►
From YouTube: Istio Networking WG meeting - 2018-08-16
Description
Agenda:
-1.0.1 status and fixes
- Scalability
- Memory usage in Envoy
- Split Horizon EDS
- VirtualService related topics:
- Istio Hostname Ownership proposal
- Support merging of VirtualServices
- Follow up on VirtualServiceDelegation
A
Okay,
I
think
we
can
get
started
hello.
Everybody
thanks
for
joining
this,
your
networking
community
meeting.
We
have
several
items
on
the
agenda
and
quite
a
lot
of
discussions.
I
suspect
we
will
have
around
virtual
services
today,
so
I
propose.
We
start
with
the
less
less
debatable
items
so,
which
are
the
1
0
1
status
and
maybe
like
Costin,
would
like
to
have
15
minutes
to
talk
about
the
split
horizon
ideas
proposal.
A
That's
a
very
new
thing,
so
I
guess
people
will
need
some
time
to
to
digest
it,
and
then
we
can
cover
the
virtual
services.
Part
I,
hope
that's,
okay
with
everybody,
especially
those
involved
like
Brian
Louis
Niraj
into
the
virtual
services,
API
changes
so
related
to
1:01.
There
are
a
few
things
that
we
need
to
deliver
as
soon
as
possible.
A
couple
of
them
are
some
security
fixes,
so
we
discovered
that
the
privilege,
through
is
turned
on
by
default
now
injected
sidecar.
A
So
we
need
to
actually
turn
this
off
for
most
of
the
platforms
except
openshift.
So
the
proposal
is
to
add
a
flag
to
be
able
to
turn
that
on
so
the
default
would
be
the
default.
Will
be
a
privilege
false
right,
not
in
a
guard,
we
will
still
have
the
net
cup
admin
privilege
sir
two
throws
before
so
for
that
we
had.
We
have
the
other
proposals
to
be
able
to
get
rid
of
that,
and
the
other
like
security
issue
is
the
fact
that
we
don't
strip.
A
The
x4x
forward
is
for
headers
when
the
Gateway
is
an
inch
proxy.
So
that
means
somebody
can
prove
that
header
and
well,
because
some
bad
things
to
happen
and
the
proposal
there
is
to
the
hand
flag
in
the
deployment
of
a
gateway
to
specify
if
that
gateway
is
an
edge
proxy
which
will
basically
turn
into
numb
hops.
Numb
trusted
hops
equals
zero
in
on
voice
so
that
whatever
will
do
it
will
strip
all
the
expertise
for
others.
A
If
we
do
that,
okay,
so
if
you
have
any
like
questions
or
concerns
about
that,
please
go
and
github
and
add
comments
there.
There
are
the
two
to
open
issues,
I'm
gonna
actually
maybe
add
them
here,
and
the
next
is
scalability,
which
is
fairly
big
issue
in
itself.
Okay,
maybe
I'll!
Let
you
cross
talk
a
bit
about
that.
B
More
like
1:02,
he
should
not
only
one
zero
one
I,
probably
you.
So
we
did
a
number
of
musicians,
because
pirate
was
using
far
too
much
memory,
but
the
optimization
went
into
the
three
most
commonly
used
CR
these,
which
is
literal
service.
This
nation
will
insert
this
pretty
much
everything
else
in
in
issue
or
the
other
see.
Artists
would
also
need
to
be
optimized
the
same
way.
B
The
root
problem
was
that
the
config
generation
was
calling
model
far
too
often-
and
you
know
it
was
not
cashing
the
results
and
we
really
need
to
cache,
because
there
are
a
lot
of
people
use
a
lot
of
deployments.
So
that's
that
something
that
will
need
to
take
some.
You
know
engineering
resources
and
and
contributions
from
everyone,
improve
networking
security
environments
and
pretty
much
all
areas,
and
we
will
need
some
way
to
end
of
ordinance
weekend.
B
We
can
move
ahead
with
this
with
this
and
and
most
likely
will
cut
a10
to
when
we
make
enough
progress,
and
we,
if
we
have
another
large
chunk
of
improvements
and
we
keep
going
and
gradually
move
to
you
know
I,
never
casuals,
all
the
resources
we
need
to
cache.
We
are
currently
testing
only
with
1,000
services
and
I.
