Advanced Configuration Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Kubernetes Endpoint Lifecycle Troubleshooting L7 Protocol Visibility API security isolation by operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation. The use of BPF enables Cilium to achieve all of this in a way that is highly scalable application protocols such as REST/HTTP, gRPC and Kafka. Traditional firewalls operates at Layer 3 and 4. A protocol running on a particular port is either completely trusted or blocked entirely. Cilium provides

Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs in policy communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes What is the rate of unanswered TCP SYN requests? Application monitoring What is the rate of 5xx or 4xx HTTP response codes for a particular service or across all clusters? What is the 95th and 99th percentile

the Cilium code or documentation. A hands-on tutorial [https://play.instruqt.com/isovalent/invite/j4maqox5r1h5] in a live environment is also available for users looking for a way to quickly get started Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes

the Cilium code or documentation. A hands-on tutorial [https://play.instruqt.com/isovalent/invite/j4maqox5r1h5] in a live environment is also available for users looking for a way to quickly get started Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes

Advanced Configuration Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Kubernetes Endpoint Lifecycle Troubleshooting Monitoring & Metrics Installation security isolation by operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation. The use of BPF enables Cilium to achieve all of this in a way that is highly scalable application protocols such as REST/HTTP, gRPC and Kafka. Traditional firewalls operates at Layer 3 and 4. A protocol running on a particular port is either completely trusted or blocked entirely. Cilium provides

the Cilium code or documentation. A hands-on tutorial [https://play.instruqt.com/isovalent/invite/j4maqox5r1h5] in a live environment is also available for users looking for a way to quickly get started Configuration Core Agent Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Deny Policies Host Policies Layer 7 Protocol Visibility Using Kubernetes constructs communication failing? Is it DNS? Is it an application or network problem? Is the communication broken on layer 4 (TCP) or layer 7 (HTTP)? Which services have experienced a DNS resolution problem in the last 5 minutes

Notes Advanced Configura�on Network Policy Policy Enforcement Modes Rule Basics Layer 3 Examples Layer 4 Examples Layer 7 Examples Kubernetes Endpoint Lifecycle Troubleshoo�ng Monitoring & Metrics Exported security isola�on by opera�ng at the HTTP-layer in addi�on to providing tradi�onal Layer 3 and Layer 4 segmenta�on. The use of BPF enables Cilium to achieve all of this in a way that is highly scalable applica�on protocols such as REST/HTTP, gRPC and Ka�a. Tradi�onal firewalls operates at Layer 3 and 4. A protocol running on a par�cular port is either completely trusted or blocked en�rely. Cilium provides

10.6.0.20:20000 —> pod3: 172.20.0.30:80 step3 pod3: 172.20.0.30:80 —> node2: 10.6.0.20:20000 step4 node2: 10.6.0.20:32000 —> pod1: 172.20.0.10:10000 kube-proxy step1 pod1: 172.20 veth veth step2 client -> pod2 : targetPort node IP and nodePort inserted to option field of ipv4 header , or to extension header of ipv6 header eth0 tc ingress tailCall redirect_peer redirect_neigh step1 client -> node1 : nodePort step3 client -> pod2 : targetPort native DSR DNAT and No SNAT step4 pod2:targetPort -> client step6 node2 : nodePort -> client client step5 node2 : nodePort ->