►
From YouTube: Antrea Community Meeting 03/28/2022
Description
Antrea Community Meeting, March 28th 2022
A
Good
morning,
good
afternoon
or
good
evening,
this
is
the
andrea
committee
meeting
today
is
tuesday
march
29
6
in
the
morning
central
european
time.
If
you
are
instead
in
the
pacific
west
coast,
it
will
be
still
monday
for
you
and,
let's
start
with
today's
meeting.
So
today
we
have
a
very
nice
agenda.
A
We
will
start
with
an
introduction
on
with
a
discussion
from
grayson
about
icmp,
supporting
network
policies,
and
then
lan
will
provide
also
a
discussion
of
datapath
for
multicluster
networking.
So
since
we
have
a
very
packed
agenda,
I
think
it's
time
for
me
to
stop
talking
and
let's
start
with
the
presentations
grayson.
Would
you
like
to
go
first,
yeah
sure.
B
Okay,
you
guys
can
see
my
screen
now
the
slice
okay.
So
today
I
will
show
you
the
icmp
support
in
entria
network
policy,
and
this
is
today's
my
agenda.
First,
I
will
go
through
the
motivation
and
then
the
api
proposal
and
the
controller
side,
change
and
agent
side
change,
and
also
I
have
since
the
development
is
almost
done.
So
I
have
a
demo
video
for
you
guys
and
then
it's
the
q
and
a
section
so
for
the
motivation
we
all
know.
B
Icmp
is
a
very
commonly
used
protocol
and
especially
for
user
use,
for
use
it
for
debugging
and
also
we
already
heard
some
complaints
about
we're,
not
supporting
icmp,
and
this
is
the
github
issue
about
the
requirement
to
have
the
icmp
support
and
the
another
reason
is
some
cis,
like
calco.
They
support
smp
in
their
network
policy,
so
we
want
to
support
smp
in
hours
for
api
proposal.
This
is
our
current
api.
B
If
we
want
to
define
a
policy
on
the
some
specific
protocol,
we
have
a
field
called
ports
and
we
can
define
the
ports
protocol.
Ports
and
import
currently
only
support
the
tcp
udp
and
the
sctp
yeah.
And
if
you
want
to,
for
example,
matching
or
tcp
traffic,
you
can
define
a
policy
like
this
only
define
a
protocol
without
ports,
and
I
guess
we
are
familiar
with
this,
so
I
will
go
to
the
proposal.
B
So
we
have
some
discussion
about
this.
There
are
several
options,
for
example,
this
one
is:
if
you
want
to
keep
the
backward
compact
compatibility,
we
add
a
field
called
icmps
and
it
contains
the
several
fields
called
like
match,
or
icmp
type
and
icmp
code.
B
In
this
way,
the
user
use
currently
user
won't
be
a
fact,
since
the
ports
are
still
here-
and
this
is
the
network
policy
port
struct,
we
didn't
change
this
struct.
Let's
see
the
example.
If
we
want
to,
for
example,
match
all
icmp
traffic,
the
the
rule
will
look
like
this
and,
for
example,
we
want
to
match
the
ping
request.
The
rule
look
like
this
and
if
we
want
to
match.
B
It's
not
that
good.
I
guess
so.
There's
another
options
like
we
change
the
name
of
the
ports
to
services
and
add
this
spec
for
different
different
protocols
under
this
network
policy
service
struct.
B
B
And
finally,
this
is
a
the
current
one.
We
want
to
pick
we
we
change
the
ports
to
to
another
field,
name
called
protocols
and
under
the
protocol
you
can
add
the
protocol
that
we
supported.
If
we
want
to
like
support
igmp,
we
can
add
another
field
in
this
struct
and
the
different
struct
may
have
different
specs.
They
can
use
different
like
their
own
struct,
to
define
their
parameter
like
s
p
type
and
for
l4
protocol.
B
They
have
port
and
port,
and
since
this
will
change
the
like
the
old
api,
so
it
will
require
us
to
bump
our
network
policy
version
to
will
offer
two
and
we
add
a
convert
function
to
translate
the
to
convert
the
web
alpha.
One
policy
to
the
vr
alpha
two
policy
mainly
change
the
ports
to
the
protocol.
