opera�ng at the HTTP-layer in addi�on to providing tradi�onal Layer 3 and Layer 4 segmenta�on. The use of BPF enables Cilium to achieve all of this in a way that is highly scalable even for large-scale io/en/stable/policy/#layer-7] in our documenta�on for the latest list of supported protocols and examples on how to use it. Secure service to service communication based on identities Modern distributed applica�ons rely VXLAN and Geneve are baked in but all encapsula�on formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and integra�on requirements. It works on almost any

operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation. The use of BPF enables Cilium to achieve all of this in a way that is highly scalable even for large-scale io/en/stable/policy/#layer-7] in our documentation for the latest list of supported protocols and examples on how to use it. Secure service to service communication based on identities Modern distributed applications rely and Geneve are baked in but all encapsulation formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and integration requirements. It works on almost any

detailed visibility as required by users. Hubble has been created and specifically designed to make best use of these new BPF powers. Hubble can answer questions such as: Service dependencies & communication operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation. The use of BPF enables Cilium to achieve all of this in a way that is highly scalable even for large-scale io/en/stable/policy/#layer-7] in our documentation for the latest list of supported protocols and examples on how to use it. Secure service to service communication based on identities Modern distributed applications rely

operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation. The use of BPF enables Cilium to achieve all of this in a way that is highly scalable even for large-scale io/en/stable/policy/#layer-7] in our documentation for the latest list of supported protocols and examples on how to use it. Secure service to service communication based on identities Modern distributed applications rely and Geneve are baked in but all encapsulation formats supported by Linux can be enabled. When to use this mode: This mode has minimal infrastructure and integration requirements. It works on almost any

detailed visibility as required by users. Hubble has been created and specifically designed to make best use of these new eBPF powers. Hubble can answer questions such as: Service dependencies & communication operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation. The use of eBPF enables Cilium to achieve all of this in a way that is highly scalable even for large-scale io/en/stable/policy/#layer-7] in our documentation for the latest list of supported protocols and examples on how to use it. Secure service to service communication based on identities Modern distributed applications rely

detailed visibility as required by users. Hubble has been created and specifically designed to make best use of these new eBPF powers. Hubble can answer questions such as: Service dependencies & communication operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation. The use of eBPF enables Cilium to achieve all of this in a way that is highly scalable even for large-scale io/en/stable/policy/#layer-7] in our documentation for the latest list of supported protocols and examples on how to use it. Secure service to service communication based on identities Modern distributed applications rely

detailed visibility as required by users. Hubble has been created and specifically designed to make best use of these new eBPF powers. Hubble can answer questions such as: Service dependencies & communication operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation. The use of eBPF enables Cilium to achieve all of this in a way that is highly scalable even for large-scale io/en/stable/policy/#layer-7] in our documentation for the latest list of supported protocols and examples on how to use it. Secure service to service communication based on identities Modern distributed applications rely

fact *= float64(i) res += 1 / fact } return res } Let’s look at test application Use Case GET /e?iters={iterations} // computeE computes the approximation of e by running a fixed number float64(i) res += 1 / fact } return res } What if we just want to log the iterations? Use Case fmt.Printf("iterations: %d\n”, iterations) YOUR OPTIONS Option 1: Add a log to your program,

features enabled: ● mostly networking: ○ IP assignment (when netns is not in-use) ○ host services connector (netns is in-use) ○ transparent proxy (mostly for TLS) ○ container firewall ○ network faults task use specified IP by a set of BPF_PROG_TYPE_CGROUP_SOCK_ADDR and BPF_CGROUP_SOCK_OPS programs Move TCP/UDP servers to task IP: ● bind(2): ctx.user_ip6 = task_ip Make TCP/UDP clients use task IP by in the map ● Garbage-collect map entry on BPF_TCP_CLOSE or use socket local storage for auto-cleanup 5 ● IP firewall is still useful ● Should affect only task

the packets have gone through CPU ID Time Stamp User defined tracing data (with Lua script) … Use case • Multi tenant HV networking using SRv6 + VRF • Contributed to find the bug in SRv6 GSO handling