eBPF-based Network Observability for CloudStack

[soreana]

Proposal: eBPF-based Network Observability for CloudStack

Summary

CloudStack’s network monitoring is mostly based on logs and external agents, making real-time traffic analysis difficult. This project will integrate eBPF-based network observability to capture per-VM traffic metrics, detect anomalies, and improve tenant isolation.

Benefits to CloudStack

• Enhanced security: Detect suspicious activity at the kernel level.
• Real-time traffic monitoring: Gain deep insights into VM networking.
• Better tenant isolation: Identify cross-tenant traffic issues.

Deliverables

• Develop eBPF probes to capture:
  • Per-VM network traffic metrics (packets, bytes, latency)
  • Connection tracking for detecting unauthorized access patterns
  • Packet drops and retransmission rates
• Expose network metrics via CloudStack’s API.
• Provide visualization through Prometheus/Grafana.
• Document setup, usage, and performance benchmarks.

Expected Outcome

An eBPF-based solution that improves network observability in CloudStack, providing security and performance insights with minimal resource usage.