Using eBPF to Enhance Observability in a Service Mesh

Service meshes represent a huge leap forward observability, offering visibility into every service to service connection connection. This talk will propose a way of enhancing Envoy with kernel data gathered through eBPF to quickly distinguish application and infrastructure level problems.

Istio and Envoy represent a huge leap forward in gathering observability data for microservice-based applications. It’s now possible to gain visibility into every service to service connection connection with minimal effort. This is a huge leap forward – but where can we do better? We can further enhance our service mesh to help us quickly discern between application and infrastructure failures.

eBPF has proven to be an incredibly powerful tool in exposing observability data from within the Linux kernel. Far from being an alternative to Envoy, it represents a complementary technology that can improve observability. In particular, it can be used to gather things like packet drops or round trip times, measured directly by the kernel, with incredibly low overhead. In this talk, we will talk about how this data can be correlated with existing Envoy metrics to determine if problems exist within their application stack or in the underlying network or infrastructure.

Jonathan is the founder and CEO of Flowmill and has been and eBPF developer for a number of years. He has given related talks at events such as Kubecon in the past as well and is active in the observability community.