►
From YouTube: Antrea Community Meeting 01/17/2023
Description
Antrea Community Meeting, January 17th 2023
A
Good
morning,
good
evening,
good
afternoon
and
I
could
do
whatever
time
it
is
for
you,
thanks
for
joining
today's
community
meeting
today
is
a
Wednesday
January,
the
11th
and
in
the
agenda
for
today
we
have
a
review
of
the
support
for
wireguard
in
a
multi-cluster
environments.
A
B
A
Right
perfect,
so
go
ahead!
Changing
over
to
you.
C
Okay,
let
me
show
my
screen.
C
C
Okay,
let's
start
today's
topic
is
I'm
dramatic,
cluster
skill
tunnel.
We
we
were
in
pain.
We
were
implemented
this
on
screen
tunnel
by
the
welcome
tournament
cluster,
so.
C
C
C
C
So
if,
if
one
port
in
a
cluster
wants
to
access
to
another
port
or
access
to
a
service
in
other
cluster,
it
will
forward
to
the
for
the
package
to
the
Gateway
under
the
Gateway
will
communicated
with
each
with
other
Gateway
by
the
genift
tunnel,
such
as
just
like
this,
for
example,
if
a
port
in
the
port
a
it
it
will
it,
it
will
assess
the
service
in
class
B.
C
Firstly,
firstly,
it
will
enforce
the
packet
to
the
notices
on
the
Gateway
and
the
Gateway
well
forward
the
packet
to
to
the
remote
Gateway
by
Gene,
if
ton
of
just
like
this
and
when,
when
the
traffic
gets
to
the
class
B
the
Gateway
for
for
the
package
to
corresponding
Port.
C
This
is
the
current
Implement
tension
of
the
math
cluster,
but
it
is
a
bit.
It
is
based
on
the
junior
tunnels
and
just
generate
generate
Network
encapsulation
on
technology,
but
it
is
pity
that
is.
This
is
not
a
secure
tunnel,
which
means
it's
that
it
cannot
guarantee
the
on
security
of
the
traffic.
Okay.
C
Sometimes
we
are
focused
on
the
security
of
the
traffic.
For
example,
in
one
company
there
are
some
departments
in
different
cities
and
once
it
different
cities
for
different
Services.
If,
if
once
once,
one
team
want
to
access
to
other
teams
the
service,
maybe
the
traffic,
it
will
go
through
on
public
network.
So
in
this
situation
we
will
focus
on
the
on
security
of
the
traffic
so
in
in
order
to
solve
this,
there
are
so
there
are
many.
C
There
are
many
secure
tunnels
or
there
are
many
open
sources
of
Cortana
such
as
such
as
Opera
God,
open,
VPN,
l2tp
and
so
on,
and
why
we
choose
well
God
or
it
is
because
that
in
some
workout
it's
easy
to
use.
We
just
need
a
endpoint
and
a
public
key
or
we
will.
We
can
just
tell
you
in
other
node
as
PR,
for
example.
We
we
don't.
We
don't
need,
maybe
some
other
handshake
or
some
other
operations.
C
We
can
just
add
up
here
at
either
a
node
as
a
peer
in
in
local
okay.
So
it
is
very
simple
and
easy
to
use
what's
more
on,
it
is
in
the
Linux
kernel.
So
we
don't
need
to
install
extra
on
extra
softwares
or
some
other
advantages.
It
is
minimal
attack.
C
Oh
yes,
this
is
a
desired
architecture,
not
too
much
difference
with
the
previous
one.
Just
just
we
replace
the
genift
tunnel
with
our
garden,
but
actually
we
do
not
replace
without
we
just
in
cap
again
you
have
the
genetic
package
into
workout
and
then
the
gateways
will
communicate
with
each
other's
by
Wagga
tunnel
foreign.
C
Responsible
for
other
closed
cluster
traffic,
but
in
the
in
cluster,
the
architecture
will
not
change
or
why
we
choose.
