[eCHO News] Episode #104: mTLS for Cilium. Lisp for eBPF

eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

24th March 2026

13,500 attendees in Amsterdam makes this the largest KubeCon ever. Coming out of Salt Lake City, I wasn’t even sure I wanted to do another one and make it to KubeCon #20, but the theme this week “Keep Cloud Native Moving” is actually holding up. They are actually doing real demos in the keynotes again rather than just hand waving about AI.

I mean there was a lot of AI, but it was in the context of how Kubernetes (and Cilium along with it) is the platform of choice for running these workloads from training to inference to serving. My colleague Nico just published an article about exactly this trend with all the neoclouds for AI standardized on Cilium. 10 years in and Cilium is having another moment because the scale and shape of these workloads are forcing people to care about the network again. I need to get back to the hallway track so let’s 🐝 -gin.

The Technical

Native mTLS for Cilium: Transparent Encryption Meets Cloud Native Identity with ztunnel

If you are using a service mesh just for mTLS, now is your time to switch to Cilium

An experiment – Enable Cilium native routing on Azure Kubernetes Service BYOCNI – Part 1; Part 2; Part 3

Evaluating three options to enable Cilium native routing on Azure BYOCNI

Kernel Ghost: A Stealth Persistence Technique Using eBPF and XDP

configured as a service using systemd

A tale about fixing eBPF spinlock issues in the Linux kernel

"If you’re not that old (ahem): this is a COM or serial port" 🤣

idmcarvalho/service-mesh-benchmark

"Cilium eBPF (L3/L4) adds zero measurable overhead. This is the most important result: a fully policy-enforcing CNI with identity-based security and Hubble observability can be deployed at zero throughput or latency cost"

ingero-io/ingero

eBPF-based GPU causal observability agent

solnix-lang

A verifier-safe programming language for Linux kernel security

aenertia/foxing

eBPF-powered replication engine for Linux filesystems (XFS, Btrfs, F2FS, Ext4)

Kookiejarz/basic_xdp

Fast XDP Script for basic Anti-DDoS Security w/ automatic port whitelisting

mykola-lysenko/ebpf-viz

A web dashboard that visualizes eBPF programs running on Linux by polling bpftool

spoonmilk/trafik

eBPF congestion control research

cbdeane/TokenSiren

eBPF uprobe-based telemetry pipeline exporting from vLLM inference via OTLP

atgreen/whistler

A Common Lisp dialect for writing eBPF programs

Cybereason-Public/owLSM

Sigma Rules Engine inside Linux using eBPF. Focusing on prevention capabilities

🐝

The Ecosystem

Celebrating 10 Years of Cilium: What’s New and What’s Next

and what's happening at KubeCon

eBPF Fellowship Update: Podcasts, Labs, and Community Building

An update from Teodor on what he has been doing with the Fellowship

Cisco LiveProtect: Bringing eBPF-Powered Protection into Network Infrastructure

In distributed computing, everything goes over the network so protect it

🐝

The How To

Deploying K3S Cluster with Cilium WireGuard Encryption in Air-Gapped Environments

For teams operating in classified networks, regulated industries, or edge locations

Series 1: Cilium for Platform Engineers-Gateway API, Cluster Mesh, Network Policies, & Hubble

Roadmap from the Isovalent labs

Observability Without Agents: eBPF × MCP for AI-Native Debugging

with an LLM to answer your questions on cluster slow downs

Kubernetes Cilium with BGP to expose LoadBalancer Services

With an edge router connected with an ISP using eBGP

🐝

The Video

KubeCon videos coming out next week!

🐝

The Events

ACM SOSP'26 Workshop on eBPF and Kernel Extensions

September 29th in Prague, CfP open

Linux Plumbers Conference

October 5-7th in Prague, CfP open soon

🐝

The Livestreams

eCHO Episode 204: Kubernetes Networking & Cilium Lab Walkthrough

eCHO Episode 205: KubeCon Europe 2026 Preview

The Post of the Week

With a single click, you can now enable encryption for pod-to-pod traffic in AKS. Leveraging Cilium mTLS, available through Advanced Container Networking Services in Azure, this capability brings zero-trust principles directly into your Kubernetes data plane—without adding operational complexity.

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan. Any feedback is welcome!

LF_KCCNC_headshot_251113_Bill_Mulligan_9686

I work for Isovalent at Cisco which is leading the eBPF-Powered Revolution in Cloud Native Networking, Observability, and Security with Cilium and Tetragon