Linux Plumbers Conference is next week in Tokyo and before I can take the flight, I need to judge the submissions for both the eBPF Summit Hackathon and FOSDEM eBPF Dev Room. I'm a judge because its how I keep a pulse on the ecosystem. Not everyone gets to fly around the world meet people and discuss at conferences, but if you look closely at what’s appearing in GitHub repositories and conference schedules, the signal is already there.
View in browser
echo-newsletter 96

eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

2nd December 2025

 

Linux Plumbers Conference is next week in Tokyo and before I can take the flight, I need to judge the submissions for both the eBPF Summit Hackathon and FOSDEM eBPF Dev Room. I'm a judge because its how I keep a pulse on the ecosystem. Not everyone gets to fly around the world meet people and discuss at conferences, but if you look closely at what’s appearing in GitHub repositories and conference schedules, the signal is already there.

 

I can also see the shift just by looking back at the last 96 issues of this newsletter. It used to be blogs about "Hello World" in eBPF or basic packet counting. Today, I’m seeing deep scheduling optimizers, Alibaba pushing complex L7 security enforcement logic down into XDP, and managing eBPF observability at scale.

 

eBPF is going from a cool technology to actually solving messy, hard distributed systems problems across verticals that barely touched the kernel before. Watch these blogs, projects, and talks, they will become the blueprint for the next decade of infrastructure. I have many things to review before the jet lag hits so let’s 🐝 -gin.

The Technical

Scaling real-time file monitoring with eBPF: How we filtered billions of kernel events per minute

Filtering 10 billion file-related events per minute by 94% with smart in kernel logic

 

Who Will Observe the Observability? eBPF Performance at Scale

“Perf Arrays vs. Ring Buffers” defines the scalability of your observability stack

 

Lego Financial Hub - Migration From NGINX Ingress To Cilium Ingress

"A forced retirement turned into a smooth, confident upgrade"

 

Building a High-Performance Stateful Firewall with XDP and BGP (Part 1)

Letting you both enforces security policies at line rate and intelligently route traffic

 

Kubernetes Networking with Cilium

CNI, eBPF load balancing, Service Mesh, Gateway API, and Cluster Mesh together

 

Slither: eBPF Programming and What I Learned

"Overall, I found the eBPF development experience to be a lot of fun" first time I've heard that in the wild!

 

eBPF: concepts and C programs with libbpf and bpftool

Write your first program

 

5 shades of Network Policy

"Cilium provides two primary resources for network policy management..."

 

Upbit was hacked $37M Solana. How could we have hacked and protected it?

"eBPF code to implement runtime security"

 

How to Apply Custom Envoy Configurations in a Cilium Setup

Enabling rate limiting, access logging, and advanced routing, all through YAML

 

Designing a small eBPF based security tool

Note: This blog just documents the design of the tool. I’m still working on the tool

 

ShahbozbekH/Slither

Defending against SLOW GET, POST, & READ attacks implemented in eBPF

 

gma1k/snake-ebpf

A nostalgic terminal Snake game powered by eBPF

 

mavimo/apple-container-kernel

Customer kernel to use in Apple Container with eBPF support

 

cakturk/dnsbpf

DNS filtering with eBPF

 

linnix-os/linnix

eBPF-powered Linux observability with AI incident detection

 

gma1k/podtrace

eBPF-based troubleshooting tool for Kubernetes applications

 

alrolo3/xdp-broker

XDP Packet Broker for Flow-Based Distribution of VXLAN Traffic Network Analysis

 

SaturneV/eBPF-IoTShield

eBPF-based DDoS mitigator specifically designed for IoT devices

 

takehaya/xdperf

High-performance network traffic generation tool that leverages XDP

🐝

 

The Ecosystem

Case Study: Alibaba Cloud Leverages eBPF for Adaptive Layer 7 Load Balancing

Scaling to 10 million requests per second reducing unit infrastructure costs 19% with coverage from Datacenter News

 

What is eBPF & What Does it Mean for Observability?

"eBPF is kind of like matcha"

 

Taming multi-cloud kubernetes networking with topology-aware routing

"Cilium immediately looked more promising"

🐝

 

The How To

Hands-On with XDP: eBPF for High-Performance Networking

The next lab from Teodor

 

Cilium: A Simple Way To See and Control Pod-to-Pod Traffic

Walking through installation and useful commands with Hubble

 

BGP with Cilium and UniFi

or how to switch away from ARP-based L2 announcements

🐝

 

The Video

Open Source Friday with Cilium

See me give an intro to Cilium and eBPF on Github's livestream

 

Cilium BGP + Gateway API: Production-Ready Kubernetes Ingress Deep Dive

all the way up to your physical network (Cisco Nexus) and core (pfSense) devices

 

Interview with Henrik Rexed, CNCF Ambassador, Cloud Native Advocate at Dynatrace

Is eBPF always the answer? Finally answered

🐝

 

The Events

Linux Plumbers Conference

Who will I see next week in Tokyo?

 

Kubernetes unlocked: How Isovalent empowers secure cloud-native networking

with introductions to Cilium and Tetragon on December 10

 

Securing AI/ML Workloads with Isovalent

using Cilium and Tetragon on December 11

 

eBPF Dev Room at FOSDEM

CfP just closed

 

CiliumCon EU

Can't wait for some stroopwafels

🐝 

The Livestreams

eCHO Episode 198: Post KubeCon + CloudNativeCon Wrap-Up

eCHO Episode 198: Post KubeCon + CloudNativeCon Wrap-Up

  

Upcoming on Dec 19: eCHO: eBPF Summit Hackathon Edition

eCHO: eBPF Summit Hackathon Edition

The Post of the Week

So great to see our work take center stage at Mark Russinovich's "Cloud native innovations" session at Ignite. Get upto 50% higher throughput and 25% reduced latency using Azure CNI powered by Cilium with ACNS eBPF host routing. What's more.. you also get pod level observability and granular security in the same product. hashtag#acns hashtag#cilium hashtag#azurecontainernetworking hashtag#aks hashtag#cloudnative

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

 

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan. Any feedback is welcome!

KC+CNC_NA_Headshot_241114_William_Mulligan_8154 (1)

I work for Isovalent at Cisco which is leading the eBPF-Powered Revolution in Cloud Native Networking, Observability, and Security with Cilium and Tetragon

logo-wordmark-isovalent-vertical-dark@2x
LinkedIn
Bluesky_Logo.svg

Cisco/Isovalent, LLC, 755 Sycamore Drive, Milipitas, CA 95035, United States

Unsubscribe Manage preferences