Think
few
thousand
five
thousand
endpoints,
which
is
below
and
again
where
we
are
trying
to
increase,
is
due
to
some
reasonable
number,
which
again
needs
to
be
determined.
B
Don't
I
don't
think
we
need
we
have
enough
bugs
that
are
impossible
to
finalize
already.
You
know,
600
how
many
we
have
creating
a
bug
for
this
year.
D
is
probably
not
very
productive,
will
spend
more
time
creating
and
closing
bugs,
but
if
people
want
to
file
bugs
and
and
to
track
what
they
are
working
on,
that's
wonderful,
I'm,
not
I'm,
not
gonna,
get
into
hits
51
bugs
ya.
B
We
can
we
can
I,
don't
know
how
I
mean
it's.
Everyone
is
familiar
with
what
we
are
working
security
team
has
the
policies
that
mix
I
mean
every
every
team
has
pretty
clear,
set
of
CDs
and
optimizations
and
and
and
any
other
optimizations
that
you
you
can
find
it's
it's
it's
working.
That's
and
one
thing
that
we
are
still
waiting
101
on
is
curies
is
looking
for
memory
usage
memory
because
we
are
using
too
much
memory
for
each
cluster.
C
There
will
definitely
be
another
round
of
optimizations,
but
what
we
have
have
now
asked
austin
says
goes
up
to
thousand
services.
We
certainly
need
to
do
some
more
that
camel
conversion
business
and
really
keep
pushing,
but
I
think
they
won't
the
main
thing
right
now.
The
late
start
at
time
of
pods-
and
it
seems
like
there
is
a
combination
of
like
some
memory
issues,
an
envoy
and
then
some
form
of
try
I
mean
there's
some
lock
somewhere
and
pilot.
That's
actually
sequence,
utilizing
everything,
and
that
just
means
to
be
yeah.
B
Sorry
pirata
so
Sabine
fixes
a
fixer
and
voice
startup
time
which
went
from
30
seconds
to
below
a
second
due
to
the
stupid,
optimization
in
GCC
or
whatever
words,
and
yes
throttling.
It's
still
something
that
really
remains
right
there
for
that.
We
need
to
there
some
tiles
that
we
need
to
document
about
how
to
optimize
and
how
to
tune
is
to
offer
for
a
large
number
of
tourists
fast,
as
the
G.
A
B
It's
probably
Porto,
gonna
lure,
aligned,
I,
don't
know
with
with
the
other
propose
and
another
words
that
cinnamon
and
exact
and
other
people
have
done
for
to
solve
this
problem.
Let
me
know
if
the
proposed
are
sounds
acceptable.
It's
proposing
simply
to
reach
different
results,
different
ideas,
results
based
on
color
and
to
automate
the
setup
of
gateways.
When
you
have
multiple
clusters,
that's
it
yeah.
E
B
F
B
A
B
A
B
A
So
if
there
are
no
more
like
no
more
comments
on
the
split
horizon
ideas,
we
can
move
on
to
the
virtual
service.
So
it's
good
like
we
have
roughly
45
minutes,
which
is
excellent,
so
Brian
you
sent
a
proposal
about
he
Co
is
your
host
name
ownership?
Would
you
like
to
present
and
talk
a
bit
about
this?
You
can.
A
G
Right,
can
you
see
the
doc
yeah
all
right
cool?
Yes,
so
there's
a
lot
of
comments
on
it,
thanks
for
all
that
feedback,
but
the
so
the
general
overview
is
things
like
virtual
service
are
using
hostname
as
sort
of
shared
resource.
So
you
know,
whenever
you
make
a
virtual
service
resource,
it
has
side
effects
for
the
entire
cluster.
So
if
I,
you
know,
you
can
have
two
different
virtual
servers:
resources
that
top
the
same
host
name
and
there's
no
real
clear
ownership
about
who
can
create
those
resources
via
something
like
turbinates
are
back.
G
G
H
G
I
wrote
this
not
assuming
that
was
in
place
and
and
because
of
that
I
only
focus
on
host
its
name,
a
virtual
service.
There
was
emerging
between
different
host
names
for
virtual
service,
so
that
this
makes
sense.
If
the
merging
goes
forward,
I
think
we're
gonna
probably
have
to
add
half
prefix
to
this
Association
as
well,
so
that
you
can
limit
you
know
if
you've
got
to
a
shared
host
name
amongst
different
teams.
