eBPF-based Networking, Security, and Observability

Cilium is open source software for transparently providing and securing the network and API connectivity between application services deployed using Linux container management platforms such as Kubernetes.

At the foundation of Cilium is a new Linux kernel technology called eBPF, which enables the dynamic insertion of powerful security, visibility, and networking control logic within Linux itself. eBPF is utilized to provide functionality such as multi-cluster routing, load balancing to replace kube-proxy, transparent encryption as well as network and service security. Besides providing traditional network-level security, the flexibility of eBPF enables security with the context of application protocols and DNS requests/responses. Cilium is tightly integrated with Envoy and provides an extension framework based on Go. Because eBPF runs inside the Linux kernel, all Cilium functionality can be applied without any changes to the application code or container configuration.

Cilium receives contributions from a community of more than 200 developers.

lightbulb_outline View ideas list


  • ebpf
  • kubernetes
  • c
  • go
  • linux


  • Cloud
  • cloud-native
  • networking
  • kernel
comment IRC Channel

Cilium 2021 Projects

  • rgo3
    A Feature Probe API for cilium/ebpf
    Currently bpftool as a userspace utility tool living in the linux kernel can do ebpf feature probing: bpftool feature probe. As the Go+ebpf user-base...
  • Tomoki Sugiura
    Explicit Allow-Listing for ICMP
    Cilium is a networking software which provides secure network connectivity and load-balancing between applications using eBPF. In addition, Cilium is...
  • Gaurav Genani
    Expose all active configurations and CLI improvements.
    Currently, cilium-agent CLI exposes only a subset of daemon configurations. However, most of the applied configurations can be seen by viewing the...