Cilium - BPF & XDP for containers

•

1 like•5,701 views

Cilium - BPF & XDP for containers by Thomas Graf (Noiro Networks) Cilium - https://github.com/cilium/cilium Liveblogging: http://canopy.mirage.io/Liveblog/NetworkingDDS2016

Technology

Cilium
Networking & Security for Containers with BPF & XDP
Docker Distributed Systems Summit
Thomas Graf

The Network becomes the Application bus
We have to deal with networks that ...
○ contain millions of endpoints
○ are noisy (nMpps)
○ are insecure with multiple tenants
○ operate unreliably
○ are constantly evolving WRT protocols

BPF Code Generation at Container Startup
● Generate networking code at container startup
○ Tailored to each individual container
○ Leads to minimal code required
⇒ faster
⇒ smaller attack surface (unikernel like)
● Majority of configuration (IP, MAC, ports, ... ) becomes
constant, the compiler can optimize heavily
● Regeneration at runtime without breaking connections

Make all tasks globally addressable on the
Internet
● Global IPv6 addresses
○ No NAT!
○ Native IPv4/NAT46 + NAT for compat
● Host scope address allocator
○ Lockless allocation
● Task mobility
○ ILA

Scaling Policy Specification
● How to specify policy for millions of endpoints?
● Decouple policy specification from addressing
○ IP+port ACLs are unsuitable for containers
○ Policy specification based on container labels
Frontend BackendLB
FE BE
LB
LB
FE
FE BE
LB

Scaling Policy Enforcement
● Distributed fixed cost policy enforcement
○ Per-CPU BPF-map hashtable
FE
BE
LB Prod
QA
Prod
Prod
FE
BE
LB
QA
QA
10
11
12
13
14
15
16
Cluster Wide Label ID Table: This ID is carried in the network packet and used
to reconstruct the label context at the receiving
host.
Policy enforcement cost is reduced to a
single hashtable lookup regardless of
complexity.

Extensibility & Safety in the Kernel
● Decouple datapath functionality from kernel version
○ Support new protocols
○ Add arbitrary statistics
○ Safety guaranteed by Verifier
● All at runtime for already running containers

Scaling the Delivery of Cat Pictures
● Distributed L3/L4 LB w/ DSR
● Like IPVS but completely programmable
● LB for N-S, E-W & Intra-node
FE
BE
LB
LB
ECMP
FE
FE
BE
BE
BE
Small HTTP GET
Large Cat Pictures/Videos

Q&A
Start hacking on BPF for containers:
https://github.com/cilium/cilium
Slack: Twitter
cilium.slack.com @tgraf__
Thank You

● L3 forwarding (IPv6 & IPv4)
● Host connectivity
● Encapsulation
(VXLAN/Geneve/GRE)
● ICMPv6 & ICMP generation
● NDisc & ARP responder
● Access Control
● Port mapping
● Connection tracking
● L3/L4 Load balancer w/ DSR
● Statistics
● Events (perf ring buffer)
● Debugging framework
● NAT46
Building Blocks

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application containers and services deployed using Linux container management platforms like Docker and Kubernetes. A new Linux kernel technology called eBPF is at the foundation of Cilium, which enables the dynamic insertion of BPF bytecode into the Linux kernel. Cilium generates eBPF programs for each individual application container to provide networking, security, loadbalancing and visibility.

EBPF and Linux Networking

PLUMgrid

In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.

Accelerating Envoy and Istio with Cilium and the Linux Kernel

Thomas Graf

This talk will provide an introduction to injection options of Envoy and then deep dive into ongoing Linux kernel work that enables injecting Envoy while introducing as little latency as possible. The servicemesh and the sidecar proxy model are on a steep trajectory to redefine many networking and security use cases. This talk explains and demos a new socket redirect Linux kernel technology that allows running Envoy with similar performance as if the sidecar was linked to the application using a UNIX domain socket. The talk will also give an outlook on how Envoy can use the recently merged kernel TLS functionality to gain access to the clear text payload transparently for end to end encrypted applications without requiring to decrypt and re-encrypt any data to further reduce the overhead and latency.

