Service Aware Zero Trust Container Network and Its Offloading to DPU

Explore a comprehensive conference talk on implementing a service-aware zero trust container network with DPU offloading. Delve into the challenges of flat network security in cloud-native environments and learn how service encryption-based zero trust offers a solution. Compare current approaches like sidecar envoy mTLS and OVN IPsec, examining their limitations in CPU consumption, pod injection requirements, and service visibility. Discover an innovative approach that offloads mTLS, transparent IPsec, and OVS to DPU, redesigning workflows to overcome DPU limitations. Gain insights into achieving a zero-injection, service-aware zero trust container network with line-rate performance. Examine proposed modifications to open-source OVS for meeting service-aware zero trust requirements in this 45-minute presentation by Arthur Xiang from Digitalchina.

Service Aware Zero Trust Container Network and Its Offloading to DPU - Arthur Xiang, Digitalchina