You
can
limit
which
prefixes
those
teams
can
configure
as
well.
B
G
So
I'm
not
making
any
opinions
about
that
I'd
assume
there's
some
sort
of
network
admin
who
gets
to
Divya
public
list
names
and
since
you
can
restrict
which
types
of
resources
different
users
can
create,
you
could
restrict
the
ability
to
create
these
association
resources
to
only
whoever,
you
think
is
an
admin
and
then
likewise
divvy
out
the
ability
to
create
virtual
services
in
those
host
names
to
you
know.
Whatever
teams
you
want.
B
Our
back
is
wonderful,
but
very
few
people.
You
know
really
understanding
that.
It's
not
so
easy
to.
You
know
kind
of
put
a
correct
configuration
where
only
you
some
specific
users
who
are
admins
have
access
to
a
nice
space
of
a
team
and
I
mean
it's
it's
it's
a
bit
risky,
in
my
opinion,
I
suppose,
with
sayings,
for
example,
that
you
need
to
put
all
the
resources
ability
it
would
not
control
the
ownership
in
to
is
your
system
and
simplify
this.
G
Yeah
I,
see
you're,
saying
I,
think
I
think
it'd
be
a
really
good
idea
to
for
the
default
install
if
we
go
forward
this
to
yeah,
basically
do
that.
Oh
the
allow
that,
in
only
it's
your
system,
I
think
we
can
create
some.
Some
are
back
roles
to
do
that.
So,
in
other
words,
come
come
out
of
the
box
with
some
good
roles
that
allow
what
you
want.
You
know
maybe
create
a
new
global
name
namespace.
It's.
C
This
is
what
you
should
do
in
production,
if
you
have
multi
team
system
and
or
if
you're
like
having
multiple
teams
operating
on
the
same
is
jamish
and
here's
the
stuff
things
that
you
have
to
do
this
way,
the
impedance
I
mean
the
surprise
factor
and
sticker
shock
was
much
less
when
people
actually
go
play
with
like.
Oh,
this
is
not
working,
that's
not
working,
and
so
on
yeah.
The
other
thing
you
start
feeling
good
and
the
other
thing
I
want
to
yeah.
C
On
our
backs,
think
this
is
nice,
one
and
I'm
saying
we
need
to
see
how
this
evolves
in
terms
of
how
people
are
actually
trying
to
use
and
different
system
they're
coming
up
with
before
we
settle
on
one
specific
mode,
saying
this
is
what
is
table
support
so
until
then,
I
would
like
to
see
this
be
kept
on
a
separate
one
that
we
can
enable
and
even
be
happy
to
enable
as
part
of
the
default
install
but
not
pullin.
Anything
into
this
to
your
core.
E
They're
kind
of
extend
on
that
a
little
bit
like
I
think
tying
a
hostname
to
a
namespace,
really
isn't
what
we
want.
What
we
actually
want
is
an
arbitration
on
the
hostname
itself
right.
So
if
you
have
some
permission
to
modify
this
hostname,
then
resources
that
touch
that
hostname,
you
have
permission
to
modify.
That's
really
what
we're
trying
to
model
associated
with
name
space,
because
that's
convenient
in
kubernetes,
correct
but
I
started.
I
said.
E
So
I
it
feels
like
a
it's
like
I
understand
that
that's
the
practical
side
of
it.
It
feels
like
bad
modeling.
It
doesn't
die
tying
host
names
or
namespaces,
and
is
it
really
the
semantics,
especially
once
you
start
to
get
into
hostname
delegation
and
things
like
prefixes
on
the
host
name
are
managed
or
belong
to
different
services
and
those
services
belong
to
logically
separate
namespaces
yeah.
A
C
What
I'm
seeing
is
that's!
This
is
basically
what
I
was
fine
can't
ID
two
guys
have
feeling
that
it's
not
natural
and
others
feel
no
is
like
nice,
but
so
this
could
effectively
be
enabled,
as
sort
of
an
alpha
extension
that
people
had
in
the
off
skies
that,
let
me
just
let
people
users
go
and
try
this
out,
and
we
see
how
they
are
reacting,
how
they
are
like
you
know,
do
this
thing
and
see
how
they're
using
it,
and
then
we
can
make
a
more
informed
decision
in
terms
of
like
okay.
