Cilium vs Weave: What are the differences?
Cilium: API-aware networking and security for containers. Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes; Weave: Weave creates a virtual network that connects Docker containers deployed across multiple hosts. Weave can traverse firewalls and operate in partially connected networks. Traffic can be encrypted, allowing hosts to be connected across an untrusted network. With weave you can easily construct applications consisting of multiple containers, running anywhere.
Cilium can be classified as a tool in the "Security" category, while Weave is grouped under "Container Tools".
Some of the features offered by Cilium are:
- Identity Based Security - Cilium visibility and security policies are based on the container orchestrator identity (e.g., Kubernetes labels). Never again worry about network subnets or container IP addresses when writing security policies, auditing, or troubleshooting.
- Blazing Performance - BPF is the underlying Linux superpower to do the heavy lifting on the datapath by providing sandboxed programmability of the Linux kernel with incredible performance.
- API-Protocol Visibility + Security - Traditional firewalls only see and filter packets based on network headers like IP address and ports. Cilium can do this as well, but also understands and filters the individual HTTP, gRPC, and Kafka requests that stitch microservices together.
On the other hand, Weave provides the following key features:
- Virtual Ethernet Switch
- Application isolation
Weave is an open source tool with 5.57K GitHub stars and 517 GitHub forks. Here's a link to Weave's open source repository on GitHub.