B
In
this
case
user
using
the
older
version
api
are
won't,
be
affected,
and
this
is
like
some
example
like.
If
we
want
to
match
all
tcp
traffic,
we
can
define
a
a
policy,
a
rule
like
this,
and
if
we
want
to
specify
the
specified
port
of
tcp,
you
can
define
a
policy
like
this
and
for
icmp.
You
can
do
things
like
this
so
yeah.
This
is
the
api
proposal.
B
So
if
we
go
with
this
one
by
the
way,
if
you
guys
have
any
questions,
feel
free
to
interrupt
me
at
any
time
yeah.
So
if
we
go
with
this
api
proposal
on
the
controller
side,
we
bump
up
the
api
version
and
add
the
conversion
function.
As
I
said
similarly
change
the
ports
to
protocol-
and
in
this
case
there
will
be
no
impact
and
also
for
the
internal
mp,
we
can
add
the
icmp
type
and
icmp
code
here.
B
B
C
B
I
guess
it's
a
same
like
the:
how
we,
how
we
do
the
cluster
group
convert,
it's
it's
written
in
golan
and
I
guess
it's
a
it's
a
web
hook.
So
the
controller
when
the
controller
receive
go
ahead.
C
So,
which
component
is
responded
for
this
conversion?
The
kubernetes
api.
B
C
B
Are
this
is
a
good
question
question
you
mean
like
it
has
already
have
some
even
of
our
policy
and
then
then
the
user.
C
E
If
I
may
answer
this
question
from
what
I
remember
is
that
it
doesn't
really
matter
because
in
the
in
the
internal
storage,
it
will
always
be
your
alpha
2.,
and
it
was
only
when
user
tried
to
get
the
object
specifically
using
v1
alpha
1.
Then
the
reverse
conversion
will
happen,
and
you
know
the
developer.
One
object
will
be
returned
to
the
user,
otherwise
everything
will
be
basically
converted
to
an
alpha.
Two,
and
just
I
mean
the
storage
on
the
wire
to
the
controller.
Everything
will
be
really
awful
too.
C
You
mean,
like
example,
I
create
we
want
alpha1
object
and
upgrade
to
new
android
version.
C
Now
I
can
use
we
alpha
2
and
we
were
alpha
1,
but
if
I
don't
update
the
the
objects
I
created
before
upgrade,
I
guess
the
the
existing
object
will
always
be
stored
as
we
want
alpha
one
in
storage
right
then,
when
we
can
remove
the
support
for
we
want
alpha
one
I
mean
if
we
just
keep
them
forever,
but
it
might
be
okay,
but
what
if
we
bump
another
version
later,
do
we
does
it
mean
we
need
to
support
three
versions
and
perhaps
perhaps
better,
which
beta
wish
washing
and
gc
version?
C
E
I
I
do.
I
definitely
needed
to
double
check
this,
but
from
what
I
remember
the
scenario
you
just
bought
up
when
we
have
you
know
the
entry
upgrade.
I
would
assume
that,
after
the
upgrade,
the
original
created
object
will
already
be
stored
in
beyond
alpha
2
in
storage,
nodding
bill
or
not,
but.
F
The
we
want
alpha
one.
We
should
do
this
mirror
controller
approach
we
did
before.
E
You
don't
necessarily
need
to
do
that,
because
the
mirror
controller
is
in
place
because
we
have
two
different
entirely
different
api
groups,
but
for
virgin
bonds.
There
there
was
a.
There
was
a
common
practice
where
kubernetes
imposes
on
and
it
was
specifically
used
to
handle
cases
like
this.
So
from
what
I
remember
is
that
you
know
we
can
specify
a
specific
time
period.
We
can
just
warn
people
that
you
know
this
is
supported
for
now.
E
You
can
continue
to
use
fiona
for
one
and
when
you
upgrade
it
will
automatically
internally
be
one
run
up
for
two,
but
at
some
point
we'll
be
dropping.
That's
a
perfect
one
for
one
and
it
shouldn't
basically
affect
the
users
in
any
way.
E
E
The
this
is
from
the
my
memory
when
I,
when
I
did,
the
cluster
group
version
update.
I
I
I
remember
this
being
the
case
but,
as
I
said,
I
needed
to
double
check
this.
