Cloud Native networking, observability, and security with Cilium, eBPF, and Isovalent
Newsletter
cilium.io/newsletter Cilium is coming for Telco 📡🐝
The latest release of Project Sylva ,the open source telco cloud stack from Linux Foundation Europe, added support for Cilium
Sylva 1.6 is Here! It brings smoother ops, stronger security, and more flexible clusters – Sylva
Sylva v1.6.0 is now available, bringing a focused set of upgrades that make it easier to run, evolve, and secure cloud-native telco infrastructure, without adding operational drag. From Kubernetes…
With many LLM being black boxes, developers are left asking basic questions: Is this workload memory-bound or compute-bound? And getting no answers.
Enter eBPF and ProfInfer from Bohua Zou to shed light on optimizations.
ProfInfer: An eBPF-based Fine-Grained LLM Inference Profiler
As large language models (LLMs) move from research to production, understanding how inference engines behave in real time has become both essential and elusive. Unlike general-purpose engines such as...
Nutanix turns to eBPF to solve the hard networking problems 🐝
Their AHV hypervisor is leveraging eBPF to solve accurate vNIC-to-IP mapping.
How Nutanix AHV Uses eBPF for vNIC-IP Mapping
Accurate vNIC-to-IP mapping is fundamental for virtual networking visibility, security, and troubleshooting. On the Nutanix AHV hypervisor, this mapping becomes especially important for services like…
A Nushell plugin that compiles Nushell closures to eBPF bytecode for kernel-level tracing and profiling
GitHub - tom-lubenow/nu_plugin_ebpf: eBPF plugin for Nushell
eBPF plugin for Nushell. Contribute to tom-lubenow/nu_plugin_ebpf development by creating an account on GitHub.
eBPF-based egress audit tool for CI environments. Captures outbound network connections with executable paths and DNS hostnames
GitHub - tuananh/ci-agent: eBPF-based egress audit tool for CI environments. Captures outbound network connections with executable paths and DNS hostnames.
eBPF-based egress audit tool for CI environments. Captures outbound network connections with executable paths and DNS hostnames. - tuananh/ci-agent
eBPF offloads of RFC 8656 channels
GitHub - ivanmtech/turn-bpf: TURN channel accelerator
TURN channel accelerator. Contribute to ivanmtech/turn-bpf development by creating an account on GitHub.
Heap tracing tool utilizing eBPF to trace allocation events and find memory leaks and double frees
GitHub - AtoZ132/Tachi
Contribute to AtoZ132/Tachi development by creating an account on GitHub.
'egress firewall' that blocks unauthorized outbound traffic from all your servers (and all those containers ...) using eBPF.
GitHub - secexit/secexit: secexit - an 'egress firewall' that blocks unauthorized outbound traffic from all your servers (and all those containers ...) using eBPF.
secexit - an 'egress firewall' that blocks unauthorized outbound traffic from all your servers (and all those containers ...) using eBPF. - secexit/secexit
RAFT consensus implementation in eBPF with Rust using Aya library
GitHub - nakame/raft-ebpf: RAFT consensus implementation in eBPF with Rust using Aya library
RAFT consensus implementation in eBPF with Rust using Aya library - nakame/raft-ebpf
[Not loaded yet]
Second eBPF Devroom kicking off at FOSDEM 🐝 bigger room this year, but still sold out!
Cool to see my colleagues Chris Tarazi and Donia Chaiehloudj kicking it off
Identify and eliminate excessive SELinux permissions using eBPF
GitHub - rushigerrard8/selinux-policy-auditor: Identify and eliminate excessive SELinux permissions using eBPF
Identify and eliminate excessive SELinux permissions using eBPF - rushigerrard8/selinux-policy-auditor
Data Transfer Intelligence Platform. Detect, explain, and reduce unexpected data transfer costs in Kubernetes using eBPF, Go, and Claude AI
GitHub - phonginreallife/egressor: Egressor - Data Transfer Intelligence Platform. Detect, explain, and reduce unexpected data transfer costs in Kubernetes using eBPF, Go, and Claude AI.
