What do you think?
Rate this book
BPF Performance Tools
Use BPF Tools to Optimize Performance, Fix Problems, and See Inside Running Systems
BPF-based performance tools give you unprecedented visibility into systems and applications, so you can optimize performance, troubleshoot code, strengthen security, and reduce costs. BPF Performance Tools: Linux System and Application Observability is the definitive guide to using these tools for observability.
Pioneering BPF expert Brendan Gregg presents more than 150 ready-to-run analysis and debugging tools, expert guidance on applying them, and step-by-step tutorials on developing your own. You'll learn how to analyze CPUs, memory, disks, file systems, networking, languages, applications, containers, hypervisors, security, and the kernel. Gregg guides you from basic to advanced tools, helping you generate deeper, more useful technical insights for improving virtually any Linux system or application.
- Learn essential tracing concepts and both core BPF front-ends: BCC and bpftrace
- Master 150+ powerful BPF tools, including dozens created just for this book, and available for download
- Discover practical strategies, tips, and tricks for more effective analysis
- Analyze compiled, JIT-compiled, and interpreted code in multiple languages: C, Java, bash shell, and more
- Generate metrics, stack traces, and custom latency histograms
- Use complementary tools when they offer quick, easy wins
- Explore advanced tools built on BPF: PCP and Grafana for remote monitoring, eBPF Exporter, and kubectl-trace for tracing Kubernetes
- Foreword by Alexei Starovoitov, creator of the new BPF
BPF Performance Tools will be an indispensable resource for all administrators, developers, support staff, and other IT professionals working with any recent Linux distribution in any enterprise or cloud environment.
BPF-based performance tools give you unprecedented visibility into systems and applications, so you can optimize performance, troubleshoot code, strengthen security, and reduce costs. BPF Performance Tools: Linux System and Application Observability is the definitive guide to using these tools for observability.
Pioneering BPF expert Brendan Gregg presents more than 150 ready-to-run analysis and debugging tools, expert guidance on applying them, and step-by-step tutorials on developing your own. You'll learn how to analyze CPUs, memory, disks, file systems, networking, languages, applications, containers, hypervisors, security, and the kernel. Gregg guides you from basic to advanced tools, helping you generate deeper, more useful technical insights for improving virtually any Linux system or application.
- Learn essential tracing concepts and both core BPF front-ends: BCC and bpftrace
- Master 150+ powerful BPF tools, including dozens created just for this book, and available for download
- Discover practical strategies, tips, and tricks for more effective analysis
- Analyze compiled, JIT-compiled, and interpreted code in multiple languages: C, Java, bash shell, and more
- Generate metrics, stack traces, and custom latency histograms
- Use complementary tools when they offer quick, easy wins
- Explore advanced tools built on BPF: PCP and Grafana for remote monitoring, eBPF Exporter, and kubectl-trace for tracing Kubernetes
- Foreword by Alexei Starovoitov, creator of the new BPF
BPF Performance Tools will be an indispensable resource for all administrators, developers, support staff, and other IT professionals working with any recent Linux distribution in any enterprise or cloud environment.
880 pages, Paperback
Published December 23, 2019
114 people are currently reading
403 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 10 of 10 reviews
March 7, 2020
Gregg's previous book, Systems Performance, manages to both be an excellent book on operating systems and observability tooling. If he wrote Systems Performance today, it'd use BPF-tools instead, which frankly would make it _the_ book. For now, you'll have to read both -- and read Systems Performance first.
I see this book as an amendment to Systems Performance with "hey, we have BPF now, it's mega-powerful, and you should use that instead of system tap / whatever." It explains what BPF is: Finally we have a way to run user-code in the mainline kernel, which can aggregate whatever metrics we like with minimal overhead.
He explains the different types of probes, how BCC and bpftrace add value on top of BPF, and techniques for efficiently using it. I think the level of detail here was great. The rest of the book is essentially a reference book with each tool, and a short description of how it works. I'm not sure how valuable I find this, given that the tools are all open-source and that anything but the title doesn't seem worth remembering. I skimmed through most of this, and don't see myself referencing it again, since all that's more readily available with Google.
Again, as was my pet-peeve with Systems Performance, nothing about historical tooling. I can't not give four stars though. Hard to see who else could write this book. It's a joy to read something by someone who's such an expert in his field. The exercises are fantastic, and doing a few of them was the most value I derived from it.
I see this book as an amendment to Systems Performance with "hey, we have BPF now, it's mega-powerful, and you should use that instead of system tap / whatever." It explains what BPF is: Finally we have a way to run user-code in the mainline kernel, which can aggregate whatever metrics we like with minimal overhead.
He explains the different types of probes, how BCC and bpftrace add value on top of BPF, and techniques for efficiently using it. I think the level of detail here was great. The rest of the book is essentially a reference book with each tool, and a short description of how it works. I'm not sure how valuable I find this, given that the tools are all open-source and that anything but the title doesn't seem worth remembering. I skimmed through most of this, and don't see myself referencing it again, since all that's more readily available with Google.
Again, as was my pet-peeve with Systems Performance, nothing about historical tooling. I can't not give four stars though. Hard to see who else could write this book. It's a joy to read something by someone who's such an expert in his field. The exercises are fantastic, and doing a few of them was the most value I derived from it.
