►
From YouTube: Antrea Community Meeting 12/07/2020
Description
Antrea Community Meeting, December 7th 2020
A
Okay,
so
on
the
agenda
tonight,
arun
and
other
folks
from
intel
are
gonna.
Give
us
some
more
information
about
their
proposal
to
support
cnf
use
cases
in
entria,
and
if
we
have
some
time
remaining
after
that,
we'll
have
like
an
open
discussion
in
case
folks
want
to
bring
up
some
issues
all
right,
our
own
sideloo,
you
guys,
can
take
it
away.
C
C
Sure
hi
good
evening,
everybody,
so
this
is
the
follow
up
discussion
to
have
a
little
more
deep
dive
on
the
cnn
proposal.
We
made
a
few
weeks
back
before
we
start
go
with
this.
I
would
like
to
request
side
loop
to
recap,
a
little
bit
on
the
cnn
of
use
cases
and
stuff
which
we
discussed
last
time
so
sideload.
Would
you
like
to
give
few
words.
B
Yes,
adam
yeah,
as
we
discussed
last
time,
cnn
and
cnf
use
cases
to
support
service,
functional
chain
and
also
by
product.
B
We
are
going
to
provide
the
details
on
how
we
are
going
to
support
the
multiple
interfaces,
including
the
sri
gov
or
any
subject
into
any
virtual
network
interface,
and
also
going
forward
how
we
are
going
to
support
the
service
functional
chain
to
support
the
multiple
service,
functional
chains,
which
is
one
of
the
common
use
cases
on
the
sd
one
and
other
areas,
and
also
we
are
going
to
expand
the
solution.
B
We
are
going
to
show
the
solution,
how
we
are
going
to
expand
further
on
the
load
balancing
on
when
multiple
service
multiple
function
instances
are
supported,
so
how
we
can
load
balancing
within
that
one.
That
is
what
we
are
going
to
present
today
and
we
start
with
the
use
case.
What
is
the
current
use
case?
How
we
are
looking
it
and
why
multiple
interfaces
interfaces
are
required
to
support
the
service
functional
chain
from
there?
B
We
are
going
to
present
a
virtual
network
virtual
networks,
how
we
can
create
that
and
how
we
can
maintain
within
andreas
scope,
and
also
we
are
going
to
present
how
we
going
forward.
D
C
Sure
yeah
yeah,
thank
you.
I
think
stephen
wong
has
some
question
or
we
couldn't
hear
yeah.
E
Just
in
case
we've
got
newbies
here
who
don't
understand
the
terminology?
Can
we
define
cnf,
vnf
and
sfc
in
this
slide,
so
that
people
who
tune
into
the
broadcast
can
get
a
definition
and
know
whether
they're
interested
or
not.
B
Yeah
sure
stephen
cnf
is
a
cloud
native
function.
Something
vnf
is
like
virtual
native
function.
Example.
If
you
see
firewall,
we
can
have
the
physical
appliance
or
we
can
have
the
vnf
and
cnf
is
a
cloud
native
form
of
the
same
network
function
and
sfc
is
service
functional
chain
how
we
can
shine
together.
All
these
cnfs
and
vnf's,
based
on
the
certain
required
criteria,
and
we
have
details
on
how
showing
up
cnn,
pnf
and
service
functional
chain
in
the
next
slides.
C
Great
yeah,
thank
you
silo
thanks
for
the
quick
summary
on
what
we
tried
to
cover
today.
Hope
it
was.
It
was
clear
for
the
community
people,
let's
go
with
this
right
now.
So
yes,
sidelore
mentioned
the
actual
problem
statement.
C
Here
is
the
cnf
deployment
and
network
function
chaining
support
on
andrea
cni
right
so
to
enable
andrea
to
support
the
cnf
deployment
and
also
service
function
chain
of
cnf
functionalities
not
limited
to,
though,
but
we
say
currently
it's
specific
to
cnf
for
mantria,
while
while
we
use
andreas
a
cni
for
kubernetes
and
obviously
the
one
of
the
main
criteria
for
that
is
multiple
interface
support
on
andrea.
As
all
of
us
know,
it
supports
only
a
default
network
interface
right
now.
C
All
the
communication
goes
through
the
default
interface,
which
is
created
based
on
the
kubernetes
cidr
right,
so
so
to
support
the
chaining.
We
need
more
than
one
interface,
so
we
need
to
add
support
for
that.
Also
in
andrea
actual
requirement
to
achieve
this
is
to
support
dynamic
virtual
network
configuration.
We
will
we'll
see
in
in
a
while
like
what
it
is
exactly
about,
and
a
provider
network
and
multiple
interface
support
per
part.
C
C
To
make
things
a
little
more
clear,
so
we
took
an
example
specific
to
sdvan.
