eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

17th June 2025

I've recently joined the eBPF Foundation Governing Board. Seeing the growth of the technology and the Foundation over the past three and a half years has been its own rocket ship on top of the Isovalent one. It's hard to imagine how an idea between a small group of friends has become a new systems primitive, a way to dynamically program the infrastructure we used to hardcode.

There almost isn't a part of the Linux kernel that people haven't tried to slap some eBPF on, even just to see what it would do. In the next decade, I can see eBPF helping us change anything from storage to hardware devices for the better. If you are already benefiting from eBPF today through Cilium, there is still two weeks to submit your CfP for CiliumCon (reply to this email if you want some help). I need to put some finishing touches on the new eBPF Foundation website so let’s 🐝 -gin.

The Technical

Building NetEdit: Managing eBPF programs at scale at Meta

Orchestration for eBPF programs, is this our Kubernetes moment?

Troubleshoot Container OOM Kills with eBPF

Get info before it is lost to the void as the offending process is gone

eBPF Program Insights

Explore different ways to inspect a compiled .o file for an eBPF program

eBPF JIT Compiler Internals: Understanding Constant Blinding Implementation

A "secret" eBPF security mechanism

ravikumar1907/llm-ebpf-tracer

Trace and analyze Large Language Model (LLM) inference workloads using eBPF

zimage/eBPF-drop-rfc-3514

"eBPF will drop any IPv4 packets that have the RFC 3514 'evil bit' set"

adgaultier/caracal

Make your eBPF programs stealthier

sentrilite/sentrilite

eBPF agent redefining EDR/XDR through observability, AI-LLM insights and real-time response

🐝

The Ecosystem

The Isovalent Load Balancer

Based on Cilium L4 LB and Gateway API, coverage The Register and TechTarget

Not All eBPF Sensors Are Created Equal: Why Depth Matters in Runtime Security

"The real power of eBPF lies not in whether it’s used, but in how it’s used"

Edera Supports eBPF!

"giving you the strongest isolation in the industry alongside deep visibility you need"

What We Wish We Knew About Container Security

Fixing the leaky abstraction with hypervisors and eBPF

Rewiring the 5G Data Plane: XDP/eBPF in the Fast Lane of UPF

"eBPF emerges not just as a performance enhancer but as a cornerstone"

Introduction to eBPF

Why, how, and use cases

Microservices with Cilium Service Mesh on Amazon EKS

"Cilium delivers superior performance, reduced complexity, and deeper visibility"

Zero to eBPF eBook

or cloud native kernel programming made simple

eBPF, the Silent Kernel Revolution: Empowering Modern Cloud Native Ecosystem

Intro and break down of the core components

🐝

The How To

eBPF Security Programming: Beyond Hello World

Choosing hook points, filtering events, and more

Create BGP peering between AKS and Azure Virtual WAN with Cilium

"and the on-prem ZYXEL VPN appliance in my home lab"

EKS: Cilium as the only CNI driver with simplified hybrid nodes and admission webhooks routing

"First, Cilium is way more than just a CNI with its observability and security features"

🐝

The Video

Cilium Ingress Gateway API - Sidecar-free Traffic Routing architecture

One proxy for the node

🐝

The Events

What's New in Isovalent Networking for Kubernetes 1.17

Cilium release webinar, June 26th

Secure Your Financial Platform: Addressing Top Runtime Risks in Kubernetes

Online webinar, July 8th 

CiliumCon

November 10th in Atlanta. Let me know if you want help with your CfP

SIGCOMM 2025 eBPF Workshop

September 8-11th in Coimbra

🐝 

The Livestreams

eCHO Episode 183:

Terraform with Cilium

eCHO Episode 184: Securing Kubernetes Nodes with Cilium Host Firewall