Cilium (computing)

Evolution from Networking CNI (Container Network Interface)

Cilium began as a networking CNI{{cite web |title=CNI |url=https://www.cni.dev/ |access-date=10 July 2023 |website=cni.dev}} for container workloads. It was originally IPv6 only and supported multiple container orchestrators, like Kubernetes. The original vision for Cilium was to build an intent and identity-based high-performance container networking platform. As the cloud native ecosystem expanded, Cilium added new projects and features to address new problems in the space.

The table below summarises some of the most significant milestones of this evolution:

• December 2015 - Initial commit to the Cilium project{{cite web |date=16 December 2015 |title=Cilium Initial Commit |url=https://github.com/cilium/cilium/commit/7fa3c60eb7dbe7a5a4caea3aab0396f75a8b10c7 |access-date=10 July 2023 |website=GitHub}}
• May 2016 - Network policy was added, expanding the scope beyond just networking{{cite web |date=28 May 2016 |title=Network Policy added to Cilium |url=https://github.com/cilium/cilium/commit/dfa037c8f1b159de6b28a6cc55f77eae67515110 |access-date=10 July 2023 |website=GitHub}}
• August 2016 - Cilium was initially announced during LinuxCon as a project providing fast IPv6 container networking with eBPF and XDP.{{cite web |date=28 May 2016 |title=Cilium Fast IPV6 Container Networking with BPF and XDP |url=https://www.slideshare.net/ThomasGraf5/cilium-fast-ipv6-container-networking-with-bpf-and-xdp |access-date=24 August 2016 |website=Slideshare}} Today, Cilium has been adopted by major cloud provider's Kubernetes offerings and is one of the most widely used CNIs.
• August 2017 - ebpf-go was created as a library to read, modify, and load eBPF programs and attach them to various hooks.{{cite web |date=29 August 2017 |title=ebpf-go Initial Commit |url=https://github.com/cilium/ebpf/commit/ac675eba74ca67b6e876e658f8714a3f6b2bf5c5 |access-date=24 August 2016 |website=GitHub}}
• April 2018 - Cilium 1.0 is the first stable release{{cite web |title=Cilium 1.0 Advances Container Networking With Improved Security |url=https://www.eweek.com/security/cilium-1.0-advances-container-networking-with-improved-security/| date=24 April 2018|access-date=13 July 2023 |website=eWeek.com}}
• November 2019 - Hubble was launched to provide eBPF-based observability to network flows{{cite web |date=19 November 2019 |title=Announcing Hubble - Network, Service & Security Observability for Kubernetes |url=https://cilium.io/blog/2019/11/19/announcing-hubble/ |access-date=24 August 2016 |website=Cilium.io}}
• August 2020 - Chosen by Google as the basis for their Kubernetes Dataplane v2{{cite web |date=20 August 2020 |title=New GKE Dataplane V2 increases security and visibility for containers |url=https://cloud.google.com/blog/products/containers-kubernetes/bringing-ebpf-and-cilium-to-google-kubernetes-engine |access-date=10 July 2023 |website=Google Cloud Platform}}
• September 2021 - AWS picks Cilium for Networking & Security on EKS Anywhere{{cite web |date=13 September 2021 |title=AWS Picks Cilium As Networking And Security Layer |url=https://www.tfir.io/aws-picks-cilium-as-networking-and-security-layer/ |access-date=10 July 2023 |website=tfir.io}}
• October 2021 - Pwru was launched for tracing network packets in the Linux kernel with advanced filtering capabilities{{cite web |date=12 October 2021 |title=pwru Initial Commit |url=https://github.com/cilium/pwru/commit/bfc95e6e6355dc18064c984839144abc1d098cd |access-date=10 July 2023 |website=GitHub}}{{cite web |date=8 February 2023 |title=Going from Packet Where Aren’t You to pwru |url=https://cilium.io/blog/2023/03/22/packet-where-are-you/ |access-date=10 July 2023 |website=Cilium.io}}
