Lessons from Building Scalable Network Policy Enforcement with eBPF

Explore the intricacies of building scalable network policy enforcement using eBPF in this informative conference talk. Delve into how Cilium leverages eBPF to implement various network policy features and scales to handle hundreds of thousands of pods in large Kubernetes clusters. Learn about efficient traffic interception techniques for L4 and L7 enforcement, CPU overhead minimization strategies, and design decisions crucial for optimizing kernel performance regardless of pod count. Gain insights into debugging eBPF-based networking datapaths and discover valuable lessons from years of programming Kubernetes abstractions directly into kernel space using eBPF. This talk is essential for those interested in advanced container networking, Kubernetes scalability, and leveraging eBPF for high-performance network policy enforcement.

Lessons from Building Scalable Network Policy Enforcement with eBPF - Hemanth Malla & Joe Stringer