A
If
they
scare,
the
problem
is
still
there
right.
So
the
fact
that
anybody
can
use
hosts
in
any
way
so
I
like
I,
like
what
how
this
a
proposal
attempts
to
solve
that
the
existing
problem
right.
So
the
question
is:
if
we
have
different
solutions,
I
mean
this
is
great.
It
highlights
the
problem.
We
have
a
potential
solution
right.
Do
we
have
other
solutions
like
when
we
do
this
differently
of.
B
Course
we
have
many
solutions,
for
this,
I
mean
it's
not
again.
One
is
to
instead
of
using
a
nice
that
is
to
type
by
identity,
which
is
what
normally
is
done
in
in
our
box.
So
you
specifies
that
only
specific
service
accounts
are
allowed
to
control
the
host
name,
whatever
they
want
to
create
it,
which
may
be
done
with
just
our
Park
I
mean
we
just
have
our
about
rules
that
specify
role
binding
and
as
part
of
the
resource
you
specify
the
host
name.
B
E
A
B
B
G
E
F
E
C
C
Implemented
on
its
own,
in
order
for
the
confirmation
stuff,
but
that
might
actually
allows
us
to
probably
have
more
more
body
call
a
better
system
in
some
sense
by
we
can
listen
and
not
necessarily
have
to
shoehorn
one
and
together,
but
we
can
actually
be
like
okay
for
virtual
services
here,
the
I
backslide,
it
can
just
be
a
first-class
abstraction.
I
can
actually.
D
G
F
E
B
C
So
Arabic
may
may
not
work
all,
but
I
think
a
domain-specific
model,
for
this
would
actually
be
I
mean.
But
it's
good
to
start
with
this,
and
then
we
can
definitely
have
at
galley
level
a
constant
back
which
says
who
can
define
what.
But
then
the
question
of?
How
do
you
assign
roles
and
how
do
you
enforce
of
verify
those
holes,
especially
because
this
is
authored
by
humans?
So
you
have
to
probably
authorize
them
with
something
and
LDAP
sense
to
directories.
That
is
a
much
more
open
thing.
E
E
E
F
G
So
yeah
there's
quite
a
bit
of
feedback.
I,
don't
know
that
I
want
to
take
the
time
right
now
to
go
through
some
of
the
intricacies
of
the
proposal
itself.
But
with
regards
to
the
delegation
versus
service
merging
I
think
that
this
works
in
both
cases
like
I,
said
earlier.
If
we're
gonna
do
merging
I
think
this
proposal
should
include
probably
also
ports
and
path
prefixes
as
things
that
you
can
associate
with
a
namespace
so
that
you
can
control
down
to
that
level.
C
Think
right
now,
the
plan
for
merging
is
a
simple
concatenation
and
it's
not
more
of
a
merging
so
where
we
just
simply
take
like
a
virtual
service
and
then
combine
two
of
them
for
the
same
host,
where
we
just
append
all
HTTP
routes
from
one
end
to
the
other,
and
that's
just
it,
and
that
alone
would
get
us
much
far
and
with
that
proposal
this
would
just
be
it.
This
has
no
relevance
to
that.
Actually,
because
this
is
you
know,
the
rules
are
apply
for.
C
G
So
I
guess
what
I'm
gonna
say
about
this
is
I'm
gonna.
Add
pathway
fixes
to
this
doc.
I
didn't
want
to
do
it,
while
everybody's
making
so
many
comments,
but
we
probably
should
go
talk
about
the
other
ways
of
merging
virtual
services
at
this
point.
So
I'm
gonna
up
to
this
stuff,
probably
later
today
or
two
with
those
extra
details.
But
let's
go
to
the
next
topic.
I
think:
okay,.
A
C
A
C
C
Only
anything
else,
I
mean
they
effectively
saying
that
they
by
themselves
are
partitioning
the
parts
and
so
on,
and
they
they
can
be
guarantee
that
you
know
they
would
be
so
in
that
case,
it's
just
a
very
simple
matter
of
combining
all
of
them
into
one
giant
resource
and
then
shipping
that
to
I
mean
within
pilot
before
the
code
takes
over
and,
like
you
know,
generate
in
the
config
and
simple
examples
being
like.
You
know,
when
we've
seen
in
the
for
those
of
you
are
looking
at
the
mailing
list.