• October 2021 - Accepted into CNCF as an incubation level project{{cite web |date=13 October 2021 |title=Cilium joins CNCF as an incubating project |url=https://www.cncf.io/blog/2021/10/13/cilium-joins-cncf-as-an-incubating-project/ |access-date=10 July 2023 |website=CNCF}}
• December 2021 - Cilium Service Mesh launched to help manage traffic between services{{cite web |title=Cilium 1.12 Adds Cilium Service Mesh And Other New Features For Enterprise Kubernetes|url=https://www.tfir.io/cilium-1-12-adds-cilium-service-mesh-and-other-new-features-for-enterprise-kubernetes/|date=21 July 2022 |access-date=10 July 2023 |website=tfir.io}}
• May 2022 - Tetragon open sourced to cover security observability and runtime enforcement{{cite web |date=16 May 2022 |title=Tetragon – eBPF-based Security Observability & Runtime Enforcement |url=https://www.prnewswire.com/news-releases/isovalent-creators-of-ebpf-and-cilium-launch-tetragon-high-performance-kernel-based-kubernetes-security-301973670.html |access-date=10 July 2023 |website=Isovalent.com}}{{cite web |date=16 July 2022 |title=Tetragon – eBPF-based Security Observability & Runtime Enforcement |url=https://thenewstack.io/isovalent-open-sources-tetragon-ebpf-based-observability-platform/ |access-date=10 July 2023 |website=thenewstack.io}}
• October 2022 - Chosen as CNI for Azure{{Cite web |last=Bansal |first=Deepak |date=2022-12-05 |title=Microsoft and Isovalent partner to bring next generation eBPF dataplane for cloud-native applications in Azure |url=https://azure.microsoft.com/en-us/blog/microsoft-and-isovalent-partner-to-bring-next-generation-ebpf-dataplane-for-cloudnative-applications-in-azure/ |access-date=2024-02-06 |website=Microsoft Azure Blog |language=en-US}}{{Cite web |last=Ke |first=Deepak Bansal, Qi |date=2023-06-22 |title=Azure CNI with Cilium: Most scalable and performant container networking in the Cloud |url=https://azure.microsoft.com/en-us/blog/azure-cni-with-cilium-most-scalable-and-performant-container-networking-in-the-cloud/ |access-date=2024-02-06 |website=Microsoft Azure Blog |language=en-US}}
• April 2023 - Cilium Mesh launched to connect workloads and machines across cloud, on-prem, and edge{{cite web |date=19 May 2022 |title=Cilium Mesh – One Mesh to Connect Them All |url=https://isovalent.com/blog/post/introducing-cilium-mesh/ |access-date=10 July 2023 |website=Isovalent.com}}{{cite web |date=5 May 2023 |title=Isovalent’s Cilium Mesh bridges gap between Kubernetes and legacy workloads|url=https://siliconangle.com/2023/05/05/isovalents-cilium-mesh-bridges-gap-kubernetes-legacy-workloads-kubecon/ |access-date=10 July 2023 |website=siliconangle.com}}{{cite web |date=17 April 2023 |title=Isovalent introduces Isovalent Cilium Mesh to Securely Connect Networks Across On-Prem, Edge, and Cloud|url=https://finance.yahoo.com/news/isovalent-introduces-isovalent-cilium-mesh-110000920.html|access-date=10 July 2023 |website=finance.yahoo.com}}
• April 2023 - First CiliumCon hosted as a part of KubeCon{{cite web |title=CiliumCon Europe 2023 |url=https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/ |access-date=10 July 2023 |website=Linux Foundation}}
• October 2023 - Cilium becomes a CNCF Graduated project https://www.cncf.io/announcements/2023/10/11/cloud-native-computing-foundation-announces-cilium-graduation/