This
architecture
is
that
we
are
trying
to
avoid
too
much
unnecessary,
edit
addition
of
the
flows
and
the
architectures.
So
we
just
encaped
the
web
genetic
package
into
well
God
that
we
want
to
do
so.
C
I
think
maybe
the
why
God
the
Wagga
tunnel
in
Android
market
cluster
can
be
divided
into
four
steps.
The
first
step
is,
you
need
to
initialize
the
workout
interface
on
Gateway
nodes.
Once
we
once
we
are
annotated,
a
note
as
a
multiple
multi-class
Gateway.
We
need
to
create
network
interfaces
of
our
God
in
such
as
maybe
workers,
zero
or
maybe
workout.
C
Thank
you,
the
workout
interface
is
responsible
is
is
responsible
for
the
work
of
traffic.
In
addition,
we
cannot,
we
cannot
add
the.
We
cannot
use
the
obvious
attack
command
to
add
the
workout
interface
to
ovs,
because
it
is
a
layer,
7
interface
interface
once
we
so.
C
C
It
means
that
one
Gateway
one
class
to
info
in
import,
so
so
we
we
can
consider
that
we
can
start.
C
We
can
consider
that
one
Gateway
is
one
workout
pill,
so
the
next
step
is
ADD
workout
pills.
We
can
we
implement
this
by
the
with
the
help
of
crd
class
class
info
import.
C
After
we
add
added
all
the
appears,
maybe
not
all
the
appears,
but
other
peels.
We
need
to
generate
corresponding
obvious
flows.
What
such
a
you
know,
our
current
implementation,
one
subsiders
on
it.
It
will
be
one
maybe
one
or
some,
maybe
not
one-
some
flows
to
corresponding
clusters,
so
one
one
cluster
will
be
if
one
cluster
was
added
as
a
PO
that
we
need
the
controller
we
need
to
generate
the
corresponding
or
vs
flows.
After
all,
foreign.
C
If
we
want
to
use
web
app
to
communicate
with
other
clusters,
we
need
to
you
when
you,
when
you
use
the
help
of
post
Network.
So
when
you,
the
the
last
step,
is
to
generate
the
static
Road
in
on
the
Gateway
node.
C
C
This
this,
these
two
flowchart
is,
is
a
controller
process.
The
the
first
one
is
is
if
weight,
if
weight
is
able
the
record
or
maybe
wait
or
if
we
disable
the
workout
on
the
controller
process,
will
be
like
this.
Firstly,
we
need
to
init
the
well
the
smart
cluster,
such
as
maybe
class
set,
and
the
class
clamp
and
foreign.
C
Clusters
was
added
to
to
a
class
set
we
need
to
and
we
need
to
create,
get
gateway
to
to
enabled
close-class
traffic
create
Gateway.
Is
we
just
annotated
a
node
as
a
Gateway,
once
our
Gateway
was
created
on
the
controller
well
well
to
to
two
things:
the
first
one,
the
controller
will
export
the
local
class,
the
local
cluster
info
to
other
clusters,
and
then
it
will
import
other
class
clustered
info
and
the
add
flow
to
the
remote
Gateway
if
it
is,
but
if
we
enable
if
we
enable
the
workout.
C
There
are
some
more
steps
after
we
create
Gateway.
We
we
also
need
to
export
the
cost
info,
but
if,
since
the
workout
is
enabled,
we
need
to
initial,
you
need
to
workout
interfaces
such
as,
inter
network
interfaces
and
others,
and
the
the
workout
interface
is
up
we
need
to
when
we
will
generating
some
public
generated
public
key
public
key
and
the
export
the
public
key
to
other
clusters.
So.
C
C
C
C
C
We
just
need
the
key
to
trigger
the
process.
So
if
something
changed,
we
will
include
a
key
on
the
this.
One
is
process
next
at
work
atom.
It
is
a
kubernetes
kubernetes
functions
for
kubernetes
Control
Function
if
it
will
try
to
get
the
key
from
the
queue
and
if
the
key
is
okay,
sorry
yeah.
