►
From YouTube: Using Calico (eBPF, Linux, Windows) on Azure and AKS
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
A
This
is
an
official
live
stream
of
the
cncf
and,
as
such
is
subject
to
the
cncf
code
of
conduct.
Please
don't
add
anything
to
the
chat
or
voice
any
questions
that
would
be
in
violation
of
that
code
of
conduct.
Basically,
please
be
respectful
to
one
another,
and
let's
have
a
fantastic
session
today
with
that
I'd
like
to
turn
it
over
to
laura
to
kick
off
today's
presentation.
B
Thank
you.
Thank
you.
I
think
there
was
a
small
confusion.
So
alara
is
our
I'm
rather
christian.
By
the
way
I
thought
she
was
going
to
join.
I
thought
she
was
going
to
join
the
meeting.
She
works
for
she's
in
a
different
team
and
she
manages
all
these.
You
know
meetings,
sorry
about
the
confusion
so
yeah.
My
name
is
giri
radhakrishnan,
I'm
a
product,
marketing
manager
at
tigera
and
I'll
be
presenting
today.
Let
me
start
sharing
my
screen.
First.
B
You
know
just
talk
about
some
of
the
use
cases
that
we
we've
noticed
and
we've
seen,
and
also
some
of
the
benefits.
B
Before
I
start
just
wanted
to
talk
about
project
calico
a
little
bit,
so
it's
an
active
community
for
cloud
networking
and
security
if
you're
not
familiar
with
calico,
it's
a
it's
an
open
source,
cni,
that's
available
to
use
on
communities
and
other
cloud
native
platforms.
B
So
there
are
links
to
you,
know
different
projects
here,
project
calico
and
then
the
github
link
and
you
know,
links
for
their
slack
channels.
So
there
are
about
six
thousand
members
active
members
in
our
selection
and
we
have
an
active
community
of
around
150
contributors
and
in
the
next
slide
I'll
show
you.
You
know
the
the
depth
and
distribution
of
calico
so
feel
free
to
join
this
community.
B
So
we
we
would
be
excited
to
have
you
on
our
slack
channels
where
you
can
discuss
with
other
members
about
you
know
just
troubleshooting
or
any
q,
a
that
you
have.
B
So,
as
you
can
see
it's
one
of
the
most
widely
adopted
cni
and
security
solution
for
communities
we,
we
are
powering
more
than
two
million
nodes
across
you
know.
166
countries
and
we've
noticed
that
there's
been
a
billion
plus
docker
pools
for
calico
and
it
powers
about
500
000
clusters
across
these
you
know
across
50
000
enterprises,
so
calico
also
gives
you
a
choice
of
data
planes.
We've
designed
it
in
a
way
that
it's
a
plugable
data,
plane,
model
and
calico
supports.
B
You
know
standard
linux,
it
supports
ebpf
and
also
the
windows
host
network
services
called
hms.
B
We
support
both,
you
know
on-prem
or
public
clouds.
It
could
be
on
a
single
node.
It
could
be
across
a
thousand
node
cluster,
so
whether
you
want
to
scale
to
thousands
of
micro
services
with
evpf
or
if
you
want
to
add
you-
know,
windows
workloads
to
your
communities,
deployment
calco.
Has
you
covered.
B
The
core
design
principles
of
calico,
we
leverage-
you
know
best
practices
of
cloud
native
design
patterns
and
combined
with
you,
know,
standards-based
network
protocols
which
is
trusted
by
you,
know
the
largest
internet
carriers.
B
It
also
works
on
hybrid
platforms.
We've
noticed,
you
know
some
of
our.
You
know
people
that
we
talked
to
they've
used,
aws
outposts
or
even
anthos,
for
their
hybrid
deployments
and,
as
I
mentioned,
works
in
a
plugable
data
plane
model.
We
support
ebpf
linux
windows
and
two
types
of
containers.
At
the
moment,
linux
and
windows.
B
So
today,
calico
offers
four
data
plane
models,
which
is
data,
plane,
types,
standard
linux
with
iptables
windows,
hns,
evpf
and
vpp,
I'm
assuming
most
of
you
would
know
the
advantages
of
evpf
or
what
ebpf
can
do.