Cilium was accepted into the Cloud Native Computing Foundation on October 13th, 2021 as an incubation-level project. It applied to become a graduated project on October 27th 2022. It became a Graduated project one year later. Cilium is one of the fastest-moving projects in the CNCF ecosystem.{{cite web |date=11 January 2023 |title=A look at the 2022 velocity of CNCF, Linux Foundation, and top 30 open source projects |url=https://www.cncf.io/blog/2023/01/11/a-look-at-the-2022-velocity-of-cncf-linux-foundation-and-top-30-open-source-projects/ |access-date=10 July 2023 |website=Cloud Native Computing Foundation}}

Cilium has been adopted by many large-scale production users, including over 100 that have stated it publicly,{{cite web |title=Who is using Cilium? |url=https://github.com/cilium/cilium/blob/master/USERS.md |access-date=10 July 2023 |website=GitHub}} for example:

• Datadog uses Cilium as their CNI and kube-proxy replacement{{Cite web |date=2022-10-11 |title=Datadog |url=https://www.cncf.io/case-studies/datadog/ |access-date=2023-07-12 |website=Cloud Native Computing Foundation|language=en-US}}{{Cite web |date=2022-10-11 |title=Tales from an eBPF Program’s Murder Mystery - Hemanth Malla & Guillaume Fournier, Datadog |url=https://www.youtube.com/watch?v=YK7GyEJdJGo |access-date=2023-07-12 |website=YouTube |language=en-US}}
• Ascend uses Cilium as their one CNI across multiple cloud providers{{cite web |title=Case Study: Ascend |url=https://www.cncf.io/case-studies/ascend/ |access-date=10 July 2023 |website=Cloud Native Computing Foundation}}
• Bell Canada uses Cilium and eBPF for telco networking{{cite web |date=21 August 2021 |title=Why eBPF is changing the telco networking space – Daniel Bernier, Bell Canada |url=https://www.youtube.com/watch?v=fNtG0iHYne4 |access-date=10 July 2023 |website=YouTube}}{{cite web |date=19 May 2022 |title=Leveraging Cilium and SRv6 for Telco Networking - Daniel Bernier, Bell Canada |url=https://www.youtube.com/watch?v=vJaOKGWiyvU |access-date=10 July 2023 |website=YouTube}}
• Cosmonic uses Cilium for their Nomad-based PaaS{{cite web |date=18 Jan 2023 |title=Cosmonic User Story: Running Cilium on Nomad for Wasm Workloads |url=https://cilium.io/blog/2023/01/18/cosmonic-user-story/ |access-date=10 July 2023 |website=Cilium.io}}{{cite web |date=26 May 2023 |title=Cosmonic Open Source Project Integrates Nomad and Cilium |url=https://cloudnativenow.com/features/cosmonic-open-source-project-integrates-nomad-and-cilium/|access-date=10 July 2023 |website=CloudNativeNow.com}}{{cite web |date=30 May 2023 |title=The Cosmonic Open Source Project Combines Cilium And Nomad|url=https://www.opensourceforu.com/2023/05/the-cosmonic-open-source-project-combines-cilium-and-nomad//|access-date=10 July 2023 |website=Opensourceforu.com}}
• IKEA uses Cilium for their self-hosted bare-metal private cloud{{cite web |date=19 May 2022 |title=IKEA Private Cloud, eBPF Based Networking, Load Balancing, and Observability with Cilium |url=https://www.youtube.com/watch?v=sg-F_R-ZVNc |access-date=13 July 2023 |website=YouTube}}
• S&P Global uses Cilium as its CNI{{cite web |date=4 October 2022 |title=eBPF, a road to invisible network: S&P Global's Network Transformation Journey - Guru Ramamoorthy |url=https://www.youtube.com/watch?v=6CZ_SSTqb4g |access-date=10 July 2023 |website=YouTube}}
• Sky uses Cilium as their CNI and for network security{{cite web |date=20 August 2021 |title=eBPF & Cilium at Sky – Sebastian Duff, Anthony Comtois, Jospeh Samuel [sic], Sky |url=https://www.youtube.com/watch?v=u-4naOMfs_w |access-date=10 July 2023 |website=YouTube}}
• The New York Times uses Cilium on EKS for multi-region multi-tenant shared clusters{{cite web | date=20 April 2023 |title=Designing and Securing a Multi-Tenant Runtime Environment at the New York Times - Ahmed Bebars |url=https://www.youtube.com/watch?v=9FDpMNvPrCw&list=PLj6h78yzYM2Meb36FX-bKd-3fpNvtlzpE&index=5 |access-date=10 July 2023 |website=YouTube}}
• Trip.com uses Cilium both on premise and in AWS{{cite web |date=5 February 2020 |title=User Story - How Trip.com uses Cilium |url=https://cilium.io/blog/2020/02/05/how-trip-com-uses-cilium/ |access-date=10 July 2023 |website=Cilium.io}}
• OpenAI uses Cilium as their CNI{{Cite web |date=6 June 2025 |title=AKS Me Anything: Paul Miller: Episode 5 (Azure Kubernetes Service) |url=https://www.youtube.com/watch?v=wuO4nREXu4Y |access-date=13 June 2025}}

