back to article Cilium leaves incubator, gets the nod from Cloud Native Computing Foundation

The Cloud Native Computing Foundation (CNCF) has awarded a graduated sash to Cilium, a validation of the maturity and future of the eBPF project. Cilium started as an eBPF-based implementation of the Container Networking Interface (CNI) to provide connectivity for container workloads. In the years since development kicked off …

  1. Steve Button Silver badge

    So, what is it?

    I've been hearing the hype about eBPF for some time now on various blogs and podcasts and have never actually quite figured out what it is, and why I need to know about it.

    I'm guessing it can mess with traffic at the kernel level, which seems kind of dangerous. As a sysadmin / DevOps / SRE (or whatever they are calling it this week) is this something I need to go off and learn more about now, or should I leave that for the likes of Red Hat or Google who like to mess around at this level, and I'll just magically benefit somehow?

    Can someone explain it in words that a lazy thicko DevOps engineer can understand? (I tried to do a little reading and just got totally lost in what seemed like marketing hype).

    In the words of a famous Cat "So, what is it?"

    1. chhum2

      Re: So, what is it?

      It allows developers to write custom code that can be loaded into the Linux kernel dynamically, changing the way the kernel behaves. Useful for observability, high-performance networking, and detecting and preventing malicious activity. There is a verification process that keeps it safe by checking every possible path through the program and every instruction is safe - done at the byte code level.

      It’s actually pretty cool particularly given the utter impossibility of getting changes into the Kernel proper.

      There’s a good, easy explanation here:

      https://blog.container-solutions.com/how-ebpf-enables-cloud-native-innovation

      Liz Rice’s book “Learning eBPF” is the best longer resource I know of should you want to learn it - short and well written.

      1. Steve Button Silver badge

        Re: So, what is it?

        Thanks, that's interesting. I was also looking at this, which is a specific implementation of Ambient Mesh in Istio.

        https://istio.io/latest/blog/2022/introducing-ambient-mesh/

        I can see that these things are going to be really useful for me as a DevOps Engineer (mTLS, Logging, Observability, Layer 7 routing, circuit breaking, etc.*), however I see myself as a user of them rather than a developer. For instance, years back when I got to benefit(?) from the latest SE Linux changes (like switching it on), I didn't then go and learn about the C code which has made that extra work for me, ahem, I mean extra security.

        * You get all that with Istio anyway, but by using eBPF they can do it quicker and without sidecars.

        Also, when I say "dangerous" I'm not talking about breaking the kernel, but I'm more worried about traffic leaking or perhaps just flooding my network with traffic, or something I haven't thought of yet. It makes supplier chain attacks harder to detect, or could make some really weird bugs.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like