►
From YouTube: Network Policy API Bi-Weekly Meeting for 20220131
Description
Network Policy API Bi-Weekly Meeting for 20220131
A
Okay,
hello:
everyone
today
is
monday
january
31st
2022..
This
is
the
sig
network
policy,
api
subgroup
to
sig
network.
This
is
a
cncf
certified
meeting,
so
please
be
nice
to
each
other
and
yeah.
Let's
have
a
productive
meeting
today.
So
welcome
back
everyone,
it's
actually
the
first
time
we've
met
since
the
new
year,
even
though
we're
a
month
into
it
hope
everyone's
year
is
going
well
so
far
we
can
go
ahead
and
roll
right
into
it.
A
C
Yeah,
absolutely
so
we
I
think
last
year,
near
the
end,
we
discussed
the
fqdn
selector
a
little
bit
in
this
meeting
and
basically,
what
I'd
like
to
do
is
this
coming
sick
network
meeting
just
take
that
idea
as
it
currently
stands
to
sig
network
get
a
broad
up
down
on
whether
we're
okay,
putting
fqdn
support
into
upstream
kubernetes.
I
think
that's
like
the
bare
minimum
support
that
I
think
we
need
from
sig
network
to
get
together
a
cap
and
really
hash
out
the
details
of
this.
You
know
if
we
can
get
more.
C
You
know
clarifications
on,
should
we
add
it
to
the
existing
api?
Should
we
make
a
new
object?
We
can
obviously
you
know
dive
into
that,
but
just
having
a
up
down
on
yes,
people
are
okay
with
us.
Adding
ftdn
support
would
be
a
good
starting
point.
We
can
start
iterating
on
the
cap
and
take
things
from
there
so
yeah.
C
To
that
end,
I
guess
I
wanted
to
run
through
the
proposal
once
more
with
the
group
just
point
out
a
few
things
that
I've
added
or
changed
since
we
last
talked
about
it,
get
any
pieces
of
feedback
things.
I
should
be
sure
to
mention
when
we
talk
to
sig
network,
you
know
just
general
open
to
comments
situation.
A
Cool
yeah,
I
think,
that'd,
be
awesome.
I
gave
you
the
the
ability
to
share
just
now
awesome
and
as
we
go
I
definitely
I
think
I
have
a
little
more
insight
now
after
been
grinding
on
the
amp
for
the
past
couple
weeks
as
to
what's
going
to
be
possible,
but
at
the
end
of
the
day
I
do
think
it's
really
smart
to
go
ahead
and
take
it
to
sig
network
earlier
rather
than
later.
At
this
point
so.
A
C
C
C
Yeah,
it's
really
there
you
go
okay.
Can
you
hear
me
now
yeah?
I
got
you
hopefully
see
what
I'm
doing
all
right,
perfect
yeah.
So
this
is
the
doc
that
we've
been
just
sort
of
going
back
and
forth
on
the
first
up.
Is
you
you
andrew
you
made
a
valid
call
for
user
stories,
so
I
sketched
out
a
couple
here:
they're
fairly
basic,
but
I
think
they're
a
decent
starting
point.
C
This
would
be
a
namespace
concept
for
the
time
being,
and
the
idea
is
you
want
to
specify
some
egress
endpoints
for
your
workload,
but
you
don't
want
to
manage
a
list
of
ip
blocks,
it's
easier
to
read
and
understand
ftdn
policies,
so
that's
sort
of
one
basic
use
case
that
we're
targeting
another
one
is
sort
of
a
variant
of
this
I've.
I've
heard
a
couple:
customers
complain,
especially
about
ipv6,
addresses
being
a
little
bit
chunky
and
unwieldy
and
then
preferring
to
have
fqdns
instead
of
that.
C
C
This
is
this
is
something
that
I
have
run
into
in
terms
of
customer
use
cases.
But
it's
not.
