eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

3rd June 2025

The goal for eBPF was never “better Linux networking.” It was creating a new control abstraction or in the words of Kelsey Hightower, a platform for building platforms. We now have policy that spans VMs, containers, and bare metal, runtime enforcement on Windows and Linux, making middleboxes obsolete by embedding their logic directly into the system, or even just protecting a Minecraft server.

By rebuilding the foundation, we can reshape how we think about what we build on top, like the way Cilium implements Gateway API or how we fight DDoS attacks. I've got the rebuild my bike for an upcoming bike packing trip to the south of France so let’s 🐝 -gin.

The Technical

Global No-Inline BPF Functions

Or how I learned to stop worrying and please the verifier

Tracing Syscalls with eBPF in Docker: A Practical Example

with a sidebar on eBPF MacOS pitfalls 

More on Gateway API

Looking at Cilium implementation of the gateway class and the gateway objects

Understanding Socket Load Balancing in Cilium: A Deep Dive in to how eBPF is used

Go under the hood of features like KPR

HMoradiRad/Comparing-Cilium-and-Calico

"Cilium demonstrates better overall performance, particularly in high-throughput scenarios"

maxgio92/xcover

"Profile coverage of functional tests without instrumenting your binaries with eBPF"

chains-project/goleash

"eBPF-based runtime policy enforcement tool designed to defend Go applications against software supply chain attacks"

krumelmonster/bindzwirn

"eBPF-based replacement for authbind"

gamemann/XDP-Proxy

A stateless, high-performance NAT-like proxy using BPF for fast packet processing

Iliabuleh/azflow

CLI tool to detect and analyze cross–availability-zone pod-to-pod traffic with Hubble

Outfluencer/Minecraft-XDP-eBPF

Protect your server from layer 7 DDoS attacks with XDP

jnesss/bpfview

Process and network activity correlation with eBPF

🐝

The Ecosystem

What’s New in Networking for Kubernetes in the Isovalent Platform 1.17

Standalone Egress Gateway and Calico network policy migration tools are my top 2

FLOSS 833 - Up and Over

eBPF, really fast networking, what the future looks like for HPC and Linux Kernel

Cilium’s eBPF-Powered Replacement of Kube-Proxy in Kubernetes Networking

Or why eBPF over iptables

🐝

The How To

Dual-Stack: Cilium Complementary Features

Setting up the most commonly used features of Cilium for a home labs

ClusterAPI for AWS and Cilium

Using ClusterAPI to automate the installation of Cilium

Securing Kubernetes: Integrating AKS with Tetragon for eBPF-Powered Observability

Installation, troubleshooting, and detecting crypto mining

How to create Cilium Cluster Mesh between K3s and Azure Kubernetes Service

Enabling High-Availability services between AKS and K3s on premises clusters

Azure Kubernetes Service (AKS) – eBPF-based networking & security + integration with Microsoft Sentinel

Setup and configuration of Cilium and Tetragon in AKS with Microsoft Sentinel

How to send Cilium metrics to Azure Managed Prometheus

On AKS or a K3s single node cluster running on a Raspberry PI

🐝

The Video

I guess people were too busy launching new projects on Github 

🐝

The Events

Simplify and Secure Red Hat OpenShift with the Isovalent Platform

Online webinar, June 4th

What's New in Isovalent Networking for Kubernetes 1.17

Cilium release webinar, June 26th

Secure Your Financial Platform: Addressing Top Runtime Risks in Kubernetes

Online webinar, July 8th 

CiliumCon

November 10th in Atlanta. Let me know if you want help with your CfP

SIGCOMM 2025 eBPF Workshop

September 8-11th in Coimbra

🐝 

The Livestreams

eCHO Episode 181: eBPF-based packet filtering with bpfilter

eCHO Episode 182:

Retina