This is a 90-minute workshop created by Brendan Gregg, and uses some exercises from the book BPF Performance Tools: Linux System and Application Observability. BPF enables a new class of custom, efficient, and production safe performance analysis tools. Historically BPF stood for Berkeley Packet Filter, but since it has become a general purpose execution environment it is now a technology name and no longer an acronym. BPF is part of the Linux kernel.
This workshop is composed of slides, exercises, discussion, and demos. This repository contains two of those four parts: the slides and exercises, the other two are only available in class.
- USENIX LISA2019 Slides (PDF)
You can either:
- SSH to a lab instance (see bit of paper), or,
- Setup your own system with BCC & bpftrace. Sample instructions below.
If you choose to setup your own system, here is a script for Ubuntu:
sudo apt-get update
sudo apt-get install sysstat bpfcc-tools bpftrace gcc
git clone https://github.com/brendangregg/bpf-perf-tools-book
cd bpf-perf-workshop/src
make && cd ..
Just for reference, you can fetch these repos:
git clone https://github.com/iovisor/bcc
git clone https://github.com/iovisor/bpftrace
Testing the opensnoop(8) tool from both BCC and bpftrace (Ubuntu package naming scheme: BCC tools end in -bpfcc, and bpftrace .bt):
$ sudo bash # opensnoop-bpfcc [...] # opensnoop.bt [...]
Those should produce output and not error. Ctrl-C to end each.
You may wish to open these in tabs. For labs 1-3 (BCC):
For labs 4-5 (bpftrace):
- lab1: Investigate latency
- lab2: Investigate SSH login performance
- lab3: Analyze a CPU issue
- lab4: Develop new bpftrace tools
- lab5: Advanced bpftrace tools (optional)
Copyright Brendan Gregg, 2019. All rights reserved.