You
know
we
can
talk
through
what
we
want
to
do
about
this
in
open
source,
the
idea
being
that
there's
a
whole
suite
of
apis
or
endpoints
that
you
want
to
allow
whether
it's
you
know
your
on-prem
network,
it's
your
cloud
providers
set
of
apis.
Those
are
just
a
couple
of
examples,
but
the
idea
being
that
you
want
to
say
star.mycloudprovider.io
or
star.myonprevnetwork.com,
or
something
like
that.
C
C
A
I
first
of
all
I
think,
story.
Three
has
a
lot
of
merit.
I've
seen
that
before
as
well.
So
that's
really
great
story.
Two,
I
don't
know
if
it
warrants
being
its
own
user
story,
because,
like
fqdn,
should
be
fully
talking
about
layers
above
ipv6
right
so
like
like
for
this
proposal,
all
that
matte,
like
we
don't
care.
What's
behind
the
fqdn
name,
right
like
it
seems
like
it's
a
layer
lower.
C
A
Style
totally
totally
that's
that's
kind
of
what
I
was
thinking
like
at
the
end
of
the
day.
I
mean
it's
not
true
layer,
seven,
because
any
implementation
would
just
be
translating
to
ips.
So
I
don't
think
it
really
matters.
You
could
have
a
story
that
says
like
as
an
application
developer.
I
I
want
to
avoid
typing
in
complex
addresses
or
something
or
something
on
those
lines,
but
right.
A
Cool
yeah,
I
think
these
destroyers
are
good,
so
far
I'll
think
on
it
on.
If
I
can
of
any
others,
I
can't
off
top
of
my
head.
I
like
that
it's
a
narrow
scope
that
should
help
insignet,
I
will
say
I
can
really
easily
see
this
being
rolled
into
an
egress
firewall
object
rather
than
just
this
really
scope.
Really
narrowed
scope
use
a
set
of
user
stories,
but
we
can
talk
a
little
bit
more
about
that
as
we
continue.
C
Yeah,
that's
fair
yeah,
so
that's
that's
sort
of
a
good
segue
into
the
api
proposals,
and
this
is
where
you
know
we
can
present
these
to
sig
network,
but
I
doubt
we'll
get
a
any
sort
of
you
know
resounding
consensus
here.
There's
there's
a
lot
to
dig
into,
but,
broadly
speaking,
these
haven't
changed
since
we
last
talked
about
them
as
a
recap
for
those
who
weren't
there,
there's
two
ideas:
we're
kicking
around
right
now,
one
is
to
enhance
the
existing
network
policy.
Spec
like
the
v.
C
We
would,
you
know,
probably
add
like
a
v1
alpha
one
or
something
to
that
effect,
and
we
want
to
add
fqdns
as
a
subfield
into
that.
The
thinking
behind
this
being
that
it's
the
one
stop
shop
for
writing
boundaries
around
your
workloads.
Today,
it's
easier
for
users
to
understand
and
discover
and
use
properly,
if
it's
all
in
one
object
rather
than
having
to
compose
policies
across
various
different
objects.
C
C
It's
it's
just
not
explicitly
defined,
which
at
this
at
this
point,
means
that
cni's
may
choose
to
interpret
it,
how
they
will
so
an
older
cni.
You
know
they
wouldn't
see
the
new
ftdn
field,
they'd
just
see
an
empty
object
and
it's
unclear
how
that
would
behave.
They
might
just
fail
open.
You
know
allowing
all
traffic
which
would
not
be
ideal.
C
It's
a
similar
policy
problem
with
the
network
policy
egress
rule
struct,
which
is
basically
that
we
have
a
list
of
two
specifiers
an
empty
list
or
a
missing
list
means
allow
all
egress
traffic,
so
it
would
basically
fail
open.
So
if
we
were
to
add
a
new
struct
there,
you
know
that
that's
definitely
a
non-starter.
We
would
just
be
failing
open
for
existing
traffic.
