►
From YouTube: Network Service Mesh BoF Meeting - 2019-03-25
Description
Join us for Kubernetes Forums Seoul, Sydney, Bengaluru and Delhi - learn more at kubecon.io
Don't miss KubeCon + CloudNativeCon 2020 events in Amsterdam March 30 - April 2, Shanghai July 28-30 and Boston November 17-20! Learn more at kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects
A
On
it,
so
I
think
I'm
going
to
send
and
know
to
everybody
that
we
are
meeting
now,
but
I,
don't
think
many
people
will
join,
but
that's
okay,
at
least
I'm.
On
the
agenda
front
I
was
chatting
with
Nicola
and
also
with
prim
friends.
So
he's
one
topic
seems
like
needs
immediate
attention,
especially
the
ENS
M,
the
rational
being
like
we
would
have
have
panels
and
talks
in
ons
right.
So
certainly
the
question
will
come.
For
example,
how
does
Henderson
work
with
own
up
at
a
high
level?
A
We
can
say
it's
all
complimentary
right,
but
then
hey
a
precise
answer
will
always
be
so
much
I
mean
spot-on,
like
basically
hey
here
we
go
here
is
a
document
on
the
top
or
thought
process
how
these
work
together
and
same
but
I
mean
frame,
is
also
driving.
The
OD
l
demo
dad's
also
helped
a
lot
and
sort
of
you
know
putting
all
the
pieces
together.
At
least
my
thought
process
we
should
just
and
Nicolai
pointed
did.
B
B
B
B
D
B
B
A
Supreme-
let's
at
least
kick
it
off,
so
you
know
I'm,
not
sure,
really
able
to
conclude,
but
at
least
have
a
thought
process
there-
and
you
know
basically
say
here-
is
a
draft
spec
for
review,
but
at
least
I
mean
all
the
key
folks
are
here
right
so
I
mean
I
know
it
is
missing,
but
at
least
let's
get
it
moving.
I
I
mean
I
talked
to
Nikolaj
like
kiss
to
all
of
us
before
I
mean
he
pointed
me
to
a
nice-nice
back
in
progress.
A
E
C
B
A
C
Guess
you
see
my
screen?
Oh
really,
yes,
ok!
So
this
this
was.
This
was
started
by
it.
A
couple
of
okay,
maybe
maybe
two
months
ago-
don't
remember,
but
it's
quite
old
and
it
will
mean
people
were
very
active
in
it
in
the
beginning.
But
then
it
kind
of
get
stale
but
I
do
agree
with
Ramsey
that
we
need
to
kick
off.
Something
in
this
use.
Case
call
sounds
like
like
kind
of
a
good
place
to
start
this
discussion,
discussing
something
and
offer
it.
C
Removing
these,
but
I
think
that
this
one
is
really
interesting
and
important.
So
so
this
this
support
for
for
starter,
this
actually
tries
to
discourage
the
inter-domain
network
service
mesh.
So
it's
not
really
about
en
SM,
but
I
think
that
it
lays
the
ground
and
if
there
is
some
conclusion
and
agreement
on
this
in
un
implementation
will
have
somewhere
to
step
in
to
move
forward
for
en
SM.
So
I
think
that
it's
important
to
understand
and
finalize
this
first
before
we
go
further.
C
C
C
So
it's
it's
shown
DNS
here,
I
think
that
it
should
be
more
or
less
some
form
of
service
name
resolving,
not
really
specify
this
DNS,
but
let's
say
that,
for
the
purposes
of
just
having
some
concrete
example
of
what
it
might
be,
let's
use.
Yes,
we
have
some
discussions
going
on
here
on
the
side,
so
this
was
already
or
no
no
written
to
discuss
more
or
less
so.
C
The
the
overall
idea
is
that
the
services
have
the
that
the
client
would
be
asking
for
a
network
service
see
here
the
descendants
kind
of
gives
a
very
good
explanation
with
a
neighbor
form:
secure,
Internet
connectivity,
dot
example,
calm
and
then
the
the
idea
is
to
be
able
to
resolve
the
services
crossword
cluster.
