Performance analysis superpowers with Linux eBPF

Advanced performance observability and debugging has arrived in Linux 4.x, with enhanced BPF (eBPF). Brendan Gregg offers an overview of Linux's new dynamic and static tracing tools for the analysis of filesystems, storage, CPUs, TCP, and more. Join in to explore a new generation of tools and visualizations.

Advanced performance observability and debugging have arrived in Linux 4.x, thanks to enhancements to Berkeley Packet Filter (eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been looking into using eBPF for new observability tools, monitoring, security uses, and more. Brendan Gregg explores this new technology, which sooner or later will be available to everyone who uses Linux, offering a dive deep on Linux’s new tracing, observability, and debugging capabilities. Whether you’re doing analysis over an SSH session or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance. Brendan also demonstrates the new open source tools that have been developed to make use of kernel- and user-level dynamic tracing (kprobes and uprobes) and kernel- and user-level static tracing (tracepoints). These tools provide new insights for filesystem and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations.