Bill Mulligan 🐝🐝🐝
@breakawaybilly.bsky.social
Cloud Native networking, observability, and security with Cilium, eBPF, and Isovalent
Newsletter cilium.io/newsletter
Newsletter cilium.io/newsletter
"Small operational decisions matter, and their effects accumulate quickly. Choices about routing, IPAM, labels, upgrade validation, and datapath observability all contribute to how a cluster behaves in real-world conditions."
Day 2 with Cilium: Small configurations that keep large clusters boring | Datadog
Read Datadog’s playbook for running Cilium across hundreds of Kubernetes clusters and learn how IPAM tuning, native routing, safe upgrades, and datapath controls influence reliability at scale.
www.datadoghq.com
January 16, 2026 at 1:01 PM
"Small operational decisions matter, and their effects accumulate quickly. Choices about routing, IPAM, labels, upgrade validation, and datapath observability all contribute to how a cluster behaves in real-world conditions."
The ps utility, with an eBPF twist and container context
GitHub - loresuso/psc: the ps utility, with an eBPF twist and container context
the ps utility, with an eBPF twist and container context - loresuso/psc
github.com
January 16, 2026 at 11:01 AM
The ps utility, with an eBPF twist and container context
A common thread I keep seeing with managed services that add Cilium support is that the conversation immediately moves past “just networking” and straight into the richer parts of the stack like:
January 15, 2026 at 2:00 PM
A common thread I keep seeing with managed services that add Cilium support is that the conversation immediately moves past “just networking” and straight into the richer parts of the stack like:
eBPF-powered DNS racer with a Rust userland agent
GitHub - ivanmtech/rust-bee-ns: eBPF-powered DNS racer with a Rust userland agent
eBPF-powered DNS racer with a Rust userland agent. Contribute to ivanmtech/rust-bee-ns development by creating an account on GitHub.
github.com
January 15, 2026 at 11:01 AM
eBPF-powered DNS racer with a Rust userland agent
"Additionally, it's worth noting that if you're using Cilium as a cluster CNI with its "kube-proxy replacement," you're not affected by this CVE"
Can't be vulnerable to something that isn't there 🤔
securitylabs.datadoghq.com/articles/unp...
Can't be vulnerable to something that isn't there 🤔
securitylabs.datadoghq.com/articles/unp...
Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8554 | Datadog Security Labs
A look at how Kubernetes CVE-2020-8554 works
securitylabs.datadoghq.com
January 14, 2026 at 2:39 PM
"Additionally, it's worth noting that if you're using Cilium as a cluster CNI with its "kube-proxy replacement," you're not affected by this CVE"
Can't be vulnerable to something that isn't there 🤔
securitylabs.datadoghq.com/articles/unp...
Can't be vulnerable to something that isn't there 🤔
securitylabs.datadoghq.com/articles/unp...
If you look at runtime cloud security in 2026, a pattern is hard to ignore is that the most complete CADR platforms are built on eBPF.
XDR * eBPF = CADR
After writing the eBPF for the Infrastructure Platform whitepaper for the eBPF foundation, I find myself referencing one of my older posts:
greenabstracts.substack.com
January 14, 2026 at 2:01 PM
If you look at runtime cloud security in 2026, a pattern is hard to ignore is that the most complete CADR platforms are built on eBPF.
USDT + eBPF for profiling...!
GitHub - nielsdekoeijer/ebpf-profiling: USDT + eBPF for profiling...!
USDT + eBPF for profiling...! Contribute to nielsdekoeijer/ebpf-profiling development by creating an account on GitHub.
github.com
January 14, 2026 at 11:01 AM
USDT + eBPF for profiling...!
Zero-instrumentation AI activity sensor. Captures LLM calls, agent actions, and tool executions with full tracing. Multi-platform (eBPF/ESF/ETW). Implements OISP spec. Built in Rust
GitHub - OximyHQ/sensor: Zero-instrumentation AI activity sensor. Captures LLM calls, agent actions, and tool executions with full tracing. Multi-platform (eBPF/ESF/ETW). Implements OISP spec. Built in Rust.
Zero-instrumentation AI activity sensor. Captures LLM calls, agent actions, and tool executions with full tracing. Multi-platform (eBPF/ESF/ETW). Implements OISP spec. Built in Rust. - OximyHQ/sensor
github.com
January 13, 2026 at 11:02 AM
Zero-instrumentation AI activity sensor. Captures LLM calls, agent actions, and tool executions with full tracing. Multi-platform (eBPF/ESF/ETW). Implements OISP spec. Built in Rust
Use eBPF to create (emulate) untagged network subinterfaces in Linux. These interfaces receive and send untagged (no VLAN) traffic only, much like VLAN subinterfaces do
GitHub - msune/uif: Creating 'untagged' (VLAN) network subinterfaces in Linux
Creating 'untagged' (VLAN) network subinterfaces in Linux - msune/uif
github.com
January 12, 2026 at 11:01 AM
Use eBPF to create (emulate) untagged network subinterfaces in Linux. These interfaces receive and send untagged (no VLAN) traffic only, much like VLAN subinterfaces do
Find out what a Kubernetworker is in Nicolas Vibert's predictions for the new year 🎆
vmblog.com/archive/2026...
vmblog.com/archive/2026...
