eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

22nd April 2025

One of my most popular posts this week was about Canonical deciding to integrate Cilium as the default CNI for their LTS Kubernetes distribution. Its kind of crazy looking back. When I joined Isovalent three years ago, there was no CNI standardization across the industry.

Now, on the other hand, it’s getting hard to find a major Kubernetes distro that doesn’t ship with Cilium. Whether you’re running on cloud, on-prem, or at the edge, chances are your network traffic is flowing through eBPF. Cilium went from the cool eBPF project to the default choice across the ecosystem. I think it is because it feels like a platform. Observability? Built in. Security? First, not bolted on. Scale? Of course. I'm currently biking across the Pyrenees and have my own mountains to scale so let’s 🐝 -gin.

The Technical

How Netflix Accurately Attributes eBPF Flow Logs

By accurately attributing flow IP addresses to workload identities

BPF From Scratch In Rust

"No getting roundhouse kicked in the face by the verifier" 🤣

Research Update: Isolated Execution Environment for eBPF

eBPF Foundation funded research advancing the state of the art

BPF or How I Learned to Stop Worrying and Love the Kernel

History with kernel program and user space loader

75 Billion IoT Devices and Counting—But Who’s Watching Them?

eBPF on Raspberry Pi, side effects and results

qpoint-io/qtap

"eBPF agent that captures pre-encrypted network traffic, providing rich context about egress connections and their originating processes"

Aviral2642/kernelghost

"a next-generation offensive security framework that combines stealthy eBPF-based rootkit capabilities with advanced hypervisor escape techniques"

ShinoLeah/eHook

"A Simple uprobe Hook Framework"

pouriyajamshidi/flat

"Measure UDP and TCP connection latency for IPv4 and IPv6 using eBPF and Go"

🐝

The Ecosystem

Tetragon User Story: Why This Social Networking Company Made Tetragon a Default for their Kubernetes Clusters

"Tetragon has become the baseline of our security observability strategy"

KubeCon Europe 2025 Wrap-Up

I always love to hear Nico's personal perspective on the event

Observability startup Groundcover bags $35M in new funding to take on Datadog

Congrats to the team, love how they are bringing eBPF to observability

eBPF/XDP vs. P4 vs. DPDK: The Ultimate SmackDown!

"XDP can drop 26 million packets per second per core with commodity hardware"

🐝

The How To

Cilium: Up and Running

New O'Reilly book coming out, signup to hear when the raw chapters come out

Dual-Stack: Global Service Sharing Rancher RKE2 With Cilium on Proxmox

Enabling Cilium Cluster Mesh between two RKE2 clusters

Certified Kubernetes Security Specialist (CKS) — Part 3 — Cilium Network Policies

How to pass your CKS

Best practices for network policies in Azure Kubernetes Service (AKS)

"Anatomy of the Cilium Network Policy"

🐝

The Video

Cilium: Scaling and Securing Kubernetes Networking with eBPF

Open at Microsoft had me on the talk about Cilium

Cilium Maintainers Track from KubeCon

Hear the latest community updates and how Google and DB Schenker use Cilium

🐝

The Events

Meet the Isovalent Platform: Connect, Secure, and Scale Kubernetes

April 29th, online webinar 

SIGCOMM 2025 eBPF Workshop

September 8-11th in Coimbra

🐝 

The Livestreams

eCHO Episode 176: Kubecon + CloudNativeCon Europe and CiliumCon Preview!

eCHO Episode 177:

KubeCon + CloudNativeCon Europe and CiliumCon Wrap-up!