tigera · tomastigera · Mar 11, 2026 · Mar 11, 2026 · Mar 11, 2026
@@ -6,7 +6,7 @@
 
 ## Big picture
 
-Configure $[prodname] to collect additional TCP socket statistics. While this feature is available in both iptables and eBPF data plane modes, it uses eBPF to collect the statistics. Therefore it requires a recent Linux kernel (at least v5.3.0/v4.18.0-193 for RHEL).
+Configure $[prodname] to collect additional TCP socket statistics. While this feature is available in both iptables and eBPF data plane modes, it uses eBPF to collect the statistics. Therefore it requires a recent Linux kernel (at least v5.10.0/v4.18.0-305 for RHEL).
 
 ## Value
 
@@ -21,7 +21,7 @@
 ## Before you begin
 
 Ensure that your kernel contains support for eBPF that $[prodname] uses. The minimum supported
-kernel for tcp socket stats is: `v5.3.0`. For distros based on RHEL, the minimum kernel version is `v4.18.0-193`.
+kernel for tcp socket stats is: `v5.10.0`. For distros based on RHEL, the minimum kernel version is `v4.18.0-305`.
 
 # How to
 

@@ -28,9 +28,9 @@ eBPF (or "extended Berkeley Packet Filter"), is a technology that allows safe mi
 - arm64 (little-endian)
 - Linux distribution/kernel:
 
-  - Ubuntu 20.04 or above.
-  - Red Hat v8.2 with Linux kernel v4.18.0-193 or above (Red Hat have backported the required features to that build).
-  - Another supported distribution with Linux kernel v5.3 or above.  {/*TODO-XREFS-CC */}
+  - Ubuntu 22.04 or above.
+  - Red Hat v8.4 with Linux kernel v4.18.0-305 or above (Red Hat have backported the required features to that build).
+  - Another supported distribution with Linux kernel v5.10 or above.  {/*TODO-XREFS-CC */}
   - Immutable operating systems (e.g., Talos Linux): Ensure the `CgroupV2Path` in the `FelixConfiguration` CRD is set to a writable path.
 
 #### Kernel version requirements for eBPF features
@@ -39,15 +39,14 @@ Some eBPF features require a higher kernel version than the base eBPF data plane
 
 | Feature | Minimum kernel version | Details |
 |---|---|---|
-| Base eBPF data plane | v5.3 (RHEL: v4.18.0-193) | v5.8+ with CO-RE recommended for better performance |
-| [XDP acceleration](../../network-policy/extreme-traffic/defend-dos-attack.mdx) | v4.16 | Used for DoS mitigation; when `bpfEnabled` is `true`, policy is always accelerated using best available BPF technology |
+| Base eBPF data plane | v5.10 (RHEL: v4.18.0-305) | CO-RE supported at this version for better performance |
 | Log rules in eBPF mode | v5.16 | Logs sent to trace pipe via `bpftool prog tracelog` |
 | [QoS bandwidth controls](../../networking/configuring/qos-controls.mdx) | v6.6 | Requires `tcx` support. Established connection limits not supported with eBPF |
 | [DNS policy inline mode](../../network-policy/domain-based-policy.mdx) | v5.17 (RHEL: v5.14) | `BPFDNSPolicyMode: Inline` parses DNS responses in eBPF before they reach the application. Only wildcard prefixes (`*.x.y.z`) supported. Falls back to `NoDelay` on older kernels |
 
 :::warning
 
-While v5.3 is the minimum kernel version required for the eBPF data plane, we strongly recommend using kernel v5.8 or above, which adds support for [CO-RE (Compile Once - Run Everywhere)](https://docs.ebpf.io/concepts/core/). CO-RE significantly improves compatibility and performance across kernel versions. For access to all eBPF features, we recommend kernel v6.6 or above.
+The minimum kernel version required for the eBPF data plane is v5.10, which includes support for [CO-RE (Compile Once - Run Everywhere)](https://docs.ebpf.io/concepts/core/). CO-RE significantly improves compatibility and performance across kernel versions. For access to all eBPF features, we recommend kernel v6.6 or above.
 
 :::
 
@@ -110,18 +109,18 @@ uname -rv
 The output should look like this:
 
 ```
-5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020
+5.10.0-26-generic #28~20.04.1-Ubuntu SMP Fri Jan 27 14:30:10 UTC 2023
 ```
 
-In this case the kernel version is v5.4, which is suitable.
+In this case the kernel version is v5.10, which is suitable.
 
