As Cilium becomes first CNCF cloud native networking category project to graduate, Isovalent Enterprise for Cilium 1.14 accelerates platform teams’ ability to adopt and scale the platform that’s redefining the cloud networking and security landscape
CHICAGO, Nov. 6, 2023 /PRNewswire/ — KUBECON + CLOUDNATIVECON NA – Isovalent, the creators of the rapidly growing open source technologies Cilium and eBPF, today announced it has extended the enterprise capabilities of Cilium with a new Isovalent Enterprise for Cilium 1.14 release and major new Cilium Tetragon runtime security capabilities. The new capabilities make their debut this week at the cloud native infrastructure industry’s leading event, KubeCon + CloudNativeCon in Chicago, where Isovalent invites platform engineering teams to dive headfirst into the world of Cilium networking and security in the Cilium Experience Center.
Cilium is an eBPF-based project that was originally created by Isovalent, open-sourced in 2015, and has become the center of gravity for cloud native networking and security. Cilium is the third most active project in the CNCF (behind only Kubernetes and OpenTelemetry), where earlier this month it became the first project to graduate in the cloud native networking category. Cilium is the de facto container networking interface (CNI), with the greatest footprint of all CNIs across the major cloud service providers’ Kubernetes offerings.
With today’s news, Isovalent–whose team not only created Cilium, but also includes the creators and Linux maintainers for eBPF–introduces major new feature areas and enablement programs for enterprise platform teams who are seeking to extend their networking and security infrastructure beyond the native capabilities of Kubernetes.
Multi-Network Support with Isovalent Enterprise for Cilium 1.14
The highlight of this new enterprise release is undoubtedly native support for Multi-Network: the ability to connect a Kubernetes Pod to multiple network interfaces. With full compatibility with Cilium Network Policies and Hubble–so you don’t have to compromise on security or observability to make use of this feature–Cilium Multi-Network enables advanced Kubernetes networking use cases like:
Network Segmentation: Connecting Pods with multiple network interfaces can be used to segment network traffic. For example, you can have one interface for internal connectivity over a private network and another for external connectivity to the Internet.
Multi-Tenancy: In a multi-tenant Kubernetes cluster, you can use Multi Network alongside Cilium Network Policies to isolate network traffic between tenants by assigning different interfaces to different tenants or namespaces.
Service Chaining: Service chaining is a network function virtualization (NFV) use case where multiple networking functions or services are applied to traffic as it flows to and from a Pod. Multi-Network can help set up the necessary network interfaces for these services.
IoT (Internet of Things) and Edge Computing: For IoT and edge computing scenarios, Multi-Network can be used alongside Cilium Network Policies to impose network isolation on multi-tenant edge devices.
Additional 1.14 Features for Scaling K8s Networking
Isovalent Enterprise for Cilium is the hardened, enterprise-grade, and 24×7-supported version of the eBPF-based cloud networking platform Cilium. In addition to all features available in the open-source version of Cilium, the enterprise edition includes new advanced networking, security, and observability features popular with enterprises and telco providers:
Mutual Authentication: improve your security posture with zero effort
Envoy DaemonSet: a new option to deploy Envoy as a DaemonSet instead of embedded inside the Cilium agent
WireGuard Improvements: encryption with Cilium is getting better – you can now encrypt the traffic from node-to-node and also use Layer 7 policies alongside WireGuard
Gateway API Update: our leading Gateway API implementation is updated with support for the latest Gateway API version, additional route type support and multiple labs
L2 Announcements: Cilium can now natively advertise External IPs to local networks over Layer 2, reducing the need to install and manage tools such as MetalLB
BGP Enhancements: introducing support for better operational tools and faster failover
Multi-Pool IPAM: introducing support to allocate IPs to Pods from multiple IPAM pools.
BIG TCP for IPv4: after the introduction of BIG TCP support for IPv6 in Cilium 1.13, here comes IPv4 support. Ready for a 50% throughput improvement?
Taming Runtime Security With Tetragon
Tetragon is an eBPF-based security observability and runtime enforcement platform designed to give security and operations teams richer telemetry data for runtime security, while eliminating the performance overhead of proprietary security vendors’ agents.
Tetragon is built around eBPF and in-kernel filtering and aggregation logic, providing deep visibility without traditional agents or application changes. It gives platform and security teams a powerful observability layer that can introspect the entire system ranging from low-level kernel visibility to track file accesses, network activity, or capability changes, all the way up into the application layers covering aspects such as function calls into vulnerable libraries, tracing process execution, or understanding HTTP requests made.
With its Isovalent Enterprise for Cilium 1.14 release, Isovalent extends the open source project with enterprise features that further security teams visibility into L7 networking events (HTTP, DNS, TLS/SSL handshake analysis), granular control over Tetragon security policies and workflows, improved in-kernel smart collection for lower CPU & memory overhead, and more. In benchmarking comparisons, Tetragon’s kernel-based runtime telemetry collection resulted in near baseline overhead and minimal resource utilization across core security and observability use cases, read the benchmarking results and more.
Meet Isovalent and Level-Up Your K8s Infrastructure at KubeCon
Cilium Experience Center: Join Isovalent at the Cilium Experience Center at KubeCon + CloudNativeCon in Chicago Activation Zone 2 on the Expo floor), where participants can choose their own adoption journeys across Platform, SecOps and Cloud Network use cases Learn all about building, securing and connecting Kubernetes with Cilium. Dive into a hive of coding challenges tailored just for you, and score some sweet bee swag.
Attend Isovalent’s Conference Sessions: Dive deeper into the world of eBPF, Cilium, and other key kernel- based innovations in cloud native networking, security and observability by attending our panels in the KubeCon + CloudNativeCon conference:
Tuesday November 7:
Wednesday November 8
Thursday, November 9
About Isovalent
Isovalent is the company founded by the creators of Cilium and eBPF. Isovalent builds open source software and enterprise solutions solving networking, security, and observability needs for modern cloud native infrastructure. Google (GKE, Anthos), Amazon (EKS-A), and Microsoft (AKS) have all adopted Cilium to provide networking and security for Kubernetes. Cilium is used by platform engineering teams such as Adobe, Bell Canada, ByteDance, Capital One, Datadog, Schuberg Philis, and Sky. Isovalent is a globally distributed company with headquarters in both Cupertino (United States) and Zurich (Switzerland) and is backed by Andreessen Horowitz, Google, Cisco, M12 (Microsoft’s Venture Fund), and Grafana Labs.
CONTACT:
Carly Driggers
[email protected]
415-515-9812
SOURCE Isovalent