Session + Live Q&A
Resiliency Superpowers with eBPF
eBPF is a powerful technology that allows us to run custom programs in the kernel. It’s enabling a whole new generation of tools for networking, security and observability. Let’s explore how it can help us build resilient architectures.
This talk - with demos - considers several facets where eBPF can help, from dynamic vulnerability patching, through super-fast load balancing, to multi-cluster networking. You’ll also see how eBPF enables the observability we need to diagnose what’s happening when things go wrong.
Main Takeaways
1 Hear about what eBPF is and how it uses the Linux Kernel.
2 Learn how eBPF deals with networking issues, dynamic vulnerability patching, load balancing, multicluster networking, observability, and others.
Liz, what is the focus of your work these days?
About a year ago, I joined a company called Isovalent. They are specialists in a technology called eBPF, and the company behind a project called Cilium, which uses eBPF for Kubernetes-based networking, security and observability. I'd been really interested in eBPF for a few years now. eBPF needs support within the Linux kernel, and when I first came across it, nobody was using new enough kernels in the wild in real production usage. But that's changed now, and eBPF is available to everyone. Over the last, let's say, couple of years, I've turned my focus more and more towards eBPF, and that's where I'm very much focused now. We can use eBPF to dynamically change the way the Linux kernel behaves and use that for all kinds of observation and securing and even changing the way that things behave. We don't have to make any changes at all to applications. It's all handled within the kernel and that's really revolutionary. So that's what I'm focused on.
It's nice. And then, what is the motivation for your talk?
I'm in the resiliency track, and so we're going to look at some of the resiliency superpowers of eBPF, how we can leverage eBPF to create more resilient networks, to help us with security resiliency and fast load balancing, multiclass networking. There's all sorts of ways that we can apply eBPF to help us build a more resilient deployment, and that's what I'll be speaking about.
How would you describe the persona and the level of the target audience?
I always like to have some demos and there might be a little bit of code. I try to make it accessible to anybody who isn't frightened of seeing a little bit of code or command line. I won't anticipate everyone having any in-depth knowledge at all. You don't even really need to know the difference between user space and kernel, I will explain that to the audience. So I think it will be interesting to anyone who's maybe got a little bit of networking experience, understands what we mean when we say something like load balancing or multicluster. And we'll take it from there.
And what do you want these people to walk away with from your presentation?
I hope they'll leave with even a fraction of the excitement that I have for eBPF, and that would be a success from my point of view.
Speaker
Liz Rice
Chief Open Source Officer @Isovalent
Liz Rice is Chief Open Source Officer with cloud native networking and security specialists Isovalent, creators of the Cilium eBPF-based networking project. She is chair of the CNCF's Technical Oversight Committee, and was Co-Chair of KubeCon...
Read moreDate
Wednesday May 18 / 09:00AM EDT (50 minutes)
Track
Topics
ArchitectureObservabilityCilium/eBPFResilienceResiliencyEnterprise ArchitectureSlides
Slides are not available
Add to Calendar
Add to calendarShare
From the same track
The Scientific Method for Testing System Resilience
Wednesday May 18 / 12:30PM EDT
Do you remember the Scientific Method from elementary school science class? It's time to dust off that knowledge and use it to your advantage to test your IT systems! In this session, you'll be re-introduced to the Scientific Method, and learn how Vanguard's software engineers and IT...
Christina Yakomin
Senior Site Reliability Engineering Specialist @Vanguard_Group
How to Test Your Fault Isolation Boundaries in the Cloud
Wednesday May 18 / 11:20AM EDT
Will my system keep working when a server fails? When a data center goes offline? When a service dependency is unavailable?Availability calculations for redundant components require that those components are independent and autonomous of each other. But modern day systems are complex, exhibiting...
Jason Barto
Principal Solutions Architect @AWS
Resilient Real-Time Data Streaming Across the Edge and Hybrid Cloud
Wednesday May 18 / 10:10AM EDT
Hybrid cloud architectures are the new black for most companies. A cloud-first strategy is evident for many new enterprise architectures, but some use cases require resiliency across edge sites and multiple cloud regions. Data streaming with the Apache Kafka ecosystem is a perfect technology for...
Kai Waehner
Field CTO @Confluentinc