Thomas Graf 🐝 @tgraf__ Twitter profile | Pikagi

Pikagi

Thomas Graf 🐝

@tgraf__

8,847

Followers

235

Following

359

Media

4,144

Statuses

CTO / Co-Founder of @isovalent , Cilium, Kernel Developer, eBPF, Linux Networking, Open Source, Mountains & Trail running | |

ZRH & SFO

https://t.co/ohCYfOEnkr

Joined June 2012

Don't wanna be here? Send us removal request.

Pinned Tweet

@tgraf__

Thomas Graf 🐝

9 months

Today, @Cisco announces the intent to acquire @isovalent 🎉 What a milestone for Cilium, eBPF, and our team. Thank you to all of you in the community and all our customers and partners for helping us get where we are today.

Tweet card media

Cisco Completes Acquisition of Cloud Native Networking & Security Leader Isovalent

Cisco acquires Isovalent, founded by creators of eBPF and the team behind Cilium and Tetragon, the leading cloud native solutions leveraging eBPF technology.

90

94

548

Last Seen Profiles

@Fennec_FoxKing

@MMCAKOREA

@stwmaniax

@alsa90942

@CoachSzymanski

@bokeplokalmalam

@priquitoesfolad

@guitar_yaya

@jaehyunzj

@original_kel

@ric_k_314

@drewboyweston

@tjoonv7_

@softy_wonu

@aoi_pample

@KasihLudah

@kainomisosiru2

@YinPu23387

@FISU_SG_CEO

@bokeplokalmalam

@Pulso_LT

@DebuggingDamsel

@defactor_

@pokelawls

@stw_pdg

@andiipoops

@AJCtheONE

@laughingdragon2

@windermerejetty

@bdyqsm152354

@midogo7333

@PaulDempsey

@lon1989381

@Rend_Fa

@PotterPayper

@pay_same

@tgraf__

Thomas Graf 🐝

6 years

The kernel community is about to replace iptables with BPF. I've captured my thoughts in a blog post. The performance gains speak for themselves.

Tweet media one

23

717

1K

@tgraf__

Thomas Graf 🐝

4 years

Want to sound like you are using microservices? Just say service discovery instead of DNS.

12

114

915

@tgraf__

Thomas Graf 🐝

2 years

Today, we are open sourcing Tetragon after several years of development. eBPF-based Security Observability & Runtime Enforcement.

Tetragon - eBPF-based Security Observability & Runtime Enforcement - Isovalent

Introduction to Tetragon - eBPF-based Security Observability & Runtime Enforcement

9

264

778

@tgraf__

Thomas Graf 🐝

4 years

4 years ago we started the @ciliumproject . Today, Google announced the availability of Cilium as the new GKE networking dataplane. What a great honor for everyone who has contributed to the Cilium project and to eBPF overall. The background story:

Tweet media one

22

163

709

@tgraf__

Thomas Graf 🐝

3 years

Very proud to announce the eBPF Foundation together with Facebook, Google, Microsoft, and Netflix!

Tweet card media

Facebook, Google, Isovalent, Microsoft, and Netflix announce eBPF Foundation

Facebook, Google, Isovalent, Microsoft, and Netflix announce eBPF Foundation, supporting the technology and facilitating collaboration.

10

132

609

@tgraf__

Thomas Graf 🐝

3 years

I've written down my thoughts on how eBPF will help solve service mesh complexity and performance by getting rid of sidecars.

Tweet card media

How eBPF will solve Service Mesh - Goodbye Sidecars - Isovalent

eBPF Service Mesh - How we can build an eBPF-based service mesh in the kernel to replace the complex sidecar model

9

162

581

@tgraf__

Thomas Graf 🐝

7 years

Linux 4.13 is out with in-kernel TLS support Graph: 99th centile latency - kTLS(green), OpenSSL (blue) Source:

Tweet media one

12

353

414

@tgraf__

Thomas Graf 🐝

4 years

When the person with Kubernetes experience is brought into a room...