C
If
the
key
is
okay,
the
controller,
the
controllers
will
list
all
the
class
info
import
and
add
flows
for
each
cluster.
We
I
have
mentioned
it
before
one
one
cat
away.
It
means
one
class
to
info
import,
so
it
means
that
under
one
cluster,
only
has
one
Gateway.
So
one
class
info
import
means
one
cluster,
so
we
will
at
least
all
the
class
info
import
and
other
flows
to
add
flows
for
them.
C
C
Function
if
something
changes
in
Gateway,
we
just
we
just
include
a
Gateway
key
and
it
means
it
is
our
damage
tool
or
we
just
need
a
Gateway
key
to
triggers
or
process.
But
if
something
changed
in
the
class
info
import,
we
were
not
into
the
damage
key,
but
the
class
inverse
name.
Why
we
do
this?
C
It
is
because
that
it
it
is
because
that
we
should
appears
for
each
class
each
cluster
and
some
sometimes,
if
we,
if
a
remote
cluster
is
restart-
or
maybe
you
know,
control
map
classical
controller
is
crashed.
C
C
Update
appears,
it
is
not
maybe.
C
It
will
cost
too
much
time,
so
we
in
this
situation,
we
will
include
the
class
info
important
name
on
about
the
process.
Next
work,
next
work
items
function.
C
If,
if
a
key
is
popped
in
the
queue
and
the
workout
is
enabled,
we
were
initialize
workout
interfaces
just
to
mentioned
before
this
is
the
first
step
I
have
mentioned
before.
I
have
mentioned
before.
Just
like
this.
C
But
if
this
key
is
not
a
Gateway
key
and
the
workout
is
enabled,
it
means
that
one
there
is
something
changed
in
classic
info
importer,
so
we
should
do
something,
maybe
just
other
LPS
update
appears
on
the
airflows.
So
if
the,
if
the
key
is
not
get
working,
it
means
that
there's
a
there
is
a
info
Imports
in
the
queue
so
under.
C
If
the
interface
in
workout
interfaces
is
not
ready,
it
means
that
which
will
in
the
workout
interface
is
not
in
it
to
initialize.
Maybe
we
should
include
again
and
wait
for
the
interfaces,
but
if
the
key
interface
is
ready,
we
should
get
the
corresponding
class
info
import
and
what
got
Pure
as
and
the
Earth
flows
questions.
C
The
last
step
is
update,
Hostess
that
load.
So
in
this
process,
we
we
will
add,
where
God,
plus,
with
the
help
of
class
info
import.
So
there
must
be
some
change
in
class
info
important.
We
should
export
our
public
key
or
our
work,
output
and
other
information
in
this
CRT.
Now
we
will
mention
this
later
on.
The
next
step
is
update.
Add
an
update
appears,
and
this
one.
This
one
is
this
step.
C
C
This
one
is
about
the
flows
and
static
Road.
The
workout
is
a
layer,
3
technology
so
and
we
should
use
use.
If
we
want
to
use
this
technology
with
and
always
ovs
Maybe,
we
should.
We
use
the
help
of
host
Network.
So,
firstly,
we
were,
as
we
did
not.
We
need
to
add
other
rules
for
the
hostage
Network.
C
But
in
the
current
in
the
current
implementation,
also
also
all
the
class
traffic
will
be
will
be
sent
sent
to
the
portrait
contractor
tunnel
zero.
This
part
is
responsible
responsible
for
other
cross-class
traffic
and
it
is
the
other
side
of
this.
This
port
is
a
genief
tunnel,
so
our
in
our
in
our
implementation,
we
should
try
to
hijack
or
maybe
hijack,
not
the
correct
or
the
other.
C
It
is
okay.
We
should
hijack
the
on
the
traffic
out
out
of
the
out
of
the
control
tunnel
zero
interfaces,
so
we
use
a
package
Mark
in
in
this
flow.
C
C
If,
if
we
enable
workout,
we
should
Mark
the
package
as
a
workout
package,
so
we
should
add.
