eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

20th May 2025

I've been playing around with the idea that we are moving from a world of centralized intelligence to decentralized intelligence and eBPF is help leading that charge. For example in observability, instead of collecting everything and filtering later, we filter first in the kernel, at the source. Irrelevant events are discarded before they even leave the system and only the meaningful data makes it through.

With the amount of noise and data we have today, it's the difference between observability working quietly in the background and observability taking your system down with it. I'll be giving a talk on the same topic in a month at KCD Utrecht and would be happy to discuss the idea in person there whether you agree or disagree. In the meantime, I have KubeCon CfPs to review, ping me if you need help on your talk about Cilium or eBPF, so let’s 🐝 -gin.

The Technical

QUIC restarts, slow problems: udpgrm to the rescue

Upgrading UDP servers without dropping a single packet with eBPF

eBPF Mystery: When is IPv4 not IPv4? When it's pretending to be IPv6!

Using an IPv4-Compatible IPv6 Address to sending IPv4 over an IPv6 socket

Isovalent & Cisco ACI: Better Together

Bringing cloud native and traditional networking together

Cilium Deep-Dive: Diagnosing and Fixing Pod-Service CIDR Overlap

Delete and reprovision nodes to solve

Building a Complete Node-Level Security Monitoring Pipeline

"combining eBPF-based kernel tracing with periodic system audits in a DaemonSet"

adgaultier/tamanoir

"An eBPF Keylogger with C2-based RCE payload delivery"

kakao/kubectl-cilium

"A kubectl plugin to monitor Cilium SNAT usage and detect eviction risks"

🐝

The Ecosystem

Tetragon Feature Pages

Top 7 features of Tetragon, any guess which one is my favorite?

Introducing OpenTelemetry eBPF Instrumentation: Why we donated Grafana Beyla to OpenTelemetry

for "zero-effort instrumentation within the OTel community"

LotR Episode 3 - Digging into eBPF for Security

"building eBPF sensors and walking the line between complexity and coverage"

Advanced Network Segmentation with Cilium: A Practical Guide

Namespaces as segmentation boundaries and more

Coralogix Launches Advanced Continuous Profiling to Accelerate Issue Resolution Without Slowing Production

"Leverages eBPF and OpenTelemetry for Kernel-Level Visibility into Code Issues and Bottlenecks with Extremely Low Overhead"

Engineering Everything with eBPF

New open source book on eBPF

🐝

The How To

Application-Aware Security Policies with Cilium Layer 7 Network Policies

How to HTTP, gRPC, DNS, and Kafka

Agentic Bee: How to get AI Agents to talk to Tetragon?

See how Canopus leverages Tetragon's data using AI

🐝

The Video

Tetragon detects io_uring file access

You just need to ask it to watch /tmp

CKS Series 2.2 – Cilium Network Policy

Solve a CKS-style exam question involving L3 egress

🐝

The Events

Enhancing AKS Networking and Security with the Isovalent Platform

Virtual workshop, May 22nd

Leveling Up EKS Clusters with the Isovalent Platform
Virtual Workshop, May 28th

The eBPF Library for Go

Meetup in Torino on May 29th

Simplify and Secure Red Hat OpenShift with the Isovalent Platform

Online webinar, June 4th

SIGCOMM 2025 eBPF Workshop

September 8-11th in Coimbra

🐝 

The Livestreams

eCHO Episode 177: Transparent proxies, what are they? and lets implement one with eBPF! 🐝

eCHO Episode 180:

Enforcing Kafka-aware Security Policies with Cilium