Get deeper insights into your system with eBPF
Peak Performance
One of the best uses for the eBPF tools is to help you tune your system for maximum performance by identifying and removing bottlenecks at various levels. You can begin by using the runqlat tool to chart how long threads spend waiting in the CPU run queues. It prints a summary of the scheduler run queue latency in the form of a histogram, as shown in Figure 4.
Then there's the biolatency tool, which comes in handy to visualize the latency of block device I/O. The biolatency tool keeps track of the elapsed time from when a device is called to its completion. Like runqlat, this tool will also print a histogram once it ends, either manually or after a specified duration. A typical invocation will look like:
sudo biolatency-bpfcc -D 6 2
The -D
option instructs biolatency to print separate information for each block device. The first numeric value is the time interval for printing each summary, whereas the second numeric value informs biolatency of the total number of times it should collect information, after which point biolatency will automatically exit. Therefore, the previous command instructs biolatency to print the first histogram after 6 seconds of invoking the tool and another after another 6 seconds.
In addition to devices, there are also several tools for tracing filesystems. There's ext4slower for EXT4 filesystems, xfsslower for XFS, btrfsslower for BTRFS, nfsslower for NFS and zfsslower for ZFS file system. These tools will time the common filesystem operations and print a list of those that exceed a defined threshold. By default the threshold is set at 10ms, but you can customize it by specifying one manually (Listing 5).
Listing 5
Specifying a Threshold
The command in Listing 5 will display all filesystem operations that are slower than 100 ms. It measures the time it takes from when an operation is called from the virtual filesystem to its completion and flags it if it exceeds the specified threshold. This tool is ideal for picking up performance issues caused by slow disk I/O at the filesystem level. It is a lot better than statistics plotted by popular performance monitoring tools, since they depict the performance of the disk, when in fact the bottleneck can also be due to the inability of the filesystem to respond to the requests flooding in.
We've only touched upon some of the eBPF tools that are at your disposal to trace and inspect various areas of your installation. Remember, however, that just because you have the performance measurement tools, it doesn't mean that you'll be able to streamline the performance of your box. Interpreting the results of the trace requires a fair bit of understanding of how Linux works and its internals. So make sure you invest some time reading up about the internals of the Linux kernel before you begin to utilize these tools to chip away milliseconds and optimize your installation.
Also know that eBPF has a greater mandate than just tracing. Thanks to its architecture, it can also play a role in system security. It can be used to monitor and detect intrusions and may even become the de-facto means for enforcing firewalls in Linux.
Infos
- eBPF in the Linux Kernel: http://www.brendangregg.com/ebpf.html
- "The BSD Packet Filter: A New Architecture for User-level Packet Capture" by Steven McCanne and Van Jacobson: http://www.tcpdump.org/papers/bpf-usenix93.pdf
- bcc Project: https://github.com/iovisor/bcc
- bcc Installation: https://github.com/iovisor/bcc/blob/master/INSTALL.md
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.