Explore scaling container policy management using kernel features in this Linux Plumbers Conference talk. Dive into Cilium, an open-source project implementing the Container Network Interface (CNI) for networking and security in modern application environments. Learn about efficiently handling cluster events, mapping them to Linux networking configurations, and minimizing discrepancies between desired and realized states. Discover how Cilium utilizes various aspects of the networking stack, including eBPF, to model datapath state changes. Examine the container policy model for whitelist filtering at layers 3, 4, and 7, as well as memoization techniques for caching policy computation artifacts. Gain insights into the impact of large container-based deployments on dataplane design and kernel features. Follow the evolution of L7 policy implementation and explore past, present, and future approaches to transparent proxies.