ScyllaDB, profile picture
Uploaded byScyllaDB
1,528 views

Using eBPF for High-Performance Networking in Cilium

Liz Rice discusses the use of eBPF for high-performance networking in Cilium, highlighting its application in handling network packets and enhancing performance. The document covers various technical aspects of eBPF implementation, including examples of code for packet handling and discussions on networking security. Additionally, it mentions the performance benefits of using Cilium as a replacement for kube-proxy in container networking.

Brought to you by Using eBPF for High-Performance Networking in Cilium Liz Rice @lizrice Chief Open Source Officer at Isovalent
Hi, I’m Liz 👋 Chief Open Source Officer at Isovalent ■ Previously chair of CNCF’s Technical Oversight Committee ■ Early career: writing networking code ■ Containers / security / eBPF / cloud native ■ Often found on a bike or playing music
eBPF-based high-performance networking: XDP
@lizrice host eth0 Bad packet ��
@lizrice host eth0 Bad packet Discard? XDP
@lizrice host eth0 Bad packet Discard? XDP
eBPF Packet Drop SEC("xdp") int goodbye_ping(struct xdp_md *ctx) { ... if (iph->protocol == IPPROTO_ICMP) return XDP_DROP; return XDP_PASS; }
Cilium - eBPF-based networking for distributed systems
https://www.reddit.com/r/networkingmemes/comments/8u7jyz/container_networking/
iptables Todo! Example iptables output - possibly live as demo
$ kubectl -n kube-system delete ds kube-proxy
host pod app socket veth veth eth0 iptables conntrack iptables INPUT Linux routing iptables PREROUTING mangle iptables conntrack iptables FORWARD Linux routing iptables PREROUTING nat iptables POSTROUTING mangle iptables PREROUTING mangle iptables POSTROUTING nat Network Path
host pod app socket veth veth eth0 iptables conntrack iptables INPUT Linux routing iptables PREROUTING mangle Network Path Linux routing
host pod app socket veth veth eth0 iptables conntrack iptables INPUT Linux routing iptables PREROUTING mangle Network Security Linux routing Policy checks
userspace kernel JIT native code eth0 eBPF verifier bpf(BPF_PROG_LOAD, …) eBPF loader SEC(“to_netdev”) int handle(struct sk_buff *skb) { … if (tcp->dport == 80) redirect(lxc0); return DROP_PACKET; } foo.o clang -target bpf [...] agent BPF maps lxc0
@lizrice https://cilium.io/blog/2021/05/11/cni-benchmark Cilium eBPF (receive path)
@lizrice kube-proxy replacement performance
Brought to you by Liz Rice @lizrice | cilium.io | ebpf.io Thank you

