7:[["$","$12",null,{"fallback":null,"children":["$","$L13",null,{"reason":"next/dynamic","children":["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org/\",\"@type\":\"Article\",\"headline\":\"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\",\"image\":\"https://cdn.sanity.io/images/xinsvxfu/production/31c7da2908b13a41939785a1b2dd04fc4204ca62-1600x900.png\",\"datePublished\":\"2024-09-25T07:59:44.000Z\",\"dateModified\":\"2024-06-24T01:57:52.000Z\",\"description\":\"This blog post will walk you through enabling Multicast in the cloud with Isovalent Enterprise for Cilium and enabling traffic encryption between pods across nodes with IPsec.\",\"author\":[{\"@type\":\"Person\",\"name\":\"Amit Gupta\",\"url\":\"https://isovalent.com/\"}]}"}}]}]}],["$","main",null,{"id":"top","children":[["$","header",null,{"className":"restricted mt-10 mb-14","children":[["$","$L18",null,{"href":"/blog/","className":"flex items-center justify-items-center gap-1 mb-6 text-sm font-bold text-action max-w-max","children":[["$","isov-icon",null,{"class":"block rotate-90","name":"arrow-right","size":"small"}],["$","isov-content",null,{"children":["$","span",null,{"className":"ui-text","children":"Blog"}]}]]}],["$","h1",null,{"className":"text-4xl text-nightfall font-bold mb-5 max-w-3xl","children":"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium"}],["$","div",null,{"className":"article-details block sm:flex items-center justify-items-start sm:justify-items-center cursor-default","children":[[["$","isov-avatar","ff5e2eda-05bb-ade9-8831-4dddc66e927d",{"size":"medium","name":"Amit Gupta","class":"mr-1","children":["$","$L19",null,{"src":"https://cdn.sanity.io/images/xinsvxfu/production/19b2e7212433d6c85f9a7cbb62beb590d8044fa0-528x1009.jpg?auto=format&q=80&fit=clip&w=200","alt":"Amit Gupta Image","slot":"avatar","height":200,"width":200}]}]],["$","div",null,{"className":"text-charcoal","children":[["$","span",null,{"className":"hidden sm:inline","children":"| "}],["$","span",null,{"children":["Published:"," ",["$","strong",null,{"className":"font-bold","children":"June 24, 2024"}],[" ","| Updated:"," ",["$","strong",null,{"className":"font-bold","children":"September 25, 2024"}]]]}]," | ",[["$","$L1a","2159f293-7dd2-46f3-9b11-bf943ad2ae98",{"href":"/blog/networking-for-kubernetes","className":"inline-block text-action hover:underline font-bold pr-1","children":["Networking for Kubernetes",", "]}],["$","$L1a","530ea07c-f91a-4edf-a705-64fc6f56f3e7",{"href":"/blog/runtime-security","className":"inline-block text-action hover:underline font-bold pr-1","children":["Runtime Security",false]}]]]}]]}]]}],["$","section",null,{"id":"page-content","className":"mb-8","children":["$","$12",null,{"fallback":null,"children":["$","$L13",null,{"reason":"next/dynamic","children":["$","$L1b",null,{"content":[{"_key":"36a9680a-3fe0-486d-98f0-6cb58884078f","_type":"block","children":[{"_key":"324ee0e5-4f42-47ed-8dd7-7a11a95e73c5","_type":"span","marks":[],"text":"IP multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of information to potentially thousands of corporate recipients and homes. Multicast has found its use case with traditional networks for a long time, including power systems, emergency response, and audio dispatch systems, to newer uses by the finance, media, and broadcasting worlds. Despite the evident efficiency benefits provided by multicast, the technology was never natively supported by cloud providers. Cloud migration projects halt when this roadblock is discovered, spending time and money to create expensive workarounds. Developers don’t realize multicast in the cloud is available, assuming it remains a dream. "},{"_key":"1603308e-3054-4815-a1b3-4ca348d4ff3c","_type":"span","marks":["strong"],"text":"This blog post will walk you through enabling Multicast in the cloud with Isovalent Enterprise for Cilium"},{"_key":"7ddda21e-e607-49be-a90b-f1a3a367b39d","_type":"span","marks":[],"text":" "},{"_key":"35e5c722-1e19-4a69-a323-2625b4a4fba7","_type":"span","marks":["strong"],"text":"and enabling traffic encryption between pods across nodes with IPsec."}],"markDefs":[],"style":"normal"},{"_key":"7e8d4f89-60b7-404a-8db3-b6459d150f02","_type":"block","children":[{"_key":"28d9a0ff-2a80-4fdc-a0af-961221a724d7","_type":"span","marks":[],"text":"What is Multicast?"}],"markDefs":[],"style":"h2"},{"_key":"9fecd79f-42e3-45a8-9753-4d1b285aa33e","_type":"block","children":[{"_key":"40dd59d2-b225-4ece-92d1-e764383c1b7b","_type":"span","marks":[],"text":"Traditional IP communication allows a host to send packets to a single host (unicast transmission) or all hosts (broadcast transmission). IP multicast provides a third possibility: sending a message from a single source to selected multiple destinations across a Layer 3 network in one data stream. You can read more about the evolution of multicast in our "},{"_key":"e020ac1595b1","_type":"span","marks":["a72ee889a0eb"],"text":"1.15 enterprise release blog"},{"_key":"7de7942f-a77a-4daa-84e7-16f77a971ae1","_type":"span","marks":["c31ec082-4b0e-46e9-9e17-accca9955f71"],"text":" "},{"_key":"b2f74b59-c493-41b6-831a-fa99fa7f5b64","_type":"span","marks":[],"text":"covered by my colleague Nico Vibert."}],"markDefs":[{"_key":"c31ec082-4b0e-46e9-9e17-accca9955f71","_type":"link","href":"/blog/post/isovalent-enterprise-for-cilium-1-15/","openInNewTab":true},{"_key":"a72ee889a0eb","_type":"link","href":"/blog/post/isovalent-enterprise-for-cilium-1-15/","isLink":false,"openInNewTab":true}],"style":"normal"},{"_key":"d9f333e0-884a-4197-bdd7-5ed9116b4a75","_type":"block","children":[{"_key":"369390a7-616f-4643-a8e5-89129300030f","_type":"span","marks":[],"text":"Multicast relies on a standard called IGMP (Internet Group Management Protocol), which allows many applications, or multicast groups, to share a single IP address and receive the same data simultaneously. (For instance, IGMP is used in gaming when multiple gamers use the network simultaneously to play together.) "}],"markDefs":[],"style":"normal"},{"_key":"86f5565b-d36e-480b-98d5-4358e7153927","_type":"block","children":[{"_key":"7b69d144-3b64-4b9c-bdf9-fba52b59ce67","_type":"span","marks":[],"text":"How does multicast work?"}],"markDefs":[],"style":"h2"},{"_key":"14dd0534-d3ca-47ae-bf95-c58e6f58cd0b","_type":"block","children":[{"_key":"8c80ff75-7ba3-41ae-b3ba-132eff15a80d","_type":"span","marks":[],"text":"To join the multicast group, an application subscribes to the data via an IGMP join. Whenever a packet from that multicast group comes to the receiver, it copies and sends it to them. Simultaneously, it sends the copy to the other, say, N members or endpoints that are also part of the multicast group. If the endpoints aren't interested in those packets, they leave the group using an IGMP leave message."}],"markDefs":[],"style":"normal"},{"_key":"c4b0cd53-58c3-49ab-b13e-9a87daa2ad9f","_type":"block","children":[{"_key":"3df5e5ac-d537-4c66-8880-4ec8e610f290","_type":"span","marks":[],"text":"What IP address schema does multicast use?"}],"markDefs":[],"style":"h2"},{"_key":"9e23e5d6-2a5e-4e7c-8322-80bc17e06968","_type":"block","children":[{"_key":"bcaeb9c5-07a8-4544-aeee-1007e2c76164","_type":"span","marks":[],"text":"IGMP uses IP addresses set aside for multicasting. Multicast IP addresses are in the range between "},{"_key":"0944b90fc317","_type":"span","marks":["code"],"text":"224.0.0.0"},{"_key":"731cb9101049","_type":"span","marks":[],"text":" and "},{"_key":"a5824a4d149e","_type":"span","marks":["code"],"text":"239.255.255.255"},{"_key":"339be9795835","_type":"span","marks":[],"text":". Each multicast group shares one of these IP addresses. When a receiver receives packets directed at the shared IP address, it duplicates them, sending copies to all multicast group members."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:46Z","_id":"b8e052fb-1ebb-c88e-ec50-2f157abdaf03","_key":"aacfe4cd-4061-445d-b1da-17a78f1fdbe2","_ref":"b8e052fb-1ebb-c88e-ec50-2f157abdaf03","_rev":"VO3Rz3CKgO8VZQnLmrPOQk","_type":"mediaImage","_updatedAt":"2024-09-30T11:19:46Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-f22860f407228826e0d7c0ec639e6b51e1f624a8-1088x482-jpg","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"mcast-image-main-body.jpg","size":"large","title":"mcast-image-main-body.jpg - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/f22860f407228826e0d7c0ec639e6b51e1f624a8-1088x482.jpg"},{"_key":"07e7faaa-0c81-4655-b29b-68d403c5834b","_type":"block","children":[{"_key":"72f07f0e-09ed-46b8-b4c7-d39a20c2e66f","_type":"span","marks":[],"text":"IGMP multicast groups can change at any time. A device can send an IGMP \"join group\" or \"leave group\" message anytime."}],"markDefs":[],"style":"normal"},{"_key":"fbad9ab3-5dbb-483e-81bc-d6ab28636efb","_type":"block","children":[{"_key":"3b472908-6f36-4379-a8b8-493ca33a3763","_type":"span","marks":[],"text":"The need for Multicast- Can it aid financial services?"}],"markDefs":[],"style":"h2"},{"_key":"b454545c-b2de-43ab-944c-273411f5aec9","_type":"block","children":[{"_key":"c84409a3-f954-461b-a38a-910a39b385b8","_type":"span","marks":[],"text":"Financial services have multiple dependencies like trading, pricing, and exchange services, which have multiple endpoints that need to get data simultaneously, and thus, multicast comes to the aid here. These endpoints could also be producers of data (pushing out multicast data to other consumers) or the consumers of the data (receiving data from other producers). This increases complexity in a cloud native landscape, which we will cover in this blog to entangle this complexity in a simple, subtle, and yet intuitive way. "}],"markDefs":[],"style":"normal"},{"_key":"81badfeb-8602-40d9-b3dc-29d5ddddc124","_type":"block","children":[{"_key":"7fff1f93-a1eb-4809-baf9-4e60c98b477d","_type":"span","marks":[],"text":"What is Isovalent Enterprise for Cilium?"}],"markDefs":[],"style":"h2"},{"_key":"1f8151a2-9f41-4485-9a0c-9a423f9b2fbc","_type":"block","children":[{"_key":"7e34acf9-40f3-45c2-9e56-7b83374f6960","_type":"span","marks":["em"],"text":"Cilium is the next generation for container networking."