Security
network
function,
function
chaining,
so
this
we
can.
We
can
see
that
there
is
a
core
network
here.
You
can
call
it
as
a
provider
network
okay,
so
it
is
kind
of
your
building,
van
or
or
the
isp
or
whatever
right.
C
So
you
take
the
core
network
in
this
case,
and
then
you
have
a
kubernetes
cluster
so
where
you
have
a
bunch
of
micro
services
running,
and
so
you
have
the
network
definitions
like
a
provider
network
that
is
left
right
and
then
you
have
virtual
networks
defined.
So
these
blocks
are
actually
your
cnfs,
so
the
slb
is
the
service
load
balance.
C
This
is
a
next-gen
firewall
and
sd-wan
cnf
right,
so
we
are
not
deep
diving
into
what
these
guys
do.
Basically,
all
I
want
to
communicate
here
is
these
are
the
cnfs
which
we
are
looking
to
add
support
for
right
so
to
to
see
the
actual
traffic
flows?
What
we,
what
we
are
supposed
to
enable
configuration
configuring
through
andrea,
is
like
one
of
the
thing
is
like
from
one
of
the
microservice
you
need
to.
C
C
I
don't
know
it's
some
smart
song
here
yeah,
you
see
that
so
the
next
use
case
is
actually
from
the
core
network
to
one
of
the
micro
service,
pod
and
another
use
case
is
possibly
like,
so
we're
not
even
getting
into
any
of
this
services.
It's
communication
from
the
core
network
to
the
external
world
right.
All
of
all
of
these
communications
has
to
go
through
a
chaining.
C
Mainly
you
want
to
load
balance
it
and
you
want
to
traffic
shape
it
or
or
our
kind
of
firewall
protection
here
right
and
then
the
sd-wan
use
case
is
achieved
at
this
exit
and
it
goes
to
your
right
provider
network
right.
These
are
the
use
cases.
These
are
the
traffic
flow
patterns
which
we
aim
to
support
when
we
climb
andrea,
can
support
these
enough
use
cases.
B
I
want
to
add
here
why
virtual
network
support
is
required
and
multiple
interfaces.
You
can.
C
Oh
sure
yeah
so
basically
to
yeah
thanks
cylo,
so
the
virtual
network
support
is
required
here
to
to
enable
chaining
between
the
cnfs
right.
So
when
a
packet
reaches
your
slb,
there
should
be
a
way
for
it
to
communicate
or
go
through
your
further
chains
to
the
external
network
right.
This
flow
is
defined
by
the
crd,
so
we
have
virtual
networks
between
defined
between
cnfs
to
have
your
communication
moving
forward
yeah.
So
any.
B
Questions
and
also
to
add
to
our
own
here
we
are
not
suggesting
any
changes
to
service
functions
like
slb
nextgen
firewall.
There
will
not
be
any
changes
within
the
applications
or
microservices.
C
C
These
are
not
parts,
a
pretty
good
question,
so
these
are
the
virtual
network,
which
we
kind
of
picturized
it
here.
This
is
going
to
be
logical,
so
basically
you're
going
to
create
another
interface
here
right,
so
the
interface
subnet
would
be
defined
in
terms
of
the
virtual
network.
Crd.
C
C
Okay,
let's
move
on
this
is
the
sample
virtual
network
crd.
So,
as
we
saw
here,
these
are
the
virtual
networks
which
we
plan
to
define
right
if
there
is
a
cnf
use
case
not
limited
to
one
or
two
just
we
showed
an
example
here,
so
this
basically
tells
us
the
subnet
right.
So
what
subnet
I'm
belonging
to?
What
is
my
gate
vip
address
in
this
case
right,
so
we
define
virtual
network
one
virtual
network.
True,
and
there
can
be
you
can
you
in
this
flow?
C
You
can
even
use
srov
interface
itself
if
the,
if
the
part
supports
or
the
cnf
the
platform
where
the
cnf
is
running,
it
supports
the
sri
ov.
We
have
a
crd
defined
for
sreob
use
case
as
well
right,
it's
from
the
andrea
point
of
view.
It's
another
network
interface
in
this
case
for
us
right.
So
the
key
point
here
is
the
subnet
information
for
the
virtual
network
is
maintained
in
the
global
ipad
right.
C
So
we
would
expect
the
andrea
controller
to
provide
the
ipl,
provide
the
ipam
for
this
specific
subnet
in
this
case
right.
So,
if
some,
if,
if
a
pod
is
defined
like
when
we
go
through
the
network,
chaining
crd,
it
may
be
a
little
more
clearer.
So
when
some
when,
when
a
pod
or
a
cnf,
is
trying
to
join
network
chain
right,
so
controller
should
realize
that
and
he
should
be
able
to
assign
an
ip
address
using
the
global
life
app
right.
