►
From YouTube: Antrea Community Meting 05/24/2021
Description
Antrea Community Meeting, May 24th 2021
A
So
welcome
everyone
good
morning
good
afternoon
good
evening
and
welcome
to
this
instance
of
the
andrea
community
meeting
today
is
monday
may
24th.
If
you
are
on
the
west
side
of
the
atlantic,
otherwise
it
will
be
tuesday,
may
the
25th.
A
So
for
today's
meeting
we
have
a
planned
topic
in
the
agenda,
and
that
is
a
discussion
of
the
wireguard
support
for
andrea,
and
this
will
be.
This
discussion
will
be
led
by
shu.
A
I
do
apologize
if
I
misspelled
your
name,
and
I
see
that
your
real
line,
so
we
can
get
started
so
sure.
That's
that
will
be
the
floor.
Is
yours.
Please
go
ahead
with
your
with
your
presentation.
Okay,
thank
you.
So.
B
So
I
will
start
here
and
please
stop
me
if
you
have
any
comments
and
okay.
So
the
motivation
is
that
virgo
has
been
shaped
with
the
latest
linux
kernel
and
it's
an
alternative
to
ibiza
and
it
claims
to
be
faster,
simpler
and
more
useful.
So
for
our
recent
tests
it
performs
two
times
faster
than
ipsec,
but
for
the
latency
wagon
is
not
as
good
at
episode,
so
we
can
only
get
23
percent
for
the
tcp
our
test
compared
with
episode.
B
If
you
want
to
check
some
details,
I
have
some
data
information
here.
So
there
are
the
the
recent
benchmark
from
syrium
also
showed
that
it
performs
1.7
times
compares
to
ibsec,
but
the
throughput
is
lower
than
bisect,
so
seems
to
have
got.
Could
utilize
multi-core
more
efficiently,
though
the
tpr
result
is
not
as
good
as
a
clive
stack.
So
I
think
it
is
still
valuable
to
integrate
well
guard
with
andrea,
as
the
maxim
throughput
is
significantly
better.
B
So,
okay,
so
the
kernel
version
above
5.6
there's
building
support
for
our
guard
for
other
kernels.
B
B
And
this
also
should
be
documented
workout
use.
So
here
is
how
we
can
configure
the
workout
interface.
Our
workout
use
networking
based
configuration
api,
so
we
don't
need
any
demon
process
in
user
space
and
there
is
an
official
golan
library
to
control
work
out.
The
linux
kernel
module
directly.
So
I
press
the
link
here.
B
B
So
a
proper
way
is
to
set
annotation
on
the
kubernetes
load
resource,
and
maybe
it
looks
like
this-
and
we
add
this
annotation
to
enforce
the
public
key
for
every
node
and
we
do
not
need
to
save
or
store
the
private
key
by
all
means
so
for
adding
restarts
or
node
reports.
We
just
need
to
check
whether
the
welcome
interface
has
been
assigned
or
keynote.
B
B
So
so
we
don't
need
to
store
any
configurations
in
a
file
or
something
like
the
file.
We
just
need
to
generate
the
workout
configuration
in
memory
and
set
it
to
the
interface
and,
if
the,
if
the
notation
of
a
node
changes,
other
agents
will
be
informed,
so
they
will
change
the
probability
of
the
player
node.
Accordingly,.
B
So
here
are
more
details
for
the
implementation
rotation
here
and
workout
only
works
on
layer
three,
so
it
cannot
handle
there
to
traffic
and
we
cannot
attach
the
wire
guard
part
to
the
resource,
and
that
means
the
traffic
can
need
to
go
out,
form
and
clear
gateway
and
be
handled
by
the
host
network
stack
so
robot.
B
That
means
we
just
need
to
change
the
routine
routing
table
based
on
the
knowing
cut
mode
to
load
all
traffic
through
the
for
the
target
setter
for
of
the
pyramids
through
the
wildcat
tunnel.
