Debugging the BPF Virtual Machine Lorenzo Fontana October 28, 2020 ● Debugging is useful to understand how things work ● Sometimes, eBPF programs can’t even load ● I couldn’t find good resources on this this, so, here I am ● I break lots of eBPF programs ● The BPF Virtual machine is not easy to understand Why ? The BPF subsystem lives in the kernel AND The kernel can be debugged using gdb The

North-South Load Balancing of Kubernetes Services with eBPF/XDP Martynas Pumputis (Isovalent) October 28, 2020 10.0.0.1 10.0.0.2 10.0.0.3 httpd httpd “httpd” service 10.0.0.1:30000 10.0.0.2:30000 ACCEPT -A KUBE-SERVICES -d 10.99.38.155/32 -p tcp -m comment --comment "default/nginx-59: has no endpoints" -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable -A KUBE-SERVICES -d 10.96.61.252/32 icmp-port-unreachable -A KUBE-SERVICES -d 10.104.166.10/32 -p tcp -m comment --comment "default/nginx-67: has no endpoints" -m tcp --dport 80 -j REJECT --reject-with icmp-port-unreachable -A KUBE-SERVICES -d 10.98.85.41/32

is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner. By building on top eBPF powers. Hubble can answer questions such as: Service dependencies & communication map What services are communicating with each other? How frequently? What does the service dependency graph look like

is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner. By building on top eBPF powers. Hubble can answer questions such as: Service dependencies & communication map What services are communicating with each other? How frequently? What does the service dependency graph look like

is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner. By building on top eBPF powers. Hubble can answer questions such as: Service dependencies & communication map What services are communicating with each other? How frequently? What does the service dependency graph look like

is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation built on top of Cilium and BPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure in a completely transparent manner. By building on top BPF powers. Hubble can answer questions such as: Service dependencies & communication map What services are communicating with each other? How frequently? What does the service dependency graph look like

is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation often referred to as microservices, wherein a large application is split into small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applications application traffic for security purposes as the port is utilized for a wide range of messages across services. An additional challenge is the ability to provide accurate visibility as traditional systems are

is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At the foundation often referred to as microservices, wherein a large application is split into small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applications application traffic for security purposes as the port is utilized for a wide range of messages across services. An additional challenge is the ability to provide accurate visibility as traditional systems are

Cilium is open source so�ware for transparently securing the network connec�vity between applica�on services deployed using Linux container management pla�orms like Docker and Kubernetes. At the founda�on architecture o�en referred to as microservices, wherein a large applica�on is split into small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applica�ons applica�on traffic for security purposes as the port is u�lized for a wide range of messages across services. An addi�onal challenge is the ability to provide accurate visibility as tradi�onal systems are

October 28, 2020 About MasMovil group ● 4th telecom company in Spain ● Provides voice and broadband services to +12M customers ● Several brands in the group (7 main brands but there are more than 800) Pods +10k Services +3k CPU +2k Mem +5TB Nodes +300 kube-proxy replacement NetworkPolicy logging Multi-cluster DNS Aware NetworkPolicy Increased Istio security External Services TLS visibility