https://falcao.org/tags/networking/Recent content in Networking on Danilo Falcão da SilvaHugoen-usWed, 20 May 2026 19:30:00 -0300https://falcao.org/posts/ebpf-eating-kubernetes-iptables/Wed, 20 May 2026 19:30:00 -0300https://falcao.org/posts/ebpf-eating-kubernetes-iptables/<p>For most of Kubernetes&rsquo; life, the cluster data path has been a tower of <strong>iptables</strong> rules. Pod-to-service routing, NAT, network policy, even the way <code>kube-proxy</code> programs a Service IP — all of it expressed as netfilter chains evaluated linearly on every packet. It worked. It also aged badly.</p> <p>In 2026, the answer the ecosystem has converged on is <strong>eBPF</strong>, and the project doing most of the convergence is <strong>Cilium</strong>. The shift is no longer aspirational: kube-proxy itself shipped an <strong>nftables mode</strong> that is expected to go <strong>GA in Kubernetes 1.33</strong>, the old <strong>IPVS backend is deprecated as of v1.35</strong>, and the major managed Kubernetes providers (EKS, GKE, AKS) all offer a Cilium-powered data plane as a first-class option. Azure CNI Powered by Cilium is GA on K8s 1.33.</p>