►
Description
Featuring John Howard, Christian Posta, Lin Sun, and Eitan Yarmush.
A
B
B
I'm
I'm
focused
on
application,
networking
service,
mesh
use
cases
and
I'm
really
interested
in
how
we
can
use
evpf
to
upload
some
of
the
things
that
we
do
in
the
service
mesh
proxy
into
the
kernel
and
and
then
also
augment
and
complement
the
type
of
observability
and
Telemetry
that
we
can
get
from
from
the
mesh.
With
with
what
we
can
see
in
the
kernel
yeah.
That's
what
I'm
interested.
C
D
C
D
C
Network
acceleration
for
anything,
that's
related
to
service
mesh
and
then,
as
you
look
forward,
you
can
see
that
some
of
the
capabilities
that
are
in
the
proxy
right
now
so
like
an
ambient
with
the
Z
tunnel
or
even
inside
cars
that
we'll
be
able
to
push
those
further
into
the
kernel
with
EPF.
So
hopefully
you
know
one
day
we
won't
even
have
to
have
a
proxy
at
all.
F
F
You
know
what
evpf
allows
us
to
do
is
instead
of
trying
to
express
all
this
config
as
this
declarative
config
model,
we
can
just
write
in
a
code
right,
and
so
we
can
take
that
small
amount
of
input
config
and
then
just
write
the
code,
AS
EPF
logic
that
you
do
directly.
Instead
of
trying
to
take
these
apis
that
are
kind
of
generic
and
declarative
and
try
and
model
our
very
bespoke
specific
use
cases
for
them
right.
So
you.
F
D
D
A
A
F
F
G
B
I
think
another
aspect
that
tends
to
come
up
and
contribute
to
the
confusion
that
I
think
could
be
more
clearly
stated
as
where
does
the
proxy
actually
run
I
think
that's
a
more
interesting
question,
because
EVP
applic
can
evpf
replace
all
the
layer
7
all
the
stuff
the
sidecar
does.
No,
maybe
if
you
have
to
be
used
for
some
portions
of
that,
but
so
the
really
the
question
shouldn't
be
about
you
know
well.
B
A
C
Just
the
one
thing
I
would
add
is
that,
even
eventually,
if
we
are
able
to
get
rid
of
the
proxy
by
pushing
all
of
the
concerns
to
the
kernel
with
evpf
I,
think
one
I
think
that
still
lays
off.
But
I
do
think
that
it
just
if
we
just
because
we
can,
if
we
can
doesn't
mean
we
should
because
there's
a
lot
of
so.
C
A
Yeah
we're
not
talking
about
a
little
bit
of
time,
at
least
many
years
more
than
a
few
years
right,
because
even
when
the
official
landed
in
the
kernel,
it
puts
up
your
gifts
to
get
you
a
particular
Linux.
This
show
yeah.
Thank
you
so
much
for
that
question
and
answer.
So
the
next
question
is:
what
role
do
you
think
evpf
can
play
in
service
mesh?
Do
you
guys
want
to
add
anything
I
feel
like
some
of
you
already
touch
on
that
topic
already.
If
not,
we
can
skip
to
the
next
question.
F
F
Said
about
potential
is
really
true
to
me.
Ebpf
today
can
be
really
useful
for
certain
things
that
are
very
restricted
use.
Cases
like
if
you
only
care
about
getting
Telemetry
for
your
information,
sure
do
everything
in
ebtf.
You
don't
have
to
copy
everything
up
to
user
space.
It's
very
fast!
You
get
what
you
want,
but.
F
Have
to
copy
everything
to
user
space
anyways
you
might
as
well
have
just
done
the
Telemetry
in
the
new
space
as
well
right.
So
as
the
functionality
expands
more
and
more
and
can
cover
more
use
cases,
it
starts
to
make
more
sense
today.
I
think
it's
mostly
Niche
cases
and
small
optimizations
right
I
think
someone
may
have
talked
about
kind
of
optimizing.
Some,
like
the
redirection
logic
of
the
bbpf,
for
example.