B
B
E
E
It's
translated,
but
what
you
can
do
is
you
can
do
coop
cuddle,
get
entree
cluster
network
policy
dot,
something
like
crd
dot,
v1
alpha
one.
When
you
specify
a
specific
version
of
it,
then
the.
D
E
Of
the
conversion
function
applies
and
the
api
server
will
return.
You
are
not
for
one
resource,
but
I
think
trans
question
is
more
like
in.
If
we
already
have
a
resource
in
the
api
in
storage,
does
the
upgrade
bump
automatic
converts?
What's
in
the
storage,
to
a
newer
version?
And
if
my
memory
serves
me
correctly,
the
answer
is
yes,
but
I'm
not
100
sure.
E
B
Yeah,
okay,
so
I
didn't
check
this
like
specifically,
but
during
my
development
I
think
it
will
do
the
convert
it
kind
of
like
will.
C
F
B
F
B
E
In
that
case,
we'll
just
do
what
we
have
in
right
now
in
the
acmt,
where
we
have
the
namespace
selector
and
the
namespaces
field,
which
they're
essentially
doing
the
same
thing
in
some
senses.
But
there
are
slight
differences,
so
we
decided
to
maintain
both
of
both
of
them,
which
I
personally
didn't
think
is
a
good
idea,
but
for
for
transition
purposes
that
can
be
there
so
that
we
just
tell
you
there
that
for
the
ports
and
protocols
you
can
only
specify
one
of
them,
but
not
both.
B
F
F
It's
not
for
that.
I
just
feel
pretty
many
people
are
more
familiar
with
this
port's
definition.
That's
my
opinion.
If
they
don't
have
a
while
gmp
this
more
of
the
worst.
C
People
can
either
set
port
or
protocol,
and
if
they
don't
conflict,
both
part,
both
ports
defined
in
ports
or
protocol
will
be
effective.
If
they
they
duplicate,
then
it
doesn't
matter
anyway
right.
G
A
Okay,
can
I
just
ask
if
we
can
defer
this
conversation
to
github
and
continue
with
the
presentation?
Otherwise
we
might
not
have
time
to
complete
the
program
that
we
have
for
today.
F
B
Okay,
so
okay,
so
for
the
agent
side,
it
won't
be
too
hard,
since
the
ovs
already
has
has
the
icmps
support
and
also
the
on
the
of
net
and
the
label.
Print
flow
also
implement
the
interface
for
icmp
protocol.
B
Currently,
for
example,
you
have
you
have
one
kind
for
the
source
one
can
for
the
destination
and
the
one
kind
for
a
service
and
the
the
relationship
between
those
kind
is
end.
You
have
to
match
the
source
and
destination
and
the
services,
but
the
relationship
within
each
kind,
for
example
the
tcp
port,
80
and
tcp
443.
The
relationship
is
ore,
but
we
need
and
relationship
inside
each
kind,
which
means
we
should
support
a
multi-match
key
and
value
pairs
to
support
icmp
type
and
the
icmp
code.
B
As
you
can
see,
if
current
implementation,
if
we
do
this,
it
will
match
the
icmp
type,
is
8
or
icmp
type
is
code.
Icmp
code
is
a
zero,
but
what
we
need
is
we
need
icmp
type,
is8
and,
and
I
think
code
is
zero.
D
B
Key
value
pair
to
to
multiple
match
pairs
like
we
have,
we
can
input
like
the
first
ones
match
keys.
I
can
be
type.
The
second
pair
is
smp
code,
so
we
can
have
a
multiple
match
pair.
This
is
the
main
change
on
the
agent
side
is
required.
B
Was
somebody
else
questioning
the
chat
anyway?
Okay,
so
I
have
a
demo
video
to
show
you
guys
how
this
thing
is.
B
B
B
So
let's
see
this
is
a
viva
alpha.
One
policy
looks
like
the
version
is
still
the
old
version
applied
to
the
client
and
egress
to
server,
and
we
defined
the
ports
80.
Since
we,
the
default
protocol,
is
tcp.
B
Let's
see
so
after
this
policies
is
applied.
The
oh,
let's
see
the
and
the
quick
quest
quick
note
here,
since
this
video
is
made
before
flexible
pipeline,
so
the
andrea
policy
grass
root
table
is
still
in
the
45.
