Cilium Made eBPF the Network Data Plane. The Protocol Layer Carries No Governance.
by Nick Clark | Published March 28, 2026
Isovalent's Cilium is the most consequential networking project in the cloud-native ecosystem. As a CNCF graduated project, it is the default Container Network Interface (CNI) at hyperscalers, in managed Kubernetes distributions, and across enterprise platform teams. Its use of eBPF to program the Linux kernel's data path replaced iptables-era network plumbing with identity-aware, programmable enforcement that runs at line rate. Hubble extends the same primitive into flow observability. ClusterMesh extends it across clusters and clouds. Tetragon extends it into runtime security. The technical achievement is real, and the operational footprint is enormous. The structural gap this article describes does not contradict any of that. It sits one layer below: in what the network protocol itself carries. Cilium's intelligence lives in the enforcement layer, attached to the kernel, expressed as eBPF programs, and informed by Kubernetes label-derived identities. The packets being enforced upon are ordinary IP packets that declare nothing about authority, governance, or trust scope. Cilium decides from outside the protocol. A memory-native protocol decides because the protocol itself is structured to make governance an intrinsic field rather than an inferred property.
Vendor & Product Reality
Cilium originated at Covalent (later Isovalent) and reached CNCF graduated status in 2023, the highest maturity tier the foundation awards. By 2026 it is the in-tree networking layer for Google Kubernetes Engine's Dataplane V2, a supported option on Amazon EKS, the default CNI for several CNCF-conformant distributions, and the engine behind a generation of service-mesh deployments that displaced sidecar-heavy architectures. Cisco's acquisition of Isovalent in 2024 placed Cilium inside an enterprise networking incumbent's portfolio, accelerating its appearance in regulated and federal environments. The product surface is wide. Cilium's CNI handles pod IPAM, routing, and NAT. Its NetworkPolicy implementation extends the upstream Kubernetes API with CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy, both of which support L3 through L7 rules. Hubble exposes flow metrics, service maps, and protocol-level visibility. Cilium Service Mesh offers L7 traffic management without per-pod sidecars by terminating Envoy at the node. WireGuard and IPsec provide transparent encryption between nodes. ClusterMesh joins clusters into a single service-discovery and policy domain. Tetragon adds kernel-level process and syscall observability. The unifying technical primitive is eBPF: a verified bytecode that runs inside the kernel, attached to hooks at the socket, traffic-control, XDP, kprobe, and tracepoint layers. Programs are JIT-compiled and execute in microseconds. This is what makes Cilium's enforcement fast enough to replace conntrack-based iptables chains and observable enough to render every flow without packet capture. It is also what defines the product: Cilium is, fundamentally, a kernel-resident enforcement and observability fabric for Kubernetes-shaped workloads.
Architectural Gap
Cilium's policy authority is bound to the Kubernetes control plane and to Cilium's own identity allocator. When a workload appears, Cilium derives a numeric identity from its label set, distributes that identity through its key-value store (etcd or KVStore-free mode), and compiles policy rules into eBPF maps that the data-path programs consult on every packet. The identity is not in the packet. It is inferred from the source IP at the receiving node by looking up which identity that IP currently maps to. This is structurally fragile in three ways that the eBPF performance story tends to obscure. First, identity is rebound on every pod lifecycle event, and policy correctness depends on the cluster reaching consistent state across all nodes. Stale identity mappings during churn produce either over-permissive or over-restrictive enforcement; Cilium's engineering mitigates this but cannot eliminate it because the truth lives in a control plane the packet does not consult. Second, identity is scoped to the cluster (or to a federated ClusterMesh trust domain). Traffic that leaves Cilium's authority — egress to a SaaS, ingress from a partner, a packet that traverses a hop Cilium did not program — loses the identity entirely and reverts to address-based reasoning. Third, L7 enforcement requires Cilium to redirect flows through an Envoy proxy or a kernel-resident parser, which means the governance information is not in the protocol's native structure but is extracted from application-layer content by an enforcement-layer parser. Each new application protocol that warrants governance enforcement requires new parsing logic in Cilium. Each cross-domain hop requires new federation. Each policy update requires the control plane to re-converge before the packet sees the new rule. The packet itself never changes. It carries source, destination, ports, payload, and nothing about why it should be admitted, who vouches for it, or under what authority it crossed a boundary. The governance capability grows with the enforcement layer and with the control plane that programs the enforcement layer. It does not grow with the protocol. Cilium has done extraordinary work hardening a model whose foundational assumption — that governance is a property of the network's edges rather than the network's payload — was inherited from IP and has never been revisited.
