
Cilium 1.8 released: XDP Load Balancing, Cluster-wide Flow Visibility and more - genbit
https://cilium.io/blog/2020/06/22/cilium-18/
======
genbit
Cilium 1.8 brings with it a trove of exciting new features:

\- XDP Load Balancing Support: eXpress Data Path (XDP) is the fast-lane for
networking in the Linux kernel, built on eBPF. We've extended our existing
eBPF kube-proxy replacement to accelerate service forwarding by 5x in our
tests while dramatically reducing CPU consumption at the same time.

\- Cluster-wide Flow API: Hubble Relay builds on the solid core of Hubble and
Cilium to provide deep observability across the entire cluster via a
centralized API with minimal overhead.

\- Better policy visibility and control: ClusterwideNetworkPolicy now supports
matching hosts in the cluster to implement Host network security protection,
and all policy types gain named ports support. New community contributors have
built eBPF notifications for Policy Verdicts and a Policy Audit mode to
incrementally deploy network policies in your cluster.

\- Performance optimizations across the board: We've improved the performance
and resource usage in almost every dimension in this release, from improving
CRD scalability and optimizing the Cilium agent's memory footprint to various
performance enhancements in our eBPF data path and size reduction of the
Cilium container image. Hubble has been optimized to minimize resource usage
by embedding the core functionality into the Cilium agent.

\- Making more functionality iptables-free: We've worked hard on improving
Cilium's service implementations to further reduce the dependence on external
tools based on iptables. Several features are now implemented natively in
eBPF, ranging from Session Affinity and HostPort to IP masquerade agent and IP
fragmentation support. (More details) Many more features: Native Azure IPAM
provides better integration for Azure Cloud via a new IPAM plugin, datapath
load balancing support was extended to support environments with multiple
native devices, and initial support for ARM64 has been added with docker image
snapshots.

