►
From YouTube: Antrea Community Meeting 02/14/2022
Description
Antrea Community Meeting, February 14th 2022
A
B
B
Here
is
the
pipeline,
and
I
proposed
our
first
review
how
lmp
table
to
deal
with
ldmp,
query
and
idmp
report
and
later
it
will
deal
with
multicast
egress,
and
then
it
builds
multicast
traffic
and
the
multicast
ingress
for
the
rdmp
table.
We
will
define
rules
to
block
fgmp,
query
and
also
rdmp
report
to
specific
specific
pod
and
yeah,
and
for
the
egress
we
multi-class
egress.
B
We
will
different
rules
to
block
or
allow
the
rules
of
the
traffic
come
out
from
specific
port
and
for
the
ingress
we
will
defend
rule
to
allow
or
drop
the
traffic
to
the
specific
part.
Here.
Is
this
ready?
I
want
to
reuse
the
existing
defined
for
in
smp,
but
extend
with
two
members
in
the
rule.
Here
is
the
multicast
address.
That
means
the
members
to
store
the
multi-class
address.
B
B
We
checked
that
the
body
is
using
the
bucket
advance
and
we
will
add,
drop
actions
on
pakistan
and
then,
if
the
rule
for
to
block
the
smp
query
deleted,
then
we
will
reset
the
ignp
ldmp
rule
to
the
original
one
yeah.
This
is
for
the
identical
query
to
to
block
this
is
the
rule
to
block
idm
bigquery.
B
B
If
it's
from
the
desired
app
address,
then
we
will
check
if
it's
from
the
pod
and
if,
yes,
we
will
submit
this
packet
to
controller
and
then
the
package,
the
agent
and
the
agent
will
check
if
the
package
should
be
blocked
in
in
this
condition,
entry
agent
will
send
view.
We
will
define
a
query
api
to
for
event
to
check
if
the
package
should
be
dropped.
B
B
And
the
for
the
the
last
feature
is
that
to
limit
the
specific
part,
to
send
multi
custom
to
specific
multicast
api
addresses,
which
means
that
we
should
block
the
you
know
from
both
the
source
and
the
destination
and
for
the
ingress.
We
will
check
the
matched
part
and
then
on
the
node.
We
will
defend
several
rules
to
block
the
traffic
multicast
traffic
that
that
comes
in
the
metric
port.
First,
we
will
defend
rule
to,
for
example,
if
we
want
to
block
the
multicast
traffic
from
this
app
address
and
to
225.1.2.3.
B
B
Sorry,
hi,
okay,
I
will
continue
yeah
go
and
then
in
this
table
we
can
also
calculate
the
number
of
packets
dropped
by
the
by
this
rule
and
for
multicast
egress.
It
is,
I
think,
nearly
the
same
we
will
define,
we
will
define
the
rule
on
the
node
that
runs
the
source
pod
and
we
will
also
check
the
source
app
address
and
also
destination
api
address,
and
also.
B
C
C
If,
in
a
single
rule,
there
is
actually
a
normal
peer
and
a
multi-cloud
multicast
appear
at
the
same
time,
but
it
actually
makes
sense
and
if
not,
then
maybe
we
could
consider
doing
something
different
here,
for
example,
adding
a
new
type
of
rule,
which
is
ingress,
multicast
rules
or
egrasmatic
class
rules.
Just
to
you
know,
differentiate
them
from
the
current
rules
so
that
we
have
clear
structure
on
how
things
are
gonna
be
enforced.
I
I'm
not
sure
if
I'm
experi
expressing
myself
clearly
here
or
at
least
have
we
actually
considered
this
alternative.
B
D
E
B
B
B
B
D
And
also
for
igmp,
I
probably
need
to
understand
better
if
we
really
want
to
differentiate
rgmp,
I
kind
of
feel
I'm
just
thinking
about.
Should
we
just
use
a
generic
mechanism.
For
example,
we
can
add
a
new
field
for
ip
protocol
and
then,
if
you
want
to
allow
this
on
igmp,
you
can
put
the
protocol
value
2
right.
B
F
C
So
in
that,
in
my
opinion,
it
will
be.
You
know
better
off
to
separate
this
intent
as
as
as
best
as
we
can
so
that
you
know
the
acmp
will
stay
as
is
or
or
we
can
added
some.
