Today,
@Cisco
announces the intent to acquire
@isovalent
๐ What a milestone for Cilium, eBPF, and our team. Thank you to all of you in the community and all our customers and partners for helping us get where we are today.
4 years ago we started the
@ciliumproject
. Today, Google announced the availability of Cilium as the new GKE networking dataplane.
What a great honor for everyone who has contributed to the Cilium project and to eBPF overall.
The background story:
Starting today, you can learn about eBPF using interactive labs in just a few minutes on the new labs page. Two labs have been launched already:
* Getting Started with eBPF
* Learning eBPF Tutorial
Today, we are announcing our $29M Series A funding from
@a16z
,
@Google
, and
@Cisco
. We are also launching
@isovalent
, the company behind Cilium.
I've written down some thoughts on how we got here.
Another day to remember for the entire Cilium team. AWS has picked Cilium as the built-in networking & security layer for EKS Anywhere. It still feels like it was yesterday when we wrote the first commit of Cilium.
eBPF is not only changing the networking, security and tracing world forever. eBPF will revolutionize how apps interact with Linux I/O. Read more in this great post by
@glcst
.
Introduction to Mutual Authentication with Cilium & CIlium Service Mesh
We expected quite a bit but outperforming sidecar-based mTLS by 3x latency and 2x requests/s was beyond expectations.
Cilium 1.13 is out ๐ An amazing release, quick ๐งตwith details on major features.
Gateway API, L7 load-balancing, TLS NetworkPolicy, mTLS layer, meta device, BIG TCP, SCTP, LB IBAM, and Grafana integration.
A thread about the new eBPF-based bandwidth management feature in Cilium 1.9:
tl;dr: Auto-Tuning of kernel networking settings for containers
It automatically enables/manages:
- BBR TCP Cong Alg
- Fair Queueing
- Rate limiting (EDT based + k8s pod annotation)
- Sysctl Tuning
I've spent two days in the hospital due to a bacterial infection. We should double the wage of nursing staff. I've seen them give so much love to people who really need it. They are the lifeline of humanity. I'm so impressed and easily willing to give up 10% of my salary for this
eBPF Summit 2021 registration is open. Can we beat last year's 3K registrations? Speakers include:
-
@rakyll
, AWS
-
@brendangregg
, Netflix
-
@lizrice
, Isovalent
-
@TabbySable
, Datadog
- Dave Thaler, Microsoft
Lightning talks CFP is open until July 23.
What is Maglev? A Thread.
tl;dr: Maglev provides HA for network load-balancers.
If you are in the cloud, then you are likely already using it. This is how Google and others make load-balancing reliable and scalable with commodity Linux servers.
Thread: How to get visibility into Kubernetes networking with eBPF
or: How to run tcpdump in an entire k8s cluster?
tl;dr
eBPF + Cilium + Hubble = Metrics, Flow Query API/CLI
eBPF is coming to the GNU toolchain. Jose E. Marchesi has just published patches for GNU binutils and announced GCC to provide an alternative compiler to the existing LLVM backend.
We often forget to say thank you to the wide community of contributors making open source happen. This is the (likely incomplete) list of people who are making eBPF happen. Thank you! ๐
Let me know if I have forgotten anybody and I'll get you added.
If you have heard about
#eBPF
for the first time at this
#KubeCon
and want to learn more. Check out , it's a learning resource maintained by the eBPF community.
New blog post: Deep dive into Facebook's new BPF edge firewall in production. Background story why the Facebook team replaced iptables with BPF and XDP.
Based on Anant Deepak's LPC 2018 talk.
Interested in Cilium, eBPF, and Kubernetes?
We are hiring for almost any position right now
- (eBPF|Go|k8s|ClickHouse) engineers
- Security Architects
- Solution Architects
- Marketing, Content, Writing
- Sales
DM or
Blown away by the
@isovalent
holiday hackathon demo session.
eBPF-based tracing of processes, syscalls, network, file i/o, DNS, and HTTP (with TLS) all in one tool with k8s integration. Can't wait to ship this next year.
Want to hack on stuff like this?
Hello to the competitors in Cilium SIG meetings with fake names trying to learn eBPF ๐ Pro tip: don't use your real e-mail address when signing up. Also: You don't have to hide, we like you.
Thanks for all the feedback everyone, in particular,
@halvarflake
who spent considerable time. While post exploit mitigation will remain tempting, we have heard everyone loud and clear. Tetragon will focus primarily on extending the existing preventive filtering and observability
This is how an exciting commit description starts:
> This work adds a NAT engine in BPF which is working together with
> Cilium's BPF-based connection tracker. [...]
One of the final steps to a kube-proxy free k8s environment.
BPF Microconference Nov 15, Vancouver. CFP due Oct 1.
Lots of great topics already on the agenda:
- Scaling BPF to 1M instructions
- Syscall interception
- Dynamic tracing w/o on the fly compilation
- Bounded loops & timers
Another awesome milestone for the Cilium community. Microsoft has picked Cilium for AKS. We have collaborated with the AKS team to bring eBPF to AKS to drive networking and security.