So
that's
that's
the
pitch
for
how
we
might
enhance
the
existing
network
policy
object.
Are
there
any
questions
or
discussions?
A
So
I
think
you've
done
a
good,
really
good
job
of
describing
it
here,
but
maybe
even
just
throw
together
like
a
slide
or
two
and
explain
it
that
way,
and
then
I
mean,
if
you
can
get
a
few
people
on
board,
it
would
definitely
be
the
easiest
way
to
get
this
work
merged.
It's
just
adding
it
to
network.
C
A
C
C
C
You
know
from
that
v,
one
alpha
one
all
the
way
through,
but
it
would
be
a
separate
policy
object
that
it
looks
very
similar
to
network
policy.
You
know
you've
got
a
pod
selector
describing
which
workloads
you're
described
targeting
in
this
case.
It
just
has
an
egress
specifier,
because
we're
not
interested
in
ingress
at
this
point
in
time
and
then
the
the
guts
of
the
specification
are
still.
You
know
the
same
thing
as
what
we're
asking
for
in
the
first
proposal.
C
You,
you
have
a
list
of
matches
list
of
ports
and
you
sort
of
build
out
the
cross
product
pretty
similar
to
how
network
policy
works.
Today,
yeah
I
mean
this.
This
one
is
it's
tricky
because
now
you're
adding
another
place
that
users
need
to
configure
stuff
and
then,
if
they
ever
want
to
debug
hey,
why
is
this
traffic
being
allowed
or
being
rejected?
You
have
to
check
two
places.
C
A
Yeah
there's
two
problems
too
right.
So
if
you
scroll,
I
was
you
know,
I
had
read
dan
winship's
firewall
kept
and
he
makes
a
good
point
like
like
really
with
fqdn.
A
whitelist
model
is
the
way
to
go
right,
so
that
is
another
rationale
for
it
to
fit
nicely
into
network
policy
and
not
to
fit
into
an
egress
firewall
sort
of
policy,
because
that
would
more
likely
be
geared
towards
the
admin.
I
would
imagine
right
and
in
this
proposal,
you're
you're
more
focused
on
the
developer
right.
C
A
A
The
problem
I
foresee
is,
you
might
get
a
lot
of
yells
for
network
policy
v2,
because
what
we've
heard
at
least
what
I've
heard
yang
might
be
able
to
correlate
this
in
the
past.
Like
couple
weeks
of
really
intensely
working
on
admin,
network
policy
is
like.
We
are
kind
of
done
with
network
policy
like
we
don't
want
to
open
any
more
cancer
awareness
with
network
policy.
It
is
already
too
complicated.
Let's
leave
it
where
it
is
and
move
forward.
Do
you
kind
of
agree?
That's
the
sediment.
We've
gotten
yang.
A
C
A
D
I
think
the
time
has
come
for
us
to
like
come
up
the
network
policy
detail,
but
in
this
the
time
it
takes
for
us
to
network
from
network
policy
to
we
agree
on
what
the
scope
is
by
the
time
it
comes
out.
What
do
we
do
in
the
meantime?
So
I
think
what
we're
suggesting
is,
like
you
know,
instead
of
I
think,
there's
so
much
pushback
on
trying
to
achieve
the
network
policy.
He
said,
let's
do
through
fqdn,
and
you
know
if
so
that
way,.
F
A
A
A
A
D
A
A
No,
no,
not
necessarily
admin
network
policy
yet
like
so.
If
we
were
going
to
pursue
a
new
crd,
we
would
we
would
have
to
make
a
new
object
for
fqda.
Just
as
a
start.
To
be
honest,
in
my
opinion,
I
would
love
to
toss
this
into
network
policy,
and
I
will
help
push
for
that,
but
I
just
have
a
very
strong
feeling.
After
conversations
we've
had
with
tim,
especially
like
in
the
past
two
weeks
that
he's
going
to
shut
it
down.
