Tapping encrypted traffic in a Kubernetes cluster using eBPF-based services

In the context of modern telecommunications, the introduction of 5G has transformed network architecture from traditional network functions, tied to dedicated hardware, to virtualized solutions managed on cloud-native platforms. In this scenario, Kubernetes emerges as an orchestration platform, enabling agile and scalable management of containerized Network Functions (NFs), which are critical to support the evolution of 5G networks. This thesis focuses on how to effectively monitor the control plane between NFs communicating through protocols such as HTTP/2, while ensuring high performance and strict security standards through the use of eBPF (Extended Berkeley Packet Filter), a revolutionary technology that enables secure, high-performance execution of kernel-level programs without requiring direct changes to the kernel code itself. eBPF programs are developed in Rust, a language known for its security features, in order to explore its potential. This thesis also explores Cilium, a networking platform that fully leverages the power of eBPF. Eliminating sidecars is not the only way Cilium optimizes a service mesh. In fact, eBPF-enabled networking allows packets to take shortcuts that bypass parts of the kernel networking stack. In addition, Cilium allows transparent encryption to be implemented with protocols such as IPsec and WireGuard, enabling real-time monitoring of traffic between Kubernetes Pods without compromising security. During the research, several eBPF-based monitoring techniques were evaluated, including XDP (eXpress Data Path), TC (Traffic Control), Kprobes, and Fentry. To validate the different techniques, tests were conducted in an environment based on Open5GS, an open-source 5G core network. These tests allowed realistic scenarios to be simulated, generating HTTP/2 traffic comparable to what is expected in an operational 5G network. In conclusion, this thesis analyzes the performance, limitations, impact on system resources, traffic latency, and reliability of the proposed solution. Additionally, the study explores innovations in the monitoring and security of cloud-native 5G networks, focusing on the integration of eBPF and Cilium within Kubernetes.