What is Cilium?
Cilium is open source software for transparently securing the network connectivity between application services deployed using Linux container management platforms like Docker and Kubernetes.
At the foundation of Cilium is a new Linux kernel technology called BPF, which enables the dynamic insertion of powerful security visibility and control logic within Linux itself, meaning that security can be applied and updated automatically without any changes to the application code or container configuration.
The development of modern datacenter applications has shifted to a service-oriented architecture often referred to as “microservices”, wherein a large application is broken down into small independent units that communicate with each other via APIs using lightweight protocols like HTTP. Microservices applications also tend to be highly dynamic, with individual containers coming and going as the application scales out/in based on load and rolling updates are deployed as part of continuous delivery.
This shift toward highly dynamic microservices presents both a challenge and an opportunity in terms of securing connectivity between microservices. Traditional Linux network security approaches (e.g., iptables) filter on IP address and TCP/UDP port, and as a result struggle to properly lock-down connectivity between microservices and stay up to date with the frequent churn of container instances.
By leveraging Linux BPF, Cilium retains the ability to transparently insert security visibility + enforcement, but does so in a way that is based on service-identity (not address) and can filter on application-layer API messages (e.g., HTTP). As a result, Cilium not only makes it simple to apply security policies in a highly dynamic environment, but can also provide stronger security isolation by operating at the HTTP-layer, rather than just IP/port. And the power of Linux BPF means that Cilium achieves all of this in a way that is highly scalable even for large environments.