![]() ![]() what do you think? That’s terrific to have them at one place to get reports, find out issues, optimize our network, automation and so on. the metrics including round trip time, retransmit, bytes TX/RX and many TCP fields per each TCP connection when initiated or terminated from or to your hosts with extra information about Geo/ASN information. it can send the metrics out of the box to prevent performance impact or ingestion issues. you don’t need to have eBPF knowledge, instead you need to configure a simple yaml file. What is TCPDog? it does the whole of the pipeline that you need to observe TCP metrics. ![]() ![]() I highly recommend visiting Brendan Gregg’s Blog. I didn’t say any details as you can Google it and find many articles about eBPF and performance. Once you have data at user space you need to decode them and ingest for further actions like anomaly detection. Now how it can help us to get the TCP metrics? briefly, in this case we can run restricted C language source code at Linux kernel through eBPF and attach it to one of TCP tracepoints depending on what we need, now we can reach to the TCP sockets and transfer the metrics from kernel space to user space through a ring buffer. What’s eBPF? eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules (ebpf.io). I believe these tracepoints are the most efficient way to get the TCP metrics from the kernel. the eBPF TCP tracepoints which they added to Linux 4.15 in 2018 and later. Let’s talk about something that is much different than other work arounds in the past decade and you can have it in production with TCPDog. How about a solution to collect TCP metrics efficiently from all of your servers frequently and ingest them to a database for analysis, reports, alerts and etc? In this case you can have anomaly detection / alerting and be more proactive to fix the problems. maybe you want to write a bunch of scripts and automate them but it impacts the performance on busy hosts. If you are involved in network performance problems which impact your TCP applications, usually you can identify the root causes by different Linux command line tools on the host but it takes time and is not scalable. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |