►
From YouTube: Antrea Community Meeting 01/17/2023
Description
Antrea Community Meeting, January 17th 2023
A
B
C
C
C
C
C
C
This
is
the
current
Implement
tension
of
the
math
cluster,
but
it
is
a
bit.
It
is
based
on
the
junior
tunnels
and
just
generate
generate
Network
encapsulation
on
technology,
but
it
is
pity
that
is.
This
is
not
a
secure
tunnel,
which
means
it's
that
it
cannot
guarantee
the
on
security
of
the
traffic.
Okay.
C
Sometimes
we
are
focused
on
the
security
of
the
traffic.
For
example,
in
one
company
there
are
some
departments
in
different
cities
and
once
it
different
cities
for
different
Services.
If,
if
once
once,
one
team
want
to
access
to
other
teams
the
service,
maybe
the
traffic,
it
will
go
through
on
public
network.
So
in
this
situation
we
will
focus
on
the
on
security
of
the
traffic
so
in
in
order
to
solve
this,
there
are
so
there
are
many.
C
There
are
many
secure
tunnels
or
there
are
many
open
sources
of
Cortana
such
as
such
as
Opera
God,
open,
VPN,
l2tp
and
so
on,
and
why
we
choose
well
God
or
it
is
because
that
in
some
workout
it's
easy
to
use.
We
just
need
a
endpoint
and
a
public
key
or
we
will.
We
can
just
tell
you
in
other
node
as
PR,
for
example.
We
we
don't.
We
don't
need,
maybe
some
other
handshake
or
some
other
operations.
C
C
Oh
yes,
this
is
a
desired
architecture,
not
too
much
difference
with
the
previous
one.
Just
just
we
replace
the
genift
tunnel
with
our
garden,
but
actually
we
do
not
replace
without
we
just
in
cap
again
you
have
the
genetic
package
into
workout
and
then
the
gateways
will
communicate
with
each
other's
by
Wagga
tunnel
foreign.
C
Responsible
for
other
closed
cluster
traffic,
but
in
the
in
cluster,
the
architecture
will
not
change
or
why
we
choose.
This
architecture
is
that
we
are
trying
to
avoid
too
much
unnecessary,
edit
addition
of
the
flows
and
the
architectures.
So
we
just
encaped
the
web
genetic
package
into
well
God
that
we
want
to
do
so.
C
I
think
maybe
the
why
God
the
Wagga
tunnel
in
Android
market
cluster
can
be
divided
into
four
steps.
The
first
step
is,
you
need
to
initialize
the
workout
interface
on
Gateway
nodes.
Once
we
once
we
are
annotated,
a
note
as
a
multiple
multi-class
Gateway.
We
need
to
create
network
interfaces
of
our
God
in
such
as
maybe
workers,
zero
or
maybe
workout.
C
C
C
C
After
we
add
added
all
the
appears,
maybe
not
all
the
appears,
but
other
peels.
We
need
to
generate
corresponding
obvious
flows.
What
such
a
you
know,
our
current
implementation,
one
subsiders
on
it.
It
will
be
one
maybe
one
or
some,
maybe
not
one-
some
flows
to
corresponding
clusters,
so
one
one
cluster
will
be
if
one
cluster
was
added
as
a
PO
that
we
need
the
controller
we
need
to
generate
the
corresponding
or
vs
flows.
After
all,
foreign.
C
C
C
This
this,
these
two
flowchart
is,
is
a
controller
process.
The
the
first
one
is
is
if
weight,
if
weight
is
able
the
record
or
maybe
wait
or
if
we
disable
the
workout
on
the
controller
process,
will
be
like
this.
Firstly,
we
need
to
init
the
well
the
smart
cluster,
such
as
maybe
class
set,
and
the
class
clamp
and
foreign.
C
Clusters
was
added
to
to
a
class
set
we
need
to
and
we
need
to
create,
get
gateway
to
to
enabled
close-class
traffic
create
Gateway.
Is
we
just
annotated
a
node
as
a
Gateway,
once
our
Gateway
was
created
on
the
controller
well
well
to
to
two
things:
the
first
one,
the
controller
will
export
the
local
class,
the
local
cluster
info
to
other
clusters,
and
then
it
will
import
other
class
clustered
info
and
the
add
flow
to
the
remote
Gateway
if
it
is,
but
if
we
enable
if
we
enable
the
workout.
C
There
are
some
more
steps
after
we
create
Gateway.
We
we
also
need
to
export
the
cost
info,
but
if,
since
the
workout
is
enabled,
we
need
to
initial,
you
need
to
workout
interfaces
such
as,
inter
network
interfaces
and
others,
and
the
the
workout
interface
is
up
we
need
to
when
we
will
generating
some
public
generated
public
key
public
key
and
the
export
the
public
key
to
other
clusters.
So.
C
C
C
C
C
C
If
the
key
is
okay,
the
controller,
the
controllers
will
list
all
the
class
info
import
and
add
flows
for
each
cluster.
We
I
have
mentioned
it
before
one
one
cat
away.
It
means
one
class
to
info
import,
so
it
means
that
under
one
cluster,
only
has
one
Gateway.
So
one
class
info
import
means
one
cluster,
so
we
will
at
least
all
the
class
info
import
and
other
flows
to
add
flows
for
them.
C
C
C
C
C
But
if
this
key
is
not
a
Gateway
key
and
the
workout
is
enabled,
it
means
that
one
there
is
something
changed
in
classic
info
importer,
so
we
should
do
something,
maybe
just
other
LPS
update
appears
on
the
airflows.
So
if
the,
if
the
key
is
not
get
working,
it
means
that
there's
a
there
is
a
info
Imports
in
the
queue
so
under.
C
If
the
interface
in
workout
interfaces
is
not
ready,
it
means
that
which
will
in
the
workout
interface
is
not
in
it
to
initialize.
Maybe
we
should
include
again
and
wait
for
the
interfaces,
but
if
the
key
interface
is
ready,
we
should
get
the
corresponding
class
info
import
and
what
got
Pure
as
and
the
Earth
flows
questions.
C
The
last
step
is
update,
Hostess
that
load.
So
in
this
process,
we
we
will
add,
where
God,
plus,
with
the
help
of
class
info
import.
So
there
must
be
some
change
in
class
info
important.
We
should
export
our
public
key
or
our
work,
output
and
other
information
in
this
CRT.
Now
we
will
mention
this
later
on.
The
next
step
is
update.
Add
an
update
appears,
and
this
one.
This
one
is
this
step.
C
C
This
one
is
about
the
flows
and
static
Road.
The
workout
is
a
layer,
3
technology
so
and
we
should
use
use.
If
we
want
to
use
this
technology
with
and
always
ovs
Maybe,
we
should.
We
use
the
help
of
host
Network.
So,
firstly,
we
were,
as
we
did
not.
We
need
to
add
other
rules
for
the
hostage
Network.
C
But
in
the
current
in
the
current
implementation,
also
also
all
the
class
traffic
will
be
will
be
sent
sent
to
the
portrait
contractor
tunnel
zero.
This
part
is
responsible
responsible
for
other
cross-class
traffic
and
it
is
the
other
side
of
this.
This
port
is
a
genief
tunnel,
so
our
in
our
in
our
implementation,
we
should
try
to
hijack
or
maybe
hijack,
not
the
correct
or
the
other.
C
C
C
C
C
Just
like
this,
if
it
will
check
the
mark
and
look
up
or
the
look
up
the
entromat
class
table,
as
for
the
Android
cluster
table,
the
diff,
the
default
on
device
of
this
this
table
is
the
Android
multiple
cluster
workout
interface.
We
just
you
need
to
we
just
created
before
so
in
this.
In
this
way
we
can,
we
can
do
the
minimal
change
of
the
minimum
change
of
the
flow.
We
just
need
to
change
one
flows
for
the
map
cluster,
and
then
we
should
we
will
not
change
other
flows.
C
C
C
C
C
And
the
stack
the
second
summary:
the
output
Port
is
untrusted
unsure
tunnel
zero.
So
we
need
our
IP
rule
on
the
hosted
to
hedge
on
the
traffic,
the
IP
row
and
the
static
Road,
the
second,
the
third
one,
the
gateways
at
exports,
the
well-guard
public
keys
on
the
on
the
port
by
CRT
class,
the
info
importer,
because
we
just
need
to
add
a
new
field
in
the
series
definition.
C
C
So
package
traffic
in
the
left,
the
left
one
is
is
the
current
is
the
current
implementation.
We
we
will,
if
the
pet,
the
the
package
from
Port
A
to
Port
c,
will
go
through
the
will,
go
through
the
virtual
pair
and
the
Android
tunnel
zero
and
it
will
be
forwarded
to
the
Gateway
once
the
package
when
the
pack
reaches
the
Gateway.
So
it
will
go
through
obvious
pipeline
too,
and
the
ovs
flows
will.
C
The
obvious
flows
well
cases
of
the
destination
Gateway
by
the
by
the
destination
Center
to
choose
which
one
which
Gateway
is
the
remote
Gateway
and
it
will
forward
forward
the
packet
to
the
remote
Gateway
and
you-
and
this
is
the
third
obvious
pipeline.
Finally,
we
reach
the
policy
in
in
our
implementation.
There's
no,
not
too
much
difference.
C
The
only
difference
in
is
that
on
the
Gateway
node,
we
will
add
a
well-guard
interfaces
once
or
package
comes
out
from
the
Android
tunnel
zero.
It
will
be
in
kept
Again
by
the
web
guard
interfaces
and
the
and
be
sended
to
remote
Gateway
by
wireguard
by
wild
guard
tunnel.