F
G
I,
have
one
more
I
think
there's
an
interesting
that
we've
been
talking
a
lot
about
ambient
and
there's
a
lot
of
interesting
questions
about.
You
know
something
that
was
brought
up.
Some
questions
that
have
been
brought
up
to
me
about
even
going
back
to
previous
coupons
about
the
security.
The
encryption
data
over
the
wire
just
within
the
node
itself,
which
is
another
as
I
mentioned,
I
view
eppf
as
a
potential
security
name,
so
use
potentially
leveraging
evpf
on
the
Node
itself
to
make
sure
that
the
traffic
is
always
encrypted.
C
C
And
as
as
an
end
user,
that
might
not
be
the
biggest
thing,
because
you
know
it's
more
of
an
implementation
detail,
but
just
from
the
what
was
needed
to
get
the
current
setup
working
pvpf
can
kind
of
simplify
that
in
a
lot
of
ways,
because
you
know
we
talked
about
it
before
you,
you
really
are
expressing
it
in.
You
know
basically
code
like
you're
saying
with
logic.
This
is
what
I
want
to
do
with
the
network
versus
trying
to
you
know
piece
together.
All
of
these
different
pieces
of.
A
D
A
E
F
E
A
D
C
So
the
answer
is
yes,
you
know,
there's
there
are
a
couple
ways
of
doing
that.
It's
it's
kind
of
gets
more
tricky
when
you're
talking
about
like
HP
one
versus
HTTP
2,
but
in
both
cases
technically
it's
possible
they're.
Also,
you
know
techniques
like
you
can
use
user
probes,
so
you're,
technically
using
ebpf,
but
you're
hooking
into
user
space
code.
That's
how
some
of
the
libraries
do.
Things
like
this
is
like
I
want
to
use
edpf
to
see
traffic.
That
is
being
you
know,
TLS
encrypted
right
and.
C
B
C
B
Was
going
to
say
in
in
glue
mesh,
that
is
exactly
what
what
we're
doing,
because
of
the
workloads
that
run,
for
example,
for
ambient
the
workloads
that
run
that
you
know
have
the
Z
tunnel
deployed
with
them.
They're
missing
out
on
some
of
the
layer,
7
Telemetry
and
being
able
to
capture
that
using
evpf
or
some
mechanism,
so
that
you
don't
have
to
rely
on
sidecars
is
a
is
a
really
important
way.
The
second
thing
I'll
say
is
that
I
think
it's
EVP
update
tomorrow.
D
B
D
D
G
G
So
that
is
certainly
one
way
to
go
about
it
right.
It
just
uses
the
entire
existing
infrastructure
right
that
has
been
built
around
packaging
and
signing
oci
distributed
bundles
oci,
standing
for
I'm,
not
open
container
initiative
and
so
yeah.
So
I
think
that
you
know
it's
a
very
interesting
problem.
G
A
D
C
Is
kind
of
like
a
much
broader
technology
right
and
it's
an
implementation
detail
of
psyllium
and
that's
kind
of
what
allows
them
to
have.
You
know
there's
performance
gains
and
everything
by
using
sewing
because
it's
implemented
in
pvpf.
As
far
as
like
the
overlap
goes,
you
can,
you
can
definitely
write.
You
know
networking
modules
in
EDP,
apps
and
load
those
alongside
psyllium,
the
the
hard
part
about
that.
Is
you
just
even
not
depending.
I
I
So
basically
the
thing
that
people
were
very
excited
about
us
gaming
is
first
of
all.
You
know
we
get
rid
of
the
proxy
right,
so
it's
cost
less
number
two.
We
did
a
lot
of
gaming
in
terms
of
oh
we're,
hoping
to
do
a
lot
of
gaming
in
terms
of
the
performance
and
the
last
and
not
least,
is
the
operational.
So
I
wanted
to
say
something
as
something
that
we
learned
in
itself
and
it's
something
that
I
don't
know
that
we
heard
before
we
talked
about
it
enough
before
so.
I
I
wanted
to
highlight
that
what
we
learned
from
our
customers,
here's
what
we
see
even
we
have-
can
give
you
some
performance.
