2020 1 The data deluge on modern storage 2 Compute node CPU Network Storage node Flash The data deluge on modern storage 3 Compute node 3 CPU Network Storage node Flash 16-lane PCIe, 16GB/s research group ● Work with eBPF for storage! 5 eBPF and DoS 6 Compute node CPU Network Storage node Flash eBPF and DoS 7 Compute node CPU Network Storage node Flash DoS eBPF and DoS 8 Compute node CPU Network Storage node Flash DoS DoS in reverse! 9 Compute node CPU Network Storage node Flash DoS in reverse! 10 Compute node CPU Network Storage node Flash Data DoS in

(see Network Plugin Requirements [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#network- plugin-requirements]) Linux kernel >= 4.9.17 Tip See System Requirements (see Network Plugin Requirements [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#network- plugin-requirements]) Linux kernel >= 4.9.17 Tip See System Requirements hostPort-CNI plugin documentation [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#support-hostport]. Note Before using HostPort, read the Kubernetes Configuration

(see Network Plugin Requirements [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#network- plugin-requirements]) Linux kernel >= 4.9.17 Tip See System Requirements (see Network Plugin Requirements [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#network- plugin-requirements]) Linux kernel >= 4.9.17 Tip See System Requirements hostPort-CNI plugin documentation [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#support-hostport]. Note Before using HostPort, read the Kubernetes Configuration

as you scale up your clusters: etcd nodes operated by the etcd-operator will not use persistent storage. Once the etcd cluster looses quorum, the etcd cluster is automa�cally re- created by the cilium-etcd-operator Kubernets CNI network-plugins documenta�on [h�ps://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage- net/network-plugins/]. Mounted BPF filesystem This step is required for produc�on environments distribu�ons or Kubernetes installers but can be performed manually: sudo mkdir -p /opt/cni wget https://storage.googleapis.com/kubernetes-release/network-plugins/cni sudo tar -xvf cni-0799f5732f2a11b329d9e3d51b9c8f2e3759f2ff

as you scale up your clusters: etcd nodes operated by the etcd-operator will not use persistent storage. Once the etcd cluster looses quorum, the etcd cluster is automatically re-created by the cilium-etcd-operator hostPort-CNI plugin documentation [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#support-hostport]. Note Before using HostPort, read the Kubernetes Configuration CNI network-plugins documentation [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/]. Mounted BPF filesystem This step is required for production environments

as you scale up your clusters: etcd nodes operated by the etcd-operator will not use persistent storage. Once the etcd cluster looses quorum, the etcd cluster is automatically re-created by the cilium-etcd-operator hostPort-CNI plugin documentation [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#support-hostport]. Note Before using HostPort, read the Kubernetes Configuration kube-proxy replacement supports consistent hashing by implementing a variant of The Maglev paper [https://storage.googleapis.com/pub-tools-public- publication-data/pdf/44824.pdf] hashing in its load balancer for

Benefits TIP: To change picture:Right click on image > Replace image > Select file ❏ Durable log storage and enterprise Security Information and Event Management (SIEM) integration ❏ hubble observe command exported to logging stack ❏ Tracking network traffic to specific binaries 16 Durable Audit Log Storage 17 Hubble Observe Command 18 Network Visibility for Teams 19 Searchable Logs and Which Binary

as you scale up your clusters: etcd nodes operated by the etcd-operator will not use persistent storage. Once the etcd cluster looses quorum, the etcd cluster is automatically re-created by the cilium-etcd-operator hostPort-CNI plugin documentation [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#support-hostport]. Note Before using HostPort, read the Kubernetes Configuration CNI network-plugins documentation [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/]. Mounted BPF filesystem This step is required for production environments

as you scale up your clusters: etcd nodes operated by the etcd-operator will not use persistent storage. Once the etcd cluster looses quorum, the etcd cluster is automatically re-created by the cilium-etcd-operator hostPort-CNI plugin documentation [https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/#support-hostport]. Note Before using HostPort, read the Kubernetes Configuration configurations and state via Kubernetes resources. Key-Value Store All requirements for state storage and propagation can be met with Kubernetes CRDs as configured in the default configuration of Cilium

by in the map ● Garbage-collect map entry on BPF_TCP_CLOSE or use socket local storage for auto-cleanup 5 ● IP firewall is still useful ● Should affect only task state, not host ●