Installation Network Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Networking Network Security eBPF Datapath Kubernetes Integration distributed networking and security observability platform. It is built on top of Cilium and BPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure This allows to limit access to and from application containers to particular IP ranges. Simple Networking A simple flat Layer 3 network with the ability to span multiple clusters connects all application

Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Address Management Multi Host Networking Security Datapath Failure Behavior This allows to limit access to and from application containers to particular IP ranges. Simple Networking A simple flat Layer 3 network with the ability to span multiple clusters connects all application that each host can allocate IPs without any coordination between hosts. The following multi node networking models are supported: Overlay: Encapsulation-based virtual network spanning all hosts. Currently

Installa�on Security Tutorials Advanced Networking Opera�ons Is�o Other Orchestrators Concepts Component Overview Assurances Terminology Address Management Mul� Host Networking Security Architecture Datapath Scale This allows to limit access to and from applica�on containers to par�cular IP ranges. Simple Networking A simple flat Layer 3 network with the ability to span mul�ple clusters connects all applica�on that each host can allocate IPs without any coordina�on between hosts. The following mul� node networking models are supported: Overlay: Encapsula�on based virtual network spawning all hosts. Currently

Installation Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Address Management Multi Host Networking Security Datapath Failure Behavior This allows to limit access to and from application containers to particular IP ranges. Simple Networking A simple flat Layer 3 network with the ability to span multiple clusters connects all application that each host can allocate IPs without any coordination between hosts. The following multi node networking models are supported: Overlay: Encapsulation-based virtual network spanning all hosts. Currently

Installation Network Policy Security Tutorials Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes distributed networking and security observability platform. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure This allows to limit access to and from application containers to particular IP ranges. Simple Networking A simple flat Layer 3 network with the ability to span multiple clusters connects all application

Observability Network Policy Security Tutorials Advanced Networking Cluster Mesh Operations Istio Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes distributed networking and security observability platform. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure This allows to limit access to and from application containers to particular IP ranges. Simple Networking A simple flat Layer 3 network with the ability to span multiple clusters connects all application

Observability Network Policy Security Tutorials Advanced Networking Cluster Mesh Operations Istio Concepts Component Overview Terminology Networking Network Security eBPF Datapath Observability Kubernetes distributed networking and security observability platform. It is built on top of Cilium and eBPF to enable deep visibility into the communication and behavior of services as well as the networking infrastructure This allows to limit access to and from application containers to particular IP ranges. Simple Networking A simple flat Layer 3 network with the ability to span multiple clusters connects all application

the flexibility of user space programming. Applications User space Kernel System calls Files Networking Process Memory Flying for years across the galaxy and back, The crew learned to modify their to adapt to the evolution of the kernel. Applications User space Kernel System calls Files Networking Process Module Memory One day, a concerned Captain Tux reviewed the crew And remembered that comes from the original Berkeley Packet Filter (used in tcpdump), but now extends way beyond just networking, enabling users to programmatically extend almost any functionality of the operating system.

Games • @aquarhead on GitHub, Twitter… • Rust (and Elixir) • Disclaimer: new to BPF & kernel networking, pardon my mistake and welcome corrections! Sad Rabbit Has No Memory • A faulty client spammed • Rust: expressive type system, modern toolchain - but most importantly, I love Rust! • For networking, RedBPF supports XDP and SocketFilter programs, however… Traffic Control for Real • XDP doesn’t

CPU ID Time Stamp User defined tracing data (with Lua script) … Use case • Multi tenant HV networking using SRv6 + VRF • Contributed to find the bug in SRv6 GSO handling • Upstream change • https://github SRv6 DC network architecture (en) • https://speakerdeck.com/line_developers/line-data-center- networking-with-srv6 • Detailed investigation of SRv6 TSO/GSO issue (jp) • https://engineering.linecorp.