We
should
add
a
mark.
C
C
Just
like
this,
if
it
will
check
the
mark
and
look
up
or
the
look
up
the
entromat
class
table,
as
for
the
Android
cluster
table,
the
diff,
the
default
on
device
of
this
this
table
is
the
Android
multiple
cluster
workout
interface.
We
just
you
need
to
we
just
created
before
so
in
this.
In
this
way
we
can,
we
can
do
the
minimal
change
of
the
minimum
change
of
the
flow.
We
just
need
to
change
one
flows
for
the
map
cluster,
and
then
we
should
we
will
not
change
other
flows.
C
The
output
of
of
the
output
of
this
flows
of
in
the
output
of
the
traffic
close
class
traffic
is
entrance
zero
under
the
control,
math
class
workout
interface
well
hydrology
traffic,
so
we
can
communicate
it
with
other
clusters
by
well
God,
where
God
turning
that's
the
implementation.
C
So,
let's,
let's
continue.
This
is
the
change
of
CRT,
not
too
much
change.
Only
in
the
cost
info
import
crd
has
been
changed.
We
we
add
a
new
field
in
this
CR
CID.
It
named
well
God
and,
as
you
said
by
this
crd,
we
just
need
to
export
the
public
key
and
support.
C
Workout
is
easy
to
use,
so
we
can
just
use
these
two
with.
We
can
just
add,
use
this
to
arguments.
Actually
we
just
we
need
to
know
we
need
to
get
to
ip2,
but
the
Gateway,
IP
and
the
cell
settings
has
been
export
exported
before
so
we
just
need
to
add
a
new
field.
C
The
first
summary
is
that
the
floors
are
almost
the
same
in
the
as
the
current
current
implementation
or
which,
which
we,
just
only
we
just
need
to
do.
We
need
to
change,
is,
is.
C
C
And
the
stack
the
second
summary:
the
output
Port
is
untrusted
unsure
tunnel
zero.
So
we
need
our
IP
rule
on
the
hosted
to
hedge
on
the
traffic,
the
IP
row
and
the
static
Road,
the
second,
the
third
one,
the
gateways
at
exports,
the
well-guard
public
keys
on
the
on
the
port
by
CRT
class,
the
info
importer,
because
we
just
need
to
add
a
new
field
in
the
series
definition.
C
The
last
one
this
is,
the
crd
class
info
in
portrait
is
responsible
responsible
for
exporting
the
Public
Public
key
to
other
clusters
once
or
once
or
new,
on
class
info
importers,
or
maybe
a
class
info
importance
has
been
updated.
The
controller
will
try
to
add
a
new
Pure
or
appetitors
appear.
C
So
package
traffic
in
the
left,
the
left
one
is
is
the
current
is
the
current
implementation.
We
we
will,
if
the
pet,
the
the
package
from
Port
A
to
Port
c,
will
go
through
the
will,
go
through
the
virtual
pair
and
the
Android
tunnel
zero
and
it
will
be
forwarded
to
the
Gateway
once
the
package
when
the
pack
reaches
the
Gateway.
So
it
will
go
through
obvious
pipeline
too,
and
the
ovs
flows
will.
C
The
obvious
flows
well
cases
of
the
destination
Gateway
by
the
by
the
destination
Center
to
choose
which
one
which
Gateway
is
the
remote
Gateway
and
it
will
forward
forward
the
packet
to
the
remote
Gateway
and
you-
and
this
is
the
third
obvious
pipeline.
Finally,
we
reach
the
policy
in
in
our
implementation.
There's
no,
not
too
much
difference.
C
The
only
difference
in
is
that
on
the
Gateway
node,
we
will
add
a
well-guard
interfaces
once
or
package
comes
out
from
the
Android
tunnel
zero.
It
will
be
in
kept
Again
by
the
web
guard
interfaces
and
the
and
be
sended
to
remote
Gateway
by
wireguard
by
wild
guard
tunnel.
