Networking Opera�ons Is�o Other Orchestrators Concepts Component Overview Assurances Terminology Address Management Mul� Host Networking Security Architecture Datapath Scale Kubernetes Integra�on Ge�ng Presenta�ons Podcasts Community blog posts Glossary Introduction to Cilium What is Cilium? Cilium is open source so�ware for transparently securing the network connec�vity between applica�on services deployed using between microservices. Tradi�onal Linux network security approaches (e.g., iptables) filter on IP address and TCP/UDP ports, but IP addresses frequently churn in dynamic microservices environments. The highly

posts Glossary Helm Reference Introduction to Cilium & Hubble What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed between microservices. Traditional Linux network security approaches (e.g., iptables) filter on IP address and TCP/UDP ports, but IP addresses frequently churn in dynamic microservices environments. The highly enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result

posts Glossary Helm Reference Introduction to Cilium & Hubble What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed between microservices. Traditional Linux network security approaches (e.g., iptables) filter on IP address and TCP/UDP ports, but IP addresses frequently churn in dynamic microservices environments. The highly enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result

Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Address Management Multi Host Networking Security Datapath Failure Behavior Architecture Datapath Scale Podcasts Community blog posts Glossary Introduction to Cilium What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed between microservices. Traditional Linux network security approaches (e.g., iptables) filter on IP address and TCP/UDP ports, but IP addresses frequently churn in dynamic microservices environments. The highly

posts Glossary Helm Reference Introduction to Cilium & Hubble What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed between microservices. Traditional Linux network security approaches (e.g., iptables) filter on IP address and TCP/UDP ports, but IP addresses frequently churn in dynamic microservices environments. The highly enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result

Community blog posts Glossary Introduction to Cilium & Hubble What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed between microservices. Traditional Linux network security approaches (e.g., iptables) filter on IP address and TCP/UDP ports, but IP addresses frequently churn in dynamic microservices environments. The highly enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result

Advanced Networking Operations Istio Other Orchestrators Concepts Component Overview Terminology Address Management Multi Host Networking Security Datapath Failure Behavior Architecture Datapath Scale Podcasts Community blog posts Glossary Introduction to Cilium What is Cilium? Cilium is open source software for transparently securing the network connectivity between application services deployed between microservices. Traditional Linux network security approaches (e.g., iptables) filter on IP address and TCP/UDP ports, but IP addresses frequently churn in dynamic microservices environments. The highly

only duplicates filtered traffic to a user-space program (e.g. for analyzing), does not affect original packets • `tc` can actually control packets! And use BPF! • Let’s add support for it in RedBPF look at IPv4, TCP packet to AMQP port • Extract source IP & port as BPF map key Extract AMQP Methods Use BPF Maps Use BPF Maps • Using the source IP & port as map key • Map is a counter for consumers connection Use BPF Maps • Using the source IP & port as map key • Map is a counter for consumers per connection • Increase when declare Use BPF Maps • Using the source IP & port as map key • Map is

ature=emb_title • https://speakerdeck.com/line_devday2019/software- engineering-that-supports-line-original-lbaas ipftrace // Trace the TCP packets with destination 10.0.0.10 # iptables -t raw -A OUTPUT https://engineering.linecorp.com/ja/blog/tso-problems-srv6- based-multi-tenancy-environment/ • ipftrace source • https://github.com/YutaroHayakawa/ipftrace2 And more… • SRv6 acceleration using XDP (jp) • https://engineering

BPF code (bpf/rbperf.c) Read frame Driver (rbperf.py) 1. Adds info (pid to profile, thread address) 3. Receives stacktrace 4. Serialisation and persistence BPF tail-calls Bounded loop Challenges awesome - Better documentation (including how to measure overhead) - Add more output formats - Open source GDB / drgn helper - Other tools? - Containers support? - Support request-oriented workloads?