Egressor - Data Transfer Intelligence Platform. Detect, explain, and reduce unexpected data transfer costs in Kubernetes using eBPF, Go, and Claude AI. - phonginreallife/egressor
"eBPF is incredibly foundational to where Cisco wants to go from an existing product perspective, but also from a future perspective"
Great article on why the acquisition of Isovalent was so strategic to product and customer roadmaps like smart switches
Cisco is using eBPF to rethink firewalls, vulnerability mitigation
Cisco is integrating eBPF directly into its enterprise hardware and "smart software" to provide kernel-level security.
Falco and Tetragon aren't 1:1 copies. You can't migrate non-kernel events like CloudTrail logs, and you have to rethink your hook points. If you are considering switching or wondering why you would, this guide from Paul Arah is your answer
Migrating from Falco to Tetragon: A Guide for Transitioning Your Runtime Security Stack
Migration guide from tetragon to falco...
Turn real traffic into safe CiliumNetworkPolicies in minutes. Learn from Hubble flows, propose minimal policies, verify safely in kind, and explain with diagrams.
GitHub - prabhakaran-jm/cilium-policypilot: Turn real traffic into safe CiliumNetworkPolicies in minutes. Learn from Hubble flows, propose minimal policies, verify safely in kind, and explain with diagrams.
Turn real traffic into safe CiliumNetworkPolicies in minutes. Learn from Hubble flows, propose minimal policies, verify safely in kind, and explain with diagrams. - prabhakaran-jm/cilium-policypilot
I'll be an LFX mentor for the next term and now is your chance to apply. We will be working to create pillar pages for
@cilium.io . A great chance to get up to speed on a lot of important topics and contribute to the second largest CNCF project
mentorship.lfx.linuxfoundation.org/project/8543...
High-performance stateful network defense using eBPF/XDP. The Network Satellite for the Sentinel Runtime research system.
GitHub - nevinshine/hyperion-xdp: High-performance stateful network defense using eBPF/XDP. The Network Satellite for the Sentinel Runtime research system.
High-performance stateful network defense using eBPF/XDP. The Network Satellite for the Sentinel Runtime research system. - nevinshine/hyperion-xdp
Skip the outbound load on your load balancer with Direct Server Return. Learn how to do it from scratch with eBPF
Building an eBPF/XDP L2 Direct Server Return Load Balancer from Scratch | iximiuz Labs
In this tutorial, you will learn how to build an Layer 2 DSR load balancer using eBPF/XDP, where backends send responses directly back to clients bypassing the load balancer.
**SPiCa** (System Process Integrity & Cross-view Analysis) is an eBPF-based rootkit detection engine written in Rust. It utilizes a "Binary Star" architecture to detect process masquerading and "Ghost" processes (DKOM) in real-time
GitHub - 0xKirisame/SPiCa: **SPiCa** (System Process Integrity & Cross-view Analysis) is an eBPF-based rootkit detection engine written in Rust. It utilizes a "Binary Star" architecture to detect process masquerading and "Ghost" processes (DKOM) in real-time, inspired by the hatsune miku song SPiCa.
**SPiCa** (System Process Integrity & Cross-view Analysis) is an eBPF-based rootkit detection engine written in Rust. It utilizes a "Binary Star" architecture to detect process masque...
Ever wanted to attend KubeCon and meet the cloud native community, but didn't quite have the funds 💸 Apply for scholarship and travel funding. I know a lot of people that got their start in the community by attending KubeCon
contribute.cncf.io/blog/2026/01...
TUI for exploring bpf prog and maps loaded in the system
GitHub - viveksb007/bpftui: TUI for exploring bpf prog and maps loaded in the system
TUI for exploring bpf prog and maps loaded in the system - viveksb007/bpftui
A cloud-native operating system observability project based on eBPF
GitHub - ccfos/huatuo: A cloud-native operating system observability project based on eBPF, incubated under CCF.
A cloud-native operating system observability project based on eBPF, incubated under CCF. - ccfos/huatuo
Transformer-Based Kubernetes Scheduling for Noisy Neighbor Avoidance by analyzing real-time eBPF telemetry (L3 cache misses, memory bandwidth, etc.)
GitHub - softcane/KubeAttention
Contribute to softcane/KubeAttention development by creating an account on GitHub.
"Network policies are widely adopted among security-focused Kubernetes teams, with 83% of them utilizing them. Remember: adoption is high, but implementation clarity varies.