 On Red Hat-derived distributions, you may see something like this:
 
 ```
-4.18.0-193.el8.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com)
+4.18.0-305.el8.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com)
 ```
 
-Since the Red Hat kernel is v4.18 with at least build number 193, this kernel is suitable.
+Since the Red Hat kernel is v4.18 with at least build number 305 (RHEL 8.4), this kernel is suitable.
 
 ### Configure $[prodname] to talk directly to the API server
 

@@ -148,7 +148,7 @@ The Kubernetes API datastore driver reads its configuration from Kubernetes-prov
 
 eBPF data plane mode uses the Linux Kernel's eBPF virtual machine to implement networking and policy instead of iptables. When BPFEnabled is set to `true`, Felix will:
 
-- Require a v5.3 Linux kernel.
+- Require a v5.10 Linux kernel.
 - Implement policy with eBPF programs instead of iptables.
 - Activate its embedded implementation of `kube-proxy` to implement Kubernetes service load balancing.
 - Disable support for IPv6.

@@ -6,7 +6,7 @@
 
 ## Big picture
 
-Configure $[prodname] to collect additional TCP socket statistics. While this feature is available in both iptables and eBPF data plane modes, it uses eBPF to collect the statistics. Therefore it requires a recent Linux kernel (at least v5.3.0/v4.18.0-193 for RHEL).
+Configure $[prodname] to collect additional TCP socket statistics. While this feature is available in both iptables and eBPF data plane modes, it uses eBPF to collect the statistics. Therefore it requires a recent Linux kernel (at least v5.10.0/v4.18.0-305 for RHEL).
 
 ## Value
 
@@ -21,7 +21,7 @@
 ## Before you begin
 
 Ensure that your kernel contains support for eBPF that $[prodname] uses. The minimum supported
-kernel for tcp socket stats is: `v5.3.0`. For distros based on RHEL, the minimum kernel version is `v4.18.0-193`.
+kernel for tcp socket stats is: `v5.10.0`. For distros based on RHEL, the minimum kernel version is `v4.18.0-305`.
 
 # How to
 

@@ -28,9 +28,9 @@ eBPF (or "extended Berkeley Packet Filter"), is a technology that allows safe mi
 - arm64 (little-endian)
 - Linux distribution/kernel:
 
-  - Ubuntu 20.04 or above.
-  - Red Hat v8.2 with Linux kernel v4.18.0-193 or above (Red Hat have backported the required features to that build).
-  - Another supported distribution with Linux kernel v5.3 or above.  {/*TODO-XREFS-CC */}
+  - Ubuntu 22.04 or above.
+  - Red Hat v8.4 with Linux kernel v4.18.0-305 or above (Red Hat have backported the required features to that build).
+  - Another supported distribution with Linux kernel v5.10 or above.  {/*TODO-XREFS-CC */}
   - Immutable operating systems (e.g., Talos Linux): Ensure the `CgroupV2Path` in the `FelixConfiguration` CRD is set to a writable path.
 
 #### Kernel version requirements for eBPF features
@@ -39,15 +39,14 @@ Some eBPF features require a higher kernel version than the base eBPF data plane
 
 | Feature | Minimum kernel version | Details |
 |---|---|---|
-| Base eBPF data plane | v5.3 (RHEL: v4.18.0-193) | v5.8+ with CO-RE recommended for better performance |
-| [XDP acceleration](../../network-policy/extreme-traffic/defend-dos-attack.mdx) | v4.16 | Used for DoS mitigation; when `bpfEnabled` is `true`, policy is always accelerated using best available BPF technology |
+| Base eBPF data plane | v5.10 (RHEL: v4.18.0-305) | CO-RE supported at this version for better performance |
 | Log rules in eBPF mode | v5.16 | Logs sent to trace pipe via `bpftool prog tracelog` |
 | [QoS bandwidth controls](../../networking/configuring/qos-controls.mdx) | v6.6 | Requires `tcx` support. Established connection limits not supported with eBPF |
 | [DNS policy inline mode](../../network-policy/domain-based-policy.mdx) | v5.17 (RHEL: v5.14) | `BPFDNSPolicyMode: Inline` parses DNS responses in eBPF before they reach the application. Only wildcard prefixes (`*.x.y.z`) supported. Falls back to `NoDelay` on older kernels |
 
 :::warning
 
-While v5.3 is the minimum kernel version required for the eBPF data plane, we strongly recommend using kernel v5.8 or above, which adds support for [CO-RE (Compile Once - Run Everywhere)](https://docs.ebpf.io/concepts/core/). CO-RE significantly improves compatibility and performance across kernel versions. For access to all eBPF features, we recommend kernel v6.6 or above.
+The minimum kernel version required for the eBPF data plane is v5.10, which includes support for [CO-RE (Compile Once - Run Everywhere)](https://docs.ebpf.io/concepts/core/). CO-RE significantly improves compatibility and performance across kernel versions. For access to all eBPF features, we recommend kernel v6.6 or above.
 