More Related Content

PDF
Accelerating Envoy and Istio with Cilium and the Linux Kernel
byThomas Graf
 
PDF
Replacing iptables with eBPF in Kubernetes with Cilium
byMichal Rostecki
 
PDF
Open vSwitch 패킷 처리 구조
bySeung-Hoon Baek
 
ODP
eBPF maps 101
bySUSE Labs Taipei
 
PDF
Introduction to eBPF
byRogerColl2
 
PDF
eBPF - Observability In Deep
byMydbops
 
PPTX
eBPF Workshop
byMichael Kehoe
 
PDF
Linux Networking Explained
byThomas Graf
 
Accelerating Envoy and Istio with Cilium and the Linux Kernel
byThomas Graf
 
Replacing iptables with eBPF in Kubernetes with Cilium
byMichal Rostecki
 
Open vSwitch 패킷 처리 구조
bySeung-Hoon Baek
 
eBPF maps 101
bySUSE Labs Taipei
 
Introduction to eBPF
byRogerColl2
 
eBPF - Observability In Deep
byMydbops
 
eBPF Workshop
byMichael Kehoe
 
Linux Networking Explained
byThomas Graf
 

What's hot

PPTX
eBPF Basics
byMichael Kehoe
 
PDF
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
byThomas Graf
 
PDF
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
byJo Hoon
 
PDF
Cloud Native Networking & Security with Cilium & eBPF
byRaphaël PINSON
 
PDF
Performance Wins with BPF: Getting Started
byBrendan Gregg
 
PDF
Introduction to eBPF and XDP
bylcplcp1
 
PPTX
Understanding DPDK
byDenys Haryachyy
 
PDF
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
byThomas Graf
 
PDF
Intel dpdk Tutorial
bySaifuddin Kaijar
 
PDF
High-Performance Networking Using eBPF, XDP, and io_uring
byScyllaDB
 
PPTX
Ovs dpdk hwoffload way to full offload
byKevin Traynor
 
PDF
BPF / XDP 8월 세미나 KossLab
byTaeung Song
 
PDF
Kubernetes Networking with Cilium - Deep Dive
byMichal Rostecki
 
PDF
eBPF - Rethinking the Linux Kernel
byThomas Graf
 
PDF
BPF Internals (eBPF)
byBrendan Gregg
 
PDF
Open vSwitch Introduction
byHungWei Chiu
 
PDF
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
byOpenStack Korea Community
 
PDF
Linux Performance Analysis and Tools
byBrendan Gregg
 
PPTX
Grafana Mimir and VictoriaMetrics_ Performance Tests.pptx
byRomanKhavronenko
 
PDF
Cilium - Container Networking with BPF & XDP
byThomas Graf
 
eBPF Basics
byMichael Kehoe
 
Cilium - Bringing the BPF Revolution to Kubernetes Networking and Security
byThomas Graf
 
왜 쿠버네티스는 systemd로 cgroup을 관리하려고 할까요
byJo Hoon
 
Cloud Native Networking & Security with Cilium & eBPF
byRaphaël PINSON
 
Performance Wins with BPF: Getting Started
byBrendan Gregg
 
Introduction to eBPF and XDP
bylcplcp1
 
Understanding DPDK
byDenys Haryachyy
 
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDP
byThomas Graf
 
Intel dpdk Tutorial
bySaifuddin Kaijar
 
High-Performance Networking Using eBPF, XDP, and io_uring
byScyllaDB
 
Ovs dpdk hwoffload way to full offload
byKevin Traynor
 
BPF / XDP 8월 세미나 KossLab
byTaeung Song
 
Kubernetes Networking with Cilium - Deep Dive
byMichal Rostecki
 
eBPF - Rethinking the Linux Kernel
byThomas Graf
 
BPF Internals (eBPF)
byBrendan Gregg
 
Open vSwitch Introduction
byHungWei Chiu
 
[OpenInfra Days Korea 2018] Day 1 - T4-7: "Ceph 스토리지, PaaS로 서비스 운영하기"
byOpenStack Korea Community
 
Linux Performance Analysis and Tools
byBrendan Gregg
 
Grafana Mimir and VictoriaMetrics_ Performance Tests.pptx
byRomanKhavronenko
 
Cilium - Container Networking with BPF & XDP
byThomas Graf
 

Similar to Using eBPF for High-Performance Networking in Cilium

PDF
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
byHanLing Shen
 
PPTX
Cfgmgmtcamp 2023 — eBPF Superpowers
byRaphaël PINSON
 
PDF
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...
byDocker, Inc.
 
PDF
SRE NL MeetUp - eBPF.pdf
bySiteReliabilityEngin
 
PDF
Cilium - Fast IPv6 Container Networking with BPF and XDP
byThomas Graf
 
PPTX
Dataplane programming with eBPF: architecture and tools
byStefano Salsano
 
PDF
eBPF — Divulging The Hidden Super Power.pdf
bySGBSeo
 
PDF
eBPF — Divulging The Hidden Super Power.pdf
byseo18
 
PDF
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
byThomas Graf
 
PDF
Zero-overhead Container Networking with eBPF and Netkit by Liz Rice
byScyllaDB
 
PPTX
Making our networking stack truly extensible
byOlivier Bonaventure
 
PDF
ebpf and IO Visor: The What, how, and what next!
byAffan Syed
 
PDF
Cilium - BPF & XDP for containers
byDocker, Inc.
 
PDF
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
byCynthia Thomas
 
PDF
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
byDocker, Inc.
 
PDF
Meetup 2009
byHuaiEnTseng
 
PDF
Xdp and ebpf_maps
bylcplcp1
 
PDF
eBPF/XDP
byNetronome
 
PDF
Transparent eBPF Offload: Playing Nice with the Linux Kernel
byOpen-NFP
 
PPTX
Understanding eBPF in a Hurry!
byRay Jenkins
 
CNTUG x SDN Meetup #33 Talk 1: 從 Cilium 認識 cgroup ebpf - Ruian
byHanLing Shen
 
Cfgmgmtcamp 2023 — eBPF Superpowers
byRaphaël PINSON
 
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...
byDocker, Inc.
 