What the Memory-Native Protocol Primitive Provides
The memory-native protocol primitive treats governance as a protocol-native field carried by the packet, not as an external attribute reconstructed by the enforcement layer. Each unit of transport carries its own trust scope, authority credential, hop-history continuity, and admissibility constraint. These are not headers added by a sidecar or labels resolved at a kernel hook. They are the protocol. The receiving endpoint validates the packet's declared authority against a primitive-defined admissibility framework before any application-layer logic sees the data. The validation is local; it does not require a control-plane round-trip, an identity-allocator lookup, or a federation handshake. A packet either carries valid authority for its claimed operation or it does not, and the determination is made from the packet's own contents. This is what changes the gap Cilium exhibits. eBPF remains the right enforcement substrate; the kernel is still the right place to drop unauthorized traffic at line rate. What changes is what the eBPF program reads. Instead of consulting an identity map keyed by source IP and a policy table keyed by identity pair, the program validates a protocol-native authority field whose semantics are stable across cluster boundaries, across coalition boundaries, and across the lifetime of the workload. The protocol carries the rules it expects to be governed by. The enforcement layer ratifies what the protocol declares rather than reconstructing what the protocol omitted. Stale identity becomes a non-issue because identity is not allocated by the cluster. Cross-domain egress retains its governance because the governance traveled with the packet. L7 parsing is no longer the only place where application-meaningful governance lives, because the transport layer carries it natively.
Composition Pathway
The composition pathway with Cilium is additive rather than displacing. Cilium's eBPF data path, Hubble's observability, and ClusterMesh's federation continue to operate. The memory-native protocol primitive sits as a wire-level format that Cilium-managed pods speak when communicating with peers that have admitted the primitive. CiliumNetworkPolicy gains a new selector type — admissibility-bound rather than label-bound — which compiles into the same eBPF maps that Cilium already maintains. The verification logic that the primitive defines is small enough to express as a verified eBPF program, which means line-rate enforcement is preserved. Hubble's flow records gain a new dimension: the authority field becomes a first-class attribute of every observed flow, joining source identity, destination identity, and verdict. ClusterMesh's cross-cluster identity federation becomes optional rather than required for cross-cluster governance, because the primitive's authority is intrinsic to the packet. Tetragon's process-level observability gains a binding between syscall events and the protocol-native authority that admitted the upstream traffic. Operators continue to write CiliumNetworkPolicy. Platform teams continue to deploy Hubble. The integration point is the wire format, not the operator surface. Cilium customers retain the operational model they have invested in; they gain a protocol layer that Cilium's enforcement no longer has to reconstruct.
Commercial & Licensing Posture
Cilium is open source under Apache 2.0, with Isovalent (now Cisco) offering Isovalent Enterprise for Cilium as the commercial distribution. The commercial relationship Adaptive Query contemplates is a licensing posture for the memory-native protocol primitive that runs alongside the existing Cilium business model rather than against it. Cisco/Isovalent licenses the primitive's wire format and admissibility framework to integrate into Cilium's eBPF data path; the integration is implemented in upstream Cilium under its existing license while the primitive's specification and reference verifier carry the AQ patent license. Customers of Isovalent Enterprise gain memory-native protocol support as a feature of their existing subscription. Customers of upstream Cilium gain the wire format under the patent grant that accompanies the open specification. The commercial value to Isovalent is a differentiated capability that addresses cross-cluster, cross-coalition, and regulated-environment customers who currently struggle with the boundaries of Cilium's control-plane-bound authority model. The commercial value to Adaptive Query is licensing revenue scaled to the deployment footprint of the most-deployed cloud-native CNI. The structural value to the ecosystem is that the protocol layer finally carries what the enforcement layer has been compensating for. The relationship is non-exclusive: parallel licenses to other eBPF-adjacent vendors, to service-mesh projects (Istio, Linkerd) that integrate with CNI-layer enforcement, and to confidential-computing platforms whose attestation primitives compose with protocol-native authority extend the reach of the wire format without diluting the value of any single integration. Pricing is structured per-cluster for managed offerings and per-node for self-hosted enterprise deployments, with terms that recognize Cilium's open-source posture by treating upstream contribution and patent grant as foundational rather than as a downstream concession. The intent is to make the primitive's adoption rational for Cilium's customers, contributors, and commercial sponsors simultaneously, in the recognition that a protocol layer succeeds only when the dominant enforcement substrate adopts it as native, and that Cilium, as that substrate for the cloud-native generation of infrastructure, is the rational and necessary first integration partner for the wire format to reach production scale.