D
C
He
I
had
a
conversation
with
him
that
was
in
a
similar
vein
about
you
know.
Where
does
the
community
draw
the
line
on
you
know?
We
don't
want
to
take
this
entry,
he
he
didn't
have
any
strong.
You
know
decisive
guidelines
at
that
point
in
time.
He,
the
indication
I
got
from
him,
was
that
fqdn
was
right
on
the
border
of
we've
been
talking
about
it
for
a
while.
It's
not
in
some
sense
a
massive
change
to
the
behavior.
C
It's
it
can
be
thought
of
as
an
incremental
improvement,
depending
on
your
perspective,
so
I
think
he
I
think
his
stance
was
he's.
Okay
with
it
he'd
like
to
hear
if
anyone
else
in
the
community
has
strong
opinions
against
it,
but
that
that
was
a
few
months
back,
so
he
may
have
changed
his
opinion.
Since
then,.
A
A
A
Why
don't
we
start
building
a
network
policy
v2
with
a
narrow
scope?
You
know
more
focused
on
fqdn
and,
if
folks,
like
start
coming
out
of
the
community
and
actually
calling
for
features,
maybe
those
features
won't
be
in
alpha,
but
we
can
build
them
into
beta.
The
key
will
be
as
long
as
we
build
the
base
api
to
be
extensible
right.
A
A
You
put
silencing,
we
basically
have
added
a
layer
of
indirection
and
and
a
strict
enforcement
that
within
that
layer
of
interdirection
there's
a
list
of
selectors
and
only
one
selector
can
be
set
for
a
given
rule,
and
so
if
the
implementation
sees
an
empty
selector
set,
it
just
does
nothing
doesn't
allow
it
doesn't
deny
it
fails,
close
right
it.
It
interprets
nothing
from
an
from
emptiness
and
that's
kind
of
how
the
api
is
built.
A
There's
a
little
more
notes
on
the
amp
cap
as
well.
That
is
directly
related
to
that.
But
what
I'm
saying
is
right
now:
if
we
go
to
them,
they
say
no
to
adding
network
policy.
Then
let's
build
network
policy
v2,
but
let's
make
it
super
simple.
For
now,
let's
make
it
fix
what
we
don't
like
about
nerd
policy,
v1
and
add
fqdn
selector.
F
A
D
So
actually
that
was
the
original
intention
when
we're
talking
about
it.
So
so
what
we'll
do
they're
gonna
right
now,
based
on
the
conversation
that
we
have
had
so
far
with
all
the
folks,
our
focus
is
trying
to
get
the
fpdn
feature
out
because
we
have
pending
customers
who
are
looking
for
it.
So,
having
said
that,
let's
see
what
the
network
the
sig
network
has
to
say
and
if
they
insist
on
doing
network
policy,
then
we'll
we'll
have
to
go
back
and
make
some
adjustments
on
our
side.
But
otherwise
we
will.
D
We
will
push,
for
I
mean
we'll,
ask
your
opinion.
Let's
say
like
you
know
it
is.
The
authors
of
this
cap
are
leading
towards
fkd
and
being
a
separate
crd
and
see,
and
if
they
come
back
and
said
no
go
back
and
then
we
will
talk
about
it,
saying
that
we
did
discuss
and
there
was
like
you
know
for
some
folks
who
are
advocating
that
we
should
put
it
in
the
nether
college
and
see
what
that.
A
Yeah
and
the
only
piece
of
advice,
I'll
say
for
that
is
get
the
meeting
recording
make
sure
you
have
it
and
take
good
notes
so
that
you
don't
end
up
having
the
same
conversation
with
signet
work
four
times
yeah.
That
was
a
common
pitfall.
We've
had
yes
cool
yeah,
but
I
like
I
really
like
what
you've
put
together
here.
I
think
it's
good
work,
I
just
I
wish
I
could
give
solid
answers,
but
I'm
not
the
boss
right.
So
no.
F
Very
valid
good
points,
one
quick
question
I
have
on
the
technical
side.
