eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

29th July 2025

Virtual machines are entering the cloud native world and it time to shed their baggage. With eBPF and AF_XDP, Cilium is removing the layers of emulated devices, bridges, and namespaces that have long weighed down VM networking.

By combining AF_XDP with netkit, Cilium collapses the network path for VMs. Instead of traversing veth pairs and tap devices, traffic flows directly from the NIC to the guest kernel via QEMU’s AF_XDP backend. The result is lower latency, reduced CPU overhead, and a cleaner architecture.

More importantly, it unifies the datapath for containers and VMs enabling a shared policy engine, consistent observability, and a common performance model. You can see some of the early work in this lwn.net article and there will be more coming out around KubeCon. I've got to finalize the schedule for CiliumCon so let’s 🐝 -gin.

The Technical

Is Cilium a Good Option for Kubernetes on Bare Metal?

"Cilium has emerged as a critical CNI plugin for bare metal"

Lets understand Kprobes & Kretprobes

Learn how to attach eBPF programs at entry or return points

Introducing TCP-in-UDP solution

Make sure packets are not being modified by the network with eBPF

How Cycode Optimized CI/MON eBPF Agent to Handle Thousands of Events/sec

Filter data, choose maps and programs wisely, monitor programs, and more

Unlocking Kernel Power: How eBPF Transforms Linux’s Capabilities

"eBPF exemplifies how programmability can empower scalable, secure systems"

BeePL: Correct-by-compilation kernel extensions

A domain-specific language for eBPF with a formally verified type system

Secure Deployment of eBPF Programs Made Manifest

Adding a manifest and proof of logging in a transparency log for eBPF programs

Shared Socket: Enhancing Kubernetes Pod Communication with eBPF

60% increase in throughput and 38% reduction in latency

Ant Group's Cloup Workload Protection Platform (Ant CWPP) Built with Kata Containers and eBPF

"eBPF has changed the implementation of security solutions" becoming a standard?

Using eBPF to debug eBPF

Diving into compilation errors

CNI Migration Post-mortem: Flannel to Cilium on Talos

"Six hours into what should have been a 30-minute CNI migration" this will be good

Debugging eBPF verifier: Best Practices for High-Performance Kernel Programming

Overcome complexity limits with tail calls, maps, helpers, and more

eBPF Observability: The Universal Encapsulation Principle

See how different applications track data with eBPF

eBPF: Handling events in Userspace

See how different projects do it

isovalent/cilium-up-and-running

Manifests, scripts, and configurations from the O'Reilly book Cilium Up and Running

kakao/kubectl-cilium

A kubectl plugin to monitor Cilium BPF map pressure and detect eviction risks

d-e-s-o/bpflint

Linting functionality for BPF C programs

madhavan-21/kernalKoala

L4 network monitor that uses tc to trace ingress and egress traffic in real time

alex-ilgayev/MCPSpy

MCP Monitoring with eBPF

Internet-Architecture-and-Security/PacketScope

A general-purpose protocol stack analysis and debugging tool based on eBPF

eunomia-bpf/MCPtrace

An MCP server using eBPF to trace your kernel with bpftrace

multikernel/kernelscript

A modern, type-safe, domain-specific programming language for eBPF development

markopetrovi/eBPFLuanti

🐝

The Ecosystem

Case Study: SuperNetflow – Reinventing Network Observability with eBPF

“eBPF gave us the ability to process network traffic with the same principles as P4 programmable switches – but entirely in software, with better flexibility, cost efficiency, and scalability.”

Help Us Map The State of Kubernetes Networking

Help out Nico by filling out the a census for Kubernetes networking

Unleashing the Power of eBPF Capabilities for Linux Endpoint Security

"....makes eBPF a key component of modern endpoint protection"

Goodbye to iptables: A Quick Dive into GKE's Dataplane V2

Yes, GKE Dataplane V2 is just Cilium in a trench coat 

🔍 Unlocking Cloud-Native Power with Cilium and eBPF

Map Cilium features to personas

From kube-proxy to eBPF (Cilium)

"it’s pretty clear: Cilium powered by eBPF outperforms kube-proxy"

Kernel-Level Defense: How Radware Uses eBPF to Stop Volumetric Web DDoS Attacks

Taking L7 context and embedding it in the kernel

How Upwind Uses eBPF to Bring Real-Time Security to Cloud-Native Environments

"eBPF isn’t just a feature – it’s foundational"

🐝

The How To

Kubernetes - Installing Cilium CNI

in a k3s cluster

Certified Kubernetes Security Specialist Study Guide for Cilium

Implement pod-to-pod encryption with Cilium for the CKS

Restrict access to the IMDS endpoint on Azure Kubernetes Service with Cilium

Find problems with Hubble, fix them with Cilium network policies

Your First eBPF Program

Trace sys_enter_execve to see process execution on the system

Uncovering Pod to Pod Traffic in Kubernetes Using Cilium and Hubble

See the service map go live in minikube

🐝

The Video

High Security Cluster Operations with Cilium and Kyverno

From Cloud Native Zurich

Cisco Live Protect - Tetragon Powered CVE Mitigation for Nexus Switches

See Tetragon on a 9000 series switch with Splunk

Emerging Kubernetes tools and learning strategies

"I really like Cilium and Isovalent. A tool I'm keeping an eye on is Tetragon"

🐝

The Events

CiliumCon

November 10th in Atlanta

SIGCOMM 2025 eBPF Workshop

September 8-11th in Coimbra

Cilium in Action: Kubernetes Security & Insight

New virtual training from LF Training on September 15th

🐝 

The Livestreams

eCHO Episode 188: OOM and eBPF

eCHO Episode 189: Cilium Cluster Mesh with Cluster API and KubeVirt