Cilium logo Cilium logo background glow

Cilium

An open-source solution using eBPF for networking, observability, and security across cloud-native environments and Kubernetes clusters

&

+EBPF IntegrationUses eBPF to insert programs into the kernel to execute network operations directly within the operating system
+Network Policy EnforcementProvides mechanisms to define and apply rules that control traffic between endpoints and regulates data exchange among workloads
+Container Networking Interface (CNI) SupportSets up network connectivity for container environments using a CNI plugin and integrates workload connectivity with orchestration systems
+Network Flow LoggingRecords data on traffic flows along with associated metrics to support the analysis and monitoring of network events
+Observability IntegrationAggregates network event data for operational insight to supports real-time observation of data plane activities
+API AccessProvides an API to automate network configuration and policy management tasks in the system.
+Protocol InspectionAnalyzes network layer protocols through kernel-level processing and reveals packet exchange details within the data plane
+Load BalancingDistributes incoming traffic across endpoints at the network layer to coordinate and balance the network load across the cluster
+Runtime Policy EnforcementApplies network policies in real time to update rules without system restarts.
+Identity-Based PolicyApplies rules based on identifiers extracted from workload metadata and segregates network traffic in line with workload identity
+EncryptionImplements encryption for data in transit between nodes using protocols such as IPSec or WireGuard, protecting the data while in transit
+CLI UtilityProvides command-line utilities to manage configurations and inspect the network operational status to simplify operational tasks and status checks
+Metrics ExportTransfers network event data to external systems to enable integration with monitoring and alerting tools
+Endpoint ManagementTracks and manages connections between container endpoints to provide a method for monitoring network state in clusters
+Extensible Policy FrameworkOffers a framework for users to add and adjust network policy rules based on system needs.
+Routing ControlUses kernel hooks to direct network traffic and allow control over the paths taken by packets
+Kubernetes IntegrationOperates as a container network interface plugin within Kubernetes clusters and aligns network connectivity with Kubernetes deployments
+Resource Management via CRDsUses Kubernetes resource definitions to group and manage endpoints and organizes workload network data in a structured manner
+Policy Debugging ToolsProvides facilities to trace decisions and actions taken by network policies to aid in identifying issues in policy setups
+Traffic RedirectionEmploys kernel hooks to steer packets from one path to another and enables adjustments in traffic flow for diagnosis and testing
+Service MappingCaptures the relationships and dependencies between network services to assist in understanding service interactions
+Traffic Policy Audit TrailRegisters changes and decisions made regarding network policies to supports tracking and evaluation of policy history
-Learning CurveUsers must spend time to understand eBPF functions and network concepts. The setup process uses several configuration steps for network policies and routing.
-Dual Technology DependencyThe software uses eBPF for core functions and iptables for system compatibility. This reliance requires users to learn about both systems.
-Resource Use per NodeAn agent is deployed on each node to manage network operations. This design uses system resources and requires monitoring of resource allocation.
-Compulsory Kubernetes IntegrationThe software is built to operate within a Kubernetes environment. Users must maintain a Kubernetes setup to use its network management features.

Platform

Social

       

System Requirements

Not available, but we appreciate help! You can help us improve this page by contacting us.

Ratings

Not available, but we appreciate help! You can help us improve this page by contacting us.

Written in

Go, C

Initial Release

18 March 2017

Alternatives

OCI Container Tool
Falco   Buildah   Clair