I
think
I'm
maybe
sleeping
a
little
bit
when
you
were
talking
about
the
two
proposals
we
had
in
terms
of
adding
this
into
the
network
policy
v1
api
and
one
is
adding
this
to
appear
and
the
other
is
adding
to
the
egress
rules
right.
So,
oh,
okay,
cool,
so
the
proposal,
one.
Okay,
I
think
I'm
talking
about
the
proposal,
one
here,
so
how
how
was
negras
fqdn's
you
know
this
proposal
will
not
fading
close.
C
F
So
so
sorry,
then
they
wrote,
but
so
what?
If?
What?
If
we
don't
go
that
route?
What
if
we
say
that?
Okay,
because
this
is
a
new
feature
in
our
policy
you
can
get
away
with
you
know
just
specifying
a
bunch
of
ingress
rules
and
not
saying
the
policy
type
being
ingress,
because
that's
something
that's
really
implicit
right
so
and
cni
should
know
how
to
interpret
that
implicitly,
because
you
only
provide
an
ingress
frame,
there's
no
egress
rule.
But
what?
If
we
do
something
like
okay,
fqd
and
this
new
feature
right.
F
So
if
you
progra
provide
egress
fqdn
as
a
bunch
of
rules,
we
mandate
that
people
specify
in
the
policy
type
which
says
this
is
a
new
type.
Maybe
something
called
egress
fqdn
right.
So
so,
instead
of
ingress
and
egress,
we
explicitly
provide
a
new
type
to
the
to
the
policy
type
and
the
c
and
oc.
And
I
will
look
at
this
type
and
don't
know
what
to
do,
because
it's
an
egress
fpdn
and
they
don't
know
what
to
do
with
it.
F
D
E
F
F
So
the
first
thing
we
do
is
that
if
people
in
the
spec
actually
provided
explicitly
a
policy
type,
whether
it's
ingress,
egress
or
ingress
and
egress,
then
we
know
immediately
what
to
do
with
the
policy,
because
people
has
explicitly
provided
this
value
right.
So
now
we
know
that
you
know
maybe
ingress
needed
to
be
locked
up
only
for
the
ingress
rules,
the
the
things
allowed
in
new
grassroots
and
for
the
egress.
That's
the
same
thing
right,
but
there
are
a
lot
of
cases.
I
don't.
F
I
think,
when
people
actually
write
network
policies,
they
have
the
tendency
to
actually
just
skip
this
policy
type
field.
So
now
it
comes
to
the
cni
implementation
to
actually
impress
interpret
this
for
them
right.
So
if
people
just
provided
the
ingress
rules
and
not
actually
specify
the
egress
in
the
network
policy
spec
now,
the
cni
would
know
to
just
basically
put
the
ingress
tag
onto
this
policy.
So.
E
Yeah,
I
agree
with
that,
but
I
think
the
policy
I
agree.
I
definitely
agree
with
your
argument
that,
like
specifying
the
policy
type
will
explicitly
will
will
actually
make
the
cni
provider's
life
very
easy.
I
I
would
feel
that
I
mean
for
egress
network
policy,
the
policy
type
I
mean
we
can
just
retain
the
existing
policy
type,
which
is
egress.
So
if
policy
type
is
not
specified,
then
the
cni
provider
will
not
react
to
it.
C
Okay,
so
just
quickly
before
we
go
down
as
far
as
I
understand
it,
based
on
the
documentation,
the
api
server
will
default
a
value
for
policy
types
if
it's
not
specified
so
before
before
any
cni
even
gets
a
hold
of
this
policy
type.
The
api
server,
because
this
is
a
built-in
type,
will
inspect
it
and
fill
in
appropriate
values
into
that
string.
Anyhow,
that
that
seems
to
be
what's
indicated
in
the
the
api
reference.
