small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applications tend to be highly dynamic, with individual containers getting started that need to be updated with a continuously growing frequency. Protocol ports (e.g. TCP port 80 for HTTP traffic) can no longer be used to differentiate between application traffic for security purposes contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment

small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applications tend to be highly dynamic, with individual containers getting started that need to be updated with a continuously growing frequency. Protocol ports (e.g. TCP port 80 for HTTP traffic) can no longer be used to differentiate between application traffic for security purposes contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment

small independent services that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applica�ons tend to be highly dynamic, with individual containers ge�ng started or that need to be updated with a con�nuously growing frequency. Protocol ports (e.g. TCP port 80 for HTTP traffic) can no longer be used to differen�ate between applica�on traffic for security purposes as contrast to IP address iden�fica�on in tradi�onal systems) and can filter on applica�on-layer (e.g. HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment

communicating with each other? How frequently? What does the service dependency graph look like? What HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes? Which services monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses in my cluster

communicating with each other? How frequently? What does the service dependency graph look like? What HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes? Which services monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses in my cluster

communicating with each other? How frequently? What does the service dependency graph look like? What HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes? Which services monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses in my cluster

communicating with each other? How frequently? What does the service dependency graph look like? What HTTP calls are being made? What Kafka topics does a service consume from or produce to? Network monitoring Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes? Which services monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile latency between HTTP requests and responses in my cluster

ink bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/echo_dispatch_prog", …) = 3 openat(…, "/proc/self/ns/net", …) = 4 bpf(BPF_LINK_CREATE, {link_create={prog_fd=3, target_fd=4, netns_ino 4026531992 attach_type sk_lookup $ ls -l /proc/self/ns/net lrwxrwxrwx. 1 vagrant vagrant 0 Oct 23 13:35 /proc/self/ns/net -> 'net:[4026531992]' prog attached to netns syscall trace Enable echo STATE SERVICE 7/tcp open echo 22/tcp open ssh 77/tcp open priv-rje 777/tcp open multiling-http Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds Test echo service on ports 7, 77, 777

- Enable debugging symbols under Kernel Hacking -> compile options git clone git://git.buildroot.net/buildroot /source/buildroot cd buildroot make menuconfig make -j16 Rootfs Remember to: - Select

Policy Language Rules and Directives Rules specify access to system objects: ▶ fs(file, access) ▶ net(socket, access) ▶ signal(prog, sig) ▶ etc. Directives augment blocks of rules: ▶ #[directive] syntax