2026 Kubernetes and Cilium Networking Predictions : @VMblog
Kubernetes networking is entering a new phase as organizations prepare their infrastructure for life beyond VMware and for the rapid rise of AI driven workloads.
vmblog.com
January 12, 2026 at 5:43 AM
Find out what a Kubernetworker is in Nicolas Vibert's predictions for the new year 🎆
vmblog.com/archive/2026...
vmblog.com/archive/2026...
Schedule for CiliumCon is out. Kind of weird not being co-chair and making the schedule anymore, but glad I could pass on the community torch. They put together a great schedule and I didn't have to do anything 😀
colocatedeventseu2026.sched.com/overview/typ...
colocatedeventseu2026.sched.com/overview/typ...
January 9, 2026 at 1:08 PM
Schedule for CiliumCon is out. Kind of weird not being co-chair and making the schedule anymore, but glad I could pass on the community torch. They put together a great schedule and I didn't have to do anything 😀
colocatedeventseu2026.sched.com/overview/typ...
colocatedeventseu2026.sched.com/overview/typ...
Zero Trust network and runtime security on Kubernetes with Cilium, Tetragon, Hubble, and L7 policies
GitHub - NabilMouzouna/cilium-tetragon-zero-trust: Implementing a Zero Trust network and runtime security model on Kubernetes with Cilium, Tetragon, Hubble, and L7 policies, and eBPF-powered detection.
Implementing a Zero Trust network and runtime security model on Kubernetes with Cilium, Tetragon, Hubble, and L7 policies, and eBPF-powered detection. - NabilMouzouna/cilium-tetragon-zero-trust
github.com
January 9, 2026 at 10:01 AM
Zero Trust network and runtime security on Kubernetes with Cilium, Tetragon, Hubble, and L7 policies
eBPF network reflex that bypasses the kernel to route gradients at the NIC level
github.com/GHOryy5/AINFTP
github.com/GHOryy5/AINFTP
GitHub - GHOryy5/AINFTP: A Rust/eBPF network reflex for distributed AI. Bypasses the kernel to route gradients at the NIC level.
A Rust/eBPF network reflex for distributed AI. Bypasses the kernel to route gradients at the NIC level. - GHOryy5/AINFTP
github.com
January 8, 2026 at 10:01 AM
eBPF network reflex that bypasses the kernel to route gradients at the NIC level
github.com/GHOryy5/AINFTP
github.com/GHOryy5/AINFTP
High-performance serverless orchestrator with 15ms cold starts using eBPF/XDP networking, CRIU snapshots, and zero-copy shared memory
GitHub - ankitkpandey1/aetherless: High-performance serverless orchestrator with 15ms cold starts using eBPF/XDP networking, CRIU snapshots, and zero-copy shared memory.
High-performance serverless orchestrator with 15ms cold starts using eBPF/XDP networking, CRIU snapshots, and zero-copy shared memory. - ankitkpandey1/aetherless
github.com
January 7, 2026 at 10:01 AM
High-performance serverless orchestrator with 15ms cold starts using eBPF/XDP networking, CRIU snapshots, and zero-copy shared memory
I'll be at @fosdem.org talking about how foundations can make ecosystem level investments to improve project sustainability. See you in Brussels?
FOSDEM 2026 - Ecosystems, Not Projects: Rethinking Open Source Foundation Funding
Open source foundations face growing demands, more projects, more users, more scrutiny, while still relying on fragile funding models built around grants, sponsorships, and donations. This talk…
fosdem.org
January 6, 2026 at 1:01 PM
I'll be at @fosdem.org talking about how foundations can make ecosystem level investments to improve project sustainability. See you in Brussels?
eBPF + Rust to filter out polluted DNS packets caused by Great Firewall
GitHub - JackySu/Avislya: eBPF + Rust to filter out polluted DNS packets caused by GFW
eBPF + Rust to filter out polluted DNS packets caused by GFW - JackySu/Avislya
github.com
January 6, 2026 at 10:01 AM
eBPF + Rust to filter out polluted DNS packets caused by Great Firewall
My talk from LPC is up covering what the eBPF Foundation did in the last year and discussing ideas on what we should do next. Other suggestions? My DMs are open
From Projects to Ecosystems: Lessons from the eBPF Foundation - Bill Mulligan (Isovalent)
From Projects to Ecosystems: Lessons from the eBPF Foundation - Bill Mulligan (Isovalent)
The eBPF Foundation is rethinking what an open source foundation can be by shifting from simply stewarding…
www.youtube.com
January 5, 2026 at 1:01 PM
My talk from LPC is up covering what the eBPF Foundation did in the last year and discussing ideas on what we should do next. Other suggestions? My DMs are open
Research project exploring eBPF-aware Adaptive Bitrate video streaming
GitHub - AhmedAldeek/eBPF-aware-ABR: Research project exploring eBPF-aware Adaptive Bitrate (ABR) video streaming. This repository contains kernel-level eBPF programs and user-space tools that provide real-time network telemetry to improve ABR decision-making, optimize video quality, and reduce latency in live streaming scenarios.