F
In
that
case,
my
memory
would
actually
may
be
serving
me
wrong,
so
so
that
that's
also
a
good
indication
that
a
cni
when
they
receive
the
policy,
they
should
inspect
the
policy
type
at
the
first
thing
as
a
first
thing
right
before
they
even
actually
go
into
looking
at
the
positive
actors
and
whatnot.
You
know,
logically
speaking,
when
they
got
a
policy,
and
you
know
the
policy
pops
into
the
reconsider
or
the
controller.
What
not
they
should.
F
The
first
thing
to
do
is
they
they
should
look
at
the
policy
type
so
there,
so
the
policy
type
is
where
we
essentially
inform
the
cni.
Now
the
statistician
and
understand
your
point
being
you
know,
because
we,
if
we
introduce
egress
fqdn
as
a
new
policy
type,
the
cni
might
not
even
know
what
to
do
with
that
right.
So
so
in
cni's
they
may
have
a
switch
statement
may
be
saying
case
ingress
to
do
what
what
and
case
egress
do
blah
blah
blah.
They
might
not
have
a
default,
for
you
know
something
policy
type.
F
They
don't
understand
that
I
I
understand
this
might
be
a
problem.
Yes,
so
I
I
guess
this
might
just
be
a
you
know,
a
tricky
thing
that
that
we
needed
to
needed
to
take
into
consideration,
because
I
know
the
policy
type
only
came
into
being
because
there
was
something
in
the
similar
lines
when
egress
supports
yeah
supported
egress
yeah,
when
he
was
ruled.
F
Were
added
because
they
wanted
to
avoid
exactly
the
situation
like
this?
They
have
added
the
policy
types,
so
my
understanding
would
be
you
know
it
should
be
reasonable
to
let
cnice
know
that
they
should
be
inspecting
the
policy
types
and
only
accept
or
only
process
policy
types
that
they
can
understand
and
not.
You
know
just
go
ahead
and
you
know
do
some.
F
I
don't
know
if
that's
the
same
thing
to
say,
but
you
know
that
my
point
being,
if
we
add
a
new
policy
type,
they
should
there
should
be
some
mechanism
for
them
to
know
that
you
know
this
is
a.
This
is
something
that
I
don't
understand.
I
cannot
proceed
with,
but
I
don't
know
if
that's
a
safe
assumption
to
make
but
anyways,
but
I
think
there
will
be
definitely
a
lot
safer
than
basically
putting
egress
as
a
reused
egress
as
a
policy
type
for
this,
because
that
would
definitely
confuse
cnn
as
ocnis.
F
Yes,
so
so
the
here's,
what
I
think,
if
let's
say
you
put,
you
have
fqdn
rules
and
the
policy
type
is
egress.
Now
the
cnn
will
look
at
the
spec
and
says:
okay,
this
is
an
egress
policy.
Now
it
goes
into
the
egress
rules
which
found
it
empty
right
now.
Cnn
would
interpret
this,
as
user
has
supplied
me
a
egress
policy
which
has
no
egress
rules
in
it,
which
means
you
lock
everything
down
or
allow
anything
or
not
right.
F
Basically,
the
default
behavior,
if
there's
no
rule
provided
and
that's
not
what
we
wanted.
What
we
want
is
that
a
cni
look
at
the
policy
type
and
realize
hey.
This
is
a
egress
tab
that
that
I
don't
know,
and
then
they
they
report,
an
error
or
you
know,
do
do
whatever
they
do
like
in
the
cnn
processing
and
not
just
you
know,.
C
Maybe
it
might
be
inconvenient
for
users,
because
now
they'll,
you
know,
they'll
be
rejecting
all
traffic
and
they'll
have
to
go
dig
into
why
this
is
happening,
but
since
we
don't
have
any
established
mechanisms
for
cni's
to
really
report
hey,
I
don't
know
what
to
do
with
this
right.
We
don't
have
a
status
field.
We
have
no
way
of
really
surfacing
this
to
the
user
in
any
sort
of
meaningful
sense.
