In G-Research’s ML environment of over 10,000 nodes, we leverage Cilium as the core network for on-premise, bare-metal clusters scaling to 1,000 nodes each. In this talk, we’ll discuss several Cilium features used in detail:
- Network policy to enforce strict security controls for segmenting and protecting market-sensitive information
- Host firewall to remove the need for external firewall appliances
- High-performance eBPF dataplane that directly improves ML job performance

We’ll also cover the implications of limiting Cilium’s identity labels to reduce policy map pressure, tuning conntrack garbage collection, and the performance implications of different policies at scale. Attendees will learn how to use Cilium’s built-in tools to observe and measure large deployments, and what to look out for in large Kubernetes clusters.