eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

15th July 2025

Microkernels once promised modularity, minimalism, and isolation. But they often fell short on performance and developer experience. eBPF flips that model.

Instead of pulling functionality into userspace, it makes the monolithic kernel dynamic. It allows behavior to be defined at runtime through loadable, auditable programs, letting infrastructure teams shape systems from inside the kernel, without patching or forking. eBPF is not just a new programming model, it’s a new way to think about what an operating system is and who gets to shape it.

In the Software Engineering Daily podcast, ByteDance engineers share how they’re applying this philosophy at massive scale. As part of the “second wave” of hyperscalers, they were able to learn from the architectures of Google and Meta and then build their own stack around eBPF from day one. That decision let them move past iptables to per-core connection tracking, build reliable load balancers with strong internal SLOs, and customize datapath behavior while keeping a clean upstream kernel.

eBPF might not be a microkernel, but it's bringing us closer to the modular, trustworthy systems architecture that microkernels aspired to. Built not by replacing Linux but instead by making it programmable from the inside out. I've got to go reprogram my legs for a few upcoming bikepacking races so let’s 🐝 -gin.

The Technical

How to Find Supported eBPF Helper Functions for Any Kernel & Program Type

Using bpftool, the eBPF Docs, or diving into the source code

Introduction to Linux Netkit interfaces — with a grain of eBPF

Writing netkit’s “Hello World”

Replacing procfs with bpf

"On a linux system with around 10,000 Procs, bpf is ~100x faster"

Inside CUDA: Building eBPF uprobes for GPU Monitoring

See into the CUDA Runtime API calls that make your GPU tick

eBPF: libbpf functions reference

Finally learn what libbpf_strerror is

eBPF: Connecting with Container Runtimes

See how eBPF projects connection with Container Runtimes using the CRI

Understanding eBPF Core Building Blocks

From hook points to helper functions

clickpost-ai/thread_profiling

Profiling tool for monitoring Python and Java applications using BCC

sudachen/xdp-rs

Rust implementation of the AF_XDP socket and XDP helpers

0Bharat9/file_integerity_monitoring

Real-time File System Monitoring with eBPF

matttbe/tcp-in-udp

Lightweight TCP in UDP tunnel with eBPF

Synarcs/DNSObelisk

Supporting killing C2 implants using TC, Netfilter, Sock, BPF_MAPs

NationalSecurityAgency/seabee

SeaBee enforces policy-based access control on eBPF objects

adgaultier/caracal

Make your programs stealthier with eBPF

🐝

The Ecosystem

eBPF Has a Bright Future in Infrastructure Development

"For the next decade, eBPF will be a strategic platform choice for infrastructure"

Case Study: Datadog Uses eBPF to Improve Network Observability Accuracy and Performance

CPU usage dropped by roughly 35% with use of the eBPF-based connection tracker

How we Scaled Servers while Curtailing our Cloud Costs Using eBPF

20% reduction in infrastructure costs due to better resource utilization is only #3

A Practical Guide to eBPF: The Future of High-Performance Networking and Observability in .NET

"eBPF is emerging as the standard for these [cloud native] needs"

eBPF Networking with Cilium: Secure & Observable Kubernetes Networking

Love the flow chart, "is Cilium right for you?"

Observability Engineering with Cilium

New book out - "Magic in the Cloud Native Journey with Hubble and Tetragon"

ByteDance’s Container Networking Stack with Chen Tang

Software Engineering Daily Podcast covering eBPF and netkit

Intro into eBPF and Rust

and a comparison of libraries

🐝

The How To

Automated Kubernetes Threat Detection with Tetragon and Azure Sentinel

Get an email when an incident occurs

How to use eBPF to capture traffic over Cilium VTEP integration

Allow third party VTEP devices to send and receive traffic from Cilium using VXLAN

Installing Cilium on EKS in Overlay(BYOCNI) and CNI Chaining Mode

Decide between encapsulation and native routing

Multi-tenant micro-segmentation in Kubernetes using Cilium

Controlled with a centralized network governance platform

Tracing network packets with eBPF and pwru

Using Multipass virtual machines

🐝

The Video

Early summer vacation?

🐝

The Events

CiliumCon

November 10th in Atlanta. Let me know if you want help with your CfP

SIGCOMM 2025 eBPF Workshop

September 8-11th in Coimbra

🐝 

The Livestreams

eCHO Episode 186:

Cilium with GENEVE

eCHO Episode 187: Exploring Cluster API Provider microVM (CAPMVM) with Cilium