DoS and DDoS mitigations with eBPF, XDP and DPDK

Marian Marinov

CETH for XDP [Linux Meetup Santa Clara | July 2016]

IO Visor Project

Cilium - Container Networking with BPF & XDP

Thomas Graf

This talk demonstrates that programmability and performance does not require user space networking, it can be achieved in the kernel by generating BPF programs and leveraging the existing kernel subsystems. We will demo an early prototype which provides fast IPv6 & IPv4 connectivity to containers, container labels based security policy with avg cost O(1), and debugging and monitoring based on the per-cpu perf ring buffer. We encourage a lively discussion on the approach taken and next steps.

Replacing iptables with eBPF in Kubernetes with Cilium

Michal Rostecki

Cilium is an open source project which provides networking, security and load balancing for application services that are deployed using Linux container technologies by using the native eBPF technology in the Linux kernel. In this presentation we talked about: - The evolution of the BPF filters and explained the advantages of eBPF Filters and its use cases today in Linux especially on how Cilium networking utilizes the eBPF Filters to secure the Kubernetes workload with increased performance when compared to legacy iptables. - How Cilium uses SOCKMAP for layer 7 policy enforcement - How Cilium integrates with Istio and handles L7 Network Policies with Envoy Proxies. - The new features since the last release such as running Kubernetes cluster without kube-proxy, providing clusterwide NetworkPolicies, providing fully distributed networking and security observability platform for cloud native workloads etc.

LinuxCon 2015 Linux Kernel Networking Walkthrough

Thomas Graf

This presentation features a walk through the Linux kernel networking stack for users and developers. It will cover insights into both, existing essential networking features and recent developments and will show how to use them properly. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as networking namespaces, segmentation offloading, TCP small queues, and low latency polling and will discuss how to configure them.

The Linux kernel is undergoing the most fundamental architecture evolution in history and is becoming a microkernel. Why is the Linux kernel evolving into a microkernel? The potentially biggest fundamental change ever happening to the Linux kernel. This talk covers how companies like Facebook and Google use BPF to patch 0-day exploits, how BPF will change the way features are added to the kernel forever, and how BPF is introducing a new type of application deployment method for the Linux kernel.

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

Thomas Graf

Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.

Kubernetes Networking with Cilium - Deep Dive

Michal Rostecki

Cilium is open source software for providing and transparently securing network connectivity and load balancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. The foundation of Cilium is the new Linux kernel technology BPF which supports the dynamic insertion of BPF bytecode into the Linux kernel at various integration points. This presentation reveals the secrets of Kubernetes networking and gives you a deep dive into Cilium and why it is awesome!

Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security

Thomas Graf

BPF is one of the fastest emerging technologies of the Linux kernel. The talk provides an introduction to Cilium which brings the powers of BPF to Kubernetes and other orchestration systems to provide highly scalable and efficient networking, security and load balancing for containers and microservices. The talk will provide an introduction to the capabilities of Cilium today but also deep dives into the emerging roadmap involving networking at the socket layer and service mesh datapath capabilities to provide highly efficient connectivity between cloud native apps and sidecar proxies.

Tutorial: Using GoBGP as an IXP connecting router

Shu Sugimoto

BPF - in-kernel virtual machine

Alexei Starovoitov

BPF of Berkeley Packet Filter mechanism was first introduced in linux in 1997 in version 2.1.75. It has seen a number of extensions of the years. Recently in versions 3.15 - 3.19 it received a major overhaul which drastically expanded it's applicability. This talk will cover how the instruction set looks today and why. It's architecture, capabilities, interface, just-in-time compilers. We will also talk about how it's being used in different areas of the kernel like tracing and networking and future plans.

Faster packet processing in Linux: XDP

Daniel T. Lee

SOSCON 2019.10.17 What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel. Daniel T. Lee (Hoyeon Lee) @danieltimlee Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.

DevConf 2014 Kernel Networking Walkthrough

Thomas Graf

This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.

eBPF maps 101

SUSE Labs Taipei

DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP

Thomas Graf

This talk will start with a deep dive and hands on examples of BPF, possibly the most promising low level technology to address challenges in application and network security, tracing, and visibility. We will discuss how BPF evolved from a simple bytecode language to filter raw sockets for tcpdump to the a JITable virtual machine capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss and demonstrate how Cilium with the help of BPF can be combined with distributed system orchestration such as Docker to simplify security, operations, and troubleshooting of distributed applications.

