small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applications tend to be highly dynamic, with individual containers getting started that need to be updated with a continuously growing frequency. Protocol ports (e.g. TCP port 80 for HTTP traffic) can no longer be used to differentiate between application traffic for security purposes contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment

small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applications tend to be highly dynamic, with individual containers getting started that need to be updated with a continuously growing frequency. Protocol ports (e.g. TCP port 80 for HTTP traffic) can no longer be used to differentiate between application traffic for security purposes contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment

small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applica�ons tend to be highly dynamic, with individual containers ge�ng started or that need to be updated with a con�nuously growing frequency. Protocol ports (e.g. TCP port 80 for HTTP traffic) can no longer be used to differen�ate between applica�on traffic for security purposes as contrast to IP address iden�fica�on in tradi�onal systems) and can filter on applica�on-layer (e.g. HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment

Golang Package Compatibility Guarantees API Reference Hubble internals Hubble Architecture Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: communicating with each other? How frequently? What does the service dependency graph look like? What HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes? Which services

Golang Package Compatibility Guarantees API Reference Hubble internals Hubble Architecture Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: communicating with each other? How frequently? What does the service dependency graph look like? What HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes? Which services

communicating with each other? How frequently? What does the service dependency graph look like? What HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes? Which services monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses in my cluster

communicating with each other? How frequently? What does the service dependency graph look like? What HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes? Which services monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses in my cluster

Code and instructions at https://github.com/jsitnicki/ebpf-summit-2020 We will need… a TCP echo server $ sudo dnf install nmap-ncat $ nc -4kle /bin/cat 127.0.0.1 7777 & [1] 1289 $ ss -4tlpn sport SK_DROP : SK_PASS; } is echo service configured on this port? get echo server socket dispatch the packet to echo server Load echo_dispatch program $ make echo_dispatch.bpf.o clang -I…/linux/usr/include STATE SERVICE 7/tcp open echo 22/tcp open ssh 77/tcp open priv-rje 777/tcp open multiling-http Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds Test echo service on ports 7, 77, 777

twagent story Andrey Ignatov, Facebook October 28, 2020 1 ● a daemon ● runs on every Facebook server ● manages all Facebook containers ● a part of the bigger TW system, see the TW paper in OSDI'20 cgroup-bpf 3 Task IP assignment (aka IP-per-task) ● Facebook DC network is IPv6 only ● Every server has /64 IPv6 prefix ● Convenient to have a unique IPv6 per twagent task (e.g. for QoS tagging) ● sendmsg(2): bpf_bind(task_ip) Handle TCP client A connecting to TCP server B in same task by [::1]: ● listen(2): track server port by tracking BPF_TCP_LISTEN and BPF_TCP_CLOSE ● connect(2) to [::1]:

#1 cilium-agent cilium-operator Node #1 cilium-agent cilium-operator Control Plane kube-api-server cilium-agent kube-controller- manager scheduler ….. etcd VPC digitalocean.com How’s Cilium