Enhancing security and performance with Extended BPF
BPF adds the first new kernel interface in 50 years
Brendan Gregg, Netflix
Senior Performance Architect
Extended BPF is a new type of software and the first fundamental change to how kernels are used in 50 years. It is already in use by major companies: Netflix has 14 BPF programs running by default on all of its cloud servers, which run Ubuntu Linux. Facebook has 40 BPF programs running. Extended BPF is composed of an in-kernel runtime for executing a virtual BPF instruction set through a safety verifier and with JIT compilation. So far, it is used for software-defined networking, performance tools, security policies and device drivers with more services to come. It is changing how we use and think about systems. This talk explores the past, present and future of BPF, with BPF performance tools as a use case.
About the speaker
Brendan Gregg is an industry expert in computing performance and cloud computing. He is a senior performance architect at Netflix, where he does performance design, evaluation, analysis and tuning. He is the author of BPF Performance Tools (Addison Wesley) and Systems Performance (Prentice Hall) and received the USENIX LISA Award for Outstanding Achievement in System Administration. Brendan has created numerous performance analysis tools, visualizations, and methodologies, including flame graphs.