Egress Filtering Benchmark Part 2: Calico and Cilium

In a recent blog post , we compared three different technical approaches to filtering egress traffic on Linux: IP tables, IP sets, and BPF. While that provided some interesting baseline benchmarks of the core Linux technologies, we wanted to go beyond that to look at how one would implement such filters in practice, using off-the-shelf […]

In a recent blog post , we compared three different technical approaches to filtering egress traffic on Linux: IP tables, IP sets, and BPF. While that provided some interesting baseline benchmarks of the core Linux technologies, we wanted to go beyond that to look at how one would implement such filters in practice, using off-the-shelf cloud native network policy solutions.
In the realm of the Cloud Native, it is not far-fetched to imagine a Kubernetes cluster needing egress filtering for controlling the traffic (host or pod) attempting to leave the network to possibly wild and dangerous endpoints on the internet.
Source: Kinvolk