This
way,
mapping
service
to
a
domain
name
and
be
able
to
I
think
that
it
was
proposing
to
use
service
records,
a
surveyor
records
to
discover
services.
Yeah
I
serve
vehicles
for
the
nice
registered
on
domain.
C
B
B
C
B
We
are
done
with
the
first
thing,
which
means
what
you
have
done
is
in
case
of
open
daylight.
There
is
a
proc.
There
is
a
module
called
json-rpc
which
essentially
invokes
you
to
host
any
application
outside
open
daylight
and
invoke
the
are
pieces
that
are
present
in
that
okay.
So
what
we
have
done
is
we
have
basically
developed
the
GN,
sorry
g,
RPC,
stub
and
and
then
we
define
these
services
as
yang
model.
The
moment
you
Frieden
a
young
model
automatically
those
are
pieces
will
be
visible
with
no
one
day
later
right.
B
Okay,
so
now
what
we
have
done
us
to
start
with,
we
have
taken
the
ICMP
responder,
and
then
we
have
looked
at
what
is
the
RPC
calls
that
are
present
in
ICMP
responder,
and
then
we
have
defined
it
as
in
yang,
which
means
in
open
daylight.
You
will
see
this
as
RPC
endpoints,
we
invoked
it
and
then
basic
thing
is
working,
which
means
I
simply
responded
in
a
way
got
a
few
things,
but
we
are.
We
are
just
still
away
from
having
it
to
call
it
as
n,
2
n
right
now.
B
Moving
on
to
that
of
the
other
part,
which
is
essentially
invoking
open,
daylight
or
treating
open
daylight
as
ENS
I
had
few
questions.
So
the
first
question
is,
for
example,
when
we
talk
about
en
and
some
you
can
essentially
treat
or
develop
a
G
RPC
shim
layer
around
any
of
it.
It
can
be
a
physical
device,
it
can
be
cordial.
B
It
can
be
anything
right
and
then
invoke
those
services,
because
that's
going
to
be,
for
example,
that
proxy
would
essentially
register
with
that
of
the
it
can
be
DNS
or
it
can
be
the
kubernetes
registry,
and
then
it
can
essentially
or
an
client
can
invoke
this
or
an
NS
or
a
NS.
C
can
work.
This
calls
right,
but
the
problem
is,
we
I
mean
what
a
four
C's
there
may
not
be
any
data
plane
related
stitching.
That
would
happen
because
they
are
in
different
world,
are
different
domains.
B
So
what
I
for
says
with
E
and
a
some
I
force
you
only
the
control,
plane,
integration
and
not
the
data
plane
integration.
That
is
one
second
thing
is
even
if
it's
going
to
be
data
plane,
we
would
need
to
probably
look
at
a
VLAN
to
be
excellent
type
of
mapping
to
achieve
it.
This
water,
I
was
I,
was
thinking
but
I
wanted
to
validate
with
you
and
the
rest
of
the
thing.
A
E
A
Know
like
a
seamless
interconnection
may
not
be
possible,
but
even
in
typical
deployments
today,
interventive
vendor
scenarios.
Typically
the
starting
point-
is
always
a
VLAN
I.
Think
it's
not
a
bad
start
at
all,
I
mean
even
if
we
can
accomplish
that
VLAN
interconnect.
It's
nothing
fantastic!
That
relief.
My
read
on
the
data
plane,
yeah.
B
And
also
right,
we
have
to
look
at
how
the
stitching
would
happen.
It's
I
mean
the
view.
I
have
is
essentially
very
very
like
at
10,000
feet
view
and
we
we
may
need
to.
When
we
get
into
the
nuts
and
bolts,
we
need
to
see
what,
whether
it's
possible
or
not,
so
that
is
where
I'm
I'm
struggling
to
connect
the
dots.
Yes.
B
F
G
G
D
A
good
way
to
think
about
it
is
instead
of
thinking
to
be
in
terms
of
e
NS
m
versus
pianist
m,
more
or
so
on.
Like
you
know,
you
have
to
look
at
it
from
the
high-level
view
of
the
protocol
yeah.
What
it
does
is
when
you
run
the
the
protocol.
