►
From YouTube: Antrea Community Meting 05/24/2021
Description
Antrea Community Meeting, May 24th 2021
A
A
A
B
So
I
will
start
here
and
please
stop
me
if
you
have
any
comments
and
okay.
So
the
motivation
is
that
virgo
has
been
shaped
with
the
latest
linux
kernel
and
it's
an
alternative
to
ibiza
and
it
claims
to
be
faster,
simpler
and
more
useful.
So
for
our
recent
tests
it
performs
two
times
faster
than
ipsec,
but
for
the
latency
wagon
is
not
as
good
at
episode,
so
we
can
only
get
23
percent
for
the
tcp
our
test
compared
with
episode.
B
If
you
want
to
check
some
details,
I
have
some
data
information
here.
So
there
are
the
the
recent
benchmark
from
syrium
also
showed
that
it
performs
1.7
times
compares
to
ibsec,
but
the
throughput
is
lower
than
bisect,
so
seems
to
have
got.
Could
utilize
multi-core
more
efficiently,
though
the
tpr
result
is
not
as
good
as
a
clive
stack.
So
I
think
it
is
still
valuable
to
integrate
well
guard
with
andrea,
as
the
maxim
throughput
is
significantly
better.
B
B
B
And
this
also
should
be
documented
workout
use.
So
here
is
how
we
can
configure
the
workout
interface.
Our
workout
use
networking
based
configuration
api,
so
we
don't
need
any
demon
process
in
user
space
and
there
is
an
official
golan
library
to
control
work
out.
The
linux
kernel
module
directly.
So
I
press
the
link
here.
B
So
a
proper
way
is
to
set
annotation
on
the
kubernetes
load
resource,
and
maybe
it
looks
like
this-
and
we
add
this
annotation
to
enforce
the
public
key
for
every
node
and
we
do
not
need
to
save
or
store
the
private
key
by
all
means
so
for
adding
restarts
or
node
reports.
We
just
need
to
check
whether
the
welcome
interface
has
been
assigned
or
keynote.
B
B
So
so
we
don't
need
to
store
any
configurations
in
a
file
or
something
like
the
file.
We
just
need
to
generate
the
workout
configuration
in
memory
and
set
it
to
the
interface
and,
if
the,
if
the
notation
of
a
node
changes,
other
agents
will
be
informed,
so
they
will
change
the
probability
of
the
player
node.
Accordingly,.
B
Then
check
the
where
the
workout
panel
module
is
loaded
successfully,
so
this
could
be
by
checking
a
file
generated
by
step
y.
So
if,
if
wirecard
is
enabled
in
the
computer
map,
but
the
workout
model
is
not
loaded,
so
we
should
try
and
shoot
the
exit
with
error
code
in
indicating
that
workout
is
not
supported.
So
that
means
the
node.
Will
the
android
engine
cannot
derive
that
from
that
node,
but
because
we
have
assumption
that
all
the
nodes
must
be
well
guard
compatible.
B
A
is:
we
create
the
node
public
key
from
london
data
and
set
it
as
a
public
key
field,
and
then
we
set
the
load
iq
to
the
load
ips
field,
and
then
we
also
set
the
current
the
nodes
pulsator
to
the
route
ips
field
and
the
last
step
is
we
set
the
node
ip
and
the
workouts:
listen
port
to
the
end
point
field.
So
that's
the
four
steps
need
to
be
done
for
every
node
and
then,
as
I
said
earlier,
so
we
designed
it
to
based
on
the
entry
and
card
mode.
B
B
B
B
C
C
Okay,
actually,
I
was
thinking
I
mean
purely
a
hybrid
mode.
I'll,
probably
probably
don't
really
make
much
money
in
my
mind.
I
have
no
humor
people
probably
will
just
config
the
encryption
for
all
the
notes
for
the
point.
It
makes
sense
for
this
topology
or
wow
encryption
in
our
community.
If
we
go
knowing
how
mode,
I
think
we
will
lose
some
features
right.
No,
probably.
B
C
B
B
Okay,
okay,
so
our
finish,
there
is
a
talk
first,
so
thank
you.
Settings
we're
gonna,
need
a
64,
ipv4
and
84
ipv6,
so
we
can
adjust
the
mtu
based
on
whether
ipv6
is
enabled,
so
this
is
empty
and
for
ipv6
support.
We
also
need
to
adjust
the
endpoint
on
the
other
here.
Setting
software
guard
and
also
for
accurately
enabled
the
rotating
table
should
also
be
changed.
B
So
because
we
after
the
encapsulation
the
destination,
ip
will
be
the
node
ip
and
we
want
to
roast
the
nodal
p
packet
to
the
workout
panel.
So
when
we
need
to
create
a
separate
routing
table
and
set
a
mask
in
the
form
entry,
so
steps
are
here,
so
we
may
need
to
change
the
following
tree
in
table
17
and
add
a
packet
mark
here
and
then
add
a
special
other
row
for
the
packet
with
this
mark
to
jump
into
another
table
at
the
table.
B
B
C
B
E
E
C
C
Yeah,
I
think
at
least
trace
flow
will
be
impacted
a
little.
I
think
it's
useful
for
transfer
within
sorry,
I
slow
income
mode.
Actually,
I'm
not
sure,
truthful,
still
works
on
our
timing,
since
you
do
workout
tunnel
again
with
living
traffic
for
you
to
check
and
for
the
evening
to
us,
it
will
be
some
difference
from
incoming.
F
F
C
B
C
Product
managers
to
see
any
requirements
on
workout
or
ipsec
because
I
see
there
are
some
big
super
throughput
improvements,
but
those
the
latency
jobs
right
and
another
thing
that
I
don't
know
how
enterprise
customers
will
work
out
that
much.
We
know
for
enterprise
or
not
because
for
strong,
strong
one.
That
is,
we
know
it's
been
there
for
many
years
and
adopted
by
many
enterprise
customers,
but
where
I
got
I
just
don't
know,
maybe
you
can
get
some
inputs
from
my
chinese
one
too.
C
A
A
D
A
Where
latency
is
a
very
important
factor,
the
other
thing
that
might
be,
in
my
opinion,
a
resistance
to
the
adoption
of
wire
guard
is
the
fact
that
it's
supported
only
on
kernel,
5.6
and
above
and,
as
we
know
in
many
in
many
real
environments,
the
linux
distributed
linux
operating
system
that
is
used
for
for
host
nodes.
It's
a
kind
of
you
can
say,
consider
black
box,
so
users
cannot
go
and
install
modules,
update,
kernels
and
stuff
like
that.
A
Said
this
for
today,
I
don't
believe
that
there
was
any
other.
Maybe
there
is
another
topic?
No,
there
is
no
other
topic
proposed
for
today
in
the
agenda,
which
means
that
now
we
are
with
open
up
for
open
discussion.
So
if
you
have
anything
that
you
like
to
bring
up,
discuss,
complain
about,
please
go.
C
A
A
Perfect,
it
seems
that
therefore,
that's
all
for
today,
and
I
would
like
to
thank
you
for
this
very
informative
presentation,
which
it
was
really
enjoyable
and
the
one.
I
would
like
to
wish
everyone
a
good
evening,
a
good
afternoon
or
a
good
day,
thanks
again
for
joining
and
talk
to
you
again
in
the
next
century,
community
meeting
in
two
weeks
time.