So,
to
put
it
really
simple,
simple
words:
it's
just
like
a
internal
virtual
machine
that
gives
you
know
superpowers
to
your
programs.
B
B
So
some
of
the
key
benefits
that
I
want
to
show
you
of
using
ebpf
is
performance.
That's
that's
the
highest
possible
benefit
that
you
will
get
and
the
second
is
native
community
service
handling
and
the
third
benefit
is
source,
ip
preservation
and
direct
server
or
dsr.
B
So
each
benefit
here
will
be
significant
and
it's
worth
discussing
you
know
further.
So
let's
do
that
now
when
you
talk
about
performance,
so
we
did
a
performance
throughput
measurement
using
cupof
and
we
used
a
pair
of
pods
running
on
different
nodes.
B
Basically,
mtu
is
the
maximum
packet
size
and
1500
is
the
you
know.
Realistic
number
for
internet
traffic
and
9k
is,
you
know,
typically
called
a
jumbo
frame
and
used
within
some
data
centers.
What
we've
done
is
reduced
it
by
60
to
be
conservative
just
in
case
you're.
You
know
running
running
it
on
top
of
some
overlay
network
and
we
measured
both
cpu
usage
and
throughput
I'll.
Just
talk
about
throughput
now
and
you
can
see
that
with
8940
mtu,
both
options
come
close
to
saturating
the
14
gig
link.
B
So
one
more
thing
I
forgot
to
mention
was
we
used
a
40
gig
link
to
test
this
throughput,
so
at
the
smaller
package
size
we
see
a
gap
in
throughput
appear
so
cupof
generally
limits
itself
to
a
single
core,
which
makes
it
a
really
good
tool
for
seeing
how
much
traffic
can
be
pushed
by.
B
You
know
any
application
with
a
limited
amount
of
cpu,
but
a
caveat
here
is
that
not
to
misinterpret
this
data,
as
has
the
throughput
limit
for
the
node
rather
than
for
a
single
instance
of
cuber?
B
So
if
you
had
more
cpu,
you
know
you
know
multi-threaded
application
and
ran
more
pod
instances.
You
could
saturate
the
40.
B
And
if
you've
not
noticed
yet
the
red
is
with
ebpf
and
the
blue
is
with
standard
linux.
Networking
and
you
can
see
that
the
throughput
is
definitely
higher
with
the
epf.
B
The
second
benefit
is
native
kubernetes
service
handling,
so
originally
calico's
ebpf
data
plane
wasn't
planned
to
replace
cube
proxy,
but
ultimately
it
did
and
we'll
see
why
so
as
a
general
philosophy,
maintaining
compatibility
with
upstream
communities
components
when
possible
is
usually
beneficial,
but,
as
you
know,
we
started
developing
calico.
B
We
found
that
the
optimum
ebpf
design
for
calico's
feature
wouldn't
work
with
existing
q
proxy
without
you
know,
increasing
the
complexity
and
reduction
in
performance.
So
once
we,
you
know,
started
getting
close
to
replacing
q
proxy,
we
decided
how
we
could
improve
on
the
upstream
implementation
by
natively
handling
community
services
within
calico
data
plane.
B
So
in
the
next
slide
you
can
see
that
we've
achieved
reduced
latency,
so
cube
proxy's
implementation.
It
uses
a
list
of
rules
that
grows
with
the
number
of
services,
so
latency
gets
worse
as
the
number
of
services
increase,
both
ipvs
mode
and
our
implementation.
It
uses
an
efficient
map
lookup
instead,
resulting
in
a
flat
performance.
You
can
see
that
ebpf
is
way
below
compared
to
ip
tables
and
ipvs.
B
That
means
it's
faster
with
the
you
know:
tcp
connect,
type
test.
B
The
next
benefit,
the
last
benefit
I'm
going
to
talk
about
is
source
ip
preservation
and
direct
server
return.
The
data
path
through
a
cluster
with
the
ebpf
data
plane
enabled
is
much
more
simplified.
B
It
can
be
best
understood
with
visuals,
so
I'll
move
on
to
the
next
slide
and
show
you
very
quickly,
I'm
not
going
to
go
into
details
about
this
slide,
where
it
shows
a
difference
between
cube
proxy,
which
is
non-ebpf
and
with
calico
bpf,
how
there
is
benefit
for
users
to
go
with
the
evpf
design
so
very
quickly
on
a
high
level.