C
J
C
So
I
think
the
the
contact
that
we
would
offer
as
a
starter
is
that
if
you
supply
to
actual
services
with
the
same
host-
and
you
know,
then
we
literally
be
concatenated
one
sort
of
HTTP
rules
from
one
end
to
the
other.
That's
just
it
and
then
it's
all
up
to
you
in
terms
of
ordering
them
and
making
sure
that
there
is
no,
like.
You
know,
conflicting
path,
replicas
that
will
resolve
on
each
other.
We.
C
E
C
B
My
proposal
has
been
and
and
I
feel
pretty
strongly
about
it,
for
performance
reasons
is
to
you
know,
have
something
where
we
apply.
You
know
exact
matches,
first
prefix
based
second
or
other
ratings,
whatever
energy
and
the
default,
and
the
reason
for
that
is
that
you
can
do
you
know
very
efficient
implementation
of
you
know
harsh
mobility
for
the
exact
pattern
and
the
equivalent
for
for
prefix,
and
you
can
sort
the
sounds
and
so
force
would
be.
Or
is
this
load
nothing?
B
K
K
F
L
K
B
A
A
That's
applicable
also
for
other
things.
For
instance,
there
are
like
customers
creating
virtual
resources
and
they
start
sending
traffic
and
they
get
five
or
three
or
four
Oh
forth,
because
the
things
are
actually
not
ready.
So
we
can
even
have
in
the
virtual
service
something
to
say:
that's
not
contritely.
K
A
F
C
A
A
A
F
K
K
A
A
B
A
H
I
think
what
it
makes
sense
to
try
to
combine
the
old,
be
one
model
of
precedence
filled
with
this,
like
maybe
have
a
precedence
field
optional
at
the
top
of
the
virtual
service.
That
could
be
used
to
say
oh
I'm,
being
rejected
because
I
conflict,
but
I
want
to
be
in
front
of
this
other
things.
So
so
I
think.
E
Like
I
think,
a
lot
of
this
I
think
actually
a
lot
of
the
use
cases
here
could
be
addressed
by
allowing
you
to
create
effective,
lead.
The
delegation
right
at
the
top
level
I
want
to
split
apart
a
URI
in
two
sets
of
logical
services
and
then
I
want
to
handle
each
of
those
logical
services
separately.
Well,.
F
F
H
A
A
H
K
K
H
H
So
maybe
it's
a
clue
enough,
instead
of
having
a
virtual
service
that
has
the
matches
in
it.
So
there's
there's
two
scenarios
right:
the
the
delegate
model,
which
is
the
one
where
you
have
a
virtual
service
resource,
and
in
that
you
have
a
bunch
of
paths
and
they
all
delegate
out
to
other
virtual
services.
Somebody
owns
that
it's
a
shared
resource,
then
each
of
the
teams
that
are
implementing
the
different
paths
have
their
own
virtual
service
and
that's
where
all
the
other
rules
going.
H
So
that's
that's
model,
one
model
to
which
what
I
was
proposing
is
instead
of
having
this
top-level
resource
within
each
of
these
team
virtual
services
right
in
there
there's
a
list
of
rules,
a
host
that
you
could
add
a
top-level
inside
of
that
resource
sake.
Oh
here's!
The
matching
that
activates
this
rule
about
any
of
these
goals,
so
I
would
say
that
/pha
who
and
slash
bar
are
my
matches
and
then
I
can
now
have
a
list
of
rules
and
that's
implicitly
not
ending
goes
off.
H
E
B
K
H
B
F
K
We
have
some
very
specific
use
cases
around
merging
that
mostly
feed
in
from
automated
provisioning
of
facets
of
the
virtual
hosting
system.
One
is
kubernetes
ingress
itself
right,
because
the
way
it's
defined
right,
so
we
get
user
pressure
from
that
and
by
implication,
all
the
tooling
that
was
built
around
kubernetes
ingress
as
a
mirja
Balad
'l,
I,
let's
encrypt
certificate
provisioning
systems
and
then,
thirdly,
the
expectation
that
we
had
set
with
customers
previously,
what
Rev,
ruling
or
and
merging,
which
is
now
cause
some
customers
to
feel
like?
K
So
we
have
this
dialogue
going
on
right,
I
mean
Brian,
wrote
up
the
the
permissioning
tackling
model
around
hosts
which
were
having
active
discussion
around.