}],"markDefs":[],"style":"blockquote"},{"_key":"524e9c0f-4f55-4b71-8351-fde86494eea8","_type":"block","children":[{"_key":"314c62b0-3688-4336-a1cd-efbfde378af9","_type":"span","marks":[],"text":"Isovalent Cilium Enterprise is an enterprise-grade, hardened distribution of open-source projects "},{"_key":"a581fe99-bb46-4a6f-8eb8-98277ab9c743","_type":"span","marks":["91881283-e372-42bc-ba01-b34a470db4a3"],"text":"Cilium"},{"_key":"14ca1bb7-69bd-48f6-8c4f-fe561b533732","_type":"span","marks":[],"text":", "},{"_key":"b26fef7c-3eac-4ac0-a539-13575c33d0b2","_type":"span","marks":["aacb4974-15af-4e03-b8f3-17411ca51762"],"text":"Hubble"},{"_key":"9a200c3c-f8c4-4be5-b753-df6474feef39","_type":"span","marks":[],"text":", and "},{"_key":"270b1523-1428-4941-82b0-06df84497fcf","_type":"span","marks":["78ff9975-4e4b-4704-864a-b4a1340b7121"],"text":"Tetragon"},{"_key":"cb99ae3e-83f2-409d-8307-2512d0e94b7c","_type":"span","marks":[],"text":", built and supported by the Cilium creators. Cilium enhances networking and security at the network layer, while Hubble ensures thorough network observability and tracing. Tetragon ties it all together with runtime enforcement and security observability, offering a well-rounded solution for connectivity, compliance, multi-cloud, and security concerns."}],"markDefs":[{"_key":"91881283-e372-42bc-ba01-b34a470db4a3","_type":"link","href":"http://cilium.io/","openInNewTab":true},{"_key":"aacb4974-15af-4e03-b8f3-17411ca51762","_type":"link","href":"/projects/hubble/","openInNewTab":true},{"_key":"78ff9975-4e4b-4704-864a-b4a1340b7121","_type":"link","href":"/projects/tetragon/","openInNewTab":true}],"style":"normal"},{"_key":"cd26a3b6-c821-4961-9784-0a8f39dc8bd9","_type":"block","children":[{"_key":"8049e7a7-d9bb-4e02-b8af-e61f85180681","_type":"span","marks":[],"text":"Why Isovalent Enterprise for Cilium?"}],"markDefs":[],"style":"h2"},{"_key":"b521e1d5-da55-4d10-b553-feec4e3044dc","_type":"block","children":[{"_key":"fc9b1347-c0a3-45d1-9c84-cb8fedd137af","_type":"span","marks":[],"text":"For enterprise customers requiring support and usage of "},{"_key":"790db8f5-8682-4da8-ace1-18548a8e3b8d","_type":"span","marks":["c33680c4-dc4d-4236-a2c4-4aa040bfc90f"],"text":"Advanced Networking"},{"_key":"b8ad4a91-c434-4e46-9828-27f938270f18","_type":"span","marks":[],"text":", "},{"_key":"ab8c4fce-bda0-47d6-a4d0-1652033f2166","_type":"span","marks":["6649177a-2028-4be9-88d2-39e29058be14"],"text":"Security"},{"_key":"11e9c886-5584-46f0-bc11-84b4cc874432","_type":"span","marks":[],"text":", and "},{"_key":"eb7b1e80-49d9-4df4-9cac-a21c495cef13","_type":"span","marks":["55ffd72d-5767-4641-85f9-e8dfe6eabd62"],"text":"Observability"},{"_key":"d3c82c6d-98e2-44f1-9368-5cac47cf5cc4","_type":"span","marks":[],"text":" features, “"},{"_key":"5801bc30-e184-4437-829d-59981db51171","_type":"span","marks":["strong"],"text":"Isovalent Enterprise for Cilium"},{"_key":"a26bba07-312c-4755-b2a7-e19ca87702f9","_type":"span","marks":[],"text":"” is recommended with the following benefits:"}],"markDefs":[{"_key":"c33680c4-dc4d-4236-a2c4-4aa040bfc90f","_type":"link","href":"/networking/","openInNewTab":true},{"_key":"6649177a-2028-4be9-88d2-39e29058be14","_type":"link","href":"/security/","openInNewTab":true},{"_key":"55ffd72d-5767-4641-85f9-e8dfe6eabd62","_type":"link","href":"/observability/","openInNewTab":true}],"style":"normal"},{"_key":"18a2182e29e0","_type":"block","children":[{"_key":"e583685747ed","_type":"span","marks":["strong"],"text":"Advanced network policy"},{"_key":"80d0f42c47db","_type":"span","marks":[],"text":": Isovalent Cilium Enterprise provides advanced network policy capabilities, including DNS-aware policy, L7 policy, and deny policy, enabling fine-grained control over network traffic for micro-segmentation and improved security."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"e1cbc96e9320","_type":"block","children":[{"_key":"b34773afeaae","_type":"span","marks":["strong","9f0bcc27f80e"],"text":"Hubble"},{"_key":"fbd4445717f8","_type":"span","marks":["strong"],"text":" flow observability + User Interface"},{"_key":"0e695509877b","_type":"span","marks":[],"text":": Isovalent Cilium Enterprise Hubble observability feature provides real-time network traffic flow, policy visualization, and a powerful User Interface for easy troubleshooting and network management."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"9f0bcc27f80e","_type":"link","href":"/projects/hubble/","openInNewTab":true}],"style":"normal"},{"_key":"05a08f321329","_type":"block","children":[{"_key":"3e51fe55b581","_type":"span","marks":["strong"],"text":"Multi-cluster connectivity via "},{"_key":"48def0289cd6","_type":"span","marks":["strong","f78623bac708"],"text":"Cluster Mesh"},{"_key":"b59c414b73f1","_type":"span","marks":[],"text":": Isovalent Cilium Enterprise provides seamless networking and security across multiple clouds, including public cloud providers like AWS, Azure, and Google Cloud Platform, as well as on-premises environments."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"f78623bac708","_type":"link","href":"/labs/cilium-cluster-mesh/","openInNewTab":true}],"style":"normal"},{"_key":"3c9092a2ff11","_type":"block","children":[{"_key":"9045ae82b975","_type":"span","marks":["strong"],"text":"Advanced Security Capabilities via "},{"_key":"1d302f217130","_type":"span","marks":["strong","c7568604e1f2"],"text":"Tetragon"},{"_key":"798d0f97180c","_type":"span","marks":[],"text":": Tetragon provides advanced security capabilities such as protocol enforcement, IP and port whitelisting, and automatic application-aware policy generation to protect against the most sophisticated threats. Built on eBPF, Tetragon can easily scale to meet the needs of the most demanding cloud-native environments."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"c7568604e1f2","_type":"link","href":"/projects/tetragon/","openInNewTab":true}],"style":"normal"},{"_key":"0e2ab132a415","_type":"block","children":[{"_key":"154d331d3b2f","_type":"span","marks":["strong","a503993f9786"],"text":"Service Mesh"},{"_key":"534dbb40a529","_type":"span","marks":[],"text":": Isovalent Cilium Enterprise provides sidecar-free, seamless service-to-service communication and advanced load balancing, making deploying and managing complex microservices architectures easy."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"a503993f9786","_type":"link","href":"/projects/service-mesh/","openInNewTab":true}],"style":"normal"},{"_key":"bdec679811b7","_type":"block","children":[{"_key":"1cf2dfbdfb88","_type":"span","marks":["strong"],"text":"Enterprise-grade support"},{"_key":"633bd9fee181","_type":"span","marks":[],"text":": Isovalent Cilium Enterprise includes enterprise-grade support from Isovalent’s experienced team of experts, ensuring that any issues are resolved promptly and efficiently. Additionally, professional services help organizations deploy and manage Cilium in production environments."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"6b4e6cd9-b6c5-478b-9b1c-cab9e2a12b61","_type":"block","children":[{"_key":"4e131672-ed0a-45fb-a0a3-a2433153c1b5","_type":"span","marks":[],"text":"Why Multicast on Isovalent Enterprise for Cilium?"}],"markDefs":[],"style":"h2"},{"_key":"042d8120766a","_type":"block","children":[{"_key":"631f811f7619","_type":"span","marks":[],"text":"Kubernetes CRDs is a powerful extension to the Kubernetes API that expands Kubernetes beyond its core resource types. CRDs allow administrators to introduce new, application-specific resources into Kubernetes clusters, tailoring the platform to unique requirements. "},{"_key":"e3309e0ab689","_type":"span","marks":["strong","em"],"text":"Multicast is enabled in Isovalent Enterprise for Cilium using CRDs."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"b5bd46fa7af0","_type":"block","children":[{"_key":"9f3649b69989","_type":"span","marks":[],"text":"The Multicast datapath is fully available for both Cilium OSS and Isovalent Enterprise for Cilium users, with the enterprise offering a CRD-based control plane to configure and manage multicast groups easily."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"21a5c0cd-bf5d-46c5-9a39-b356a7696b90","_type":"block","children":[{"_key":"e3f3304e-230a-4903-b5a3-b1c803cb6cdc","_type":"span","marks":[],"text":"Good to know before you start"}],"markDefs":[],"style":"h2"},{"_key":"4bb74748226a","_type":"block","children":[{"_key":"41356120868e","_type":"span","marks":[],"text":"The maximum number of multicast groups supported is 1024, and the maximum number of subscribers per group on each node is 1024."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"36a949606a8c","_type":"block","children":[{"_key":"2d5b7e96e757","_type":"span","marks":[],"text":"Cilium supports both "},{"_key":"1e62dd02ecd7","_type":"span","marks":["05b89cc57321"],"text":"IGMPv2"},{"_key":"784675ef0bac","_type":"span","marks":[],"text":" and "},{"_key":"ee46f5ccf46f","_type":"span","marks":["613da42e4ac8"],"text":"IGMPv3"},{"_key":"f668804ffc5d","_type":"span","marks":[],"text":" join and leave messages."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"05b89cc57321","_type":"link","href":"https://datatracker.ietf.org/doc/html/rfc2236"},{"_key":"613da42e4ac8","_type":"link","href":"https://datatracker.ietf.org/doc/html/rfc3376"}],"style":"normal"},{"_key":"dfe8fc4e60f8","_type":"block","children":[{"_key":"8d432906ab32","_type":"span","marks":[],"text":"Current limitations with Multicast running on a Kubernetes cluster with Cilium:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"5c71f4ba7905","_type":"block","children":[{"_key":"399152978a3b","_type":"span","marks":[],"text":"This feature works in tunnel routing mode and is currently restricted to the VxLAN tunnel."}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"21877c1d0bd8","_type":"block","children":[{"_key":"31d8656792e6","_type":"span","marks":[],"text":"Only IPv4 multicast is supported."}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"21a324906a44","_type":"block","children":[{"_key":"c17871147199","_type":"span","marks":[],"text":"Only IPsec transparent encryption is supported."}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"2bc35d36-9003-4990-8d64-cd287e459f6a","_type":"block","children":[{"_key":"39556f2c-84d8-4e09-b278-46e30a3ff072","_type":"span","marks":[],"text":"Pre-Requisites"}],"markDefs":[],"style":"h2"},{"_key":"59cb24a96669","_type":"block","children":[{"_key":"a978bffeb2e2","_type":"span","marks":[],"text":"The following prerequisites must be considered before you proceed with this tutorial."