CIO Influence
CIO Influence News Edge Computing

Isovalent Extends Cilium’s Enterprise Networking and Security Features at KubeCon

Isovalent Extends Cilium's Enterprise Networking and Security Features at KubeCon

As Cilium becomes first CNCF cloud native networking category project to graduate, Isovalent Enterprise for Cilium 1.14 accelerates platform teams’ ability to adopt and scale the platform that’s redefining the cloud networking and security landscape

Isovalent, the creators of the rapidly growing open source technologies Cilium and eBPF, announced it has extended the enterprise capabilities of Cilium with a new Isovalent Enterprise for Cilium 1.14 release and major new Cilium Tetragon runtime security capabilities. The new capabilities make their debut this week at the cloud native infrastructure industry’s leading event, KubeCon + CloudNativeCon in Chicago, where Isovalent invites platform engineering teams to dive headfirst into the world of Cilium networking and security in the Cilium Experience Center.

PREDICTIONS SERIES 2024 - CIO Influence

Cilium is an eBPF-based project that was originally created by Isovalent, open-sourced in 2015, and has become the center of gravity for cloud native networking and security. Cilium is the third most active project in the CNCF (behind only Kubernetes and OpenTelemetry), where earlier this month it became the first project to graduate in the cloud native networking category. Cilium is the de facto container networking interface (CNI), with the greatest footprint of all CNIs across the major cloud service providers’ Kubernetes offerings.

With today’s news, Isovalent–whose team not only created Cilium, but also includes the creators and Linux maintainers for eBPF–introduces major new feature areas and enablement programs for enterprise platform teams who are seeking to extend their networking and security infrastructure beyond the native capabilities of Kubernetes.

CIO INFLUENCE News: Zimperium Launches Australia’s First Sovereign-Hosted Mobile Threat Defense Capability

Multi-Network Support with Isovalent Enterprise for Cilium 1.14

The highlight of this new enterprise release is undoubtedly native support for Multi-Network: the ability to connect a Kubernetes Pod to multiple network interfaces. With full compatibility with Cilium Network Policies and Hubble–so you don’t have to compromise on security or observability to make use of this feature–Cilium Multi-Network enables advanced Kubernetes networking use cases like:

  • Network Segmentation: Connecting Pods with multiple network interfaces can be used to segment network traffic. For example, you can have one interface for internal connectivity over a private network and another for external connectivity to the Internet.
  • Multi-Tenancy: In a multi-tenant Kubernetes cluster, you can use Multi Network alongside Cilium Network Policies to isolate network traffic between tenants by assigning different interfaces to different tenants or namespaces.
  • Service Chaining: Service chaining is a network function virtualization (NFV) use case where multiple networking functions or services are applied to traffic as it flows to and from a Pod. Multi-Network can help set up the necessary network interfaces for these services.
  • IoT (Internet of Things) and Edge Computing: For IoT and edge computing scenarios, Multi-Network can be used alongside Cilium Network Policies to impose network isolation on multi-tenant edge devices.

Additional 1.14 Features for Scaling K8s Networking

Isovalent Enterprise for Cilium is the hardened, enterprise-grade, and 24×7-supported version of the eBPF-based cloud networking platform Cilium. In addition to all features available in the open-source version of Cilium, the enterprise edition includes new advanced networking, security, and observability features popular with enterprises and telco providers:

  • Mutual Authentication: improve your security posture with zero effort
  • Envoy DaemonSet: a new option to deploy Envoy as a DaemonSet instead of embedded inside the Cilium agent
  • WireGuard Improvements: encryption with Cilium is getting better – you can now encrypt the traffic from node-to-node and also use Layer 7 policies alongside WireGuard
  • Gateway API Update: our leading Gateway API implementation is updated with support for the latest Gateway API version, additional route type support and multiple labs
  • L2 Announcements: Cilium can now natively advertise External IPs to local networks over Layer 2, reducing the need to install and manage tools such as MetalLB
  • BGP Enhancements: introducing support for better operational tools and faster failover
  • Multi-Pool IPAM: introducing support to allocate IPs to Pods from multiple IPAM pools.
  • BIG TCP for IPv4: after the introduction of BIG TCP support for IPv6 in Cilium 1.13, here comes IPv4 support. Ready for a 50% throughput improvement?

CIO INFLUENCE News: Tech Vendors Cookie Information and Piwik Pro Merge for Data Control

Taming Runtime Security With Tetragon

Tetragon is an eBPF-based security observability and runtime enforcement platform designed to give security and operations teams richer telemetry data for runtime security, while eliminating the performance overhead of proprietary security vendors’ agents.

Tetragon is built around eBPF and in-kernel filtering and aggregation logic, providing deep visibility without traditional agents or application changes. It gives platform and security teams a powerful observability layer that can introspect the entire system ranging from low-level kernel visibility to track file accesses, network activity, or capability changes, all the way up into the application layers covering aspects such as function calls into vulnerable libraries, tracing process execution, or understanding HTTP requests made.

With its Isovalent Enterprise for Cilium 1.14 release, Isovalent extends the open source project with enterprise features that further security teams visibility into L7 networking events (HTTP, DNS, TLS/SSL handshake analysis), granular control over Tetragon security policies and workflows, improved in-kernel smart collection for lower CPU & memory overhead, and more. In benchmarking comparisons, Tetragon’s kernel-based runtime telemetry collection resulted in near baseline overhead and minimal resource utilization across core security and observability use cases, read the benchmarking results and more.

CIO INFLUENCE News: Kubecost Continues to Advance Kubernetes Cloud Cost Leadership at KubeCon North America

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Quizlet Launches Advanced AI-Powered Tools for Next-Gen Studying

PR Newswire

ScyllaDB Announces NoSQL Database as a Service Now Available on Google Cloud