Cilium is the CNI for many cloud providers including Alibaba,{{cite web|url=https://www.alibabacloud.com/de/developer/a/ack/cilium-high-performance-cloud-native-network |title=Cilium High Performance Cloud Native Network|website=Alibaba Cloud|access-date=10 July 2023}} APPUiO,{{cite web|url=https://www.appuio.ch/en/blog/2021-12-15-partnerschaft-mit-isovalent/ |title=Partnership with Isovalent|website=appuio.ch | date=16 December 2021 |access-date=10 July 2023}} Azure,{{cite web|url=https://azure.microsoft.com/en-us/updates/azure-cni-powered-by-cilium/ |title=General availability: Azure CNI powered by Cilium|website=Microsoft Azure | date=30 May 2023 |access-date=10 July 2023}} AWS, DigitalOcean,{{cite web|url=https://ebpf.io/summit-2020-slides/eBPF_Summit_2020-Lightning-Timo_Reimann-Managed_Kubernetes_to_App_Platform_Years_of_Cilium_Usage_at_DigitalOcean.pdf |title=From Managed Kubernetes to App Platform: 1.5 Years of Cilium Usage at DigitalOcean|website=ebpf.io | date=28 October 2020 |access-date=10 July 2023}} Exoscale,{{cite web|url=https://changelog.exoscale.com/en/cilium-cni-sks |title=Cilium CNI & SKS|website=changelog.exoscale.com | date=3 June 2022 |access-date=10 July 2023}} Google Cloud, Hetzner,{{cite web|url=https://cilium.io/blog/2023/01/25/hetzner-performance-testing/ |title=Performance Testing Cilium Ingress at Hetzner Cloud|website=cilium.io | date=5 January 2023 |access-date=10 July 2023}} and Tencent Cloud.{{cite web|url=https://segmentfault.com/a/1190000040269867/en |title=Tencent Cloud TKE-based on Cilium unified hybrid cloud container network |website=segmentfault.com | date=1 July 2021 |access-date=10 July 2023}}

Cilium began as a container networking project. With the growth of Kubernetes and container orchestration, Cilium became a CNI, providing basic things like configuring container network interfaces and Pod to Pod connectivity. From the beginning, Cilium based its networking on eBPF rather than iptables or IPVS, betting that eBPF would become the future of cloud native networking.{{cite web|url=https://www.linux.com/news/why-kernel-community-replacing-iptables-bpf/ |title=Why is the kernel community replacing iptables with BPF? |website=linux.com| date=23 April 2018 |access-date=10 July 2023}}

Cilium’s eBPF based dataplane provides a simple flat Layer 3 network with the ability to span multiple clusters in either a native routing or overlay mode with Cilium Cluster Mesh. It is Layer 7-protocol aware and can enforce network policies on Layer 3 to Layer 7 and with FQDN using an identity-based security model that is decoupled from network addressing.

Cilium implements distributed load balancing for traffic between Pods and to external services, and is able to fully replace kube-proxy,{{cite web |title=Kubernetes Without kube-proxy |url=https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/#kubeproxy-free |access-date=10 July 2023 |website=docs.cilium.io}} using XDP, socket-based load-balancing and efficient hash tables in eBPF. It also supports advanced functionality like integrated ingress and egress gateways,{{cite web|url=https://docs.cilium.io/en/stable/network/egress-gateway/#id1|title=Egress Gateway |website=docs.cilium.io|access-date=10 July 2023}} bandwidth management, a stand-alone load balancer, and service mesh.{{cite web|url=https://www.cncf.io/blog/2022/07/20/cilium-1-12-ga-cilium-service-mesh-and-other-major-new-features-for-enterprise-kubernetes//|title=Cilium 1.12 GA: Cilium Service Mesh and other major new features for enterprise Kubernetes |website=Cloud Native Computing Foundation | date=13 July 2022|access-date=10 July 2023}}

