Almost exactly two years ago to the day, I was wandering through KubeCon Seattle when I stumbled on the Isovalent booth. Immediately I was intrigued, as I knew that cloud-native architectures would represent new challenges to the network, and while I knew of other solutions, they all had roots in legacy. Then, they walked me through their vision: to harness a low-level mechanism called eBPF through Linux to embed network orchestration code directly into the operating system itself. I remember thinking, “what a great value proposition.” I tucked this thought away in my head, thanked the team, and went on my way.
Fast forward to 2019 and Isovalent has made significant progress towards this vision. By then, the team developed a rich open-source toolkit leveraging eBPF called Cilium, and started developing enterprise-based services on top of this platform. Not only that, but they had established themselves as strong leaders in the open-source community, maintaining two popular projects in eBPF and Cilium.
As we started hearing more about Isovalent in the market, we re-engaged with CEO Dan Wendlandt, and CTO Thomas Graf, to dive deeper into the technology and learn more about their company in preparation for their next investment round. We were impressed with the tech, the openness of the team and the type of thought leadership Dan and Thomas were commanding with both the ecosystem and forward-leaning customers. Then, after many great conversations and long nights, Cisco invested in their Series A alongside Andreessen Horowitz and Google last month.
Early Days of Isovalent: A Vision to Unlock the Full Potential of SDN
One of the things that initially drew me to Isovalent was their story, starting with the collision of the two founders’ career journeys.
Here’s how Dan tells it: “Back in 2008, I was one of the first engineers at Nicira, driving product strategy for both Open vSwitch (OVS) and the Nicira Network Virtualization Platform (NVP), which later became VMware NSX. When I was at Nicira working on Open vSwitch, Thomas was assigned from Red-Hat to work on the project, so we met in this very open-source environment. We were both part of that first wave of software-defined networking that was very much about taking the same abstractions we had in hardware networking and implementing them in software.
Fast forward to after Nicira was acquired, and I was still thinking about what it meant to unlock the full potential of SDN. That’s when I came across eBPF and my jaw dropped. I could see how Linux could be this fundamental networking layer that would connect all of your Kubernetes containers, and that eBPF could let you go beyond the static capabilities that have always been built into Linux, and really move networking to this higher, more service identity-aware API or call-aware layer.
So, I started Googling around, and I come across this project, called the Cilium project. My first thought was: ‘Oh no, someone already beat me to the punch.’”
When Dan clicked over to the contributor's page, he was shocked to see who was behind the project: his old colleague Thomas, who had left Red Hat and was now working at Cisco. Quickly Dan got in touch, and said, "Hey, I think we should build a company around this."
A Gutsy Move in Open Source: No Holding Back
Right off the bat, these two co-founders shared a unique (and gutsy) belief system that they used as the foundation of Cilium: that they would create open-source software without any capability restrictions to address the needs of its user community.
“Thomas and I had a shared belief that your open-source has to be the absolute best thing out there at solving a particular problem. It can't be the two-thirds of solving a problem, and then you have to pay to get the rest. Lots of other companies approached open source that way, but that's not a great way to build a successful community. Building a successful open-source community means making other people successful. Thomas is just phenomenal at that,” says Dan.
So, Thomas, later joined by Dan, spent years building the open-source Cilium project and the community around it, ensuring that Cilium will always stand on its own with an open governance model.“We believe you can't change an industry today without building something that's open-source. Our approach was to build this thing that was absolutely the best and keep it fully open, and also figure out what we could build and sell that was complementary, and that doesn’t take anything away from the value to the community.”
So, with that, Isovalent was born. The company set out to provide a suite of enterprise solutions through a hardened and supported version of Cilium, called Cilium Enterprise, extending the open-source version with enterprise specific add-ons covering security, compliance and forensics, advanced observability and policy workflows.
Solving Age-Old Networking Challenges, but In a Cloud-Native Way
“As Kubernetes started taking off, customers realized that it’s a great framework, but one that required the true unlock of that SDN vision, since traditional IP-Tables based architecture just didn’t cut it in a cloud-native environment”. That shift in the market, perfectly coincided with the eBPF and Cilium movement. “The market came to us,” says Dan.
When it comes to Kubernetes, Wendlandt and Graf say there are really two types of customers: those who are still early in their adoption of Kubernetes (and still learning how to use the platform), and those who are ready to run mission-critical applications on the platform.
Wendlandt adds, “For this second set of customers with modern workloads, the train has already left station when it comes to adopting Kubernetes, but somewhere along the path they realized, ‘Wait. How do I succeed with the Kubernetes platform and keep the security team happy?”
The challenges that security teams raise include security visibility, segmentation, and troubleshooting – all of which are nothing new. The key change here is that now customers were asking Isovalent to solve these challenges in a new, cloud-native way. And it’s not only the crazy power users like Adobe, Capital One, Datadog, and GitLab that are asking for this, but really, it’s “anyone who has compliance requirements related to their applications,” says Dan.
So, who are those potential customers? Well, pretty much everyone that’s looking to leverage modern cloud-native architectures to run their applications. Dan and Thomas say they’re constantly surprised by just how much support and interest they’re seeing in the market. “We’re still identifying new-use cases, the power of eBPF and Cilium is such, that inherently, you get unparallel level of observability and can derive insights that are above and beyond what traditional tools would give you.” In fact, when they decided to host an eBPF Summit in October 2020 - one week before launching Isovalent - they hoped for around 50 attendees. The final count? 11,000.
Next horizon:
With the power of this community and their compelling solution, Wendlandt and Graf say the next step is focusing on go to market and reaching even more customers.
Only just this week, Forbes named their company a “Top 20 Cybersecurity Startups to Watch in 2021.” Not bad for a company that only came out of “stealth mode” a month ago. At Cisco, we couldn’t agree more with their analysis: we believe this is a company to watch.