But
honestly,
it's
really
really
tiny
bits
related
to
what
you
really
care
of.
So
here's
what
we
see
from
a
customer
there
is
a
budget
of
those
latency
and
as
long
as
you
are
kind
of
like
in
that
budget,
you
know
what
else
customer
wants
future.
That's
why
they
really
care.
They
don't
really
care
to
get
the
micro
unless
it's
a
very
specific
system.
I
What
they
really
want
is
that
there
are
several
features
and
other
stuff,
so
I
just
wanted
to
mention
that,
and
we
are,
you
know
very
bullish
about
ebpf
and
I
think
that
we
can
get
a
lot
of
stuff
in
terms
of
the
operation
and
I
think
that
it's
very
important
for
us
to
get
a
lot
of
the
observability,
which
could
be
really
really
interesting.
I
just
want
you
to
know
that
I,
never
I.
F
A
G
H
F
I
I
I
I
A
F
Don't
see
people
talking
about
at
kubecon
about
deploying
kubernetes
for
the
first
time
anymore,
right,
that's
just
what
everyone
here
has
already
done.
You
know
a
few
years
ago
you
saw
that
about
istio.
Everything
was
about
like
we
just
deployed
istio
like
how
do
the
police
do
all
that
type
of
things
so
we're
starting
to
get
to
where
Eastview
is
more
prevalent,
but
it's
still
very,
very
visible
when
you're
using
it
right,
that's
kind
of
where
the
name
for
ambient
mesh
came
from.
F
We
want
to
make
it
kind
of
ambient
in
the
cluster
right.
It's
just
there.
You
just
have
a
kubernetes
cluster
and
you
have
mtls
right
and
then
you
add
the
functionality
on
top
of
it
right.
You
know
if
I
want
to
do
traffic
splitting
and
send
five
percent
of
traffic.
To
my
my
new
version.
I
should
just
be
able
to
use
an
API
to
clear
that
I
want
that
and
go
about
my
day.
I
shouldn't
have
to
worry
about
deploying
sidecars
or
a
control
plane,
or
you
know
all
these
other
things.
F
So
I
think
that
you
know
that's
where
we're
heading
is
that
it's
really
just
API
driven.
You
shouldn't
have
to
think
much
about
installing
operating
managing
part
of
that's
by
simplified
architecture,
part
of
that's
by
product
offerings
that
kind
of
automate
things
away,
but
we're
definitely
moving
in
that
direction.
B
Yeah
I
I
mean
I
fully
agree
with
what
John
said.
Basically,
this
that
stuff's
going
to
become
boring,
but
it's
going
to
enable
opportunities
on
top
of
it.
For
example
like
like
something
you
were
just
asking
about:
the
debug
ability
right,
various
ways
to
plug
in
new
policy
engines
and
so,
but
that
that's
going
to
lay
the
groundwork
for
more
of
the
Innovation
for
the
problems
that
we're
going
to
need
to
solve.
On
top
of
it,
foreign.
C
C
A
standard
part
of
your
kubernetes
cluster
going
forward
and
with
things
like
ambient,
you
know
it
it's
going
to
just
be
there
and
you
will
not,
hopefully
have
to
interact
with
it
pretty
much
at
all
and
get
all
the
features
that
you
need
for
deploying
microservices
and
kubernetes.
Basically,
yeah
I
agree.
A
G
Day,
let's
just
hear
it.
Finally,
all
right,
so
I
don't
know
about
y'all,
but
my
least
favorite
type
of
bug
is
a
bug
that
only
shows
up
in
prod
and
only
after
a
month,
and
so
we
had
a
we
there.
There
was
someone
running
Ico
in
prod
for
a
month
and
after
a
month,
all
the
DNS
requests
would
start
failing
from
from
the
sidecar.
This
was
a
new
steel.
H
G
So
this
one
turned
out
that,
after
about
a
month
the
there
was
a
bug
in
Envoy
that
would
essentially
all
of
the
UDP
DNS
traffic
would
just
fail
for
no
good
reason.