9

71

386

@tgraf__

Thomas Graf 🐝

1 year

Starting today, you can learn about eBPF using interactive labs in just a few minutes on the new labs page. Two labs have been launched already: * Getting Started with eBPF * Learning eBPF Tutorial

Tweet card media

eBPF - Introduction, Tutorials & Community Resources

eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading a kernel module.

4

128

387

@tgraf__

Thomas Graf 🐝

4 years

Today, we are announcing our $29M Series A funding from @a16z , @Google , and @Cisco . We are also launching @isovalent , the company behind Cilium. I've written down some thoughts on how we got here.

eBPF - The Future of Networking & Security

Today is an exciting day for the Cilium community: Isovalent, the company behind Cilium, is announcing its $29M Series A financing ro...

30

48

365

@tgraf__

Thomas Graf 🐝

3 years

Learning Go as a C programmer

7

52

335

@tgraf__

Thomas Graf 🐝

3 years

Another day to remember for the entire Cilium team. AWS has picked Cilium as the built-in networking & security layer for EKS Anywhere. It still feels like it was yesterday when we wrote the first commit of Cilium.

Tweet card media

AWS picks Cilium for Networking & Security on EKS Anywhere - Isovalent

Learn why AWS has picked Cilium as their default Kubernetes CNI for Networking & Security on EKS Anywhere (EKS-A).

5

72

330

@tgraf__

Thomas Graf 🐝

2 years

KubeCon folks are leaving Valencia

Tweet media one

6

39

318

@tgraf__

Thomas Graf 🐝

5 years

eBPF - Rethinking the Linux Kernel #QConLondon , 2020 Slides: Watch the #QConLondon website for the publication of the recording.

Tweet media one

8

107

286

@tgraf__

Thomas Graf 🐝

4 years

eBPF is not only changing the networking, security and tracing world forever. eBPF will revolutionize how apps interact with Linux I/O. Read more in this great post by @glcst .

Tweet card media

How io_uring and eBPF Will Revolutionize Programming in Linux - ScyllaDB

ScyllaDB's Glauber Costa explains how two new APIs, io_uring and eBPF, are changing the fundamental nature of Linux programming.

www.scylladb.com

1

82

282

@tgraf__

Thomas Graf 🐝

2 years

Introduction to Mutual Authentication with Cilium & CIlium Service Mesh We expected quite a bit but outperforming sidecar-based mTLS by 3x latency and 2x requests/s was beyond expectations.

Tweet card media

Next-Generation Mutual Authentication (mTLS) with Cilium Service Mesh - Isovalent

Learn how Cilium & Cilium Service Mesh provides sidecar-free mTLS based authentication with excellent security and performance characteristics

4

78

286

@tgraf__

Thomas Graf 🐝

2 years

Cilium 1.13 is out 🎉 An amazing release, quick 🧵with details on major features. Gateway API, L7 load-balancing, TLS NetworkPolicy, mTLS layer, meta device, BIG TCP, SCTP, LB IBAM, and Grafana integration.

2

67

278

@tgraf__

Thomas Graf 🐝

4 years

Announcing the first-ever eBPF summit for end-users and developers: 📅 Oct 28-29, 2020 📢 CFP is now open for lightning talks 🏢 Virtual Keynote speakers include: @alexei_ast , @brendangregg , @davem_dokebi , @krisnova , @lbernail , @lizrice , ...

0

139

272

@tgraf__

Thomas Graf 🐝

3 years

eBPF is coming to Windows

Making eBPF work on Windows - Microsoft Open Source Blog

eBPF is a well-known but revolutionary technology—providing programmability, extensibility, and agility. eBPF has been applied to use cases such as denial-of-service protection and observability....

opensource.microsoft.com

5

101

259

@tgraf__

Thomas Graf 🐝

4 years

A thread about the new eBPF-based bandwidth management feature in Cilium 1.9: tl;dr: Auto-Tuning of kernel networking settings for containers It automatically enables/manages: - BBR TCP Cong Alg - Fair Queueing - Rate limiting (EDT based + k8s pod annotation) - Sysctl Tuning