C
So
we're
going
to
use
a
global
ipam
to
to
allocate
ip
address.
So
current
traditional
thing
with
andrea
is
like
we
have
a
local
ipam
right
so
per
per
agent
which
handles
the
agent-specific
communication
for
agent-specific
part
default
network
right
for
service
function.
Chaining,
we
will
be
having
a
global
ipam
which
will
be
used
to
locate
ip
address
on
the
cnf
scope.
F
So
in
your
example,
here
you
different
sublights
in
the
spec
that
I
mean
when
user
creates
a
cr,
they
they
specify
the
sublet
me
yeah.
That's
right!.
C
That
is
expectation.
Okay,
it.
F
Is
coming
as
part
of
the
crt
definition
showing
the
case
of
the
functional
chaining?
Who
will
allocate
the
sublets
your
issues.
B
Are
yeah
here
we
are
defining
the
networks,
actually
virtual
networks,
how
many
we
need
it
based
on
that
and
later,
when
we
are
defining
the
service
function,
and
we
will
mention
that
between
the
you
can
go
to
the.
F
C
Yeah,
so
this
this
is
what
tells
us.
The
controller
has
to
now
see
this
visualize
this
based
on
the
network
chain,
and
he
should
be
able
to
locate
one
interface
on
slb
towards
the
subnet
and
one
interface
on
next-gen
fireball
towards
the
subnet.
F
Yeah,
I'm
just
trying
to
understand
in
the
completed
solution.
Do
we
have
an
automated
way
to
allocate
sublets
for
every
virtual
network.
B
We
can
do
that.
We'll
come
back
on
that
one
here.
That
is
good
idea.
Instead
of
hard
coding
and
subnets
yeah
we'll
come
back
on
that.
C
C
Thank
you.
The
another
main
thing
here
is
like
the
interface
creations
at
the
pod
scope.
We
expect
it
to
be
pushed
through
the
power
annotation
right,
so
assuming
that
this
is
for
your
primary
and
and
the
default
network
based
on
the
kubernetes
crd
right.
So
that's
not.
That
remains
intact
for
the
multiple
interface
and
sfc
use
cases.
B
Anthony
and
janjan
last
time
has
given
the
feedback
to
have
the
multi-kind
of
annotations.
We
are
going
to
follow
the
same.
F
Okay,
yeah,
probably
I've,
also
checked
more
inputs
from
more
people
here,
at
least
previously
we
saw
people
like
martha's,
but
probably
we
can.
We
can
ask
more
people
and
to
see
what's
european
sure.
G
Yeah
you're-
probably
talking
about
me
changer,
so
so,
because
we
had
a
use
case
if
you
go
back
to
the
packet
flow
iron
outside.
So
our
use
case
was
that
we
wanted
to
basically
have
a
part
that
intercepts
traffic
like.
G
It
could
be
basically
connected,
like
your
sov.
Let's
say:
usrb
is
also
partly
set,
so
whatever
traffic
is
going
from
one
port
from
resident
one
and
that's
a
namespace,
I
guess
to
resident
two
pot-
is
going
through
the
srb.
G
C
That
yeah
yeah,
I
think
at
least
we
have
side
lou,
myself
and
rama-
has
understanding
on
what
you
are
actually
proposing.
You're
clear
right.
I
think
you
guys
are
discussing
on
the
slack.
F
Yeah,
I
I
think
it's
like
in
our
top.
It's
like
some
something
like
servicing
searching.
So
basically
you
want
to
insert
some
servicing
in
for
some
specific
traffic
flows
yeah.
Finally,
you
want
to
get
the
bike.
The
traffic
after
water
service
to
the
original
folding
path.
G
Basically,
I
think
markers
I
can.
I
can
draw
something
here:
you
guys
see
it
yeah.
So
let's
say
we
have.
This
is
part
one
part,
and
this
is
another
part,
and
let's
say
this
spot
is
usually
sending
traffic
to
that
part.
So
it
goes
directly
right.
So
the
idea
is
that
the
packets
are
not
going
directly
to
the
other
part
so
that
it
first
goes
to
a
second
port.
It's
intercepted
basically
interceptor
pattern
and
then
goes
to
the
other
part.
G
So
this
this
part
can
do
some
traffic
shaking
that's
just
busy
idea,
but
not
only
for
part-to-part
traffic,
but
also
for
inquiries
and
equals.
So
it's
just
like
let's
say
here's
some
increase
going
to
that
part,
so
it
wouldn't
go
directly
to
that
part.
It
would
also
first
go
through
this
interceptor
and
then
go
into
the
pot
right.
That's
basically
our
use
case
right.
C
Yeah
yeah
yeah
yeah.
Maybe
we
can
deep
dive
on
this.