Ovs dpdk hwoffload way to full offload

Kevin Traynor

eBPF Basics

Michael Kehoe

Introduction to eBPF and XDP

lcplcp1

Cilium - overview and recent updates

Michal Rostecki

Cilium is an open source project which provides networking, security and load balancing for containers by using eBPF and XDP technologies in the Linux kernel. It provides eBPF and XDP features to CRI-O, Docker and Kubernetes. This presentation shows an overview on Cilium, explains the concepts behind it and then provide the project update, as it reached the 1.0 milestone last year. The video from talk at FOSDEM 2019: https://video.fosdem.org/2019/H.2214/cilium_overview_and_updates.webm

Using eBPF for High-Performance Networking in Cilium

ScyllaDB

Introduction to Segment Routing

MyNOG

Meet cute-between-ebpf-and-tracing

Viller Hsiao

Linux Networking Explained

Thomas Graf

Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.

Open vSwitch Offload: Conntrack and the Upstream Kernel

Netronome

Offloading all or part of the Open vSwitch datapath to SmartNICs has been shown to not only release CPU resources on the server, but improve traffic processing performance. Recently steps have been made to support such offloading in the upstream Linux kernel. This has focused on creating an OVS datapath using the TC flower filter and utilizing the offload hooks already present here. This presentation focuses on how Connection Tracking (Conntrack) may fit into this model. It describes current work being undertaken with the Netfilter community to allow offloading of Conntrack entries. It continues to link this work with the offloading of Conntrack rules within OVS-TC.

BPF / XDP 8월 세미나 KossLab

Taeung Song

Cilium - Fast IPv6 Container Networking with BPF and XDP

Thomas Graf

We present a new open source project which provides IPv6 networking for Linux Containers by generating programs for each individual container on the fly and then runs them as JITed BPF code in the kernel. By generating and compiling the code, the program is reduced to the minimally required feature set and then heavily optimised by the compiler as parameters become plain variables. The upcoming addition of the Express Data Plane (XDP) to the kernel will make this approach even more efficient as the programs will get invoked directly from the network driver.

Kubernetes from scratch at veepee sysadmins days 2019

🔧 Loïc BLOT

What's hot

eBPF - Rethinking the Linux Kernel

Thomas Graf

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

Thomas Graf

Kubernetes Networking with Cilium - Deep Dive

Michal Rostecki

Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security

Thomas Graf

Tutorial: Using GoBGP as an IXP connecting router

Shu Sugimoto

BPF - in-kernel virtual machine

Alexei Starovoitov

Faster packet processing in Linux: XDP

Daniel T. Lee

DevConf 2014 Kernel Networking Walkthrough

Thomas Graf

eBPF maps 101

SUSE Labs Taipei

DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP

Thomas Graf

Ovs dpdk hwoffload way to full offload

Kevin Traynor

eBPF Basics

Michael Kehoe

Introduction to eBPF and XDP

lcplcp1

Cilium - overview and recent updates

Michal Rostecki

Using eBPF for High-Performance Networking in Cilium

ScyllaDB

Introduction to Segment Routing

MyNOG

Meet cute-between-ebpf-and-tracing

Viller Hsiao

Linux Networking Explained

Thomas Graf

Open vSwitch Offload: Conntrack and the Upstream Kernel

Netronome

BPF / XDP 8월 세미나 KossLab

Taeung Song

What's hot (20)