B
A
B
A
Thanks
a
lot
grayson
that
was
a
very
nice
demo,
and
so
I
think
now
the
next
step
is
to
finalize
the
discussion
on
the
on
on
the
shape
of
the
api.
A
I
do
not
think
that
these
imp
has
any
impact
on
the
remaining
implementation
is
just
you
know
about
out
exclusive
feature
to
users
in
terms
of
roadmap.
Is
this
something
that
you
are
planning
for
1.7?
Is
there
still
any
open
technical
item
on
this
feature?
A
Open
technical
item
yeah?
I
think
something
else
that
is
still
being
implemented
or
is
the
is
the
plc
code
that
you
have
like,
providing
all
the
support.
B
The
the
poc
is
already
in
I,
I
guess
just
the
whole
developments
in
quite
shift
good
shape.
Only
issue
is
if
we
use
reject
action
on
the
icmp.
B
B
I
have
tried
to
use
ip
tables
to
the
to
do
the
rejection,
but
still
cannot
pair
the
request
and
the
response
I'm
still
working
on
this
issue,
since
the
ipt
both
reject
is
also
work
cannot
work.
So
I
guess
it's
not
a
rejection
implementation,
I'm
yeah.
A
Thanks
grayson
is
there
any
question
for
grayson
and
any
com
comment
regarding
icmp
support
in
general.
C
I
have
just
a
quick
comment
that
if
we
go
with
the
approach
that
engineer
proposed
that
we
may
add
a
pulse
here,
yeah
then
we
maybe
we
don't
need
to
bump
up
the
version,
because
we
we
can
convert
the
new
field
in
empty
control
anyway,
but
when
it
can
convert
the
protocol
field
to
port
field
in
control,
plane
api.
B
E
Also
quick
words:
I've
looked
it
up
and
I
do
apologize.
It
seems
that
the
for
the
originally
created
resources.
If
they
were
ever
created
at
the
some
storage
version-
and
you
change
the
storage
version,
it
will
never
be
automatically
converted
to
the
newer
version.
It
is
only
when
you
update
the
resource,
then
it
writes
it
in
the
in
the
storage
using
the
newer
version
now
the
the
norm
of
deprecating.
It,
I
think,
is
for
a
really
long
time.
E
You
mark
the
resource
as
served
equals
true,
but
you
put
the
deprecation
notice
on
it,
so
that
whenever
people
you
know,
update
the
resource
or
try
to
create
a
resource
using
the
old
version,
they
get
a
deprecation
warning
saying
that
this
version
is
deprecated
and
you
probably
needed
to
wait
long
enough
for
all
people
to
trans
to
to
migrate
the
resource
to
a
newer
version.
Then
you
basically
remove
the
diversion
for
for
real.
So
it's
going
to
be
a
a
long
process.
C
A
Okay,
then,
it
seems
that
it's
all
for
icmp
network
policies,
so
we'll
follow
up
on
on
how
to
shape
dpi
for
including
these
on
github.
Now.
H
Sure
no
problem,
let
me
share
my.
Can
you
see
my
screen?
Yes,
yes,
we
can
okay,
great,
I'm
not
sure
if
everyone
know
that
you
know
that
we
have
a
true
multi-cluster
support
since
1.5,
and
this
is
actually
advanced
feature.
It's
about
data
paths,
connectivity
and
I'm
working
on
this
design
and
the
implementation.
H
You
know
that
because
we
already
have
something
in
1.5.
So
before
I
jump
to
this
connective
design,
I
like
to
show
you
that
some
basic
idea
basic
idea,
so
we
used
during
the
data
paths
connectivity
and
here
you
know
that
we
have
a
talk
about
the
subfolder
mod
cluster
folder
and
it's
all
about
matte
cluster
and
in
multi-cluster.
We
in
we
have
some
basic
pipeline,
which
we
will
introduce.
H
Those
different
results
between
cloud
between
the
member
cluster
in
our
class
sets,
and
this
is
a
basic
which
we
will
also
reuse
it
in
the
data
paths.