What
you
can
see
is
that
with
ebpf
you
can
actually
know
or
save
the
source
ip
of
the
host
external
client.
B
So
what
you
see
on
top
of
the
image
of
both
the
images
is
external
client
and
assume
that
this
is
a
you
know:
a
human
user
or
a
computer
outside
the
cluster
and
at
the
bottom
you
can
see
two
nodes
communities,
cluster
nodes
in
blue
and
the
external
client
connects
to
a
service
load
balancer
to
one
of
the
cluster
nodes.
So
in
both
the
cases
it
hits
the
load
balancer.
B
If
you
set
it
up
in
a
way
that
it
supports
static
server
return,
it
considerably
reduces
the
latency,
at
least
by
half,
so
that
it
doesn't
have
to
go
through
the
the
first
node
or
the
first
part
that
the
traffic
hits
from
the
external
client,
and
it
directly
goes
back
to
the
client
without
the
need
to
routing
it
through
additional
points.
B
B
So,
as
I
mentioned,
microsoft
recently
announced
a
byo
cni
program.
Prior
to
this,
there
were
two
options
I
think
the
default
was
cubenet
and
also
the
option
of
using
azure
cmi
for
aks
clusters.
B
So
you
can
actually
configure
network
interfaces,
manage
connections
and
you
know,
provide
all
the
ipam
functionalities
with
azure.
B
On
aks
clusters,
but
calico's
responsibility
was
to
just
insert
hooks
for
network
policies,
and
you
know
also
maybe
do
encryption
and
few
other
features
so
cni.
If
some
of
you
are
not
familiar,
is
basically
providing
a
network
interface
and
it's
the
brains
behind
cluster
interconnection,
or
you
know,
communication
between
pods
and
what
ipam
does
is
it's
ip
address
management
and
it
assigns,
you
know,
simply
assigns
ip
addresses
for
all
the
pods
in
the
cluster.
B
So
now,
with
the
recent
announcement,
you
can
actually
choose
an
option:
cni
equal
to
none
I'll,
show
you
in
a
in
a
bit
in
the
next
slides
how
this
is
done.
So
what
you
can
do
is
actually
choose
a
no
cni
option
and
install
calico
to
use.
You
know
as
a
choice
for
cni
and
ipam,
it's
a
simpler
approach
and
what
it
does
is.
It
provides
fine
drain
dynamic
ip
address
management
and
I'll
also
explain
why
this
could
be
beneficial
instead
of
using
the
azure,
cni
or
cubenet.
B
So
this
is
how
you
enable
the
calico
cni,
bring
your
own
cni
preview,
plugin,
it's
documented
by
microsoft
and
on
calico
document
documents
docs.
So
our
pages
are
updated
to
show
you
how
you
can
run
calico
with
aks.
So
these
are.
This
is
actually
a
preview
feature
and
it's
provided
assets
and
the
recommendation
is:
do
not
directly
use
it
in
production.
So
word
of
caution:
there.
B
B
And
on
the
next
slide,
once
you
do
a
get
node,
you
see
that
the
status
is
not
ready
on
the
on
the
top.
If
you,
if
you
see
the
cubicle,
get
nodes
hyphen
a
you
see
that
it's
not
ready,
because
there
is
no
cna
running,
the
pod
status
will
be
impending,
because
dns
is
not
going
to
work
in
this
scenario
until
the
cni
is
up.
A
There
there
was
one
question
that
came
in
asking:
when
might
this
be
out
of
tech
preview.
B
I'm
hoping
in
three
months
or
within
six
months
I'm
not
guaranteeing
that.
But
that's
my
guess,
but
if
you
really
want
to
know
I
mean
you
could
you
could
you
know
get
back
in
a
couple
of
weeks
to
or
you
know,
send
us
a
message
on
slack
to
find
out,
but
that's
my
guess,
cool.
Thank
you.
Thank
you
yeah.
So
the
next
screenshot
I'll
be.
I
can
show
you
how
the
operator
based
install
for
calico
works.
B
So
we
see
that
it's
still
not
ready
here
in
this
screen
and
now
you
can
see
that
it's
running
all
the
pods
are
running
and
you
know
cubecut
will
get
nodes
shows
that
everything
is
ready
and
running.
