eCHO News 64
eCHO news is your bi-weekly wrap up of all things eBPF and Cilium. If you want to keep up on the latest in cloud native networking, observability, and security this is your quelle
10th September 2024
In case you haven't heard, eBPF Summit is tomorrow. I'm always excited for this event because it showcases all of the new and exciting ways that eBPF is being used. Tune in from 8:30AM-13:00PM PST / 5:30PM-10:00PM CEST.
Speaking of cutting edge eBPF work, the eBPF Foundation awarded $250k to 5 academic projects, here is what they do:
✔ Increasing the security of the verifier with formal verification 🧠 Using eBPF for memory management 🔐 Leveraging hardware isolation instead of the verifier for security 🔬 Making an eBPF runtime for hosting μs-scale applications 😴 Lazy abstraction to enhance the precision of the eBPF verifier
In more conference news, the schedule for Cilium + eBPF Day is also out and I'm excited to be co-chairing the event again. We have end user talks covering edge, multi-cloud, and scaling to zero along with deep dives into the data path like accelerating IPSec 400% and scaling out network policy enforcement. You won't want to miss it. Finally, I'll be heading to the first KubeCon India this fall and I'm looking for an end user company to join me for the Cilium maintainers track session. Just hit reply to this email if you want to help out the community and join me on stage to talk about how you use Cilium. We still have a few more videos to edit before eBPF Summit so let’s 🐝 -gin.
The Technical
Building High-Performance Userspace eBPF VMs with LLVM - "a powerful tool for developers looking to leverage eBPF outside the kernel"
The magic of eBPF III: Development playground - Set up your dev environment and "Who knows, maybe you end up contributing to Cilium"
Hubble for Network Observability and Security (Part 3): Leveraging Hubble Data for Network Security - Policy verdicts, DNS queries, and more
eBPF in practice – PID concealment (Part 2) - What the user doesn't know can't hurt them, also in French and code
What is BTF (BPF Type Format)? - Learn what makes CO-RE possible
eBPF-Powered Load Balancing for SO_REUSEPORT - "Implementing Hot Standby Load Balancing"
eBPF command line tools - Quick blogs on filetop and runqlat and runqslower
Transparent Proxy Implementation using eBPF and Go - "the average CPU load introduced by each hook is basically, nothing"
pythops/oryx - "TUI for sniffing network traffic using eBPF on Linux"
zmaril/bpfquery - "Zack's experimental tool for querying BPF with SQL"
yuta-imai/tap-house - "An ebpf based packet analyser. You can tap packets using Soracom Junction"
anoushk1234/zig-ebpf - "Zig virtual machine for eBPF programs" Why - Short answer: I was bored
🐝
The Ecosystem
eBPF Foundation Announces $250,000 in Grant Awards for Five eBPF Academic Research Projects - From formal verification to learning to manage virtual memory with coverage from SDTimes, TFIR, and TMCnet
Odigos Raised $13M to Bring Distributed Traces to the Masses - "leveraging eBPF to automate the implementation of distributed tracing, eliminating the need for code changes and ensuring zero performance overhead"
Hello eBPF: Collection of Resources for eBPF (14.5) - Links to write your own eBPF library
Recommended by LinkedIn
eBPF Security Power and Shortfalls - "No one meant that eBPF is a single tool/technology to solve all security needs"
Optimierung der Netzwerk- und Laufzeitsicherheit in Kubernetes durch den Einsatz von eBPF und Cilium - German intro to eBPF
🐝
The How To
Understanding eBPF and Its Application in Modern Cloud Environments - Set up Cilium in AKS
Cluster Mesh with Cilium - Learn to manage and scale a multi cluster environment with Cilium
🐝
The Video
Game of Life Using eBPF - From zero to Turing Complete in 30 seconds
Unlocking the Power of Cilium for Platform Operators - Discover what eBPF-based Cilium has to offer to revolutionize your operations
eBPF Programming Part 3 - Preventing Linux Local Privilege Escalation using eBPF and LSM - by hooking into the bprm_check_security function
Simplify Kubernetes operations with Cilium Ingress: Hands-On workshop for Platform Operators - Delve into the powerful capabilities of Cilium's Service Mesh and Ingress Controller
🐝
The Events
eBPF Summit - September 11th, Schedule is out now! Join the livestream tomorrow
Tetragon: Cloud Native Security Workshop with Copebit & AWS in Zurich - In-person event on September 17
Cilium + eBPF Day - See you in Salt Lake! Schedule is out now!
🐝
The Tweet of the Week
Community @ Isovalent working on Cilium and eBPF
3moContent from: Peter Zaitsev Teodor Podobnik Yusheng Zheng Johannes Bechberger Yuta Imai Scott Sunarto Ari Recht Eden Federman Sanidhya Kashyap Srinivas Narayana Santosh Nagarakatte Zhe Wang Zhendong Su Dimitrios Skarlatos Tobias Holzner B. Cameron Gain Anoushk Kharangate Tristan d'Audibert Zack Maril Shedrack Akintayo Badr BADRI Hamdi Khelil