Tweet media one

1

68

251

@tgraf__

Thomas Graf 🐝

6 years

eBPF is AWS Lambda for the Linux kernel @justincormack at #QCon

Tweet media one

3

73

227

@tgraf__

Thomas Graf 🐝

3 years

I've spent two days in the hospital due to a bacterial infection. We should double the wage of nursing staff. I've seen them give so much love to people who really need it. They are the lifeline of humanity. I'm so impressed and easily willing to give up 10% of my salary for this

15

8

220

@tgraf__

Thomas Graf 🐝

2 years

First ever KubeCon Cilium project session in a fully packed room. The @CloudNativeFdn community is incredibly welcoming.

Tweet media one

4

27

210

@tgraf__

Thomas Graf 🐝

3 years

eBPF Summit 2021 registration is open. Can we beat last year's 3K registrations? Speakers include: - @rakyll , AWS - @brendangregg , Netflix - @lizrice , Isovalent - @TabbySable , Datadog - Dave Thaler, Microsoft Lightning talks CFP is open until July 23.

Tweet card media

eBPF Summit 2021

Register now for the eBPF Summit 2021, Aug 18-19, 2021, a free virtual event for DevOps, SRE, SecOps, and developers.

1

63

202

@tgraf__

Thomas Graf 🐝

4 years

What is Maglev? A Thread. tl;dr: Maglev provides HA for network load-balancers. If you are in the cloud, then you are likely already using it. This is how Google and others make load-balancing reliable and scalable with commodity Linux servers.

2

45

192

@tgraf__

Thomas Graf 🐝

4 years

Thread: How to get visibility into Kubernetes networking with eBPF or: How to run tcpdump in an entire k8s cluster? tl;dr eBPF + Cilium + Hubble = Metrics, Flow Query API/CLI

Tweet media one

2

39

185

@tgraf__

Thomas Graf 🐝

5 years

eBPF is coming to the GNU toolchain. Jose E. Marchesi has just published patches for GNU binutils and announced GCC to provide an alternative compiler to the existing LLVM backend.

2

50

178

@tgraf__

Thomas Graf 🐝

5 years

We often forget to say thank you to the wide community of contributors making open source happen. This is the (likely incomplete) list of people who are making eBPF happen. Thank you! 👏 Let me know if I have forgotten anybody and I'll get you added.

Tweet media one

3

32

161

@tgraf__

Thomas Graf 🐝

3 years

If you have heard about #eBPF for the first time at this #KubeCon and want to learn more. Check out , it's a learning resource maintained by the eBPF community.

1

46

157

@tgraf__

Thomas Graf 🐝

6 years

New blog post: Deep dive into Facebook's new BPF edge firewall in production. Background story why the Facebook team replaced iptables with BPF and XDP. Based on Anant Deepak's LPC 2018 talk.

Tweet media one

0

51

134

@tgraf__

Thomas Graf 🐝

3 years

Interested in Cilium, eBPF, and Kubernetes? We are hiring for almost any position right now - (eBPF|Go|k8s|ClickHouse) engineers - Security Architects - Solution Architects - Marketing, Content, Writing - Sales DM or

2

35

128

@tgraf__

Thomas Graf 🐝

6 years

The BPF & XDP Reference Guide by Daniel Borkmann has been extended: * Architecture: insn, helpers, maps, calls, hardening, JIT, offloads * Toolchain: LLVM, ip/tc, bpftool, debugger, testing * Program types: XDP, tc * FAQ, talks, blogs, guides

Tweet media one

0

65

123

@tgraf__

Thomas Graf 🐝

3 years

Blown away by the @isovalent holiday hackathon demo session. eBPF-based tracing of processes, syscalls, network, file i/o, DNS, and HTTP (with TLS) all in one tool with k8s integration. Can't wait to ship this next year. Want to hack on stuff like this?

