Skip to content
Back to glossary
Kubernetes Networking

What is Cilium?

Cilium is an eBPF-based Kubernetes CNI plugin that handles pod networking, security policies and L7 observability. The de facto standard on recent production clusters.

What Cilium does

Cilium is an open-source project created by Isovalent in 2017, donated to the CNCF in 2021, which reached Graduated status in October 2023. It is now the most deployed CNI (Container Network Interface) plugin on new enterprise Kubernetes clusters, ahead of Calico and Flannel. Its technical originality: using eBPF (Extended Berkeley Packet Filter), a Linux kernel mechanism that lets you run code inside the kernel without modifying the kernel itself.

In practice, Cilium fulfils three critical functions in a Kubernetes cluster: it assigns IPs to pods and routes traffic between them (classic CNI role), it enforces NetworkPolicies to allow or block communication, and it provides deep network observability (who talks to whom, in HTTP, gRPC, Kafka).

Why eBPF changes the game

Traditional CNI plugins (Calico, Weave) rely on iptables, a Linux network filtering system from the 2000s. At the scale of a cluster with 1,000 pods and dynamic rules, iptables becomes the bottleneck: rules evaluated sequentially, increased latency, debug complexity.

eBPF replaces that linear evaluation with programs compiled and loaded inside the kernel. Practical consequences observed in production:

  • Intra-cluster network latency reduced by 30 to 50% on workloads with heavy east-west traffic (microservices, distributed databases).
  • L7 policies: Cilium can filter at the HTTP level (allow GET but block DELETE) without an additional sidecar. Previously impossible without a service mesh.
  • Granular network visibility through Hubble, Cilium's observability interface: DNS flows, HTTP requests, gRPC latencies, with no application changes.

Cilium and service mesh

Since 2022, Cilium offers a service-mesh version without an Envoy sidecar: L7 features (mTLS, advanced routing, HTTP/gRPC observability) are implemented directly by eBPF in the kernel. Benefit: no sidecar to deploy, less RAM consumed, higher performance. Trade-off: a few Istio features still missing (fine-grained authentication policies, very specific routing).

For a team starting with Kubernetes in 2026, the Cilium CNI + Cilium Service Mesh choice avoids Istio's complexity in 80% of cases.

In practice at Hidora

On Hikube, we have standardised Cilium as our CNI since 2023. Clients migrating from Calico clusters observe on average:

  • Inter-service p95 latency reduced by 28%.
  • Node CPU reduced by 8 to 12% (freed from iptables overhead).
  • Time-to-detect a network issue divided by 4 thanks to Hubble.

Migrating from Calico to Cilium typically takes 1 to 3 days per cluster, with a coexistence mode during the transition.

When Cilium is not optimal

On older Linux kernels (< 5.4), Cilium's advanced eBPF features are unavailable. Cilium still works but loses its differentiators. The practical prerequisite: RHEL 8.5+, Ubuntu 20.04+, kernel 5.4 minimum (5.10+ recommended).

For very small clusters (< 10 nodes) or strictly office-IT use cases, a simpler CNI like Flannel remains viable.

Related Hidora services