Advanced Topics and Go Integration
Observability
eBPF observability - production debugging and monitoring.
Observability
Course: Discover eBPF
eBPF observability with Pixie, Kubescape, Tetragon. Not required for XDP development but useful for debugging in production.
Tools
| Tool | Usage |
|---|---|
| Pixie | Kubernetes cluster observability (automatic telemetry) |
| Tetragon | Security observability (process lifecycle, network, file) |
| Kubescape | Kubernetes security scanning + eBPF runtime |
| bpftop | Real-time eBPF program monitoring |
Reading: Cilium Performance Tuning - eBPF program optimization examples.
Resources and Further Reading
Source: Cilium BPF Resources
Projects
- BCC: Python-based BPF tracing toolkit
- bpftrace: DTrace-like high-level tracing language
- libbpf: BPF loader library in the kernel
- cilium/ebpf: Pure BPF library for Go (bpf2go)
- Cilium: Container networking + security
- Katran: Facebook L4 load balancer (XDP)
- Suricata: Network IDS/IPS (uses BPF/XDP)
Talks & Videos
- Facebook SHIV/Droplet (netdev 2.1) - XDP DDoS mitigation
- Cloudflare XDP (netdev 2.1) - Production XDP
- DockerCon 2017 Cilium - BPF + XDP intro
- eBPF & Cilium Office Hours - YouTube series
Book
- BPF Performance Tools (Brendan Gregg, 2019) - Tracing-focused but covers BPF internals well
Kernel FAQ
- BPF Devel FAQ: Patch submission, kernel tree workflow
- BPF Design FAQ: Instruction set, verifier, JIT design decisions
Blog Posts
- Brendan Gregg’s BPF articles: brendangregg.com
- Cloudflare BPF articles: blog.cloudflare.com
- Cilium blog: cilium.io/blog
When to read: When you want to go deeper on a specific topic or see production examples.
Distributed Resources Reference
These resources are referenced in their respective sections:
| Resource | Section |
|---|---|
| iximiuz Networking Fundamentals | Byte Order + Network Tracing |
| XDP Paper | DNS Parsing (preparation for XDP) |
| Cilium BPF Architecture | Deep Dive |
| Facebook BPF Firewall | IP Blocklist |
| Unimog Blog | Load Balancing |
| Cilium Network Concepts | Program Types |
| Cilium Performance Tuning | Advanced Topics |
| XFRM from Cilium | Deep Dive (BPF Architecture) |