Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Networks with eBPF Magic

Donia Chaiehloudj
April 16, 2024
Programming
0
10

Securing Networks with eBPF Magic

Au fur et à mesure que la complexité des architectures cloud natives augmente, de nouvelles approches en matière de sécurité sont nécessaires. eBPF et Cilium offrent un moyen révolutionnaire d'intégrer la sécurité dans l'infrastructure. Cette présentation explique comment eBPF permet au noyau Linux lui-même d'appliquer des politiques de sécurité. Donia donnera des démonstrations tout au long de la présentation pour comprendre l'utilisation par Cilium de l'eBPF en mantière de sécurité d’applications. Vous repartirez en comprenant comment eBPF et Cilium révolutionnent la sécurité dans le cloud-native.

Donia Chaiehloudj

April 16, 2024
Tweet

More Decks by Donia Chaiehloudj

See All by Donia Chaiehloudj
À la découverte de Go
doniacld
0
92
TinyGo: Getting the upper hen (GoWest Conf 2022)
doniacld
0
110
TinyGo: Getting the upper hen (GopherCon 2022)
doniacld
0
250
Public identity & Job research
doniacld
0
130
Do's and Don'ts moving to Go microservices architecture
doniacld
0
180
Do's and Don'ts moving to Go microservices architecture
doniacld
0
60
TinyGo: Getting the upper hen (GopherConUK 2022)
doniacld
0
610

Other Decks in Programming

See All in Programming
効率化に挑戦してみたらモバイル開発が少し快適になった話
ryunakayama
0
130
try! Swift Tokyo 2024 参加報告 / try! Swift Tokyo 2024 Report
hironytic
0
210
Scalable Customer Journey Orchestration (CJO)
lewuathe
0
390
はてなにおける CSS Modules、及び CSS Modules に足りないもの / CSS Modules in Hatena, and CSS Modules missing parts
mizdra
7
960
Java 22 Overview
kishida
1
190
GraphQLサーバの構成要素を整理する #ハッカー鮨 #tsukijigraphql / graphql server technology selection
izumin5210
4
890
ADRを一年運用してみた/adr_after_a_year
hanhan1978
7
2.4k
大規模UIKitベースアプリへのTCAの段階的導入/gradual-adoption-of-tca-in-a-large-scale-uikit-based-app
takehilo
2
200
スクラムガイドのスプリントレトロスペクティブを改めて読みかえしてみた / Re-reading the Sprint Retrospective Section in the Scrum Guide
mackey0225
3
470
Elm Form Validation
bkuhlmann
0
510
Git Rebase
bkuhlmann
11
1.6k
MicrosoftのPlatform Engineeringガイドを読んで実際になにかやってみた
ymd65536
1
480

Featured

See All Featured
How GitHub (no longer) Works
holman
305
140k
The Invisible Customer
myddelton
114
12k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
188
16k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
358
22k
Statistics for Hackers
jakevdp
790
220k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
104
6.6k
For a Future-Friendly Web
brad_frost
172
9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
649
58k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
323
20k
jQuery: Nuts, Bolts and Bling
dougneiner
59
7.1k
Fireside Chat
paigeccino
22
2.6k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
222
21k

Transcript

  1. Securing Networks with eBPF Magic Donia Chaiehloudj | @doniacld Senior

    Software Engineer, Isovalent GDG Sophia-Antipolis organiser | Women Techmaker Ambassador | Co-author of the book “Learn Go with Pocket-Sized Projects”

  2. • What is eBPF? • How eBPF works • Use

    cases for eBPF • Introducing Cilium • Securing networks with Cilium and eBPF • Cilium demo • Additional Cilium capabilities • Summary Agenda

  3. What is ? @doniacld

  4. What is ? extended Berkley Packet Filter @doniacld

  5. What is ? extended Berkley Packet Filter @doniacld https://www.youtube.com/watch?v=Wb_vD3XZYOA

  6. What is ? Makes the Linux kernel programmable @doniacld

  7. Without @doniacld

  8. With @doniacld

  9. Run custom code in the kernel @doniacld https://ebpf.io/books/buzzing-across-space-illustrated-childrens-guide-to-ebpf.pdf

  10. How works? @doniacld

  11. How works? @doniacld

  12. eBPF Demo @doniacld

  13. github.com/cilium/ebpf @doniacld

  14. Uses Cases for @doniacld

  15. Uses Cases for @doniacld

  16. in Kubernetes @doniacld

  17. Introducing Cilium @doniacld

  18. Introducing Cilium @doniacld

  19. • Open source networking for Kubernetes • Leverages eBPF for

    security policies • Identity-based security model Introducing Cilium @doniacld

  20. Securing networks with Cilium & eBPF • eBPF enables identity-aware

    policies • Apply security rules based on labels • Restrict access between entities @doniacld

  21. Cilium Demo @doniacld

  22. Gophers around the world @doniacld

  23. Cilium Network Policy @doniacld apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: name:

    gopher-travel-policy-allow-only-eu-to-us spec: description: "Allow gophers to travel from EU to US" endpointSelector: matchLabels: app: gopher continent: eu egressDeny: - toEndpoints: - matchLabels: continent: au egress: - toEndpoints: - matchLabels: continent: us

  24. github.com/doniacld/cilium-gophers-demo @doniacld

  25. Kubernetes Network Policy vs Cilium Network Policy @doniacld

  26. Thank you! ebpf.io @ciliumproject @isovalent Let’s connect @doniacld

  27. Learn more! Hardened, enterprise-grade eBPF-powered networking, observability, and security. For

    the Enterprise isovalent.com/product isovalent.com/labs eBPF-based Networking, Observability, Security OSS Community cilium.io cilium.slack.com The revolution in the Linux kernel, safely and efficiently extending the capabilities of the kernel. Base technology ebpf.io What is eBPF? - ebook Regular news