Always-On Diagnostics: eBPF-Powered Insights for Linux SMB and NFS Clients
Linux users often ask: Why is my application slow? What caused it to crash? Was it a client-side issue—and if so, where? At SambaXP 2025, the Azure Files team introduced a new set of eBPF-based tools to help answer these questions by improving observability and debugging for Linux SMB client issues. We also shared a conceptual overview of the Always-On Diagnostics (AOD) project – a daemon that continuously monitors anomalies and automatically captures relevant logs when issues occur.
Since then, we’ve continued developing AOD and expanded the eBPF tooling to support the Linux NFS client. This talk will demonstrate how these tools can capture valuable diagnostic data in real-world anomalous scenarios. After a technical introduction to the standalone eBPF scripts, we’ll walk through the design of the AOD daemon, explain how the eBPF tools integrate into its system, and present the overall architecture. The session will conclude with a live demonstration of the diagnostics workflow in action – showing how AOD detects anomalies, collects logs, and can help pinpoint and contextualize client-side issues as they happen.
While prior exposure to eBPF concepts may be helpful, it is not required. The session will begin with foundational explanations before diving deeper, making it accessible to all attendees.