Connectivity
yeah
I'll
just
remind
you
that
if
you
are
not
so
familiar
with
the
math
cluster
architecture
and
the
song
terminology,
I
might
be
used
in
following
a
demo
and
showing
meeting,
and
you
can
check
here
and
to
see
what
kind
of
thing
you
you
can
learn.
H
Okay,
sorry,
let's
go
back
to
the
data
path
connected
design
and
the
the
first
thing
is
that
you
know
that
in
1.5
we
allow
user
once
they
set
up
the
class
sets
and
the
joints
on
different
member
clusters
and
they
can
share
or
they
can
export
and
import
a
different
service
in
our
class
set.
Then
they
can
communicate
and
access
the
exported
service
for
other
member
cluster.
H
This
is
the
original
purpose
of
this
mud
cluster
feature,
but
you
want
to
find
there
is
a
limitation
that
you
know
we
need.
We
need
to
the
on
the
underlay
network
to
make
sure
that
there's
a
pod
port
or
network
access
or
connectivity
is
supported
in
underlay,
a
network
which
means,
if
there
is
not
supported,
then
actually
our
multi-class
feature
will
not
work.
So
in
this
phase
we
are
going
to
support
the
data
connective
data
paths
connectivity.
So
even
the
underlay
network
cannot
support
the
part
ip
access
directory.
H
We
can
use
this
data
path
feature
to
allow
the
mud,
cluster
service
or
powder
access
here
in
our
database
design.
Actually,
we
introduced
a
new
idea
about
that.
It's
a
giveaway
notes,
this
gateway
node
is
actually
you
can
sing
that
so
one
general
node
in
a
cluster,
but
you
pick
up
you
assigned
you
assigned
and
treat
it
as
a
gateway
note
this
this
node
will
be
responsible
for
all
cross-cluster
traffic.
H
As
long
as
the
traffic
will
be
forwarded
to
the
other
member
cluster,
then
the
trafficker
will
go
through
the
go.
We
know
the
first,
then
it
will
be
forwarded
by
this
gateway
note
to
other
member
clusters,
so
you
will
see
that
we
have
gateway
node,
and
you
know
that
during
the
datapath's
connectivity
we
need
to
make
sure
that
the
member
cluster
know
each
other's
network
information
like
the
portsider,
the
service
class
ip
slider.
H
So
we
need
to
exchange
this
kind
of
information
between
different
member
cluster,
so
we
will
use
the
result.
We
call
the
resource
exchange
pipeline,
which
we
introduced
in
1.5,
and
I
will
give
you
a
common
idea
about
this
later
and
in
this
design
we
have
two
new
c
crds.
H
One
is
turn
up
a
tunnel
and
points.
This
actually
represents
a
gateway
node,
and
it
will
have
some
basic
information
about
this
local
memory.
Cluster,
like
the
pod
sider
used
in
each
node,
and
also
the
service
class
ip
slider
and
another
one
is
turner
and
boy
imports.
You
know
that's
once
we
have
a
channel
endpoint
resource
in
our
local
memory
cluster.
H
Our
multicast
controller
will
be
responsible
to
do
the
exporter
role
and
it
will
export
the
tunnel
endpoint
to
the
leader
cluster.
Then
other
member
cluster
will
watch
this
kind
of
resource
import
and
import
it
as
a
tana
airport
import
in
another
map,
cluster.
Okay,
let
me
move
forward
and
you
know
I
just
mentioned
that
we
are
reused.
The
extra
resource
x
for
impulse
pipeline,
which
we
introduced
in
1.5.
H
You
can
just
you
know
that
we
have
besides
the
class
member
cluster,
we
have
leader
clustering
in
our
class
sets.
You
can
consider
that
leader
cluster
is
responsible
to
exchange
information
between
member
clusters.
Once
we
have
the
information
being
exchanged
in
each
member
cluster,
the
data
connectivity
will
not
be
impacted
by
the
leader
cluster.
The
role
of
leader
cluster
just
helped
us
to
exchange
those
information
like
the
tunnel,
endpoints
resource
and
another
resource
yeah
and
okay.
Let's
move
over
the
data
paths
connectivity
here.
H
I
just
mentioned
that
we
introduced
a
new
concept
about
the
gateway
node,
it's
just
a
general
node,
but
we
pick
it
pick
up
it
as
our
getaway
node.
