The future of Cilium involves not just Kubernetes and containers, but also virtual machines, edge use cases, and other environments.
Translated from Cilium's Past Points to Its Future , by B Cameron Gain.
Cilium is clearly going through many changes as a dynamic and popular open source project that leverages eBPF heavily , but its original reason remains in control: a tool to provide security, observability , and networking capabilities. Its capabilities or hooks extend from the kernel to the entire network, including cloud, on-premises, or other infrastructure. This definition covers a lot, and Cilium should continue to adapt and expand to meet changes in infrastructure needs.
In this article, we look at the future of Cilium , which largely involves scaling everywhere, not just Kubernetes and containers of course , but also virtual machines, edge use cases, and other environments. Of course, Cisco's acquisitions and its integration with other tools will also play a role in its future.
But what was its reason for existing in the first place? As its creator, Thomas Graf , who wrote the first line of Cilium code and is Isovalent 's chief technology officer, described what he said are four pillars that haven't changed during his KubeCon + CloudNativeCon Europe talk in March.
Looking back at his talk at LinuxCon , held in Toronto in 2016, Graf initially began describing the Cilium project as a way to provide fast IPv6 container networking using eBPF. The four pillars Graf described are still the same today as they were then:
- Scalability, which applies to containers "because we're no longer just thinking about virtual machines" as well as policies and addresses.
- Scalability: "Because user-space networking was mainstream at the time and was taking over," it was necessary to "restore kernel relevance" and "be as scalable in the kernel as possible in user-space networking."
- simplicity
- Performance: "Of course, we want packets to move quickly," Graf said.
While it dates back to his original presentation in 2016, Graf said "this is still exactly what Cilium is today":
As a CNCF project, Cilum's development focuses specifically on Kubernetes for connectivity, firewall management, and cluster monitoring. As Nico Vibert, senior technical marketing engineer at Isovalent, writes in his e-book "Kubernetes Networking and Cilium: An Instruction Manual for the Network Engineer," Kubernetes is still a very difficult animal to manage, and Cilium provides an open source option to Simplify difficult tasks. “Even though I have a CCIE [Cisco Certified Internet Expert] and have been in the networking industry for almost 20 years, I still find Kubernetes networking confusing.” However, there is the networking aspect of Kubernetes and what has now become the de facto networking platform for Kubernetes: Cilium.
Best CNI
“At the outset of a networking project, Kubernetes cluster operators and architects must select a CNI [Container Network Interface] that provides the required networking, security, and observability capabilities…and wins in most CNI evaluations tend to be Cilium projects,” Vibert wrote.
In fact, designing an optimal CNI for Kubernetes has been a stated goal of Cilium's creators since the early stages of development. "The mission is very, very simple: bring eBPF to Kubernetes and make it the best CNI possible," Graf said. "It's essentially a division of tasks and we're still working toward that goal."
While Kubernetes gets a lot of attention, the world doesn't stop there. Organizations often mix and match different environments, spanning different cloud and on-premises environments. "We want to bring Cilium basically to the rest of the world as well. So simplicity, scalability, security, not needing a dozen different tools. We want to bring it outside of Kubernetes for your virtual machines, servers, edge, multi-cloud connectivity,” Graf said. "When you think about connectivity, you should only think about Cilium: how to do it securely, how to do it scalably, whether it's for containers, Kubernetes, a bunch of servers or virtual machines. Cilium, that's our vision for the future : Cilium should become the standard or next generation network layer.”
Cilium often remains part of a larger infrastructure and does not exist within other infrastructures such as so-called single control planes. This integration and collaboration is often combined with many other layers of complexity, often with cloud-native infrastructure. The project involved extensive integration and integration development work as its applicability continues into other different environments.
Hierarchy
At the network level, Cilium covers Layer 4 (Transport Layer) and Layer 7 (Application Layer) for its use. At the same time, its integration with Cisco will be worth considering in many ways. As Torsten Volk , an analyst at Enterprise Management Associates (EMA) , recently explained, Cisco's acquisition of Isovalent means that the two will jointly cover Splunk and AppDynamics integration, Cisco ACI integration, Intersight integration and Tetration integration across Cisco platforms.
"With the acquisition of Isovalent, Cilium's integration with Cisco's broad product portfolio makes strategic sense on multiple levels. In addition to extending Cisco's capabilities in network and security observability by leveraging eBPF technology, it also enhances the company's capabilities on its existing platform The ability to provide integrated solutions on (such as Splunk, AppDynamics and Intersight)," Volk said. "This acquisition enables Cisco to deliver a more comprehensive infrastructure management and observability solution that is critical to the performance and security of modern complex infrastructure environments. This integration brings a more unified approach to infrastructure management approach, aligned with the industry trend toward converged, intelligent solutions that can support dynamic, cloud-native applications."
As for layer 3, it does cover that in some respects, but that's done by integrating Cilium with other different types of projects with eBPF, especially for policies. For Tier 3, there's a lot of overlap and utilization with Calico developed by Tigera , and as Graf described it, "they're definitely doing something right."
Volk said he agrees, as Cilium's integration with other eBPF-centric projects to enable Layer 3 capabilities, particularly in policy enforcement, is a strategic move to enhance the granularity and flexibility of network management in cloud-native environments . "Utilizing Calico, developed by Tigera, for Layer 3 complements Cilium's capabilities and allows for a robust approach to network segmentation and security policies. Experts in the field endorse Calico's approach, which highlights its role in managing modern distributed systems effectiveness in terms of inherent complex network challenges,” Volk said. “It is recognized that the combination of these technologies provides a comprehensive solution that meets industry needs for scalable, secure and efficient network operations.”
Previously, Graf explained, networking required "you had to learn how to do subnet addressing or even get two Pods to connect to each other." While Cilium offers multiple networks, its core concept at Layer 3 is that "everyone can talk to everyone," Graf said. "Then you can put strategies in place to segment the content you want. We also want to separate strategy from addressing."
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing! High school students create their own open source programming language as a coming-of-age ceremony - sharp comments from netizens: Relying on RustDesk due to rampant fraud, domestic service Taobao (taobao.com) suspended domestic services and restarted web version optimization work Java 17 is the most commonly used Java LTS version Windows 10 market share Reaching 70%, Windows 11 continues to decline Open Source Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft's anxiety and ambition; Haier Electric shuts down the open platform Apple releases M4 chip Google deletes Android universal kernel (ACK ) Support for RISC-V architecture Yunfeng resigned from Alibaba and plans to produce independent games for Windows platforms in the futureThis article was first published on Yunyunzhongsheng ( https://yylives.cc/ ), everyone is welcome to visit.