Distribution Compatibility & Considerations Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM iproute2 Firewall Rules Mounted eBPF filesystem Privileges Upgrade Guide Running cilium-health cilium-operator cilium-operator-aws cilium-operator-azure cilium-operator-generic Key-Value Store Key-Value Store Layout Leases Debugging Further Reading Related Material Presentations Podcasts to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external services Label based security is the tool of choice

Distribution Compatibility & Considerations Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM iproute2 Firewall Rules Mounted eBPF filesystem Privileges Upgrade Guide Running cilium-health cilium-operator cilium-operator-aws cilium-operator-azure cilium-operator-generic Key-Value Store Key-Value Store Layout Leases Debugging Further Reading Related Material Presentations Podcasts to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external services Label based security is the tool of choice

Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM iproute2 Firewall Rules Mounted eBPF filesystem Privileges Upgrade Guide Running cilium-health cilium-operator cilium-operator-aws cilium-operator-azure cilium-operator-generic Key-Value Store Key-Value Store Layout Leases Debugging Further Reading Related Material Presentations Podcasts to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external services Label based security is the tool of choice

Linux Distribution Compatibility Matrix Linux Kernel Advanced Features and Required Kernel Version Key-Value store clang+LLVM iproute2 Firewall Rules Privileges Upgrade Guide Running pre-flight check Kubernetes examples: Command Reference cilium-agent cilium cilium-health cilium-operator Key-Value Store Key-Value Store Layout Leases Debugging Further Reading Related Material Presentations Podcasts to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external services Label based security is the tool of choice

Linux Distribution Compatibility Matrix Linux Kernel Advanced Features and Required Kernel Version Key-Value store clang+LLVM iproute2 Firewall Rules Privileges Upgrade Guide Running pre-flight check Kubernetes examples: Command Reference cilium-agent cilium cilium-health cilium-operator Key-Value Store Key-Value Store Layout Leases Debugging Further Reading Related Material Presentations Podcasts to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external services Label based security is the tool of choice

Extensions Administra�on System Requirements Summary Linux Distribu�on Compa�bility Matrix Linux Kernel Key-Value store clang+LLVM iproute2 Firewall Rules Privileges Upgrade Guide Running a pre-flight DaemonSet Command examples: Kubernetes examples: Command Reference cilium-agent cilium cilium-health Key-Value Store Key-Value Store Layout Leases Debugging Further Reading Related Material Presenta�ons Podcasts allowing to validate the iden�ty at the receiving node. Security iden�ty management is performed using a key-value store. Secure access to and from external services Label based security is the tool of choice

Linux Distribution Compatibility Matrix Linux Kernel Required Kernel Versions for Advanced Features Key-Value store clang+LLVM iproute2 Firewall Rules Mounted eBPF filesystem Privileges Upgrade Guide Running cilium-health cilium-operator cilium-operator-aws cilium-operator-azure cilium-operator-generic Key-Value Store Key-Value Store Layout Leases Debugging Further Reading Related Material Presentations Podcasts to validate the identity at the receiving node. Security identity management is performed using a key-value store. Secure access to and from external services Label based security is the tool of choice

echo_ports = { .type = BPF_MAP_TYPE_HASH, .max_entries = 1024, .key_size = sizeof(__u16), .value_size = sizeof(__u8), }; struct bpf_map_def SEC("maps") echo_socket = { .type = BPF_MAP_TYPE_SOCKMAP, .max_entries = 1, .key_size = sizeof(__u32), .value_size = sizeof(__u64), }; echo_dispatch.bpf.c - BPF 0x0 key 2B value 1B max_entries 1024 memlock 86016B # bpftool map pin id 28 ~vagrant/bpffs/echo_ports # bpftool map show id 29 29: sockmap name echo_socket flags 0x0 key 4B value 8B

to AMQP port • Extract source IP & port as BPF map key Extract AMQP Methods Use BPF Maps Use BPF Maps • Using the source IP & port as map key • Map is a counter for consumers per connection Using the source IP & port as map key • Map is a counter for consumers per connection • Increase when declare Use BPF Maps • Using the source IP & port as map key • Map is a counter for consumers Increase when declare • Decrease when cancel Use BPF Maps • Using the source IP & port as map key • Map is a counter for consumers per connection • Increase when declare • Decrease when cancel