Software Engineering Radio - the podcast for professional software developers Episode 445: Thomas Graf on eBPF (extended Berkeley Packet Filter)
Feb 2, 2021
Thomas Graf, Co-Founder of Cilium and CTO of Isovalent, dives deep into the world of eBPF and XDP. He discusses how these technologies revolutionize networking, observability, and security by enabling efficient packet processing and real-time monitoring. Thomas contrasts traditional and modern kernel development practices while exploring the role of eBPF in microservices and Kubernetes. He emphasizes its benefits over conventional methods, such as improved system reliability and performance, along with how major tech companies are investing in this evolving field.
AI Snips
Chapters
Transcript
Episode notes
Writing and Loading eBPF Programs
- Write eBPF programs primarily in restricted subset of C using LLVM or GCC for compilation.
- Use existing loaders like libbpf or TC to load, verify, and attach programs to kernel hook points.
eBPF Verifier Protects Kernel
- The eBPF verifier ensures programs are safe by checking code size, completeness, and absence of infinite loops.
- This guarantees eBPF programs can't crash or stall the kernel, unlike kernel modules.
eBPF Enables Live Troubleshooting
- eBPF allows live application performance troubleshooting without modifying or restarting applications.
- The kernel’s ability to observe system-wide activity provides powerful, transparent monitoring in production.