eBPF flow visibility
Definition
eBPF (extended Berkeley Packet Filter) flow visibility refers to the use of eBPF technology to gain insights into network traffic and application behavior at the kernel level. It allows for the collection and analysis of detailed flow data without the need for intrusive packet capture, enabling real-time monitoring and troubleshooting of network and application performance. eBPF flow visibility is particularly useful for security purposes, as it can help detect anomalies and unauthorized activities by providing granular visibility into network communications.
Secure Settings Example
# Example of a secure eBPF flow visibility configuration using Cilium
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-specific-flows
spec:
endpointSelector:
matchLabels:
app: my-secure-app
egress:
- toEndpoints:
- matchLabels:
app: trusted-service
egressDeny:
- toEndpoints:
- matchLabels:
app: untrusted-service
ingress:
- fromEndpoints:
- matchLabels:
app: trusted-client
Insecure Settings Example
# Example of an insecure eBPF flow visibility configuration
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-all-flows
spec:
endpointSelector:
matchLabels:
app: my-insecure-app
egress:
- {}
ingress:
- {}