There's
there's,
there's
two
main
ones
in
this
scenario.
To
think
about,
so
one
of
them
is
the
client
like
a
kubernetes,
final
client
to
a
to
the
network
service
manager,
and
that
goes
typically,
that's
called
the
MSC
yeah
and
then
actually
there's
three
API.
D
So
we
have
three
on
that
one.
The
second
one
is
the
medicine
manager
to
MSN
manager
and
the
third
one
is
an
assistant
manager
to
the
network
service
endpoint,
which
reuses,
which
should
we
use
or
is
very
close
to
the
same
API
as
the
NSC
to
an
SM
just
in
the
opposite
direction.
So
when
you
start
looking
at
these,
these
two
main
classes,
these
two
main
ap
is
then
the
NFC
NFC
NSM
is
primarily
concerned
about.
How
do
you
get
a
local
mechanism
into
it
and
what
network
service
are
you?
D
Do
you
want
to
work
with
some
some
labels,
and
so
when
you
start
to
deal
with
things
that
are
outside
of
kubernetes,
that
NFC
label
doesn't
make
as
much
sense,
and
so
in
that
scenario,
that's
its
beacon.
That's
where
you
start
to
look
at
things
like
like
when
you
look
at
the
MSM
ons
em,
so
we
use
the
cases
like
open
daylight
as
an
example.
So
it's
both
open
daylight
were
to
expose
a
the
and
the
networks
managers
api's
it
NSM
tennis
ma
guys.
D
Then
we
call
it
an
ENS
em
just
to
give
it
a
name
for
people
as
a
pattern,
but
that
protocol
is
the
same
as
if
it
was
like
a
kubernetes
and
as
I'm
talking
to
another
communities
innocent.
So
there's
there's
no
difference
in
that
style.
The
difference
is
that
when
the
odl
based
or
Sdn
based
MSM
receives
that
particular
request.
There's
no
network
service
endpoint
for
it
to
reach
out
to
it,
is
the
Sen
and
simultaneously.
If
it
needs
to
make
connection
out
and
begin
a
server,
it
doesn't
begin
with
an
NSC.
D
It
begins
with
the
with
the
NS
d
n
itself,
making
a
determination
to
invoke
the
MSM
based
api's
and
whatever
mechanism
it
sees
fit.
So
so
we
talk
about
e
and
SM,
we're
typically
talking
about
something
that
is
non
kubernetes
related
that
exposes
the
MSM
API,
the
network
service
manager
and
it's
NSF,
yeah
yeah.
D
G
A
B
C
D
The
PSN
is
a
more
advanced
pattern,
so
these
are
all
about
patterns,
and
so
in
this
scenario
you
see
there's
no
data
plane,
so
it's
actually
making
a
call
out
and
whatever
an
attempt
to
in
the
state
a
plane
is
what
gets
provided.
But
so
why
have
the
PN
SM?
The
PM
SM,
is
able
to
augment
the
the
MSM,
the
Renison
calls
and
inject
other
things,
and
it
also
can
be
something
that
you
can
centralize
decisions.
D
So,
instead
of
using
the
distributed
and
the
sound
of
NSM
patterns,
you
can
stick
a
pianist
in
there
to
do
something
that
is
it's
more
centralized.
So,
for
example,
if
you
want
to
do
something
like
you
wanted
to
pick
a
route
based
upon
some
status
of
your
Sdn
and
instead
of
trying
to
do
that
from
a
distributed
sense.
D
Where
each
system
has
little
information
you
could
you
could
have
the
pianist
of
this
job
be
to
to
select
the
rap
for
you,
because
it's
been
given
a
lot
more
information
to
do
so
rather
than
trends,
rather
than
try
to
share
that
information
to
every
single
NSM.
That's
out
there
so
there's
different
patterns
that
arise
from
the
scenario
where
the
p
and
SM
doesn't
actually
provide
the
data
plane
itself,
but
is
able
to
augment
the
request
or
the
being
plane
in
some
way.
Yeah.
G
D
A
Yeah
I
think
yeah
I
think
it
is
also
a
very
reasonable
description
or
I
mean
basically
depending
on
the
audience.
