Explore the intricacies of building scalable network policy enforcement using eBPF in this informative conference talk. Delve into how Cilium leverages eBPF to implement various network policy features and scales to handle hundreds of thousands of pods in large Kubernetes clusters. Learn about efficient traffic interception techniques for L4 and L7 enforcement, CPU overhead minimization strategies, and design decisions crucial for optimizing kernel performance regardless of pod count. Gain insights into debugging eBPF-based networking datapaths and discover valuable lessons from years of programming Kubernetes abstractions directly into kernel space using eBPF. This talk is essential for those interested in advanced container networking, Kubernetes scalability, and leveraging eBPF for high-performance network policy enforcement.
Lessons from Building Scalable Network Policy Enforcement with eBPF
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Lessons from Building Scalable Network Policy Enforcement with eBPF - Hemanth Malla & Joe Stringer
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Introduction to Cilium
-
Kubernetes Network Policy Enforcement in XDP without IP Translation
-
Tales from an eBPF Program's Murder Mystery
-
Troubles and Tidbits from Datadog's eBPF Journey
-
Reshaping Network Traffic with eBPF and XDP - An Interactive Tutorial
-
Enforcing Network Policies for Host Processes via eBPF