Tweet media one

0

13

129

@tgraf__

Thomas Graf 🐝

4 years

Hello to the competitors in Cilium SIG meetings with fake names trying to learn eBPF 👋 Pro tip: don't use your real e-mail address when signing up. Also: You don't have to hide, we like you.

9

2

127

@tgraf__

Thomas Graf 🐝

5 years

Slides of @rejektsio talk "Scaling to 5k Kubernetes nodes - Lessons Learned"

Tweet media one

1

38

125

@tgraf__

Thomas Graf 🐝

3 years

The desire for rewriting code is often driven by the desire for the warm and fuzzy feeling of completely understanding an entire code base.

3

12

125

@tgraf__

Thomas Graf 🐝

8 years

Google submitted their TCP congestion control algorithm upstream BRR - "Bottleneck Bandwidth and RTT"

2

104

121

@tgraf__

Thomas Graf 🐝

3 years

Today, the awesome @lizrice is joining us at @isovalent . What a day for the @ciliumproject community and eBPF.

Tweet card media

Liz Rice: Following the 'Superpower' Promise of eBPF

For lots of folks in software engineering, every now and again a technology comes along that really sparks the imagination.

7

21

124

@tgraf__

Thomas Graf 🐝

4 years

Last week we launched . Where should we go from here? What can we do better?

Tweet card media

Network Policy Editor for Kubernetes

editor.networkpolicy.io makes it easy to build, visualize, and make sense of Network Policies, which can then be downloaded as YAML and run in any Kubernetes cluster with a Network Policy-aware CNI.

editor.networkpolicy.io

3

35

120

@tgraf__

Thomas Graf 🐝

2 years

Thanks for all the feedback everyone, in particular, @halvarflake who spent considerable time. While post exploit mitigation will remain tempting, we have heard everyone loud and clear. Tetragon will focus primarily on extending the existing preventive filtering and observability

@tgraf__

Thomas Graf 🐝

2 years

Today, we are open sourcing Tetragon after several years of development. eBPF-based Security Observability & Runtime Enforcement.

9

264

778

2

19

121

@tgraf__

Thomas Graf 🐝

5 years

Slides for #KubeCon Session Transparent Chaos Testing with Envoy, Cilium, and eBPF

Tweet media one

2

32

119

@tgraf__

Thomas Graf 🐝

5 years

This is how an exciting commit description starts: > This work adds a NAT engine in BPF which is working together with > Cilium's BPF-based connection tracker. [...] One of the final steps to a kube-proxy free k8s environment.

Tweet card media

bpf: initial bpf-based masquerading support by borkmann · Pull Request #7527 · cilium/cilium

Fully working / complete pre-templating version: #7481. This one here is an attempt to rebase post-templating datapath. -> All OK here as well. Description: This work adds a NAT engine in BP...

2

32

120

@tgraf__

Thomas Graf 🐝

6 years

BPF Microconference Nov 15, Vancouver. CFP due Oct 1. Lots of great topics already on the agenda: - Scaling BPF to 1M instructions - Syscall interception - Dynamic tracing w/o on the fly compilation - Bounded loops & timers

4

37

116

@tgraf__

Thomas Graf 🐝

6 years

Connecting Kubernetes Clusters Across Cloud Providers with Cilium

Tweet media one

1

40

115

@tgraf__

Thomas Graf 🐝

2 years

Another awesome milestone for the Cilium community. Microsoft has picked Cilium for AKS. We have collaborated with the AKS team to bring eBPF to AKS to drive networking and security.

Tweet card media

Announcing Azure CNI Powered by Cilium - Isovalent

Microsoft selects Isovalent and Cilium to power Networking and Security for Azure Kubernetes Service. Azure CNI is now powered by Cilium!

2

28

111

@tgraf__

Thomas Graf 🐝

2 years

We have released Cilium 1.12 today 🎉 So many awesome new features😌 Integrated Ingress Controller, Cilium Service Mesh, Multi-Cluster Service Affinity, Stable Egress Gateway, NAT46 for Services, IPv6 for BGP, AKS BYOCNI, BBR, and more…

Tweet card media

Cilium 1.12 - Ingress, Multi-Cluster, Service Mesh, External Workloads, ...