Cilium is the first CNI to support advanced kernel features such as BBR TCP congestion control{{Cite journal |last=Cardwell |first=Neal |last2=Cheng |first2=Yuchung |last3=Gunn |first3=C. Stephen |last4=Yeganeh |first4=Soheil Hassas |last5=Jacobson |first5=Van |date=2016 |title=BBR: Congestion-Based Congestion Control |url=http://queue.acm.org/detail.cfm?id=3022184 |journal=ACM Queue |volume=14, September-October |pages=20 – 53}} and BIG TCP{{Cite web |title=tcp: BIG TCP implementation [LWN.net] |url=https://lwn.net/Articles/883713/ |access-date=2023-07-12 |website=lwn.net}} for Kubernetes Pods.{{Citation |title=100Gbit/S Clusters With Cilium: Building Tomorrows Networking- Daniel Borkmann & Nikolay Aleksandrov |url=https://www.youtube.com/watch?v=Kvdh78TURck |access-date=2023-07-12 |language=en}}

Hubble is the observability, service map, and UI of Cilium which is shipped with the CNI.{{cite web |title=Hubble on Github |url=https://github.com/cilium/hubble |access-date=10 July 2023 |website=GitHub}} {{cite web |title=Hubble Series (Part 1): Re-introducing Hubble |url=https://isovalent.com/blog/post/hubble-series-re-introducing-hubble/ | date=5 June 2023 |access-date=10 July 2023 |website=Isovalent.com}} It can be used to observe individual network packet flows, view network policy decisions to allow or block traffic, and build up service maps showing how Kubernetes services are communicating.{{cite web |title=Service Map & Hubble UI |url=https://docs.cilium.io/en/stable/gettingstarted/hubble/#hubble-gsg |access-date=10 July 2023 |website=docs.cilium.io}} Hubble can export this data to Prometheus, OpenTelemetry, Grafana, and Fluentd for further analysis of Layer 3/4 and Layer 7 metrics.{{cite web |title=Monitoring & Metrics |url=https://docs.cilium.io/en/stable/observability/metrics/ |access-date=10 July 2023 |website=docs.cilium.io}}

Tetragon is the security observability and runtime enforcement project of Cilium.{{cite web |title=Tetragon on Github |url=https://github.com/cilium/tetragon |access-date=10 July 2023 |website=GitHub}} Tetragon is a flexible Kubernetes-aware security observability and runtime enforcement tool that applies policy and filtering directly with eBPF. It allows users to monitor and observe the complete lifecycle of every process execution on their machine, translate policies for file monitoring, network observability, container security, and more into eBPF programs, and do synchronous monitoring, filtering, and enforcement completely in the kernel.

ebpf-go is a pure-Go library to interact with the eBPF subsystem in the Linux kernel.{{cite web |title=ebpf-go on Github |url=https://github.com/cilium/ebpf |access-date=10 July 2023 |website=GitHub}} It has minimal external dependencies, emphasises reliability and compatibility, and is widely deployed in production.

pwru ("Packet, where are you?") is an eBPF-based tool for tracing network packets in the Linux kernel with advanced filtering capabilities. It allows fine-grained introspection of kernel state to facilitate debugging network connectivity issues. Under the hood, pwru attaches eBPF debugging programs to all Linux kernel functions which are responsible for processing network packets.

This gives a user finer-grained view into a packet processing in the kernel than with tcpdump, Wireshark, or more traditional tools. Also, it can show packet metadata such as network namespace, processing timestamp, internal kernel packet representation fields, and more.