It
will
be
responsible
to
transfer
to
forward
all
the
cross
clusters
traffic
to
other
member
cluster.
Here,
as
you
can
see
in
cluster
a
there
is
a
gateway
node
and
in
class
c.
All
of
the
member
clusters
will
have
a
gateway
note
and
all
other
nodes
will
be
just
a
general
node
and
it
will
not.
It
will
not
talk
to
other
member
cluster
directly.
H
You
will
see
that
any
traffic
cross
cluster
will
go
to
will
go
first
to
the
gateway
node
and
then
it
it
will
be
checked
by
our
enter
agent
and
decide
if
it's
a
cross-cluster
traffic.
If
it
is
that
material
forward
to
another
node,
the
remote
gateway
node,
based
on
the
based
on
our
open
flow
rules,
yeah
this
one
you'll
see
it
will
be
forwarded
to
class
c,
and
if
the
party
is
trying
to
access
some
ipo
the
service
in
cluster
b,
it
will
forward
it
to
class
b
and
gateway
node
as
well.
H
All
the
cr,
all
the
traffic
cross
cluster
will
be
go
to
the
gateway
node
first
yeah.
Okay,
here
is
some
trd
details
and
the
tunnel
endpoint
it's
actually
it's
not
it's
not
a
complicated.
H
The
basic
information
is
about
the
local
class
ip
sorry
id,
and
then
the
name
is
actually
usually
it
will
be
the
node
name
and
the
subnet
it's
what
we
talked
about.
It's
a
pod,
sider
used
in
each
node
and
and
also
the
so
it's
a
cluster
ip
slider
and
this
private,
ip
and
public
ips
represents
gateway.
Nodes
is
ip,
and
this
we
used
to
you
know
when
we
set
up
some
tunnel
open
flow
rules.
We
need
the
target
ip
right,
so
we
will
choose
private
ipo
public
ip
to
do
the
rules.
H
Okay,
let's
condition.
Another
part
is
another:
crd:
is
the
tunnel
endpoint
imports
this?
This
resource
is
actually
almost
the
same
as
turner
endpoints,
but
the,
but
the
purpose
is
that
it
tells
the
user
the
mean
that
is
some
china
endpoint
from
other
member
clusters.
It's
not
a
local
thailand
bond
and
it's
also
almost
the
spec,
is
almost
the
same.
H
We
sorry
we
just
reused
the
tanana
prospect,
because
all
we
need
to
know
is
remote,
the
other
member
clusters
polysider
and
the
service
ip
slider,
so
we
can
use
it
during
our
open
flow
to
set
up
our
open
flow
rules.
H
Okay,
the
tunnel
endpoint
export
input
process.
This
actually
is
almost
the
same
as
the
service
expo
import
process.
So
it's
not
it's
actually
quite
straightforward.
It's
just!
Let's!
Let
me
simply
go
through
it.
You
know
that
so
once
the
user
chooses
a
node,
that's
giveaway
node
here
the
way
to
choose
a
nodes
gateway
node,
we
just
simply
add
an
annotation
here-
is
a
gateway
annotation
and
to
the
node
them.
H
Then
our
multicast
controller
will
watch
this
kind
of
node
event.
The
update
is
event.
Then
the
member
cluster,
the
member
clusters
controller,
will
create
a
corresponding
channel
endpoint
to
local,
and
you
will
see
a
local
china
endpoint
resource
being
created
and
including
just
some
necessary
information
and
of
course
it
depends
on
the
what
kind
of
a
node
change.
If
it's
a
gateway
node
do.
H
I
have
some
basic
steps
to
create
a
ton
of
endpoints
if
it's
a
general
node,
it
means,
for
example,
if
there
is
a
new
node
coming,
then
we
know
that
there
is
a
new
part
of
cider
will
be
used
in
this
member
cluster.
So
so
it
will
be
also
reflected
in
our
china,
endpoint
subnet
and
okay.
When
the
entire
endpoint
is
created
locally,
then
the
multicaster
controller
will
watch
these
events,
and
you
know
it
will
follow
the
resource
exchange
pipeline
rapids
into
our
resource
exports
resource
in
our
leader
cluster.
H
Once
leader
cluster
saw
this
kind
of
new
creation
event.