}],"markDefs":[],"style":"normal"},{"_key":"6950beaf6600","_type":"block","children":[{"_key":"5136914c3ca2","_type":"span","marks":[],"text":"An up-and-running Kubernetes cluster. If you don’t have one, you can create a cluster using one of these options:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"79ded1abf1b4","_type":"block","children":[{"_key":"4257a59697d0","_type":"span","marks":["9778a3184d2b"],"text":"AKS"}],"level":2,"listItem":"bullet","markDefs":[{"_key":"9778a3184d2b","_type":"link","href":"https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough"}],"style":"normal"},{"_key":"dcf336c7886b","_type":"block","children":[{"_key":"23561d27591a","_type":"span","marks":[],"text":"The following dependencies should be installed:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"3518ebf7171c","_type":"block","children":[{"_key":"f538c42d02db","_type":"span","marks":[],"text":"Install "},{"_key":"e8e5fe6ac0c8","_type":"span","marks":["67cf9b0a387f"],"text":"Azure CLI"},{"_key":"600f5e6d0f3d","_type":"span","marks":[],"text":"."}],"level":2,"listItem":"bullet","markDefs":[{"_key":"67cf9b0a387f","_type":"link","href":"https://learn.microsoft.com/en-us/cli/azure/install-azure-cli"}],"style":"normal"},{"_key":"d8a6cfa3e87b","_type":"block","children":[{"_key":"97b27ced5cef","_type":"span","marks":[],"text":"You should have an "},{"_key":"89b052722dd8","_type":"span","marks":["be0d65f1f1d0"],"text":"Azure Subscription"},{"_key":"0b78f7c66de4","_type":"span","marks":[],"text":"."}],"level":2,"listItem":"bullet","markDefs":[{"_key":"be0d65f1f1d0","_type":"link","href":"https://aka.ms/freeazure"}],"style":"normal"},{"_key":"75f86359ae78","_type":"block","children":[{"_key":"02a8dc4a9ff0","_type":"span","marks":[],"text":"Install "},{"_key":"0412edc25ff5","_type":"span","marks":["3ca6ffab7d14"],"text":"kubectl"},{"_key":"b9776d7f47e2","_type":"span","marks":[],"text":"."}],"level":2,"listItem":"bullet","markDefs":[{"_key":"3ca6ffab7d14","_type":"link","href":"https://kubernetes.io/releases/download/#kubectl"}],"style":"normal"},{"_key":"b926f4440885","_type":"block","children":[{"_key":"2e26d61010d9","_type":"span","marks":[],"text":"Install "},{"_key":"8ab14b628109","_type":"span","marks":["a58709685b3c"],"text":"Cilium CLI"},{"_key":"c42578388f38","_type":"span","marks":[],"text":"."}],"level":2,"listItem":"bullet","markDefs":[{"_key":"a58709685b3c","_type":"link","href":"https://docs.isovalent.com/operations-guide/monitoring/sysdump/index.html#install-cilium-cli"}],"style":"normal"},{"_key":"936a88eefdab","_type":"block","children":[{"_key":"2af3a89ac2b1","_type":"span","marks":[],"text":"Install "},{"_key":"ff702c4dc679","_type":"span","marks":["969542e6fcd4"],"text":"Helm"},{"_key":"2fd40d14c803","_type":"span","marks":[],"text":"."}],"level":2,"listItem":"bullet","markDefs":[{"_key":"969542e6fcd4","_type":"link","href":"https://helm.sh/docs/intro/install/"}],"style":"normal"},{"_key":"2ce649a76677","_type":"block","children":[{"_key":"890e2678f332","_type":"span","marks":[],"text":"Ensure that the kernel version on the Kubernetes nodes is >= 5.13"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"21f7747f-104e-4961-a218-5ea8f75fa4e1","_type":"block","children":[{"_key":"c4c1127d-1c7b-45f8-834f-4527c65c2b38","_type":"span","marks":[],"text":"How can you achieve Multicast functionality with Cilium?"}],"markDefs":[],"style":"h2"},{"_key":"bad66fba-2501-4ed7-abc7-44091318ca4b","_type":"block","children":[{"_key":"50fc13e2-e17b-46bb-8915-2cfbfeed97b9","_type":"span","marks":[],"text":"Create Kubernetes Cluster(s)"}],"markDefs":[],"style":"h3"},{"_key":"b7128a98-e921-46f2-90ab-e04ebdfbc0a1","_type":"block","children":[{"_key":"4964d90d-9a9e-489d-90e8-6807608c1601","_type":"span","marks":[],"text":"You can enable multicast on any Kubernetes cluster distribution as it applies to your use case. These clusters can be created from your local machine or a VM in the respective resource group/VPC/VNet in the respective cloud distribution. In this tutorial, we will be enabling Multicast on the following distribution:"}],"markDefs":[],"style":"normal"},{"_key":"f155c86fd3b1","_type":"block","children":[{"_key":"cd249ef70d6d","_type":"span","marks":["076706518f71"],"text":"Azure Kubernetes Service"},{"_key":"3884bd41f8a6","_type":"span","marks":[],"text":" (AKS)"}],"level":1,"listItem":"bullet","markDefs":[{"_key":"076706518f71","_type":"link","href":"https://azure.microsoft.com/en-in/products/kubernetes-service"}],"style":"normal"},{"_key":"e6a28c8ef488","_type":"block","children":[{"_key":"77336ce820e9","_type":"span","marks":[],"text":"Let's get started: Create an AKS cluster with BYOCNI."}],"markDefs":[],"style":"normal"},{"_key":"bb7416b51456","_type":"block","children":[{"_key":"e1f1d419463d","_type":"span","marks":[],"text":"Set the subscription"}],"markDefs":[],"style":"h4"},{"_key":"3661b025ad8d","_type":"block","children":[{"_key":"e6e190583be5","_type":"span","marks":[],"text":"Choose the subscription you want to use if you have multiple Azure subscriptions."}],"markDefs":[],"style":"normal"},{"_key":"f36b0ff64660","_type":"block","children":[{"_key":"d6a578ffdd3c","_type":"span","marks":[],"text":"Replace "},{"_key":"0c2b947c3fdf","_type":"span","marks":["code"],"text":"SubscriptionName"},{"_key":"06cb72cd957f","_type":"span","marks":[],"text":" with your subscription name."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"cada188b1164","_type":"block","children":[{"_key":"720bceb12420","_type":"span","marks":[],"text":"You can also use your subscription ID instead of your subscription name."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2025-06-05T13:54:49Z","_id":"3c79f142-f7f3-4092-8ccb-1565a3855a59","_key":"ddbbac2133b8","_ref":"3c79f142-f7f3-4092-8ccb-1565a3855a59","_rev":"CoxtE4vswqQZGyPwAPJwd1","_type":"codeBlock","_updatedAt":"2025-06-05T13:55:00Z","code":"az account set --subscription SubscriptionName\n","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"cilium-multicast-cloud-set-sub"},{"_key":"22c161ea84ec","_type":"block","children":[{"_key":"f01fae84f34e","_type":"span","marks":[],"text":"AKS Resource Group Creation"}],"markDefs":[],"style":"h4"},{"_key":"c7ddddd8d73b","_type":"block","children":[{"_key":"56f67decc512","_type":"span","marks":[],"text":"Create a Resource Group"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-06-05T13:55:49Z","_id":"30645cf9-c27a-434e-9be1-fbd12ca96f51","_key":"f119ba72e84a","_ref":"30645cf9-c27a-434e-9be1-fbd12ca96f51","_rev":"zw24YVCAexbHbDm58dxl3i","_type":"codeBlock","_updatedAt":"2025-06-05T13:56:01Z","code":"clusterName=\"mcastdemo\"\nresourceGroup=\"mcastdemo\"\nlocation=\"mcastdemo\"\n\naz group create --name $resourceGroup --location $location","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"cilium-multicast-cloud-aks-resource-group"},{"_key":"4c621a998cc2","_type":"block","children":[{"_key":"f01de1a26744","_type":"span","marks":[],"text":"AKS Cluster creation"}],"markDefs":[],"style":"h4"},{"_key":"dcc9cc3bd500","_type":"block","children":[{"_key":"495d59cbe389","_type":"span","marks":[],"text":"Pass the "},{"_key":"d16f1207717d","_type":"span","marks":["code"],"text":"--network-plugin"},{"_key":"d3ebe80f647e","_type":"span","marks":[],"text":" parameter with the parameter value of "},{"_key":"5cfdbc488401","_type":"span","marks":["code"],"text":"none"},{"_key":"51b962cdd929","_type":"span","marks":[],"text":"."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-06-05T13:56:24Z","_id":"8d0188b0-4710-436c-a3d2-1f25efa56f6b","_key":"90e2b9f127d9","_ref":"8d0188b0-4710-436c-a3d2-1f25efa56f6b","_rev":"CoxtE4vswqQZGyPwAPKK3J","_type":"codeBlock","_updatedAt":"2025-06-05T13:56:32Z","code":"az aks create -l $location -g $resourceGroup -n $clusterName --network-plugin none --kubernetes-version 1.29 --node-count 3\n","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"cilium-multicast-cloud-cluster-creation"},{"_key":"5cfdae0ee5c1","_type":"block","children":[{"_key":"39039246eee8","_type":"span","marks":[],"text":"Set the Kubernetes Context"}],"markDefs":[],"style":"h4"},{"_key":"9b459479e235","_type":"block","children":[{"_key":"87441321cc6e","_type":"span","marks":[],"text":"Log in to the Azure portal, browse Kubernetes Services>, select the respective Kubernetes service created (AKS Cluster), and click connect. This will help you connect to your AKS cluster and set the respective Kubernetes context."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-06-05T13:56:54Z","_id":"4fbf545f-efd7-4482-93c8-089153845c6c","_key":"ac86f62d8048","_ref":"4fbf545f-efd7-4482-93c8-089153845c6c","_rev":"CoxtE4vswqQZGyPwAPKRjm","_type":"codeBlock","_updatedAt":"2025-06-05T13:57:05Z","code":"az aks get-credentials $resourceGroup --$clusterName","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"cilium-multicast-cloud-set-k8s-context"},{"_key":"65458cbbf1d5","_type":"block","children":[{"_key":"3cc485130dc6","_type":"span","marks":[],"text":"Cluster status check"}],"markDefs":[],"style":"h4"},{"_key":"e547bea8adcb","_type":"block","children":[{"_key":"a1a361f0c6d4","_type":"span","marks":[],"text":"Check the status of the nodes and make sure they are in a “Ready” state."