Cilium began as a networking project and has many features that allow it to provide a consistent connectivity experience from Kubernetes workloads to virtual machines and physical servers running in the cloud, on-premises, or at the edge. Some of these include:

• Container Network Interface (CNI){{cite web |title=Securing Your Kubernetes Cluster: Cilium and Network Policies |url=https://www.learncloudnative.com/blog/2023-06-14-cilium-network-policy | date=14 June 2023 |access-date=10 July 2023 |website=learncloudnative.com}} - Provides networking for Kubernetes clusters
• Layer 4 Load Balancer{{cite web |title=Layer 4 Load Balancer |url=https://cilium.io/use-cases/load-balancer/ |access-date=10 July 2023 |website=cilium.io}} - Based on Maglev{{cite web|url=https://research.google/pubs/pub44824/|title=Maglev: A Fast and Reliable Software Network Load Balancer | website=research.google.com|access-date=10 July 2023}}{{Cite web |title=Cilium 1.9: Maglev, Deny Policies, VM Support, OpenShift, Hubble mTLS, Bandwidth Manager, eBPF Node-Local Redirect, Datapath Optimizations, and more |url=https://cilium.io/blog/2020/11/10/cilium-19/ |access-date=2023-07-12 |website=cilium.io}} and XDP{{Cite web |title=Cilium 1.8: XDP Load Balancing, Cluster-wide Flow Visibility, Host Network Policy, Native GKE & Azure modes, Session Affinity, CRD-mode Scalability, Policy Audit mode, ... |url=https://cilium.io/blog/2020/06/22/cilium-18/ |access-date=2023-07-12 |website=cilium.io}} for handling north/south traffic
• Cluster Mesh{{cite web|url=https://cilium.io/use-cases/cluster-mesh/|title=Cluster Mesh | website=cilium.io|access-date=10 July 2023}} - Combines multiple Kubernetes clusters into one network
• Bandwidth and Latency Optimization{{cite web|url=https://cilium.io/use-cases/bandwidth-optimization/|title=Bandwidth And Latency Optimization | website=cilium.io|access-date=10 July 2023}} - Fair Queueing, TCP Optimization, and Rate Limiting
• kube-proxy replacement{{cite web|url=https://cilium.io/use-cases/kube-proxy/|title=kube-proxy replacement | website=cilium.io|access-date=10 July 2023}} - Replaces iptables with eBPF hash tables
• BGP{{cite web|url=https://cilium.io/use-cases/bgp/|title=BGP | website=cilium.io|access-date=10 July 2023}} - Integrates into existing networks and provides load balancing in bare metal clusters
• Egress Gateway{{cite web|url=https://cilium.io/use-cases/egress-gateway/|title=Egress Gateway | website=cilium.io|access-date=10 July 2023}} - Provides a static IP for integration into external workloads
• Service Mesh{{cite web|url=https://cilium.io/use-cases/service-mesh/|title=Cilium Service Mesh | website=cilium.io|access-date=10 July 2023}}{{cite web|url=https://medium.com/nerd-for-tech/redefining-service-mesh-with-cilium-4738cdfb9899|title=Redefining service mesh with Cilium | website=medium.com|date=31 July 2022|access-date=10 July 2023}} - Includes ingress, TLS termination, canary rollouts, rate limiting, and circuit breaking
• Gateway API{{cite web|url=https://cilium.io/use-cases/gateway-api/|title=Gateway API | website=cilium.io|access-date=10 July 2023}} - Fully conformant implementation for managing ingress into Kubernetes clusters
• SRv6{{Cite web |title=Cloud Native Telco Day Europe 2022: Leveraging Cilium and SRv6 for Telco Net... |url=https://cloudnativetelcodayeu22.sched.com/event/zso2/leveraging-cilium-and-srv6-for-telco-networking-daniel-bernier-bell-canada |access-date=2023-07-12 |website=cloudnativetelcodayeu22.sched.com}} - Defines packet processing in the network as a program
• BBR support for Pods{{Cite web |title=Accelerate network performance with Cilium BBR - Isovalent |url=https://isovalent.com/blog/post/accelerate-network-performance-with-cilium-bbr/ |access-date=2023-07-12 |website=isovalent.com |language=en}} - Allows for better throughput and latency for Internet traffic
• NAT 46/64 Gateway{{Cite web |title=Cilium 1.12 - Ingress, Multi-Cluster, Service Mesh, External Workloads, ... |url=https://isovalent.com/blog/post/cilium-release-112/ |access-date=2023-07-12 |website=isovalent.com |language=en}} - Allows IPv4 services to talk with IPv6 ones and vice versa
• BIG TCP for IPv4/IPv6{{Cite web |title=Tuning Guide — Cilium 1.15.0-dev documentation |url=https://docs.cilium.io/en/latest/operations/performance/tuning/#ipv4-big-tcp |access-date=2023-07-12 |website=docs.cilium.io}} - Enables better performance by reducing the number of packets traversing the stack
• Cilium Mesh{{Cite web |title=Cilium Mesh - One Mesh to Connect Them All - Isovalent |url=https://isovalent.com/blog/post/introducing-cilium-mesh/ |access-date=2023-07-12 |website=isovalent.com |language=en}}{{Cite web |title=Cilium Mesh: A new way to extend Kubernetes benefits across on-premises and cloud networking |url=https://www.techrepublic.com/article/cilium-mesh/ | date=26 May 2023|access-date=2023-07-12 |website=techrepublic.com |language=en}} - Connects workloads running outside Kubernetes to ones running inside it

