Cisco has raised the profile of the popular container connectivity technology eBPF (extended Berkeley packet filter) with its recent purchase of open-source, cloud-native networking and security firm Isovalent. Cisco announced the deal in late December and expects to close the acquisition in the third quarter of its fiscal year 2024.
eBPF is an open-source Linux operating-system kernel technology that lets programs run securely in a sandbox within the kernel of the OS. This allows customers to incorporate security, observability and networking features quickly and easily without requiring them to modify kernel source code or deal with network overlays or other tedious programming tasks. The technology’s open-source development occurs under the auspices of the Cloud Native Computing Foundation (CNCF) and includes industry input and support from Google, Microsoft, Red Hat, Intel and others.
According to the CNCF, many kernel developers have contributed to eBPF’s integration into the Linux kernel, making it a stable and reliable, and various other projects have created tools and libraries that make eBPF easier to use and manage. In addition, eBPF is the underpinning for Isovalent’s widely used open-source, cloud-based Cilium and Tetragon software packages. Cilium uses eBPF to support networking, security, and observability for containerized Kubernetes workloads, while Tetragon lets users set security policies using eBPF.
eBPF is important in today’s environment of distributed applications, virtual machines, containers, and cloud assets, where application administrators may have little to no insight into the underlying infrastructure, leaving a gap in visibility and security, said Tom Gillis, senior vice president and general manager of the Cisco Security Business Group.
“eBPF and Cilium will let set all sorts of features such as firewall, load balancing, DNS – all kinds of application service level features, all from software in a single location,” Gillis said. “Without eBPF, all of that functionality would have to be enabled individually, which is time consuming and potentially leaves lots of places open to security and networking problems.”
The combination also provides analysis of network traffic and container behavior, enabling network experts to troubleshoot issues and optimize performance, Gillis said.