It
will
convert
it
into
the
resource
inc
import
in
the
leader
cluster.
So
actually,
when
the
new
resource
import
is
created,
then
the
member
cluster,
the
other
member
cluster,
will
watch
this
kind
of
events
in
leader
cluster.
Then
it
will
convert
it
and
write
a
new
channel
and
tana
endpoint
import
locally.
Maybe
if
you're
not
familiar
with
a
framework
of
multicultural
might
be
not
so
it
might
be,
some
can
be
confused.
H
H
We
have
to
do
something
in
the
entire
agent,
so
we
introduced
my
class
feature
and
in
the
android
agent
configuration-
and
here
I
just
add
a
new
feature
here-
named
mathcaster
and
also
unnecessary-
a
new
global
virtual
mac-
it's
it
will
help
us
to
distinguish
the
cross
cluster
traffic
and
in
our
current
design,
you
know
that
we
plan
to
support
the
in-cap
mode
only
at
least
in
first
release.
So
we
will
reuse
the
existing
china
interface
interface
and
it's
so
we
don't
have
to
create
a
another
new
term
interface
for
cross-cluster
traffic.
H
Here
here
is
actually
some
sample.
The
open
flow
sample,
which
is
working
in
the
it's
some
snapshots
from
my
poc
codes-
and
I
think
maybe
we
don't
have
to
jump
to
the
detail
or
my
one
thing
might
be
highlighted-
is
that
there
is
a
new
field,
this
about
the
import
that
will
be
used
because
once
we
reuse
the
existing
tunnel
interface,
it
means
some
traffic
will
go
this
tunnel
and
it
will
also
be
forwarded
in
this
through
this
same
tunnel.
H
H
Okay,
I
think
that's
all
the
this
simple
open
flow
rules,
but,
okay,
there
are
some
roadmap.
You
know
that
the
there
in
this
design-
actually
there
are
also
a
limitation.
We
didn't
support
the
ip
overlapping.
H
So
once
you
have
overlapping,
I
think
the
behavior
is
not
ex
will
not
be
supported
and
we
want
to.
Maybe
the
network
communication
might
be
broken,
and
so
in
the
future
we
may
support
ipo,
lapping
and
also
you
know
in
first
in
this
design.
I
just
reuse
the
tunnel
interface
and
we
will
use
the
default
in-cap
mode.
The
geneve
so
in
the
future,
maybe
we
can
introduce
ipsec
and
also
the
class
set
dns,
because
even
we
have
the
database
connectivity,
we
can
communicate
between
each
part
or
service.
H
But
you
know
it's
not
so
common
use
to
use
ip
directly,
so
it
might
be
better
to
have
dns
in
class
set
wider
yeah.
Okay,
let
me
go
and
sorry
let
me
start
here
and
let
me
share
my
demo
screen.
Let
me
know
if
you
have.
F
F
H
Oh,
you
know
that,
let
me
go
back
to
there.
H
Okay,
actually,
let
me
stop
here.
Let
me
show
my
screen:
okay,.
H
F
H
H
H
Okay,
let
me
go.
I
have
two
cluster
ones.
You
can
see
it's
a
c1
and
another
one
c2
and
the
c1
we
allow
to
deploy
both
leader
and
the
memory
constant
in
one
cluster,
so
in
c1
it
will
play
as
a
leader
and
also
member.
Let's
go.
H
You'll
see
that
in
a
leader
cluster
or
leader
namespace,
so
we
have
a
one
multicast
controller
and
the
input
system.
We
have
another
controller,
it
took
place
as
a
member.
This
one
is
leader
and
it
will
watch
the
our
annotation
for
the
note
and
to
create
hana
endpoints
for
now-
and
I
already
have
some
I
already
already
created
or
not
pick
up-
one
node
as
gateway
in
c2.
So
you
will
see.
D
H
H
So
you
will
see
that
we
have
a
new
time
in
the
member
namespace
and
let's
go
to
see
the
export
resource,
export
and
imports
in
our
leader,
cluster
or
leader
namespace.
Here
in
our
leader
name
space,
we
have
one
new
resource.
