Hacker News new | ask | show | jobs
by polskibus 2009 days ago
What are the benefits of using eBPF besides a promise of observability "for free"?

Can eBPF be used for observability using platforms like Java or .net core, or does their platform VMs obfuscate too much and monitoring them using eBPF is not feasible?

How does eBPF work wrt OpenTelemetry etc.? Should OpenTelemetry be seen as standardized interfaces to which eBPF reports data?
2 comments
nvarsj 2009 days ago
eBPF helps with kernel observability - an area that has been sorely lacking in the past. For the JVM or .NET, they give you virtually no insight at all into system calls - so eBPF is complementary to VM profilers, not a replacement. If you ever used Shark on OS X you will get a sense of how cool this is - this was a profiler for the OS X JVM which profiled the system calls as well and combined it all into a single trace tree. Maybe one day we'll get similar profilers on Linux for these systems - with eBPF it should be fairly straightforward.

OpenTelemetry is just a reference API. You could export metrics using eBPF as well. I'm pretty sure Sysdig does this for example.

link
WatchDog 2008 days ago
See Brendan Gregg's excellent work in this space

http://www.brendangregg.com/blog/2014-06-12/java-flame-graph...

link
javierhonduco 2005 days ago
It’s definitely possible in some VMs. I’ve been working in a Ruby profiler that collects the stacks from a BPF program [1]. There are some BPF safety mechanisms that require some creativity to overcome such as max instructions, not being Turing complete, etc.

[1]: https://github.com/facebookexperimental/rbperf

link