Explore kernel-native security and DDoS mitigation for microservices using BPF in this Docker conference talk. Dive deep into recent kernel developments addressing application-aware security, routing efficiency, and protection against DDoS attacks. Learn about kproxy, a kernel-based socket proxy for minimal-overhead application-aware routing and security enforcement. Discover XDP, a high-speed packet processing datapath using BPF for DDoS mitigation, load-balancing, and forwarding. Understand how Cilium leverages BPF and these kernel features to enhance Docker container security on Linux. Follow along with practical demonstrations, including a Lego robot competition, to see these concepts in action. Gain insights into microservices architecture, deployment tasks, HTTP policies, and application design delivery. Explore topics such as IP tables, policy enforcement, Kafka concepts, and image upload services. Witness the scalability and power of BPF programs through CLI agents and real-world examples. Conclude with a comprehensive overview of the project status and actionable steps to implement these advanced security measures in your own Docker environments. Read more