Guide Running pre-flight check (Required) Upgrading Cilium Version Specific Notes Advanced Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed networking and security observability platform optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing operation is not performed

Guide Running pre-flight check (Required) Upgrading Cilium Version Specific Notes Advanced Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Golang Package Compatibility Guarantees API Reference Hubble internals Hubble Architecture Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed networking and security observability platform

Guide Running pre-flight check (Required) Upgrading Cilium Version Specific Notes Advanced Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed networking and security observability platform optimized for maximum performance, can be attached to XDP (eXpress Data Path), and supports direct server return (DSR) as well as Maglev consistent hashing if the load balancing operation is not performed

FAQ Slack GitHub Security Bugs Integrations Kubernetes Introduction Concepts Requirements Configuration Network Policy Endpoint CRD Kubernetes Compatibility Troubleshooting Istio Getting Started Using Micro Versions Upgrading Minor Versions Step 3: Rolling Back Version Specific Notes Advanced Configuration Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer policies can be applied and updated without any changes to the application code or container configuration. Why Cilium? The development of modern datacenter applications has shifted to a service-oriented

Guide Running pre-flight check (Required) Upgrading Cilium Version Specific Notes Advanced Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Golang Package Compatibility Guarantees API Reference Hubble internals Hubble Architecture Hubble server Hubble Relay Reference Command Cheatsheet Command utilities: Command examples: Kubernetes examples: policies can be applied and updated without any changes to the application code or container configuration. What is Hubble? Hubble is a fully distributed networking and security observability platform

FAQ Slack GitHub Security Bugs Integrations Kubernetes Introduction Concepts Requirements Configuration Network Policy Endpoint CRD Kubernetes Compatibility Cilium CRD schema validation Troubleshooting pre-flight check (Required) Upgrading Cilium Step 3: Rolling Back Version Specific Notes Advanced Configuration Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer Protocol Visibility API Rate Limiting Default Rate Limits Configuration Automatic Adjustment Metrics Understanding the log output Configuration Core Agent Monitoring & Metrics Installation cilium-agent

implemented using BPF using efficient hashtables allowing for almost unlimited scale and supports direct server return (DSR) if the loadbalancing opera�on is not performed on the source host. Note: load balancing have kubectl installed then you can simply point it at the microk8s version of the kubernetes API server: export KUBECONFIG=/snap/microk8s/current/client.config Install etcd Install etcd as a StatefulSet link/etcd-config #ca-file: '/var/lib/etcd-secrets/etcd-client-ca.crt' # # In case you want client to server authentication, uncomment the following # lines and create a kubernetes secret by following the tutorial

following objects or mechanisms when programming with eBPF: Share collected information, retrieve configuration options, and store state through eBPF maps to save and retrieve data in a wide set of data structures

twagent story Andrey Ignatov, Facebook October 28, 2020 1 ● a daemon ● runs on every Facebook server ● manages all Facebook containers ● a part of the bigger TW system, see the TW paper in OSDI'20 cgroup-bpf 3 Task IP assignment (aka IP-per-task) ● Facebook DC network is IPv6 only ● Every server has /64 IPv6 prefix ● Convenient to have a unique IPv6 per twagent task (e.g. for QoS tagging) ● sendmsg(2): bpf_bind(task_ip) Handle TCP client A connecting to TCP server B in same task by [::1]: ● listen(2): track server port by tracking BPF_TCP_LISTEN and BPF_TCP_CLOSE ● connect(2) to [::1]:

Code and instructions at https://github.com/jsitnicki/ebpf-summit-2020 We will need… a TCP echo server $ sudo dnf install nmap-ncat $ nc -4kle /bin/cat 127.0.0.1 7777 & [1] 1289 $ ss -4tlpn sport SK_DROP : SK_PASS; } is echo service configured on this port? get echo server socket dispatch the packet to echo server Load echo_dispatch program $ make echo_dispatch.bpf.o clang -I…/linux/usr/include