Cilium: Programmable Linux Networking with Dan Wendlant and Thomas Graf

Cilium is open-source software built to provide improved networking and security controls for Linux systems operating in containerized environments along with technologies like Kubernetes. In a containerized environment, traditional Layer 3 and Layer 4 networking and security controls based on IP addresses and ports, like firewalls, can be difficult to operate at scale because of the volatility of the system. Cilium is eBPF, which is an in-kernel virtual machine which attaches applications directly to code paths in the kernel. In effect, this makes the Linux kernel “programmable” without changing kernel source code or loading modules. Cilium takes advantage of this functionality to insert networking and security functions at the kernel level rather than in traditional Layer 3 or Layer 4 controls. This allows Cilium to combine metadata from Layer 3 and Layer 4 with application-layer metadata such as HTTP method and header values in order to establish rules and provide visibility based on service, pod, or container identity. 

Isovalent, co-founded by the creator of Cilium, maintains the Cilium Open Source Project and also offers Cilium Enterprise, which is a suite of tools helping organizations adopt Cilium and overcome the hurdles of building a secure, stable cloud-native application. 

Dan Wendlant and Thomas Graf are the co-founders of Isovalent. Thomas, the firm’s CTO, was the original creator of the Cilium open-source project and spent 15 years working on the Linux kernel prior to founding Isovalent. Dan, Isovalent’s CEO, has also worked at VMWare and Nicira. They join the show today to talk about why Cilium and Cilium Enterprise are a great choice for organizations looking to build cloud-native applications.

Sponsorship inquiries: sponsor@softwareengineeringdaily.com

Transcript

Transcript provided by We Edit Podcasts. Software Engineering Daily listeners can go to weeditpodcasts.com/sed to get 20% off the first two months of audio editing and transcription services. Thanks to We Edit Podcasts for partnering with SE Daily. Please click here to view this show’s transcript.


Sponsors

X-Team is a company that can help you scale your team with new engineers. X-Team has thousands of proven developers in over 50 countries ready to join your team who will provide an immediate positive impact and let you get back to focusing on what’s most important, moving your company forward. X-Team helps you scale and retain those teams for the long haul and provide solutions that give your company long-lasting, forward-moving momentum. If your development team could use some firepower via some of the top engineering talent in the world, visit x-team.com/sedaily

Stream provides an easy-to-integrate chat solution for any application. With robust SDKs and an API built for ease of use, scalability, reliability, and security, product teams can focus on what makes their app unique, rather than spending months on building a chat infrastructure. Stream’s feature-rich products include robust client-side SDKs for iOS, Android, React, React Native, Flutter, and support for the most commonly used server-side languages; scalable and secure APIs; and a beautiful UI kit. Check it out at getstream.io/SED

DataStax Astra does the heavy lifting of managing infrastructure, serverless scaling, operations, and creating data access APIs. It’s the easy button for a scale out, always on, database-as-a-service that spans the globe. Get started on any cloud in 5 minutes or less. Go to datastax.com/sedaily to sign up today and get a free $300 credit with promo code SEDAILY.

With Datadog Security Monitoring, engineering teams can easily detect malicious activity in real-time before it affects their customers. Use OOTB detection rules and detailed observability data in one, unified platform to investigate security attacks. See it in action by signing up for a live security demo and receive a Datadog T-shirt by visiting  https://softwareengineeringdaily.com/datadogsecurity