October 3, 2020
Very good, but I wish he could have avoided repeated use of the word 'technology' (that is in an American accent, tek-NAAAH-l-AAH-gee. Thats probably the consequence of spending too much time in meetings with clueless and totally useless middle management.
Otherwise technically spot on.
Otherwise technically spot on.
November 8, 2019
Gregg put his career of performance analysis into this book. While there is a focus on web/cloud workloads, any IT professional will get something out of it.
January 5, 2022
Linux performance analysis made easier.
eBPF is gaining more and more attention for good reasons. eBPF turns Linux into a "programmable" kernel, improving its observability, networking, and security.
If you work closely with Linux systems, learning about eBPF is indispensable, and BPF Performance Tools is the best resource. This book is written by Brendan Gregg, one of the main contributors on this subject, and author of the excellent Systems Performance.
The first part is an introduction to eBFP to understand its history and how it works under the hood. The second part is by far the largest one. It contains one or several chapters for every topic—CPUs, memory, filesystems, disk I/Os, networking, security, languages, applications, containers, and hypervisors. Each chapter starts with a gentle introduction, before introducing the traditional Linux commands and the BPF tools that complement them.
As a software developer, I found the book easy to follow, even without a solid background in Linux programming. The explanations are concise, clear, and remarkably illustrated. The commands used in examples are well-chosen and the comments really help to understand their output.
This book was invaluable during my last performance issues. Running commands to debug issues is easy. Knowing which command to run and understanding which statistics to read is far more challenging. This book will help you too.
eBPF is gaining more and more attention for good reasons. eBPF turns Linux into a "programmable" kernel, improving its observability, networking, and security.
If you work closely with Linux systems, learning about eBPF is indispensable, and BPF Performance Tools is the best resource. This book is written by Brendan Gregg, one of the main contributors on this subject, and author of the excellent Systems Performance.
The first part is an introduction to eBFP to understand its history and how it works under the hood. The second part is by far the largest one. It contains one or several chapters for every topic—CPUs, memory, filesystems, disk I/Os, networking, security, languages, applications, containers, and hypervisors. Each chapter starts with a gentle introduction, before introducing the traditional Linux commands and the BPF tools that complement them.
As a software developer, I found the book easy to follow, even without a solid background in Linux programming. The explanations are concise, clear, and remarkably illustrated. The commands used in examples are well-chosen and the comments really help to understand their output.
This book was invaluable during my last performance issues. Running commands to debug issues is easy. Knowing which command to run and understanding which statistics to read is far more challenging. This book will help you too.
August 13, 2020
The new BPF (or commercially known as eBPF) is the Functions-as-a-Service (FaaS) module of the Linux kernel. BPF now makes virtually any language programmer as a Linux kernel developer. The BPF community had done an excellent work in pushing this to upstream. The opportunities are now plenty. Brendan has just scratched the surface in this book showing the prowess of BPF in the performance world. Brendan has contributed so much tools just for this book, BPF Trace and BCC.
This book is cleanly organized showing Linux internals, traditional Linux performance tools and BPF tools. Brendan shows numerous examples of the command results and explaining the important part of the output that one may need to pay attention to.
BPF is a relatively new area in Linux world and there's no one book that can cover everything that BPF has to offer.
This book is a great start from performance aspect and I'm pretty sure there's lot to come.
This book is cleanly organized showing Linux internals, traditional Linux performance tools and BPF tools. Brendan shows numerous examples of the command results and explaining the important part of the output that one may need to pay attention to.
BPF is a relatively new area in Linux world and there's no one book that can cover everything that BPF has to offer.
This book is a great start from performance aspect and I'm pretty sure there's lot to come.
June 18, 2020
Exactly what I was looking for in a BPF book. If you're new to tracing this book is very beginner friendly in that regard, but does expect some background in understanding how operating systems work. The book primarily focuses on the tracing use cases of BPF, as opposed to the packet filtering or security use cases. It is a very large book, but most of it is intended primarily as a reference. The first 150 or so pages provide background and the rest of the book is intended to be read as-needed, e.g. when debugging a memory leak. The last couple chapters give some helpful tips and tricks and helped me debug an issue when I was tracing some Rust code. Very beg
June 12, 2024
one of the most important books published about unix in the last twenty years; perhaps the most important. thorough and authoritative. lots of good examples, provocative ones which will leave you well-equipped to reshape Gregg's techniques for your own work. the only downside is that eBPF and the surrounding ecosystem is still moving pretty quickly, and has changed a good bit even in just the four years since this was published (2019).
July 2, 2020
A great introduction to BPF, though the book assumes some familiarity with the Linux kernel.
Deducting one star because of the numerous typos and spelling mistakes in the book, which are distracting.
Deducting one star because of the numerous typos and spelling mistakes in the book, which are distracting.
January 27, 2021
This is really a manual of how eBPF works. I would say that is dense enough to read the entire book in a row. Whenever I need some specific use case around eBPF, I check sections of this book.
August 2, 2025
Excellent lookup manual or quick reference, very detailed
Displaying 1 - 10 of 10 reviews