Isovalent Looks to Transform Container Networking With eBPF

The way network packets are processed is about to dramatically change for the better, as more Linux distributions integrate extended Berkeley Packet Filter (eBPF) capabilities in 2021.

Rather than processing packets in user space, eBPF sandboxes programs within the kernel space without changing kernel source code. At the forefront of an effort to apply eBPF capabilities to networking is an open source project, dubbed Cilium, from Isovalent. Cilium leverages eBPF to process networking packets moving between Kubernetes pods.

At its core, Cilium is a container network interface (CNI) for providing connectivity to Kubernetes workloads. The eBPF-based datapath supports direct routing of both IPv4 and IPv6 traffic, and can be integrated with networking services exposed by cloud service providers. It can also act as a replacement for kube-proxy to load balance a Kubernetes cluster.

eBPF

Cilium is already in use by Google, Alibaba, Adobe, Capital One, Datadog and GitLab. The solution promises to make it simpler and faster to apply security policies by running code in a sandbox at the kernel level.

In addition, as metric data is increasingly gathered at the kernel level, IT teams should be able to instrument IT environments without adding additional overhead to their applications. As IT teams update various Linux distributions in 2021, it’s likely eBPF capabilities will see wider deployment.

Isovalent CEO Dan Wendlandt says eBPF, coupled with Cilium, will ultimately reduce reliance on legacy network overlays to connect fleets of Kubernetes clusters at a granular level. In fact, Linux distributions running on smart network integration card (NICs) might offload packet processing from traditional servers altogether, Wendlandt says. This could have profound implications for future adoption of network virtualization overlays, at a time when many organizations are shifting toward software-defined approaches to networking. Ultimately, eBPF is a highly programmable alternative that make it easier to dynamically adjust network and security services as application environments change, Wendlandt said.

There are other areas where eBPF will impact networking software, including in greenfield Kubernetes environments. There’s already hints that the convergence of network operations and DevOps, as well as transformation of the way network packets are processed across a distributed enterprise, is sparking a new wave of innovation. The impact eBPF will have on networking, security and observability will be widespread.

In fact, as developers gain more control over network services, NetOps will become yet another responsibility for site reliability engineers (SREs), in addition to optimizing an IT infrastructure environment that is increasingly managed as code.

In the meantime, IT organizations might want to reconsider their investments in network overlays, as fundamental change in the way network packets are processed is on the horizon.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1615 posts and counting. See all posts by Mike Vizard