We
could
extend
that
to
also
define
things
around
URL
name
spacing,
and
then
we
wouldn't
need
delegation
to
manage
permissioning
at
this
I
think
there's
still
an
open
debate
about
how
exactly
we
want
to
do
that,
but
I
think
we're
able
to
start
enough
television
yeah.
J
L
J
K
B
I
want
to
raise
again
the
point
of
scalability
and
performance,
because
not
everything
that
looks
nice
on
paper
can
be
scaled
and
if
we
get
in
too
far
I
mean
again
hey
that's,
maybe
we
can
deal
with
time
in
efficient
way.
Reigate
is
certainly
we
cannot
and
arbitrary.
Much
is
done.
We
cannot
so
that's
a
thing.
We
need
to
scale
yeah.
J
E
H
E
A
C
The
pudding
would
be
the
reduced
number
of
like
user
complaints
and
mails
and
like,
and
if
you
find
that
I
think
drops
to
almost
zero,
then
be
more
correct.
Otherwise,
it's
like
you
know.
If
the
more
fancier
things
we
do
and
if
it
just
opens
up
a
completely
new
kind
of
worms,
it
is
gonna,
be
nightmare.
So
it's
one
and
then.
E
K
A
I
A
K
K
C
Very
careful
in
terms
of
like
how
the
merging
is
happening.
I
means
you
doing
any
form
of
merging
within
pilot
I.
Don't
want
to
take
any
specific
like
arbitrations,
that
we
end
up
having
to
change,
and
then
it
becomes
a
backward
compatibility
nightmare.
So
instead,
if
we
do
the
dumbass
merging
and
we
still
actually
solves
it
and
then
when,
when
we
have
galley
in
place-
and
we
have
a
dependency
injection
framework,
we
can
have
arbitrary
preprocessors
that
actually
pulls
in
all
the
configurations
and
decides
to
sort
on.
K
We
do
have
a
get-out-of-jail
right.
If
we
pick
an
arbitrary
merge
algorithm
we
have,
we
think,
is
reasonable
and
we've
thrown
some
research
into
what
we
think
is
reasonable.
Now
we
can
always
tell
people
who
are
still
having
trouble
to
go
back
to
single
resource
right.
They
have
an
out
showing
it
yeah
and
later
on,
when
we
figure
out
her
acting
model,
and
we
want
to
have
delegation
if
they
want
some
different
separation
of
concerns
right.
We
can
push
them
down
that
path,
so
I'm
not
overly
concerned
with
implementing
a
merge
in
line.
K
E
Well,
attackers
Farren's
point:
that's
why
I
want
to
be
careful
of
what
we
put
in
pilot
a
tool,
easy
to
change
and
doesn't
require,
doesn't
mean
that
pilot
implements
some
behavior,
that
we
know
that
we
will
want
to
change
when
we
add
this
behavior
to
pilot
that
will
become
part
of
our
API.
That
is
a
publicly
exposed
feature.
People
will
depend
on
specific
orderings
and
we
will
break
them
when
we
change
it,
and
so
then
we're
in
the
exact
same
situation
that
we
are
now
where
users
are
complaining.
E
A
A
B
L
A
A
J
E
A
B
E
K
C
K
F
K
H
A
C
K
A
K
L
K
M
A
K
Exercise
here
is
that
pilot
will
take
configuration
from
multiple
different
systems
right
and
we'll
have
to
be
responsible
for
producing
some
reasonable
representation
of
the
network
from
that
merged
view
right.
So
we
cannot
Gally
can't
pick
up
concerns
that
Pilate
would
have
to
take
to
be
able
to
do
that
to
meet
that
requirement
right.
M
K
N
So,
regarding
what
the
Long's
of
Galilee
I
think,
ultimately
it's
it's
going
to
be
more
than
just
things
around,
acting
because
at
some
point,
as
we
start
to
separate
what
components
consume
from
what
consumers
right
so
having
a
notion
of
service
config
your
workload
to
think
there's
going
to
be
need
to
be
some
domain-specific
transformations
that
are
performed
by
galley
before
delivering
to
the
components.
I'm,
not
saying
this
merging
thing
belongs
in
that
category.
I
just
wanted
to
clarify
that
that
it's
not
such
cut
the
dry
yet
yeah.