SRE NL MeetUp - eBPF.pdf
bySiteReliabilityEngin
 
Cilium - Fast IPv6 Container Networking with BPF and XDP
byThomas Graf
 
Dataplane programming with eBPF: architecture and tools
byStefano Salsano
 
eBPF — Divulging The Hidden Super Power.pdf
bySGBSeo
 
eBPF — Divulging The Hidden Super Power.pdf
byseo18
 
BPF & Cilium - Turning Linux into a Microservices-aware Operating System
byThomas Graf
 
Zero-overhead Container Networking with eBPF and Netkit by Liz Rice
byScyllaDB
 
Making our networking stack truly extensible
byOlivier Bonaventure
 
ebpf and IO Visor: The What, how, and what next!
byAffan Syed
 
Cilium - BPF & XDP for containers
byDocker, Inc.
 
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPF
byCynthia Thomas
 
Cilium: Kernel Native Security & DDOS Mitigation for Microservices with BPF
byDocker, Inc.
 
Meetup 2009
byHuaiEnTseng
 
Xdp and ebpf_maps
bylcplcp1
 
eBPF/XDP
byNetronome
 
Transparent eBPF Offload: Playing Nice with the Linux Kernel
byOpen-NFP
 
Understanding eBPF in a Hurry!
byRay Jenkins
 

More from ScyllaDB

PDF
The Tale of Taming TigerBeetle's Tail Latency by Tobias Ziegler
byScyllaDB
 
PDF
xCapture v3: Efficient, Always-On Thread Level Observability with eBPF by Tan...
byScyllaDB
 
PDF
From Gatekeeper to Kyverno : Kubernetes Policy Management with Performance by...
byScyllaDB
 
PDF
Design Considerations for P99-optimized Hash Tables by Steve Heller
byScyllaDB
 
PDF
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
PDF
40x Faster Binary Search by Ragnar Groot Koerkamp
byScyllaDB
 
PDF
The Gory Details of a Full-Featured Userspace CPU Scheduler by Avi Kivity
byScyllaDB
 
PDF
Turbocharging MCP: Speed, Smarts, and Scale by Viraj Sharma
byScyllaDB
 
PDF
ZGC: A Decade of Innovation by Stefan Johansson
byScyllaDB
 
PDF
What Would You Give for Speed: Trade-offs in Eventually Consistent Systems at...
byScyllaDB
 
PDF
Measuring Query Latency the Hard Way: An Adventure in Impractical Postgres Mo...
byScyllaDB
 
PDF
Scaling to 6.6M Read OPS with ScyllaDB on Kubernetes: Achieving Sub-2ms Laten...
byScyllaDB
 
PDF
Netflix's Scalable Page Construction with Real-Time Impression History by Sau...
byScyllaDB
 
PDF
Building a Fast Lock-free Queue for Trading Systems by Sarthak Sehgal
byScyllaDB
 
PDF
Hunting a Kernel Allocation Bug Triggered by io_uring by Raphael Carvalho
byScyllaDB
 
PDF
Rethinking Durable Workflows and Queues: A Library-based Approach by Qian Li
byScyllaDB
 
PDF
Go Faster: Tuning the Go Runtime for Latency and Throughput by Paweł Obrępalski
byScyllaDB
 
PDF
Engineering a Low-Latency Vector Search Engine for ScyllaDB by Pawel Pery
byScyllaDB
 
PDF
Building Planet-Scale Streaming Apps: Proven Strategies with Apache Flink by ...
byScyllaDB
 
PDF
A Deep Dive into the Seastar Event Loop by Pavel Emelyanov
byScyllaDB
 
The Tale of Taming TigerBeetle's Tail Latency by Tobias Ziegler
byScyllaDB
 
xCapture v3: Efficient, Always-On Thread Level Observability with eBPF by Tan...
byScyllaDB
 
From Gatekeeper to Kyverno : Kubernetes Policy Management with Performance by...
byScyllaDB
 
Design Considerations for P99-optimized Hash Tables by Steve Heller
byScyllaDB
 
Cassandra vs. ScyllaDB: Evolutionary Differences
byScyllaDB
 
40x Faster Binary Search by Ragnar Groot Koerkamp
byScyllaDB
 
The Gory Details of a Full-Featured Userspace CPU Scheduler by Avi Kivity
byScyllaDB
 