We
would
really
want
to
discuss
in
detail
also
marcus
on
that
to
understand
if
this
can
be
supported
based
on
the
generic
functionality.
I
know
that
you
guys
are
trying
to.
I
mean,
like
the
hijack
the
flow
from
obs
bridge
right.
Maybe
if
I
understand
this
correctly,
maybe
we.
B
C
Yeah,
thank
you
yeah.
So
this
is
the
network
chain.
Crd.
The
main
point
to
understand
here
is
like,
as
we
discussed,
we
talk
about
the
left
provider
and
then
write
provider
network,
and
then
we
have
a
chaining
attribute
network
chaining
attribute
which
talks
about
chain
between
what
cnfs
the
chain
between
the
cnfs
right.
So
in
this
case
we
take
slb
and
there
is
a
virtual
network
one
in
between
these
two.
C
So
basically
the
slb
and
the
next
hop
is
going
to
be
your
next
gen
firewall
so
connecting
these
two
cnfs,
virtually
through
your
virtual
network
model
right.
Likewise,
your
next-gen
packet,
when
the
when
the
next-gen
functionality
is
done,
the
packet
forwarding
has
to
happen
by
default
to
your
through
your
virtual
network
too.
Ideally,
this
is
actually
virtual
network.
True
sorry
for
the
typo,
this
is
virtual
network
two,
and
then
it
goes
to
your
sd
van
use
case.
C
So
once
the
sd-wan
cnf
functionality
is
achieved,
he's
going
to
go
through
a
default
network
right
from
here.
C
Of
your
provide
yeah
yeah,
exactly
thanks,
it's
going
to
the
right
provider
network
in
this
case
right.
So
basically,
the
packet
originate
from
here
goes
through
this
chain
of
chain
and
then
goes
out
of
your
right,
broader
network
right.
This
is
what
the
crt
is
about.
So
now
the
andrea
controller
needs
to
understand
this
and
define
the
virtual
network,
create
the
virtual
network
assign
the
specific
parts
into
the
service
function.
Chaining
yeah
anyway,.
B
C
Yeah
so,
and
as
as
we
see
that
we
we
send
the
pod
annotation
to
say
there
is
a
virtual
network,
one
so
we
say
eth1
and
the
e3
interface
for
virtual
network
two
right.
So
if
you
take,
if
you
take
nf,
ng
is
next
in
firewall
right.
So
next
in
firewall
needs
to
be
part
of
your
virtual
network
one,
and
he
needs
to
be
part
of
your
virtual
network
through
as
well
right
he's
going
to
ingress
the
traffic
here.
C
B
C
Sure
yeah
yeah
so
to
have
a
little
more
details
here.
Right
so
provide
a
network.
It
goes
to
the
ngf
and
then
it
goes
to
your
virtual
network,
one
as
we
discussed
it
goes
to
sd-wan
and
goes
to,
though
we
say
sd
van.
Basically,
it's
your
right.
Basically,
it's
your
provider
network-
and
this
is
your
left
right
and
network
sorry
right
provider
network.
C
This
is
left
and
then
right
right.
So
basically,
when
the
communication
goes
from
your
core
network
to
the
internet,
in
this
use
case,
we
go
and
virtually
change
this
through
my
service
flow
right.
So
to
achieve
the
corresponding
service
level
agreements
for
a
specific
flow.
F
Could
I
could
I
take
a
look
at
the
old
channing
cl
again.
C
B
F
I
see
yeah
assuming
we
can
also
use
the
cr
to
define
that
in
the
right.
I
just
want.
E
F
C
B
C
That
yeah,
so
the
the
key
points
to
mention
here
is
like
what
we
look
at
from
the
anterior
point
of
view
right.
So
when
we
talk
about
chaining
in
this
case,
so
any
so
because
we
still
talk
about
cnf
being
part
of
the
same
cluster
right.
So
as
far
as
entry
is
concerned,
any
communication
within
the
cluster
is
going
to
go
through
the
tunnel
right.
C
I
hope
we
are
not
missing
any
use
case,
which
is
not
using
the
tunnel
in
case.
If
you
are
talking
between
parts
or
pardons
enough,
is
only
through
the
tunnel
right
yeah,
so
yeah,
nothing,
oh
sure.
So
the
key
point
here
is
to
say,
like
whenever
you
define
a
new
interface,
we
need
to
configure
the
obs
bridge
as
in
a
way
that
the
service
function
chaining
is
handled
through
your
tunnel.
It's
not
going
to
reach
your
default
gateway.
C
The
default
gateway
is
used
only
for
your
left
and
right
provider
network
right.
Otherwise,
if
you
have
n
number
of
chains,
you
are
not
limited
to
two
or
three
right,
so
we
can
do
n
number
of
chains.
