About a year ago, when I was exploring the performance tuning best practices on the internet, I found an eBPF presentation - from Brendan Gregg. This was the first time that I'd heard about this new technology.
Then I started learning eBPF and tried to adopt it at work. We've improved our observability at the host level by only using a small piece of eBPF code. Although I've spent many extra hours learning and exploring it, I think eBPF is still new to me. The most difficult part is to choose the proper framework for developing eBPF code and loading code to the kernel. I have tried BPF Compiler Collection(BCC), libbpf, gobpf, goebpf, etc., and they all have pros and cons. Give them a try by yourself :) Also, If you want to learn eBPF, I found xdp-tutorial is the best resource. I've created a small eBPF based project to capture XDP packets and assemble them into a human-readable payload.
Recently, I am exploring a popular open-source project called Cilium which uses eBPF as the core technology. I decided to look at the code and see how eBPF solves real-world problems at scale. The first thing I was looking for is how it loads eBPF code and I found a new Go library - eBPF that provides utilities for loading, compiling, and debugging eBPF programs. Then things become interesting since I use Go primarily. I started with setting it up locally and ran the example code it provides. Surprisingly, it's pretty light and straightforward. I saw it didn't have an example of attaching eBPF code to cgroup, so I decided to add an example to it. It would be a good learning process for me as well. After several days of learning and exploration, I implemented cgroup egress packet counter and contributed my first pull request to this repo.
The journey has just begun. I think eBPF is going to be a game-changer technology. Let's see what will happen after 10 years...
Then I started learning eBPF and tried to adopt it at work. We've improved our observability at the host level by only using a small piece of eBPF code. Although I've spent many extra hours learning and exploring it, I think eBPF is still new to me. The most difficult part is to choose the proper framework for developing eBPF code and loading code to the kernel. I have tried BPF Compiler Collection(BCC), libbpf, gobpf, goebpf, etc., and they all have pros and cons. Give them a try by yourself :) Also, If you want to learn eBPF, I found xdp-tutorial is the best resource. I've created a small eBPF based project to capture XDP packets and assemble them into a human-readable payload.
Recently, I am exploring a popular open-source project called Cilium which uses eBPF as the core technology. I decided to look at the code and see how eBPF solves real-world problems at scale. The first thing I was looking for is how it loads eBPF code and I found a new Go library - eBPF that provides utilities for loading, compiling, and debugging eBPF programs. Then things become interesting since I use Go primarily. I started with setting it up locally and ran the example code it provides. Surprisingly, it's pretty light and straightforward. I saw it didn't have an example of attaching eBPF code to cgroup, so I decided to add an example to it. It would be a good learning process for me as well. After several days of learning and exploration, I implemented cgroup egress packet counter and contributed my first pull request to this repo.
The journey has just begun. I think eBPF is going to be a game-changer technology. Let's see what will happen after 10 years...