B
So
that's
the
detailed
steps
here
and
the
the
first
steps
that
we,
even
though
we
do
not
need
to
install
the
kernel
module
and
we
still
can
try
to
load
the
kernel
module
in
the
unit
container
and
maybe
we
can
save
the
results
to
the
file
to
for
for
the
future
check
of
the
android
agent.
B
B
Then
check
the
where
the
workout
panel
module
is
loaded
successfully,
so
this
could
be
by
checking
a
file
generated
by
step
y.
So
if,
if
wirecard
is
enabled
in
the
computer
map,
but
the
workout
model
is
not
loaded,
so
we
should
try
and
shoot
the
exit
with
error
code
in
indicating
that
workout
is
not
supported.
So
that
means
the
node.
Will
the
android
engine
cannot
derive
that
from
that
node,
but
because
we
have
assumption
that
all
the
nodes
must
be
well
guard
compatible.
B
Oh
okay
step
three
and
we
need
to
add
an
interface,
maybe
the
name,
design,
chair,
wg
and
host
mode
and
then
bring
it
up.
B
A
is:
we
create
the
node
public
key
from
london
data
and
set
it
as
a
public
key
field,
and
then
we
set
the
load
iq
to
the
load
ips
field,
and
then
we
also
set
the
current
the
nodes
pulsator
to
the
route
ips
field
and
the
last
step
is
we
set
the
node
ip
and
the
workouts:
listen
port
to
the
end
point
field.
So
that's
the
four
steps
need
to
be
done
for
every
node
and
then,
as
I
said
earlier,
so
we
designed
it
to
based
on
the
entry
and
card
mode.
B
B
B
So,
but
if
there
are
any
pianos
that
do
not
have
welcome
installed
or
we
or
user,
some
users
might
want
to
disable
webguard
for
some
node
explicitly
so
they're,
not
the
network
might
be
broken,
as
the
presumption
is
that
we
are
setting
up
the
network
based
on
annoying
card
mode.
B
And
also
we
may
want
to
support
topology
awareness
encryption,
so
that
means
for
some
cases
the
user
might
want
to
encrypt
traffic
for
cross-load
nodes,
not
only
and
for
the
losing
in
the
same
control
zone
traffic
that
wants
not.
They
may
want
not
to
increase
traffic
to
reduce
cost.
B
C
C
Okay,
actually,
I
was
thinking
I
mean
purely
a
hybrid
mode.
I'll,
probably
probably
don't
really
make
much
money
in
my
mind.
I
have
no
humor
people
probably
will
just
config
the
encryption
for
all
the
notes
for
the
point.
It
makes
sense
for
this
topology
or
wow
encryption
in
our
community.
If
we
go
knowing
how
mode,
I
think
we
will
lose
some
features
right.
No,
probably.
C
I
I'm
not
sure
any
other
features
will
be
impacted,
but
I
will
show
there
will
be
some
important
features.
B
C
Sure,
probably
you
can
do
some
comparison
here.
Another
thing
that
I
I
think
in
time,
even
within
kai
mode,
you
can
do
one
called
encryption,
but
of
course
that
will
be
a
little
more
overhead.
B
Yeah
yeah
yeah.
Actually
I
I.
B
B
Okay,
okay,
so
our
finish,
there
is
a
talk
first,
so
thank
you.
Settings
we're
gonna,
need
a
64,
ipv4
and
84
ipv6,
so
we
can
adjust
the
mtu
based
on
whether
ipv6
is
enabled,
so
this
is
empty
and
for
ipv6
support.
We
also
need
to
adjust
the
endpoint
on
the
other
here.
Setting
software
guard
and
also
for
accurately
enabled
the
rotating
table
should
also
be
changed.
B
So
I
think,
ideally,
we
should
not
encap
the
package
before
sending
it
to
wagon,
as
the
workout
can
handle
the
routing
automatically
and
if
we
encaps
the
packet,
you
need
to
name
our
other
protocol,
so
it
will
bring
additional
overhead,
but
it's
still
possible
to
create
an
overlay
network
based
on
robot.
B
So
this
this
means
we
need
to
change
some
rotten
tables.