Cilium 1.12 Release Announcement - Sidecar-free service mesh datapath, Envoy CRD, Ingress controller, Tetragon, Multi-Cluster Service Affinity, ...

2

36

115

@tgraf__

Thomas Graf 🐝

3 years

I can't wait for @rakyll 's keynote at the eBPF Summit on how eBPF enables us to tackle the unique challenges in observing microservices architectures.

Tweet media one

0

13

112

@tgraf__

Thomas Graf 🐝

11 months

The 🐝 eBPF Documentary is coming on Nov 8

Tweet card media

eBPF: Unlocking the Kernel l Official Trailer

This compelling documentary film will provide an in-depth exploration on the origins of eBPF and showcases the stories, challenges, and rewards of this game-...

www.youtube.com

2

25

110

@tgraf__

Thomas Graf 🐝

3 years

Tomorrow at KubeCon EU: How to break Kubernetes Networking Add it to your schedule:

Tweet media one

2

26

112

@tgraf__

Thomas Graf 🐝

4 years

Missed the eBPF Summit this week? Recap Day 1: Recap Day 2: Also contains the links to the recording of the stream.

eBPF Summit Day 2 Recap

After an exciting start with the first day of the eBPF Summit, the second and also final day of the summit this year was kicked off w...

1

33

112

@tgraf__

Thomas Graf 🐝

4 years

Can't wait to hear @brendangregg talk about performance profiling & troubleshooting at the eBPF summit. One of the many talks you shouldn't miss. Register here:

Tweet media one

1

33

113

@tgraf__

Thomas Graf 🐝

3 years

🎉 Cilium 1.11 and Isovalent Cilium Enterprise 1.11 have been released with a ton of amazing new stuff. - OpenTelemetry - Service Mesh beta - Topology Aware Routing - Many on-premises Features - Timescape - Egress GW HA - ...

Tweet card media

What’s new in Cilium 1.11? Service Mesh Beta, Topology Aware Routing, OpenTelemetry, ... - Isovalent

What’s new in Cilium 1.11? Service Mesh Beta, Topology Aware Routing, OpenTelemetry, ...

0

23

114

@tgraf__

Thomas Graf 🐝

5 years

Debugging and Monitoring DNS issues in Kubernetes with Hubble, @ciliumproject & eBPF How to... o Kubernetes DNS 101 o Monitor DNS errors o Identify Pods receiving DNS errors o Debug the DNS resolution o Debug missing DNS responses

Tweet media one

3

34

111

@tgraf__

Thomas Graf 🐝

7 years

Facebook is switching L4 LB from IPVS to eBPF/XDP. Throughput diff is amazing. BPF is changing networking.

Tweet media one

5

61

106

@tgraf__

Thomas Graf 🐝

2 years

AWS has announced GA of EKS-A today with networking and security powered by @ciliumproject underneath. It has been awesome to work with the EKS teams on this.

Tweet card media

Kubernetes On-Premises - Amazon EKS Anywhere - AWS

Amazon EKS Anywhere simplifies creating and operating on-premises Kubernetes clusters with default component configurations and automated cluster management tools.

3

17

108

@tgraf__

Thomas Graf 🐝

1 year

We are excited to launch Cilium Mesh today. Bringing Cilium to the world of VMs, servers, and existing networks outside of Kubernetes.

Tweet card media

Cilium Mesh - One Mesh to Connect Them All - Isovalent

Connect Kubernetes, VMs, and Servers across Cloud, On-Prem, and Edge.

2

36

107

@tgraf__

Thomas Graf 🐝

8 years

ebay is betting on kubernetes, with OVS for networking.