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-06-05T13:57:30Z","_id":"fca48e2d-f84c-40a7-9f29-792c63bd7c45","_key":"644252df0422","_ref":"fca48e2d-f84c-40a7-9f29-792c63bd7c45","_rev":"CoxtE4vswqQZGyPwAPKZK0","_type":"codeBlock","_updatedAt":"2025-06-05T13:57:36Z","code":"kubectl get nodes -o wide\n\nNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME\naks-nodepool1-18707500-vmss000000 Ready 8d v1.29.4 10.224.0.5 Ubuntu 22.04.4 LTS 5.15.0-1064-azure containerd://1.7.15-1\naks-nodepool1-18707500-vmss000001 Ready 8d v1.29.4 10.224.0.4 Ubuntu 22.04.4 LTS 5.15.0-1064-azure containerd://1.7.15-1\naks-nodepool1-18707500-vmss000002 Ready 8d v1.29.4 10.224.0.6 Ubuntu 22.04.4 LTS 5.15.0-1064-azure containerd://1.7.15-1","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"cilium-multicast-cloud-cluster-status-check"},{"_key":"30a945c85576","_type":"block","children":[{"_key":"39880e16d52d","_type":"span","marks":[],"text":"Install Isovalent Enteprise for Cilium"}],"markDefs":[],"style":"h4"},{"_key":"5ba8c5002138","_type":"block","children":[{"_key":"deeecd8cfc9c","_type":"span","marks":[],"text":"Users can contact their partner Sales/SE representative(s) at "},{"_key":"504af82f4ea9","_type":"span","marks":["d6a7d1dbfc6a"],"text":"sales@isovalent.com"},{"_key":"749e4a545404","_type":"span","marks":[],"text":" to access the requisite documentation and how to "},{"_key":"a5b7062c7898","_type":"span","marks":["da27d6f89892"],"text":"install Isovalent Enteprpise for Cilium on an AKS cluster with BYOCNI"},{"_key":"6387ecf126ab","_type":"span","marks":[],"text":" as the network plugin. "}],"markDefs":[{"_key":"d6a7d1dbfc6a","_type":"link","href":"mailto:sales@isovalent.com"},{"_key":"da27d6f89892","_type":"link","href":"https://docs.isovalent.com/operations-guide/installation/clean-install.html"}],"style":"normal"},{"_key":"3461b0a9a5fb","_type":"block","children":[{"_key":"8738886374e3","_type":"span","marks":[],"text":"Validate Cilium version"}],"markDefs":[],"style":"h4"},{"_key":"b068f0f69044","_type":"block","children":[{"_key":"e21a9a6cf684","_type":"span","marks":[],"text":"Check the version of cilium with "},{"_key":"a903740f46bd","_type":"span","marks":["code"],"text":"cilium version"},{"_key":"ecb3a908674c","_type":"span","marks":[],"text":":"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-06-05T13:58:59Z","_id":"59268b4a-061e-4ff8-8581-675bb4b2b168","_key":"931c922cc8f8","_ref":"59268b4a-061e-4ff8-8581-675bb4b2b168","_rev":"CoxtE4vswqQZGyPwAPKsU3","_type":"codeBlock","_updatedAt":"2025-06-05T13:59:07Z","code":"$1c","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"cilium-multicast-cloud-validate-cilium-version"},{"_key":"2b9bb6b00a78","_type":"block","children":[{"_key":"fcf5c2106347","_type":"span","marks":[],"text":"Cilium Health Check"}],"markDefs":[],"style":"h4"},{"_key":"f08b6a3e9f43","_type":"block","children":[{"_key":"cfe487fc86fd","_type":"span","marks":["code"],"text":"cilium-health"},{"_key":"7d11c0dcf2ab","_type":"span","marks":[],"text":" is a tool available in Cilium that provides visibility into the overall health of the cluster’s networking connectivity. You can check node-to-node health with cilium-health status:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-06-05T13:59:28Z","_id":"39099988-7ec0-422f-98ee-8995b70c3682","_key":"b39450a240eb","_ref":"39099988-7ec0-422f-98ee-8995b70c3682","_rev":"CoxtE4vswqQZGyPwAPKulX","_type":"codeBlock","_updatedAt":"2025-06-05T13:59:36Z","code":"$1d","lineNumbers":"hide","lineRestriction":7,"restrictHeight":false,"title":"cilium-multicast-cloud-health-check"},{"_key":"4157b3a5-c2ea-4f0f-885b-a6c1a190af42","_type":"block","children":[{"_key":"69b17d82-fb26-4f2c-898d-3a47844f5104","_type":"span","marks":[],"text":"How can we test Multicast with Cilium?"}],"markDefs":[],"style":"h2"},{"_key":"117c6b7a-52a9-4578-80a0-5178db055975","_type":"block","children":[{"_key":"c43c0496-569f-4766-9a45-6b61fdcb4cca","_type":"span","marks":[],"text":"We will go over creating some basic application(s) and manifests."}],"markDefs":[],"style":"normal"},{"_key":"55dfb6f8-da46-4682-abb3-ccc07c62b0bf","_type":"block","children":[{"_key":"69a224d6-777e-474f-884d-c0cf9657263f","_type":"span","marks":[],"text":"Configuration"}],"markDefs":[],"style":"h3"},{"_key":"74edc69e4b64","_type":"block","children":[{"_key":"2655dbc38c74","_type":"span","marks":[],"text":"Before pods can join multicast groups, "},{"_key":"6ab7f3768116","_type":"span","marks":["code"],"text":"IsovalentMulticastGroup"},{"_key":"6b36930189cc","_type":"span","marks":[],"text":" Resources must be configured to define which groups are enabled in the cluster."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"3d98ce40fa41","_type":"block","children":[{"_key":"805b3d7fdc99","_type":"span","marks":[],"text":"For this tutorial, groups "},{"_key":"25ae031f461d","_type":"span","marks":["code"],"text":"255.0.0.11"},{"_key":"bf95e8ce02f6","_type":"span","marks":[],"text":", "},{"_key":"804bea129c22","_type":"span","marks":["code"],"text":"255.0.0.12"},{"_key":"44b6fa4815be","_type":"span","marks":[],"text":", "},{"_key":"252b5c7d6ae6","_type":"span","marks":["code"],"text":"255.0.0.13"},{"_key":"f4b83cb75422","_type":"span","marks":[],"text":" are enabled in the cluster. Pods can then start joining and sending traffic to these groups."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:18Z","_id":"c00163a6-1a01-9fb6-cd00-340e43ef073d","_key":"da9ea452-4448-4996-9e60-a217799a851d","_ref":"c00163a6-1a01-9fb6-cd00-340e43ef073d","_rev":"9px8ir0NfLa6aydsXNQ4dy","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:30Z","code":"apiVersion: isovalent.com/v1alpha1\nkind: IsovalentMulticastGroup\nmetadata:\n name: multicast-groups\nspec:\n groupAddrs:\n - \"225.0.0.11\"\n - \"225.0.0.12\"\n - \"225.0.0.13\"","language":"yaml","title":"yaml - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"7cdf6602-2ce6-466e-a7ac-58fb3030bb0e","_type":"block","children":[{"_key":"02cef29f-6e65-43e3-aa5a-b9f2e891c6a1","_type":"span","marks":[],"text":"Apply the Custom Resource."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:19Z","_id":"e38b3a78-0588-df20-9ea6-d8c850bc9554","_key":"54ad6cdd-c540-4ff6-b699-6c5266773852","_ref":"e38b3a78-0588-df20-9ea6-d8c850bc9554","_rev":"P5GVFsWfT1LlxauxUA3h0O","_type":"codeBlock","_updatedAt":"2024-09-30T11:19:19Z","code":"kubectl create -f isovalent-multicast-group.yaml","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"3108e64d-dac5-48ed-8d01-3c53766b5b4c","_type":"block","children":[{"_key":"e06a58ff-fa70-44f7-8b82-c9a6f6064615","_type":"span","marks":[],"text":"Check if the Custom Resource has been applied."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:20Z","_id":"ba72ccee-6352-b4a8-1032-2bd4f69b37ec","_key":"5b3724e4-ccea-40b1-8bcb-292a2973ab22","_ref":"ba72ccee-6352-b4a8-1032-2bd4f69b37ec","_rev":"9px8ir0NfLa6aydsXNQ4nJ","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:32Z","code":"kubectl get crd -A | grep multicast\n\nisovalentmulticastgroups.isovalent.com 2024-06-05T14:13:29Z\nisovalentmulticastnodes.isovalent.com 2024-06-05T14:13:28Z","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"2b5ec22b-d0bd-47ea-84e4-9731baf0e975","_type":"block","children":[{"_key":"a0f045e3-84f8-4345-9944-e072f624f487","_type":"span","marks":[],"text":"Create sample deployment(s)"}],"markDefs":[],"style":"h3"},{"_key":"8f093d46-6f4f-40bb-9c50-578cf6fa0933","_type":"block","children":[{"_key":"5d74ec16-5d69-4eb1-ad51-cd64c919880d","_type":"span","marks":[],"text":"In this tutorial, we will create four pods on a three-node Kubernetes cluster, which will participate in joining the multicast group and sending multicast packets. Pod deployment is done using the following:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:21Z","_id":"dfca31e2-10ea-e37a-38f0-6b1bce8be17d","_key":"f31139dd-96a0-4cbc-8ee3-bb30af9d92bc","_ref":"dfca31e2-10ea-e37a-38f0-6b1bce8be17d","_rev":"9px8ir0NfLa6aydsXNQ4we","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:33Z","code":"apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: netshoot\nspec:\n replicas: 4\n selector:\n matchLabels:\n app: netshoot\n template:\n metadata:\n labels:\n app: netshoot\n spec:\n terminationGracePeriodSeconds: 1\n containers:\n - name: netshoot\n image: nicolaka/netshoot:latest\n imagePullPolicy: Always\n command: [\"sleep\", \"infinite\"]","language":"yaml","title":"yaml - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"9de96cd7-b34e-4e8e-abdf-88eb322e572d","_type":"block","children":[{"_key":"c4ec98cd-4916-4974-b25f-d95a919d8343","_type":"span","marks":[],"text":"Deploy the Deployment using:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:22Z","_id":"94c3c427-e27d-0b9e-8844-84c0e236072a","_key":"19b460e6-a6fe-431e-8646-171fe3bd5f31","_ref":"94c3c427-e27d-0b9e-8844-84c0e236072a","_rev":"9px8ir0NfLa6aydsXNQ52s","_type":"codeBlock","_updatedAt":"2024-09-30T11:19:22Z","code":"kubectl create -f netshoot-ds.yaml","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"9ef62f65-2be0-44ab-a314-b0405535bfea","_type":"block","children":[{"_key":"e9e39010-f2eb-4eb3-a364-0a5a53868518","_type":"span","marks":[],"text":"Verify the status of the deployment."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:23Z","_id":"cc1568b0-75a3-e5b7-7502-8e6d1e590af2","_key":"79ae21f6-ac64-4fe9-9691-d5845d99bbb4","_ref":"cc1568b0-75a3-e5b7-7502-8e6d1e590af2","_rev":"9px8ir0NfLa6aydsXNQ596","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:35Z","code":"$1e","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"f17d71c7-23c9-45fa-a1b1-187bed21bd9f","_type":"block","children":[{"_key":"9c2092cb-02eb-489c-a1f2-b0f139f379dd","_type":"span","marks":[],"text":"Multicast Group Validation"}],"markDefs":[],"style":"h3"},{"_key":"524f51f2327d","_type":"block","children":[{"_key":"5e90ad3721d5","_type":"span","marks":[],"text":"Validate the configured "},{"_key":"6635436d662e","_type":"span","marks":["code"],"text":"IsovalentMulticastGroup"},{"_key":"c83db8964070","_type":"span","marks":[],"text":" Resource and inspect its contents:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:24Z","_id":"f714893d-fe7d-59cd-78a4-aac01e4367da","_key":"641fdba1-ed6e-4b3d-aa92-cc44658b5bc2","_ref":"f714893d-fe7d-59cd-78a4-aac01e4367da","_rev":"OROFduE3hZo2ZAcYWK1LHc","_type":"codeBlock","_updatedAt":"2025-06-05T14:00:52Z","code":"kubectl get isovalentmulticastgroups -o yaml\n\napiVersion: v1\nitems:\n- apiVersion: isovalent.com/v1alpha1\n kind: IsovalentMulticastGroup\n metadata:\n creationTimestamp: \"2024-06-05T14:15:32Z\"\n generation: 1\n name: multicast-groups\n resourceVersion: \"22719\"\n uid: e4ff9973-69de-4820-aac2-b5f49e441dce\n spec:\n groupAddrs:\n - 225.0.0.11\n - 225.0.0.12\n - 225.0.0.13\nkind: List\nmetadata:\n resourceVersion: \"\"","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"5d6880ab-492b-4202-8671-d3c219e02f55","_type":"block","children":[{"_key":"ddb103da-5c1d-48b6-b2e2-8533c979adc3","_type":"span","marks":[],"text":"Each cilium agent pod contains the CLI cilium-dbg, which can be used to inspect multicast BPF maps. This command will list all the groups configured on the node."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:25Z","_id":"c818de19-e740-6fed-921b-4265b729ee0b","_key":"e4d01e36-221a-48a3-8b98-73b636fc6272","_ref":"c818de19-e740-6fed-921b-4265b729ee0b","_rev":"P5GVFsWfT1LlxauxUA3j20","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:37Z","code":"kubectl -n kube-system exec -it ds/cilium -c cilium-agent -- cilium-dbg bpf multicast group list\n\nGroup Address\n225.0.0.11\n225.0.0.12\n225.0.0.13","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"00d319d1-744e-4c7f-b89f-e3f6806e40d1","_type":"block","children":[{"_key":"a7ee14df-0284-44f3-8415-90ba614a1f5c","_type":"span","marks":[],"text":"Add multicast subscribers"}],"markDefs":[],"style":"h3"},{"_key":"93336a9f4a15","_type":"block","children":[{"_key":"2444cf0c8c15","_type":"span","marks":[],"text":"Pods that want to join multicast groups must send out IGMP join messages for specific group addresses. In this tutorial, pods "},{"_key":"0ca5652d862a","_type":"span","marks":["code"],"text":"netshoot-665b547d78-kgqnc"},{"_key":"9122875b169e","_type":"span","marks":[],"text":", "},{"_key":"71bbda29b454","_type":"span","marks":["code"],"text":"netshoot-665b547d78-wqhvh"},{"_key":"6a7de9d2a636","_type":"span","marks":[],"text":" & "},{"_key":"3f89878e8d5d","_type":"span","marks":["code"],"text":"netshoot-665b547d78-zwhvh"},{"_key":"aede48457e4c","_type":"span","marks":[],"text":" join multicast group "},{"_key":"1ef28a18bd59","_type":"span","marks":["code"],"text":"225.0.0.11"},{"_key":"2e33ab38d646","_type":"span","marks":[],"text":"."