eCHO News 76
eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle
25th February 2025
For years, eBPF has letting us rebuild parts of Linux better, giving us deep observability, high performance networking enforcement, continuous profiling, and ways to actually mitigate threats in real-time, without slowing systems down. eBPF for Windows has been in development since 2021, and while it still requires a special dev mode, it’s never been closer to reality than 2025.?
If you have been wondering about how it all works, check out my colleague's blog introducing eBPF for Windows to get up and running with you first program. At the end you will be able to "add some simple functionality, like blocking a process based on its PID or executable name. I’ll leave that as an exercise to the interested reader."
It’s not every day that something built for the Linux kernel becomes a standardized instruction set (RFC 9669) and then shows up on Windows in just a few years. But here we are. Here for me currently is Brasil for Carnival and I've got some glitter to put on so so let’s ?? -gin.
The Technical
Introduction to eBPF for Windows - Get started on your driver journey, Github repo included
How We Optimized CI/MON eBPF Sensor to Handle Thousands of Events per Second - "7 key lessons we’ve learned building a high-performance, robust eBPF sensor"
Getting to Know TGID and PID in eBPF: Essential for Observability - Do you know the difference between Thread Group ID and the Process ID?
My first Aya program - Deep dive into coding eBPF in Rust
Hello eBPF: Concurrency Testing using Custom Linux Schedulers (19) - "a practical tool for shaking more bugs out of applications"
Can eBPF Provide Real-Time PostgreSQL Insights Without Degrading Performance? - "the eBPF program adds an overhead of approximately 0.03 ms on average"
Exploring the OpenTelemetry Go Automatic Instrumentation powered by eBPF: A Deep Dive - Cool to see different approaches converging under OTel
EBPF program to extract data from HTTPS traffic using MITM proxy and Java - Generate logs without the need to write any separate application code
Debug gtp5g kernel module using stacktrace and eBPF - Stop kernel panics from kernel modules with eBPF
Experimenting with OCaml and eBPF - Learn to trace OCaml programs with eBPF
dkorunic/pktstat-bpf - "TC, XDP and KProbe eBPF based simple Ethernet interface traffic monitor and reporting tool"
nomaderr/ebpf-file-blocker - "Block file creation with use of eBPF"
unikzforce/wormhole - "vxlan/unknown unicast flooding technique + eBPF"
eurecom-s3/lemon - "An eBPF Memory Dump Tool for x64 and ARM64"
??
?
The Ecosystem
Is Your CNI Good Enough? - "Replace your outdated, underperforming, or too complex-to-handle CNI with something modern"
How Tetragon Redefines Security and Observability - Great to see Coralogix picking up Tetragon
Visualize End-to-End Google Cloud Cross-Account Traffic with Upwind - "detailed data from Layers 3, 4, and 7 with a high-performance eBPF sensor"
Coralogix Releases eBPF Observability for K8s Workloads - I'm assuming based on the above
Why AI Observability Needs a New Approach(eBPF) - "With eBPF, AI agents are more secure, compliant, and cost-controlled — without sacrificing performance"
??
?
The How To
Mixed Routing Mode with Isovalent Cluster Mesh - Connect clusters using both native routing and encapsulation
Azure Kubernetes Chronicles Networking using eBPF - Deploy an AKS cluster with Cilium and apply a network policy to secure traffic and part 2
Cilium Network Policy: What You Need to Know for CKS - With a few labs to practice too
Securing Cilium's Gateway Api with cert-manager - Create a reverse proxy secured with an auto-renewing certificate
Renforcer la sécurité des microservices avec l’authentification Cilium et SPIFFE - Mettre en ?uvre l’authentification pour des applications dans un cluster AKS
??
?
The Video
How Polar Signals leverages eBPF for efficient profiling and cost optimization | Frederic Branczyk - The benefits of eBPF for cost cutting
??
?
The Events
Cilium and Cisco ACI: Best of Both Worlds - February 25th, online webinar
What's new in eBPF Runtime Security with Tetragon 1.15 - March 5th, online webinar?
Fast-Tracking Your Journey to Kubernetes for Network Engineers - March 12th, online panel discussion
Isovalent Discovery Workshop: A Fast-Track to Cilium for Network Engineers - March 20th, online workshop: Get hands-on!?
Isovalent Discovery Workshop: A Fast-Track to Cilium for Platform Engineers - March 25th, online workshop: Get hands-on!?
bpfconf - CfP now open for the invite only event on March 24-26 in Montreal
CiliumCon EU - April 1st in London, this is not a joke! Full Schedule out now
???
The Post of the Week
As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.
??
Arquitecto de Seguridad en GTD | CEH | NRS | CCNA | MTCNA
1 天前Hi Bill, I was thinking about an idea. I believe it is theoretically possible to create a multi-WAN load balancer based on eBPF, but I don't know if anyone has built one or if no one has thought of it. I would use an approach—perhaps not novel—but based on Lyapunov stability
Community @ Isovalent at Cisco | Cilium and ebpf.io Maintainer
6 天前Content from: Frederic Branczyk Swapnil Bhartiya Ian Chen Jurgen Allewijn Gerard Samuel Dinko Korunic David Frappart Tim McGilchrist Victor Romanov Alex Ilgayev Chris Cooney Nir Limor Yuki Nakamura Dmytro S. Joseph Ligier Kasper Borg Nissen Venkat Rangasamy Amit Gupta Roland Wolters Teodor Podobnik Denise Ashur Puru Tuladhar Pavel Yosifovich Liz Rice Johannes Bechberger