Tweet media one

0

61

97

@tgraf__

Thomas Graf 🐝

6 years

Agenda of BPF micro-conference has been announced with an incredible lineup of talks from Google, Facebook, Cilium, Netronome, Red Hat, Samsung, Red Sift, and Sthima. Nov 15, 2018, Vancouver

Tweet media one

3

28

105

@tgraf__

Thomas Graf 🐝

3 years

Cilium has passed 10K GitHub⭐️ stars recently. Congrats to everybody in the community. A lot of hard work and dedication has gone into this by so many people! 🐝

Tweet card media

An Amazing Milestone for Cilium - 10,000 stars!

We're going to need another digit ⭐️...

0

12

105

@tgraf__

Thomas Graf 🐝

8 years

Cilium - BPF & XDP for containers

Tweet media one

3

61

102

@tgraf__

Thomas Graf 🐝

3 years

Amazing blog by @nataliaivanko on how to gain visibility into container escapes with eBPF and Cilium

Tweet card media

Detecting a Container Escape with Tetragon and eBPF - Isovalent

Learn how to use Isovalent Cilium Enterprise observability to detect container escapes

0

25

103

@tgraf__

Thomas Graf 🐝

2 years

Another great milestone for the team as we close our $40M Series B and welcome new investors with @thomvest , @Microsoft , @grafana , and @miraeasset . We are also expanding the team heavily, drop us a note if you are excited about Cilium & eBPF.

Tweet card media

Isovalent Cilium Enterprise: For Kubernetes Networking & Security

Isovalent Cilium Enterprise by Isovalent, eBPF and Cilium-leader, raises $40M for kubernetes Networking & Security in the cloud native era.

2

20

99

@tgraf__

Thomas Graf 🐝

4 years

The eBPF summit is turning into an industry-wide event. We have proposals from Arm, Aqua, Cisco, Cloudflare, Crowdstrike, Datadog, Facebook, Google, Netflix, Oracle, Red Hat, Samsung, Sysdig, and many more. 🗓️ The submission deadline is next Wednesday.

1

29

100

@tgraf__

Thomas Graf 🐝

4 years

AWS just announced Bottlerocket. A new Linux distribution with full eBPF support: "[...] The modern Linux kernel in Bottlerocket includes eBPF, which reduces the need for kernel modules for many low-level system operations. [...]"

Tweet card media

Announcing the General Availability of Bottlerocket, an open source Linux distribution built to run...

As our customers increasingly adopt containers to run their workloads, we saw a need for a Linux distribution designed from the ground up to run containers with a focus on security, operations, and...

3

23

97

@tgraf__

Thomas Graf 🐝

7 years

XDP demo: DDoS attack with 14 mio packets/s. Machine remains reachable at constant low latency and can still do 7k TCP requests/s. #OSSummit

Tweet media one

1

48

91

@tgraf__

Thomas Graf 🐝

5 years

I will be speaking about eBPF and the Linux kernel at QCon London. Rethinking the Linux Kernel - How eBPF is changing the Linux kernel forever

Tweet card media

eBPF - Rethinking the Linux Kernel

The Linux kernel is undergoing the most fundamental architecture evolution in history and is becoming a microkernel. Why is the Linux...

archive.qconlondon.com

2

15

95

@tgraf__

Thomas Graf 🐝

4 years

Can't wait to hear from Zang Li at Google to talk about how she implemented Network Policy Logging for GKE & Cilium with eBPF at the upcoming eBPF Summit. Register here:

Tweet media one

1

18

93

@tgraf__

Thomas Graf 🐝

5 years

Slides for #EnvoyCon 2019: Envoy Namespaces - Operating an Envoy-based servicemesh at a fraction of the cost

Tweet media one

1

23

91

@tgraf__

Thomas Graf 🐝

8 years

Slides for my talk "Linux networking explained". Thanks all those who attended. #linuxcon

2

39

88

@tgraf__

Thomas Graf 🐝

6 years

Early signs of a future kernel developer? My son just turned 1 and is already riding the Linux wave like a champ.