Many
people
understand
the
term
get
very
well
or
people.
Often
other
technology
could
be
external
controller.
It
depends
on
the
audience.
I
think
we
can
explain
it,
but
I
think
I
think
what
the
function
is
well
said,
like
you
know,
proxies
like
advanced
functionality,
whereas
this
is
more
of
a
you
know,
sort
of
a
translation
right.
It
yeah.
C
A
B
B
B
A
B
Let
me
take
explaining
okay,
so
for
a
moment
in
this
diagram,
just
assume
it's
open
daylight
or
some
Sdn
controller,
okay,
now
and
a
Sun.
Let's
assume
that
it
is
wanting
to
it's
exposing
a
firewall
here
here
right.
This
is
the
firewall
right,
the
part
that
wants
a
firewall.
So
what
what?
What
open
dealt
wants
to
use
it
is.
It
wants
to
invoke
this
firewall
right
so,
which
means
what
open
daylight
would
essentially
need.
B
Is
it
needs
to
access
the
API
endpoints,
so
what
it
will
do
it'll,
essentially
for
now,
with
this
static
in
nature,
because
what
happens
is
this
particular
firewall
would
have
exposed
those
endpoints
in
and
what
we
do
is
we
take
the
proto
information
and
then
create
a
yank
file
and
then
host
it
along
with
open
daylight
right,
so
the
user
of
open
daylight
would
essentially
browse
through.
He
would
see
this
as
an
in
as
a
RPC
endpoint.
C
F
B
B
B
A
B
C
G
G
C
G
G
C
Yes
but
I
mean
the
the
API
I
mean
Fred.
Maybe
maybe
you
have
a
better
explanation
here,
but
my
explanation
is
that
the
protocol
is
a
little
bit
more
than
just
describing
the
endpoints
I
mean
you.
The
part
of
the
protocol
is
negotiating
between
the
two
nsx,
for
example.
The
VN
is
that
we
use
for
the
VX
one
of
the
tunnels
or
all
these
things
they're
part.
E
G
D
Ceri,
we
primarily
use
it
as
a
as
a
registry
and
in
fact
the
registry
itself
is
access
to
New
York
we've
seen
we
actually
don't
access
the
go,
see
our
deeds
directly,
so
so
that
that
means
that
your
you
can
have
something:
that's
not
part
of
kubernetes
or
a
non
clear
news
network.
So
the
first
part
is
that
we
want
to
be
careful
not
to
tie
kubernetes
as
the
as
the
underlying
required
thing
and
when
you
deal
with
CDs
you're
now
bound
to
that.
D
So
we
have
that
one
layer,
layer
of
abstraction,
the
other
problem
that
you
run
into
when
you
start
looking
at
your
PC
in
the
scenario
right
here,
we
see
when
you're.
Looking
at
the
series
is
we
we're
designing
this
for
for
trying
to
gain
like
a
very
high
scalability,
and
so,
if
you
look
at
any
an
SM,
an
innocent
manager,
you
know
it
doesn't
have
to
know
about
the
entire
world.
It
just
has
to
know
about
its
connections
like
Who
am
I
connected
to
what
can
what
connections
do
I
have?
D
What
will
my
producers
look
like?
I
have
one
person
a
picture
and
so
from
a
scalability
perspective,
that's
okay
from
and
from
the
distributed
system.
But
when
you
start
to
scale
out
and
much
higher
higher
rates,
we
we
don't
want
to
start
putting
in
status
information
or
negotiations
directly
into
the
series
themselves,
because
at
CD
is
already
a
strange
resource
Indies,
and
so
we
start
to
add
in
a
high
volume
of
connects
of
connections
into
at
CD.
Then
we
will
very
likely
run
into
scalability
issues
from
the
from
kubernetes
with
series.
G
To
go
to
yeah
she's
gonna
be
aspects
as
well
that
make
sense.
I
was
just
wondering
if
there
is
a
modeling
language.
The
coconut
is
five
that
can
describe
as,
for
example,
the
ordeal
is
defining
it
as
a
young.
You
know,
but
that's,
okay.