Securing Kubernetes: The Network Policy Reality
Survey of 530 Kubernetes practitioners reveals 83% use network policies, but 60% struggle with understanding traffic flows. Observability tools lead validation strategies at 42%, while many still…
eBPF-powered Active Defense system that turns your Linux server into a deceptive honeypot. Features transparent traffic redirection, OS fingerprint spoofing, kernel-level DLP, and Zero Trust SSH access (SPA)
GitHub - haidang-infosec/phantom-grid: An eBPF-powered Active Defense system that turns your Linux server into a deceptive honeypot. Features transparent traffic redirection, OS fingerprint spoofing, kernel-level DLP, and Zero Trust SSH access (SPA).
An eBPF-powered Active Defense system that turns your Linux server into a deceptive honeypot. Features transparent traffic redirection, OS fingerprint spoofing, kernel-level DLP, and Zero Trust SSH...
Learn eBPF through hands-on exercises. Write, compile, and run programs directly from your browser.
Home - eBPF.party
Learn eBPF through hands-on exercises. Write, compile, and run programs directly from your browser.
FIX request-response latency using eBPF TC hooks
GitHub - epam/ebpf-fix-latency-tool: FIX request-response latency using eBPF TC hooks
FIX request-response latency using eBPF TC hooks. Contribute to epam/ebpf-fix-latency-tool development by creating an account on GitHub.
"Small operational decisions matter, and their effects accumulate quickly. Choices about routing, IPAM, labels, upgrade validation, and datapath observability all contribute to how a cluster behaves in real-world conditions."
Day 2 with Cilium: Small configurations that keep large clusters boring | Datadog
Read Datadog’s playbook for running Cilium across hundreds of Kubernetes clusters and learn how IPAM tuning, native routing, safe upgrades, and datapath controls influence reliability at scale.
The ps utility, with an eBPF twist and container context
GitHub - loresuso/psc: the ps utility, with an eBPF twist and container context
the ps utility, with an eBPF twist and container context - loresuso/psc
A common thread I keep seeing with managed services that add Cilium support is that the conversation immediately moves past “just networking” and straight into the richer parts of the stack like:
eBPF-powered DNS racer with a Rust userland agent
GitHub - ivanmtech/rust-bee-ns: eBPF-powered DNS racer with a Rust userland agent
eBPF-powered DNS racer with a Rust userland agent. Contribute to ivanmtech/rust-bee-ns development by creating an account on GitHub.
"Additionally, it's worth noting that if you're using Cilium as a cluster CNI with its "kube-proxy replacement," you're not affected by this CVE"
Can't be vulnerable to something that isn't there 🤔
securitylabs.datadoghq.com/articles/unp... Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8554 | Datadog Security Labs
A look at how Kubernetes CVE-2020-8554 works
securitylabs.datadoghq.com
If you look at runtime cloud security in 2026, a pattern is hard to ignore is that the most complete CADR platforms are built on eBPF.
XDR * eBPF = CADR
After writing the eBPF for the Infrastructure Platform whitepaper for the eBPF foundation, I find myself referencing one of my older posts:
greenabstracts.substack.com
USDT + eBPF for profiling...!
GitHub - nielsdekoeijer/ebpf-profiling: USDT + eBPF for profiling...!
USDT + eBPF for profiling...! Contribute to nielsdekoeijer/ebpf-profiling development by creating an account on GitHub.
Zero-instrumentation AI activity sensor. Captures LLM calls, agent actions, and tool executions with full tracing. Multi-platform (eBPF/ESF/ETW). Implements OISP spec. Built in Rust
GitHub - OximyHQ/sensor: Zero-instrumentation AI activity sensor. Captures LLM calls, agent actions, and tool executions with full tracing. Multi-platform (eBPF/ESF/ETW). Implements OISP spec. Built in Rust.
Zero-instrumentation AI activity sensor. Captures LLM calls, agent actions, and tool executions with full tracing. Multi-platform (eBPF/ESF/ETW). Implements OISP spec. Built in Rust. - OximyHQ/sensor
Use eBPF to create (emulate) untagged network subinterfaces in Linux. These interfaces receive and send untagged (no VLAN) traffic only, much like VLAN subinterfaces do
GitHub - msune/uif: Creating 'untagged' (VLAN) network subinterfaces in Linux
Creating 'untagged' (VLAN) network subinterfaces in Linux - msune/uif
Find out what a Kubernetworker is in Nicolas Vibert's predictions for the new year 🎆
vmblog.com/archive/2026... 2026 Kubernetes and Cilium Networking Predictions : @VMblog
Kubernetes networking is entering a new phase as organizations prepare their infrastructure for life beyond VMware and for the rapid rise of AI driven workloads.