That's
the
difference
not
too
much.
C
In
this
step,
in
this
implementation,
we
we
just
need
to
do
the
minimal
change
of
the
flows.
The
architectures
and
the
crds
We
Will,
We
Will,
which
only
we
just
we
need
to
do,
is
create
a
new
interfaces
and
modify
one
flow
and
and
added
on
you
and
I
added
a
new
field
in
one
crd,
not
other,
not
too
much
on
changes
of
the
architecture.
So
that's
why
we
choose
this
implementation
with.
A
B
D
A
B
E
A
E
C
C
B
E
G
C
C
C
C
C
It
will
go
through
the
genift
tunnel
and
actually,
actually
the
the
first
step
is
to
forward
the
forward
to
the
package
to
the
Gateway
node
and
the
second
one.
The
second
step
is:
is
the
Gateway
node
for
the
connector
to
the
remote
Gateway
that
that
goes
through
the
that
that
is
able
disabling
workout
situation
so
there's
another
there's
another
other
cluster
enable
the
workout.
Let's
see
the
difference.
B
E
G
C
C
C
B
C
C
C
C
B
D
C
C
C
C
F
B
C
C
D
B
C
C
E
Yeah
I
think
for
maybe
I,
can
ask
to
answer
this
question
for
in
cluster
traffic
for
now,
I
think.
Currently
we
support
gym
in
only
common
tunnel,
unlike
the
Geneva
GRE
Etc,
and
we
actually
don't
support
why
God
tunnel,
when
we
have
multi-class
to
Future
enabled
which
means
if
we
like
to
you,
know
for
the
we
want
to
add
weigard
for
the
cross-class
traffic.
We
will
not
support
that
at
you.
E
Can
you
can
see
that
it
won't
work
if
both
multi-cluster
and
the
in
cluster
use
wire
guard
you
know
in
for
in
cluster
traffic
wire
guard
is
also
considered
as
a
tunnel
type
just
like
the
genev.
So
if
the
user
changes
the
use
the
wire
for
the
in-class
traffic,
it
means
the
cross-cluster
traffic
won't
work.
D
Okay
and
what
about
like,
like
we
are
like
choosing
IPC,
we
are
not
choosing
ipsec,
we
are
choosing
wire
guard
so
like
because
ibsec
like
in
some
other
conversation
like
it
is
fips
standard
like
federal
information,
right
processing,
standard
and
wireguard
is
not
so
there
I
think
we
might
have
some
kind
of
a
regulator.
Regulatory
compliances
for
some
customer.
D
E
D
B
C
G
C
G
C
Yeah
I
got
a
question:
okay,
I
think.
Maybe
we
we
do
not
use
the
we
do
not
need
a
different
mark,
because
the
Mark
is
just
on
to
is
is
just
is
just
to
match
the
IP
Rule
and
under
to
the
table
to
the
ultramatic
cluster
table,
but
for
more
than
one
member
clusters
are,
I
did
actually
I
didn't
test
the
test,
this
situation,
but
I
think
maybe
maybe
the
word
god.
C
Because
the
destination
of
the
remote,
the
packet
is
the
remote
Gateway,
so
the
workout,
which
well
will
send
to
different
different
appears
for
different
Gateway
I,
will
check
this
I
will
double
check
this.
This
situation
offline,
but
I,
don't
think
I
think
this
is
more
than
one
member
cluster
and
more
than
one
plus
it
will
works.
Okay,.
F
G
C
B
F
I
just
want
to
say:
I
just
want
to
want
you
to
say:
if
there
there
should
be
one
OpenFlow
law
for
each
remote
cluster.
Do
we
consider
we
just
use
how
more
IPA
rule
in
the
host
Network
to
match
the
destination
giveaway
IP?
So
we
don't
need
this
Mark
and
we
don't
need
the
open
Flow
loss,
I'm,
not
sure
whether
it
could
could
work.
But
if
the
purpose
of
the
Open
Floor
lure
is
just
to
identify
traffic
to
remote
clusters,
though
I
guess,
we
could
also
use
destination
IP
as
well.
F
E
B
C
Yes
and
and
I
think
maybe
I
wish
we
use
this
way
on
on
the
we
should
add,
which
we
should.
We
can
add
the
impact
Mark
to
the
package.
Even
the
workout
is
disabled,
and
so
it
will
not
of
there's
no
influence
for
the
cross-class
traffic.
So
I
think
this
is
more,
maybe
more
convenient
convenience
convenient.
Yes,.
A
Good
run
because
also
there
is
no
more
time
we
are
right
top
of
the
hour.
I
thought
we
have
a
little
bit
more
than
one
minute
left,
but
since
there
are
no
more
questions,
I
believe
that
we
can
conclude
today's
meeting
unless
the
team
wants
to
bring
up
any
other
topic
for
discussion
waiting
for
a
few
more
seconds.