
Liz Rice
Chief Open Source Officer, Isovalent @ Cisco
London, United Kingdom
Actions
Liz Rice is Chief Open Source Officer at eBPF specialists Isovalent, creators of the Cilium project, and now part of Cisco. She is an award-winning speaker, and the author of O'Reilly books on "Container Security" and "Learning eBPF". She has held many roles with the CNCF, including as a governing board member, chair of the Technical Oversight Committee, and Co-Chair of KubeCon + CloudNativeCon. She was also previously on the board of OpenUK.
She has a wealth of software development, team, and product management experience from working on network protocols and distributed systems, and in digital technology sectors such as VOD, music, and VoIP. When not writing code, or talking about it, Liz loves riding bikes in places with better weather than her native London, competing in virtual races on Zwift, and making music under the pseudonym Insider Nine.
Area of Expertise
Topics
That’s Just My Cup Of Tea: Configuring Cilium For Performance And Scale
Cilium’s out-of-the-box default settings prioritize compatibility over performance, making it easy to deploy and get started. However, for production-grade environments, it’s essential to tune the settings to unlock Cilium’s full potential for performance and scalability.
In this talk, we’ll explore settings and options that make a real difference, from eBPF-based host routing and kube-proxy replacement, to eBPF map sizing and multi-cluster setups. We’ll also look at cutting-edge features like BIG TCP and Netkit, and future performance features the project has on the roadmap. Whether you’re looking to optimize your performance or scale to the next level, we’ll provide the tools to get your Cilium environment running at top speed—without “waiting for the kettle to boil”!
Security superpowers with eBPF and Tetragon
eBPF is a technology that allows dynamic, bespoke programs to change the way the kernel behaves. This talk introduces eBPF and shows how the Tetragon open source project applies it to provide powerful runtime security capabilities that can detect and even prevent malicious activities such as suspicious file access, network connections, and privilege escalation, with very low overhead. In the financial sector, security is paramount, and this talk will explore the likely evolution for standardized security tooling based on eBPF and Tetragon.
Community Capital: Making OSS and Businesses Successful Together
Just as open source success is about more than great code, building a successful business on OSS relies on more than pricing. This talk explores how ecosystems thrive when maintainers, vendors, and users build on shared values and trust. We'll unpack why timing matters when open sourcing a project or contributing it to a foundation, how vendors can grow real businesses by adding value around open source rather than trying to control it, and why vendor success matters to the projects themselves.
Drawing on Liz’s experience with the Cilium project and as former Chair of the TOC, she’ll look at examples from the CNCF and beyond, to show how shared values can lead to collective success, and draw out the relationships between project health and vendor viability. Expect thoughtful metaphors, practical takeaways, and a reminder that open source isn’t a zero-sum game, and commercial success can amplify community impact.
An eBPF container load balancer from scratch
In cloud native environments it's common to load balance requests between a number of containers that make up a service. eBPF can be used to build a highly efficient load balancer that runs in the kernel.
This talk starts with a quick introduction to make sure everyone understands what eBPF is, and a brief primer on how IP and TCP packets are constructed so that the audience is clear on what a layer 4 load balancer needs to do. Then learn how an eBPF Load Balancer works to redirect packets to and from different containers as you see a basic load balancer written from scratch in a few lines of code.
You don't need to know anything about eBPF to follow this talk, nor do you need to be a networking afficionado. However, it does assume that the audience has a basic familiarity with (Docker) containers and IP addresses, and enjoys watching live-coding!
eBPF or sidecars?
eBPF allows us to build custom programs that run directly within the kernel. This talk explores how eBPF enables observability, security and connectivity tools that no longer need to rely on the sidecar model, and shows how Cilium now supports both sidecar-based and sidecarless Service Mesh. Along the way this talk will clarify some container and kernel concepts so that attendees can leave with a mental model for the pros and cons of sidecar-based or sidecarless approaches.
eBPF: a new era in cloud infrastructure tools
eBPF has become something of a buzzword recently, but why is it being used in so many tools for observability, security and networking? What does it bring that other approaches don't offer? How can you leverage the power of eBPF in your organization?
Join this session to learn from the creators and maintainers of leading open source eBPF projects about how this kernel technology enables high-performance, scalable cloud infrastructure tools.
Fireside Chat: Open Source and the Global Security Response
Host: Amanda Brock, CEO, OpenUK
Andrew Martin, Control Plane Founder and CEO and OpenUK CISO
Liz Rice, Chief Open Source Officer, Isovalent and OpenUK Director
Thomas Meadows, Solutions Engineer, Jetstack
When is a secure connection not encrypted? And other stories
Many organizations use a Service Mesh to secure traffic between apps. This may use Mutual TLS, with a proxy terminating connections on behalf of apps. mTLS starts with a handshake to authenticate endpoint identities, and exchange certificates for subsequent traffic encryption.