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"55970a634241","_type":"block","children":[{"_key":"5e858a6b1516","_type":"span","marks":[],"text":"Using "},{"_key":"c88774615594","_type":"span","marks":["code"],"text":"socat"},{"_key":"7407b8ef1694","_type":"span","marks":[],"text":"; which receives multicast packets addressed to 225.0.0.11 and forks a child process for each."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"f0b926dc136f","_type":"block","children":[{"_key":"c13708196fb8","_type":"span","marks":[],"text":"The child processes may each send one or more reply packets to the particular sender. Run this command on several hosts, and they will all respond in parallel."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:26Z","_id":"36cdde46-9653-7294-b298-eff0a76018f0","_key":"220616d0-3840-4278-9134-0c2406f29b30","_ref":"36cdde46-9653-7294-b298-eff0a76018f0","_rev":"P5GVFsWfT1LlxauxUA3jJ8","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:38Z","code":"kubectl exec -it netshoot-665b547d78-kgqnc -- bash\nnetshoot-665b547d78-kgqnc:~# socat UDP4-RECVFROM:6666,ip-add-membership=225.0.0.11:0.0.0.0,fork -\n\nkubectl exec -it netshoot-665b547d78-wqhvh -- bash\nnetshoot-665b547d78-wqhvh:~# socat UDP4-RECVFROM:6666,ip-add-membership=225.0.0.11:0.0.0.0,fork -\n\nkubectl exec -it netshoot-665b547d78-zwhvh -- bash\nnetshoot-665b547d78-zwhvh:~# socat UDP4-RECVFROM:6666,ip-add-membership=225.0.0.11:0.0.0.0,fork -","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"cb627bb0-ca23-4cc0-9b11-8ffc49108114","_type":"block","children":[{"_key":"067186cb-732f-406a-9eb2-62fdddbe6362","_type":"span","marks":[],"text":"Validate multicast subscribers"}],"markDefs":[],"style":"h3"},{"_key":"cde999ff23a0","_type":"block","children":[{"_key":"fa6cf99f43f7","_type":"span","marks":[],"text":"You can validate that subscribers are tracked in BPF maps using the command, "},{"_key":"d56eba675d6c","_type":"span","marks":["code"],"text":"cilium-dbg bpf multicast subscriber list all"},{"_key":"7ab6fafad24c","_type":"span","marks":[],"text":". Note that the subscriber list command displays information from the perspective of a given node."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:27Z","_id":"1dfe4be6-28f3-0e21-1a0f-07e4441e6daf","_key":"d4b3e2a8-d77e-4c67-9d62-e5efb8748bdf","_ref":"1dfe4be6-28f3-0e21-1a0f-07e4441e6daf","_rev":"P5GVFsWfT1LlxauxUA3jRh","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:39Z","code":"kubectl -n kube-system exec -it ds/cilium -c cilium-agent -- cilium-dbg bpf multicast subscriber list all\n\nGroup Subscriber Type\n225.0.0.11 10.1.0.247 Local Endpoint\n 10.224.0.4 Remote Node\n 10.224.0.6 Remote Node\n225.0.0.12\n225.0.0.13","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"0e1e4684-fee7-4a95-a73c-f08d7c8b88a9","_type":"block","children":[{"_key":"cb7c5546-8581-4787-beee-8377e42577ee","_type":"span","marks":[],"text":"In this output, one local pod subscribes to a multicast group, and two other nodes have pods joining the group 225.0.0.11."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"79806435-d996-4b3e-b393-917bd571a73f","_type":"block","children":[{"_key":"0950f34e-fbc0-446f-8932-e7ac61f5bdb3","_type":"span","marks":[],"text":"Generating Multicast Traffic"}],"markDefs":[],"style":"h3"},{"_key":"cab9f5860c16","_type":"block","children":[{"_key":"3028e18d61c0","_type":"span","marks":[],"text":"Multicast Traffic can be generated from one of the Netshoot pods; all subscribers should receive it."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"e599d0ec80d3","_type":"block","children":[{"_key":"a68cd95bb5e1","_type":"span","marks":[],"text":"When Multicast Traffic is sent from "},{"_key":"926d66123a13","_type":"span","marks":["code"],"text":"netshoot-665b547d78-kgqnc"},{"_key":"19f41b3b3501","_type":"span","marks":[],"text":" Pod:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:28Z","_id":"08f32503-7b71-b1d7-deef-ca523204ec41","_key":"c26c1fd5-ae89-4ace-bb8a-4dec01c77c1e","_ref":"08f32503-7b71-b1d7-deef-ca523204ec41","_rev":"be3C7ysj1QqQyrHso4aErd","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:40Z","code":"kubectl exec -it netshoot-665b547d78-kgqnc -- bash\nnetshoot-665b547d78-kgqnc:~# echo \"hello, multicast!\" | socat -u - UDP4-DATAGRAM:225.0.0.11:6666","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"64a56d9b-e502-4e55-9231-9475b3283b42","_type":"block","children":[{"_key":"6ea72b11-b650-4533-b853-af697642019f","_type":"span","marks":[],"text":"Multicast Traffic is received by all three pods."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:29Z","_id":"5b449454-338a-c462-a275-516b931a2983","_key":"4acab1d3-990e-4fa2-a405-17a5c3252bbe","_ref":"5b449454-338a-c462-a275-516b931a2983","_rev":"be3C7ysj1QqQyrHso4aEzf","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:41Z","code":"netshoot-665b547d78-st4m6:~# socat UDP4-RECVFROM:6666,ip-add-membership=225.0.0.11:0.0.0.0,fork -\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!\n\nnetshoot-665b547d78-wqhvh:~# socat UDP4-RECVFROM:6666,ip-add-membership=225.0.0.11:0.0.0.0,fork -\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!\n\nnetshoot-665b547d78-zwhvh:~# socat UDP4-RECVFROM:6666,ip-add-membership=225.0.0.11:0.0.0.0,fork -\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!\nhello, multicast!","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"1e05735f-7e10-4cd1-b257-03e76dee5be9","_type":"block","children":[{"_key":"27a4b97d-0867-4f50-8083-07499aa500c0","_type":"span","marks":[],"text":"How can I verify Multicast Traffic?"}],"markDefs":[],"style":"h3"},{"_key":"6f984a3a42c2","_type":"block","children":[{"_key":"86eb277c9849","_type":"span","marks":[],"text":"One common question is how to verify traffic for a protocol type you set up the testbed for. In this case, for multicast, you can verify "},{"_key":"1cf0ba7aac97","_type":"span","marks":["code"],"text":"IGMP join"},{"_key":"3cf57a5f8abd","_type":"span","marks":[],"text":" message being sent from the netshoot-* pods."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"078aa0418002","_type":"block","children":[{"_key":"fec48bf630b1","_type":"span","marks":[],"text":"tcpdump needs to be installed on the netshoot pods via "},{"_key":"98a6cb743e6f","_type":"span","marks":["code"],"text":"apt-get install tcpdump"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:30Z","_id":"594e370d-50e9-078b-adca-18047331e77c","_key":"3a2ef7f5-1b4c-49fc-bdee-6daf5871dc88","_ref":"594e370d-50e9-078b-adca-18047331e77c","_rev":"9px8ir0NfLa6aydsXNQ5kS","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:42Z","code":"kubectl exec -it netshoot-665b547d78-kgqnc -- bash\n\nnetshoot-665b547d78-kgqnc:~# tcpdump -nni eth0\ntcpdump: verbose output suppressed, use -v[v]... for full protocol decode\nlistening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes\n07:13:05.805199 IP 10.1.0.247.48563 > 225.0.0.11.6666: UDP, length 18\n15:25:16.282821 IP 10.1.2.73 > 224.0.0.22: igmp v3 report, 1 group record(s)\n15:25:17.038823 IP 10.1.2.73 > 224.0.0.22: igmp v3 report, 1 group record(s)\n07:13:09.544662 IP 10.1.0.247.60078 > 225.0.0.11.6666: UDP, length 18\n07:13:10.436808 IP 10.1.0.247.41324 > 225.0.0.11.6666: UDP, length 18","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"5897ece6-3aa8-47ca-bea7-bb07fb2586db","_type":"block","children":[{"_key":"15d073f2-18e7-4418-97f9-0f858a360d11","_type":"span","marks":[],"text":"How can I observe Multicast Traffic?"}],"markDefs":[],"style":"h2"},{"_key":"fda6d2ba-f887-4bcb-97a4-d31a3ba9842b","_type":"block","children":[{"_key":"51b3ca9a-5fa9-44cd-a113-abad6131fb2f","_type":"span","marks":[],"text":"In an enterprise environment, the key is to ensure that the intended traffic is closely examined and anomalies, if detected, are worked upon. To observe Multicast Traffic, you can install Isovalent Enterprise for Tetragon and look at the respective metrics provided by ServiceMonitor to Grafana."}],"markDefs":[],"style":"normal"},{"_key":"376ea265-dffd-441d-9d09-2a87167c8a9a","_type":"block","children":[{"_key":"2f31046b-91cf-48f5-bf30-b39f64ba58dc","_type":"span","marks":[],"text":"What is Tetragon?"}],"markDefs":[],"style":"h3"},{"_key":"3fad8dcd-eff4-4dba-a33d-1363d62619e3","_type":"block","children":[{"_key":"5dc3561c-1790-42f9-948e-3c3d586a6b56","_type":"span","marks":["56d8ce42-1ee7-4ed5-9ed8-ef3dc72a5a48"],"text":"Tetragon"},{"_key":"fe498eaf-c988-40ca-bbff-10c238fd3cd0","_type":"span","marks":[],"text":" provides powerful security observability and a real-time runtime enforcement platform. The creators of Cilium have built Tetragon and brought the full power of eBPF to the security world."}],"markDefs":[{"_key":"56d8ce42-1ee7-4ed5-9ed8-ef3dc72a5a48","_type":"link","href":"/projects/tetragon/","openInNewTab":true}],"style":"normal"},{"_key":"3811a95b-4282-423c-b110-c501b6815a4b","_type":"block","children":[{"_key":"e4df429b-6dfd-4dfb-8673-e6d30d6398cc","_type":"span","marks":[],"text":"Tetragon helps platform and security teams solve the following:"}],"markDefs":[],"style":"normal"},{"_key":"bdd65bd027ac","_type":"block","children":[{"_key":"c2c17583ddb9","_type":"span","marks":["strong"],"text":"Security Observability:"}],"markDefs":[],"style":"normal"},{"_key":"de69f6650d99","_type":"block","children":[{"_key":"2f6abe9b223a","_type":"span","marks":[],"text":"Observing application and system behavior such as process, syscall, file, and network activity"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"35967fba0251","_type":"block","children":[{"_key":"a43df3a34994","_type":"span","marks":[],"text":"Tracing namespace, privilege, and capability escalations"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"cbaa60e161de","_type":"block","children":[{"_key":"f2a249983f6d","_type":"span","marks":[],"text":"File integrity monitoring"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"eb4342531e1d","_type":"block","children":[{"_key":"2eb43acf20e7","_type":"span","marks":["strong"],"text":"Runtime Enforcement:"}],"markDefs":[],"style":"normal"},{"_key":"c299bd635281","_type":"block","children":[{"_key":"b7c4dd5be271","_type":"span","marks":[],"text":"Application of security policies to limit the privileges of applications and processes on a system (system calls, file access, network, kprobes)"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"a3e67f48-cbcb-420c-9acc-db29911803f2","_type":"block","children":[{"_key":"23161dae-6a9a-4b8f-8117-2be64804ca39","_type":"span","marks":[],"text":"How can I install Isovalent Enterprise for Tetragon?"