 :::
 
@@ -110,18 +109,18 @@ uname -rv
 The output should look like this:
 
 ```
-5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020
+5.10.0-26-generic #28~20.04.1-Ubuntu SMP Fri Jan 27 14:30:10 UTC 2023
 ```
 
-In this case the kernel version is v5.4, which is suitable.
+In this case the kernel version is v5.10, which is suitable.
 
 On Red Hat-derived distributions, you may see something like this:
 
 ```
-4.18.0-193.el8.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com)
+4.18.0-305.el8.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com)
 ```
 
-Since the Red Hat kernel is v4.18 with at least build number 193, this kernel is suitable.
+Since the Red Hat kernel is v4.18 with at least build number 305 (RHEL 8.4), this kernel is suitable.
 
 ### Configure $[prodname] to talk directly to the API server
 

@@ -148,7 +148,7 @@ The Kubernetes API datastore driver reads its configuration from Kubernetes-prov
 
 eBPF data plane mode uses the Linux Kernel's eBPF virtual machine to implement networking and policy instead of iptables. When BPFEnabled is set to `true`, Felix will:
 
-- Require a v5.3 Linux kernel.
+- Require a v5.10 Linux kernel.
 - Implement policy with eBPF programs instead of iptables.
 - Activate its embedded implementation of `kube-proxy` to implement Kubernetes service load balancing.
 - Disable support for IPv6.

@@ -6,7 +6,7 @@
 
 ## Big picture
 
-Configure $[prodname] to collect additional TCP socket statistics. While this feature is available in both iptables and eBPF data plane modes, it uses eBPF to collect the statistics. Therefore it requires a recent Linux kernel (at least v5.3.0/v4.18.0-193 for RHEL).
+Configure $[prodname] to collect additional TCP socket statistics. While this feature is available in both iptables and eBPF data plane modes, it uses eBPF to collect the statistics. Therefore it requires a recent Linux kernel (at least v5.10.0/v4.18.0-305 for RHEL).
 
 ## Value
 
@@ -21,7 +21,7 @@
 ## Before you begin
 
 Ensure that your kernel contains support for eBPF that $[prodname] uses. The minimum supported
-kernel for tcp socket stats is: `v5.3.0`. For distros based on RHEL, the minimum kernel version is `v4.18.0-193`.
+kernel for tcp socket stats is: `v5.10.0`. For distros based on RHEL, the minimum kernel version is `v4.18.0-305`.
 
 # How to
 

@@ -35,9 +35,9 @@ and in particular, pushing the networking capabilities of the latest Linux kerne
 
 - Linux distribution/kernel:
 
-  - Ubuntu 20.04 or above.
-  - Red Hat v8.2 with Linux kernel v4.18.0-193 or above (Red Hat have backported the required features to that build).
-  - Another [supported distribution](../../getting-started/install-on-clusters/requirements.mdx) with Linux kernel v5.3 or above.
+  - Ubuntu 22.04 or above.
+  - Red Hat v8.4 with Linux kernel v4.18.0-305 or above (Red Hat have backported the required features to that build).
+  - Another [supported distribution](../../getting-started/install-on-clusters/requirements.mdx) with Linux kernel v5.10 or above.
   - Immutable operating systems (e.g., Talos Linux): Ensure the `CgroupV2Path` in the `FelixConfiguration` CRD is set to a writable path.
 