Being in the kernel, eBPF has complete visibility of everything that is happening on a machine. Cilium leverages this with the following features:

• Service Map{{cite web |title=Service Map |url=https://cilium.io/use-cases/service-map/ |access-date=10 July 2023 |website=cilium.io}} - Provides a UI for network flows and policy
• Network Flow Logs{{cite web |title=Identity-Aware L3/L4/DNS Network Flow Logs |url=https://cilium.io/use-cases/network-flow-logs/ |access-date=10 July 2023 |website=cilium.io}} - Provides Layer 3/4 and DNS visibility connected to identity
• Network Protocol Visibility{{cite web |title=Advanced Network Protocol Visibility |url=https://cilium.io/use-cases/protocol-visibility/ |access-date=10 July 2023 |website=cilium.io}} - Including HTTP, gRPC, Kafka, UDP, and SCTP
• Metrics & Tracing Export{{cite web |title=Metrics & Tracing Export |url=https://cilium.io/use-cases/metrics-export/ |access-date=10 July 2023 |website=cilium.io}} - Sends data to Prometheus, OpenTelemetry, or other storage system

eBPF can stop events in the kernel for security. Cilium projects leverage this through the following features:

• Transparent Encryption{{cite web|url=https://cilium.io/use-cases/transparent-encryption/|title=Transparent Encryption | website=cilium.io|access-date=10 July 2023}} - Utilizes either IPSec or WireGuard
• Network Policy{{cite web |title=Advanced Network Policy |url=https://cilium.io/use-cases/network-policy/ |access-date=10 July 2023 |website=cilium.io}} - Includes Layer 3 to Layer 7 and DNS-aware policies
• Runtime Enforcement{{cite web |title=Runtime Enforcement |url=https://cilium.io/use-cases/runtime-enforcement/ |access-date=10 July 2023 |website=cilium.io}} - Stops processes outside of policies with default policies
• File Integrity Monitoring{{Cite web |title=Tetragon - eBPF-based Security Observability & Runtime Enforcement - Isovalent |url=https://isovalent.com/blog/post/2022-05-16-tetragon/ |access-date=2023-07-12 |website=isovalent.com |language=en}} - Tracks modification to the system

The chart below visualises the period for which each Cilium community maintained release is/was supported:

ImageSize = width:1000 height:auto barincrement:35

PlotArea = left:100 right:50 bottom:30 top:10

DateFormat = dd/mm/yyyy

Period = from:01/01/2017 till:01/01/2028

TimeAxis = orientation:horizontal

ScaleMajor = unit:year increment:1 start:2017

ScaleMinor = unit:month increment:1 start:01/01/2017

Define $dx = 25 # shift text to right side of bar

Colors =

id:out_of_support value:rgb(0.992,0.702,0.671) legend:Out_of_support

id:in-support value:rgb(0.996,0.973,0.776) legend:In_support

id:latest value:rgb(0.831,0.957,0.706) legend:Latest_stable_version

id:prerelease value:rgb(0.996,0.82,0.627) legend:Preview_version

PlotData=

mark:(line,black)

