Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword
Cloud Native Ecosystem / eBPF / Software Development

Cisco Gets Cilium: What It Means for Developers

Cisco's acquisition of Isovalent means Cisco gets Cilium, which leverages eBPF (Extended Berkeley Packet Filter) for kernel-level networking and security.
Jan 18th, 2024 6:00am by
Featued image for: Cisco Gets Cilium: What It Means for Developers
Feature image via Unsplash.

At the end of 2023, Cisco announced its intention to acquire Isovalent, the company behind the Cilium open source project. Cilium, which leverages eBPF (Extended Berkeley Packet Filter) for kernel-level networking and security, is one of the significant ventures in the cloud native space in 2023.

Cilium uses eBPF to provide advanced networking and security controls. eBPF is a Linux kernel technology that allows the dynamic insertion of powerful security, visibility, and networking control logic. This technology is used in Cilium to provide high-performance networking, multicluster and multicloud capabilities, and advanced load balancing. Isovalent is backed by an illustrious number of investors, such as Google, Andreessen Horowitz, Microsoft, Grafana, and Cisco itself. But why did Cisco really make this acquisition and what does it mean for app developers and DevOps professionals?

Let’s Start at the Beginning

Dan Wendlandt, CEO, and Thomas Graf (CTO) both were part of the birth of Open vSwitch and Nicira’s Network Virtualization Platform (NVP), the latter of which later became one of VMware’s most important products: The NSX platform for software-defined networking (SDN). SDN is all about turning network switches into software. This allowed app developers to rapidly iterate and deploy network configurations, such as microsegmentation, in sync with application development cycles. DevOps personnel could automate and streamline the network provisioning and management processes, aligning them with the CI/CD pipeline. And security professionals can enforce fine-grained security policies and isolate network traffic programmatically, enhancing overall security posture. This all sounds great, so why do we need Cilium and eBPF?

SDN and Cilium with eBPF

Detailed Integration of SDN and eBPF in Networking

SDN provides control over network configuration and management at Layers 1, 2, and 3 through programmable interfaces. On the other hand, Cilium, leveraging eBPF, extends this programmable control to the transport layer (Layer 4) and the application layer (Layer 7). This allows for the enforcement of network policies via protocols such as TCP, UDP, ATP, and MTCP, which provide end-to-end communication services for applications.

eBPF, a revolutionary technology originating from the Linux kernel, allows sandboxed programs to run within the operating system, providing more granular and flexible control over networking and security in cloud native environments. This kernel-level networking consumes fewer resources and operates faster than traditional user space networking, primarily due to reduced communication between the Linux kernel and user space and direct access to system resources. Cilium, deployed as a daemon set on each node of a Kubernetes cluster, enforces user-defined networking policies and translates these definitions into eBPF programs. This approach enables Cilium to provide a simple flat Layer 3 network with the ability to enforce network policies on layers 3, 4, and 7 (application level) for protocols such as HTTP, gRPC, or Kafka.

In summary, while SDN offers programmable control over network configuration and management at the lower layers, Cilium with eBPF extends this control to the transport and application layers. This provides more granular and flexible control over networking and security, particularly beneficial in cloud native environments.

Advantages for App Developers

The integration of SDN with eBPF, particularly through tools like Cilium, presents numerous advantages for application developers, especially in cloud native environments. Here’s a detailed analysis of these advantages:

Enhanced Programmability and Adaptability: eBPF’s programmable nature enables developers to rapidly adapt to changes in the cloud native landscape. This flexibility is crucial in a domain characterized by constant evolution and the need for quick iterations.

Simplified Development Process: Cilium abstracts the complexity of eBPF, allowing developers to leverage its capabilities without delving into the intricacies of writing eBPF code. This abstraction reduces the learning curve and development time, making it more accessible for a broader range of developers.

Improved Application Efficiency: By enabling more intelligent networking and security controls at the kernel level, applications can become more efficient in resource utilization. This efficiency is particularly significant in a cloud environment where resources are often dynamically allocated and optimized for cost and performance.

Enhanced Security: eBPF and Cilium facilitate the implementation of advanced security measures directly at the kernel level. This approach allows for more granular and effective security controls, which is vital in cloud native applications where security is a paramount concern.

Better Observability and Troubleshooting: The combination of Cilium and eBPF enhances visibility into Kubernetes workloads. This increased observability aids in performance monitoring, troubleshooting, and ensures that developers have a clearer understanding of how their applications behave in a cloud environment.

Policy Enforcement Based on Observability: The ability to enforce policies based on real-time observability data enables a more dynamic and responsive security and networking posture. This aspect is particularly beneficial for ensuring compliance and maintaining robust application performance.