That's
the
difference
not
too
much.
C
In
this
step,
in
this
implementation,
we
we
just
need
to
do
the
minimal
change
of
the
flows.
The
architectures
and
the
crds
We
Will,
We
Will,
which
only
we
just
we
need
to
do,
is
create
a
new
interfaces
and
modify
one
flow
and
and
added
on
you
and
I
added
a
new
field
in
one
crd,
not
other,
not
too
much
on
changes
of
the
architecture.
So
that's
why
we
choose
this
implementation
with.
A
B
D
A
A
B
E
Yeah
I
think
I
I
think
for
the
last
search
30
seconds.
I
heard
it
clearly
we
saw
as
your
network
issue
I
don't
know,
but
judging
coughs
a
lot
so
you
may
we
may
lost
a
two
or
three
seconds:
okay,.
A
E
C
So,
let's
come
to
the
demo,
this
demo
will
show
the
difference
between
between
the
current
implementation
and
the
workout.
We
will
check
the
how
how
the
traffic
come
to
the
remote
Gateway
and
the
remote
class
tabs
I'll
enjoy
the
chat.
C
Okay,
can
you
see
my
screen
I
open
a
terminal.
C
Yeah,
okay,
Central
I
have
created
two
cluster,
two
control
cluster
and
traumatic
cluster
before
so
it
will
maybe
save
some
time
the
first
one
on
the
the
KE
command.
It
means
that
it
means
that
it's
it's
the
cluster
under
the
KW
command.
It
means
rest
class.
E
G
C
C
C
C
C
It
will
go
through
the
genift
tunnel
and
actually,
actually
the
the
first
step
is
to
forward
the
forward
to
the
package
to
the
Gateway
node
and
the
second
one.
The
second
step
is:
is
the
Gateway
node
for
the
connector
to
the
remote
Gateway
that
that
goes
through
the
that
that
is
able
disabling
workout
situation
so
there's
another
there's
another
other
cluster
enable
the
workout.
Let's
see
the
difference.
C
So,
on
the
let's
check
the
service:
okay,
the
Android
Multiplex
is
the
service
exported
by
the
West
cluster
that
try
to
try
to
access
it.
B
E
So,
judging
when
you
say
the
KW
is
the
least
class
with
white
guards.
Actually
you
are
moving
to
another
demo
clusters
right.
G
C
Understand
what
exactly
yeah,
because
it
every
command
to
use
the
the
arguments
could
configure.
It
is
too
long.
C
Let's
check
the
interfaces,
we
can
see
that
there
is
a
networking
phase
named
work,
MC
workout
zero.
Under
that.
C
B
C
C
And
By
the
time
and
the
TTL
we
can
find
that
it
will
go
through
the
genetic
interfaces
first
and
then
in
cap
in
calculate
but
encapsulated
by
the
workout
interface.
Again,
this
one
is
actually
continued
package.
C
C
B
D
C
As
for
the
class
info
importer
CR,
we
can
see
that
there
is
a
New
Jersey
news,
Field
named
workout
in
the
spec,
and
it
will
export
the
public
key
and
support
to
other
peers.
And,
let's
compare
in
the
previous,
if
we
disable
the
workout
the
workout,
we
can
check
the
workout
in.
C
Okay,
that's
all
my
want
to
sell
so
the
workout,
the
workout
over
the
genev
and
the
workout
is.
C
In
this
implementation,
we
just
need
to
add:
we
just
need
more
modify,
one
flows
and
once
the
ad
is
added
on
either
field
to
one
CR.
This
and
that's
my
sure,
thank
you.
C
C
Well,
oh
sorry,
we
won't
I
forget
to
mention
we
will
add
a
new
cluster
Rule
and.
C
F
Yes
and
you
have
a
loot
in
table
10
to
redirect
the
traffic
to
White
Gardens
device.
F
Okay,
is
this
what,
when
we,
when
we
Mark
the
package
with
this
specific
Mac,
do
we
filter
the
traffic
must
be
close,
Port
traffic
across
cluster
traffic,
okay
to
do
yeah?