}],"markDefs":[],"style":"h4"},{"_key":"91bb0aed-762d-4237-9e07-35663f3abc5e","_type":"block","children":[{"_key":"4714fa27-54ea-41cb-8a25-84aaf6097205","_type":"span","marks":[],"text":"To obtain the helm values to install Isovalent Enterprise for Tetragon and access to Enterprise documentation, reach out to "},{"_key":"f89e9286-3e12-41fc-b5b0-14154a2fc9fb","_type":"span","marks":["a6e0c0e3-76b6-400b-9287-2cbcacc07012"],"text":"our sales team"},{"_key":"bc51a7a6-eaf7-41ad-848d-fe88fb02342a","_type":"span","marks":[],"text":" and "},{"_key":"f11dcb6a-776b-4a82-9d1f-92e4fffc5449","_type":"span","marks":["571ef6ec-636a-4904-9d23-f61a07b8d030"],"text":"support@isovalent.com"}],"markDefs":[{"_key":"a6e0c0e3-76b6-400b-9287-2cbcacc07012","_type":"link","href":"/contact-sales/","openInNewTab":true},{"_key":"571ef6ec-636a-4904-9d23-f61a07b8d030","_type":"link","href":"mailto:support@isovalent.com","openInNewTab":true}],"style":"normal"},{"_key":"3bc1c599-66db-4e30-890e-473622b93e31","_type":"block","children":[{"_key":"343c7141-eec3-4793-8d40-8968d2656939","_type":"span","marks":[],"text":"Integrate Prometheus & Grafana with Tetragon"}],"markDefs":[],"style":"h3"},{"_key":"01a9854f9c3a","_type":"block","children":[{"_key":"f53070c5627c","_type":"span","marks":["7b92869c68bd"],"text":"Install"},{"_key":"6aff90af8036","_type":"span","marks":[],"text":" Prometheus and Grafana."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"7b92869c68bd","_type":"link","href":"https://grafana.com/docs/grafana/latest/getting-started/get-started-grafana-prometheus/"}],"style":"normal"},{"_key":"97d156d8de8e","_type":"block","children":[{"_key":"611f2908727c","_type":"span","marks":[],"text":"To access the Enterprise documentation for "},{"_key":"e01285b5d9c1","_type":"span","marks":["a24ca752dc76"],"text":"integrating"},{"_key":"2dd4065159e4","_type":"span","marks":[],"text":" Tetragon with Prometheus and Grafana, contact "},{"_key":"f65bada80bdf","_type":"span","marks":["9fd2f1e7ac5b"],"text":"our sales team"},{"_key":"e8f7b807f38c","_type":"span","marks":[],"text":" and "},{"_key":"1063a65217e1","_type":"span","marks":["3ed3b6eb4281"],"text":"support@isovalent.com"},{"_key":"671860aeef3f","_type":"span","marks":[],"text":"."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"a24ca752dc76","_type":"link","href":"https://docs.isovalent.com/operations-guide/features/tetragon/configuration/grafana.html"},{"_key":"9fd2f1e7ac5b","_type":"link","href":"/contact-sales/","openInNewTab":true},{"_key":"3ed3b6eb4281","_type":"link","href":"mailto:support@isovalent.com"}],"style":"normal"},{"_key":"035df3caba81","_type":"block","children":[{"_key":"f34439a3626e","_type":"span","marks":[],"text":"Integrated multicast and UDP socket dashboards can be obtained by contacting "},{"_key":"734bf091f148","_type":"span","marks":["a27239e74810"],"text":"our sales team"},{"_key":"462c74dbccdc","_type":"span","marks":[],"text":" and "},{"_key":"f4dc4b100a70","_type":"span","marks":["cadbc66bc642"],"text":"support@isovalent.com"},{"_key":"89c0d7a311a8","_type":"span","marks":[],"text":"."}],"level":1,"listItem":"bullet","markDefs":[{"_key":"a27239e74810","_type":"link","href":"/contact-sales/","openInNewTab":true},{"_key":"cadbc66bc642","_type":"link","href":"mailto:support@isovalent.com"}],"style":"normal"},{"_key":"e9d869e99e0e","_type":"block","children":[{"_key":"4dfdb006da4d","_type":"span","marks":[],"text":"Apply the UDP & Interface parser tracing policies from the above links."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"eb977bef0e10","_type":"block","children":[{"_key":"f447eeea7501","_type":"span","marks":[],"text":"Enabling the UDP sensor provides eBPF observability for the following features:"}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"cafd5259ee14","_type":"block","children":[{"_key":"eb45195e7516","_type":"span","marks":[],"text":"UDP TX/RX Traffic"}],"level":3,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"cd31877a0d0c","_type":"block","children":[{"_key":"c89a913ccbe3","_type":"span","marks":[],"text":"UDP TX/RX Segments"}],"level":3,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"08d205e74854","_type":"block","children":[{"_key":"f9a155f5f581","_type":"span","marks":[],"text":"UDP TX/RX Bursts"}],"level":3,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"ef3d4887f163","_type":"block","children":[{"_key":"7226fefe4861","_type":"span","marks":[],"text":"UDP Latency Histogram"}],"level":3,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"555842951b7e","_type":"block","children":[{"_key":"b5198cd704b5","_type":"span","marks":[],"text":"UDP Multicast TX/RX Traffic"}],"level":3,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"fa88511045f4","_type":"block","children":[{"_key":"040a375c99e2","_type":"span","marks":[],"text":"UDP Multicast TX/RX Segments"}],"level":3,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"b4807af9910e","_type":"block","children":[{"_key":"d3c7ace6c347","_type":"span","marks":[],"text":"UDP Multicast TX/RX Bursts"}],"level":3,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"258f30f07bc4","_type":"block","children":[{"_key":"558c6fc2c93d","_type":"span","marks":[],"text":"The UDP parser provides UDP state visibility into your Kubernetes cluster for your microservices."}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"d293c8f08e30","_type":"block","children":[{"_key":"5215045570f1","_type":"span","marks":[],"text":"We can observe the network metrics with Tetragon and trace the pod binary/process originating."}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"7e5390cd0bc5","_type":"block","children":[{"_key":"13227b6715d0","_type":"span","marks":[],"text":"To access the Grafana dashboard, forward the traffic to your local machine or a respective machine from where access is available."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"7b9f831ffa84","_type":"block","children":[{"_key":"01e7c7577158","_type":"span","marks":[],"text":"Grafana can also be accessed via a service of the type "},{"_key":"567ade518377","_type":"span","marks":["code"],"text":"LoadBalancer"},{"_key":"febdeec8c023","_type":"span","marks":[],"text":"."}],"level":2,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:31Z","_id":"6f4fb510-5640-1635-71b9-44dbc40b70d6","_key":"cfa2c089-e328-4e6f-80d9-56f44abd85a4","_ref":"6f4fb510-5640-1635-71b9-44dbc40b70d6","_rev":"9px8ir0NfLa6aydsXNQ638","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:43Z","code":"kubectl -n monitoring port-forward service/prometheus-grafana --address 0.0.0.0 --address :: 80:80","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"b341808a-6691-437c-8a78-427d618db674","_type":"block","children":[{"_key":"d56f414a-c310-4c38-8877-5fa8303a3bd3","_type":"span","marks":[],"text":"Log in to the Grafana dashboard with the requisite credentials, browse to dashboards, and click on the dashboard named \"Tetragon/ UDP Throughput/ Socket.\""}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:48Z","_id":"b1640ac1-a23a-9894-2051-8c346e0cc9ab","_key":"cd9cf733-02fc-40d9-b657-30700513030c","_ref":"b1640ac1-a23a-9894-2051-8c346e0cc9ab","_rev":"JCrmgH7yUJEJLfT0pHmQoH","_type":"mediaImage","_updatedAt":"2024-09-30T11:19:48Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-e111ac2ab2ef90534a1aa9dff6ce1455fd512e63-2718x1420-jpg","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"UDP-Throughput-Socket-Tetragon.jpg","size":"large","title":"UDP-Throughput-Socket-Tetragon.jpg - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/e111ac2ab2ef90534a1aa9dff6ce1455fd512e63-2718x1420.jpg"},{"_createdAt":"2024-09-30T11:19:49Z","_id":"cf47bde8-cab1-5c7d-a3cd-fe8863a924aa","_key":"38784b81-0155-4ba3-9e78-60d32ce81213","_ref":"cf47bde8-cab1-5c7d-a3cd-fe8863a924aa","_rev":"KumNi9dIgfgqhzzomxnrTn","_type":"mediaImage","_updatedAt":"2024-09-30T11:19:49Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-16982386b7c90e64b47d74e2660a089a7962b7a9-2816x1370-jpg","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"UDP-Throughput-Socket-Tetragon_1.jpg","size":"large","title":"UDP-Throughput-Socket-Tetragon_1.jpg - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/16982386b7c90e64b47d74e2660a089a7962b7a9-2816x1370.jpg"},{"_key":"8cd08994-5eb9-4dd1-abba-12b7b189c458","_type":"block","children":[{"_key":"5aa77c11-d180-4a3a-abdb-8314e1d85d58","_type":"span","marks":[],"text":"Visualize metrics for a specific multicast group."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:47Z","_id":"b57abd34-5906-554a-99ee-5a15543e7c57","_key":"1663ba93-1959-415f-84a6-0b1e9f57d458","_ref":"b57abd34-5906-554a-99ee-5a15543e7c57","_rev":"KumNi9dIgfgqhzzomxnrDj","_type":"mediaImage","_updatedAt":"2024-09-30T11:19:47Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-dd3435b2faab359a1e4a637129e90f109e5c018c-2734x894-jpg","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"Tetragon_Dashboard_1.jpg","size":"large","title":"Tetragon_Dashboard_1.jpg - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/dd3435b2faab359a1e4a637129e90f109e5c018c-2734x894.jpg"},{"_createdAt":"2024-09-30T11:19:50Z","_id":"f6de9bf6-3ff8-d259-c2fe-a84490594031","_key":"75d8f03f-15aa-4e5b-a622-85f81d39adc6","_ref":"f6de9bf6-3ff8-d259-c2fe-a84490594031","_rev":"KumNi9dIgfgqhzzomxnreV","_type":"mediaImage","_updatedAt":"2024-09-30T11:19:50Z","alignment":"center","image":{"_type":"image","asset":{"_ref":"image-9a9804090a46ba502901472249b5ce28534c5bbe-2864x1368-jpg","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"languages":["en"],"originalFilename":"Tetragon_Dashboard_2.jpg","size":"large","title":"Tetragon_Dashboard_2.jpg - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Image","url":"https://cdn.sanity.io/images/xinsvxfu/production/9a9804090a46ba502901472249b5ce28534c5bbe-2864x1368.jpg"},{"_key":"caacbc48-4980-4201-829a-fded88bfc6de","_type":"block","children":[{"_key":"1c576f83-d389-4f0a-97f4-e62c8a6edcf5","_type":"span","marks":[],"text":"How do I check Tetragon values and metrics if I don't have access to Grafana?"