Addressing Cloud-Specific Challenges: Traditional kernel modules or enhancements often struggle with the fragmentation and overhead associated with managing network interfaces in cloud environments. The SDN, Cilium, and eBPF combination addresses these issues effectively, offering reduced latency and enhanced scalability.

Extensibility to Kernel-Level Operations: Bringing programmability and extensibility to the OS kernel via SDN and eBPF allows for more innovative and efficient approaches to kernel-level networking and security tasks.

In a nutshell, the synergy of Cilium and eBPF with SDN presents a compelling solution for application developers, particularly in cloud native settings. It offers a balance of enhanced security, efficiency, and programmability while simplifying the complexities traditionally associated with kernel-level networking and security tasks. This combination is particularly beneficial in dynamic and resource-optimized cloud environments.

Why Kernel-Level Networking Is Key for Cloud Native App Development

If a Linux machine with eBPF policies attempts to communicate with another Linux machine that does not have the same policies, the communication will not be automatically refused. Instead, the policies will dictate how the initiating machine handles outgoing and incoming network traffic based on its own configured rules, regardless of the policies on the other machine. This could include filtering, redirecting, or observing suspicious patterns in network traffic. Tools like Ansible, Puppet, or Terraform can be configured to automatically deploy and configure eBPF tools and policies on new machines as part of the provisioning process. This approach ensures that every new machine is set up with consistent, predefined policies and configurations, maintaining uniformity and compliance across your infrastructure.

Consistent Developer APIs

The Cilium open source project provides app developers with a set of consistent APIs for granular control of network routing, load balancing, encryption, security, and observability. As eBPF code runs at the System level all of these capabilities can be added without any changes to the application code or container configuration. As eBPF runs at the operating system level it can access any pod running on the specific node, enabling developers with a consistent API for network connectivity for all Kubernetes Pod running on this node. Based on a unified set of policies, developers can ensure the consistent configuration needed by Kubernetes nodes to ensure that a specific application (Pod) can run securely, reliably, and at the desired performance.

Enhancing Cisco’s Portfolio with Cilium

Certainly, integrating Cilium/eBPF with Cisco’s suite, including Splunk, AppDynamics, Cisco ACI, Intersight, and Tetration, not only enhances these platforms but also brings significant advantages to developers:

Splunk and AppDynamics Integration: The integration with Cilium/eBPF significantly enriches Splunk’s network insight and security analytics capabilities. For developers, this means access to more detailed and accurate kernel-level data, enabling them to make more informed decisions and develop more robust applications. In the case of AppDynamics, the enhanced application performance monitoring capabilities mean that developers can gain deeper insights into application behavior, network efficiency, and security, leading to improved application performance and reliability.

Cisco ACI Integration: By leveraging Cilium/eBPF, Cisco ACI can offer high-performance networking and advanced security features. For developers, this translates to improved network efficiency and security for their applications. The kernel-level data acquisition and analysis capabilities provide developers with enhanced visibility into their applications’ network interactions, allowing for more effective troubleshooting and optimization.

Intersight Integration: The integration of Cilium/eBPF with Intersight broadens its management capabilities across Kubernetes and traditional infrastructures. This is particularly advantageous for developers working in hybrid cloud environments, as it simplifies monitoring and management tasks. The programmability of eBPF allows developers to create more efficient and versatile applications, adapting quickly to the evolving cloud native landscape.

Tetration Integration: With Cilium/eBPF, Tetration offers fine-grained observability and policy enforcement for security. Developers benefit from improved security for their applications, as they can implement advanced networking and security controls more easily. This integration saves time and reduces complexity for developers, who can focus on application logic rather than security intricacies.

In summary, the integration of Cilium/eBPF across these Cisco platforms enhances the capabilities of each tool while offering substantial benefits to developers. These benefits include improved network insight, enhanced application performance monitoring, streamlined management in hybrid cloud environments, and strengthened application security. This integration aligns well with the needs of developers in the modern IT landscape, where efficiency, security, and adaptability are key.

Last Words

It is no coincidence that 2023 was the year eBPF began to take off for real, as this was also the year of the beginning of Kubernetes mass adoption. The technology has incredible potential, not just for networking and security, but also for observability. The more enterprises adopt distributed cloud native application architecture the more important it will become for them to obtain a “security blanket” that automatically ensures policy-driven and therefore consistent networking and security, as well as granular real-time monitoring without much performance overhead. All that said and while I do not know the price tag, this acquisition is a good one, as Isovalent’s eBPF driven capabilities could become a major factor for Cisco’s future differentiation in the cloud native application space.

Cisco and Microsoft are sponsors of The New Stack.

Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.