So
all
communication
between
chains
are
going
to
go
through
the
tunnel
as
far
as
your
cnfs
are
bound
to
be
in
two
different
nodes
right.
So
if
your
cnf
network
cnf
is
actually
in
node,
one
and
sd-wan
is
in
node
two.
It's
going
to
go,
use
your
internal
communication.
C
So
if
both
the
cnfs
are
being
a
part
in
the
same
node,
it's
going
to
use
your
typical
in
node
communication
right,
it's
going
to
be
locally
terminated!
It's
not
going
to
go
through
your
it's
not
going
to
exit
your
obs
bridge
right.
It's
a
typical
use
case,
typical
andrea
use
case.
Like
any
part,
two
part
communication
within
a
node
is
local.
C
Any
part
to
part
communication
between
nodes
is
going
through
the
tunnel,
so
we
still
maintain
the
same
flow
for
communication
between
cnfs
among
parts.
A
C
Exactly
yeah
yeah,
that's
what
the
controller's
job
now
to
visualize
this
and
assign
the
corresponding
subject,
as
you
can
see
that
3033.2
and
33.3
right,
so
two
interfaces
we
have,
which
is
assigned
with
the
corresponding
same.
C
For
example,
let's
say,
let's
say
like
virtual
network
one
right,
both
of
them
owning
an
interface
on
the
same
virtual
network,
one.
So
this
this
is
visualized
by
controller
and
he
assigns
the
interface
ip
and
then
he
has
to
do
a
routing
configuration
as
well
route
configuration
as
well
to
put
the
packet.
Let's
say
you
have
a
ingress
here.
The
egress
of
next-gen
firewall
should
default
to
your
this
interface
right.
As
of
now,
the
andrea
has
the
default
route
towards
your
default
network
right,
for
example,
so
we
are
going
to
have.
B
And
also
we
are
making,
we
are
preparing
the
demo.
We
are
implementing
that,
maybe
in
next
to
two
weeks
or
sometime,
we
can
provide
the
demo.
A
Yeah
I
was
more
asking
about
so
the
next
gen
fire
will,
when
it's
sending
sending
packets.
How
does
it
know
that
sd1
was
assigned
the
ip
address
33.3
here,
yeah.
B
C
Yeah
right
side
load,
so
it's
based
on
service
chain
right.
So
this
is
what
we
see.
This
has
to
be
visualized
by
the
controller
now
right.
So
this,
for
example,
if
you
take
an
next-gen
firewall,
he
is
part
of
your
virtual
network
one,
and
he
is
also
part
of
your
virtual
network
too.
Sorry
for
the
typo.
This
is
two
right,
so
he's
also
he's
part
of
two
different.
Do
two
different
subnets
right.
This
is
when,
when
the
controller
reads
about
your
network
chain,
he
he
sees
this
right.
C
A
Not
really
I'm
talking
specifically
about
the
next
gen
firewall
software,
which
is
like
processing
packets,
and
when
it's
done
with
with
a
packet,
how
does
it
send
it
to
the
next
app
yes
yeah?
Who
sets
that
a
destination
ip
address
once
the
destination
ip
address
is
known?
I
understand
how
the
packets
go
to
the
back.
C
C
This
is
configured
as
part
of
your
chaining.
F
B
C
C
So
it's
a
typical
example
of
your
anterior
right
so
in
even
in
andrea,
so
any
traffic
which
is
which
is
destined
any
ip
address
right.
So
we
have
a
default
route:
zero,
zero,
zero
right,
it's
by
default
point
towards
the
andrea
zero.
The
same
the
same
logic
is
followed
here.
We
just
modify
your
e0
to
the
eighth
one
in
this
case,
for
example,.
A
C
So
your
destination
ip
address
will
be
your
actual
destination,
ips
and
then
internet,
for
example.
A
C
Your
destination
will
be
your
internet
traffic,
your
your
end,
destination.
A
Yeah,
that's
never
rewritten
yeah.
That
makes
sense.
We
talked
about
this
last
time,
yeah
right!
Yes,
we
have
a
question
on
the
chat.
I
can
read
it
if
you
want
so.
C
A
A
B
Yeah,
we
are
not
inserting
anything
for
the
chaining,
because
we
are
completely
depending
on
the
sfc
cr,
so
based
on
the
cr,
we
are
going
to
route
the
topic.
We
are
not
using
jenny
header
because
of
rtlb,
because
if
geneve
is
not
supported,
only
vxlan
is
supporting.
Then
it
is
not
easy
to
support.
C
H
B
C
Yeah,
so
we're
going
to
take
a
faced
approach
in
this
implementation
so
before
the
one
one
of
the
base
requirement
for
us
to
support
the
sfc
is
the
multiple
interface
support
right
so
that
we
are
taking
it
as
a
phase
one
implementation
on
andrea
once
that
is
once
that
is
achieved,
so
we
will.
