LLMpediaThe first transparent, open encyclopedia generated by LLMs

Cilium (software)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: OpenFaaS Hop 5
Expansion Funnel Raw 68 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted68
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Cilium (software)
NameCilium
DeveloperThe Cilium Project
Release2016
Programming languageGo, C
Operating systemLinux
LicenseApache License 2.0

Cilium (software) Cilium is an open-source networking, observability, and security project for cloud-native environments that builds on technologies such as Linux kernel, eBPF, XDP, Kubernetes, Docker to provide high-performance packet processing, transparent network policy enforcement, and deep visibility. It integrates with orchestration systems like Kubernetes and OpenShift and leverages kernel subsystems pioneered by projects such as BCC and bcc-tools while cooperating with vendors and standards bodies including Cloud Native Computing Foundation and Linux Foundation members. Cilium is widely used by organizations including Google, Amazon Web Services, Microsoft, Twitter and GitHub for microservices connectivity, service mesh integration, and multi-cluster networking.

Overview

Cilium emerged in 2016 to address limitations observed in existing solutions such as iptables-based networking in Kubernetes and traditional layer‑4 proxies like HAProxy and Envoy. By exploiting eBPF for programmable in-kernel execution, Cilium offers alternatives to projects like Calico (software) and Weave Net while aligning with standards from Cloud Native Computing Foundation and interoperability initiatives by Open Networking Foundation. The project aims to replace legacy approaches exemplified by netfilter and complement application-layer proxies developed by teams behind Istio, Linkerd, and Consul.

Architecture and Components

Cilium's architecture centers on an agent and a set of kernel and control-plane integrations: the Cilium agent runs as a DaemonSet in Kubernetes clusters and programs the Linux kernel using eBPF bytecode; it interacts with container runtimes such as containerd, CRI-O, and Docker and coordinates with orchestration controllers in Kubernetes API and OpenShift Container Platform. Key components include an Envoy-based sidecar integration similar to patterns used by Istio and Envoy, the Cilium operator for lifecycle tasks reflecting patterns from Kubernetes Operator projects, and a set of eBPF programs akin to work by bcc and bpftrace. Networking primitives map to concepts in BPF Type Format, and datapath acceleration integrates with XDP for fast packet ingress, while identity management borrows ideas from SPIFFE and SPIRE for workload identity.

Features and Functionality

Cilium implements L3/L4 and L7-aware policies, offering functionality comparable to NetworkPolicy (Kubernetes), with extended observability features inspired by Prometheus and Jaeger for metrics and tracing. It supports features used in platforms like Amazon EKS and Google Kubernetes Engine, such as transparent load balancing and egress control, and provides tools for diagnostics analogous to tcpdump and Wireshark but powered by in-kernel telemetry. Integrations exist for service mesh architectures proposed by Istio, Linkerd, and Consul, enabling zero-trust models promoted by initiatives like BeyondCorp and identity frameworks like OIDC.

Use Cases and Deployment

Organizations deploy Cilium for microservices networking in environments managed with Kubernetes, OpenShift, Rancher, and cloud platforms such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Common use cases include secure multi-tenant isolation similar to approaches used by Netflix and Airbnb for tenant separation, high-throughput edge and CDN scenarios analogous to Cloudflare and Akamai deployments, and service mesh replacement or augmentation in stacks incorporating Istio or Envoy. Operators also adopt Cilium for service-aware load balancing as done in HAProxy or for ingest pipelines akin to systems used by Confluent and Apache Kafka.

Performance and Scalability

By leveraging eBPF and XDP, Cilium achieves lower latency and higher packet-per-second throughput compared with traditional iptables chains and userspace proxy approaches exemplified by Nginx and legacy software load balancers. Benchmarks published by cloud providers and independent labs compare Cilium to Calico (software), Weave Net, and Flannel showing improved scalability across thousands of nodes in multi-AZ clusters like those run by Google, Amazon, and Microsoft. The datapath offload, kernel bypass techniques, and efficient map-based state enable horizontal scaling patterns found in distributed systems such as etcd and Consul.

Security Model and Policies

Cilium provides identity-based security using labels and workload identities compatible with SPIFFE specifications and integrates with secrets and identity providers like HashiCorp Vault and Kubernetes Secrets. Its policy language supports L3/L4 and L7 enforcement comparable to NetworkPolicy (Kubernetes) extensions and collaborates with projects that focus on zero-trust security such as Istio and Open Policy Agent. Cilium’s in-kernel enforcement reduces attack surface relative to userspace proxies used by Envoy and minimizes reliance on netfilter tools like iptables, aligning with secure deployment practices advocated by NSA and industry standards from NIST.

Development, Community, and Governance

Cilium is developed under an open governance model with contributions from individuals and companies including Isovalent, major cloud vendors such as Google and Amazon Web Services, and integrations by distributors like Red Hat for OpenShift. The project collaborates with the Cloud Native Computing Foundation ecosystem, participates in events like KubeCon and Linux Foundation gatherings, and maintains a roadmap informed by community proposals and working groups similar to processes used by Kubernetes SIGs. Development uses tooling and workflows common in open-source projects, such as GitHub pull requests, continuous integration provided by providers like Jenkins and GitLab CI/CD, and testbeds that mirror production environments operated by Netflix and Twitter.

Category:Network software