}],"markDefs":[],"style":"h3"},{"_key":"2ca34d44062a","_type":"block","children":[{"_key":"588c8b2e0351","_type":"span","marks":[],"text":"You can also look at the raw stats by doing a simple curl to the Tetragon service. Look for the raw stats and then export them to your chosen SIEM. As an example:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"33ce715dd3bf","_type":"block","children":[{"_key":"9ee329d5bee9","_type":"span","marks":[],"text":"In the scenario above, the Tetragon service is running on the following:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:32Z","_id":"a00914ba-e4f2-d837-4c6f-ae5305b7749b","_key":"0e4b4566-e2d6-4c12-9983-7d83885b28ee","_ref":"a00914ba-e4f2-d837-4c6f-ae5305b7749b","_rev":"9px8ir0NfLa6aydsXNQ69M","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:44Z","code":"kubectl get svc -n kube-system | grep tetragon\ntetragon ClusterIP 10.0.134.122 2112/TCP 12d","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"bda0e211-8d46-461d-ad86-017c915f643a","_type":"block","children":[{"_key":"2b547906-0255-45d4-9255-cfec3c441fec","_type":"span","marks":[],"text":"Login to one of the workloads from where the Tetragon service is accessible:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:33Z","_id":"d5aac19c-4c4e-7d03-eaac-8f9f2cda3fef","_key":"31760c63-07c0-4d0d-9def-bffeebe77362","_ref":"d5aac19c-4c4e-7d03-eaac-8f9f2cda3fef","_rev":"OROFduE3hZo2ZAcYWK2btv","_type":"codeBlock","_updatedAt":"2025-06-05T14:04:56Z","code":"$1f","lineRestriction":7,"restrictHeight":true,"title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"e6a35ed5-3782-42a8-8094-6c9217a0d0b5","_type":"block","children":[{"_key":"2df53439-8312-422a-8334-7eb82190568b","_type":"span","marks":[],"text":"Can I encrypt Multicast Traffic?"}],"markDefs":[],"style":"h2"},{"_key":"e18bd530-4758-49b7-90f0-e9523ddd07bb","_type":"block","children":[{"_key":"c2af80da-bc74-4c59-8369-bb45d484137c","_type":"span","marks":[],"text":"While developing this feature, some customers asked us to encrypt Multicast Traffic. We are happy to announce that you can use IPsec transparent encryption to enable traffic encryption between pods across nodes."}],"markDefs":[],"style":"normal"},{"_key":"38fa5a60-ad74-4fd4-ad54-a2ed73ab9a38","_type":"block","children":[{"_key":"d324bcd1-5d4a-4348-9140-11b49f557b2d","_type":"span","marks":[],"text":"Configuration"}],"markDefs":[],"style":"h3"},{"_key":"bbfe6060e935","_type":"block","children":[{"_key":"363b9f732966","_type":"span","marks":["strong"],"text":"Sysctl"},{"_key":"7665cb3a1f4a","_type":"span","marks":[],"text":"– The following sysctl must be configured on the nodes to allow encrypted Multicast Traffic to be forwarded correctly:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:34Z","_id":"1a823703-4bf0-c441-dbf5-f123731210f7","_key":"19202800-d9f5-40ec-b9ca-fd42948a592f","_ref":"1a823703-4bf0-c441-dbf5-f123731210f7","_rev":"P5GVFsWfT1LlxauxUA3k5f","_type":"codeBlock","_updatedAt":"2024-09-30T11:19:34Z","code":"net.ipv4.conf.all.accept_local=1","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"1d60d8904b4d","_type":"block","children":[{"_key":"fff06298a11e","_type":"span","marks":["strong"],"text":"IPsec secret"},{"_key":"4f190ff18f0e","_type":"span","marks":[],"text":"– A Kubernetes secret should consist of one key-value pair where the key is the file’s name to be mounted as a volume in cilium-agent pods. Configure an IPsec secret using the following command:"}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:35Z","_id":"d214bbb3-fc90-d9af-f6e1-f8ae22dfc7f6","_key":"009ec868-f969-4540-832c-c286377abbb2","_ref":"d214bbb3-fc90-d9af-f6e1-f8ae22dfc7f6","_rev":"9px8ir0NfLa6aydsXNQ6eU","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:47Z","code":"kubectl create -n kube-system secret generic cilium-ipsec-keys --from-literal=keys=\"3+ rfc4106(gcm(aes)) $(echo $(dd if=/dev/urandom count=20 bs=1 2> /dev/null | xxd -p -c 64)) 128\"","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"06747ddecfcd","_type":"block","children":[{"_key":"0ebe0198d042","_type":"span","marks":[],"text":"The secret can be listed by "},{"_key":"77e01e302e14","_type":"span","marks":["code"],"text":"kubectl-n kube-system get secrets"},{"_key":"a8d0c7bf5b8b","_type":"span","marks":[],"text":" and will be listed as "},{"_key":"4c5b7dcb9ef9","_type":"span","marks":["code"],"text":"cilium-ipsec-keys"},{"_key":"c6abee227348","_type":"span","marks":[],"text":"."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:36Z","_id":"1d63a45a-de77-f84d-a01c-ade941fd1cbd","_key":"807ed987-8d19-4745-83fc-685c3a9ec459","_ref":"1d63a45a-de77-f84d-a01c-ade941fd1cbd","_rev":"P5GVFsWfT1LlxauxUA3kBN","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:48Z","code":"kubectl -n kube-system get secrets cilium-ipsec-keys\n\nNAME TYPE DATA AGE\ncilium-ipsec-keys Opaque 1 12d","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"cf9b47bb4fe8","_type":"block","children":[{"_key":"c69d023903ba","_type":"span","marks":[],"text":"In addition to the IPsec configuration that encrypts unicast traffic between pod to remote node pods, you can set the "},{"_key":"38cf642b2bd2","_type":"span","marks":["code","strong"],"text":"enable-ipsec-encrypted-overlay"},{"_key":"fa91ea87ef2e","_type":"span","marks":[],"text":" config option to "},{"_key":"ca79e1399381","_type":"span","marks":["code"],"text":"true"},{"_key":"2abe1500c614","_type":"span","marks":[],"text":" for encrypting Multicast Traffic between pod to remote node pods."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_key":"6698d8c9-00bd-4614-bf3d-7d858aa2dc32","_type":"block","children":[{"_key":"ed909802-5e1b-41ea-a9b6-a8a7711a2eda","_type":"span","marks":[],"text":"How can I install/upgrade my cluster with Multicast and IPsec?"}],"markDefs":[],"style":"h3"},{"_key":"fc0d4746-e0ca-41fc-9879-0c2483c19199","_type":"block","children":[{"_key":"6e2b5fd5-adfc-4a36-95c8-96d5c863531f","_type":"span","marks":[],"text":"You can either upgrade your existing cluster running Multicast with IPsec or create a greenfield cluster with Multicast + IPsec."}],"markDefs":[],"style":"normal"},{"_key":"dbd13426-0a3b-4cbf-b49d-94b5cf866ddd","_type":"block","children":[{"_key":"4e0121ed-f5c3-4b6e-9a44-58f87ed05c0f","_type":"span","marks":[],"text":"To obtain the helm values to install IPsec with Multicast and access to Enterprise documentation, reach out to "},{"_key":"f489b6e3-165c-4035-9663-95c70527e5ee","_type":"span","marks":["86e85031-0310-4ff7-abf2-724cb2f780bd"],"text":"our sales team"},{"_key":"dde6e988-38a2-4a48-9ffd-376d876871b5","_type":"span","marks":[],"text":" and "},{"_key":"3da79403-22a4-4667-b959-22df73e5af27","_type":"span","marks":["641871a1-9408-49ce-a695-e8f2e165b9f1"],"text":"support@isovalent.com"}],"markDefs":[{"_key":"86e85031-0310-4ff7-abf2-724cb2f780bd","_type":"link","href":"/contact-sales/","openInNewTab":true},{"_key":"641871a1-9408-49ce-a695-e8f2e165b9f1","_type":"link","href":"mailto:support@isovalent.com","openInNewTab":true}],"style":"normal"},{"_key":"a9a13aa8-e078-4b0f-b6b5-56a6f2f54078","_type":"block","children":[{"_key":"b828b46d-3f0d-44f6-94c4-3c27e5fa22f9","_type":"span","marks":[],"text":"How can I validate if the cluster has been enabled for encryption?"}],"markDefs":[],"style":"h3"},{"_key":"44806d07-fefa-40b3-a9ba-471acb4c721c","_type":"block","children":[{"_key":"6341780e-8b40-4e17-ac81-222f8babd54a","_type":"span","marks":[],"text":"You can ensure that IPsec has been enabled as the encryption type by:"}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:37Z","_id":"5bac0016-aea7-5438-ccd3-88cd2ae15bb8","_key":"a370e712-d3f0-4b4c-a4c9-d2cf74c0c547","_ref":"5bac0016-aea7-5438-ccd3-88cd2ae15bb8","_rev":"P5GVFsWfT1LlxauxUA3kH5","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:49Z","code":"$20","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"17c05bdf-e7b9-4a50-81d2-4c3a47cbb9a3","_type":"block","children":[{"_key":"f26b6960-9291-4686-8316-95f5a10609cf","_type":"span","marks":[],"text":"Create sample application(s)"}],"markDefs":[],"style":"h3"},{"_key":"8ca84ba6-ebbe-4563-bc24-1ed05284b137","_type":"block","children":[{"_key":"44c5fb76-5421-4f23-acae-5d053c388823","_type":"span","marks":[],"text":"You can create a client and server application that are pinned on two distinct Kubernetes nodes to test node-to-node IPsec encryption by using the following manifests:"}],"markDefs":[],"style":"normal"},{"_key":"25578ddb-5c91-4437-8f38-b5568893fe75","_type":"block","children":[{"_key":"59a45039-8acc-46e3-a789-d205223699f1","_type":"span","marks":[],"text":"Apply the client-side manifest. The client does a “wget” towards the server every 2 seconds."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:38Z","_id":"39722ccd-4756-2c70-2faa-e46172d2ec52","_key":"c3f93d08-8651-4a38-9fa9-947018dd59ae","_ref":"39722ccd-4756-2c70-2faa-e46172d2ec52","_rev":"9px8ir0NfLa6aydsXNQ6qw","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:50Z","code":"---\napiVersion: v1\nkind: Pod\nmetadata:\n name: client\n labels:\n post: aks-ipsec-cilium\n name: client\nspec:\n containers:\n - name: client\n image: busybox\n command: [\"watch\", \"wget\", \"server\"]\n topologySpreadConstraints:\n - maxSkew: 1\n topologyKey: \"kubernetes.io/hostname\"\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels:\n post: aks-ipsec-cilium","language":"yaml","title":"yaml - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_createdAt":"2024-09-30T11:19:39Z","_id":"ef26b13d-0d94-e37b-edf9-5d281da0bc1d","_key":"389b7062-851a-47fc-840c-c63b99c3df45","_ref":"ef26b13d-0d94-e37b-edf9-5d281da0bc1d","_rev":"9px8ir0NfLa6aydsXNQ70H","_type":"codeBlock","_updatedAt":"2024-09-30T11:19:39Z","code":"kubectl apply -f client.yaml","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"03c9ee3b-6a50-4c2c-9664-3961f43ac1cb","_type":"block","children":[{"_key":"de41baa2-01de-4cda-abc5-3854df324e76","_type":"span","marks":[],"text":"Apply the server-side manifest."