I
I
I
personally
believe
in
you
know
we
can
definitely
debate
this.
I
think
there's
valid
arguments
for
both
sides.
C
F
F
So
the
better
way
definitely
is
to
you
know,
create
something
from
scratch,
so
that
we
don't
have
to
deal
with
the
the
the
things
that
we
didn't
do
right
for
the
network
cv1,
but
I'm
just
trying
to
think
if
there's
any
chance
that
we
might
be,
you
know
squeezing
something
to
be
one
and
not
warriors
about.
You
know
adding
a
completely
new
different
resource.
B
I
I
just
want
to
say
that
if
we
do
try
to
add
this
as
an
egress
policy
type,
what
yang
said
I
do
want
to
second
that,
failing
close
on
you
know
for
for
the
for
the
egress
default
rule
might
sound
okay,
but
I
think,
as
from
a
user's
perspective,
it's
a
pain,
and
if
I
have
services
which
were
working
fine
and
after
applying
a
policy
all
of
a
sudden
things
stopped
working.
In
that
name
space
or
in
multiple
name
spaces,
it
is
going
to
be
a
pain.
E
E
C
B
A
Hey
well,
I
I
think
I
do
think
that's
a
little
I
I
would
bring
it
to
cignet
as
the
proposal
stands
honestly
in
my
mind,
I
I
think
they
will
res
they
would
respond
better
to
an
explicitly
fail
closed,
but
for
now
we
can
always
debate
the
api
a
little
bit
later
and
trust
me.
It
will
undergo
many
iterations,
I'm
sure,
but
I
I
think
you
have
your
head
totally
right
on
your
shoulders.
A
I
like
the
way
it's
going
and
it's
gonna
force
cignet
to
set
a
precedent
for
us
and
moving
forward
and
regardless
whether
it's
a
longer
longer
way
to
us
getting
new
features
in
or
a
shorter
way.
At
least,
we
will
be
able
to
get
new
features
in
we've,
tripped
away,
some
of
that
with
admin
network
policy,
and
I
think
this
will
kind
of
close
the
book,
especially
for
the
developer
persona.
So
I'm
excited
thanks
for
doing
this
work.
Let's
hope
it
goes
well
on.
On
thursday,
oh
sound.
C
F
A
A
So
if
you
want
to
check
I'm
not
going
to
run
through
everything,
that's
changed
because
a
lot
has
changed.
But
if
you
would
like
to
see
what
has
changed
in
the
api,
the
cap
is
pretty
much
up
to
date.
Yang.
I
did
see
that
the
pr
reviewer
just
gave
some
comments
as
well
like
20
minutes
ago.
So
that's
good
news
for
us.
Is
there
anything
else
we
should
hash
out
while
we're
on
this
call
around
admin
network
policy
yeah
the.
A
Oh,
my
goodness,
gracious
yeah
so
just
to
fill
everyone
in
we've
been
arguing
almost
well,
not
not
internally,
actually
yang
aztec.
I
think
we've
all
been
in
agreement,
but
whether
or
not
one
is
the
highest
priority
or
the
lowest
priority,
and
now
it
seems
to
have
wanted
to
be
flip
again.
Flipped
again.
F
F
I
I
do
get
a
sense
that
you
know
there
are
other
people.
I
know
casey
included,
didn't
like
the
way
that
we
put
zero
as
a
special
case
for
for
the
priorities,
but
if
we
do
actually
flip
things
around,
I
think
you
know
one
being
the
highest
precedence
and
and
blah
blah
blah
and
we
keep
zero
as
the
default
will
be
really
really
weird,
which
doesn't
really
make
sense
anymore.
So
I
guess
we
definitely
needed
to
find
a
better.
F
A
Yeah,
I
I
don't
know,
I
actually
don't
know
if
I
agree
with
you
on
that,
like
it,
if
one
was
the
highest
precedence,
the
most
important
value,
it's
a
little,
a
little
more
explicit
now
that
zero
is
special
right,
because
it's
it's
kind
of
furthest
away
from
from
its
closest
priority.
