Bill Mulligan 🐝🐝🐝
@breakawaybilly.bsky.social
Cloud Native networking, observability, and security with Cilium, eBPF, and Isovalent
Newsletter cilium.io/newsletter
Newsletter cilium.io/newsletter
Cilium is coming for Telco 📡🐝
The latest release of Project Sylva ,the open source telco cloud stack from Linux Foundation Europe, added support for Cilium
The latest release of Project Sylva ,the open source telco cloud stack from Linux Foundation Europe, added support for Cilium
Sylva 1.6 is Here! It brings smoother ops, stronger security, and more flexible clusters – Sylva
Sylva v1.6.0 is now available, bringing a focused set of upgrades that make it easier to run, evolve, and secure cloud-native telco infrastructure, without adding operational drag. From Kubernetes…
sylvaproject.org
February 5, 2026 at 4:23 PM
Cilium is coming for Telco 📡🐝
The latest release of Project Sylva ,the open source telco cloud stack from Linux Foundation Europe, added support for Cilium
The latest release of Project Sylva ,the open source telco cloud stack from Linux Foundation Europe, added support for Cilium
With many LLM being black boxes, developers are left asking basic questions: Is this workload memory-bound or compute-bound? And getting no answers.
Enter eBPF and ProfInfer from Bohua Zou to shed light on optimizations.
Enter eBPF and ProfInfer from Bohua Zou to shed light on optimizations.
ProfInfer: An eBPF-based Fine-Grained LLM Inference Profiler
As large language models (LLMs) move from research to production, understanding how inference engines behave in real time has become both essential and elusive. Unlike general-purpose engines such as...
arxiv.org
February 4, 2026 at 4:23 PM
With many LLM being black boxes, developers are left asking basic questions: Is this workload memory-bound or compute-bound? And getting no answers.
Enter eBPF and ProfInfer from Bohua Zou to shed light on optimizations.
Enter eBPF and ProfInfer from Bohua Zou to shed light on optimizations.
Nutanix turns to eBPF to solve the hard networking problems 🐝
Their AHV hypervisor is leveraging eBPF to solve accurate vNIC-to-IP mapping.
Their AHV hypervisor is leveraging eBPF to solve accurate vNIC-to-IP mapping.
How Nutanix AHV Uses eBPF for vNIC-IP Mapping
Accurate vNIC-to-IP mapping is fundamental for virtual networking visibility, security, and troubleshooting. On the Nutanix AHV hypervisor, this mapping becomes especially important for services like…
www.nutanix.com
February 3, 2026 at 4:23 PM
Nutanix turns to eBPF to solve the hard networking problems 🐝
Their AHV hypervisor is leveraging eBPF to solve accurate vNIC-to-IP mapping.
Their AHV hypervisor is leveraging eBPF to solve accurate vNIC-to-IP mapping.
A Nushell plugin that compiles Nushell closures to eBPF bytecode for kernel-level tracing and profiling
GitHub - tom-lubenow/nu_plugin_ebpf: eBPF plugin for Nushell
eBPF plugin for Nushell. Contribute to tom-lubenow/nu_plugin_ebpf development by creating an account on GitHub.
github.com
February 1, 2026 at 5:48 PM
A Nushell plugin that compiles Nushell closures to eBPF bytecode for kernel-level tracing and profiling
eBPF-based egress audit tool for CI environments. Captures outbound network connections with executable paths and DNS hostnames
GitHub - tuananh/ci-agent: eBPF-based egress audit tool for CI environments. Captures outbound network connections with executable paths and DNS hostnames.
eBPF-based egress audit tool for CI environments. Captures outbound network connections with executable paths and DNS hostnames. - tuananh/ci-agent
github.com
February 1, 2026 at 12:45 PM
eBPF-based egress audit tool for CI environments. Captures outbound network connections with executable paths and DNS hostnames
eBPF offloads of RFC 8656 channels
GitHub - ivanmtech/turn-bpf: TURN channel accelerator
TURN channel accelerator. Contribute to ivanmtech/turn-bpf development by creating an account on GitHub.
github.com
February 1, 2026 at 11:03 AM
eBPF offloads of RFC 8656 channels
Heap tracing tool utilizing eBPF to trace allocation events and find memory leaks and double frees
GitHub - AtoZ132/Tachi
Contribute to AtoZ132/Tachi development by creating an account on GitHub.
github.com
February 1, 2026 at 11:03 AM
Heap tracing tool utilizing eBPF to trace allocation events and find memory leaks and double frees
'egress firewall' that blocks unauthorized outbound traffic from all your servers (and all those containers ...) using eBPF.
GitHub - secexit/secexit: secexit - an 'egress firewall' that blocks unauthorized outbound traffic from all your servers (and all those containers ...) using eBPF.
secexit - an 'egress firewall' that blocks unauthorized outbound traffic from all your servers (and all those containers ...) using eBPF. - secexit/secexit
github.com
February 1, 2026 at 11:03 AM
'egress firewall' that blocks unauthorized outbound traffic from all your servers (and all those containers ...) using eBPF.
