Cilium
An open-source solution using eBPF for networking, observability, and security across cloud-native environments and Kubernetes clusters
&
+ | EBPF Integration | Uses eBPF to insert programs into the kernel to execute network operations directly within the operating system |
---|---|---|
+ | Network Policy Enforcement | Provides mechanisms to define and apply rules that control traffic between endpoints and regulates data exchange among workloads |
+ | Container Networking Interface (CNI) Support | Sets up network connectivity for container environments using a CNI plugin and integrates workload connectivity with orchestration systems |
+ | Network Flow Logging | Records data on traffic flows along with associated metrics to support the analysis and monitoring of network events |
+ | Observability Integration | Aggregates network event data for operational insight to supports real-time observation of data plane activities |
+ | API Access | Provides an API to automate network configuration and policy management tasks in the system. |
+ | Protocol Inspection | Analyzes network layer protocols through kernel-level processing and reveals packet exchange details within the data plane |
+ | Load Balancing | Distributes incoming traffic across endpoints at the network layer to coordinate and balance the network load across the cluster |
+ | Runtime Policy Enforcement | Applies network policies in real time to update rules without system restarts. |
+ | Identity-Based Policy | Applies rules based on identifiers extracted from workload metadata and segregates network traffic in line with workload identity |
+ | Encryption | Implements encryption for data in transit between nodes using protocols such as IPSec or WireGuard, protecting the data while in transit |
+ | CLI Utility | Provides command-line utilities to manage configurations and inspect the network operational status to simplify operational tasks and status checks |
+ | Metrics Export | Transfers network event data to external systems to enable integration with monitoring and alerting tools |
+ | Endpoint Management | Tracks and manages connections between container endpoints to provide a method for monitoring network state in clusters |
+ | Extensible Policy Framework | Offers a framework for users to add and adjust network policy rules based on system needs. |
+ | Routing Control | Uses kernel hooks to direct network traffic and allow control over the paths taken by packets |
+ | Kubernetes Integration | Operates as a container network interface plugin within Kubernetes clusters and aligns network connectivity with Kubernetes deployments |
+ | Resource Management via CRDs | Uses Kubernetes resource definitions to group and manage endpoints and organizes workload network data in a structured manner |
+ | Policy Debugging Tools | Provides facilities to trace decisions and actions taken by network policies to aid in identifying issues in policy setups |
+ | Traffic Redirection | Employs kernel hooks to steer packets from one path to another and enables adjustments in traffic flow for diagnosis and testing |
+ | Service Mapping | Captures the relationships and dependencies between network services to assist in understanding service interactions |
+ | Traffic Policy Audit Trail | Registers changes and decisions made regarding network policies to supports tracking and evaluation of policy history |
- | Learning Curve | Users must spend time to understand eBPF functions and network concepts. The setup process uses several configuration steps for network policies and routing. |
- | Dual Technology Dependency | The software uses eBPF for core functions and iptables for system compatibility. This reliance requires users to learn about both systems. |
- | Resource Use per Node | An agent is deployed on each node to manage network operations. This design uses system resources and requires monitoring of resource allocation. |
- | Compulsory Kubernetes Integration | The software is built to operate within a Kubernetes environment. Users must maintain a Kubernetes setup to use its network management features. |
System Requirements
Not available, but we appreciate help! You can help us improve this page by contacting us.
Ratings
Not available, but we appreciate help! You can help us improve this page by contacting us.
Written in
Go, C
Initial Release
18 March 2017