Isovalent library

Labs

SCTP on Cilium

SCTP (Stream Control Transmission Protocol) is a transport-layer protocol used for communication between applications. It is similar to TCP, but it provides additional features such as multi-homing and message fragmentation. Applications that require reliable, ordered delivery of data, but also need the ability to handle multiple streams of data simultaneously can use SCTP. SCTP is primarily used by service providers and mobile operators. While SCTP support for Kubernetes Services, Endpoint and NetworkPolicy was introduced in Kubernetes 1.12, you still need a CNI to support it. Good news: basic support for SCTP was introduced in Cilium 1.13!

Earn a badge
Lab
Labs

Cilium LoadBalancer IPAM and BGP Service Advertisement

BGP support was initially introduced in Cilium 1.10 and subsequent improvements have been made since, such as the recent introduction of IPv6 support in Cilium 1.12. In Cilium 1.13, that support was enhanced with the introduction of Load Balancer IPAM and BGP Service address advertisements. In this lab, you will learn about both these new features and how they can simplify your network connectivity operations.

Videos

Video: Cluster Mesh Service Affinity

In this video, Senior Technical Marketing Engineer Nico Vibert walks through a new feature with Cilium 1.12 - the ability to specify service affinity for meshed cluster load balancing.

Nico Vibert
Nico Vibert
Videos

Video: SRv6 on Cilium – An Introductory Demo

In this demo, Isovalent Staff Software Engineer Louis DeLosSantos walks through an introductory demo of SRv6 on Cilium, for a L3VPN use case. The demo was first shown live during eBPF Day North America 2022.

Louis DeLosSantos
Louis DeLosSantos
Videos

Video: Cluster Mesh

Workloads usually across multiple Kubernetes clusters - on premises and clouds. How do you bring them together? With Cluster Mesh! This video by our Raymond de Jong briefly explains the concept, the requirements, and walks through a demo of the capabilities.

Raymond de Jong
Raymond de Jong
Videos

Video: Isovalent Cilium Enterprise – Network Policies

Network Policies - the basics, the gotchas, how to create, how to apply them, and everything else that is to know about them! Duffie Cooley will guide you through eBPF powered Cilium network policies, how Hubble can help you with them, and why DNS and L7 transparency so incredible important.

Duffie Cooley
Videos

Video: BBR Support for Pods

Tune in to our experts Nikolay Aleksandrov (speaker) and Daniel Borkmann comparing BBR-based congestion control to Linux' default CUBIC for Pods. The BBR-based congestion control for Pods has been added in Cilium 1.12 as a new feature for Cilium's Bandwidth Manager and for the first time enables Pods to use BBR in practice. Using a real-world adaptive video streaming use case they will compare two different network conditions - high-speed long-haul links with large BDP and last mile networks at the edge of Internet - and discuss the results.

Nikolay Aleksandrov
Videos

Video: Cilium Tech Talks – HA FQDN

Of course we cannot talk about networks without DNS. In the end it is always DNS what causes trouble. This is especially true when the CNI is down, or being upgraded: customers will lose DNS resolution! But that means the apps can’t resolve URLs to send the traffic to the correct destination. Isovalent provides full high availability of the DNS resolution. This includes “traffic” being available all the time, even when the CNI is down. Ops teams don’t have to worry about downtimes anymore, because their DNS based security model still follows the deny-all security models and denies all traffic that is not explicitly allowed. In this demo you will see how HA DNS proxy takes care of that.

Youssef Azrak
Youssef Azrak
Videos

Video: Cilium Tech Talks – Egress Gateway

Integrating Kubernetes clusters in a legacy networking environment can be a challenge, especially when legacy firewalls are involved. Join us to learn how Cilium Enterprise allows you to define highly-available groups of egress nodes and IP addresses, making it possible to fit Kubernetes egress traffic pretty much to any security policy that may be in place in your infrastructure.

Raphael Pinson
Raphael Pinson
Videos

Video: Getting Started with Cilium Monitoring with Grafana

In this video, Nico Vibert introduces monitoring key metrics of Cilium and Hubble, by leveraging Prometheus and Grafana.

Nico Vibert
Nico Vibert
Videos

Video: IPv6 Networking and Observability with Cilium and Hubble

In this video, Senior Technical Marketing Engineer Nico Vibert will walk you through how to deploy a IPv4/IPv6 Dual Stack Kubernetes cluster and install Cilium and Hubble to benefit from their networking and observability capabilities.