RAFT consensus implementation in eBPF with Rust using Aya library
GitHub - nakame/raft-ebpf: RAFT consensus implementation in eBPF with Rust using Aya library
RAFT consensus implementation in eBPF with Rust using Aya library - nakame/raft-ebpf
github.com
February 1, 2026 at 11:03 AM
RAFT consensus implementation in eBPF with Rust using Aya library
Reposted by Bill Mulligan 🐝🐝🐝
Now listening to @breakawaybilly.bsky.social on how to apply lessons learned from eBPF foundation to OSS funding
#FOSDEM
#FOSDEM
January 31, 2026 at 4:10 PM
Now listening to @breakawaybilly.bsky.social on how to apply lessons learned from eBPF foundation to OSS funding
#FOSDEM
#FOSDEM
Second eBPF Devroom kicking off at FOSDEM 🐝 bigger room this year, but still sold out!
Cool to see my colleagues Chris Tarazi and Donia Chaiehloudj kicking it off
Cool to see my colleagues Chris Tarazi and Donia Chaiehloudj kicking it off
January 31, 2026 at 9:38 AM
Second eBPF Devroom kicking off at FOSDEM 🐝 bigger room this year, but still sold out!
Cool to see my colleagues Chris Tarazi and Donia Chaiehloudj kicking it off
Cool to see my colleagues Chris Tarazi and Donia Chaiehloudj kicking it off
Identify and eliminate excessive SELinux permissions using eBPF
GitHub - rushigerrard8/selinux-policy-auditor: Identify and eliminate excessive SELinux permissions using eBPF
Identify and eliminate excessive SELinux permissions using eBPF - rushigerrard8/selinux-policy-auditor
github.com
January 30, 2026 at 10:22 AM
Identify and eliminate excessive SELinux permissions using eBPF
Data Transfer Intelligence Platform. Detect, explain, and reduce unexpected data transfer costs in Kubernetes using eBPF, Go, and Claude AI
GitHub - phonginreallife/egressor: Egressor - Data Transfer Intelligence Platform. Detect, explain, and reduce unexpected data transfer costs in Kubernetes using eBPF, Go, and Claude AI.
Egressor - Data Transfer Intelligence Platform. Detect, explain, and reduce unexpected data transfer costs in Kubernetes using eBPF, Go, and Claude AI. - phonginreallife/egressor
github.com
January 29, 2026 at 9:30 AM
Data Transfer Intelligence Platform. Detect, explain, and reduce unexpected data transfer costs in Kubernetes using eBPF, Go, and Claude AI
"eBPF is incredibly foundational to where Cisco wants to go from an existing product perspective, but also from a future perspective"
Great article on why the acquisition of Isovalent was so strategic to product and customer roadmaps like smart switches
Great article on why the acquisition of Isovalent was so strategic to product and customer roadmaps like smart switches
Cisco is using eBPF to rethink firewalls, vulnerability mitigation
Cisco is integrating eBPF directly into its enterprise hardware and "smart software" to provide kernel-level security.
thenewstack.io
January 28, 2026 at 11:01 AM
"eBPF is incredibly foundational to where Cisco wants to go from an existing product perspective, but also from a future perspective"
Great article on why the acquisition of Isovalent was so strategic to product and customer roadmaps like smart switches
Great article on why the acquisition of Isovalent was so strategic to product and customer roadmaps like smart switches
Falco and Tetragon aren't 1:1 copies. You can't migrate non-kernel events like CloudTrail logs, and you have to rethink your hook points. If you are considering switching or wondering why you would, this guide from Paul Arah is your answer
Migrating from Falco to Tetragon: A Guide for Transitioning Your Runtime Security Stack
Migration guide from tetragon to falco...
cilium.io
January 28, 2026 at 10:44 AM
Falco and Tetragon aren't 1:1 copies. You can't migrate non-kernel events like CloudTrail logs, and you have to rethink your hook points. If you are considering switching or wondering why you would, this guide from Paul Arah is your answer
Turn real traffic into safe CiliumNetworkPolicies in minutes. Learn from Hubble flows, propose minimal policies, verify safely in kind, and explain with diagrams.
GitHub - prabhakaran-jm/cilium-policypilot: Turn real traffic into safe CiliumNetworkPolicies in minutes. Learn from Hubble flows, propose minimal policies, verify safely in kind, and explain with diagrams.
Turn real traffic into safe CiliumNetworkPolicies in minutes. Learn from Hubble flows, propose minimal policies, verify safely in kind, and explain with diagrams. - prabhakaran-jm/cilium-policypilot
github.com
January 28, 2026 at 9:30 AM
Turn real traffic into safe CiliumNetworkPolicies in minutes. Learn from Hubble flows, propose minimal policies, verify safely in kind, and explain with diagrams.
I'll be an LFX mentor for the next term and now is your chance to apply. We will be working to create pillar pages for @cilium.io. A great chance to get up to speed on a lot of important topics and contribute to the second largest CNCF project
mentorship.lfx.linuxfoundation.org/project/8543...
mentorship.lfx.linuxfoundation.org/project/8543...