What's
the
condition
of
of
this
Mark
and
oh,
it
will
be
on
every
packet
or
it
will
be
okay,.
C
B
C
No,
no,
no!
No,
no
I,
I
think
this.
This
question
should
be
answered
on.
Should
we
what
we
added
this
Mark
by
the
subsider,
so,
oh
sorry,
by
the
subsider
or
what
I
think.
C
And
in
this
in
this
in
this
flow,
and
this
flow
will
match
will
match
the
remote
subsiders
are
just
like
this.
If
under
the
subsider
is
the
cross,
Class
12,
subside,
I,
don't
think
maybe
on
that
is
Inc
in
cost
traffic.
Well
will
be
marked,
will
be
added
well
below
this
Mark.
F
Okay,
let's
see,
does
this
Mark
for
D2
has
any
special
mean,
or
it's
just
an
example.
D
So
I
have
a
question
on
like
whether
this
is
like
internode.
We
will
be
using
wire
guard
or
it
is
only
like,
inter
cluster.
D
Yeah,
my
question
is
like
for
internode
traffic
right
like
we
are
using
ipsec
if
I,
if
I
am
right
and
for
inter
cluster
you're,
applying
to
use
wireguard
right
yeah,
that's
correct
right.
B
C
C
That
that
we
think
in
cluster,
maybe
we
can,
we
will
not
use,
not
use
any
tunnel.
We
just
used
to
live.
E
Yeah
I
think
for
maybe
I,
can
ask
to
answer
this
question
for
in
cluster
traffic
for
now,
I
think.
Currently
we
support
gym
in
only
common
tunnel,
unlike
the
Geneva
GRE
Etc,
and
we
actually
don't
support
why
God
tunnel,
when
we
have
multi-class
to
Future
enabled
which
means
if
we
like
to
you,
know
for
the
we
want
to
add
weigard
for
the
cross-class
traffic.
We
will
not
support
that
at
you.
E
Can
you
can
see
that
it
won't
work
if
both
multi-cluster
and
the
in
cluster
use
wire
guard
you
know
in
for
in
cluster
traffic
wire
guard
is
also
considered
as
a
tunnel
type
just
like
the
genev.
So
if
the
user
changes
the
use
the
wire
for
the
in-class
traffic,
it
means
the
cross-cluster
traffic
won't
work.
E
But
yeah
for
now,
I
think
we
haven't
decided
to
support
both
in-class
and
cross-class
tracker
figures
or
why
God,
as
you
know,
for
the
cross-class
traffic
we
actually
in
encrypted
the
tunnel,
the
traffic
right
so
the
Geneva
the
cab
packages,
and
if
this
wagon
it
means
a
wire
gun
based
on
why
God
I,
don't
think
that
will
work
yeah.
D
Okay
and
what
about
like,
like
we
are
like
choosing
IPC,
we
are
not
choosing
ipsec,
we
are
choosing
wire
guard
so
like
because
ibsec
like
in
some
other
conversation
like
it
is
fips
standard
like
federal
information,
right
processing,
standard
and
wireguard
is
not
so
there
I
think
we
might
have
some
kind
of
a
regulator.
Regulatory
compliances
for
some
customer.
C
Yeah,
actually,
this
this
feature
is
coming
from
our
customers
requirement
and
the
customer
is
want
to
use
regards
so
actually,
this
is
why
we
use.
D
E
D
Okay,
I
mean
there
was
one
discussion
where,
like
they
wanted
to
use
anxia
because
it
was
like
ipsec,
their
image.
Ib
set
compliant
image,
and
so
they
give
like
preferenced
preference
to
Andrea
for
that
so
yeah,
especially
Federal
customers,
yeah.
G
For
me,
so
do
we
need
to
disable
the
RP
filter
on
the
well
God
interface,
if
I
remember
correctly
I
during
the
previous
test,
we
need
to
test
the
IP
filter
to
zero
in
order
to
oh.
