eCHO News 66

eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

8th October 2024

Spelunking through Reddit, I came across this interesting thread about Gateway API usage in the wild. First comment "Fired up my first Gateway API today with Cilium... Kinda digging it... The opportunity to replace so many infrastructure services with just Cilium is pretty compelling to me." Talking to a lot of Cilium end users, this sentiment is key to many of them choosing and adopting Cilium.

In infrastructure, I think we are moving away from point solutions towards more integrated approaches and Cilium is a perfect example of this, covering everything from L2-L7. When I posted the Reddit thread on LinkedIn, this same sentiment came across again "already replaced MetalLB with Cilium L2 Announcements and now looking forward to replace ingress nginx with Cilium's Gateway API implementation." I don't think this is anything against the projects Cilium is replacing (they are great pieces of technology too) it is more than people are looking to do more with less in their stack. Hear all the ways people are simplifying their stack with Cilium at KubeCon or let the project know how you are doing it in the User Survey. The company offsite is coming up and I need to pack so let’s ?? -gin.

The Technical

Kubernetes Traffic Engineering for Network Engineers: Cilium Best Practices - Inbound and outbound traffic, BGP for advanced traffic routing, application-specific design considerations, static route configurations, managing unmanaged pods and overlay coexistence, this white paper has it all

The eBPF Runtime in the Linux Kernel - Academic summary of eBPF, I think this paper will get a lot of citations

Hacking eBPF & LLVM for Fun and Profit - Everyone is trying to beat the verifier

eBPF Challenge 1: XDP Return Codes - Learn how to not get locked out of your system

eBPF Map Monitoring using eBPF Iterators - Do you know how full your eBPF Maps are?

takehaya/Sys-Ebpf - "perl-ebpf is a pure-perl library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel" with presentation in Japanese

furkanonder/DnsTrace - "Monitor DNS queries by host processes using eBPF!"

recontech404/Kairos - "Open Source eBPF Malware Analysis Framework"

SRodi/ebpf-file-delete-tracer - "demonstrates the use of eBPF to trace file deletion events on a Linux system"

??

?

The Ecosystem

Cilium User Survey - 2024 - Please fill it out to help us understand where the project should go next

Isovalent Enterprise for Tetragon 1.14: Persistent Enforcement, Memory Optimizations, Improved Child Process Visibility, and more! - 77% decrease in memory usage, customizing default rulesets, hard to pick a favorite feature improvement

Cilium Talks at KubeCon NA 2024 - Hard to choose which end user talk I'm most looking forward to, find all of them here

Case Study: SysEleven - "Cilium replaced everything that previously had anything to do with networking. In one sense, it’s just a CNI plugin, but on the other hand, it can also remove the need for so many other tools, like kube-proxy."

Adobe Achieves a Boring Network with Cilium for Cloud Native Platforms - "But boring is good!"

Unlocking the Power of eBPF: How Cilium enhances BMC Helix Innovation Suite - Great to see another platform supporting Cilium

Securing Kubernetes Workloads using LSM-BPF - Find out how eBPF came to tackle security too

OpenTelemetry Isn’t the Hero We Need: Here’s Why it’s Failing our Stack - "OpenTelemetry is only a support team player and eBPF is the real MVP"

Now let’s talk about Cilium and how it leverages eBPF - Find out why you should switch from AWS VPC CNI

Cilium: A Comprehensive Guide to Networking, Security, and Observability in Kubernetes - "Ultimately, Cilium offers a unique blend of simplicity, performance, and security"

eBPF- One Size Does Not Fit All - “Oh, you guys use computers? Well we use computers too!” - What really matters is how you leverage the technology

How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack - "Once an attack is qualified, dosd will push a mitigation rule inline as an eBPF program to surgically drop the attack traffic"

??

?

The How To

Optimizing Enterprise Networks: Addressing Overlapping CIDR with Cilium - Learn how packets traverse clusters and how to set it up

Cilium: IPv6 on EKS - Using prefix delegation, network policy (L3/L4/L7/DNS), encryption, & observability

Apply a Cilium eBGP Policy and redistribute it into an XRd ISIS topology - "I imagine it will take cross-functional IT Infrastructure teams to see this implemented and scaled out in production"

First eBPF program - Learn to write Hello World on the execve system call

??

?

The Video

Isovalent Bring your own CNI (Cilium) with AKS - Webinar to learn to set it up

Coping with Zero Days with Cilium Tetragon - Learn to stop the next CVE with Tetragon

??

?

The Events

eBPF Birds of a Feather - Open Source Summit Japan - October 28th in Tokyo

Cilium + eBPF Day - See you in Salt Lake! Schedule is out now!

???

The Tweet of the Week

Correction: In the previous episode, it was stated that both snake and DOOM moved into the kernel. In reality, snake use bpftrace userspace code to implement the main logic and DOOM is running in a userspace eBPF runtime.