Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can have resolved a particular DNS name? Why Cilium & Hubble? BPF is enabling visibility into and control over systems and applications at a granularity and efficiency that was not possible before. It does

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can have resolved a particular DNS name? Why Cilium & Hubble? eBPF is enabling visibility into and control over systems and applications at a granularity and efficiency that was not possible before. It does

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can have resolved a particular DNS name? Why Cilium & Hubble? eBPF is enabling visibility into and control over systems and applications at a granularity and efficiency that was not possible before. It does

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog technology called eBPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because eBPF runs inside the Linux kernel, Cilium security policies can have resolved a particular DNS name? Why Cilium & Hubble? eBPF is enabling visibility into and control over systems and applications at a granularity and efficiency that was not possible before. It does

Kernel Testing JIT Debugging Introspection Tracing pipe Miscellaneous Program Types XDP tc (traffic control) Further Reading Kernel Developer FAQ Projects using BPF XDP Newbies BPF Newsletter Podcasts Blog kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can approaches to struggle to scale side by side with the application as load balancing tables and access control lists carrying hundreds of thousands of rules that need to be updated with a continuously growing

kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can approaches to struggle to scale side by side with the application as load balancing tables and access control lists carrying hundreds of thousands of rules that need to be updated with a continuously growing and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services, traditional CIDR based security policies

kernel technology called BPF, which enables the dynamic inser�on of powerful security visibility and control logic within Linux itself. Because BPF runs inside the Linux kernel, Cilium security policies can approaches to struggle to scale side by side with the applica�on as load balancing tables and access control lists carrying hundreds of thousands of rules that need to be updated with a con�nuously growing and from external services Label based security is the tool of choice for cluster internal access control. In order to secure access to and from external services, tradi�onal CIDR based security policies

Added in kernel v4.12 – Only for specific program types – Specify how many times to repeat – Control input data and/or context. Examine output data/context. – Use cases: – Unit testing – Debugging BPF_PROG_TYPE_LWT_XMIT ✔ ✔ ✔ ✔ ✔ BPF_PROG_TYPE_LWT_SEG6LOCAL ✔ ✔ ✔ ✔ ✔ BPF_PROG_TYPE_XDP ✔ ? ✔ ? ✔ BPF_PROG_TYPE_FLOW_DISSECTOR ✔ ✔ ✔ ✔ ✔ Feature Support ebpfbench - Go library for eBPF benchmarking https://github

help with troubleshooting ❏ Features to expose network traffic flows to teams ❏ Hubble UI ❏ Network flow logs exported to logging stack ❏ Tracking network traffic to specific binaries 16 Durable Audit

Routers Advertise VIP with eBGP Configure with RPC Health check daemon etc… Service Discovery Per-flow ECMP k8s CCM Frontend (dash board) To Backends User For More Information • Our motivation, detailed