We
will
enable
support
for
sfc
with
single
function
chain.
C
So,
while
we
discussed
a
few
weeks
back
antonio
antonio
and
then
had
a
question
like
hey,
how
do
you
guys
going
to
support
multiple
service
function
chain
right,
for
example,
if
specific
flow
wants
to
go
a
specific
chain
right?
Currently
it
is.
It
is
not
as
per
the
phase
two
it
will
not.
C
C
Okay.
So,
as
a
phase
three,
we
plan
to
support
multiple
service
function,
chaining
on
andrea
as
well,
using
the
classifier
that
we
still
are
defining
the
requirement
for.
So
it's
still
in
the
early
phase
of
defining
a
requirement
to
support
multiple
sfc.
C
Functionality
support
multiple
interface
and
sfc
is
achieved
as
far
as
what
we
discussed
in
slide
six
to
eight.
If
this
is
achieved,
which
we
can
safely
climb,
that
multiple
interface
and
sfc
support
is
enabled
in
andrea
for
multiple
service
function.
Chaining,
that's
what
I
said.
We
need
to
have
a
classifier
based
definition,
which
we
are
in
a
very
early
stage
to
define
that
we
are
working
on
a
requirement
to
define
multiple
service
function
in.
C
C
Yeah,
that's
all
we
have
any
specific
questions.
F
B
Yeah,
yes,
along
with
the
classifier,
we
are
going
to
support
multiple
incest
instances
of
the
single
chain
example
where
next
gen
firewall
you
might
based
on
the
load.
You
may
span
some
more
next
gen
firewalls,
you
can
say
8
or
10
or
15
parts.
You
respond
on
a
next
gen
firewall
load,
balancing
between
them
based
on
the
mac
address.
We
internally
we
defined
the
solution.
Just
we
are
getting.
B
F
B
F
Sure,
for
example,
in
this
example,
if
you
have
multiple
instances
of
ng
file,
how
slp
knows
which
will
be
the
last
one
yeah.
B
So
every
every
slb
we
will
have
the
mac
address
based
instances.
We
are
go
example:
you
are
having
the
next
gen
firewall.
Maybe
10
instances
are
running
then,
along
with
the
slb,
we
are
going
to
bring
up
a
kind
of
small
load
balancer
along
that
one.
So
yeah
keep
track
of
all
the
instances
of
the
next
gen
five
volts.
Then.
B
B
C
Yeah,
thank
you.
So
we
we
plan
for
a
demo
on
on
this.
Like
we
have
implemented,
hacks
is
kind
of
a
poc
solution
on
the
andrea
we
targeted
to
give
today,
but
then
there
are
little
more
pending
on
that.
So
we
would
definitely
be
able
to
showcase
that
by
next
community
discussion.
C
Okay,
so
maybe
we
can
take
up
this
topic
further
with
marcus
marcus.
You
would
like.
F
I
could
ask
one
more
one
more
question
before
that,
so
in
your
in
your
planner,
you
plan
to
use
the
same
os
bridge
as
entry
or
untrained
overs
bridge
or
beyond
bridge,
or
you
you
plan
to
create
a
new
one.
C
It's
the
same
bridge.
There
is
no
additional
bridges
required
in
this
case.
Maybe
we
need
to
add
sniff
additional
flows,
yeah,
okay,
additional
flows.
Indeed,
the
current
poc
also
targets
your
target,
the
existing
code.
As
far
as
you
give
the
subnet
information,
so
it
would
create
another
via
pair
and
define
the
obs
flows
automatically
for
the
new
set
of
addresses,
but
in
zero
you
can
also
create
another
bridge.
F
I
I
don't
know
originally,
I
I
probably
just
just
like
I.
I
don't
know
how
you
are
going
to
either
flows
or
injury.
I
was
thinking
if
you
want
to
add
a
different
set
of
totally
different
set
of
flows
and
they
don't
want
to
interfere
with
the
existing
flows.
B
Yes,
both
we
have
thinking
through
actually
so
at
least
we
are
currently
implementing
with
adding
the
additional
flows
right
and
we
will
think
through
if
anything
is
conflicting
with
the
existing
clause
or
any
problem
we
face.
So
obviously
we
create
the
second
page.
The
work
will
be
the
same
more
or
less
here.
F
Right,
another
thing
that,
since
you
were
connected
to
the
pride
lateral
right,
I
assume
it's
a
villa
network,
then
you
need
to
add
the
uplink
to
the
bridge
right
yeah.
I'm
not
sure
that
we're
impressive
until
you
are
behind
the
bridge
or
not,
if
you
add,
move
any
physical
need
to
the
bridge
in
some
cases
for
you,
you
even
need
to
move
the
ip
to
the
bridge.
