« BackKyanos: eBPF-based network issue analysis toolgithub.comSubmitted by lijunhao 16 hours ago
  • burnt-resistor 8 hours ago

    Speaking of network debugging tools, I really miss the network connectivity troubleshooting tool (and supporting network configuration database service) at Meta that has panopticon-like awareness of all networks, network rules, host firewall rules, and user/service user privileges. It ran with syntax paraphrased like the following:

        {{whatever_it_was_called}} {{src_ip_or_host[:src_port]}} {{dest_ip_or_host_or_network}}:{{dest_port}} [service_or_user_privileged_membership_group]
    It walks every hop and identifies any misconfiguration.

    Sadly, sysadmin and netadmin tools, responsibilities, and skills are withering trades that have been subsumed or ignored in the modern SWE/SRE enterprise almost as afterthoughts.

    • bigcat12345678 5 hours ago

      The author of this repo here, AMA

      • sva_ 7 hours ago

        Seems like it currently only supports protocols http, mysql, redis?

        Also, when you let it run through some wireguard vpn, the information is a lot more limited.

        • jnck 10 hours ago

          Great. Now we could gain detailed insights into how our system is behaving in real time, which is invaluable for troubleshooting and optimizing performance. For those who just heard eBPF, there is the fun-damental source about it [0].

          Links: [0]: https://ebpf.io/books/buzzing-across-space-illustrated-child...

          • burnt-resistor 8 hours ago

            Nice nice!

            Btw, I'm wondering if OFED and/or DPDK are also still used, and if they're still used for fast packet pushing.

            • baruch 21 minutes ago

              My day job is working on a product that uses DPDK for a super high performance file system.

              • jpgvm 6 hours ago

                By OFED I assume you are meaning RDMA and yes, it's used extensively. Not just in HPC but anywhere you are doing high performance collective communication. Frameworks like MPI, UPC/UPC++, NCCL, UCX etc are all underpinned by RDMA. Most of the AI distributed training frameworks are MPI based for example.

                OFED is less of a thing now because most of the work has gone upstream, both into the kernel and into the rdma-core userland.

                Also worth mentioning that MLNX_OFED (sometimes called MOFED) is now being transitioned into DOCA-Host. This is mostly because of that aforementioned upstreaming and the move towards more SmartNIC stuff (ala Bluefield) being the focus as core RDMA support is mostly provided by upstream.

                • _zoltan_ 8 hours ago

                  Can't use RDMA without MOFED properly on Nvidia cards.

                  • gotbeans 8 hours ago

                    I think there must be still some corp frameworks that do use it extensively, but it's just not heard all that much about.

                    Some examples, (Broadcom) Vmware NSX-T gateways, Alivaba used to use it, and a lot of extreme HFT use it too, mostly to reduce latency and manipulate tcp.

                  • Vampiero 6 hours ago

                    Why would anyone want to read about eBPF in such a format?

                    • akutlay 8 hours ago

                      Great book!

                    • faded242 2 hours ago

                      So.. like trafshow.

                      • butterNaN 9 hours ago

                        Really cool, I remember a specific incident six odd years ago where I had to wade through tcpdump files to investigate an issue, and wished I could create something like this. I suppose you get more control over data if you're doing it the "hard" way (e.g I don't see an option to use `median`s in here) but I am guessing you likely dont need it in 90% of the cases