meetup | eBPF https://cilium.io/blog/2018/04/17/why-is-the-kernel-community-replacing-iptables/ https://blog.yadutaf.fr/2016/03/30/turn-any-syscall-into-event-introducing-ebpf-kernel-probes/ https://lwn.net/Articles/740157/ - Thorough eBPF intro https://developers.redhat.com/blog/2017/12/13/introducing-stapbpf-systemtaps-new-bpf-backend/ https://lwn.net/Articles/747551/ - BPF comes to firewalls

  26. Thank You ! akshay.kapoor@sap.com akskap akskap akskap

Recommend

System call tracing overhead Jrg Zinke Potsdam University Institute for Computer Science

System call tracing overhead Jrg Zinke Potsdam University Institute for Computer Science

System call tracing overhead Jrg Zinke Potsdam University Institute for Computer Science Operating Systems and Distributed Systems Dresden, 2009/10/29 Outline Introduction 1 2 System call Related work 3 Ptrace 4 Systrace 5 6

893 views • 51 slides
New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

<Insert Picture Here> New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015 Overview BPF eBPF eBPF main concepts and elements eBPF

601 views • 42 slides
Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi

Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi

Bursty Tracing: A Framework for Low-Overhead Temporal Profiling Martin Hirzel Trishul Chilimbi hirzel@colorado.edu trishulc@microsoft.com FDDO4 December 2001 Austin, Texas Low-overhead temporal profiling Low overhead Intended

628 views • 17 slides
eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 |

# biolatency.bt Attaching 3 probes... Tracing block device I/O... Hit Ctrl-C to end. eBPF Perf Tools 2019 ^C @usecs: [256, 512) 2 | | [512, 1K) 10 |@

933 views • 39 slides
File System Performance File System Performance Memory mapped files - Avoid system call overhead

File System Performance File System Performance Memory mapped files - Avoid system call overhead

CS510 Operating System Foundations Jonathan Walpole File System Performance File System Performance Memory mapped files - Avoid system call overhead Buffer cache - Avoid disk I/O overhead Careful data placement on disk - Avoid seek overhead

742 views • 61 slides
Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Linux Plumbers Conference 2019 eBPF conf Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall mathieu.desnoyers@efcios.com Restartable Sequences (RSEQ) in a nutshell System call registering

457 views • 9 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -> NFP

668 views • 24 slides
Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

FOSDEM20 Brussels, 2020-02-01 Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q. Monnet eBPF Update 2/18 eBPF Basics New Features eBPF Universe eBPF Basics Q. Monnet

531 views • 18 slides
Analyzing DPDK applications with eBPF Sharpening the toolset Stephen Hemminger Fosdem, February

Analyzing DPDK applications with eBPF Sharpening the toolset Stephen Hemminger Fosdem, February

Analyzing DPDK applications with eBPF Sharpening the toolset Stephen Hemminger Fosdem, February 1, 2020 Microsoft 1 Table of Contents Introduction Packet Capture Tracing Lttng Bpftrace Performance Conclusion 2 Introduction Ancient

875 views • 60 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann <daniel@iogearbox.net> cilium project fosdem17, February 4, 2017 Daniel Borkmann eBPF in tcs cls bpf and XDP February 4, 2017 1 / 11 Big Picture: eBPF and Networking eBPF:

476 views • 11 slides
Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek

Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek

Time Matters Minimizing Garbage Collection Overhead with Minimal Effort Gnther Blaschek Philipp Lengauer 2015-11-05 Configuration Hell OpenJDK 8 681 VM parameters (1300+ including tracing and debugging flags) ~ 10 205 configurations

329 views • 14 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

429 views • 39 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface Removal problem Evaluates an improved global illumination model shadows ideal specular reflections ideal specular refractions

586 views • 19 slides
Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal Rostecki Swaminathan Vasudevan Software Engineer Software Engineer mrostecki@suse.com svasudevan@suse.com mrostecki@opensuse.org Whats

2.06k views • 52 slides
Merging packets with System Events using eBPF Luca Deri <deri@ntop.org>, @lucaderi Samuele

Merging packets with System Events using eBPF Luca Deri <deri@ntop.org>, @lucaderi Samuele

Merging packets with System Events using eBPF Luca Deri <deri@ntop.org>, @lucaderi Samuele Sabella <sabella@ntop.org>, @sabellasamuele Brussels - 2/3 February 2019 About Us Luca: lecturer at the University of Pisa, CS

280 views • 26 slides
Simulation-Based Tracing and Profiling for System Software Development Anselm Busse , Reinhardt

Simulation-Based Tracing and Profiling for System Software Development Anselm Busse , Reinhardt

Simulation-Based Tracing and Profiling for System Software Development Anselm Busse , Reinhardt Karnapke, and Helge Parzyjegla | SYSTOR 2017 | Haifa 2017-05-22 Motivation Tracing and profiling is crucial to system software development State

683 views • 8 slides
CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System

CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System

CS333 Intro to Operating Systems Jonathan Walpole File System Performance File System Performance Memory mapped files - Avoid system call overhead Buffer cache - Avoid disk I/O overhead Careful data placement on disk - Avoid seek

998 views • 61 slides
Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II Overview Last lecture Ray tracing I Basic ray tracing What is possible? Recursive ray tracing algorithm Intersection

873 views • 84 slides
Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows Acceleration Data Structures Antialiasing (getting rid of jaggies) for Ray Tracing Glossy reflection Motion blur Depth of field (focus)

940 views • 10 slides
Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT, PERFORMANCE The Brief. Extended Berkley Packet Filter (eBPF) is a new Linux feature which allows safe and efficient monitoring of kernel functions.

593 views • 27 slides

More recommend