I
know
it's
a
little
harsh,
but
it's
more
explicit,
I
would
say
like
it
truly,
is
special.
Now
right.
A
A
A
So
we're
here
now
the
the
quickest
way
forward
would
just
be
to
go
ahead
and
flip.
It
leave
zero
as
a
special
and
see
what
happens
move
on
the
only
other
way.
I
can
think
to
remove
ambiguity
around
making
zero.
A
special
flavor
of
policy
is
to
add
a
boolean
or
something
right
or
add,
like
an
extremely
explicit
boolean,
which
stinks
because
it's
just
another
switch
to
configure,
but.
F
F
G
F
F
There
are
other
things
that
we
should
have
fixed
in
addition
to
that,
it's
not
about
what
I
have
fixed
so
far
right,
if
I'm
not
mistaken,
so
I
guess
a
to
me,
I
feel
like
a
a
good
way
is,
might
be
that
we
merge
this
pr
first
and
then
you
know
you
can
you
know
maybe
do
another
pr.
On
top
of
that,
just
to
add
to
it,
I
guess:
does
that
make
sense.
A
F
G
F
But
I
mean
anyways,
I
I
think
I,
if
I
understand
you
correctly
andrew,
is
that
you
know
we
can.
I
can
basically
fix
what
we
just
update
the
pr
as
what
you,
what
we
had
just
said
basically
have
the
power
of
these
one
being
the
highest
precedence
and
xero
b
and
special
case,
and
we
do
the
other
naming
part
for
renaming
power
for
the
lfo
selectors,
and
I
I
can
just
update
your
with
those
things
and
we
should
be
good
to
go
right.
F
F
F
So
so,
basically
for
every
peer
you
needed
to
do
like
ports
tcp.
You
know
one
two,
six
sixty
three
thousand
blah
blah
blah
and
udp
and
sctp
or
whatever
you
can
think
of,
and
we're
saying
no.
This
is
not
the
way
to
go,
because
that
would
be
too
extremely
weirdly
verbose
and
a
lot
of
people
don't
actually
even
care
about
l4.
They
just
care
about
three,
and
they
just
wanted.
You
know
to
select
peers
and
expect
us
to
work
on
all
possible
important
numbers.
F
A
Hey
yang,
can
you
hear
me
better
now?
Yes,
so
yes
awesome.
So
I
was
just
saying
tim
just
responded
six
minutes
ago
to
this,
so
I
have
it
up
on
the
screen.
Can
y'all
see
it?
Yes
cool?
So
let's
see
what
he
said,
yeah
you
you
put
into
words
exactly
what
I
had
said
in
this
oops.
Sorry
in
this
comment
above.
A
B
F
A
F
So
if
you
wanted
to
do
something
like
that,
you
you'd
have
to
go
with
the
best
way.
So
the
all
ports
is
just
a
like
a
sugar
to
for
people
to
get
around
when
they
don't
really
care
about
l4.
When
you,
when
you
wanted
to
specify
some
ports
for
a
specific
protocol,
you're,
not
actually
not
caring
about
l4,
you
do
care
about
l4.
Now
you
have
to
go
to
the
very
explicit
way
to
basically
just
sell
everything
you
wanted
to
allow
for
ports
and
protocols.
You
you
can
you
cannot
just
do
sugar
anymore.
A
C
A
Okay,
well,
I
do
need
to
hop
off
yang.
I
think
that's
a
good
idea.
If
you
get
that
updated,
I'm
actually
gonna
be
working
pretty
late
tonight.
So
I'll
get
it
looked
at
and
probably
merge
tonight,
and
then
I
will,
I
guess,
push
a
p
another
pr
to
address.
John
bellameric's
comments.
He's
the
production,
readiness
review
approver,
so,
okay,.