B
So
because
we
after
the
encapsulation
the
destination,
ip
will
be
the
node
ip
and
we
want
to
roast
the
nodal
p
packet
to
the
workout
panel.
So
when
we
need
to
create
a
separate
routing
table
and
set
a
mask
in
the
form
entry,
so
steps
are
here,
so
we
may
need
to
change
the
following
tree
in
table
17
and
add
a
packet
mark
here
and
then
add
a
special
other
row
for
the
packet
with
this
mark
to
jump
into
another
table
at
the
table.
B
Return
for
this
case
and
in
table
ten,
we
set
the
default
route
for
the
tunnel,
so
this
could
also
work
for
tested
its
name
with
well
god
together
as
an
overlay
network.
But
I
assume
this
will
bring
more
overhead,
so
I
don't
know
whether
this
makes
sense
or
not.
B
B
C
B
E
E
C
I
I
probably
cannot
have
a
complete
list
or
all
the
features
impacted
by
no
income
mode.
You
might
hide
yet
maybe
I
mean
if
you
can
put
a
summary
there,
but
it's
easier
for
us
to
run
it.
C
Yeah,
I
think
at
least
trace
flow
will
be
impacted
a
little.
I
think
it's
useful
for
transfer
within
sorry,
I
slow
income
mode.
Actually,
I'm
not
sure,
truthful,
still
works
on
our
timing,
since
you
do
workout
tunnel
again
with
living
traffic
for
you
to
check
and
for
the
evening
to
us,
it
will
be
some
difference
from
incoming.
F
Well,
what
if,
what?
If
we
support,
we
make
eagles
work
in
knowing
that
mode?
I
think
in
that
motorway
we
will
also
create
a
tunnel.
F
C
B
C
Product
managers
to
see
any
requirements
on
workout
or
ipsec
because
I
see
there
are
some
big
super
throughput
improvements,
but
those
the
latency
jobs
right
and
another
thing
that
I
don't
know
how
enterprise
customers
will
work
out
that
much.
We
know
for
enterprise
or
not
because
for
strong,
strong
one.
That
is,
we
know
it's
been
there
for
many
years
and
adopted
by
many
enterprise
customers,
but
where
I
got
I
just
don't
know,
maybe
you
can
get
some
inputs
from
my
chinese
one
too.
C
A
No,
no
more
questions
thanks
sure.
It's
it's
a
very
nice
presentation.
It's
also
a
very
divided
point
about
changing
weather.
We
should
also
consider
in
a
wider
way
pro
and
cons
between
a
wire
guard
and
an
ipsec.
A
D
A
Where
latency
is
a
very
important
factor,
the
other
thing
that
might
be,
in
my
opinion,
a
resistance
to
the
adoption
of
wire
guard
is
the
fact
that
it's
supported
only
on
kernel,
5.6
and
above
and,
as
we
know
in
many
in
many
real
environments,
the
linux
distributed
linux
operating
system
that
is
used
for
for
host
nodes.
It's
a
kind
of
you
can
say,
consider
black
box,
so
users
cannot
go
and
install
modules,
update,
kernels
and
stuff
like
that.
A
But
anyway,
it's
probably
definitely
a
good
addition
to
have
you
know
to
the
technologies
supported
by
andrea.
A
Said
this
for
today,
I
don't
believe
that
there
was
any
other.
Maybe
there
is
another
topic?
No,
there
is
no
other
topic
proposed
for
today
in
the
agenda,
which
means
that
now
we
are
with
open
up
for
open
discussion.
So
if
you
have
anything
that
you
like
to
bring
up,
discuss,
complain
about,
please
go.
C
A
A
Perfect,
it
seems
that
therefore,
that's
all
for
today,
and
I
would
like
to
thank
you
for
this
very
informative
presentation,
which
it
was
really
enjoyable
and
the
one.
I
would
like
to
wish
everyone
a
good
evening,
a
good
afternoon
or
a
good
day,
thanks
again
for
joining
and
talk
to
you
again
in
the
next
century,
community
meeting
in
two
weeks
time.