Cilium – Container Security and Networking Using BPF and XDP – Thomas Graf, Covalent
This talk introduces Cilium, a fast emerging open source project leveraging BPF to provide networking and security for containers. We will do a quick deep dive into BPF, possibly the most promising low level technology to address challenges in application and network security, networking, tracing, and visibility. We will discuss how BPF became capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss how Cilium can be combined with orchestration systems such as Kubernetes to provide security and networking for cloud native applications.
About Thomas Graf
Thomas Graf has been a Linux kernel developer for 15 years, working on a variety of networking and security subsystems. His current focus is on BPF/XDP and how it can be applied to solve challenges of distributed applications. This includes providing secure networking with transparent encryption, application aware security, tracing, visibility, and mitigation of DDoS attacks. Thomas is a contributor to various open source projects including the Linux kernel, Cilium, Open vSwitch, Docker, and Kubernetes.