20-24 September 2021
US/Pacific timezone

BPF-datapath extensions for Kubernetes workloads

22 Sep 2021, 09:30
Networking and BPF Summit/Virtual-Room (LPC Virtual)

Networking and BPF Summit/Virtual-Room

LPC Virtual

Networking & BPF Summit (Closed) BPF & Networking Summit


Daniel Borkmann (Isovalent) Martynas Pumputis (Isovalent)


With the rapid adoption of Cilium as the BPF-based datapath for Kubernetes as
well as integration into popular devops tooling such as kind [0] which allows
for running local Kubernetes clusters using Docker container 'nodes', we see
more advanced use (and corner) cases which have not yet been tackled from an
BPF and networking angle. Therefore, in this slot, we discuss on various loosely
coupled issues in the networking stack which we are working on in the context
of Cilium's BPF datapath:

  • Mixed cgroup v1/v2 interference related to BPF cgroup programs
  • TCP socket pacing for Pods out of the init network namespace
  • Managed neighbor entries for load-balancer backends
  • Wildcarded map lookups for Cilium's n-Tuple PCAP Recorder [1]

We will provide a brief overview of the use cases related to the above, and give
an outline for kernel extensions we are looking into.

[0] https://kind.sigs.k8s.io/
[1] https://cilium.io/blog/2021/05/20/cilium-110#standalonelb

I agree to abide by the anti-harassment policy I agree

Primary authors

Daniel Borkmann (Isovalent) Martynas Pumputis (Isovalent)

Presentation Materials