B
A
few
more
things
to
note
here
right
now,
the
implementation
with
aks
supports
only
vxlan
calico
usually
supports
ipip
or
and
bgp,
but
in
aks.
At
the
moment
we
support
on
the
vxlan
is
the
encapsulation
methodology.
B
You
can
see
that
the
api
server
can't
quickly
look
at
that,
but
you
know
you
can
see
it
waits
until
the
cni
is
running
and
once
you
get
a
cube
card
you
get
pods.
You
can
see
most
of
the
calico
system
pods,
actually
all
the
pods
running
here.
B
So
calico
was
initially
designed
for
standard
linux,
so
what
this
picture
represents
is
that
we've
gone
beyond
just
that
and
calico
as
a
project
extends
to
started,
extending
it
extending
to
other
data
planes
and
what
we've
noticed
that
ebpf
has
garnered
a
lot
of
attention
recently
and,
as
we
saw
in
the
first
few
slides,
it
allows
you
to
write
kernel
level
hooks,
for
you
know,
observability
and
security.
B
Observability
is
the
buzzword
right
now,
or
everyone
wants
to
look
at
what's
going
on
within
your
cluster
node
and
your
you
know
complete
infrastructure
and
not
just
that.
It
also
gives
you
performance
gains
and
scalability.
B
So
if
you're
working
with
an
ebpf
data
plane
in
aks
calico
is
available
now
you
could,
you
could
use
it
there
and,
of
course
it's
in
preview
stage
currently
so
with
a
word
of
caution,
do
not
use
it
in
production,
environments
and
another
thing
to
note
that
is:
calico
also
supports
windows,
workloads.
B
So
there
are
some
links
here,
note
that
on
azure
hci
yeah,
you
know
calico
is
the
default
option
right
now
for
cni's.
But
there
are
a
couple
of
links
here
for
how
to
use
calico
with
you
know,
in
the
vxlan
mode
and
in
both
self-managed
and
managed
aks
clusters.
B
So,
let's
move
on
to
some
use
cases
and
fits
with
calicon
aks.
B
So
you
could
use
you
know,
humanities
native
community
services.
You
can
use
network
policies,
but
what
you
get
beyond
that
is,
you
know
all
the
capabilities
of
calico
network
policy.
B
I'll
show
you
three
major
benefits
in
the
next
few
slides,
but
you
could
take
full
advantage
of
you
know
all
the
advanced
features
that
calico
provides
by
going
beyond
the
you
know:
azure
cni
or
the
cubenet
cni's.
B
So
the
first
benefit
that
we
talk
about
is
you?
Can
dynamically
grow
and
shrink
your
ip
address
space?
Your
your
site
is
so,
let's
say,
you're
migrating
pods
from
one
ip
pool
to
another.
How
do
you
do
this
without
network
destruction?
So
we
have
documented
steps.
So
for
all
these
benefits
there
are
steps
on
how
you
do
the
you
know.
I
would
call
these
features
and
you
could
actually
go
go
to
project
calico,
docs
and
see
how
this
is
done.
B
It's
a
simple
five-step
process
of
you
know
adding
and
disabling
new
and
old
iphones,
removing
it
from
the
pod
and
adding
it
to
the
pod.
It's
it's
as
simple
as
five
steps,
and
the
use
case
is
that
you
can
actually
migrate
pods
from
one
pool
to
you
know
to
another
without
network
destruction.
So
I
believe
this
cannot
be
done
without
calico.
So
and
I'm
sure
you
know
folks
will
benefit
from
a
feature
like
this.
B
The
other
benefit
is
floating
ips,
so
community
services,
just
to
refresh
it's
it's
a
it's
an
abstract
way
to
expose
an
application.
According
to
the
communities
document,
that's
what
humanity
services
mean.
So
it's
very
similar
to
that
and
what
you
can
do
with
floating
ips
is
that
it
can
front
a
workload
and,
depending
on
how
these
workloads
move
around
the
cluster,
you
can
actually
use
the
same
ips
for
the
workloads.