fontsize:S

bar:1.16.x from:25/07/2024 till:30/12/2027 text:1.16.x color:latest

bar:1.15.x from:01/02/2024 till:30/12/2026 text:1.15.x color:in-support

bar:1.14.x from:25/07/2023 till:30/12/2025 text:1.14.x color:in-support

bar:1.13.x from:18/04/2023 till:30/12/2024 text:1.13.x color:out_of_support

bar:1.12.x from:19/07/2022 till:01/02/2024 text:1.12.x color:out_of_support

bar:1.11.x from:09/12/2021 till:25/07/2023 text:1.11.x color:out_of_support

bar:1.10.x from:20/05/2021 till:18/04/2023 text:1.10.x color:out_of_support

bar:1.9.x from:10/11/2020 till:19/07/2022 text:1.9.x color:out_of_support

bar:1.8.x from:22/06/2020 till:09/12/2021 text:1.8.x color:out_of_support

bar:1.7.x from:19/02/2020 till:20/05/2021 text:1.7.x color:out_of_support

bar:1.6.x from:20/08/2019 till:10/11/2020 text:1.6.x color:out_of_support

bar:1.5.x from:29/04/2019 till:22/06/2020 text:1.5.x color:out_of_support

bar:1.4.x from:12/02/2019 till:19/02/2020 text:1.4.x color:out_of_support

bar:1.3.x from:23/10/2018 till:20/08/2019 text:1.3.x color:out_of_support

bar:1.2.x from:21/08/2018 till:29/04/2019 text:1.2.x color:out_of_support

bar:1.1.x from:26/06/2018 till:12/02/2019 text:1.1.x color:out_of_support

bar:1.0.x from:24/04/2018 till:23/10/2018 text:1.0.x color:out_of_support

Cilium's official [https://cilium.io/ website] lists online forums, messaging platforms, and in-person meetups for the Cilium user and developer community.

Conferences dedicated to Cilium development in the past have included:

• CiliumCon EU 2023, held in conjunction with KubeCon + CloudNativeCon EU 2023{{Cite web |title=KubeCon + CloudNativeCon Europe |url=https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/ |access-date=2023-07-12 |website=Linux Foundation Events |language=en-US}}
• CiliumCon NA 2023,{{cite web|url=https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/|title=CiliumCon North America 2023 | website=events.linuxfoundation.com|access-date=11 July 2023}} held in conjunction with KubeCon + CloudNativeCon NA 2023{{Cite web |title=KubeCon + CloudNativeCon North America |url=https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/ |access-date=2023-07-12 |website=Linux Foundation Events |language=en-US}}
• CiliumCon EU 2024,{{Cite web |title=Cilium + eBPF Day Europe |url=https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/cilium-ebpf-day/ |access-date=2024-06-07 |website=Linux Foundation Events |language=en-US}} held in conjunction with KubeCon + CloudNativeCon EU 2024{{Cite web |title=KubeCon + CloudNativeCon Europe |url=https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/ |access-date=2024-06-07 |website=Linux Foundation Events |language=en-US}}
• CiliumCon NA 2024 {{Cite web |title=Cilium + eBPF Day |url=https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/cilium-ebpf-day/ |access-date=2024-10-30 |website=LF Events |language=en-US}}held in conjunction with KubeCon + CloudNativeCon NA 2024{{Cite web |title=KubeCon + CloudNativeCon North America |url=https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/?utm_source=www&utm_medium=homepage&utm_campaign=KubeCon-NA-2024&utm_content=big-banner |access-date=2024-10-30 |website=LF Events |language=en-US}}

The Cilium community releases an annual report to cover how the community developed over the course of the year:

• Cilium Annual Report 2022: Year of the CNI{{Cite web |date=2023-01-26 |title=Announcing the Cilium annual report |url=https://www.cncf.io/blog/2023/01/26/announcing-the-cilium-annual-report/ |access-date=2024-02-06 |website=CNCF |language=en-US}}
• Cilium Annual Report 2023: Year of Graduation{{Cite web |date=2023-12-21 |title=Cilium’s 2023 annual report |url=https://www.cncf.io/blog/2023/12/21/ciliums-2023-annual-report/ |access-date=2024-02-06 |website=CNCF |language=en-US}}

{{Portal|Free and open-source software}}

• Kubernetes
• Cloud Native Computing Foundation
• eBPF

{{Reflist|30em}}

• {{Official Website|https://cilium.io/}}
• {{GitHub|cilium/cilium}}

Category:Network software

Category:Open-source cloud applications