Linux Technology for the New Year: eBPF

717

eBPF is “Linux’s newest superpower,” said SAP Labs’ developer Gaurav Gupta, during a talk that he gave about using the technology for low-overhead tracing at KubeCon in Copenhagen earlier this year.

A virtual machine for the Linux kernel, eBPF could set the stage for advanced, low-overhead tracing inside the kernel itself, offering insight into I/O and file system latency, CPU usage by process, stack tracing and other metrics useful for debugging. It could also play a role in system security, potentially offering a way to thwart DDOS attacks, to monitor for intrusion detection, and even replace IPtables. It also offers a cleaner alternative to installing drivers.

“In the future, you will see a lot more eBPF programs instead of kernel modules,” said Netflix Kernel and Performance Engineer Brendan Gregg, at the All Things Open conference held in Raleigh, North Carolina in October.

Read more at The New Stack