Rootconf 2018

Rootconf 2018

On scaling infrastructure and operations

Shantanu Deshpande


Cilium - Kernel Native Security with BPF and XDP for Containers

Submitted Mar 16, 2018

As good as the affair of containers and microservices has been so far, there’s always been a concern about security. But, security hasn’t evolved along with containers, did it? Enters Cilium, which leverages BPF for securing network connectivity between application services deployed with containers.


Cilium is an open source project which can be used for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At it’s heart,Cilium uses a new linux kernel technology called BPF. By leveraging Linux BPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment by decoupling security from addressing, but can also provide stronger security isolation by operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation.

Speaker bio

A curious DevOps maniac with deep interests in Linux, containers, virtualization, Cloud, Machine Learning, DL, AI. Meetup organizer at Rancher Pune, India. Docker Mentor. A Pink Floydist, and a Platonist. Contributor in cilium project.



{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

We care about site reliability, cloud costs, security and data privacy