Fortinet black logo

Online Help

Support for Traffic Collection with Cilium CNI

Copy Link
Copy Doc ID 73ddbf8a-9129-11ec-9fd1-fa163e15d75b:569020

Support for Traffic Collection with Cilium CNI

Cilium provides the Container Network Interface (CNI) that supports traffic collection in Container Protection with the advantage of eBPF.

Extended Berkeley Packet Filter (eBPF) is a new programming paradigm that extend the capability of the Linux Kernel using sandbox programs without having to modify the kernel source code.

Advantage of using Cilium with eBPF

  1. Reduce the reliance on iptables as in other CNI plugins - by using eBPF mode, Cilium has more efficient IP address look up capability in managing high quantity of cluster nodes.
  2. eBPF programs runs more securely than loading a kernel module and more efficiently with its native execution using Just In Time (JIT) compiler.

Prerequisite

  1. Linux Kernel Version needs to be 5.0 or above. Use the command: uname -r to check with your version.
  2. Install the Cilium CNI plug-in. Reference: https://docs.cilium.io/en/v0.12/install/

Steps to install Kubernetes agent with eBPF mode

  1. Uninstall the current Kubernetes agent using this command: kubectl delete namespace fortinet
  2. Download the latest version of fcli command line tool for kubernetes agent deployment:
  3. Operating System

    Kubernetes Agent Download Link

    Mac OS https://forticwp-kubernetes-agent.s3.amazonaws.com/mac/fcli
    Linux https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli
  4. Deploy the Kubernetes agent using this command:
  5. ./fcli deploy kubernetes --tcMode ebpf --token <AccessToken> --region <Region>

After Kubernetes agent is installed with eBPF mode, the Traffic Collection would be enabled:

Support for Traffic Collection with Cilium CNI

Cilium provides the Container Network Interface (CNI) that supports traffic collection in Container Protection with the advantage of eBPF.

Extended Berkeley Packet Filter (eBPF) is a new programming paradigm that extend the capability of the Linux Kernel using sandbox programs without having to modify the kernel source code.

Advantage of using Cilium with eBPF

  1. Reduce the reliance on iptables as in other CNI plugins - by using eBPF mode, Cilium has more efficient IP address look up capability in managing high quantity of cluster nodes.
  2. eBPF programs runs more securely than loading a kernel module and more efficiently with its native execution using Just In Time (JIT) compiler.

Prerequisite

  1. Linux Kernel Version needs to be 5.0 or above. Use the command: uname -r to check with your version.
  2. Install the Cilium CNI plug-in. Reference: https://docs.cilium.io/en/v0.12/install/

Steps to install Kubernetes agent with eBPF mode

  1. Uninstall the current Kubernetes agent using this command: kubectl delete namespace fortinet
  2. Download the latest version of fcli command line tool for kubernetes agent deployment:
  3. Operating System

    Kubernetes Agent Download Link

    Mac OS https://forticwp-kubernetes-agent.s3.amazonaws.com/mac/fcli
    Linux https://forticwp-kubernetes-agent.s3.amazonaws.com/linux/fcli
  4. Deploy the Kubernetes agent using this command:
  5. ./fcli deploy kubernetes --tcMode ebpf --token <AccessToken> --region <Region>

After Kubernetes agent is installed with eBPF mode, the Traffic Collection would be enabled: