►
From YouTube: Antrea Community Meeting 07/19/2021
Description
Antrea Community Meeting, July 19th 2021
A
So
good
morning,
good
afternoon
good
evening
and
welcome
to
this
instance
of
the
anthria
community
meeting
today
is
tuesday
july
the
20th
or
if
you
are
in
u.s
it
will
be
still
monday
july,
19th
for
you
and
for
today
we
have
only
one
topic
on
the
agenda
and
we
should
have
hong
yang
and
sorry
if
I
get
your
pronunciation
of
your
name
wrong,
presenting
about
the
andrea
proxy
design
with
tc,
and
this
design
should
include
support
for
both
node
port
and
services
of
type
load
balancer.
A
B
Okay,
thanks
sabato
vitamin
outside
the.
A
A
B
First,
the
motivation,
the
the
target
of
this
design
is
to
remove
the
kuby
proxy.
If,
if
the
copy
proxy
is
removed,
a
lot
of
cpu
circles
and
memories
can
be
sealed,
we
need
we
don't
need
to
handle.
A
lot
of
applicable
interest
is
that
we
may
account
a
lot
of
os
flows
in
current
design.
The
service
can
be
only
supported
fully
when
the
client
is
from
the
port.
If
the
client
is
from
remote
host,
android
proxy
has
to
need
the
help
of
kubi
proxy
to
redirect
the
service
traffic
into
entry
gateway.
B
B
B
What
here
is
a
new
design?
Okay,
I'll
introduce
the
new
design
in
two
parts.
The
first
part
is
the
linux
is
how
to
redirect
remote
and
localhost
service
traffic
to
actually
gateway
directly
without
passing
through
and
to
proxy,
and
how
to
make
the
response.
Traffic
back
to
the
client
and
the
new
design
used
linux
tc
to
handle
the
node
power
and
load
balance
traffic
from
remote
clients
and
for
for
non-power
traffic
from
localhost
link.
Tc
is
used
for
load
balance.
Traffic
from
local
hosts
and
new
design
use
can
leave
roots
to
handle
it.
B
B
Oh,
oh
sorry,
and
this
part
this
the
second
part,
and
the
second
part
is
os
pipeline.
I
think
this
part
can
be
used
in
links
as
well
as
windows,
and
there
are
three
main
reasons:
first,
how
to
do
smart
for
source
traffic,
the
second
one,
how
to
handle
the
destination
mac
address
of
the
response,
traffic
and
the
third
one
compatible
with
the
lag
city
plan.
B
I'll
introduce
the
new
design,
the
first
part
take
notepad,
for
example,
okay
for
request,
notepad
track
notepad
traffic
from
remote
client.
First,
a
filter
will
create
another
test
to
the
field.
Take
it
as
an
eagle
example
we'll
attach
the
two
eth0s
in
grass
for
every
node
pulsar
is
here
we
take
so
and
one
and
that's
the
definition
part
by
default.
The
filter
will
be
will
be
put
on
train
0..
The
handle
id
is
generated
by
generator
according
to
notepad
ip
address
layer,
4
protocol
and
the
node
part
number.
B
B
And
pay
attention
that
if
the
interface
has
more
than
one
ip
addresses
the
about
the
about
command
will
be
generated
for
every
ap
address,
and
we
can
see
we
can.
We
can
also
say
that
the
it
is
h1
this
this
command
will
will
be
also
generated
for
each
one
as
dch0.
B
B
B
B
B
Okay,
that's
for
sub
chain
is
where
the
second
layer
filters
locate
one
node
pod
is
created
the
filter.
The
filter
will
be
created
and
attached
to
the
sub
chain.
The
filter
matches
the
packets
according
to
the
to
the
source.
Part
under
the
action
is
to
redirect
the
mass
response
traffic
to
the
interface,
where
it's
requested
traffic
from
if
the
substring
is
full
go
back.
B
B
B
B
Okay,
next
for
load
balance
traffic
from
localhost
here,
unlike
unlinked
route,
is
used
for
remo
for
routing
the
load,
balancer
request
traffic
into
antiquity
and
the
target
the
target
that
ip
address
is
the
load
balancer
external
ip.
B
B
Okay,
next
for
response
traffic
for
response
traffic,
it
has
two
directions:
one
for
actually
conjugate
wave.
This
traffic
is
traffic.
This
request
is
from
kubernetes
node
and
the
one
for
default.
Router
interface,
this
request
the
traffic
is
from
a
remote
client
and
then
we
should
add
a
higher
priority
filter
to
match
to
match.
The
traffic
would
request
the
traffic
from
country
gateway,
and
then
we
can
bypass
bypass
the
traffic
back
to
and
to
get
away
and
the
left
traffic
traffic
is
for
the
photo
before
the
road.
B
Next
for
cluster
cluster
ip
for
cluster
ip
is
only
used.
It's
only.
