»Root Cause Analysis with eBPF & Python«
2019-06-03, 12:15–12:40, Hall 3

The new eBPF technology in the Linux kernel allows us to perform production-safe analytics in real time with minimal impact on the running system. We show how a developer can monitor and detect performance issues on a live production system, explain

With the introduction of eBPF, a safe and fast mini-VM into the Linux kernel, writing a kernel module in C is no longer a requirement for doing many of the things we often want to do in kernel mode, such as gathering and analyzing performance metrics.

In this session we present the eBPF technology and how it can be used with the BPF Compiler Collection (BCC) Python library. Furthermore, we will talk about kernel and user level tracepoints which can be uses to meticulously monitor an application in a safe manner.

We also give a glimpse at some exciting and innovative usages of the eBPF technology. The session will end with an overview of the key advantages and disadvantages of this technology.