When encryption is needed but app authentication is not, approaches like WireGuard or IPSec may be more suitable. What about scenarios where authentication is important but encryption adds too much latency?
With demos to make concepts concrete, let’s dive into authentication and encryption, and the differences between mTLS and in-kernel alternatives.
- Explore the mTLS handshake step-by-step
- Contrast with transparent encryption using node identities
- Understand where encryption takes place in different models
- Discuss options for encrypting L7 protocols other than HTTP
With a clear picture of how authentication and encryption work, you’ll be better able to assess which approach best meets your needs.
Zero-overhead container networking with eBPF and Netkit
Netkit is a new enhancement to eBPF that replaces the virtual Ethernet (veth) connections that previously connected containers to the network namespace of their host. Until now, the overhead of veth connections meant that containerised applications could not communicate as quickly as if they were running directly on the host. In this talk you'll how Netkit and other eBPF-enabled capabilities now allow container networking to run as fast as host networking.
Simplifying multi-cluster and multi-cloud deployments with Cilium
Multi-cloud, multi-cluster Kubernetes deployments are used for high-availability, global distribution, to take advantage of different cloud vendor features, or to use both on-prem and public clouds. But sharing workloads in these distributed environments doesn’t have to be complicated!
This talk uses live demos to introduce Cilium’s ClusterMesh capabilities, which make it easy to connect and secure workloads distributed across clouds and clusters.
- Securely connecting multiple Kubernetes clusters
- Distributing services across them
- Load balancing and service affinity
- Applying network policies across multiple clusters
- Exposing distributed services to external traffic
You’ll also learn about the requirements for the underlying internet connectivity between clusters, with an overview of IP address management considerations.
You’ll need a basic familiarity with Kubernetes concepts like pods, services, nodes and clusters to get the most out of attending this talk.
KEYNOTE: Using eBPF for High-Performance Networking in Cilium
The Cilium project is a popular networking solution for Kubernetes, based on eBPF. This talk uses eBPF code and demos to explore the basics of how Cilium makes network connections, and manipulates packets so that they can avoid traversing the kernel's built-in networking stack. You'll see how eBPF enables high-performance networking as well as deep network observability and security.
Isovalent: A Case Study in Open Source Startups
Cisco recently announced that it’s acquiring Isovalent, the startup known for creating the Cilium project, and for its expertise in eBPF. Let’s explore from both the Cisco and Isovalent perspective how alignment between maintainers’ project vision, end user needs, community growth, and a model for generating revenue, can lay the foundations for a successful business, whether a startup or a major industry player.
eBPF’s abilities and limitations: the truth
eBPF is proving to be a great platform for cloud native infrastructure tooling, with several CNCF projects leveraging it to implement networking, security and observability capabilities from within the kernel. But as with any new technology, there are various myths and uncertainties circulating about it in the community, particularly around its limitations: you might hear that it’s not Turing complete, that it can’t be used for anything that involves state, or that it can’t be used to parse Layer 7 protocols. In this talk we’ll disprove all these rumors with demonstrations including:
- Looping in eBPF
- Leveraging maps for state
- An eBPF implementation of a Turing machine equivalent
This doesn’t mean eBPF is the right hammer for every nail; using the Cilium project as an example we’ll discuss why not every feature is implemented in the kernel. (Yet?)
eBPF vs Sidecars
From its vantage point in the kernel, eBPF provides a platform for building a new generation of infrastructure tools for things like observability, security and networking. These kinds of facilities used to be implemented as libraries, and then in container environments they were often deployed as sidecars. In this talk let's consider why eBPF can offer numerous advantages over these models, particularly when it comes to performance.
Coping with Zero days with Cilium Tetragon
However good the tools and processes you use to catch CVEs and security problems pre-deployment, it's still possible that your code and the platform it's running on could be compromised. When a new CVE and its patches are announced, it's called a "zero day", and it's a race against time for security teams to understand whether their deployments are vulnerable, and to get updated versions of all affected components deployed.
In this talk (with demos) you'll learn about strategies for using the open source runtime security tool, Cilium Tetragon, to detect components that are affected by a CVE. You'll see how eBPF allows Tetragon to generate rich forensic information to understand whether a vulnerability has been exploited in your system, and understand how the component was compromised.
A Load Balancer from scratch
Let's see how an eBPF Load Balancer works by writing one in a few lines of C code
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top