For decades, IPtables has been the cornerstone of Linux networking, but that's no longer the case. Over the last few years, extended Berkeley Packet Filter (eBPF) has emerged as a better option for Linux whether it's running on-premises, or more likely than not, in the cloud.
What eBPF provides is a low-level interface to enable data packet transmission and control. On its own it has tremendous potential for networking. While there is lots of open source eBPF code now in the Linux kernel, on its own, it can be quite complex, which is where the open source Cilium project has been making inroads in the last few years.
I first wrote on Cilium in 2017, when the project first got started and the company behind it - Isovlanet - was still shrouded in stealth. Cilium and Isovalent are led by CEO and co-founder Dan Wendlandt, who helped to create the OpenStack Quantum networking project and was a pioneer in the Software Defined Networking (SDN) industry at VMware.
Last week, Isovalent emerged from stealth, along with $29 million in funding led by Andreessen Horowitz. Wendlandt and Andreessen Horowitz are hardly strangers; after he left VMware in 2016 he went to work as a partner at the venture capital firm, alongside fellow SDN pioneer and VMware alum Martin Casado.
Why an SDN Pioneer is Investing in eBPF
"With eBPF, you can see and control what is happening at the API level, showing the remote API calls being invoked and the data that they are being passed," Casado wrote. "Cilium + eBPF is far more than API-aware visibility, it’s a fundamentally more powerful way to do networking in cloud environments, from traditional configurations on up, that allows for more robust program tracing, observability, and monitoring."
That's a fundamental shift from the legacy world of simply tracking data packets. The promise of eBPF is that networking isn't just about moving packets, it's about understanding what data is moving, how it can be controlled and how it can be secured.
In a cloud-native Kubernetes setting, eBPF and Cilium are already making significant inroads, and that's why the company is raising money, so it can grow further with a commercially supported service. There are a lot of options for cloud networking and monitoring, but having kernel-level control is quite literally a new level of insight.