eBPF vs Sidecars by Liz Rice at Isovalent

eBPF vs Sidecars Liz Rice Chief Open Source Officer, Isovalent

👋 Hi, I’m Liz ( she/her ) Chief Open Source Officer at Isovalent Previously chair of CNCF’s Technical Oversight Committee Early career: writing networking code Containers / security / eBPF / cloud native Often found on a bike or playing music

What is a sidecar?

Sidecar model evolution Python app Go app Go app 2 Go library Go library Python library

Sidecar model evolution Pod Pod Pod Python app Go app Go app 2 Go library Go library Python library

Sidecar model evolution Pod Pod Pod Python app Go app Go app 2 Sidecar Go library Sidecar Go library Sidecar Go library

Sidecar containers Share namespaces / cgroups with application container Allow injecting common tooling into every pod Shares lifecycle with application container

Sidecar containers Share namespaces / cgroups with application container Allow injecting common tooling into every pod Shares lifecycle with application container → operational complexity Tooling roll-out requires pod restart Undefined start-up ordering

Sidecars → operational complexity concerns “ can be problematic with certain server-speaks-first protocols” “start-up/shut-down race conditions” “adds a lot of complexity and overhead” “overly complex to operate and scale” “really frustrated with the sidecar models” “complexity that causes issues for developers and ops alike”

Nathan LeClaire @dotpem

eBPF makes the kernel dynamically programmable

U serspace kernel P od P od container container container syscalls

U serspace kernel P od P od container One kernel per host container container syscalls

U serspace kernel One kernel per host syscalls networking access files create containers P od P od container container container

kernel Kernel aware of everything on host networking access files create containers U serspace P od P od container container container

kernel eBPF programs can be aware of everything networking access files create containers No changes to apps or config needed U serspace P od P od container container container

U serspace P od P od app app app kernel sidecar sidecar A sidecar has a view across just one pod

U serspace P od P od app app app kernel sidecar sidecar Sidecar created through YAML my-app.yaml containers: name: my-app ... name: my-app-init ... name: my-sidecar ...

U serspace P od P od app app app kernel eBPF doesn’t require any app changes my-app.yaml containers: name: my-app ... name: my-app-init ...

U serspace P od P od app app app kernel eBPF doesn’t even require any app restarts my-app.yaml containers: name: my-app ... name: my-app-init ...

U serspace P od P od app app app kernel eBPF can see ALL activity on the node my-app.yaml containers: name: my-app ... name: my-app-init ... 👿

Sidecar containers Shares lifecycle with application container → operational complexity Allow injecting common tooling into every pod But needs changes to pod spec YAML for each instrumented app Share namespaces / cgroups with application container

Sidecar containers Shares lifecycle with application container → operational complexity Allow injecting common tooling into every pod But needs changes to pod spec YAML for each instrumented app Share namespaces / cgroups with application container Isolated from other pods …and from other sidecar containers

Sidecars → resource usage concerns “ looking for something with smaller footprint ” “too much overhead” “struggling to operate a low cost cluster due to sidecar overhead” “biggest concerns we have are scalability, performance and raw resource consumption, and the added latency and complexity”

U serspace kernel Reduce resource usage

U serspace kernel U serspace kernel Reduce resource usage maps

Sidecars → latency concerns “biggest concerns we have are scalability, performance and raw resource consumption, and the added latency and complexity” “s idecarless and reducing hops approach would reduce latency ” “ we're not hugely fond of the sidecar model and the extra latency & complexity involved ” “ we've avoided service meshes to date due to resource overhead and latency concerns ”

The network cost of sidecar proxies u serspace kernel p od app network proxy syscalls

The network cost of sidecar proxies u serspace kernel p od app network proxy syscalls socket socket socket tcp/ip tcp/ip tcp/ip networking eth0

userspace kernel The network cost of sidecar proxies

userspace kernel Removing sidecars, retaining proxy features userspace kernel

Can we move proxy features into the kernel? userspace kernel userspace kernel app 1 service mesh library tcp/ip networking tcp/ip networking App 1 App 2 a pp 1 a pp 2 s ervice mesh sidecar s ervice mesh sidecar userspace kernel tcp/ip networking a pp 1 a pp 2 L7 proxy s ervice mesh app 2 service mesh library

High performance eBPF-based visibility

Liz Rice | @lizrice ebpf.io | cilium.io | i sovalent.com Thank you! Let’s connect.

eBPF vs Sidecars by Liz Rice at Isovalent

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

eBPF vs Sidecars by Liz Rice at Isovalent

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

8-top-ai-courses-for-customer-support-representatives-in-2025.pptx

7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx

25-essential-ai-courses-for-user-support-specialists-in-2025.pptx

8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx

Know for Certain

PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx