very nice presentation about the base and fundamental layer of BPF and XDP. I think beside the well known "iptables" traffic rule management of docker container communication it's impressive to hear about those technology prime-efforts to implement some of those things as an alternative of the "old'n'stubby" way's of doing :) ... I'm deeply impressed and a bit enlightened watching this o.O
In the first place the mess in network performance and security of Docker/Kubernetes is caused by their own stupidity, not by Linux kernel or iptables. Secondly, moving L7 security responsibility to kernel is in direct contradiction to what Docker/Kubernetes was trying to achieve - delivering working, intercommunicating containers by developers. In any real world scenario you put application firewall and/or load-balancer in front of you application server and all of a sudden your shiny new kernel-level L7 security is useless.
I'm SW developer mildly interested in these topics, but not home there yet by any means. But this presentation was very clear, yet not superficial, very well explained. Thank you, Thomas.
very nice presentation about the base and fundamental layer of BPF and XDP. I think beside the well known "iptables" traffic rule management of docker container communication it's impressive to hear about those technology prime-efforts to implement some of those things as an alternative of the "old'n'stubby" way's of doing :) ... I'm deeply impressed and a bit enlightened watching this o.O
In the first place the mess in network performance and security of Docker/Kubernetes is caused by their own stupidity, not by Linux kernel or iptables. Secondly, moving L7 security responsibility to kernel is in direct contradiction to what Docker/Kubernetes was trying to achieve - delivering working, intercommunicating containers by developers. In any real world scenario you put application firewall and/or load-balancer in front of you application server and all of a sudden your shiny new kernel-level L7 security is useless.
I'm SW developer mildly interested in these topics, but not home there yet by any means. But this presentation was very clear, yet not superficial, very well explained. Thank you, Thomas.