eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

11th February 2025

I'm sorry for everyone that was left standing outside the first ever eBPF Dev Room at FOSDEM. I heard there was more people outside the room than in it so hopefully next year they will give us a bigger room! If you weren't able to make it in or make it to Brussels, luckily the videos are now online.

While it is hard to pick a favorite, I personally like the talk from Meta about rolling out netkit to millions of containers, eliminating the network overhead of containers. It is just one of many examples of how eBPF is enabling us to rebuild the kernel better and prepare for a world where we need to manage a plethora of different technologies together. I'm headed to the mountains this weekend for some skiing so let’s 🐝 -gin.

The Technical

Isovalent Enterprise for Tetragon 1.15: CPU & Memory Metrics, Audit eBPF Operations, Improved Userspace Filtering!

Sandbox Policies to stable and aggregated JSON events are my two favorites

Two-Phase eBPF Program Signing

Traditional approaches don't work because of loader modifications so instead sign the program twice, with a Github repo

Exposing concurrency bugs with a custom scheduler

Using eBPF to fuzz Linux scheduling, Github here

TracepointArgs: List Any Linux Tracepoint with Their Arguments, Datatypes and Related Structs

"This should be something useful for Linux kernel explorers and eBPF nerds!"

S’initier à eBPF avec Aya (Partie 1)

eBPF in Rust in French

containerscrew/rootisnaked

"Simple root privilege escalation detection using eBPF 🐝"

yandex/perforator

"Perforator is a cluster-wide continuous profiling tool designed for large data centers" built on eBPF

altugbozkurt07/Unix-sniffer

"Simple cli tool to monitor unix socket traffic including ancillary data using eBPF"

dorkamotorka/goby

"Goby CLI eBPF Project Generator" with launch blog

unikzforce/wormhole

"vxlan/unknown unicast flooding technique + eBPF"

🐝

The Ecosystem

Case Study: Bytedance Uses eBPF to Enhance Networking Performance

Rolling out netkit across millions of servers for 10% increase in throughput

Bytedance case study coverage from The New Stack, Phoronix, and SDxCentral

Tetragon: Extending eBPF and Cilium to runtime security

Peering into the kernel for platform engineers

Yandex develops and open-sources Perforator, an open-source tool that can save businesses billions of dollars a year on server infrastructure

Press release for perforator, coverage from marktechpost, Phoronix, and techradar

Invary’s Mission to Ensure the Confidentiality and Security of Systems at Runtime Accelerates with Seed Funding

"ensuring that eBPF programs and their data remain unaltered in memory at runtime" not sure how, but interested to learn more

Observability Talk - Ep 10: OpenTelemetry to eBPF- Changing Landscape of Observability

The shift from traditional monitoring to business-centric observability with eBPF

How we adapted eBPF for cloud-native telecom networks

Learn how Rakuten integrated eBPF into their network

Unveiling the Power of the BSD Packet Filter (BPF)

Short summary of the original paper

Oligo Security raises $50M for its eBPF-powered application security platform

Mark my words, security will be the largest market for eBPF

Why eBPF is Secure: A Look at the Future Technology in LLM Security

Overview of eBPF's safety features to avoid the blue screen of death

🐝

The How To

k8s v1.32 + Cilium v.17.0 + illumos = true?

Home lab upgrade to 1.17

eBPF Learning Sandbox V1

Hands on lab to teach core concepts

Mastering Linux Monitoring with Tetragon and Wazuh

Install Tetragon and forward to a SEIM

Using Cilium Hubble Exporter to log blocked egress traffic on Azure Kubernetes Service

Learn to write Hubble flows as logs to a specified output

Scaling Kubernetes with BGP: Integrating Cilium and pfSense for Dynamic Routing

Scale without the subnet limitations of Layer 2

🐝

The Video

eBPF & Clilum | WSO2 Technology Conference 2025

Learn how WS02 is leveraging Cilium in their platform

Hack the system: exploring libpam with uprobes and eBPF

"Uncover the intricacies of credential management through the complexities of kernel and user space interactions"

Why Confluent Trusts Cilium for Multi-Cloud Excellence

"Hubble is my favorite feature for the observability you get. No other CNI has anything similar"

eBPF and continuous profiling with Frederic from Polar Signals

Learn why eBPF is the choice for profiling

Deep Telemetry with eBPF and Rust

Building an open source telemetry system from scratch

🐝

The Events

Cilium and Cisco ACI: Best of Both Worlds

February 25th, online webinar

What's new in eBPF Runtime Security with Tetragon 1.15

March 5th, online webinar 

bpfconf

CfP now open for the invite only event on March 24-26 in Montreal

CiliumCon EU

April 1st in London, this is not a joke! Full Schedule out now

🐝 

The Livestreams

eCHO Episode 168:

BPF Tokens

eCHO Episode 168:

Cilium IPAM