You
know
I
protocol
level
interface
if
it
is
well
defined
on.
So
that
should
be
good
enough.
G
A
G
A
Very
good
yeah,
so
in
fact
I
was
hoping
no
I
think
so
just
on
the
probably
frame
may
be
one
way
to.
If
you're
going,
broaden
explaining
this
I
would
actually
say
you
are
not
actually
is
reverse.
You
are
doing
something
of
a
more
static
setup.
Probably
I
thought
maybe
a
better
description,
because
if
you
say
reverse,
then
it
sends
doesn't
sell
the
I
mean
I
would
say
the
explain.
The
value
of
your
demo
right.
All
that
you
are
doing
is
basically
static
and
dynamic
is
just
one
step
away.
A
A
A
A
A
G
A
At
least
one
idea
this
is
from
our
side
is
not
about
en
SM,
but
just
delivering
the
interconnected
self
like,
for
example,
within
a
cloud
or
across
cloud
telling
the
interconnect
its
cells
using
NSX,
T
right
I
mean
NSX
T
as
a
CNI.
So
that's
what
we
have
in
mind,
but
you
have
to
put
it
together,
got.
G
A
Can
we
take
I
mean
some
of
the
NSM
I
mean?
Basically
the
NSM
protocol
right
take
at
least
one
case
such
as
VLAN
be
excellent
and
talk
through
a
little
bit
and
see
if
something
can
be
done
on
the
data
plane.
But
he
gets
thing
at
least
one
case:
I
want
to
go
the
simplest
one
and
see
on
the
data
plane
side.
If
there's
some
sort
of
negotiation
possible
right
and
talk
to
a
little
bit.
C
A
C
C
A
C
C
E
F
A
Let
my
use
case
is
super
simple.
All
I
want
to
do
is
like
when
a
new
connection
comes
like
I
want
to
assign
a
new
wheel
and
to
it
I'm
not
even
getting
to
be
excellent,
very
simple.
You
can
a
new
wheel
and
be
assigned
to
it,
and
both
sides
agree
to
the
same
number
and
go
program
it
like
you
know.
A
new
enterprise
customer
comes
comes
up,
new
VLAN
and
done
boom.
B
So,
okay,
so
when
we
talk
about
data
plane,
I
was
trying
to
draw
a
parallel
between
MS
NSM
30
planes
of
same
domain
right.
But
when
we
so
essentially
you
inject
those
interfaces
into
the
part
and
then
make
it
work
right,
whereas
the
same
may
not
be
applicable
when
we
talk
about
en
SM,
because
they
are
quite
disjoint
world.
B
So
in
this
case
we
have
to
probably
look
at
the
use
case
in
a
different
way
right,
because,
even
though
the
tunnel
is
there,
but
one
for
example,
fits
of
e-excellent
tunnel,
one
side
is
essentially
being
injected
onto
the
part,
but
the
other
side
I
may
or
may
not
have
the
to
inject.
Those.
For
example,
prim.
A
Let
me
make
it
super
simple,
for
you.
Super
duper
simple,
like
forget,
so
basically
take
a
pod
which
is
implementing
sra
Bovie
right.
Forget
all
the
overlay,
everything
s.
Sorry
were
we.
So
what
happens
is
when
a
new
enterprise
customer
comes
in
we
add
a
new
video
is
on
the
SR.
I
will
be
Nick
side.
We
add
a
MAC
address
with
a
VLAN,
so
that
package
can
be
directed
right,
but
only
pick
a
villain
number,
let's
say
100
right
and
now
on
the
switch
side
we
want
to
make
sure
the
same
VLAN
is
being
programmed.
A
That's
all
we're
looking
for
it's
really
simple
I'm,
not
even
getting
to
VX
plan.
Let's
start
small
I
mean
they
both
agreeing
to
the
same
VLAN
and
going
and
programming
for
a
new
enterprise
customer
very
simple,
let's
start
small,
then
we
can
build
on
it
like
build
on
Dax
land.
All
these
things
can
be
easily
built
once
we
have
something
basic
running.