Tweet media one

2

1

90

@tgraf__

Thomas Graf 🐝

3 years

eBPF Summit 2021 schedule is now online. The line-up is crazy good. From "Observing GPU Runtime Behavior in Self-Driving Cars with eBPF", "Getting Started with eBPF Observability", to "Building an eBPF Load-Balancer from Scratch".

Tweet card media

eBPF Summit 2021

Register now for the eBPF Summit 2021, Aug 18-19, 2021, a free virtual event for DevOps, SRE, SecOps, and developers.

0

33

87

@tgraf__

Thomas Graf 🐝

10 months

The eBPF Documentary was launched today. What a milestone! It has been an amazing journey, with many friends made along the way. I took this opportunity to write down some of what I remember while sharing pictures from the early days of eBPF.

eBPF Documentary: eBPF's Creation Story - Unlocking The Kernel

The eBPF documentary is a story of friends creating a technology that is often barely visible but has changed the tech industry significantly.

0

28

90

@tgraf__

Thomas Graf 🐝

3 years

KubeCon is coming up, I'll be presenting: How to break your Kubernetes Cluster with Networking Special guest: DNS

KubeCon + CloudNativeCon Europe 2021 Virtual: How to Break your Kubernetes Cluster wit...

View more about this event at KubeCon + CloudNativeCon Europe 2021 Virtual

kccnceu2021.sched.com

2

15

89

@tgraf__

Thomas Graf 🐝

10 months

One of my favorite moments of KubeCon. We have turned my long-time friend and kernel hacker Daniel Borkmann into a movie star🍿 eBPF documentary:

Tweet media one

2

7

88

@tgraf__

Thomas Graf 🐝

4 years

Very cool: Rueian at Dcard has built a VS <> Kubernetes bridge with @ciliumproject and @EnvoyProxy using Go Extensions. Allowing you to transparently redirect HTTP requests to/from an existing pod to a port on your development laptop Code:

Tweet media one

2

12

87

@tgraf__

Thomas Graf 🐝

3 years

Over 200 of you have already signed up for Cilium's Service Mesh beta. Help us shape how the UX of a service mesh without sidecars should look like. We are giving you builds and guides, you are giving us feedback and we iterate together.

2

14

83

@tgraf__

Thomas Graf 🐝

3 years

@rakyll for those looking for an introduction and pointers

Tweet card media

eBPF - Introduction, Tutorials & Community Resources

eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading a kernel module.

0

15

81

@tgraf__

Thomas Graf 🐝

10 months

Tetragon 1.0 has landed! 🎉 It features new default observability policies, extensive overhead benchmarks, and a ton of maturization, along with many additional features. Let's take a closer look 🧵

Tetragon 1.0: Kubernetes Security Observability & Runtime Enforcement

Tetragon 1.0 - What is new? Performance overhead benchmarks, default observability policies, kubectl exec monitoring, and much more!

1

35

84

@tgraf__

Thomas Graf 🐝

7 years

Kubernetes (1.9) iptables rules architecture diagram (kube-proxy)

Tweet media one

0

37

83

@tgraf__

Thomas Graf 🐝

8 years

How net.ipv4.tcp_rmem affects TCP window and net.ipv4.tcp_wmem affects blocking write()s

Tweet media one

1

46

79

@tgraf__

Thomas Graf 🐝

2 years

Awesome blog by @seznam_cz digging into how replacing IPVS with Cilium/eBPF/XDP for load-balancing resulted in a massive drop in CPU usage at ~15Mpps.

Cilium Standalone Layer 4 Load Balancer XDP

See the performance increase Seznam.cz saw using Cilium for load balancing...

0

23

82

@tgraf__

Thomas Graf 🐝

3 years

Looks like NASA picked Cilium as the CNI for the Hubble telescope

This Isn’t the Big Telescope Debut NASA Imagined

The James Webb Space Telescope, the long-awaited successor to Hubble, is mired in controversy over its namesake.

www.theatlantic.com

1

7

80

@tgraf__

Thomas Graf 🐝

4 years

Microsoft is getting into eBPF for real.

