Cloud, Kubernetes, and Service Networking - Taming the Turtles

Wednesday, 11 October, 2023 - 09:5010:30

Matt Turner


Networking in Kubernetes is a black art to most people. It mostly works, and you mostly don't have to care. However for debugging issues - including day 2 performance and security issues - a correct mental model is crucial. Add the complexities of the underlying VPC, and a service mesh like Istio, and it’s hard to know where one ends and the next starts, let alone how they interact. And that’s before we talk about how they all use eBPF.

In this session, I'll show how all the layers work and interact, covering things like

  • What's CNI vs kube-proxy?
  • What's the "Kubernetes Networking Model" and how does it interact with cloud providers' VPCs?
  • How's iptables and eBPF used by all these systems?

Matt Turner[node:field-speakers-institution]

Matt is a software engineer at Tetrate, working on Istio-related products, and loves sharing the latest tech and trends with everyone. He's been doing Dev, sometimes with added Ops, for over a decade. His idea of "full-stack" is Linux, Kubernetes, and now Istio too. He's given many talks and workshops on Kubernetes and Istio, and is co-organiser of the Service Mesh London meetup. He tweets @mt165 and blogs at

@conference {292242,
author = {Matt Turner},
title = {Cloud, Kubernetes, and Service Networking - Taming the Turtles},
year = {2023},
address = {Dublin},
publisher = {USENIX Association},
month = oct

Presentation Video