BiB099: Isovalent Brings You Cilium Enterprise

The Everything Feed - All Packet Pushers Pods - A podcast by Packet Pushers

Categories:

The following is a transcript of the audio file you can listen to in the player above. Welcome to Briefings In Brief, an audio digest of IT news and information from the Packet Pushers, including vendor briefings, industry research, and commentary. I’m Ethan Banks, it’s December 8th, 2020, and here’s what’s happening. I had a briefing with Isovalent on November 12th. Who Is Isovalent? Isovalent is the commercial offshoot of cloud-native networking project Cilium. Got it? No? Never heard of Cilium? Fair enough. You might not have if you don’t have much reason to pay attention to the Kubernetes and cloud-native networking world. Cilium is an open source networking project with many capabilities. I’ll quote from one of the cilium.io project pages. “Cilium’s control and data plane has been built from the ground up for large-scale and highly dynamic cloud native environments where 100s and even 1000s of containers are created and destroyed within seconds. Cilium’s control plane is highly optimized, running in Kubernetes clusters of up to 5K nodes and 100K pods. Cilium’s data plane uses eBPF for efficient load-balancing and incremental updates, avoiding the pitfalls of large iptables rulesets. Cilium is fully IPv6-aware.” Wait a minute. In that quote, they said “eBPF” not BGP or EVPN in case that’s what your brain heard. So what is eBPF? That’s extended Berkeley Packet Filter. From eBPF.io, eBPF is “eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules. By making the Linux kernel programmable, infrastructure software can leverage existing layers, making them more intelligent and feature-rich without continuing to add additional layers of complexity to the system.” That is, it’s a tool Cilium leverages, not a feature Cilium has. Cilium uses eBPF to make cloud-native networking with Kubernetes suck less. Now I just threw a lot of tech at you, but in a nutshell, we’re talking about being able to do fancy packet processing in the Linux kernel and do it relatively efficiently. We’re not having to copy packets between kernel and user space, clobbering our throughput. Cilium uses this capability to bring not only cloud-native networking connectivity, but also a bunch of other features. You can replace kube-proxy, a core Kubernetes component, with Cilium. In theory, you could leverage Cilium instead of using a sidecar proxy. Cilium can tell you what Kubernetes workload and pod is tied to a flow. Cilium offers Prometheus-friendly metrics via an add-on called Hubble. Observability. Hubble. See what they did there? And the wonders of Cilium continue with security features and more. So Back To Isovalent… Remember that Isovalent is essentially a commercially supported flavor of Cilium, although it’s more than that. Isovalent is offering Cilium Enterprise, which adds more capability to the Cilium Community project. Is there enough “more” to make you want to invest in Cilium Enterprise? That will depend on your organizational needs, of course, but the differences are substantial enough to warrant investigation. If you get what I’m saying here, Cilium Enterprise is not just the open source project with support from Isovalent bolted on. Cilium Enterprise is a distinct product of its own that Isovalent is offering. Isovalent.com’s product page has a comparison chart explaining how the community and enterprise editions of Cilium vary. The differences are many. What Does Isovalent Do Next? Isovalent is growing. They just landed a $29 million dollar round of funding, and they are hiring in their engineering, sales, and marketing departments according to their career page. They’ve got a compelling technical heritage with Cilium, and are solving interesting problem…

Visit the podcast's native language site