You
know
new,
maybe
rule
sets
in
the
is
in
the
acmp,
but
not
to
reuse
the
current
ingress
and
rules.
But
that's
just
my
personal
preference.
C
A
I
understand
I,
I
understand
yeah,
it's
better
to
be
clear
because
yes,
so,
basically
airing
a
completely
different
type
of
object
for
multicast
network
policies.
Is
there
any
case
where
this
could
be
a
bad
user
experience?
Because
I'm
just
talking
thinking
aloud
here,
because
there
could
be
a
policy,
a
security
configuration
which
we
normally
could
express
with
a
single
policy,
but
now
requires
us
to
create
two
different
objects:
yeah.
C
That's
true
that
that's
a
that's
a
valid,
that's
a
really
valid
concern,
but
I
mean
in
that
case
something
like
you
know:
you
have
a
you,
have
a
single
applied
to
and
some
egress
rules
and
some
multi-class
multicast
egress
rules.
You
know
something
like
that
would
would
would
be
a
little
bit
clearer,
but.
A
A
Let's
say
the
types
of
traffic
sent
by
an
application
are
completely
distinct
between
unicust
and
multicast
traffic
right.
So
it's
typically
like
like
the
same
the
same
application
it
probably
if
it
sends
it
needs
a
configuration
for
multicast
traffic
and
then
another
configuration
for
unicast
traffic,
so
it
might
actually
make
sense
to
have
them
into
into
distinct
objects.
A
And
so
there
are
comments
on
the
chat,
so
first
wiki
is
correctly
suggesting
that
we
need
to
open
up
these
for
public
review,
so
the
contents
that
has
been
reported
here
should
be
available
on
the
entry
github
for
allowing
the
whole
community
to
review,
and
then
there
is
also
a
common,
a
comment
from
zhenjun.
He
would
like
to
consider
something
where
you
have
action
deny
protocol
igmp
and
so
that
later
we
can
support
more
protocols
as
well
so
ginger.
So
basically,
you
are
suggesting
to
consider
igmp
another
protocol
in
entry
network
policies.
A
D
C
It
already
has,
I
mean
we
already
have
a
product
called
field
which
can
take
ccp,
udp
or
icmp
right.
So
I
I
I
didn't
know
that
why
we
would
have
to
need
a
sigmp
flag
here.
I
didn't
know
the
context,
so
if,
if
we
can
integrate
this
igmp
protocol
into
the
product
called
field,
that
will
be
the
best
case
scenario.
In
my
mind,.
D
E
Actually,
I
think
the
requirement
is
that
so
the
user
might
configure
the
np
network
policy
to
drop
some
hmp
package
from
the
specified
port.
All
so
I
mean
that's,
maybe
we
don't
drop
all
ignp
packets,
but
only
the
lgmp
reports
from
one
two
three
of
pulse,
but
we
could
allow
the
agmp
report
from
the
port
four
five.
First,
one.
B
So,
for
example,
the
customer
are
using
it
for,
for
the
tv
show,
only
the
paid
customers
can
we
can
access
some
resources,
then
maybe
they
can
define
some
multicultural
address
that
only
specific
users
or
maybe
ap
addresses
can
access.
This
multicast
can
join
this
multicast
address
and
receive
the
tv
shows
from
the
sender,
or
maybe
this
is
a
star.
F
Being
on
the
team,
I
think,
maybe
offline,
we
can
discuss
about
the
the
requirement
whether
it
makes
sense
to
the
multicast
use
case.
So
I
think
it
should
be
a
action
item
to
be
in
to
get
something
clarified,
especially
about
the
requirement,
but
in
general
I
actually
agree
with
tianjin.
I
think
if
we
can't
do
something
generic
in
a
generic
generic
way,
we
do
need
to
introduce
those
specific
fields.
Otherwise,
maybe
we
have
to
yeah.
We
extend
our
entire
network
policy,
but
we
just
unnecessary.
F
A
B
A
A
F
Yeah,
I
think
the
the
first
thing
is
to
finalize
the
api
the
only
way
to
analyze
api.
Then
we
can
maybe
discuss
the
implementation
based
on
that.
