The New Stack Podcast

Covalent Talks Cilium, and How it Brings BPF to Kubernetes

Episode Summary

The Berkeley Packet Filter is ancient history. It was created in 1992 at Lawrence Berkeley Labs as a way better filter and sort network packets. In the early 2000's it was at the heart of the long running SCO versus Linux lawsuit. Today, it's just another raw interface included with Linux. Recently, however, BPF has become a bit of an interesting topic, as it's become a popular replacement for IPTables. Thomas Graf, CTO and co-founder at Covalent. is also the leader of the Cilium Project. Cilium offers API-aware networking and security for Kubernetes users based on BPF. Graf said that the power of BPF can be tough to utilize in Kubernetes, and so the Cilium Project is aimed at making that easier. "It's allowing you to translate declarative high level intent such as policy, networking, localizing, all of this high level intent that is described with Kubernetes services. Cilium implements these high level constructs with BPF in a most efficient and secure manner. Its bringing the power of BPF in an easily consumable way, and implementing known Kubernetes interfaces," said Graf.

Episode Notes

The Berkeley Packet Filter is ancient history. It was created in 1992 at Lawrence Berkeley Labs as a way better filter and sort network packets. In the early 2000's it was at the heart of the long running SCO versus Linux lawsuit. Today, it's just another raw interface included with Linux. Recently, however, BPF has become a bit of an interesting topic, as it's become a popular replacement for IPTables.

Thomas Graf, CTO and co-founder at Covalent. is also the leader of the Cilium Project. Cilium offers API-aware networking and security for Kubernetes users based on BPF. Graf said that the power of BPF can be tough to utilize in Kubernetes, and so the Cilium Project is aimed at making that easier.

"It's allowing you to translate declarative high level intent such as policy, networking, localizing, all of this high level intent that is described with Kubernetes services. Cilium implements these high level constructs with BPF in a most efficient and secure manner. Its bringing the power of BPF in an easily consumable way, and implementing known Kubernetes interfaces," said Graf.