Networking#
Networking is the foundation of Kubernetes, enabling communication between workloads and services within and outside of the cluster. Cilium elevates Kubernetes networking by leveraging eBPF, delivering high-performance network management, security, and observability across L3, L4, and L7. This guide explores Cilium's networking capabilities, focusing on Load Balancing, Multi-Cluster Networking, and Network Policies.
Explore the Networking journey on the map!#
eBPF-powered Networking#
Cloud-Native Standard in Networking#
Enterprise-grade Performance
Built by SDN & Enterprise Linux pioneers, Cilium enhances Kubernetes networking by enabling efficient and secure pod-to-pod communication. Facilitate direct network connections without the need for traditional bridging or routing overlays. This direct approach reduces latency and increases network performance by minimizing packet processing overhead.
Load Balancing
Cilium's load balancer utilizes eBPF to intercept network traffic at the kernel level, dynamically distributing connections across available backend pods based on load and health status. This approach enables real-time scaling and failover without the need for user-space intervention, enhancing both reliability and performance.
Cluster Mesh
Enabling seamless inter-cluster connectivity, Cilium's Cluster Mesh links multiple Kubernetes clusters into a single coherent network. This feature supports cross-cluster service discovery and global load balancing, allowing services in one cluster to transparently communicate with services in another, with policy and security settings preserved across clusters.
Infrastructure for the Future#
Kube-proxy Replacement
By replacing kube-proxy with eBPF-based data plane programming, Cilium enhances Kubernetes service handling, offering more efficient load balancing, reduced service latency, and increased scalability. This replacement eliminates the need for iptables rule processing, streamlining network flows and reducing kernel resource consumption.
BGP on Cilium
Cilium integrates BGP (Border Gateway Protocol) support, allowing for dynamic routing of egress traffic through specified gateways based on policies. This feature is particularly useful for multi-homed environments or when precise control over egress routing is required for compliance or performance reasons.
Gateway API
Leveraging its eBPF foundation, Cilium offers a Gateway API, facilitating secure and controlled communication between microservices and legacy routing. This API provides advanced routing, load balancing, and policy enforcement capabilities, simplifying the deployment and management of service mesh architectures within Kubernetes clusters.
Networking Resources#
Cilium User Story: Zero Trust Networking at Scale (20k+ VCPUs, 100+ Dev Teams)
Hands-on Labs