Gloo Network

Most modern applications that are built using containers are orchestrated with Kubernetes. The CNI plugin provides a method to customize the networking layer used by the Kubernetes control plane. With Linux as the underlying operating system for most containers, the CNI plugin offers a way to manage the underlying Linux networking stack in the declarative model defined by Kubernetes.

Using eBPF to access the raw interface of the data link layer is a valuable Linux kernel networking security feature. This enables the dynamic insertion of powerful security, visibility, and networking control logic into the Linux kernel. While this is not a requirement for all containerized deployments, using the CNI plugin to manage the eBPF capabilities can open up new paths to securing the network layer underneath the container.

Network security is even better when it is an extension of your cloud native application security. Extend the power of Cilium by connecting Gloo Network to Gloo Mesh and the features of Istio service mesh. Enabling eBPF-based acceleration in your service mesh does not change the way the service mesh works. When you use Gloo Mesh and Gloo Network together, you can accelerate request processing with eBPF for Istio workloads in your service mesh, and reduce network latency.

With this defense-in-depth approach, you can create a multi-layer defense mechanism and address many attack vectors to protect your apps from being compromised.

Gloo Network can be deployed to enhance the security posture for the following use-cases:

• Providing high-performance networking and load-balancing
• Extracting fine-grained security observability data at low overhead
• Helping application developers trace applications
• Providing insights for performance troubleshooting
• Preventive application and container runtime security enforcement