The goal for eBPF was never “better Linux networking.” It was creating a new control abstraction or in the words of Kelsey Hightower, a platform for building platforms. We now have policy that spans VMs, containers, and bare metal, runtime enforcement on Windows and Linux, making middleboxes obsolete by embedding their logic directly into the system, or even just protecting a Minecraft server. By rebuilding the foundation, we can reshape how we think about what we build on top, like the way Cilium implements Gateway API or how we fight DDoS attacks. I've got the rebuild my bike for an upcoming bike packing trip to the south of France so let’s 🐝 -gin.
View in browser
echo-newsletter-83

eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

3rd June 2025

 

The goal for eBPF was never “better Linux networking.” It was creating a new control abstraction or in the words of Kelsey Hightower, a platform for building platforms. We now have policy that spans VMs, containers, and bare metal, runtime enforcement on Windows and Linux, making middleboxes obsolete by embedding their logic directly into the system, or even just protecting a Minecraft server.

 

By rebuilding the foundation, we can reshape how we think about what we build on top, like the way Cilium implements Gateway API or how we fight DDoS attacks. I've got the rebuild my bike for an upcoming bike packing trip to the south of France so let’s 🐝 -gin.

The Technical

Global No-Inline BPF Functions

Or how I learned to stop worrying and please the verifier

 

Tracing Syscalls with eBPF in Docker: A Practical Example

with a sidebar on eBPF MacOS pitfalls 

 

More on Gateway API

Looking at Cilium implementation of the gateway class and the gateway objects

 

Understanding Socket Load Balancing in Cilium: A Deep Dive in to how eBPF is used

Go under the hood of features like KPR

 

HMoradiRad/Comparing-Cilium-and-Calico

"Cilium demonstrates better overall performance, particularly in high-throughput scenarios"

 

maxgio92/xcover

"Profile coverage of functional tests without instrumenting your binaries with eBPF"

 

chains-project/goleash

"eBPF-based runtime policy enforcement tool designed to defend Go applications against software supply chain attacks"

 

krumelmonster/bindzwirn

"eBPF-based replacement for authbind"

 

gamemann/XDP-Proxy

A stateless, high-performance NAT-like proxy using BPF for fast packet processing

 

Iliabuleh/azflow

CLI tool to detect and analyze cross–availability-zone pod-to-pod traffic with Hubble

 

Outfluencer/Minecraft-XDP-eBPF

Protect your server from layer 7 DDoS attacks with XDP

 

jnesss/bpfview

Process and network activity correlation with eBPF

🐝

 

The Ecosystem

What’s New in Networking for Kubernetes in the Isovalent Platform 1.17

Standalone Egress Gateway and Calico network policy migration tools are my top 2

 

FLOSS 833 - Up and Over

eBPF, really fast networking, what the future looks like for HPC and Linux Kernel

 

Cilium’s eBPF-Powered Replacement of Kube-Proxy in Kubernetes Networking

Or why eBPF over iptables

🐝

 

The How To

Dual-Stack: Cilium Complementary Features

Setting up the most commonly used features of Cilium for a home labs

 

ClusterAPI for AWS and Cilium

Using ClusterAPI to automate the installation of Cilium

 

Securing Kubernetes: Integrating AKS with Tetragon for eBPF-Powered Observability

Installation, troubleshooting, and detecting crypto mining

 

How to create Cilium Cluster Mesh between K3s and Azure Kubernetes Service

Enabling High-Availability services between AKS and K3s on premises clusters

 

Azure Kubernetes Service (AKS) – eBPF-based networking & security + integration with Microsoft Sentinel

Setup and configuration of Cilium and Tetragon in AKS with Microsoft Sentinel

 

How to send Cilium metrics to Azure Managed Prometheus

On AKS or a K3s single node cluster running on a Raspberry PI

🐝

 

The Video

I guess people were too busy launching new projects on Github 

🐝

 

The Events

Simplify and Secure Red Hat OpenShift with the Isovalent Platform

Online webinar, June 4th

 

What's New in Isovalent Networking for Kubernetes 1.17

Cilium release webinar, June 26th

Secure Your Financial Platform: Addressing Top Runtime Risks in Kubernetes

Online webinar, July 8th 

 

CiliumCon

November 10th in Atlanta. Let me know if you want help with your CfP

 

SIGCOMM 2025 eBPF Workshop

September 8-11th in Coimbra

🐝 

The Livestreams

eCHO Episode 181: eBPF-based packet filtering with bpfilter

eCHO Episode 181: eBPF-based packet filtering with bpfilter

  

eCHO Episode 182:

Retina

eCHO Episode 182:  Retina

Upcoming Stream

eCHO Episode 183: TBD

The Post of the Week

#DNS  With #XDP, .cz was able to decrease the number of servers (and/or to handle more traffic, specially for hosting .ua, which has to withstand dDoS).  Electric consumption went down by 60%.

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

 

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan. Any feedback is welcome!

KC+CNC_NA_Headshot_241114_William_Mulligan_8154 (1)

I work for Isovalent at Cisco which is leading the eBPF-Powered Revolution in Cloud Native Networking, Observability, and Security with Cilium and Tetragon

logo-wordmark-isovalent-vertical-dark@2x
LinkedIn
X

Cisco/Isovalent, LLC, 755 Sycamore Drive, Milipitas, CA 95035, United States

Unsubscribe Manage preferences