So
I
I
I
didn't
sing
solo
attack.
I'm
not
sure
what
will
happen
if
it's
the
same
bridge.
F
I
mean
if,
if
we
want
to
kind
of
provide
the
network,
it
must
be
some
willa
network
right.
A
F
C
Yeah
we
can,
as
cylo
said
we
will.
We
will
deep
dive
a
little
more
into
see
like
how
what
benefits
we
may
have
with
two
different
bridges
yeah.
The
currently
like
the
flow
is
defined
as
in
a
way
like
you
are
giving
another
subnet
and
you
go
and
modify
your
obs
flow
that
because
it's
going
to
go
through
the
tunnel
right,
so
you
will
just
mask
your
source
address
and
exactly
the
same
same
kind
of
mechanism
like
how
it
goes
between
node
node
right
now,
yeah.
F
Okay,
if
we
can
see
your
example
implementing
like
the
flows
and
the
bridge
setup,
and
probably
it's
clear
to
us
to
understand.
B
C
Exactly
yeah,
that's
what
we
target
to
give
today
as
well,
but
somehow
it
got
delayed
a
little
more
than
what
we
thought.
C
G
G
G
So
maybe
we
can
have
a
look
at
that
later
too,
but
I
wonder
how
our
use
case
will
now
map
to
your
proposal,
because
if
I
see
that
it's
it's,
I
don't
understand
yet
how
your
proposal
would
work
with
pot
to
pot
traffic
like
in
the
same
cluster.
C
Yeah,
so
maybe
what
we
can
is
like,
okay,
so
part,
two
part,
possibly
that
the
the
actual
thing
right.
So
the
part
has
to
default
its
traffic
to
to
the
cnf
right
and.
E
B
C
Yeah,
basically,
the
cnn
will
be
your
gateway
right.
Just
take
a
take
a
home
home
use
case
right,
so
we
all
have
home
devices
connected
and
then
there
is
a
gateway
router
at
our
home,
so
assume
that
gateway
router
is
your
cnf
right.
So
all
the
communication
has
to
go
through
your
gateway.
In
this
case,
your
cnf
right,
like
like
how
I
talk
between
my
device,
one
two
device,
two
at
home
right
through
my
home
gateway,
router
right.
C
So
maybe
we
can
have
communication
go
through
the
cnf,
so
the
cnf
can't
decide
whether
to
allow
the
traffic
means.
Basically,
you
can
do
a
traffic
shaping
there.
B
G
Not
necessarily
redirect
so
it's
more
like
a
filter,
so
it
should
end
up
at
the
same
pot
right
so
this
like,
if
we
have
now,
let's
just
draw
this
cnf
here
right,
so
it's
definitely
connected
here
to
the
network
and
it
will
have
traffic
sending
from
that
part.
Now,
let's
say
like
traffic.
That's
going
from
that
point
to
this
part
here
should
be
intercepted
by
another
part,
so,
basically
like
a
filter
so
but
that
network
function
is
then
not
rewriting
the
packet.
So
we're
not.
G
We
directing
the
traffic
the
changing
the
destination
ip
to
another
plot
right.
So.
G
Like
going
as
as
a
filter
to
this
network
function,
in
your
case,.
F
G
F
Perspective
from
your
post
perspective,
they
should
not
be
aware
of
the
services
you
applied
right,
they're,
just
talking
to
each
other.
From
their
point
of
view,
yeah.
G
G
I
don't
know
for
for
http
traffic,
sending
out
some
data
or
something
also
done
in
the
port.
F
But
what
ip
will
be
used
for
your
traffic?
These
two
interfaces
will
have
ipls
both
have
ipvs,
so
only
one
individual
appearance.
In
your
mind,.
F
Okay,
you're
saying
for
traffic
require
shipping.
We
can
use
the
second
interface
in
the
secondary
interface
ipos
to
communicate.
G
Yeah
yeah
exactly
yeah,
so
it's
it's
not
a
problem.
We
were
trying
to
use
maltose
to
add
a
second
interface
would
just
and
that
second
interface
would
just
do
the
traffic
shaping.
I
see.
C
So
what
is
the
actual
use
case?
We
try
to
address
with
actually
it's
basically
a
traffic
shaping
right,
so
yeah.
We
would
like
to
know.
G
C
Okay,
so
this
can
be
in
one
one
way.
This
may
be
a
bottleneck
right
or
unless
you
have
some
ways
to
overcome
that
just
trying
to
understand
more,
it
means
basically,
the
expectation
here
is:
every
traffic
must
hit
through
and
cnn
right,
exactly
yeah.
So
it's
between
part
it's
within
the
node
or
across
nodes.
