eBPF-based Network Observability for CloudStack #10416
Description
Proposal: eBPF-based Network Observability for CloudStack
Summary
CloudStack’s network monitoring is mostly based on logs and external agents, making real-time traffic analysis difficult. This project will integrate eBPF-based network observability to capture per-VM traffic metrics, detect anomalies, and improve tenant isolation.
Benefits to CloudStack
- Enhanced security: Detect suspicious activity at the kernel level.
- Real-time traffic monitoring: Gain deep insights into VM networking.
- Better tenant isolation: Identify cross-tenant traffic issues.
Deliverables
- Develop eBPF probes to capture:
- Per-VM network traffic metrics (packets, bytes, latency)
- Connection tracking for detecting unauthorized access patterns
- Packet drops and retransmission rates
- Expose network metrics via CloudStack’s API.
- Provide visualization through Prometheus/Grafana.
- Document setup, usage, and performance benchmarks.
Expected Outcome
An eBPF-based solution that improves network observability in CloudStack, providing security and performance insights with minimal resource usage.