We have released Cilium 1.12 today ๐ So many awesome new features๐
Integrated Ingress Controller, Cilium Service Mesh, Multi-Cluster Service Affinity, Stable Egress Gateway, NAT46 for Services, IPv6 for BGP, AKS BYOCNI, BBR, and moreโฆ
I can't wait for
@rakyll
's keynote at the eBPF Summit on how eBPF enables us to tackle the unique challenges in observing microservices architectures.
Can't wait to hear
@brendangregg
talk about performance profiling & troubleshooting at the eBPF summit. One of the many talks you shouldn't miss.
Register here:
๐ Cilium 1.11 and Isovalent Cilium Enterprise 1.11 have been released with a ton of amazing new stuff.
- OpenTelemetry
- Service Mesh beta
- Topology Aware Routing
- Many on-premises Features
- Timescape
- Egress GW HA
- ...
Debugging and Monitoring DNS issues in Kubernetes with Hubble,
@ciliumproject
& eBPF
How to...
o Kubernetes DNS 101
o Monitor DNS errors
o Identify Pods receiving DNS errors
o Debug the DNS resolution
o Debug missing DNS responses
AWS has announced GA of EKS-A today with networking and security powered by
@ciliumproject
underneath. It has been awesome to work with the EKS teams on this.
Agenda of BPF micro-conference has been announced with an incredible lineup of talks from Google, Facebook, Cilium, Netronome, Red Hat, Samsung, Red Sift, and Sthima.
Nov 15, 2018, Vancouver
Cilium has passed 10K GitHubโญ๏ธ stars recently. Congrats to everybody in the community. A lot of hard work and dedication has gone into this by so many people! ๐
Another great milestone for the team as we close our $40M Series B and welcome new investors with
@thomvest
,
@Microsoft
,
@grafana
, and
@miraeasset
.
We are also expanding the team heavily, drop us a note if you are excited about Cilium & eBPF.
The eBPF summit is turning into an industry-wide event. We have proposals from Arm, Aqua, Cisco, Cloudflare, Crowdstrike, Datadog, Facebook, Google, Netflix, Oracle, Red Hat, Samsung, Sysdig, and many more.
๐๏ธ The submission deadline is next Wednesday.
AWS just announced Bottlerocket. A new Linux distribution with full eBPF support:
"[...] The modern Linux kernel in Bottlerocket includes eBPF, which reduces the need for kernel modules for many low-level system operations. [...]"
Can't wait to hear from Zang Li at Google to talk about how she implemented Network Policy Logging for GKE & Cilium with eBPF at the upcoming eBPF Summit.
Register here:
eBPF Summit 2021 schedule is now online.
The line-up is crazy good. From "Observing GPU Runtime Behavior in Self-Driving Cars with eBPF", "Getting Started with eBPF Observability", to "Building an eBPF Load-Balancer from Scratch".
The eBPF Documentary was launched today. What a milestone! It has been an amazing journey, with many friends made along the way.
I took this opportunity to write down some of what I remember while sharing pictures from the early days of eBPF.
Very cool: Rueian at Dcard has built a VS <> Kubernetes bridge with
@ciliumproject
and
@EnvoyProxy
using Go Extensions.
Allowing you to transparently redirect HTTP requests to/from an existing pod to a port on your development laptop
Code:
Over 200 of you have already signed up for Cilium's Service Mesh beta. Help us shape how the UX of a service mesh without sidecars should look like.
We are giving you builds and guides, you are giving us feedback and we iterate together.
Tetragon 1.0 has landed! ๐ It features new default observability policies, extensive overhead benchmarks, and a ton of maturization, along with many additional features. Let's take a closer look ๐งต
We're working on eBPF-based Sysmon for Linux that has same filtering and output schema (where applicable) as Sysmon For Windows. Shooting for a preview in February.
We just wrapped up eBPF Summit 2020. So many amazing speakers cover different aspects of eBPF โค๏ธ
Probably the first time we had such a wide range of people in an event and on slack: kernel devs, eBPF project maintainers, end-users, researchers. So many new ideas sparked today.
I love each time a
@ciliumproject
datapath concept pops up in the Calico eBPF code with almost identical naming. Of course, it's always "accidental".
You realize it's open-source, right? You can just copy it and improve it if you preserve the attribution.
The eBPF slack channel () passed 3K people this week. From a low-level kernel technology to literally thousands of people learning about it. eBPF is changing the industry.
#EnvoyCon
talk recording is available:
Extending Envoy with Go
Thanks to
@mattklein123
for lending me his laptop to run the slides ;-)
Slides:
Recording:
If you are interested to learn how
@EnvoyProxy
,
@ciliumproject
, and BPF all fit together. Considering adding the following talk to your schedule.
Transparent Chaos Testing with Envoy, Cilium and BPF
Quick brain dump on how Cilium and
@IstioMesh
work together and what socket-aware BPF progs will enable.
App TLS visibility/control for Envoy/Istio, provide intra-pod segmentation to protect sidecars and apps, protect from compromised sidecars, ...