This
client
can
be
from
part
of
kubernetes
node
here
used
for
kubernetes
node,
world
class,
ips
drive,
class
ip
is
created,
and
if
there
is
no
a
cluster
ip
so
far,
ok,
then
the
unlinked
router
will
be
created
for
the
class
type.
Another
prefix
is
32,
that's
the
longest
one
longest
mask
for
root.
Okay!
Well
then,
unlike
this
one
add
a
new
add
a
new
class
ip,
then
a
new
unlinked
router
will
be
generated
and
we
can
replace
the
old
one.
B
B
The
red
ones
are,
you
added,
the
yellow
ones
are
modified
and
the
blue,
blue
ones
are
not
changed.
B
B
B
What
what
it
does
is,
it
will
generate
it.
It
will
match
the
service
traffic,
this
first
package
and
the
generator
flow
to
table
70
file.
This
generated
you
should
learn
this
learn
the
flow
master
response
package
of
the
node
part.
B
B
B
B
B
B
B
B
B
This
data
is
reply,
the
track
tracker
and
the
service
traffic
it
will
be.
The
master
package
will
be
sent
to
70
75
the
70
file.
The
70
file
is
a
new
username
table,
and
this
table
this
table
is
how
mentioned
this
table
before
a
table
certified
and
the
generated
learn
flow
is
located
at
the
table.
70
file,
the
first,
the
first
packet
of
a
remote
client,
will
trigger
a
flow
at
the
table.
70,
and
this
flow
is
used
to
set
destination.
Mac,
address,
output,
interface
and
output,
output.
B
Okay,
this
as
the
second
packet
is
not
from
gateway,
so
the
first
floor
will
not
match
it
under
the
light
for
automatic
okay
and
then
then,
the
second
package
will
return
to
the
client.
B
B
B
The
the
first
difference
is
at
the
table.
70
and
now
we
can
see
that
at
its
destination
address
is
the
is
on
another
kubernetes
host
kubernetes
north
and
it
won't
hit
any
flow
here.
So
it
can
only
hit
this
flow
and
this
flow
is
prepared
for
it.
B
B
But
it's
it's
harping
traffic,
because
it's
from
this
from
entry
getaway
and
it
will
it
will-
it
will
be
out
of
oas
pass-through
conjugate
way.
So
it
might.
It
must
be.
B
Okay,
the
next
for
her
for
helping
traffic,
the
the
astronaut
does
not
append
to
as
the
happy
address
of
astronaut
can't
be
attributed
to
it,
because
the
anti-gateway
will
drop
drop
will
drop
the
package
if
its
destination
is
so.
This
source
address
should
be
a
different
one.
Here
we
we
use
our
watch
service
versus
ip
address
to
to
do
to
do
it.
B
B
A
Thanks
thanks
a
lot
for
this
presentation
that
was
extremely
informative.
So
if
your
community
has
any
question
curiosity
observation,
please
go
ahead.
D
Two,
so
is
there
any
plan
to
cover
the
use
cases
that
we
don't
support
today,
I'm
referring
to
the
table.
You
showed
at
the
very
end
those
cases
where
the
external
traffic
policy
is
local
and
the
destination
and
point
is
in
those
network.
Are
we
do
we
have
any
plan
to
address
it?
Somehow.
B
Yes,
but
how
investigated
some
possible?
Actually,
I
think
I
think
it
may
it's
not
so
so
worthy
to
do
it
I
can
I
can.
I
can
use
a
link
to
tc
filter
to
do
some
tool
to
add
a
mark
to
this
kind
of
mark,
but
that
will
introduce
another
drone
to
tc
filters.
The
current
design
of
the
currently
designed
for
tc
filters
is
stateless
and
that
if
the
distributors
introduce
stateful,
I
think
that
will
that
will
if
and
that
that
will
make
a
effect
effect
to
the
performance.
E
B
B
City
operation
for
tcp
orders
that
will
that
will
take
effect
to
all
of
our
traffic.
We
only
for
the
for
this
case
if.
E
Why
why
is
that?
Could
we
match
ip
first,
let
me
see:
could.
B
C
E
I
I
feel
it's
hard
to
say
this.
These
are
not
important
case
right.
E
I
mean
I
actually
I'm
not
quite
sure,
but
I
assume
maybe
there
are
some
use
cases
for,
for
example,
traffic
policy
equals
local
and
then
the
back
end
is
the
host
network
port.
E
I'm
not
certain
either
I'm
just
wondering
if
it's
supported
and
if
I
really
have
a
some
service
in
house
network.
E
Yeah
I
saw
that
too.
I
think
that
at
least
probably
that
at
least
it's
better
than
not
supported
but
yeah,
as
you
said,
then
you
change
the
behavior.
It's
traffic
policy,
local,
okay,
god,
how
about
us
to
do
some
evaluation
on
these
two
options?
It's
that
or
planning
trip.
E
B
C
B
C
B
C
Yes,
os
pipeline
can
set
the
packet
mark,
then
we
need
to
match
the
packet
mark
and
set
the
connection
mark
in
iv
tables.
