New Relic eBPF agent uses eBPF technology to provide APM functionality in a single agent with zero code instrumentation. This approach empowers platform engineering teams by eliminating the need for coordination with application teams for monitoring deployment.
When to use eBPF-powered APM
- Large-scale deployments: When you have many applications that need monitoring deployed at scale and require "good enough" metrics without the overhead of individual language agents.
- Unknown or unmodifiable workloads: When the workload you want to monitor is written in an unknown programming language and/or cannot be modified.
- Platform engineering efficiency: When you want to deploy monitoring at scale without coordinating with individual application teams.
- Linux-focused environments: When you don't need to monitor Windows platforms, as eBPF works excellently on Linux in both Kubernetes and host environments.
- No distributed tracing requirement: When your monitoring needs don't require distributed tracing capabilities.
eBPF vs traditional APM comparison
Understanding the differences between eBPF-powered APM and traditional APM agents helps you choose the right approach:
Functionality | eBPF agent (eAPM) | APM agent |
|---|---|---|
Summary | ✅ | ✅ |
Transaction | ✅ (segment linking for Java, Go, Node.js) | ✅ |
Database operations | ✅ | ✅ |
Service map | ✅ | ✅ |
Distributed tracing | ❌ | ✅ |
Programming language agnostic | ✅ | ❌ |
Custom instrumentation | ❌ | ✅ |
Auto-discover apps and services continuously | ✅ | ❌ |
Linux support | ✅ | ✅ |
Windows support | ❌ | ✅ |
TCP and DNS telemetry | ✅ | ❌ |
Data source perspective
eBPF-powered APM shifts the monitoring perspective from the application layer to the kernel layer:
Feature | APM language agent | eBPF-powered APM |
|---|---|---|
Data source | Application's memory / runtime hooks | Linux kernel (via eBPF) |
Language dependency | High (requires specific agent for each language) | None (operates on kernel's view of process) |
Code modification | Required | Not required (observes process from outside) |
Outcome | Deep insight for known languages | Great insight for any workload on Linux (C++, Rust, etc.) |
Best practices for deployment
1. Supplement the traditional APM
Use eBPF agent to supplement APM language agents for comprehensive coverage. This gives you full APM coverage with coexistence between eAPM and APM agents, without double data ingestion.
Recommended approach:
- APM language agents: Use for your most critical applications that require deep-level insights, distributed tracing, or custom instrumentation.
- eBPF-powered APM: Use to cover everything else, including uninstrumented services, third-party apps, and for continuously discovering/reporting new services.
2. Add network metrics for deeper context
Preview
We're still working on eBPF network metrics capability, but we'd love for you to try it out!
This feature is currently provided as part of a preview pursuant to our pre-release policies. It is not available to customers subject to HIPAA or FedRAMP regulations.
The eBPF agent can also provide granular network metrics (TCP, DNS, etc.) to give you visibility outside your application's boundary. This capability is complementary and can be used with or without eAPM. For more information, refer to network-metrics.
The following deployment options are available:
Application metric source | Network metric source | Configuration |
|---|---|---|
APM language agent | eBPF agent (network metrics only mode) | Two agents |
eBPF agent (eAPM) | eBPF agent (same agent) | Single agent |
3. Create a unified monitoring approach
By following the practices above, you can use the single eBPF agent to handle both infrastructure and application monitoring needs. This unifies your observability, allowing the agent to automatically gather critical application performance data (eAPM) and network metrics (eBPF network metrics) to populate existing dashboards, providing deep context without code changes or restarts.
Benefits:
- APM insights that populate New Relic APM UI automatically.
- Network insights from the same agent.
Implementation recommendations
Start with eAPM for scale: If you need to deploy monitoring at scale across many applications and want "good enough" metrics without complex coordination, start with eBPF-powered APM.
Add network metrics for complete visibility: Once eAPM is deployed, consider adding eBPF network metrics to gain visibility beyond application boundaries for comprehensive troubleshooting capabilities.