 #### Kernel version requirements for eBPF features
@@ -46,15 +46,14 @@ Some eBPF features require a higher kernel version than the base eBPF data plane
 
 | Feature | Minimum kernel version | Details |
 |---|---|---|
-| Base eBPF data plane | v5.3 (RHEL: v4.18.0-193) | v5.8+ with CO-RE recommended for better performance |
-| [XDP acceleration](../../network-policy/extreme-traffic/defend-dos-attack.mdx) | v4.16 | Used for DoS mitigation; when `bpfEnabled` is `true`, policy is always accelerated using best available BPF technology |
+| Base eBPF data plane | v5.10 (RHEL: v4.18.0-305) | CO-RE supported at this version for better performance |
 | Log rules in eBPF mode | v5.16 | Logs sent to trace pipe via `bpftool prog tracelog` |
 | [QoS bandwidth controls](../../networking/configuring/qos-controls.mdx) | v6.6 | Requires `tcx` support. Established connection limits not supported with eBPF |
 | [DNS policy inline mode](../../network-policy/domain-based-policy.mdx) | v5.17 (RHEL: v5.14) | `BPFDNSPolicyMode: Inline` parses DNS responses in eBPF before they reach the application. Only wildcard prefixes (`*.x.y.z`) supported. Falls back to `NoDelay` on older kernels |
 
 :::warning
 
-While v5.3 is the minimum kernel version required for the eBPF data plane, we strongly recommend using kernel v5.8 or above, which adds support for [CO-RE (Compile Once - Run Everywhere)](https://docs.ebpf.io/concepts/core/). CO-RE significantly improves compatibility and performance across kernel versions. For access to all eBPF features, we recommend kernel v6.6 or above.
+The minimum kernel version required for the eBPF data plane is v5.10, which includes support for [CO-RE (Compile Once - Run Everywhere)](https://docs.ebpf.io/concepts/core/). CO-RE significantly improves compatibility and performance across kernel versions. For access to all eBPF features, we recommend kernel v6.6 or above.
 
 :::
 
@@ -124,7 +123,7 @@ Select the appropriate tab below for distribution-specific instructions:
 <Tabs groupId="k8s-distro">
 <TabItem label="Generic or kubeadm" value="Generic or kubeadm-0">
 
-`kubeadm` supports a number of base OSes; as long as the base OS chosen (such as Ubuntu 20.04) meets the kernel
+`kubeadm` supports a number of base OSes; as long as the base OS chosen (such as Ubuntu 22.04) meets the kernel
 requirements, `kubeadm`-provisioned clusters are supported.
 
 Since `kube-proxy` is not required in eBPF mode, you must disable `kube-proxy` at install time. With `kubeadm`
@@ -137,7 +136,7 @@ kubeadm init --skip-phases=addon/kube-proxy
 </TabItem>
 <TabItem label="kOps" value="kOps-1">
 
-`kops` supports a number of base OSes; as long as the base OS chosen (such as Ubuntu 20.04 or RHEL 8.2) meets the kernel
+`kops` supports a number of base OSes; as long as the base OS chosen (such as Ubuntu 22.04 or RHEL 8.4) meets the kernel
 requirements, `kops`-provisioned clusters are supported.
 
 Since `kube-proxy` is not required in eBPF mode, you must disable `kube-proxy` at install time. With `kops` you
@@ -153,7 +152,7 @@ kubeProxy:
 
 OpenShift supports a number of base OSes; as long as the base OS chosen has a recent enough kernel, OpenShift clusters are
 fully supported. Since Red Hat have backported the eBPF features required by $[prodname] the Red Hat kernel
-version required is lower than the mainline: v4.18.0-193 or above.
+version required is lower than the mainline: v4.18.0-305 or above.
 
 </TabItem>
 <TabItem label="AKS" value="AKS-3">

@@ -6,7 +6,7 @@
 
 ## Big picture
 
-Configure $[prodname] to collect additional TCP socket statistics. While this feature is available in both iptables and eBPF data plane modes, it uses eBPF to collect the statistics. Therefore it requires a recent Linux kernel (at least v5.3.0/v4.18.0-193 for RHEL).
+Configure $[prodname] to collect additional TCP socket statistics. While this feature is available in both iptables and eBPF data plane modes, it uses eBPF to collect the statistics. Therefore it requires a recent Linux kernel (at least v5.10.0/v4.18.0-305 for RHEL).
 
 ## Value
 
@@ -21,7 +21,7 @@
 ## Before you begin
 
 Ensure that your kernel contains support for eBPF that $[prodname] uses. The minimum supported
-kernel for tcp socket stats is: `v5.3.0`. For distros based on RHEL, the minimum kernel version is `v4.18.0-193`.
+kernel for tcp socket stats is: `v5.10.0`. For distros based on RHEL, the minimum kernel version is `v4.18.0-305`.
 
 # How to