December 29, 2019

237 words 2 mins read

Kernel advantages for Istio realized with Cilium

Kernel advantages for Istio realized with Cilium

BPF technology is bringing Linux kernel capabilities up to speed with modern workload requirements. Cilium helps make BPF consumable for microservices architectures and enables Istio with the most powerful security solution by way of the kernel. Cynthia Thomas and Romain Lenglet explain why you should use Cilium to enforce API-aware policy while coordinating with Istio.

Talk Title Kernel advantages for Istio realized with Cilium
Speakers Cynthia Thomas (Google), Romain Lenglet (Cilium)
Conference O’Reilly Open Source Convention
Conf Tag Put open source to work
Location Portland, Oregon
Date July 16-19, 2018
URL Talk Page
Slides Talk Slides

Istio brings a myriad of options to provide routing rules, encryption, and monitoring for microservices, typically in container environments. Cilium provides accelerated network security using a modern kernel technology called BPF. Put the two together and what do you get? A distributed security solution enabling microservices traffic management, security, and monitoring while enforcing policy as close to the microservices as possible. Cynthia Thomas and Romain Lenglet discuss the architectural and performance benefits of using Cilium with Istio and provide a demo of this BPF-based, Linux kernel technology. Cilium provides an API-aware security solution that can make a decision on every single microservice flow, with the ability to enforce protocols such as HTTP, Kafka, and gRPC. By addressing security policy at the API layer, you can enforce policy efficiently with kernel capabilities while reducing the attack surface in a microservices deployment.

comments powered by Disqus