Cilum has emerged as one of the most popular open source projects
in cloud native infrastructure, joining the likes of Kubernetes and
OpenTelemetry at the very top of the "hot" list. VMblog's expert interview
welcomes Cilium developer advocate Shedrack Akintayo, who shares some
perspectives on the rise of the project that recently became the CNCF's first
graduated project in the Cloud Native Networking category.
VMblog:
There is a tremendous amount of excitement around the Cilium project for cloud
native platform engineering. How has Cilium extended the power of eBPF, and why
was this a right-time, right-place technology that has taken off to such a
degree?
Shedrack
Akintayo: In 2014, the Linux networking
ecosystem experienced a wave of innovation that reshaped it. During this
period, the ecosystem was focused on building various networking protocols and
models including software-defined networking. At the
same time, Kubernetes made its first commit and
containerization was taking off. With these new improvements in the ecosystem,
the pre-existing Linux networking, observability, and security tools became
unable to keep up with the dynamic needs of containerised and orchestrated
applications.
eBPF had also just been merged into the Linux kernel, bringing
programmability and flexibility to this decades-old technology. Some of the key
architects behind the revolutionary technology wanted to bring the power of
eBPF to end users, leading to the creation of the Cilium project. The main
goal for Cilium was to introduce a new networking layer that was programmable,
scalable, and secure by default to keep up with the needs of IT infrastructure.
The initial implementation of Cilium was as an eBPF-based
Container Networking Interface (CNI) to provide connectivity for container
workloads. As the cloud native ecosystem grew, Cilium's use cases evolved,
expanding to include a myriad of capabilities like service mesh, BGP, network encryption, etc. Each
new capability added was a testament to Cilium's evolving nature, constantly
adapting to meet the complex demands and challenges that cloud native
networking, observability, and security presented.
Cilium's evolution is a great example of innovation spurred by
necessity and an evolving journey towards creating a platform that meets the
requirements of the cloud native world.
VMblog:
What are the classes of cloud native use cases and problems that Cilium is
taming? Tell Vmblog readers more about the environments and specific needs that
Cilium addresses.
Akintayo: Transitioning from legacy systems to cloud native introduces
all kinds of challenges: securing customer data, maintaining high
performance, keeping up with customer demands and scale, and avoiding outages
and degradation of customer service. Cilium provides a single connectivity
layer where it's possible to address all of these types of "day 2" problems for
Kubernetes and cloud native in a network platform layer.
As enterprise cloud native environments grow, the network becomes
the natural place for these problems to be solved. For example, Cilium offers a
high-performance layer 4 load balancer designed to efficiently
handle the networking demands of high traffic environments. Cilium's Kube-proxy replacement can also
provide enhanced networking speed and scalability for enterprises building on
Kubernetes. These are some of the features of Cilium helping ensure that as the
enterprises grows, the networking solutions evolve equally.
Enterprises seeking to optimize their Kubernetes deployments for
high-performance networking can reap significant benefits from adopting Cilium.
Cilium's unique architecture enables it to operate directly within the Linux
kernel, resulting in substantial performance
improvements. This translates into faster application response times, reduced
delays for data-intensive workloads, enhanced throughput for high-bandwidth
applications, and support for larger-scale deployments.
VMblog:
Who are some major eBPF users, and what are their use cases?
Akintayo: Major organizations and projects such
as Meta, Netflix, and Google use eBPF across their organization for its
ability to enhance system performance, give granular observability, and provide
better security. Additionally, its wide adoption and
contributions from various organizations underline its importance and the
pivotal role it plays in modern technology solutions.
There are many other examples. Meltwater, a global media
intelligence company, uses Cilium as the default container network interface
across all of their Kubernetes clusters, for better performance and network
visibility. Trendyol, a leading e-commerce platform in Turkey, is another
interesting use case. They are managing three to five thousand nodes within a
single cluster and use Cilium as their CNI - and they've cited a 40 per cent
increase in network performance.
VMblog:
Tell us about the intersection of networking and security, and how Cilium's
control of the network fabric translates into new security frontiers.
In a microservices-based system, observability is the key to
discovering the intricacies of network operations and debugging when things go
wrong. Cilium provides in-depth observability with Hubble, paving
the way for a clear understanding of network traffic. This, in turn, simplifies
troubleshooting and performance optimization, acting as a catalyst in
diagnosing and resolving network-related issues.
By harnessing the power of eBPF, Cilium also enables the dynamic
insertion of powerful security visibility and controls that weren't previously
possible. Kubernetes provides limited default security and observability
resources, and ships without a dedicated runtime security model. In this
absence of a standard open source runtime security platform, early Kubernetes
adopters have been forced to use proprietary security agents that come with
major compute and memory performance overhead and cloud costs, while also
failing to capture the lower-level, runtime security data emitted closest to
the kernel.
Cilium recently launched Tetragon, which is an eBPF-based security
observability and runtime enforcement platform designed to give security and
operations teams richer telemetry data for runtime security, while eliminating
the performance overhead of traditional security agents. Tetragon is built
around eBPF and uses in-kernel filtering and aggregation logic, providing deep
visibility without traditional agents or application changes. It gives platform
and security teams a powerful observability layer that can introspect the
entire system ranging from low-level kernel visibility to track file accesses,
network activity, or capability changes, all the way up into the application
layers covering aspects such as function calls into vulnerable libraries, tracing
process execution, or understanding HTTP requests made.
##