FRESH

Hacker News

Show HN: Netfence – Like Envoy for eBPF Filters

57 points by dangoodmanUT

by smw

1 subcomments

The first sentence of the README is:
```
  Like Envoy xDS, but for eBPF filters.
```
Which would make the title make much more sense!

by nevon

0 subcomment

Cool! While in Kubernetes you have cilium that does basically the same thing, outside of Kubernetes I've been using explicit proxies to do this kind of thing, which requires applications to support http proxy. I could definitely see transitioning those workloads to using ebpf filters instead.
Any fundamental reason you can't allow/block individual ports, or just a design choice?

by fcarraldo

1 subcomments

Neat. One issue I’ve encountered with lookup-based rules is the latency of updating the client’s name caches when records become stale. How do you handle that here, or does it need to be done in L7?

by __turbobrew__

1 subcomments

If you are running kubernetes, is there any reason to use this over cilium? What you are doing sounds very similar to what cilium does.