100 episodes of eCHO News. When I sent the first one four years ago, I was barely a month into my job at Isovalent and had absolutely no idea the ride I was signing up for. Cilium had only just joined CNCF the year before and was still 18 months away from graduating, the eBPF logo still had a pea pod in it, and I hadn't biked to a KubeCon yet.
View in browser
echo-newsletter 100

eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

27th January 2026

 

100 episodes of eCHO News. When I sent the first one four years ago, I was barely a month into my job at Isovalent and had absolutely no idea the ride I was signing up for. Cilium had only just joined CNCF the year before and was still 18 months away from graduating, the eBPF logo still had a pea pod in it, and I hadn't biked to a KubeCon yet.

 

Its hard to understate how much the open source and cloud native worlds have shifted since then. Cloud native was never about being a king maker, but it definitely has become a standard maker with open source implementations going on to define industry standards.

 

eBPF has become the standard way to extend the kernel (even becoming an IETF standard) and Cilium is the defacto standard for cloud native networking. I've loved being able to play a little part in both transitions watching these projects grow from experimental to foundational, while powering yesterday’s VM workloads, today’s Kubernetes platforms, and tomorrow’s AI infrastructure. All while still finding time for instant regret adventures with my Isovalent teammates. Here is to another 100 episodes of standard setting with Cilium and eBPF! I have to finish my slides for FOSDEM so let’s 🐝 -gin.

The Technical

Day 2 with Cilium: Small configurations that keep large clusters boring

Tips across routing, IPAM, labels, upgrade validation, and datapath observability

 

eBPF Policy Enforcement: Marrying Rust, kfuncs and regexes

Bringing the Rust regex library directly into eBPF for fun and for profit

 

Building an eBPF/XDP L2 Direct Server Return Load Balancer from Scratch

Skip going back out through the load balancer

 

BPF Verifier State Pruning: Timeline

Or how a simple optimization and grew into a more complex and efficient component of the verifier

 

BPF Verifier State Pruning: Prune Points

or how to find an equivalent state

 

Reproducing a Tricky Bug in Minutes With a Custom Scheduler Written in Java

Using eBPF to fuzz Java applications

 

Stop Drifting: How to Lock Down Your Cilium CNI with Argo CD

Transition your cluster from "configured" to being "managed"

 

Cilium BPF masquerade can break Workload Identity on GKE

Masquerade normal traffic but exclude metadata/link-local if needed

 

Tachi - eBPF Memory Tracer

Heap tracing tool to trace allocation events and find memory leaks and double frees

 

gen0sec/jailer

eBPF-based process jailing system that provides mandatory access control (MAC)

 

ccfos/huatuo

A cloud-native operating system observability project based on eBPF

 

viveksb007/bpftui

TUI for exploring bpf prog and maps loaded in the system

 

0xKirisame/SPiCa

System Process Integrity & Cross-view Analysis is arootkit detection engine

 

nevinshine/hyperion-xdp

High-performance stateful network defense using eBPF/XDP

 

prabhakaran-jm/cilium-policypilot

Turn real traffic into safe CiliumNetworkPolicies in minutes. Learn from Hubble flows, propose minimal policies, verify safely in kind, and explain with diagrams

 

phonginreallife/egressor

Detect, explain, and reduce unexpected data transfer costs in Kubernetes

 

rushigerrard8/selinux-policy-auditor

Identify and eliminate excessive SELinux permissions using eBPF

 

nakame/raft-ebpf

RAFT consensus implementation in eBPF with Rust

 

secexit/secexit

'egress firewall' that blocks unauthorized outbound traffic using eBPF

🐝

 

The Ecosystem

Cilium at KubeCon + CloudNativeCon and CiliumCon Europe 2026

Any guesses which session I'm most excited for?

 

Networking and eBPF Predictions for 2026 and Beyond

VM on K8s, Kubernetworker, Nano Segmentation! Buzzwords being coined here

 

What Is Kubernetes Networking?

It's all a flat network, how hard can it be?

🐝

 

The How To

Migrating from Falco to Tetragon: A Guide for Migrating Your Runtime Security Stack

What even is a sycall good for anyways?

 

Scaling DNS on AKS with Cilium: NodeLocal DNSCache, LRP, and FQDN Policies

while avoiding conflicts and maintaining security filtering

 

eBPF.party

Learn eBPF through hands-on exercises. Write, compile, and run programs directly from your browser

 

Kubernetes. Use Cilium to isolate tenants’ Namespaces

Network Policies are key

 

Talos: Migrate from Flannel → Cilium (VXLAN) + Hubble (UI/Relay)

Git repo with example config

 

Migration from Calico to Cilium guide.

Guide in Notion

 

Cluster API: Proxmox K8s Managed Clusters with Cilium

How to provision, manage, and automate the lifecycle of Kubernetes clusters

 

Cilium eBPF Map Pressure in Grafana (Panels + Alerts) — Setup Notes

to avoid cascading network failures

🐝

 

The Video

A lot of videos next week after FOSDEM

🐝

 

The Events

Trust, but Verify: Making Network Segmentation Visible

Virtual workshop, January 29

 

From Annotation Chaos to eBPF Excellence: Moving to Cilium Gateway API

Women in Cloud Native Online Meetup, January 29th

 

Kickoff with eBPF: Building the Foundation for Modern Networking

3-part webinar series 

 

eBPF Dev Room at FOSDEM

See you in Brussels this weekend!

 

CiliumCon EU

Schedule out now!

🐝 

The Livestreams

eCHO Episode 201: 2026 networking, security, and eBPF predictions

 

eCHO Episode 201: 2026 networking, security, and eBPF predictions

  

Upcoming on Feb 6: eCHO Episode 202: Exploring New Features in Cilium 1.19

eCHO Episode 202: Exploring New Features in Cilium 1.19

The Post of the Week

Just deployed Cilium on my Talos Kubernetes cluster, and it's a game-changer for bringing enterprise-grade networking to my homelab. If you're still using Flannel or Calico, you're missing out on the power of eBPF. In my latest post, I break down why Cilium is the clear winner for any serious homelab, covering: - A CNI showdown: Flannel vs. Calico vs. Cilium - The performance and security benefits of eBPF - How to install Cilium on a Talos cluster for a production-like setup This is a key step in building a fully automated, GitOps-managed platform. The full article has all the details, code, and configuration. Read it here: https://lnkd.in/dbSS-nq7

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

 

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan. Any feedback is welcome!

LF_KCCNC_headshot_251113_Bill_Mulligan_9686

I work for Isovalent at Cisco which is leading the eBPF-Powered Revolution in Cloud Native Networking, Observability, and Security with Cilium and Tetragon

logo-wordmark-isovalent-vertical-dark@2x
LinkedIn
Bluesky_Logo.svg

Cisco/Isovalent, LLC, 755 Sycamore Drive, Milipitas, CA 95035, United States

Unsubscribe Manage preferences