Turbocharging MCP: Speed, Smarts, and Scale by Viraj Sharma
byScyllaDB
 
ZGC: A Decade of Innovation by Stefan Johansson
byScyllaDB
 
What Would You Give for Speed: Trade-offs in Eventually Consistent Systems at...
byScyllaDB
 
Measuring Query Latency the Hard Way: An Adventure in Impractical Postgres Mo...
byScyllaDB
 
Scaling to 6.6M Read OPS with ScyllaDB on Kubernetes: Achieving Sub-2ms Laten...
byScyllaDB
 
Netflix's Scalable Page Construction with Real-Time Impression History by Sau...
byScyllaDB
 
Building a Fast Lock-free Queue for Trading Systems by Sarthak Sehgal
byScyllaDB
 
Hunting a Kernel Allocation Bug Triggered by io_uring by Raphael Carvalho
byScyllaDB
 
Rethinking Durable Workflows and Queues: A Library-based Approach by Qian Li
byScyllaDB
 
Go Faster: Tuning the Go Runtime for Latency and Throughput by Paweł Obrępalski
byScyllaDB
 
Engineering a Low-Latency Vector Search Engine for ScyllaDB by Pawel Pery
byScyllaDB
 
Building Planet-Scale Streaming Apps: Proven Strategies with Apache Flink by ...
byScyllaDB
 
A Deep Dive into the Seastar Event Loop by Pavel Emelyanov
byScyllaDB
 

Recently uploaded

PDF
Phishing for Answers: A Tech Filler Quiz.pdf
byConquiztadors- the Quiz Society of Sri Venkateswara College
 
PDF
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
PDF
Session 4 - Specialized AI Associate Series: UiPath Document Understanding O...
byDianaGray10
 
PDF
AI assisted software — Cathedral or Bazaar?.pdf
byMindtrek
 
PPTX
TechVerse Kent (Combining Tech, AI, Innovation and Creativity)
byKritarthDevli
 
PPTX
Cloud Metrics: The Cost-Value Equation (All Things Open 2025)
byEric D. Schabell
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PDF
Tilannekatsaus tekoälytoimintaan Suomessa.pdf
byMindtrek
 
PPTX
CLOUD STUDY JAM 2025 GOOGLE DEVELOPER GROUPS ON CAMPUS NSEC
byasutoshkumar560
 
PDF
A business case for open source: From lock-in to value.pdf
byMindtrek
 
PDF
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
PDF
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
PPTX
This Could Have Been a Slack Message: Diagnosing and Treating Bad Meetings
byMike Clement
 
PDF
Digital Sovereignty has to start with Open Source.pdf
byMindtrek
 
PDF
Optimizing a Global Training Strategy: An LKQ Corporation Case Study
byRustici Software
 
PDF
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PDF
The Role of Human Experiences (HX) in GenAI Adoption
byDr. Tathagat Varma
 
Phishing for Answers: A Tech Filler Quiz.pdf
byConquiztadors- the Quiz Society of Sri Venkateswara College
 
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
Session 4 - Specialized AI Associate Series: UiPath Document Understanding O...
byDianaGray10
 
AI assisted software — Cathedral or Bazaar?.pdf
byMindtrek
 
TechVerse Kent (Combining Tech, AI, Innovation and Creativity)
byKritarthDevli
 
Cloud Metrics: The Cost-Value Equation (All Things Open 2025)
byEric D. Schabell
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
Tilannekatsaus tekoälytoimintaan Suomessa.pdf
byMindtrek
 
CLOUD STUDY JAM 2025 GOOGLE DEVELOPER GROUPS ON CAMPUS NSEC
byasutoshkumar560
 
A business case for open source: From lock-in to value.pdf
byMindtrek
 
The invisible key: Securing the new attack vector of OAuth tokens
byGianluca Varisco
 
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
This Could Have Been a Slack Message: Diagnosing and Treating Bad Meetings
byMike Clement
 
Digital Sovereignty has to start with Open Source.pdf
byMindtrek
 
Optimizing a Global Training Strategy: An LKQ Corporation Case Study
byRustici Software
 
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
The Role of Human Experiences (HX) in GenAI Adoption
byDr. Tathagat Varma
 

Using eBPF for High-Performance Networking in Cilium