Advanced performance observability and debugging have arrived in Linux 4.x, thanks to enhancements to Berkeley Packet Filter (eBPF) and the repurposing of its sandboxed virtual machine to provide programmatic capabilities to system tracing. Netflix has been looking into using eBPF for new observability tools, monitoring, security uses, and more. Brendan Gregg explores this new technology, which sooner or later will be available to everyone who uses Linux, offering a dive deep on Linux’s new tracing, observability, and debugging capabilities. Whether you’re doing analysis over an SSH session or via a monitoring GUI, BPF can be used to provide an efficient, custom, and deep level of detail into system and application performance.
Brendan also demonstrates the new open source tools that have been developed to make use of kernel- and user-level dynamic tracing (kprobes and uprobes) and kernel- and user-level static tracing (tracepoints). These tools provide new insights for filesystem and storage performance, CPU scheduler performance, TCP performance, and a whole lot more. This is a major turning point for Linux systems engineering, as custom advanced performance instrumentation can be used safely in production environments, powering a new generation of tools and visualizations.
Brendan Gregg is a senior performance architect at Netflix, where he does large-scale computer performance design, evaluation, analysis, and tuning. Previously, Brendan worked as a performance and kernel engineer. He has created performance analysis tools included in multiple operating systems, as well as visualizations and methodologies. Brendan is the author of Systems Performance. He received the USENIX LISA Award for outstanding achievement in system administration.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org