Schedule for CiliumCon is out. Kind of weird not being co-chair and making the schedule anymore, but glad I could pass on the community torch. They put together a great schedule and I didn't have to do anything 😀
colocatedeventseu2026.sched.com/overview/typ...
Zero Trust network and runtime security on Kubernetes with Cilium, Tetragon, Hubble, and L7 policies
GitHub - NabilMouzouna/cilium-tetragon-zero-trust: Implementing a Zero Trust network and runtime security model on Kubernetes with Cilium, Tetragon, Hubble, and L7 policies, and eBPF-powered detection.
Implementing a Zero Trust network and runtime security model on Kubernetes with Cilium, Tetragon, Hubble, and L7 policies, and eBPF-powered detection. - NabilMouzouna/cilium-tetragon-zero-trust
eBPF network reflex that bypasses the kernel to route gradients at the NIC level
github.com/GHOryy5/AINFTP GitHub - GHOryy5/AINFTP: A Rust/eBPF network reflex for distributed AI. Bypasses the kernel to route gradients at the NIC level.
A Rust/eBPF network reflex for distributed AI. Bypasses the kernel to route gradients at the NIC level. - GHOryy5/AINFTP
High-performance serverless orchestrator with 15ms cold starts using eBPF/XDP networking, CRIU snapshots, and zero-copy shared memory
GitHub - ankitkpandey1/aetherless: High-performance serverless orchestrator with 15ms cold starts using eBPF/XDP networking, CRIU snapshots, and zero-copy shared memory.
High-performance serverless orchestrator with 15ms cold starts using eBPF/XDP networking, CRIU snapshots, and zero-copy shared memory. - ankitkpandey1/aetherless
I'll be at
@fosdem.org talking about how foundations can make ecosystem level investments to improve project sustainability. See you in Brussels?
FOSDEM 2026 - Ecosystems, Not Projects: Rethinking Open Source Foundation Funding
Open source foundations face growing demands, more projects, more users, more scrutiny, while still relying on fragile funding models built around grants, sponsorships, and donations. This talk…
eBPF + Rust to filter out polluted DNS packets caused by Great Firewall
GitHub - JackySu/Avislya: eBPF + Rust to filter out polluted DNS packets caused by GFW
eBPF + Rust to filter out polluted DNS packets caused by GFW - JackySu/Avislya
My talk from LPC is up covering what the eBPF Foundation did in the last year and discussing ideas on what we should do next. Other suggestions? My DMs are open
From Projects to Ecosystems: Lessons from the eBPF Foundation - Bill Mulligan (Isovalent)
From Projects to Ecosystems: Lessons from the eBPF Foundation - Bill Mulligan (Isovalent)
The eBPF Foundation is rethinking what an open source foundation can be by shifting from simply stewarding…
Research project exploring eBPF-aware Adaptive Bitrate video streaming
GitHub - AhmedAldeek/eBPF-aware-ABR: Research project exploring eBPF-aware Adaptive Bitrate (ABR) video streaming. This repository contains kernel-level eBPF programs and user-space tools that provide real-time network telemetry to improve ABR decision-making, optimize video quality, and reduce latency in live streaming scenarios.
Research project exploring eBPF-aware Adaptive Bitrate (ABR) video streaming. This repository contains kernel-level eBPF programs and user-space tools that provide real-time network telemetry to im...
eBPF Foundation received a $228,000 grant from Alpha-Omega to strengthen the security of the ecosystem 🐝
Grant Recipients – Alpha Omega
OpenJS promotes the widespread adoption and continued development of key JavaScript technologies worldwide.
Highlights eBPF-code covered by verifier
GitHub - h0x0er/ebpf-cover: Highlights eBPF-code covered by verifier
Highlights eBPF-code covered by verifier. Contribute to h0x0er/ebpf-cover development by creating an account on GitHub.
