Observability is always critical for enterprises to ensure systems run as expected. Having the right tools in place allows companies to quickly detect and address issues. This helps maintain system stability and ensure operations run smoothly. Observability has grown a lot on its path from traditional monitoring to various areas and tools. This is to cover more KPIs and make business applications stable.
Where initial monitoring was more about analyzing logs and watching metrics it evolved into tracing and OpenTelemetry to watch business transactions more closely. All this time collecting data and instrumenting agents to application servers had been a pain since it was different from machine to machine and language to language. This is where eBPF came into play, making observability data collection easier.
eBPF is an extended version of BPF developed for executing small functions as a sandbox program in the kernel. This technology can interfere with a process at the kernel level and alter or collect data from it. eBPF is used for different use-cases like
- Networking
- Tracing and profiling
- Observability
- Security
Here we want to discuss eBPF's impact on Observability.
As we mentioned previously, gathering observability data from the source is always challenging. The main role of the eBPF is to collect data from the kernel, i.e. from the source. This makes the agent machine, programming language, or environment agnostic. eBPF-based observability agents will be able to collect network traffic, profiling, performance metrics, and hardware metrics from kernel so you don't need a different APM agent for Java, GOlang, python, or app running in a docker, VM, or Linux host.
Following are some popular tools using eBPF's observability capability
Cilium Hubble
Hubble is an open-source tool built on Cilium and eBPF so that deep visibility is possible into the communications and behavior of services and networking infrastructure. Using Hubble you can have a service dependency graph, error rate, request count and request latency, etc.
Pixie
As well as being an open-source project, Pixie also comes with a built-in interface for monitoring your Kubernetes cluster and applications. Pixie can show your cluster and resources' health, application traffic, error rates, and more. Pixie provides a set of commands embedded in the UI that can be used to do extensive analysis. For example, trace TCP traffic to a specific pod or deployment, analyze traffic between two pods, etc. Pixie is now available inside the new-relic platform, so if you are an existing new-relic customer, Pixie will be an extra benefit for you
Coroot
Coroot is an open-source tool where metrics, logs, traces, and profiles are gathered automatically using eBPF. Coroot's predefined inspections audit each application without configuration and provide a service map and track SLOs.
There are more tools and use cases being built based on eBPF and eBPF is extending its support to Windows platforms as well. We will continue this series with a deep dive into eBPF use cases and programming. The next part will be the comparison between eBPF and Opentlimetry and how they compete and complement each other
