Rootconf 2018

On scaling infrastructure and operations

Cilium - Kernel Native Security with BPF and XDP for Containers

Submitted by Shantanu Deshpande (@shantanudeshpande) on Friday, 16 March 2018

videocam_off

Technical level

Intermediate

Section

Full talk

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +3

Abstract

As good as the affair of containers and microservices has been so far, there’s always been a concern about security. But, security hasn’t evolved along with containers, did it? Enters Cilium, which leverages BPF for securing network connectivity between application services deployed with containers.

Outline

Cilium is an open source project which can be used for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes. At it’s heart,Cilium uses a new linux kernel technology called BPF. By leveraging Linux BPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service / pod / container identity (in contrast to IP address identification in traditional systems) and can filter on application-layer (e.g. HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment by decoupling security from addressing, but can also provide stronger security isolation by operating at the HTTP-layer in addition to providing traditional Layer 3 and Layer 4 segmentation.

Speaker bio

A curious DevOps maniac with deep interests in Linux, containers, virtualization, Cloud, Machine Learning, DL, AI. Meetup organizer at Rancher Pune, India. Docker Mentor. A Pink Floydist, and a Platonist. Contributor in cilium project.

Links

Slides

https://www.slideshare.net/ShantanuDeshpande11/cilium-kernel-native-security-with-bpf-and-xdp-for-containers

Comments

Login with Twitter or Google to leave a comment