B
So
for
community
services,
the
host
uses
a
knack
for
incoming
traffic
so
to
change
the
floating
ip
to
the
workloads
real
ip
before
delivering
packets
to
the
workload
you
could
use
this
feature
and
another
advantage
of
using
floating
ips
with
calicos
that
it
doesn't
work
only
with
tcp,
udp
or
sctp.
It
works
on
all
network
protocols.
B
And
another
use
case
is
when
you're
operating
with
legacy
firewalls.
You
know
you
still
need
some
of
the.
B
You
know
what
we
typically
call,
not
south
traffic
perimeter
firewalls,
and
if
you
want
to
integrate
those
firewalls
with
your
cloud
native
applications,
what
we
can
do
is
create
an
ip
pool
for
the
entire
communities
pod
cider,
but
you
can
also
break
you,
know,
break
it
up
into
smaller
pods
and
you
know
change
the
ippu,
so
you
can
actually
control
which
pool
calico
uses
for
each
pod
using
node
selectors.
B
I'm
not
sure
how
many
of
you
have
seen
this
table.
So
what
it
shows
is
you
know
this
is
a
benchmark
study
done
by
an
independent
person
alex,
but
I
I
forgot
where
it
was
published.
I
think
it
was
it
next
dot
io,
but
you
know
what
it
shows
is
how
calico
compares
to
the
other
cni's
in
the
market,
especially
you
know.
B
When
you
look
at
encryption,
which
calico
offers
through
wire
guard,
you
can
see
that
you
know
it's
a
clear
winner
there
and
it's
also
excelling
in
all
the
other
categories,
but
since
the
publication
of
this
benchmark,
what
we've
done
is
for
empty
use.
B
Offered
automated
mtu
configuration,
so
you
can
actually
automatically
determine
the
best
mtu
calico
will
determine
the
best
mtu
for
new
pods
based
on
the
underlying
network,
mtu
and
enabled
encapsulation
methods.
So
what
it
does
is
it
provides
an
optimal
network
performance
without
any
need
for
manual
configuration.
B
A
lot
of
text
on
this
slide,
but
just
a
quick
overview
is
that
you
can
configure
mtu
to
maximize
network
performance
so
based
on
your
underlying
network,
you
can
either
decrease
or
increase
your
mtu
for
optimal
performance,
but
by
default,
calico
can
auto,
detect
and
use
the
correct
mtu
for
your
cluster,
based
on
node
configurations.
A
B
Unfortunately,
I
would
I'm
not
going
to
demo
that
you
know
that
my
technical
counterpart
would
have
done
that
if
he
or
she
was
available.
I
I'm
not
sure
who
was
supposed
to
demo
it
today,
I'm
not
very
technical
savvy
to
demo
it.
But
I
don't
know
if
colorado
is
going
to
work
with
you
for
future
talks
and
someone
can
come
and
demo
the
epf
solution
there.
A
Sorry,
absolutely
no
worries
no
worries.
Thank
you.
Thank
you
for
that
question.
I
think
one
other
question
that
I
had
was,
if
you've
learned
any
interesting
lessons,
while
working
with
workloads
or
anything
that
you've
heard
from
people
that
are,
you
know,
have
linux
and
windows
workloads
together.
That
seem
to
be
an
interesting
area
for
conversation
as
well.
As
you
know,
context
in
running
those
workflows.
B
Good
question
interesting
question,
but
unfortunately
I
don't
think
I
have
the
you
know.
I
have
not
spent
enough
time
here
to
talk
about
windows
workloads.
As
far
as
I
know,
I
think
most
of
the
conversations
that
I've
had
with
you
know
folks
here
at
tagera's,
linux
or
ebpf.
A
B
I
don't
see
anything
in
the
roadmap
as
at
the
moment,
but
I'll
definitely
take
it
back
to
you,
know
the
team
and
find
out.
So
will
these
questions
be
available
for
me
to?
Is
it
saved
anywhere.
B
Yeah
I'll
definitely
get
back
with
the
right
answer.
After
talking
to
the
engineering
team,
yeah.
A
B
And
I
apologize,
I
think
the
person
who
was
supposed
to
give
this
talk
was
much
more
technical,
but
you
know,
since
they
were
not
available,
and
I
had
to
do
the
presentation,
but
I'm
sorry,
I'm
not
able
to
answer
most
of
the
questions
today.