Research project exploring eBPF-aware Adaptive Bitrate (ABR) video streaming. This repository contains kernel-level eBPF programs and user-space tools that provide real-time network telemetry to im...
github.com
January 5, 2026 at 10:01 AM
Research project exploring eBPF-aware Adaptive Bitrate video streaming
eBPF Foundation received a $228,000 grant from Alpha-Omega to strengthen the security of the ecosystem 🐝
Grant Recipients – Alpha Omega
OpenJS promotes the widespread adoption and continued development of key JavaScript technologies worldwide.
alpha-omega.dev
January 2, 2026 at 2:01 PM
eBPF Foundation received a $228,000 grant from Alpha-Omega to strengthen the security of the ecosystem 🐝
Highlights eBPF-code covered by verifier
GitHub - h0x0er/ebpf-cover: Highlights eBPF-code covered by verifier
Highlights eBPF-code covered by verifier. Contribute to h0x0er/ebpf-cover development by creating an account on GitHub.
github.com
January 2, 2026 at 9:30 AM
Highlights eBPF-code covered by verifier
Observability isn't a tool you buy anymore, rather it's a property of the platform you build.
If I had to summarize 2025 in a sentence, it would be that observability finally matured from a data business into a systems problem again.
If I had to summarize 2025 in a sentence, it would be that observability finally matured from a data business into a systems problem again.
Observability end of year review 2025
A review of the year 2025 in observability with Bill Mulligan, Diana Todea, Adriana Villela and Juraci Paixão Kröhling
observability-360.com
January 1, 2026 at 6:00 PM
Observability isn't a tool you buy anymore, rather it's a property of the platform you build.
If I had to summarize 2025 in a sentence, it would be that observability finally matured from a data business into a systems problem again.
If I had to summarize 2025 in a sentence, it would be that observability finally matured from a data business into a systems problem again.
High-Performance XDP Firewall & Traffic Analyzer written in Rust
GitHub - m4rba4s/Aegis-eBPF: High-Performance XDP Firewall & Traffic Analyzer written in Rust.
High-Performance XDP Firewall & Traffic Analyzer written in Rust. - m4rba4s/Aegis-eBPF
github.com
December 31, 2025 at 7:57 PM
High-Performance XDP Firewall & Traffic Analyzer written in Rust
Every server at Meta runs eBPF, 50% over 180 programs and they run on average across 20 different kernel versions
I think we will see more and more companies heading this way so check out this talk to see how they needed to re engineer their CI/CD pipeline
www.youtube.com/watch?v=wXuy...
I think we will see more and more companies heading this way so check out this talk to see how they needed to re engineer their CI/CD pipeline
www.youtube.com/watch?v=wXuy...
December 31, 2025 at 6:00 PM
Every server at Meta runs eBPF, 50% over 180 programs and they run on average across 20 different kernel versions
I think we will see more and more companies heading this way so check out this talk to see how they needed to re engineer their CI/CD pipeline
www.youtube.com/watch?v=wXuy...
I think we will see more and more companies heading this way so check out this talk to see how they needed to re engineer their CI/CD pipeline
www.youtube.com/watch?v=wXuy...
Minimal gulp agent to collect traces from eBPF
GitHub - mentat-is/slurp-ebpf: Minimal gulp agent to collect traces from ebpf
Minimal gulp agent to collect traces from ebpf. Contribute to mentat-is/slurp-ebpf development by creating an account on GitHub.
github.com
December 31, 2025 at 9:00 AM
Minimal gulp agent to collect traces from eBPF
A lightweight eBPF daemon that counts outbound TCP and UDP events per process and exports them as Prometheus metrics
GitHub - ruota/Metric-Net-Agent: MNA is a lightweight eBPF daemon that counts outbound TCP and UDP events per process and exports them as Prometheus metrics. It tracks connect counts, send/receive durations, and can optionally send duration data as OpenTelemetry spans to an OTLP collector.
MNA is a lightweight eBPF daemon that counts outbound TCP and UDP events per process and exports them as Prometheus metrics. It tracks connect counts, send/receive durations, and can optionally sen...
github.com
December 30, 2025 at 5:00 PM
A lightweight eBPF daemon that counts outbound TCP and UDP events per process and exports them as Prometheus metrics