@markrussinovich

Mark Russinovich

@markrussinovich

4 years

We're working on eBPF-based Sysmon for Linux that has same filtering and output schema (where applicable) as Sysmon For Windows. Shooting for a preview in February.

Tweet media one

Tweet media two

32

388

1K

1

12

81

@tgraf__

Thomas Graf 🐝

7 years

Getting pinged on Istio + Cilium a lot this week. Yes? How? Why? My thoughts are in this blog post. BPF truly is a superpower.

Tweet card media

What Cilium and BPF will bring to Istio

There is a lot of excitement around Istio this week at KubeCon. We are getting pinged multiple times a day now with questions on how ...

3

27

80

@tgraf__

Thomas Graf 🐝

4 years

Weekend

Tweet media one

4

0

80

@tgraf__

Thomas Graf 🐝

4 years

We just wrapped up eBPF Summit 2020. So many amazing speakers cover different aspects of eBPF ❤️ Probably the first time we had such a wide range of people in an event and on slack: kernel devs, eBPF project maintainers, end-users, researchers. So many new ideas sparked today.

2

8

77

@tgraf__

Thomas Graf 🐝

6 years

Taking the sidecar concept literally today.

Tweet media one

2

1

76

@tgraf__

Thomas Graf 🐝

4 years

I love each time a @ciliumproject datapath concept pops up in the Calico eBPF code with almost identical naming. Of course, it's always "accidental". You realize it's open-source, right? You can just copy it and improve it if you preserve the attribution.

3

13

74

@tgraf__

Thomas Graf 🐝

1 year

There is no way I would have believed anyone who told me that we would have 16 KubeCon talks about Cilium at some point.

Tweet card media

Cilium Talks at KubeCon EU 2023

Find all the Cilium talk at KubeCon EU 2023...

2

13

75

@tgraf__

Thomas Graf 🐝

3 years

The eBPF slack channel () passed 3K people this week. From a low-level kernel technology to literally thousands of people learning about it. eBPF is changing the industry.

Tweet media one

1

12

75

@tgraf__

Thomas Graf 🐝

4 years

Super thrilled to see @lizrice talk at the eBPF summit this year. A perfect talk to learn about eBPF and get started. Registration is open:

Tweet media one

0

14

75

@tgraf__

Thomas Graf 🐝

6 years

#EnvoyCon talk recording is available: Extending Envoy with Go Thanks to @mattklein123 for lending me his laptop to run the slides ;-) Slides: Recording:

Tweet media one

1

28

73

@tgraf__

Thomas Graf 🐝

1 year

Announcing eBPF 2.0: excelBPF™

Hear about the latest innovation from the eBPF community, turn your cells into hives of activity

3

12

73

@tgraf__

Thomas Graf 🐝

2 years

Cilium dataplane under the hood with the upcoming meta device replacing veth to provide container networking as fast as if running on the host

Tweet media one

2

11

73

@tgraf__

Thomas Graf 🐝

5 years

If you are interested to learn how @EnvoyProxy , @ciliumproject , and BPF all fit together. Considering adding the following talk to your schedule. Transparent Chaos Testing with Envoy, Cilium and BPF

0

16

71

@tgraf__

Thomas Graf 🐝

6 years

Quick brain dump on how Cilium and @IstioMesh work together and what socket-aware BPF progs will enable. App TLS visibility/control for Envoy/Istio, provide intra-pod segmentation to protect sidecars and apps, protect from compromised sidecars, ...

Tweet media one

0

37

72

@tgraf__

Thomas Graf 🐝

1 year

Exciting! eBPF and Cilium for Windows

Tweet media one

2

10

71

@tgraf__

Thomas Graf 🐝

3 years

KubeCon 2021: How to break Kubernetes with Networking Slides: The recording should be available on the KubeCon site in a bit as well.

Tweet media one

1

11

70

@tgraf__

Thomas Graf 🐝

2 years

I have a suspicion that @chainguard_dev + @ciliumproject will be an incredible combination to secure software from build to execution.

3

10

71