Nico Vibert
Nico Vibert
Videos

Video: AKS Bring Your Own CNI (BYOCNI) and Cilium

In this short video, Senior Technical Marketing Engineer Nico Vibert deploys a AKS cluster without a CNI to ease the installation of Cilium.

Nico Vibert
Nico Vibert
Videos

Video: Cilium Transparent Encryption with IPsec and WireGuard

In this video, Senior Technical Marketing Engineer Nico Vibert walks through two methods to encrypt data in transit between Kubernetes Pods: Cilium Transparent Encryption with IPsec or WireGuard.

Nico Vibert
Nico Vibert
Videos

Video: BGP on Cilium

In this video, Senior Technical Marketing Engineer Nico Vibert walks through BGP enhancements in Cilium 1.12, with the integration with GoBGP. This new version also introduces support for BGP over IPv6.

Nico Vibert
Nico Vibert
Videos

Video: Pod Traffic Rate Limiting with Cilium Bandwidth Manager

In this short video, Senior Technical Marketing Engineer Nico Vibert walks you through how to use Cilium Bandwidth Manager to rate-limit the traffic sent by your Kubernetes Pods. Great to address potential contention issues !

Nico Vibert
Nico Vibert
How eBPF will solve Service Mesh
White papers

How eBPF will solve Service Mesh

Service mesh is a concept describing the requirements of modern cloud native applications with regards to communication, visibility, and security. Current implementations of this concept involve running sidecar proxies in each workload or pod. This is a pretty inefficient way of solving these requirements. In this white paper we will look at an alternative to the sidecar model that provides a transparent service mesh with high efficiency at low complexity, with the help of eBPF.

Building a secure and maintainable PaaS
Case studies

Building a secure and maintainable PaaS

Capital One needed to scale their PaaS to multiple teams - but required secure network isolation, visibility and minimal performance overhead. Isovalent Cilium Enterprise met all requirements and scaled past the iptables limits. Hubble’s additional observability capabilities helped their teams to do more from the start.

Building a scalable Kubernetes platform
Case studies

Building a scalable Kubernetes platform

Isovalent helped PostFinance to build a scalable Kubernetes platform to run mission-critical banking software in production. By migrating to Cilium as the default CNI for kubernetes, they were able to solve their challenges regarding scale, observability and latency. The network was made visible, improving troubleshooting, enabling forensic analysis and transparently encrypt network traffic.

Accelerating the Journey to Cloud Native Microservices
White papers

Accelerating the Journey to Cloud Native Microservices

Enterprises adopting cloud native technologies quickly realize that legacy approaches are useless in efficiently rolling our business applications. Cilium enables Kubernetes architects to solve challenges as addressing security & compliance requirements, providing advanced connectivity and ensuring identity-aware observability for platform and application teams.

Labs

Cilium Host Firewall

Ever since its inception, Cilium has supported Kubernetes Network Policies to enforce traffic control to and from pods at L3/L4. But Cilium Network Policies even go even further: by leveraging eBPF, it can provide greater visibility into packets and enforce traffic policies at L7 and can filter traffic based on criteria such as FQDN, protocol (such as kafka, grpc), etc… Creating and manipulating these Network Policies is done declaratively using YAML manifests. What if we could apply the Kubernetes Network Policy operating model to our hosts? Wouldn’t it be nice to have a consistent security model across not just our pods, but also the hosts running the pods? Let’s look at how the Cilium Host Firewall can achieve this. In this lab, we will install SSH on the nodes of a Kind cluster, then create Cluster-wide Network Policies to regulate how the nodes can be accessed using SSH. The Control Plane node will be used as a bastion to access the other nodes in the cluster.

Labs

Cilium Gateway API

In this short lab, you will learn about Gateway API, a new Kubernetes standard on how to route traffic into a Kubernetes cluster. The Gateway API is the next generation of the Ingress API. Gateway API addresses some the Ingress limitations by providing an extensible, role-based and generic model to configure advanced L7 traffic routing capabilities into a Kubernetes cluster. In this lab, you will learn how you can use the Cilium Gateway API functionality to route HTTP and HTTPS traffic into your Kubernetes-hosted application.