Okay,.
B
F
I
do
have
a
quick
question
if
cornell
doesn't
mind,
I'm
looking
at
the
the
road
number
17
and
18
18
here
I
was
not
noticing
that
if
the
client
part
is
from
the
remote
node
and
depending
on
the
external
traffic
policy,
we
may
or
may
not
need
s-nets
in
two
different
cases.
I'm
I
might
miss
when
you
present
it,
but
could
you
explain
a
little
bit
on
why
that
is
the
case.
F
Yeah
right
I'm
just
talking
about
this
specific
case
because,
for
example,
if
we
have
a
pod
from
a
remote
node
trying
to
access
a
node
port
to
service
now.
Why
is
that?
Because
of
the
external
traffic
policy?
We
don't
need
a
snap
for
for
a
local
case.
A
A
A
Time,
okay,
I
have
two
very
simple
questions,
mostly
as
usual
because
of
my
ignorance,
so
considering
these
few
use
cases
that
at
the
moment
we
are
not
supporting,
is
this
affecting
in
any
way
conformance
tests?
I
mean:
is
there
any
conformance
test
that
explicitly
verifies
if
no
deporter
node
for
traffic
works
with
external
traffic
policy,
local
in
our
cases
or
is
conformant
conformance
tests
are
still
passing
fine.
B
A
Our
load
balancer,
no
sorry,
I
meant
something
different
I
mean.
If
now
we
replace
q
proxy,
we
completely
proceed
with
entria
proxy
will
the
conformance
test,
like
you
know,
the
cncf
conformance
conformance
tests
that
we
already
executed
in
our
ci
will
they'll
still
pass,
or
will
there
be
any
conformance
tests?
That
might
start
not
passing
because
of
these
use
cases
that
we
are
not
supporting
at
the
moment
or.
B
G
I
suggest,
let's
just
run
over
the
conversations
and
see
which
case
they
are
failing
and
let's
investigate
and
if
the
conference
set
won't
fit
our
design
now
and
maybe
we
can
add
some
new
eq
tests
to
cover
and
skip
those.
A
B
Okay,
how
considerable
about
ipv6,
but
the
time
is
limited-
and
I
have
this-
I
didn't
talk
about
it.
B
B
A
I
think
okay,
thanks
thanks
for
yeah,
thanks
for
bringing
this
up,
that's
good.
You
know,
and
at
least
from
what
you've
seen
are
those
issues
that
are
already
being
attracted
by
the
kubernetes
community.
Or
is
it
something
that
maybe,
if
we
want
to
have
them
addressed,
we
should
fix
them
by.
A
B
A
Yes,
yes,
I
mean
you,
you
mentioned
that
there
were
some
for
ipv6.
You
found
some
upstream
issues
that
were
preventing
you
for
implementing
design
for
defining
a
solution
for
ipv6.
I
was
just
curious
if
those
issues
were
already
tracked
in
the
kubernetes
community
or
whether
these
there
was
no
one.
Looking
at
those
issues
at
the
moment.
B
B
I
I
think
I
need
to
I
need
to
find
it
find
a
little
later.
I
didn't
remember
the
specific
problem
now,
but
I
just
remembered
that
so
sorry.
A
No
no
problem,
I
mean
I
I
mean
you
answered
my
question
that
it
was
an
issue
that
was
already
known
to
the
community
and
not
just
something
that
you
find
it.
You
find
it
for
the
first
time.
So,
thanks
for
your
answer-
and
that
is
all
from
me
in
terms
of
questions-
is
there
any
other?
A
Is
there
any
other
comment
about
the
design
observed
today,
a
design
that
we
discussed
today?
Sorry,
I
don't
know
why
I
used
observed.
B
The
next
one
is
how
to
remove
how
to
remove
cookie
proxy
totally.
The
current
design
is
that
we
use
the
endpoint
of
kuber
api
server
to
fast,
fast,
faster
service
or
other
other
information
from
kobe
api
server,
and
this
is
not.
This
is
not
perfect
because
reflects
the
information
from
only
the
api
server.
B
A
All
right
thanks
thanks
for
thanks
for
this
answer.
Okay,
and
perhaps
that
is
really
all
for
today,
at
least
for
this
topic-
anything
else
that
the
community
would
like
to
discuss
for
today's
meeting.
A
Well
I'll
wait
a
few
more
seconds
to
check
if
there
is
any
other
topic
that
you
would
like
to
bring.
A
A
And
it
appears
that
it's
really
all
for
today,
so
I
would
like
to
thank
again
hong
leon
for
this
presentation.
Thank
again,
everyone
for
attending
this
meeting
and
and
well.
The
only
thing
left
to
do
is
to
is
to
say,
wish
everyone
a
good
afternoon
a
good
evening
or
a
good
day
and
we'll
talk
again,
we'll
meet
again
in
two
weeks
time,
thanks
everyone
for
joining
and
have
a
good
one
thanks.