The following image shows a sample Gloo Network setup that uses the Cilium CNI to provide network connectivity and observability for the apps in your Kubernetes cluster. Cilium specifies how the network interface for each pod is set up and is used to enforce network policies on Layer 3 and 4 of the OSI networking model.

Figure: Gloo Network architecture overview

Cilium and eBPF integration

To achieve intelligent routing, load balancing, and network controls for your apps, Gloo Network uses the Linux kernel technology eBPF that is provided by Cilium. With eBPF and Cilium, Gloo Network can insert and enforce security rules in the kernel directly, and monitor the packets that enter or leave the kernel. Depending on the security rule that you define, eBPF programs are loaded and run in different components of the kernel, such as the socket, the TCP/ IP transport layer or the network interface directly.

With eBPF, you can significantly reduce the data path for requests and accelerate request processing in the kernel. For more information, see the eBPF-based acceleration.

Gloo Platform integration

Gloo Network is fully integrated into the Gloo Platform stack that provides built-in observability capabilities with Prometheus and the Gloo UI, multitenancy support with workspaces, Cilium n-4 version support, and central management and configuration of Gloo and Cilium resources in your cluster. For more information about Gloo Platform, see Gloo Platform overview.

Service mesh integration

When you use Gloo Network with a service mesh that is managed by Gloo Mesh Enterprise, you can significantly reduce the service mesh data path with eBPF while applying advanced Layer 7 security controls to the service mesh workloads.

For more information, see the eBPF-based acceleration and Gloo Mesh-managed service mesh pages.