It
has
to
go
through
your
cnf,
exactly
yeah.
G
Now
the
functionality
is
in
that
in
the
pot,
so
the
flow,
so
it
should
be
done
in
in
user
space
from
the
plot,
like
the
decisions
based
on
application
labels
and
so
on.
G
B
G
C
Yeah
so
silo.
The
key
difference
I
see
here
is
like
the
actual
service
function.
Chaining
will
be
handled
based
on
the
route
modifications
as
well
right.
So
in
this
case
it
should
be
seamless
for
this
use
case.
If
I
understand
this
correctly
right
so
part,
a
to
part
b
should
be
seamless.
I
mean
like.
We
cannot
modify
the
routing
table
of
pod
to
divert
the
traffic
through
cnf.
It
may.
B
B
I
think
use
case
is
more
or
I
think
it's
a
different
from
currently
what
we
are
proposing
in
the
sfc
site.
Right
we
can
think
through.
Can
we
use
sfc
like
you,
can
assume
that
a
slb
kind
of
one
part,
but
it
is
not
changing?
We
have
to
think
throughout
that
one.
F
F
Want
to
insert
some
service-
and
in
our
case
we
saw
some
service-
can
be
some
physical
network
service,
for
example,
a
platform
that
you
want
to
insert
service
for
specific
traffic
for
the
once
the
service
being
enforced.
We
want
to
continue
the
folding
parts
yeah,
let's
smile
and
something
with
the
problem.
C
So
marcus
is
this
a
supported
use
case
in
some
other
form?
I
mean,
like
others,
see
a
nice
or
support
this
or
I'm
like.
Maybe
we're
just
trying
to
understand
if
this
is
an
implemented
or
kind
of
a
working
solution?
G
Are
we
using
that
already
similar
with
on
top
on
istio.
G
So
istio
is
like,
so
it's
a
very,
very
similar
light
idea,
just
like,
instead
of
doing
it
it
still
because
he
has
just
for
those
who
don't
know
have
like
there's
a
layer,
seven
boxy
for
each
part,
and
then
the
communication
between
each
bot
is
then
always
ejected
by
by
the
side
car
who
could
also
do
weight
limiting
or
could
also
decide
to
drop
the
traffic
right.
Just
like,
I
think,
it's
more
elegant
to
solve
that
problem
on
the
a3.
G
So
that's
why
we
bring
in
basically
this
yeah
this
this
kind
of
functionality
in
on
layer.
Three,
that's!
Basically
what
we
want
to.
B
C
Yeah,
so
our
current
sfc
proposal
may
not
address
this
right,
so
it
should
be
seamless.
If
we
are
okay
to
modify
the
route
update
on
par
then,
yes,
ideally
it
should
be
seamless
right.
F
Actually,
I
I
was
thinking
about
I'm
just
thinking
a
lot,
I'm
just
actually
I'm
thinking.
If
we
take
your
service
training
approach,
what
we
what
can
happen,
we
can
still
define
a
chain
and
then
for
the
classifier.
We
just
need
to
define
some
way
to
say
for
given
traffic,
for
example,
from
port
one
to
port.
F
Two
using
this
traffic
should
enter
the
chain
and
then
also
she
will
have
some
flower
in
the
os
bridge
to
to
capture
the
packets
and
then
redirect
your
searching
and,
of
course,
in
a
specific
case,
marcus
one
in
his
chain.
He
has
only
one
service,
and
that
is
some
shipping
service,
but
to
make
it
more
generic,
we
can
still
use
your
chain
definition.
F
F
B
G
F
That
classifier
implementation
will
just
probably
based
on
some
matching
criteria,
to
see
what
path
should
be
for
the
tool
that
you
can.
F
C
Oh
okay,
so
maybe
I
I
can
take
this
offline
with
you
to
understand
more
slightly,
but
maybe
I
was
just
trying
to
understand
how
the
classifier
can
be
used
between
parts
in
a
node
and-
and
there
is
a
kernel
communication
right.
B
A
So
basically,
in
that
case,
the
left
network
and
the
right
network
right,
those
are
the
actual
default
pad
network
default
community
spot
network.
Yes,
yes,.
A
Okay,
guys
so
sorry
to
interrupt.
We
have
like
two
minutes
left,
so
I
think
we
can
keep
discussing
this
offline
and
since
we
have
a
few
minutes
left,
is
there
anything
that
anyone
wants
to
bring
up.
B
A
Okay,
perfect
and
please
send
me
the
slides
arun,
so
I
can
upload
them
to
oh
sure,
wiki.
A
A
Okay
sounds
good
great.
Thank
you
all
right!
Thanks
everyone
for
joining
thanks,
arun
and
side
lou
for
the
presentation
and
I'll
see
everyone
in
two
weeks.