DDoS Mitigation in Kubernetes: A Review of ExtendedBerkeley Packet Filtering and eXpress Data Path Technologies

Abstract

Kubernetes, as a widely adopted container orchestration platform, is increasingly targeted by sophisticated cyber threats, including Distributed Denial of Service (DDoS) attacks, which can severely compromise the stability, availability, and operational integrity of Kubernetes clusters by overwhelming the cluster’s control plane, disrupting pod scheduling, or saturating network resources. Emerging Linux kernel technologies, such as the Extended Berkeley Packet Filter (eBPF) and eXpress Data Path (XDP), offer innovative and efficient solutions to mitigate these challenges by enabling high-performance packet filtering, real-time traffic monitoring, and advanced intrusion detection directly within the kernel. These capabilities help reduce latency, enhance resource efficiency, and strengthen the security posture of modern cloud-native environments. This review explores advancements in network security by examining the integration of eBPF and XDP for defending Kubernetes environments against DDoS attacks. By analyzing existing studies and identifying their limitations, this review highlights the potential of these technologies to establish efficient, scalable, and adaptive mitigation frameworks. The insights gained from this research can guide the development of robust security policies tailored for modern containerized infrastructures.