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:40Z","_id":"e10fa15b-b17d-3c04-d44e-600d239c15f5","_key":"f5ceb6e6-46d7-42d2-bc1b-4b3075412823","_ref":"e10fa15b-b17d-3c04-d44e-600d239c15f5","_rev":"P5GVFsWfT1LlxauxUA3kMn","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:52Z","code":"---\napiVersion: v1\nkind: Pod\nmetadata:\n name: server\n labels:\n post: aks-ipsec-cilium\n name: server\nspec:\n containers:\n - name: server\n image: nginx\n topologySpreadConstraints:\n - maxSkew: 1\n topologyKey: \"kubernetes.io/hostname\"\n whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels:\n post: aks-ipsec-cilium\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: server\nspec:\n selector:\n name: server\n ports:\n - port: 80","language":"yaml","title":"yaml - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_createdAt":"2024-09-30T11:19:41Z","_id":"4605776a-a42a-aaf7-0584-b1bceae74036","_key":"5622005d-1a1d-41ce-a1eb-09116d74e1d7","_ref":"4605776a-a42a-aaf7-0584-b1bceae74036","_rev":"be3C7ysj1QqQyrHso4aFlr","_type":"codeBlock","_updatedAt":"2024-09-30T11:19:41Z","code":"kubectl apply -f server.yaml","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"ef8ccc80-c612-410b-977b-54d865c3bed0","_type":"block","children":[{"_key":"a909761d-9d1e-412b-a881-1a62f04d0697","_type":"span","marks":[],"text":"How can I check that the traffic is encrypted and sent over the VxLAN tunnel?"}],"markDefs":[],"style":"h3"},{"_key":"a267ffd8-1549-4e07-8cd8-951d220d0cb1","_type":"block","children":[{"_key":"fd5cfc57-e76e-4287-bf0f-ef981c9bace8","_type":"span","marks":[],"text":"Log in to the node via a shell session and install tcpdump on the nodes where the server pod has been deployed."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:42Z","_id":"560e2442-7337-d6b8-f4ac-db83a5c7a1af","_key":"cf869eb5-43a1-435e-8379-d68fff1b65ca","_ref":"560e2442-7337-d6b8-f4ac-db83a5c7a1af","_rev":"be3C7ysj1QqQyrHso4aFtt","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:54Z","code":"apt-get update && apt install tcpdump -y","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"69873329-2c68-42c1-9fbb-a1c0c4ef26bd","_type":"block","children":[{"_key":"9e5af350-4434-448c-85b6-e07561a18205","_type":"span","marks":[],"text":"Check the status of the deployed pods."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:43Z","_id":"9f270946-1e7e-0826-e136-1b1ffa431cf8","_key":"42a08e08-520c-4939-82e8-fa9fd9e32030","_ref":"9f270946-1e7e-0826-e136-1b1ffa431cf8","_rev":"P5GVFsWfT1LlxauxUA3kVM","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:55Z","code":"kubectl get pods -o wide | grep server\nserver 1/1 Running 0 10m 10.1.2.235 aks-nodepool1-20058884-vmss000002 \n\n\nkubectl get pods -o wide | grep client\nclient 1/1 Running 0 26m 10.1.1.207 aks-nodepool1-20058884-vmss000001 ","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"3d35083f8e64","_type":"block","children":[{"_key":"cf46a7d6a80a","_type":"span","marks":[],"text":"With the client continuously sending traffic to the server, we can observe node-to-node and pod-to-pod traffic being encrypted and sent over distinct interfaces. "},{"_key":"ccc1f60029d4","_type":"span","marks":["code"],"text":"eth0"},{"_key":"f8307bf0810b","_type":"span","marks":[],"text":" and "},{"_key":"5a71fb6a357b","_type":"span","marks":["code"],"text":"cilium_vxlan"},{"_key":"086c8412e708","_type":"span","marks":[],"text":"."}],"level":1,"listItem":"bullet","markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:19:44Z","_id":"32dea33e-bd07-78a9-922c-9120d5c88800","_key":"89d0456f-a009-479c-90ba-262d74c14572","_ref":"32dea33e-bd07-78a9-922c-9120d5c88800","_rev":"be3C7ysj1QqQyrHso4aGM0","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:56Z","code":"$21","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_createdAt":"2024-09-30T11:19:45Z","_id":"b471356c-8c1e-324a-0107-b63c45b670e5","_key":"59dab248-c46a-4ffd-8747-cba824a875d9","_ref":"b471356c-8c1e-324a-0107-b63c45b670e5","_rev":"be3C7ysj1QqQyrHso4aGU2","_type":"codeBlock","_updatedAt":"2024-10-01T10:49:57Z","code":"$22","language":"bash","title":"bash - \"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium\" Code Block"},{"_key":"e3dbc37e-698c-4b3c-a297-93b236401a18","_type":"block","children":[{"_key":"c49d7216-1490-4d14-954d-bc83575337bf","_type":"span","marks":[],"text":"Conclusion"}],"markDefs":[],"style":"h2"},{"_key":"7aa6d93e-ac8b-423e-ba6e-096e4dc1159b","_type":"block","children":[{"_key":"91450c0c-9939-4c82-891b-1a36a032d19d","_type":"span","marks":[],"text":"Hopefully, this post gave you a good overview of enabling Multicast in the cloud with Isovlaent Enterprise for Cilium and using IPsec transparent encryption to enable traffic encryption between pods across nodes. If you'd like to learn more, you can schedule a demo with our experts."}],"markDefs":[],"style":"normal"},{"_createdAt":"2025-05-22T20:06:22Z","_id":"e89f368a-76ae-4a96-9c5d-fb566eaf19ee","_key":"ec22f7a8d3f9","_ref":"e89f368a-76ae-4a96-9c5d-fb566eaf19ee","_rev":"b0RJHRIC6NUGWwdjsdcGkK","_type":"cta","_updatedAt":"2025-06-05T14:09:21Z","isLink":false,"label":{"en":"Schedule a demo with our experts"},"languages":["en"],"openInNewTab":false,"title":"Blog - button - Schedule a demo with our experts","url":"/request-demo/","variant":"primary"},{"_key":"ea3e5fdc-4330-4ffc-9500-e94b02983821","_type":"block","children":[{"_key":"b84687d4-db61-49d8-b752-a9879d3ddc79","_type":"span","marks":[],"text":"Try it out"}],"markDefs":[],"style":"h2"},{"_key":"6e40b7f5-1f0e-4780-8ce9-f2bdfab2acaf","_type":"block","children":[{"_key":"35218f64-8b26-497c-ac87-2441b49df9b9","_type":"span","marks":[],"text":"Start with the Multicast lab and see how to enable multicast in your enterprise environment."}],"markDefs":[],"style":"normal"},{"_createdAt":"2024-09-30T11:21:02Z","_id":"d502789a-373c-e209-2cfc-bceeaf78f091","_key":"c33a8a04cf78","_ref":"d502789a-373c-e209-2cfc-bceeaf78f091","_rev":"M90ZQ1qKKr5D33uqfzSQCk","_type":"bodyCta","_updatedAt":"2025-06-04T20:54:07Z","backgroundImage":{"_createdAt":"2025-03-21T16:32:00Z","_id":"407c0eb0-2c56-4f47-a80f-c16575dc4009","_rev":"RvKg2H7lodOtU53j0x4e1l","_type":"mediaImage","_updatedAt":"2025-04-04T21:50:43Z","alignment":"center","alt":"body-cta-bg.svg","altText":{"en":"Body CTA BG"},"clickToEnlarge":false,"image":"https://cdn.sanity.io/images/xinsvxfu/production/490d28b2f74ed0292938bd46ac19a151b6fd3b9c-910x239.svg","languages":["en"],"originalFilename":"body-cta-bg.svg","rounded":false,"size":"large","title":"decoration-body-cta-ice"},"ctas":[{"_createdAt":"2024-09-30T11:20:45Z","_id":"e12d1007-759e-7dfd-a837-be7fd17dda1c","_rev":"oED7P7kvjneCjUMsj6GiFZ","_type":"cta","_updatedAt":"2024-09-30T12:33:34Z","label":{"en":"Start Lab"},"languages":["en"],"title":"\"Start Lab\" - Primary (Multicast Lab)","url":"/labs/cilium-multicast/","variant":"primary"}],"decorated":false,"headline":{"en":"Multicast Lab"},"languages":["en"],"logo":null,"logoReference":null,"logoWhite":null,"shaded":true,"text":{"en":[{"_key":"5580b16e-d4da-4554-8877-6f9ad7787a0a","_type":"block","children":[{"_key":"e36e1f89-c27f-4b3c-8363-6413d417b4b0","_type":"span","marks":[],"text":"In this lab, learn about the new Isovalent Enterprise for Cilium 1.15 feature - Multicast!"}],"markDefs":[],"style":"normal"}]},"theme":"primary","title":"Multicast Lab - \"In this lab, learn about the new Isovalent Enterprise for Cilium 1.15 feature - Multicast!\" Body CTA"}],"featuredImage":["$","$L19",null,{"src":"https://cdn.sanity.io/images/xinsvxfu/production/31c7da2908b13a41939785a1b2dd04fc4204ca62-1600x900.png?auto=format&q=80&fit=clip&w=1080","alt":"1600x900.png","className":"mx-auto mb-10 w-full max-w-[72.75]","placeholder":"blur","blurDataURL":"data:image/svg+xml;base64,CiAgICA8c3ZnIHdpZHRoPSIxMDgwIiBoZWlnaHQ9IjEwODAiIHZlcnNpb249IjEuMSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KICAgICAgICA8ZGVmcz4KICAgICAgICAgICAgPGxpbmVhckdyYWRpZW50IGlkPSJnIj4KICAgICAgICAgICAgPHN0b3Agc3RvcC1jb2xvcj0iI0Y2RjhGRSIgb2Zmc2V0PSIyMCUiIC8+CiAgICAgICAgICAgIDxzdG9wIHN0b3AtY29sb3I9IiNFRkY1RkYiIG9mZnNldD0iNTAlIiAvPgogICAgICAgICAgICA8c3RvcCBzdG9wLWNvbG9yPSIjRjZGOEZFIiBvZmZzZXQ9IjcwJSIgLz4KICAgICAgICAgICAgPC9saW5lYXJHcmFkaWVudD4KICAgICAgICA8L2RlZnM+CiAgICAgICAgPHJlY3Qgd2lkdGg9IjEwODAiIGhlaWdodD0iMTA4MCIgZmlsbD0iI0Y2RjhGRSIgLz4KICAgICAgICA8cmVjdCBpZD0iciIgd2lkdGg9IjEwODAiIGhlaWdodD0iMTA4MCIgZmlsbD0idXJsKCNnKSIgLz4KICAgICAgICA8YW5pbWF0ZSBocmVmPSIjciIgYXR0cmlidXRlTmFtZT0ieCIgZnJvbT0iLTEwODAiIHRvPSIxMDgwIiBkdXI9IjFzIiByZXBlYXRDb3VudD0iaW5kZWZpbml0ZSIgIC8+CiAgICA8L3N2Zz4=","width":1080,"height":1080,"priority":true}],"articleData":{"title":"Enabling Multicast Securely With Ipsec in the Cloud Native Landscape With Cilium","description":"This blog post will walk you through enabling Multicast in the cloud with Isovalent Enterprise for Cilium and enabling traffic encryption between pods across nodes with IPsec.","url":"https://isovalent.com/blog/post/cilium-multicast-cloud","download":"$undefined","authors":[{"_createdAt":"2024-09-27T10:02:48Z","_id":"ff5e2eda-05bb-ade9-8831-4dddc66e927d","_rev":"VO3Rz3CKgO8VZQnLmkJbUp","_type":"person","_updatedAt":"2024-09-27T12:06:31Z","bio":{"en":[{"_key":"1995ca31-02b1-49c0-a862-dfc8df0297ff","_type":"block","children":[{"_key":"c78e0e11-f4b0-4342-a5fc-a02e085947fa","_type":"span","marks":[],"text":"Amit Gupta is a senior technical marketing engineer at Isovalent, powering eBPF cloud-native networking and security. Amit has 21+ years of experience in Networking, Telecommunications, Cloud, Security, and Open-Source. He has previously worked with Motorola, Juniper, Avi Networks (acquired by VMware), and Prosimo. He is keen to learn and try out new technologies that aid in solving day-to-day problems for operators and customers.\n\nHe has worked in the Indian start-up ecosystem for a long time and helps new folks in that area outside of work. Amit is an avid runner and cyclist and also spends considerable time helping kids in orphanages."}],"markDefs":[],"style":"normal"}]},"company":{"_ref":"35073912-4894-4a13-89f6-caa5d58ff52d","_type":"reference"},"firstName":{"en":"Amit"},"fullName":{"en":"Amit Gupta"},"headshot":{"_type":"image","asset":{"_ref":"image-19b2e7212433d6c85f9a7cbb62beb590d8044fa0-528x1009-jpg","_type":"reference"},"crop":{"_type":"sanity.imageCrop","bottom":0,"left":0,"right":0,"top":0},"hotspot":{"_type":"sanity.imageHotspot","height":1,"width":1,"x":0.5,"y":0.5}},"image":"https://cdn.sanity.io/images/xinsvxfu/production/19b2e7212433d6c85f9a7cbb62beb590d8044fa0-528x1009.jpg","languages":["en"],"lastName":{"en":"Gupta"},"title":{"en":"Senior Technical Marketing Engineer"}}]}}]}]}]}],"$undefined"]}]]