Networking

Cilium Service Mesh

Revolutionizing networking and simplify operations

Performance Meets Simplicity

Traditional service meshes, despite their benefits, can present significant challenges. These include the complexity and error-prone nature of IP and port-based network policies, performance overhead due to their proxy-based architecture, limited granularity in visibility of service-to-service communication, interoperability issues with existing infrastructure, scalability challenges as the number of services and traffic volumes increase, and operational and resource overhead.

Cilium's Next-Generation Service Mesh

Cilium Service Mesh redefines traditional service mesh frameworks by integrating the mesh layer directly into the kernel using eBPF, thus eliminating the need for sidecar proxies. It manages connectivity at both the networking and application protocol layers, handling protocols like IP, TCP, UDP, HTTP, Kafka, gRPC, and DNS with greater efficiency.

Superior Networking with eBPF

At the heart of Cilium is eBPF, a revolutionary technology built into the Linux kernel. With eBPF, Cilium delivers lightning-fast, efficient, and scalable networking. This bypasses the performance drawbacks of traditional proxies, enabling direct and efficient communication between your services.

eBPF powered service mesh illustration

Control Plane Options

Cilium Service Mesh gives users the choice of control plane options for the ideal balance of complexity and richness, from simpler options such as Ingress and Gateway API to richer options with Istio, to the full power of Envoy via the Envoy CRD.

Sidecar-free Option

With Cilium Service Mesh, users now have the choice to run a service mesh with sidecars or without them, based on their specific requirements and constraints. This flexibility reduces the complexity and overhead impact of sidecars.

Who’s using Cilium's Service Mesh

  • How Roche Manages Network Connectivity for 1000+ Edge Clusters

    The Roche team utilized Cilium's service mesh as a solution for managing network connectivity across their edge clusters. Cilium enabled them to have more fine-grained traffic control, and simplified the operations and configuration of network policies using a GitOps approach, alongside the deployment of workloads.

  • Strengthening Security Across Distributed Kubernetes Clusters

    We started using Cilium in our EKS clusters and encountered security challenges. So many microservices were running without any kind of authentication or encryption. This prompted us to start doing a service mesh proof of concept. Although we already had Cilium available, we also evaluated Consul Connect, Kong Mesh, and Istio. Cilium stood out as it did not require sidecars, appealing to us not only for resource savings but also to avoid potential load issues caused by additional software. Cilium's sidecar-less approach did call our attention, leading us to adopt it to provide security across all our microservices.

    Matheus Morais - IT Infrastructure Analyst, Sicredi

  • Revolutionizing Mesh Layers: Transitioning from Istio to Cilium at the New York Times

    The New York Times migrated from Istio to Cilium service mesh to simplify their multi-tenant Kubernetes clusters on Amazon EKS. Cilium's service mesh capabilities reduced management complexity, improved manageability with a smaller footprint, and offered a more user-friendly experience for defining network policies. This shift streamlined network operations and enhanced security for their cloud-native applications.

Want to Learn More?

  • Join the Cilium Slack

    Cilium is an open source project that anyone in the community can use, improve, and enjoy. We'd love you to join us on Slack! Find out what's happening and get involved.

    Join the Slack
  • Read the Documentation

    Cilium has extensive documentation that covers its features and use cases. The docs also features tutorials for common user stories.

    Read the Docs
  • Get Help

    Get help with Cilium through Slack, Github, training, support, and FAQs. The community can also help you tell or promote your story around Cilium.

    Get Help
  • Try a Lab

    Deep dive into Cilium and its features with labs provided by companies within the Cilium ecosystem

    Try a Lab