B
C
Actually,
we
don't
I,
I
I
got
a
question
and
actually
actually
we
don't
need
you
to
disable.
I
did
nothing
when
we
use
it
well,
I
got
it
across
cluster,
but
it
works
well.
G
Okay,
good
to
know
that,
so
so
you
mean
that
the
original
Road
that's
strange.
So
how
can
that
happen?
If
we,
if
the
default
route
without
the
pack
Mark
is
not.
C
C
On
patch
on,
maybe
it
is
set
to
one
as
default.
I
remembered,
not
zero
and
not
true
chapter.
This
argument
on
the
it
is
decided
to
one.
G
This
thing
one
means
the
strict
mode
so
yeah
for
yeah,
maybe
maybe
we
can
check
it
off
like
yeah.
Thank.
F
More
than
two
clusters
in
the
class
set,
do
you
have
multiple
flows
and
do
we
need
to
use
different
marks
for
in
the
open,
Flow
loss
and
to
match
different
marks
for
different
remote
clusters
in
the
IP
Lua
table?.
C
Yeah
I
got
a
question:
okay,
I
think.
Maybe
we
we
do
not
use
the
we
do
not
need
a
different
mark,
because
the
Mark
is
just
on
to
is
is
just
is
just
to
match
the
IP
Rule
and
under
to
the
table
to
the
ultramatic
cluster
table,
but
for
more
than
one
member
clusters
are,
I
did
actually
I
didn't
test
the
test,
this
situation,
but
I
think
maybe
maybe
the
word
god.
C
Because
the
destination
of
the
remote,
the
packet
is
the
remote
Gateway,
so
the
workout,
which
well
will
send
to
different
different
appears
for
different
Gateway
I,
will
check
this
I
will
double
check
this.
This
situation
offline,
but
I,
don't
think
I
think
this
is
more
than
one
member
cluster
and
more
than
one
plus
it
will
works.
Okay,.
F
Okay,
thank
you.
So
at
least
we
need
two
floats
in
this
last
three
for
one
table
to
one.
Each
of
them
match
one
remote
cluster
right,
because
Network
destination
condition
is
different
for
different
cluster.
G
C
B
F
I
just
want
to
say:
I
just
want
to
want
you
to
say:
if
there
there
should
be
one
OpenFlow
law
for
each
remote
cluster.
Do
we
consider
we
just
use
how
more
IPA
rule
in
the
host
Network
to
match
the
destination
giveaway
IP?
So
we
don't
need
this
Mark
and
we
don't
need
the
open
Flow
loss,
I'm,
not
sure
whether
it
could
could
work.
But
if
the
purpose
of
the
Open
Floor
lure
is
just
to
identify
traffic
to
remote
clusters,
though
I
guess,
we
could
also
use
destination
IP
as
well.
F
E
B
C
Yes
and
and
I
think
maybe
I
wish
we
use
this
way
on
on
the
we
should
add,
which
we
should.
We
can
add
the
impact
Mark
to
the
package.
Even
the
workout
is
disabled,
and
so
it
will
not
of
there's
no
influence
for
the
cross-class
traffic.
So
I
think
this
is
more,
maybe
more
convenient
convenience
convenient.
Yes,.
A
Good
run
because
also
there
is
no
more
time
we
are
right
top
of
the
hour.
I
thought
we
have
a
little
bit
more
than
one
minute
left,
but
since
there
are
no
more
questions,
I
believe
that
we
can
conclude
today's
meeting
unless
the
team
wants
to
bring
up
any
other
topic
for
discussion
waiting
for
a
few
more
seconds.
A
A
So
thanks
thanks
a
lot
for
this
and
and
we'll
meet
again
in
two
weeks
time
for
the
next
community
meeting,
we
will
be
back
to
the
normal
timing
of
Monday
Tuesday
5
a.m,
Greenwich
GMT
and
that's
all
for
today,
thanks
everyone
for
joining
and
see
you
in
two
weeks
time.