I’m excited to share news that is a great milestone for the both the eBPF + Cilium open source community and Isovalent as a company: Gartner has named Isovalent a 2021 Cool Vendor in the Cloud Native networking category, commenting “Isovalent is cool because it enables platform teams to dramatically improve the performance, visibility, security and scale of Kubernetes networking by injecting security and logging capabilities directly into very low levels of the Kubernetes stack.”
Why is this interesting?
That was Then…
Back in 2017, we founded Isovalent on the basic premise that eBPF would change everything about how we connect, observe, and secure modern cloud native applications.
We arrived at KubeCon EU in Berlin a few months later, ready to tell the world about eBPF and our open source project Cilium, which brings the benefits of eBPF to Kubernetes users. Visitors to our booth nodded politely as we talked a mile-a-minute about how the arrival of eBPF in recent versions of Linux would unleash a flood of innovation within the Linux kernel, and how Cilium’s deep use of eBPF allows us to go well beyond the static and general purpose networking, observability and security capabilities built into the kernel. eBPF + Cilium would make Linux truly “micro-services aware”.
Only a handful of people we spoke with had heard of eBPF (it’s related to “tcpdump”, right?). And while a fair number more hopefully left with a mental note to try and read more about E-B-something-something and Silly-um (spelling?), at the time, most enterprise users there were primarily focused on learning the fundamentals of how to run a Kubernetes cluster. eBPF + Cilium sounded interesting, but at that point, just getting Kubernetes up and running with pods talking on the network was a win! And while it was great to hear that eBPF was already in serious production use at web scale companies like Facebook and Netflix, these examples hardly seemed like proof that this technology was ready for enterprise adoption.
This is Now…
Fast forward a few years, and enterprise adoption of Kubernetes has exploded. With this growth, a quickly growing number of enterprises have moved past the initial stage of Kubernetes adoption (Which distro do I run? How do I onboard initial app teams?) to later stages where they are running Kubernetes across fleets of 100s (and increasingly 1000s) of nodes as a dynamic and multi-tenant cloud native infrastructure platform for their company’s business critical applications.
Only once these critical apps land in Kubernetes do enterprise customers encounter a set of key connectivity, observability, and security challenges that were “hidden” in the earlier phase of Kubernetes adoption. For example:
- How to isolate tenant workloads for compliance reasons when traditional firewalls only understand IPs but not workload identity (zero trust).
- How to monitor and troubleshoot the health of communication between application services when tenant workloads have limited or no ability to gather network insights using traditional tools.
- How to perform security incident investigations and threat detection when traditional flow logs are largely meaningless and often only gathered at centralized network chokepoints.
- How to efficiently and securely connect services running across different Kubernetes clusters when the default Kubernetes networking model treats each cluster as a “networking island”.
- How to efficiently load-balance intra-service connectivity without negatively impacting application performance as the number of services in the environment continues to scale.
With Cilium helping more and more enterprises succeed with running their critical apps on Kubernetes, eBPF has now grown beyond the realm of “cool future technology” applicable only to web giants, and is now something being adopted by many enterprises as they tackle the thorny issues that arise while building out their modern application platform with Kubernetes.
Just this week, Microsoft announced “a new Microsoft open source project to make eBPF work on Windows 10 and Windows Server 2016 and later,” calling eBPF “a well known but revolutionary technology,” and sharing their enthusiasm for working with the eBPF community to “bring the power of eBPF to Windows.”
Join Us on the Journey!
So while this is a great milestone for us to celebrate as an open source community and as a company, we strongly believe that the journey of eBPF and its impact on the enterprise is only beginning. We’re grateful to be partnering with many of the most advanced enterprises Kubernetes users to leverage eBPF + Cilium to solve key challenges to how they connect, observe, and secure cloud native workloads.
Wherever you are in your Kubernetes journey, we love talking with users about these challenges, so when the time is right, we hope you’ll reach out to learn more. Let’s chat!
- Join the community (Slack, Twitter, Github, eCHO Livestream).
- Learn more about Cilium Enterprise.
- We’re hiring…
- Contact us for a demo.
Dan co-founded Isovalent with Thomas Graf to bring the power of eBPF to the world of Cloud Native Networking, Observability and Security. Dan is a long time contributor to and leader of open source communities, creating and serving as the Project Tech Lead for OpenStack’s Networking Project. Prior to Isovalent Dan was a founding employee driving product strategy at Nicira – after its acquisition by VMware, he helped adapt Nicira’s technology into the successful NSX product line.