Happy 10th Birthday, Cilium! When the first commit was made, we were moving from static, long-lived systems to dynamic, ephemeral ones that are constantly changing under load. Instead of trying to hide that complexity behind another abstraction, Cilium moved it closer to where it actually happens in the kernel with eBPF.
View in browser
echo-newsletter 97

eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle

16th December 2025

 

Happy 10th Birthday, Cilium! When the first commit was made, we were moving from static, long-lived systems to dynamic, ephemeral ones that are constantly changing under load. Instead of trying to hide that complexity behind another abstraction, Cilium moved it closer to where it actually happens in the kernel with eBPF.

 

That shift is still strongly underway. I was reminded of it this past week at Linux Plumbers Conference, where talk after talk showed the kernel becoming a place for innovation again from rewriting VM networking for the cloud native world to Meta replacing SELinux with eBPF. Rather than being something you avoid touching, the kernel is increasingly where new ideas land first. Here's to another decade of Cilium and eBPF!

 

After LPC, I'm off in Hokkaido this week for skiing and surfing so let’s 🐝 -gin.

The Technical

ePass: Verifier-Cooperative Runtime Enforcement for eBPF

Introduction to an eBPF Foundation funded academic research project

 

Research Update: Managing Server Power with eBPF

Another eBPF Foundation funded academic research project for QoS

 

Securing the Modern Process with Tetragon: Runtime Security for the Cloud-Native Kernel

How Tetragon operates at the kernel level with full namespace awareness.

 

Kubernetes Gateway API PoC

For all of them, its still Cilium as the CNI under the hood

 

Securing Kubernetes Egress Traffic with Cilium & L7 Network Policies

Background, install, and a few example policies

 

Designing a small eBPF based security tool

With XDP and LSM

 

VladimiroPaschali/eBPF-InXpect

Lightweight system for profiling XDP applications using kfuncs

 

networkedsystemsIITB/flash

Userspace library for chaining co-located AF_XDP network applications

 

davidcoles/xvs

XDP Virtual Server - eBPF load balancer implementation and supporting Go library

 

tokiwa-software/feeze

Interactive graphical thread and scheduling analysis tool using eBPF

 

zrougamed/cerberus

Monitor ARP, TCP, UDP, ICMP, DNS, HTTP, and TLS traffic using eBPF

🐝

 

The Ecosystem

eBPF for the Infrastructure Platform Whitepaper

"eBPF is becoming the strategic platform of choice for infrastructure teams"

 

Case Study: UW-Madison

Cool to see my alma mater using Cilium!

 

Contributing to Cilium Through the LFX Mentorship Program

The LFX mentorship program is one of my favorite parts of working with CNCF

 

eBPF Won’t Sting You: Understanding Its Safety and Why Adoption Makes Sense

"eBPF is thoughtfully designed with safety in mind"

 

The Kernel Panic: A Case Study

Avoiding the CrowdStrike incident with eBPF

🐝

 

The How To

How to find Missing Nx Target Inputs

Use eBPF to trace file accesses during target execution to identify missing inputs.

 

Day 1 — Hello Kernel! Your First eBPF Program Using bpftrace

Print the PID when a file is opened

 

Cilium on k3s with ingress controller enablement

From install to L2 announcements

🐝

 

The Video

Linux Plumbers Conference Livestreams

Tell me the minute my presentation starts and I have a CCA exam code for you

🐝

 

The Events

eBPF Dev Room at FOSDEM

Schedule out now!

 

Holiday virtual eBee Quest

Have downtime over the holidays? Discover the World of Cilium through labs & challenges

 

CiliumCon EU

Can't wait for some stroopwafels

🐝 

The Livestreams

Upcoming on Dec 19: eCHO Episode 199: eBPF Summit Hackathon Edition

eCHO Episode 199: eBPF Summit Hackathon Edition

  

Upcoming on Jan 9: eCHO Episode 200: Celebrating a Decade of Cilium

eCHO Episode 200: Celebrating a Decade of Cilium

The Post of the Week

Zu devops r/devops • vor 1 Tag xmull1gan Meta replaces SELinux with eBPF SELinux was too slow for Meta so they replaced it with an eBPF based sandbox to safely run untrusted code. bpfjailer handles things legacy MACs struggle with, like signed binary enforcement and deep protocol interception, without waiting for upstream kernel patches and without a measurable performance regressions across any workload/host type.

As always, if you’ve seen a blog post, a tool, or anything else eBPF or Cilium related that you think the rest of the community should hear about, send them my way. You can either hit reply or join the #echo-news channel on Cilium Slack. You can also find all of the past episodes on the website.

🐝

To make sure you keep getting these emails, please add bill@isovalent.com to your address book or otherwise mark me as a permitted sender.

 

Know a friend that needs to be in the know? Forward this to them

Was this forwarded to you? Sign up today!

Written and sent by Bill Mulligan. Any feedback is welcome!

KC+CNC_NA_Headshot_241114_William_Mulligan_8154 (1)

I work for Isovalent at Cisco which is leading the eBPF-Powered Revolution in Cloud Native Networking, Observability, and Security with Cilium and Tetragon

logo-wordmark-isovalent-vertical-dark@2x
LinkedIn
Bluesky_Logo.svg

Cisco/Isovalent, LLC, 755 Sycamore Drive, Milipitas, CA 95035, United States

Unsubscribe Manage preferences