January 27, 2026 at 2:59 PM
I'll be an LFX mentor for the next term and now is your chance to apply. We will be working to create pillar pages for @cilium.io. A great chance to get up to speed on a lot of important topics and contribute to the second largest CNCF project
mentorship.lfx.linuxfoundation.org/project/8543...
mentorship.lfx.linuxfoundation.org/project/8543...
High-performance stateful network defense using eBPF/XDP. The Network Satellite for the Sentinel Runtime research system.
GitHub - nevinshine/hyperion-xdp: High-performance stateful network defense using eBPF/XDP. The Network Satellite for the Sentinel Runtime research system.
High-performance stateful network defense using eBPF/XDP. The Network Satellite for the Sentinel Runtime research system. - nevinshine/hyperion-xdp
github.com
January 27, 2026 at 9:30 AM
High-performance stateful network defense using eBPF/XDP. The Network Satellite for the Sentinel Runtime research system.
Skip the outbound load on your load balancer with Direct Server Return. Learn how to do it from scratch with eBPF
Building an eBPF/XDP L2 Direct Server Return Load Balancer from Scratch | iximiuz Labs
In this tutorial, you will learn how to build an Layer 2 DSR load balancer using eBPF/XDP, where backends send responses directly back to clients bypassing the load balancer.
labs.iximiuz.com
January 26, 2026 at 2:02 PM
Skip the outbound load on your load balancer with Direct Server Return. Learn how to do it from scratch with eBPF
**SPiCa** (System Process Integrity & Cross-view Analysis) is an eBPF-based rootkit detection engine written in Rust. It utilizes a "Binary Star" architecture to detect process masquerading and "Ghost" processes (DKOM) in real-time
GitHub - 0xKirisame/SPiCa: **SPiCa** (System Process Integrity & Cross-view Analysis) is an eBPF-based rootkit detection engine written in Rust. It utilizes a "Binary Star" architecture to detect process masquerading and "Ghost" processes (DKOM) in real-time, inspired by the hatsune miku song SPiCa.
**SPiCa** (System Process Integrity & Cross-view Analysis) is an eBPF-based rootkit detection engine written in Rust. It utilizes a "Binary Star" architecture to detect process masque...
github.com
January 26, 2026 at 9:30 AM
**SPiCa** (System Process Integrity & Cross-view Analysis) is an eBPF-based rootkit detection engine written in Rust. It utilizes a "Binary Star" architecture to detect process masquerading and "Ghost" processes (DKOM) in real-time
Ever wanted to attend KubeCon and meet the cloud native community, but didn't quite have the funds 💸 Apply for scholarship and travel funding. I know a lot of people that got their start in the community by attending KubeCon
contribute.cncf.io/blog/2026/01...
contribute.cncf.io/blog/2026/01...
January 23, 2026 at 1:36 PM
Ever wanted to attend KubeCon and meet the cloud native community, but didn't quite have the funds 💸 Apply for scholarship and travel funding. I know a lot of people that got their start in the community by attending KubeCon
contribute.cncf.io/blog/2026/01...
contribute.cncf.io/blog/2026/01...
TUI for exploring bpf prog and maps loaded in the system
GitHub - viveksb007/bpftui: TUI for exploring bpf prog and maps loaded in the system
TUI for exploring bpf prog and maps loaded in the system - viveksb007/bpftui
github.com
January 23, 2026 at 10:01 AM
TUI for exploring bpf prog and maps loaded in the system
A cloud-native operating system observability project based on eBPF
GitHub - ccfos/huatuo: A cloud-native operating system observability project based on eBPF, incubated under CCF.
A cloud-native operating system observability project based on eBPF, incubated under CCF. - ccfos/huatuo
github.com
January 22, 2026 at 10:01 AM
A cloud-native operating system observability project based on eBPF
Transformer-Based Kubernetes Scheduling for Noisy Neighbor Avoidance by analyzing real-time eBPF telemetry (L3 cache misses, memory bandwidth, etc.)
GitHub - softcane/KubeAttention
Contribute to softcane/KubeAttention development by creating an account on GitHub.
github.com
January 21, 2026 at 10:01 AM
Transformer-Based Kubernetes Scheduling for Noisy Neighbor Avoidance by analyzing real-time eBPF telemetry (L3 cache misses, memory bandwidth, etc.)
"Network policies are widely adopted among security-focused Kubernetes teams, with 83% of them utilizing them. Remember: adoption is high, but implementation clarity varies.
Securing Kubernetes: The Network Policy Reality
Survey of 530 Kubernetes practitioners reveals 83% use network policies, but 60% struggle with understanding traffic flows. Observability tools lead validation strategies at 42%, while many still…
kube.today
January 20, 2026 at 12:01 PM
"Network policies are widely adopted among security-focused Kubernetes teams, with 83% of them utilizing them. Remember: adoption is high, but implementation clarity varies.