What is Kubernetes advanced networking with eBPF (Cilium)?

eBPF (extended Berkeley Packet Filter) is a Linux kernel technology that allows safe execution of sandboxed programs in kernel space without changing kernel source code. Cilium leverages eBPF to provide high-performance networking, security, and observability for Kubernetes. Why eBPF for networking: traditional networking (iptables/kube-proxy): iptables rules are evaluated sequentially — O(n) complexity — slow for thousands of services; no visibility into kernel-level traffic. eBPF: XDP (eXpress Data Path) processes packets at NIC driver level before even reaching the kernel network stack — extremely fast; programmable, can inspect and modify packets; kernel bypass for hot paths. Cilium capabilities: (1) Replacement for kube-proxy: eBPF maps for service load balancing — O(1) lookup vs O(n) iptables. Lower CPU overhead, better performance at scale; (2) L3-L7 Network Policy: not just IP/port-based — allow specific HTTP paths (/api/v1), HTTP methods, DNS names, gRPC methods; (3) Service Mesh without sidecars: Cilium Mesh uses eBPF to provide mTLS, L7 visibility, traffic management at kernel level — no Envoy sidecar per pod; (4) Hubble (observability): real-time network observability using eBPF. Hubble UI: visual flow map between services. CLI: hubble observe --namespace production; (5) Cluster Mesh: connect multiple Kubernetes clusters for cross-cluster service discovery and load balancing without VPN; (6) WireGuard encryption: transparent pod-to-pod encryption using WireGuard in the kernel; (7) Bandwidth Manager: QoS, egress rate limiting per pod; (8) Socket-level load balancing: bypass iptables entirely — process connections at socket level. Cilium is the recommended CNI for new Kubernetes deployments, especially at scale (Google GKE, AWS EKS-A use Cilium).