通过Golang + eBPF实现无侵入应用可观测 张海彬 阿里云 应用可观测技术专家 目 录 eBPF简介 01 eBPF在云原生场景下的应用 02 微服务可观测的挑战 03 Golang + eBPF实现数据采集 04 构建完整的应用可观测系统 05 eBPF简介 第一部分 eBPF简介 01. eBPF简介 eBPF = extended Berkeley Packet eBPF事件驱动 eBPF在云原生场景下的应用 第二部分 网络加速 01.网络加速 From:https://istio.io/latest/zh/blog/2022/merbridge/ eBPF 的可编程能力使其能够内核中完成包的处理和转发，而且可以添加额外扩展能力。 观测和跟踪 将 eBPF 程序附加到跟踪点以及内核和用户应用探针点的能力，使得应用程序和系统本身的 运行时行为具有前所未有的可见性 第三部分 微服务可观测的挑战 应用：微服务架构、多语言、多协议 挑战1：微服务、多语言、多协议环境下，端到端观测 复杂度上升，埋点成本居高不下 Kubernetes 容器 网络、操作系统、硬件 基础设施层复杂度日益增加 如何关联? 挑战3：数据散落，工具多， 缺少上下文，排查效率低下 业务应用 应用框架 容器虚拟化 系统调用 内核 应用性能监控（APM） Kubernetes监控

。cilium在内核 XDP 处实现数据包的转发、负载均衡、过滤 • cgroup_sock_addr 。cilium在 cgroup 中实现对service解析 • sock_ops + sk_msg。记录本地应用之间通信的socket，实现本地数据包的加速转发 加速同节点pod间通信 cilium 使用 eBPF 程序，借助 bpf_redirect() 或 bpf_redirect_peer() 等 redirect 能力，帮 助数据包在主机物 理网卡和pod虚拟 网卡之间快速转发， 能够完全 bypass 内核协议族的处理。 在某测试场景下， 跨节点间的 pod 通 信的 tcp 性能，比 node间应用通信的 tcp 性能还稍高 woker node2 woker node1 pod1 process kernel network stack tc ingress getpeername bind cilium的Host-Reachable 技术，利 用eBPF程序，拦截应用在内核connect 、 sendmsg、 recvmsg 、getpeername 、 bind等系统调用，实现 service 的地址解 析，并且伪装通信目的地址，让上层应用 无感知 DNAT 的发生 效果： • 集群内访问nodePort、LoadBalancer 的service时，能够减少数据包转发跳

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applica�ons to alleviate database load. Memcached is designed to work efficiently for a very large PRODUCTPAGE_URL=${GATEWAY_URL}/productpage $ echo "Open URL: ${PRODUCTPAGE_URL}" Open that URL in your web browser and check that the applica�on has been successfully deployed. It may take several seconds before 1 1 17m reviews-v2 1/1 1 1 68s Check in your web browser that no stars are appearing in the Book Reviews, even a�er refreshing the page several �mes

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large nodePort}') export PRODUCTPAGE_URL=${GATEWAY_URL}/productpage open ${PRODUCTPAGE_URL} Open that URL in your web browser and check that the application has been successfully deployed. It may take several seconds 1 1 17m reviews-v2 1/1 1 1 68s Check in your web browser that no stars are appearing in the Book Reviews, even after refreshing the page several times

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large nodePort}') export PRODUCTPAGE_URL=${GATEWAY_URL}/productpage open ${PRODUCTPAGE_URL} Open that URL in your web browser and check that the application has been successfully deployed. It may take several seconds 1 1 17m reviews-v2 1/1 1 1 68s Check in your web browser that no stars are appearing in the Book Reviews, even after refreshing the page several times

'oc', run 'export KUBECONFIG=/home/twp/okd/cluster-name/auth/kubeconfig' INFO Access the OpenShift web-console here: https://console-openshift- console.apps.cluster-name.ilya-openshift-test-1.cilium.rocks performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large test-lb template: metadata: labels: svc: test-lb spec: containers: - name: web image: nginx imagePullPolicy: IfNotPresent ports: - containerPort: 80

'oc', run 'export KUBECONFIG=/home/twp/okd/cluster-name/auth/kubeconfig' INFO Access the OpenShift web-console here: https://console-openshift- console.apps.cluster-name.ilya-openshift-test-1.cilium.rocks performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large test-lb template: metadata: labels: svc: test-lb spec: containers: - name: web image: nginx imagePullPolicy: IfNotPresent ports: - containerPort: 80

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large service dependencies. To access Hubble UI, you can use the following command to forward the port of the web frontend to your local machine: kubectl port-forward -n kube-system svc/hubble-ui --address 0.0.0 nodePort}') export PRODUCTPAGE_URL=${GATEWAY_URL}/productpage open ${PRODUCTPAGE_URL} Open that URL in your web browser and check that the application has been successfully deployed. It may take several seconds

performance, distributed memory object caching system. It’s simple yet powerful, and used by dynamic web applications to alleviate database load. Memcached is designed to work efficiently for a very large ports: - port: "22" protocol: TCP To apply this policy, run: $ kubectl create -f \ |SCM_WEB|\/examples/policies/host/demo-host- policy.yaml ciliumclusterwidenetworkpolicy.cilium.io/demo-host-policy service dependencies. To access Hubble UI, you can use the following command to forward the port of the web frontend to your local machine: kubectl port-forward -n kube-system svc/hubble-ui 12000:80 Open