In a recent meetup I hosted alongside Kunal Kushwaha, we discussed Cilium, an eBPF-powered open-source cloud-native networking solution that offers security, observability, scalability, and superior performance. Throughout this blog I will explore how the increased usage of Kubernetes has led to the need for advanced networking, security, and observability solutions. This will allow us to take a closer look at how Cilium can benefit Kubernetes users.

What is Cilium?

Before we begin, I want to outline what Cilium is and where to find more information about this open source project. Leveraging eBPF (Extended Berkeley Packet Filter), Cilium provides advanced networking, security, and observability features for Kubernetes clusters. By abstracting eBPF, Cilium serves as a powerful CNI (Container Network Interface) plugin, offering services such as network load balancing, network policies, bandwidth management, flow and policy logging, operations, and metrics for Kubernetes workloads.

What is Cilium and how does it work

Cilium use cases

Companies are leveraging Cilium for various purposes, such as multi-tenancy security enforcement, multi-cluster load balancing, and high-performance networking. Some of Cilium's diverse use cases include:

  • Container networking with high efficiency, scalability, and flexibility
  • High Performance Load Balancing with eBPF powered kube-proxy replacement and built-in north-south with Maglev support
  • Sidecar-less, eBPF-accelerated service mesh solutions, including Ingress and Gateway API support
  • Identity-based network policies and API-aware filtering
  • DNS filtering and encryption (IPsec, WireGuard, and TLS)
  • Observability with Hubble, Prometheus, and Grafana support

What are the benefits of using Cilium

For those that are interested in trying Cilium out, here are some of the core benefits that you should consider:

eBPF-based networking

Cilium sets itself apart from other Kubernetes networking solutions by using eBPF for connectivity. As an agent running on each node in a cluster, Cilium provides connectivity through overlay, direct routing, or hybrid solutions. The eBPF-based data plane also allows Cilium to replace kube-proxy, leading to better performance and scalability.

eBPF-based networking

Kubernetes Services with Cilium eBPF based Kube-Proxy replacement

When it comes to Kubernetes services, Cilium's eBPF-based per-CPU hash table kube-proxy replacement ensures atomic changes, providing a significant performance advantage over traditional iptables or IPVS implementations. This is especially beneficial in large-scale Kubernetes environments.

Kubernetes Services with Cilium eBPF based Kube-Proxy replacement

Service type load balancing

Cilium offers a standalone or distributed Layer 4 load balancer with Maglev support to bring traffic into your cluster and forward it to the appropriate endpoints.

Platform integration and native cloud support

Cilium is used with various platforms, from Minikube and Kind to managed Kubernetes services such as Civo and is the default CNI for every major cloud provider.

CNI Chaining

If you prefer using another CNI for specific functions, Cilium can be combined with other CNIs for load balancing, network policies, encryption, multi-cluster, and visibility options.

Cluster mesh

Cilium's Cluster Mesh feature enables seamless multi-cluster routing across clouds or on-premises environments, allowing exposure of backends running in different clusters using a shared global service.

Cilium Cluster Mesh

Enhanced security

Cilium enhances security by providing identity-based network policies for both Kubernetes and Cilium network policies. The Cilium network policies support API-aware filtering, DNS filtering, and encryption using IPsec, WireGuard, and TLS termination and injection.

API-aware authorization

Cilium is capable of inspecting and filtering traffic at Layer 7, allowing you to enforce fine-grained, API-aware authorization policies. It supports a wide range of protocols, including HTTP, gRPC, and Kafka giving you granular control over which services can communicate and which specific API calls are allowed. This level of detail significantly enhances the security posture of your Kubernetes environment.

Cilium API-aware authorization

Launching a cluster with Cilium

When launching a cluster with Civo, you can select Cilium as the CNI provider found under the “Advanced options” section. Whilst this is currently only available with K3s cluster types, it will soon be available with Talos Linux.

Launching a cluster with Cilium on Civo

If you’re looking to enable the Cilium Hubble UI in Civo, Engin Diri created a blog outlining the process:

Introducing Hubble

Hubble, Cilium's observability component, is designed to provide deep visibility into your Kubernetes clusters. It captures flow, policy, and DNS events, and presents them in an intuitive user interface, enabling you to monitor and troubleshoot your cluster with ease. It also integrates with popular monitoring tools like Prometheus and Grafana for advanced metric collection and visualization.

How does Hubble work

How does Hubble work?

Built on top of Cilium and eBPF, Hubble is split into three distinctive sections which are outlined below:

Hubble UI

Hubble UI is a web-based interface that allows you to explore and visualize the collected data. It offers an interactive topology view, network policy enforcement information, and flow details for real-time insights.

Hubble Metrics

Hubble exposes a wealth of metrics, including packet drops, latency, and policy enforcement. These metrics can be consumed by Prometheus and visualized using Grafana, making it easy for you to track the health and performance of your cluster.

Hubble Metrics

Hubble Alerts

Hubble Alerts provide you with real-time notifications when specific events or conditions are met, such as excessive packet drops or policy violations. These alerts can be integrated with your preferred monitoring and alerting systems, like Slack or PagerDuty, to ensure you stay informed and can respond quickly to potential issues.

Discover more about Hubble

To start learning more about Hubble, check out these resources:


To summarize what I have gone through in this blog, Cilium truly is a powerful eBPF-based networking and security solution for Kubernetes environments. It offers an impressive suite of features that encompass everything from container networking to multi-cluster routing, and from API-aware filtering to observability.

The essence of Cilium lies in its adept utilization of eBPF, which offers remarkable improvements in performance, scalability, and flexibility. So, for organizations aiming to amplify their Kubernetes deployments, embracing Cilium might just be the perfect step forward.