This course aims to teach learners about Cilium, an open-source project utilizing BPF for container networking and security. By delving into BPF technology, participants will understand its applications in enhancing application and network security, networking, tracing, and visibility. The course demonstrates how Cilium leverages BPF to address networking, security, and load balancing challenges in distributed applications, especially when integrated with orchestration systems like Kubernetes. The intended audience for this course includes individuals interested in container security, networking, and cloud-native applications.
Cilium - Container Security and Networking Using BPF and XDP
Overview
Syllabus
Intro
BPF is revolutionizing... Tracing / Profiling
BPF Revolution #2: XDP-DDoS mitigation
Facebook published BPF/XDP numbers for L3/L4 LB at Netdev 21
BPF Revolution #3: Security
Evolution of Application Design & Delivery Frequency
Network Security for Microservices
Gordon wants to build a service to tweet out all job offerings.
Gordon uses mutual TLS Auth Good thinking Gordon
The security team has L3/L4 network security in place for all services
Back to the drawing board...
Least privilege security for microservices
Kubernetes Integration
Should I encapsulate or not?
L3 Policy (Labels Based)
L3 Policy (CIDR)
Policy - Only allow GET /v1
How are these policies enforced?
What is a sidecar proxy?
Networking Path with a Sidecar
Kernel Proxy
Socket Redirect - Performance?
The Before and After
Cilium Summary
Taught by
Linux Foundation