A
G
A
Correct
so
there
are
two
cases
funny
I
was
thinking:
one
is
the
L
2
L
3
L
3
you're
spot
on.
You
know
that's
an
easier
one
to
tackle,
but
L
2
means.
Then
you
have
to
have
a
global
VLAN
ID,
but
L
3
yeah
spot-on,
like
very
simple.
It's
a
local
VLAN
significance,
and
that's
it.
That's
all.
That's
even
that's
a
very
good
starting
point.
Correct.
G
Even
for
L
2
wrong
key,
we
should
not
assume
the
VLAN
is
global
for
overlapping
villain
use
cases.
You
know
when
you
go
into
brown
filter
comments.
You
will
get
into
scenarios
where
the
VLAN
number
is
already
you
know,
but
doesn't,
but
you
might
want
to
fit
into
different
broadcast
domain.
You
know.
As
a
result,
a
particular
VLAN
number
on
a
given
attachment
point
could
get
connected
to
a
broadcast
domain
which
is
using
different
VLAN
numbers
at
other
attachment
points.
You
know
so
it's
very
important
for
multi-tenancy
I'm
presuming
that's
important
goal
here
as
well.
G
A
G
For
a
global
value,
yes,
it
needs
to
be
aware.
Absolutely
no,
but
if
you
model
particularly
local
attentional
point
from
the
court
to
the
physical
network,
then
you
know
still
the
NSA
needs
to
be
aware.
It
needs
to
manage
that
local,
namespace
and
I
kind
of
do
the
mapping
between
that
local
named
global
namespace.
G
G
A
That
I'm
not
now
we
should
we
should
definitely
look
at
both
yeah
excellent.
So
with
that
in
mind,
so
basically
so
Nicola
Fred
from
sort
of
the
control
clean
perspective.
What
is
there
some
numbers
being
negotiated?
Let's
say
all
we
are
looking
for
a
simple
VLAN
connectivity
between
two
endpoints
or
what
gets
negotiated
so
in
that
I
know
that
type
gets
negotiated.
Think.
C
C
D
For
example,
initiator
might
say:
I
I
support,
VX
land,
but
please
use
one
of
these
sets
of
parameters
instead
of
constraint
and
then
the
repeating
and
the
endpoint
or
the
one
I
would
they
would.
They
would
receive
the
request
you
can
select
out
of
that
out
of
that
list
as
well.
So
it's
not
like
it's
not
like
the
the
client
has
no
say
and
it'll
say
well.
A
A
Setting
in
a
control,
so
basically
assuming
these
are
all
local
I
said
there
is
some
local
number
generation
just
going
back
to
the
simple
VLAN
case
so
base.
So
how
do
you
program
the
Ranger?
How
do
we
know
I
mean
I
do
about
the
start?
How
does
that
programming
happen
between
the
initiator
and
the
responder?
So.
C
A
G
G
C
G
A
Exactly
it
should,
it
should
I
mean,
ideally
as
part
of
the
service
I
mean
for
I.
Think
each
interconnect
in
the
service
is
an
ideal
scenario.
Minimally,
a
starting
point
would
be
for
the
entire
service.
Then
we
can
say
for
each
connection
in
the
service.
Then
we
can
have
different
ranges
or
the
next
level.
I
think
yeah.
B
F
G
G
G
B
B
Today,
what
happens
is
the
usage
of
VX
tran
makes
it
simple,
because
you
essentially
inject
one
of
the
endpoints
to
the
service
and
the
other
one
to
the
client
right
now,
because
the
excellent
provides
a
program
ability
right
so
yeah.
If
you
have
to
play
the
VLAN
part
right
so
VLAN,
essentially
what
happens
is
VLAN
was
essentially
meant
for
a
physical
port,
which
means
what
I'm
trying
to
say
is
from
a
kubernetes
perspective.
B
G
Point:
that's
a
good
point
cream
there
from
that
point
of
view,
if
God
is
basically
looking
for
a
subnet
that
it
can
insert
itself
in
and
participate
in
right,
that
subnet
in
in
SSRI
use
cases
can
map
to
a
VLAN
as
an
attachment
point
or
when,
let's
say
we
switch,
which
is
doing
VX
LAN
on
the
server
itself.