So
I
think
yeah
you
can
move
the
design
document
to
the
github
or
google
or
google
docs
and
share
with
the
community
for
more
discussion.
Then
I
think
at
least
in
entry
1.6.
Let's
finalize
the
api
design.
C
H
H
The
first
one
is
get
multicast
stats
that
shows
multicast,
that's
in
part
view
and
basically
it
this
command
will
implement
these
four
requirements.
That
is
multicast
package
drop
by
transmitted
by
poi
interface
multicast.
I
can
draw
a
job
by
received
by
the
file
interface
here
here.
The
chest
meet
and
receive
means
ingress
and
egress,
and
also
igmp
package,
discarding
asset
accepted,
and
then
all
of
these
requirements
are
also
shown
by
different
multi
different
network
policies.
H
H
We
show
the
mappings
between
multicast
group
and
the
multicast
parts
in
the
whole
cluster,
so
we
also
have.
We
also
have
these
two
requirements
that
that's
we
don't.
We
don't
need
to
expose
these
stats
in
the
in
the
cluster.
While
we
only
need
to
show
these
two
in
the
per
node,
so
I
will
introduce
another
command
called
multicast.
That's
that
that
shows
the
inbound
and
outbound
stats
for
both
these
inbound
and
r1
multicast
sets
for
that
part.
H
H
H
H
H
So
when
when,
when
we
are
processing
ignp
republic
doing
packing,
we
can
create
some
data
structure
to
store
the
stats,
while
processing
ignp
report
message
and
also
a
function
that
created
by
b,
is
that
I
can
create.
By
being
that,
I
can
use
to
query
if
that
is
that
ignp
report
message
will
be
allowed
or
dropped.
H
So
so,
after
this,
after
after
the
process
I
described
the
step
of
the
ign
loud
and
ngmp,
jobs
will
can
be
up
can
be
obtained
by
the
h8
engine
and
also
we
have.
We
need
to
collect
inbound
job
in
our
bank
jobs
along
with
inbound
and
album
in
the
multicast
stats.
This
stats
will
be
created
by
passing
the
passing
the
flows
I
added
in
the
in
the
pipeline.
H
H
So
so
after
so
when,
whenever
when
the
multicast
traffic
goes
through,
this
apply,
the
the
traffic
will
go,
will
go
to
go
to
this
network
policy
first
and
and
resubmit
to
the
table.
Multicast
egress
per
par
metric
I
described
and
so
prepared
stats
where
we
collect
based
on
passing,
passing
the
flows.
H
G
G
Because
I
think,
as
it
is
right
now
it
it
makes
sense
because
bin
was
proposing
to
introduce
dedicated
fields
for
multicast
addresses
and
and
igmp
switch
in
the
network
policy
type.
But
if
we
converge
to
something
more
generic,
I
think
we
also
need
something
more
generic
here,
mostly
referring
to
the
part
tied
to
stats
for
multicast
network
policies.
A
Okay,
it
seems
that
it's
all
in
terms
of
community
questions
for
today.
So
thanks
a
lot
bin
and
lua
chen
for
doing
this
presentation,
we
look
forward
to
seeing
a
specification,
a
proposal
for
multicast
network
policies
on
github
so
that
we
can
finalize
the
api
design
and
proceed
with
the
implementation.
A
A
That's
right,
that
is
right.
We
have
13
minutes
left.
Actually
sorry,
I
you
know
now,
I'm
amused
that
meetings
are
50
minutes
long
to
give
time
for
to
people
to
move
to
the
next
meeting,
but
I
didn't.
I
did
forget
that
the
entry
committee
meeting
is
actually
an
hour
long
scheduled
for
an
hour
so
yeah.
We
have
plenty
of
time
to
discuss
new
topics.
So
if
you
have
anything
to
propose
I'll
wait
for
a
few
seconds
before
closing
the
call.
G
So
those
are
the
apis
ending
in.
I
think
it
was
tenzu.vmware.com
and
we
replace
those
apis
by
entry,
dot,
io,
apis
and
so
yeah.
We
no
longer
serve
the
previous
apis
starting
now,
and
we're
able
to
remove
all
the
mirroring
code
that
was
taking
care
of
mirroring
old
api
resources
to
new
api
resources
for
backwards
compatibility.