如何准确归因于 eBPF 流日志的 Netflix

By Cheng Xie, Bryan Shultz, and Christine Xu

In a previous blog post, we described how Netflix uses eBPF to capture TCP flow logs at scale for enhanced cloud network insights. In this post, we delve deeper into how Netflix solved a core problem: accurately attributing flow IP addresses to workload identities.

在之前的一篇博客文章中，我们描述了Netflix如何使用eBPF大规模捕获TCP流日志以增强云网络洞察。在这篇文章中，我们深入探讨了Netflix如何解决一个核心问题：准确地将流IP地址归因于工作负载身份。

A Brief Recap

简要回顾

FlowExporter is a sidecar that runs alongside all Netflix workloads in the AWS Cloud. It uses eBPF and TCP tracepoints to monitor TCP socket state changes. When a TCP socket closes, FlowExporter generates a flow log record that includes the IP addresses, ports, timestamps, and additional socket statistics. On average, 5 million records are produced per second.

FlowExporter是一个与所有Netflix工作负载在AWS云中并行运行的边车。它使用eBPF和TCP跟踪点来监控TCP套接字状态变化。当TCP套接字关闭时，FlowExporter生成一个流日志记录，其中包括IP地址、端口、时间戳和其他套接字统计信息。平均每秒生成500万条记录。

In cloud environments, IP addresses are reassigned to different workloads as workload instances are created and terminated, so IP addresses alone cannot provide insights on which workloads are communicating. To make the flow logs useful, each IP address must be attributed to its corresponding workload identity. FlowCollector, a backend service, collects flow logs from FlowExporter instances across the fleet, attributes the IP addresses, and sends these attributed flows to Netflix’s Data Mesh for subsequent stream and batch processing.

在云环境中，IP地址会随着工作负载实例的创建和终止而重新分配，因此仅凭IP地址无法提供哪些工作负载正在通信的洞察。为了使流日志有用，每个IP地址必须归属其对应的工作负载身份。 FlowCollector 是一个后端服务，它从全舰队的FlowExporter实例收集流日志，归属IP地址，并将这些归属的流发送到Netflix的数据网格进行后续的流处理和批处理。

The eBPF flow logs provide a comprehensive view of service topology and network health across Netflix’s extensive microservices fleet, regardless of the programming language, RPC mechanism, or application-layer protocol used by individual workloads.

eBPF 流日志提供了 Netflix 广泛微服务群体中服务拓扑和网络健康的全面视图，无论个别工作负载使用的编程语言、RPC 机制或应用层协议是什么。

如何准确归因于 eBPF 流日志的 Netflix