There.
G
Also,
if
you
think
about
it,
the
connectivity
to
the
pod
will
will
be
some
kind
of
a
virtual
port,
and
that
will
I
mean
you
can
model
it
as
a
VLAN
or
you
can
model
it
as
a
generic
subnet
I
understand
that
the
VX
LAN
will
you
have
to
convert
it
to
a
v
ni,
the
interface
to
the
pod.
You
don't
want
to
push
v
ni
also
on
the
pod
pod,
better,
be
generous
enough
that
it
can
operate
in
a
let's
say:
segment,
routing,
environment
or
a
VX,
LAN,
environment
or
or
anything
like
that
right.
F
E
F
G
A
A
A
G
C
G
H
G
A
A
G
That's
the
same
problem
when
you
have
VMs
in
the
picture
and
when
you
have
a
DP
D
K
based
implementation
on
the
beast,
which
is
the
same
scenario
romkey
here
instead
of
VMs,
now
replaced
it
with
containers
and
the
memory
management
you
need
to
do.
That's
actually
going
to
be
a
differentiating
feature
or,
if
I
may
say,
based
on
the
SLA,
based
on
the
QoS
requirements
of
the
container,
you
will
have
to
do
a
better
memory
management,
but.
A
G
So
when
I
was
having
detailed
discussions
with
Verizon,
this
is
what
we
brainstorm.
We
I
said:
look:
do
you
guys
envision
the
number
of
containers
to
be
exactly
number
of
virtual
functions
on
an
NIC?
Let's
say
those
those
are
going
to
be
256,
then?
Yes,
you
can
go
ahead
with
SR
I.
We
invest
your
money
and
so
on,
but
if
you
will
be
having
n
number
of
containers
or
pods,
which
are
let's
say
more
than
256
more
than
the
number
of
virtual
functions,
let's
say
they'll
be
in
thousands,
then
you
know
how
do
you
you?
G
You
just
cannot
map
it
to
the
hardware
or
a
physical
function
or
a
virtual
function
right?
How
do
you
solve
that
problem
so
in
those
and
and
they
do
have
such
scenarios,
not
just
that
carrier?
Other
carriers
also
will
have
that
you
know.
In
that
scenario,
you
have
to
do
a
maxing,
nd
maxing.
That
scenario
will
be
forced
to
do
some
kind
of
a
buffer
management
between
multiple
containers
trying
to
utilize
the
same
single
hardware,
resource.
A
That's
a
very
fair
analysis
and
we
also
heard
I
mean
I'm,
not
saying
the
every
number
the
typical
usage
would
be
like,
maybe
100,
pods
100,
unique
pods
per
per
node
I
mean
basically
per
host.
This
is
I
mean
again
one
reference
point,
I'm
not
saying
this
is
the
only
reference
point,
but
yeah
you're
right
I
mean
basically
we
need
a
family
of
solution.
Correct
yeah,.
G
Other
useful
point:
I
learned
not
from
Verizon,
but
I
can
name
that
it's
better
I,
don't
name
them,
but
the
point
is,
let's
say:
you're
terminating
the
TCP
and
UDP
on
the
container,
meaning
the
destination.
Ip
is
meant
for
the
container
IP.
Then
the
number
of
connections
there
are
going
to
be
very
large
in
number
right
and
there
will
be
large
number
of
containers
running
on
that
server.
Node
as
well,
but,
let's
say
you're
implementing
like
a
firewall
CNF.
G
G
A
A
And
I
think
this
is
very
good,
so
basically,
we
are
also
now
gotten
much
crisper
than
on,
especially
the
data
plane
right.
So
at
least
we
have
I
think
a
story
lining
up
on
the
VLAN
case
and
plane.
We
were
just
chatting
that
probably
for
your
messaging
I,
think
you're
doing
much
more
than
the
backward
initiation
from
ODL
it's
more
of
really
actually
you're.
Almost
there
you're
doing
starting
with
static
connectivity,
then
the
only
simple
next
step
is
dynamic.
Probably
that's
a
better
way
to
position.