Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes.
- Identity Based Security - Cilium visibility and security policies are based on the container orchestrator identity (e.g., Kubernetes labels). Never again worry about network subnets or container IP addresses when writing security policies, auditing, or troubleshooting.
- Blazing Performance - BPF is the underlying Linux superpower to do the heavy lifting on the datapath by providing sandboxed programmability of the Linux kernel with incredible performance.
- API-Protocol Visibility + Security - Traditional firewalls only see and filter packets based on network headers like IP address and ports. Cilium can do this as well, but also understands and filters the individual HTTP, gRPC, and Kafka requests that stitch microservices together.
- Designed for Scale - Cilium was designed for scale, with no node-to-node interactions required when new pods are deployed, and all coordination through a highly scalable key-value store.