K
I
mean
I
think
we're
gonna,
we're
gonna,
be
iterating
on
this
right,
yeah,
there's
a
tension
there
between
rich
or
more
unified
resource
semantics
like
service
service
config,
which
is
a
unification
of
many
many
concerns
and
merge
across
multiple
configuration
domains.
Okay,
that's
that's
something
we
have
to
work
on
well,.
K
C
You
need
to
keep
in
mind
that
the
Hessian
D
routes-
it's
not
just
route,
it
has
timeouts,
it
has
fault
injections,
it
has
mirroring
and
redirects
so
and
it
has
caused
policy
in
append
and
remove
headers
and
all
our
stuff.
So
the
I
mean
yeah
I
guess
we
could
just
pivot
everything
based
on
just
the
mask
of
match
condition
alone.
But
then
we
have
to
do
the
same
thing
for
TCP
as
well.
K
Sorry,
what
was
that,
in
the
context
of
sriram
merging
or
in
the
mind
except
merging,
so
I
guess
yeah?
We
have
to
define
merging
rules
for
TCP
WebSocket
every
other
protocol
right.
The
merging
role
could
be
order
rate
times
time
order,
I
think
for
TCP.
We
can
have
something
similar
in
terms
of
prefix
specificity.
K
C
C
B
K
K
F
E
K
Today,
anything
that's
tcp-based
is
probably
easier
than
HTTP,
because
the
matches
are
purely
based
on
a
hierarchical.
We
don't
have
any
fixed
matching
at
all.
I
can't
reg
X
match
an
IP
today,
so
it's
actually
easier.
Websocket
should
be
relatively
straightforward.
It's
if
we
had
a
protocol
that
was
purely
key
value
based
in
its
identifier,
x'
right,
then
we
beat
we'd
be
in
a
world
of
hurt
right
because.
E
D
C
J
K
C
Well,
no
I'm,
sorry,
even
with
all
the
time
stand,
if
you
have
like
you've,
three
virtual
services-
and
one
of
them
has
like
four
plus
this
and
something
else
has
like
no
port,
and
this
all
like
they
have
I
mean
we
have
to
do
it's
a
multi-dimensional
match
that
we
have
to
do
in
pilot
for
every
kind.
We
compute
the
map
of
virtual
server,
and
then
we
actually
serve
it
up
to
all
the
sidecar
son.
Okay
I
mean
yeah,
I.
Think
we'll
know
when
we
implemented
this.
So
that's
that
was
my
or.
E
In
this
year
again,
why
don't
want
to
implement
a
pilot
first,
because
we
don't
know-
and
so
we
actually
get
in
to
implement
it,
because
he
is
correct
right.
We
do
have
these
complex
match
conditions
so
like
we
can
handle
paths
relatively
easily.
We
all
agree
on
that.
We
can't
handle
the
port
matching
the
the
in
those
things
and
make
a
there's,
not
an
obvious
ordering
there.
E
C
K
What
we
can
do
right
when
we
have
multi
dimensional
map
to
say
you
have
path
and
port
right
it
is.
We
say
that
the
ordering
for
port
is
undefined
right,
so
we
very
strict
view
restricted
right
now
we
can
go
and
fix
that
later.
If
the
customer
raises
an
issue
inside
hey,
when
you
merge,
you
should
give
precedence
to
something
that
has
path
and
poor
or
something
that
only
has
path.
C
E
E
K
C
B
K
K
A
K
A
K
Shri
Rama
II,
you
and
Zack
raised
a
set
of
concerns
by
ordering
I
think
are
followed,
so
maybe
just
dump.
The
first
thing
to
do
is
dump
in
what
your
concerns
are
with
the
the
proposal,
which
doesn't
take
the
other
multi-dimensional
aspects
into
account
all
right
and
then
we
can
go
through
and
propose
something
reasonable.
E
B
B
A
I
think
I
think
we
will
not
be
able
like
to
close
completely
on
this
issue.
That's
why
we
have
to
take
it
offline
and
that
because
we
are
already
10
minutes
over.
So
thank
you
very
much
very
good
discussion
and
I
think
we
did
get
to
some
agreement
like
on
many
of
the
topics
we
discussed
today
right.
So
it's
just
a
matter
of
fine-tuning
the
details,
maybe
like
the
algorithm
and
everything.
Okay,
all
right.
Thank
you.
Bye
thanks.