eBPF - Rethinking the Linux Kernel

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

Kubernetes Networking with Cilium - Deep Dive

Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security

Tutorial: Using GoBGP as an IXP connecting router

BPF - in-kernel virtual machine

Faster packet processing in Linux: XDP

DevConf 2014 Kernel Networking Walkthrough

eBPF maps 101

DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP

Ovs dpdk hwoffload way to full offload

eBPF Basics

Introduction to eBPF and XDP

Cilium - overview and recent updates

Using eBPF for High-Performance Networking in Cilium

Introduction to Segment Routing

Meet cute-between-ebpf-and-tracing

Linux Networking Explained

Open vSwitch Offload: Conntrack and the Upstream Kernel

BPF / XDP 8월 세미나 KossLab

Similar to Cilium - BPF & XDP for containers

Cilium - Fast IPv6 Container Networking with BPF and XDP

Thomas Graf

Kubernetes from scratch at veepee sysadmins days 2019

🔧 Loïc BLOT

Network services on Kubernetes on premise

Hans Duedal

Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device

Samsung Open Source Group

A Kernel of Truth: Intrusion Detection and Attestation with eBPF

oholiab

"Attestation is hard" is something you might hear from security researchers tracking nation states and APTs, but it's actually pretty true for most network-connected systems! Modern deployment methodologies mean that disparate teams create workloads for shared worker-hosts (ranging from Jenkins to Kubernetes and all the other orchestrators and CI tools in-between), meaning that at any given moment your hosts could be running any one of a number of services, connecting to who-knows-what on the internet. So when your network-based intrusion detection system (IDS) opaquely declares that one of these machines has made an "anomalous" network connection, how do you even determine if it's business as usual? Sure you can log on to the host to try and figure it out, but (in case you hadn't noticed) computers are pretty fast these days, and once the connection is closed it might as well not have happened... Assuming it wasn't actually a reverse shell... At Yelp we turned to the Linux kernel to tell us whodunit! Utilizing the Linux kernel's eBPF subsystem - an in-kernel VM with syscall hooking capabilities - we're able to aggregate metadata about the calling process tree for any internet-bound TCP connection by filtering IPs and ports in-kernel and enriching with process tree information in userland. The result is "pidtree-bcc": a supplementary IDS. Now whenever there's an alert for a suspicious connection, we just search for it in our SIEM (spoiler alert: it's nearly always an engineer doing something "innovative")! And the cherry on top? It's stupid fast with negligible overhead, creating a much higher signal-to-noise ratio than the kernels firehose-like audit subsystems. This talk will look at how you can tune the signal-to-noise ratio of your IDS by making it reflect your business logic and common usage patterns, get more work done by reducing MTTR for false positives, use eBPF and the kernel to do all the hard work for you, accidentally load test your new IDS by not filtering all RFC-1918 addresses, and abuse Docker to get to production ASAP! As well as looking at some of the technologies that the kernel puts at your disposal, this talk will also tell pidtree-bcc's road from hackathon project to production system and how focus on demonstrating business value early on allowed the organization to give us buy-in to build and deploy a brand new project from scratch.

DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...

DevSecCon

Matt Carroll Infrastructure Security Engineer at Yelp "Attestation is hard" is something you might hear from security researchers tracking nation states and APTs, but it's actually pretty true for most network-connected systems! Modern deployment methodologies mean that disparate teams create workloads for shared worker-hosts (ranging from Jenkins to Kubernetes and all the other orchestrators and CI tools in-between), meaning that at any given moment your hosts could be running any one of a number of services, connecting to who-knows-what on the internet. So when your network-based intrusion detection system (IDS) opaquely declares that one of these machines has made an "anomalous" network connection, how do you even determine if it's business as usual? Sure you can log on to the host to try and figure it out, but (in case you hadn't noticed) computers are pretty fast these days, and once the connection is closed it might as well not have happened... Assuming it wasn't actually a reverse shell... At Yelp we turned to the Linux kernel to tell us whodunit! Utilizing the Linux kernel's eBPF subsystem - an in-kernel VM with syscall hooking capabilities - we're able to aggregate metadata about the calling process tree for any internet-bound TCP connection by filtering IPs and ports in-kernel and enriching with process tree information in userland. The result is "pidtree-bcc": a supplementary IDS. Now whenever there's an alert for a suspicious connection, we just search for it in our SIEM (spoiler alert: it's nearly always an engineer doing something "innovative")! And the cherry on top? It's stupid fast with negligible overhead, creating a much higher signal-to-noise ratio than the kernels firehose-like audit subsystems. This talk will look at how you can tune the signal-to-noise ratio of your IDS by making it reflect your business logic and common usage patterns, get more work done by reducing MTTR for false positives, use eBPF and the kernel to do all the hard work for you, accidentally load test your new IDS by not filtering all RFC-1918 addresses, and abuse Docker to get to production ASAP! As well as looking at some of the technologies that the kernel puts at your disposal, this talk will also tell pidtree-bcc's road from hackathon project to production system and how focus on demonstrating business value early on allowed the organization to give us buy-in to build and deploy a brand new project from scratch.