H
Yeah,
you
can
see
that
it's
actually
a
sim,
it's
a
sim,
almost
the
same,
just
a
different
result,
a
different
resource,
but
the
the
content
or
the
stack
is
the
same
because
we
only
want
to
get
the
outsider
and
the
suicidal
right
and
eventually
the
member
cluster.
The
c2
member
cluster
will
get
the
notification
of
this
creation,
this
resource
information
and
that
gets
a
new
endpoint
imports.
H
H
You'll
see
that
the
critical
information
is
wiser,
of
course
we're
not
critical,
but
so
we
all
we
are
more
concerned
about
the
private
ip
for
remote
tunnel
setup
and
also
those
subnets
used
in
in
a
c1,
a
member
cluster.
Let's
go
and
let's
see,
go
back
to
see
it's
actually
almost
the
same
you'll
see
here,
it's
a
private,
ip
and
the
subnet
type
to
be
it's
being
imported
in
c2.
H
Here
and
let's
pick
up
one,
I
have
a
few
parts
which
can
help
to.
H
H
Okay,
this
is
ngx,
let's
go
under.
H
Yeah,
you
will
see
that
we
can
communicate
to
the
service
directly
but,
as
I
said,
we
use
ip
rights
the
ideal
way.
I
think
it's
better
to
use
the
dns,
but
for
now
it's
it's
not
so
ideal,
but
the
datapath's
connectivity
is
working
now
yeah.
I
think
okay
yeah.
I
think
that's
all
for
my
demo
and
the
design
presentation.
Let
me
know
if
you
have
any
question.
A
Yeah
thanks
a
lot
lan.
We
don't
have
a
lot
of
time
for
questions.
There
are
some
comments
from
june
on
the
chat
chart
that
maybe
we
might
want
to
discuss.
A
H
A
H
H
A
Yeah
any
other
question:
maybe
we
can
spend
a
couple
of
minutes
more.
I
think
zhang
has
a
point
about
the
needed,
support
and
non-in-cap
mode
to
to
cover
cloud
management
scenarios.
Maybe
genji
you
want
to
elaborate
a
little
bit
on
this
comment.
F
Yeah
I
just
mean
later
probably,
we
want
to
also
support
uk
gke.
In
this
case
they
don't
do
income
mode
inside
the
customer,
so
we
need
to
assemble
how
to
support
it.
F
Okay,
sure,
thanks
and
by
the
way
for
gateway
mode.
I
think.
Finally,
we
need
to
supply
here
active,
not
just
ideas,
since
if
the
single
node
can
become
a
bottleneck.
A
Okay
and
just
to
finish
today's
meeting,
what
we're
seeing
today
is
currently
planned
to
be
shipped
in
andrea
1.7.
Is
that
correct.
A
Hey,
I
don't
know,
okay.
A
Oh
okay-
oh
sorry,
I
so
this
is
this
is
for
andrea.
This
feature
is
available
in
anterior
1.6.
Then
then
I.
A
D
Oh,
I
just
maybe
a
misunderstanding
question
yeah.
I
just
how
I
said
is
an
entry
window
six
and
though
zero
police
do
this
yeah.
But
this
feature
I
think,
yeah
the
plan
is
to
to
to
support
it
in
107,
but
but
not
sure
that
I
think
it
is
a
strategy.
A
All
right
thanks
a
lot
to
vicky
thanks
for
the
clarification
and
do
you
have
any.
I
H
It's
actually
from
the
nodes
back
or
no
status.
I
think
it's
from
the
node
information,
not
any
specific
meanings.
I
H
Right,
yeah
yeah
that
that's
actually
a
question,
a
good
question.
You
know
that
I
in
my
local
cluster,
I
tried
that
so
I
didn't
see
any
public
ip.
So
I
have
to
set
the
private
ip
here,
but
I
guess
we
can
pick
up
the
public
ip
first
and
so
make
sure
that
they
will
use
the
public
ip
yeah.
I
I
H
H
A
A
All
right,
it
seems
then,
therefore,
it
might
be
all
for
today.
I
would
like
to
thank
as
everyone
for
attending
and,
most
importantly,
many
thanks
to
grayson
and
lan
for
providing
two
very
nice
presentations
and
demos.
So
thanks
again
for
attending-
and
I
wish
everyone
a
good
night
good
afternoon
or
a
good
day.