BPF - cilium/cilium

Berkeley Packet Filter (BPF) is a technology in the Linux kernel that allows for the efficient filtering of network packets. It has gained popularity in recent years due to its ability to enable high-performance networking and security capabilities in a scalable and efficient manner. Cilium, an open-source project, uses BPF to provide networking and security for cloud-native applications running on Kubernetes.

Cilium’s use of BPF enables it to provide the following features:

• Identity-aware security: Cilium uses BPF to enforce security policies based on the identity of the application, rather than just the IP address and port number. This allows for more fine-grained security policies that can adapt to the dynamic nature of microservices architectures.
• Multi-cluster routing: Cilium can use BPF to route traffic between different Kubernetes clusters, enabling hybrid and multi-cloud deployments.
• Transparent encryption: Cilium can use BPF to encrypt traffic between services, providing data-in-transit encryption without requiring changes to the application.
• API-aware visibility/filtering: Cilium can use BPF to provide visibility and filtering at the application layer, enabling more sophisticated security policies and better troubleshooting capabilities.
• Service-mesh acceleration: Cilium can use BPF to accelerate service-mesh implementations, providing better performance and scalability than traditional solutions.

Here are some resources to learn more about BPF and how it is used in Cilium:

• Implementing Least Privilege Security and Networking with BPF on Kubernetes by Arvind Soni, Covalent. This talk provides an introduction to BPF and how it is used in Cilium to provide networking and security for Kubernetes.
• Webinar: How Cilium uses BPF to Supercharge Kubernetes Networking & Security by SUSE and Isovalent. This webinar provides an introduction to BPF and the Cilium architecture, as well as a deep dive into key Cilium capabilities.
• Transparent Chaos Testing with Envoy, Cilium and BPF by Thomas Graf, Isovalent. This talk demonstrates how to use Cilium and BPF to introduce chaos such as service unavailability, latency and random rate limiting into any Kubernetes environment in a completely transparent manner.
• Cilium Agent metrics provide information about the status and performance of the Cilium Agent, including BPF map pressure, NAT table full errors, and API high error rates.
• Cilium Agent provenance information provides information about the origin and contents of the Cilium Agent image.
• Cilium Operator provenance information provides information about the origin and contents of the Cilium Operator image.
• Secure your Kubernetes deployments with eBPF by Red Hat. This article provides an introduction to eBPF and how it can be used to secure Kubernetes deployments.

To learn more about writing and testing BPF programs, you can refer to the following resources:

• BPF Compiler Collection (BCC) is a framework for creating efficient kernel tracing and manipulation programs using eBPF. It includes tools for compiling, loading, and debugging BPF programs.
• libbpf is a C library for loading and managing eBPF programs and maps. It provides a simple and portable interface for working with eBPF programs.
• bpftool is a command-line tool for managing eBPF programs and maps. It can be used to load, unload, and query eBPF programs and maps, as well as perform various other operations.
• BPF Performance Tools is a collection of tools for analyzing and troubleshooting system performance using eBPF. It includes tools for tracing system calls, network traffic, and other system events.

Here are some examples of BPF programs that can be used with Cilium:

• Cilium L7Policy extension is a custom HTTP filter for the Envoy proxy that provides L7 policy enforcement. It is implemented as a BPF program and is inserted as an HTTP filter in the cilium-HTTP-ingress:11055 listener.
• Cilium CNI plugin is a CNI plugin for Kubernetes that uses BPF to provide networking and security for pods. It includes BPF programs for managing network policies, IP tables, and other networking functions.
• Cilium Hubble is a network visibility and troubleshooting tool for Kubernetes that uses BPF to provide real-time visibility into network traffic. It includes BPF programs for capturing and analyzing network packets.

In summary, BPF is a powerful technology that enables high-performance networking and security capabilities in a scalable and efficient manner. Cilium uses BPF to provide networking and security for cloud-native applications running on Kubernetes, and provides a variety of tools and resources for writing and testing BPF programs.