Cilium's Use of eBPF for Network Rules and Weave Scope's TCP Connection Tracking

2nd chunk of `content/en/blog/_posts/2017-12-00-Using-Ebpf-In-Kubernetes.md`

f9811776c9baf40a751d4ba1f0b9a859e6effa5a79097e820000000100000459

![](https://lh4.googleusercontent.com/Xe8qee5yYsJton2NHFLOhHevxdbpCHHPPgttOLP18ZWtoUJp9ChFKtKJiTxqNFn8zQPRJu4BdtG7xc24vlGkD2gtfbkCuHq_eU3Tx6z2m6ld4iYGEZv-MsSCcJ3jAcJO2HkMc_d_)  

Depending on what network rules are applied, BPF programs may be attached with [tc](http://man7.org/linux/man-pages/man8/tc.8.html) or [XDP](https://www.iovisor.org/technology/xdp). By using XDP, Cilium can attach the BPF programs at the lowest possible point, which is also the most performant point in the networking software stack.  

If you'd like to learn more about how Cilium uses eBPF, take a look at the project's [BPF and XDP reference guide](http://cilium.readthedocs.io/en/latest/bpf/).  

## Tracking TCP Connections in Weave Scope
[Weave Scope](https://github.com/weaveworks/scope) is a tool for monitoring, visualizing and interacting with container-based systems. For our purposes, we'll focus on how Weave Scope gets the TCP connections.  

 ![](https://lh6.googleusercontent.com/47C76UqCrrDr5O8wand6jESyFzx1SP4SQ_jVWiAhN5ctAEefz9e0orgmu0Q_2681QhcxJDfMQbn3HcRZYZN_QiPjKfXMo5Kt6XuXPjRGAoc_j2x7yC_9Un5JIoVt1Aa-DCHl-DUu)

Title: Cilium's Use of eBPF for Network Rules and Weave Scope's TCP Connection Tracking

Summary

This section elaborates on how Cilium uses eBPF to attach network rules at different points in the networking stack, including the high-performance XDP. It also introduces Weave Scope, a monitoring and visualization tool, and its use of eBPF for tracking TCP connections in container-based systems.