A
We
can
get
you
we
can
get
you
synced
up
eventual
consistency,
you
know
we'll
get
you
in
touch
with
the
right
person,
sure
yeah.
The
next
question
that
we
had
come
up
was
from
james
saying:
is
it
possible
to
get
an
external
ip
address
with
calico
on
a
self-managed
kubernetes
cluster
in
an
azure
vm
instance?.
B
So
you
can
get
an
external
ip
address
if
the
question
means
that
will
it
will
a
static?
Ipa
does
work,
so
there
is
a
functionality
called
eagles
gateway
that
we
use.
So
I'm
assuming
that's
what
the
question
means.
B
So,
yes,
with
again
a
caveat
that
I'm
not
100
technical
on
this,
so
don't
assume
what
I'm
saying
is
right,
but
yes,.
A
Cool
excellent,
excellent,
excellent.
Thank
you
very
much.
Our
next
question
is
what
is
the
name
of
the
tool
used
to
test
network
stack
performance
equals.
B
Q,
just
q
and
p
rf.
A
All
right
awesome,
it
looks
like
that.
Those
are
all
the
questions
that
I
have
so
far
again.
If
y'all
have
any
more,
please
feel
free
to
throw
them
into
the
chat
and
we
can
get
everything
synced
up.
I
did
see
a
question
earlier
too
asking
if
the
slides
or
those
links
are
going
to
be
available
at
any
point
in
time.
I
can
always
publish
them
to
this
video
afterwards,
if,
if
they're
open,
otherwise,
I
could
sync
up
with
you
on
any
links
that
might
be
good
to
put
into
the
video
description.
B
Okay,
I
think
I
forgot
to
mention
one
more
thing.
B
So
there
is
actually
an
azure
course,
for
you
can
become
a
certified
calico
operator
for
for
azure.
You
can
find
the
links
here.
I
I'm
sure
if
you
share
the
slides,
you
can
definitely
get
it
and
there
is
also
a
calico
big
cats
ambassador
program,
for
which
I
have
a
link
here
too.
So
I
just
wanted
to
share
that.
A
To
the
chat,
at
least
the
azure
course
awesome,
awesome
awesome,
wonderful,
again
feel
free
to
throw
any
questions
you
might
have
into
the
chat
we
can
get
those
answered
here.
Otherwise
we
can
give
you
yes,
q,
perf.
Thank
you
very
much.
A
Otherwise,
we
can
close
things
up
and
give
you
a
few
minutes
back.
Okay,
we
do
have
a
one
more
question.
Is
it
also
supported
or
plans
in
support
for
aws
or
gcp.
B
Yeah
yeah
definitely
so
I
think
azure
was
the
only
platform
which
was
not
supported,
but
aws
and
gcp
were
always
supported
for
calico.
You
could.
So
if
you
go
to
the
docs,
you
can
see
how
you
can
install
calico
on
aws
or
gcp
excellent.
A
B
A
And
like
so
many
so
many
others,
I
think
it
was
like
back
in
the
early
times
of
what
was
that
it
was
a
core
os.
I
think
there
was
like
a
core
os
summit
and
was
really
interesting
back.
Then
it's
amazing
to
see
how
far
the
project
has
come.
Are
there?
Are
there
any
things
that
you're
particularly
excited
about
that
are
going
to
be
coming
out
here
in
the
future,
or
just
any
kind
of
thoughts.
B
B
I
think
ebpf
is
is
the
most
exciting.
I
see
a
lot
of
you
know
even
enterprise
customers
starting
to
use
ebpf
and
talking
about
ebpf.
So
I
think
that's
going
to
be
interesting
to
see
how
it
pans
out.
A
Awesome,
well,
I
don't
see
any
more
questions
that
have
come
in
so
with
that.
I
would
like
to
thank
you
all
for
joining
us
today.
It
was
great
to
see
you
all
here
at
the
latest.
Episode
of
cloud
native
live
great
to
learn
from
gary.
We
really
enjoyed
the
interaction
and
questions
from
the
audience.
All
of
you
have
the
best
questions,
and-
and
thank
you
all
for
coming
and
asking
those
it's
always
great-
to
see
it
to
chat
with
you
as
well.
Thank
you
so
much
for
joining
us
today.