4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes

Juraj Hantak

Comparison of existing cni plugins for kubernetes

Adam Hamsik

CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction

CodiLime

Banog meetup August 30th, network device property as code

Damien Garros

ContainerDays Hamburg 2023 — Cilium Workshop.pdf

Raphaël PINSON

Kubernetes @ Squarespace (SRE Portland Meetup October 2017)

Kevin Lynch

Run Your Own 6LoWPAN Based IoT Network

Samsung Open Source Group

Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120

Linaro

"Session ID: BUD17-120 Session Name: Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120 Speaker: Stefan Schmidt Track: LITE ★ Session Summary ★ Adding support for IEEE 802.15.4 and 6LoWPAN to an embedded Linux system opens up new possibilities to communicate with tiny devices. The mainline kernel supports the wireless protocols to connect such devices to the internet, acting as border router for such networks. This talk will show the current kernel support, how to enable and configure the subsystems to use it and how to communicate between Linux and IoT operating systems like RIOT, Contiki or Zephyr. --------------------------------------------------- ★ Resources ★ Event Page: http://connect.linaro.org/resource/bud17/bud17-120/ Presentation: https://www.slideshare.net/linaroorg/linuxwpan-ieee-802154-and-6lowpan-in-the-linux-kernel-bud17120 Video: https://youtu.be/6YNeF2H2i-U --------------------------------------------------- ★ Event Details ★ Linaro Connect Budapest 2017 (BUD17) 6-10 March 2017 Corinthia Hotel, Budapest, Erzsébet krt. 43-49, 1073 Hungary --------------------------------------------------- Keyword: linux-wpan, kernel, IEEE, Stefan Schmidt http://www.linaro.org http://connect.linaro.org --------------------------------------------------- Follow us on Social Media https://www.facebook.com/LinaroOrg https://twitter.com/linaroorg https://www.youtube.com/user/linaroorg?sub_confirmation=1 https://www.linkedin.com/company/1026961"

SFScon 21 - Stefan Schmidt - The Rise of IPv6 in IoT Protocols

South Tyrol Free Software Conference

14:00 12/11/2021 After the initial years of wireless IoT devices basing their networking on proprietary protocols, home-grown by one vendor and in-compatibly to anything else, there is a shift to consolidate on IPv6. In this talk, we will go briefly over 6lowpan as a technology that enabled a lot of these use-cases by providing compression techniques for low-power radio links with limited frame sizes. While its initial development was for IEEE 802.15.4 based networks it was quickly adopted for Bluetooth, NFC, PLC, and others. This shift allowed the re-use of existing knowledge and concepts of TCP/IPv6 to be adopted into the IoT world, most notably the end-to-end concept, or rather the device-to-cloud concept for IoT. It also resulted in a reduced need for proxies translating between various proprietary networks and your home IP network. In the future, this hopefully will result in a reduction of product-specific IoT hubs in a network. An open source blueprint for such a gateway based on All Scenarios OS will be described, together with OpenThread and Matter (former CHIP) as example IPv6 based IoT turnkey solutions.

OpenEBS hangout #4

OpenEBS

Cloud Native Networking & Security with Cilium & eBPF

Raphaël PINSON

Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux

Samsung Open Source Group

Building a Small Datacenter

ssuser4b98f0

Building a Small DC

APNIC

Similar to Cilium - BPF & XDP for containers (20)

Cilium - Fast IPv6 Container Networking with BPF and XDP

Kubernetes from scratch at veepee sysadmins days 2019

Network services on Kubernetes on premise

Adding IEEE 802.15.4 and 6LoWPAN to an Embedded Linux Device

A Kernel of Truth: Intrusion Detection and Attestation with eBPF

DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...

4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes

Comparison of existing cni plugins for kubernetes

CodiLime Tech Talk - Adam Kułagowski: IPv6 - introduction

Banog meetup August 30th, network device property as code

ContainerDays Hamburg 2023 — Cilium Workshop.pdf

Kubernetes @ Squarespace (SRE Portland Meetup October 2017)

Run Your Own 6LoWPAN Based IoT Network

Linux-wpan: IEEE 802.15.4 and 6LoWPAN in the Linux Kernel - BUD17-120

SFScon 21 - Stefan Schmidt - The Rise of IPv6 in IoT Protocols

OpenEBS hangout #4

Cloud Native Networking & Security with Cilium & eBPF

Practical Guide to Run an IEEE 802.15.4 Network with 6LoWPAN Under Linux

Building a Small Datacenter

Building a Small DC

More from Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience

Cilium - BPF & XDP for containers

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Cilium - BPF & XDP for containers

Similar to Cilium - BPF & XDP for containers (20)

More from Docker, Inc.

More from Docker, Inc. (20)

Recently uploaded

Recently uploaded (20)

Cilium - BPF & XDP for containers