Right,
Wireshark
didn't
show
anything
like
there
was
so
much
kernel,
debugging
and
then
eventually
it
just
turned
out
that
there
was
a
bug
in
the
in
the
UDP
code
in
Envoy
and
if
you
switch
it
to
TCP
just
work
so
that
one
was.
G
I
D
C
D
B
F
Yeah
I
would
say
the
same,
but
just
to
at
least
clarify.
Why
I
think
that
is
not
that
you
know
in
a
year
or
two
from
now,
I'd
probably
give
a
different
answer
and
say
just
go:
deploy
the
Z
tunnel
everywhere,
get
mtls
and
then
add
on
your
proxies.
It's
more
that
ambient
is
not
yet
mature
right,
it's
very
experimental
right
now,
so
you
know
you
should
start
with
the
thing:
that's
production,
ready
and
then
once
Ambience
mature,
then
think
about
that
moving
forward.
F
D
F
Think
helps
with
that
a
lot
because
it
makes
it
a
lot
easier
to
have
kind
of
the
Baseline
mesh
without
the
traffic
modification
right
with
sidecars
and
the
full
L7
processing
you
get,
for
example,
HTTP
load,
balancing
that's
great,
but
that
actually
changes
the
behavior
of
the
application.
So
maybe
users
don't
want
that
and
it
you
know,
breaks
the
application
with
ambient.
We
have
kind
of
a
split
where
this
is
a
safe
subset
that
everyone
can
kind
of
get
value
out
of,
and
then
they
can
kind
of
opt
into
a
more
full
mesh
experience.
D
I
I
didn't
but
those
they
used,
the
new
sporting
club
right
most
of
the
people
that
make
them
have
won
the
games
out
there
right.
The
question
is
how
bad
trying
to
get
there
and
where
is
right
so
I
think
that
they're
talking
about
the
problem
with
some
like
I,
know,
sister
back
on
the
day
before
after
marriages
end
of
life,
I
know
that
they
tried
release
yes,
serverless
together.
D
I
B
D
B
Patched
it
maybe
they
did
something
but
they're
they're.
You
know
ability
to
keep
up
with
what
the
rest
of
the
community
is
doing,
Falls
way
behind,
and
so
you
get
a
stale
versions
of
you
know
the
that
that
may
not
support
expanding
to
VMS
and
some
of
these
other
other
platforms
as
nicely
as
expert,
but
but.
E
B
I
mean
it
kind
of
makes
sense,
well,
I,
think,
overall,
what
what
we
see?
What
indeed
was
kind
of
alluding
to
is
that
we
see
organizations
that
will
take
kubernetes.
They
already
have
VMS,
they
might
be
on
premises,
they
might
be
in
public
cloud
and
they
will
they
will
build
they're
effectively,
building
their
Enterprise
developer
platforms
for
their
teams
service.
Much
as
part
of
that
now
how
that
gets
delivered,
you
know
it
might
be.
You
know
you
deploy
it
in
in
the
various
platforms
you
might
self-manage
it.
B
B
C
B
A
All
right
with
that
I
would
like
to
thank
all
the
panelists
and
also,
most
importantly,
thank
you,
everyone
for
staying
with
us.
You
know
this
music,
there's
water,
you
know
everything
out
there
so
nice.
So
thank
you
so
much
for
staying
with
us,
for
if
you
have
further
questions
about
istio
edps
service
smash,
the
solo
team
is
going
to
be
available
at
service
mesh
car
I
believe
John
is
going
to
also
be
there
too,
and
on
Wednesday
we'll
be
at
the
booth.
A
If
you
want
the
books,
we
will
be
handing
out
the
books
at
our
booth.
We're
going
to
have
a
signing
session
on
Wednesday
at
the
Boost
Club
I.
Believe
it's
six
to
eight
pm,
also
on
Wednesday
night,
we're
inviting
everybody
to
drinks,
I
think
right
in
this
venue
from
8
to
11,
so
free
drinks
on
my
bus
yeah.
So
thank
you.
Everyone
for
attending
and
joining
us
I
really
really
appreciate
your
attendance.
Thank
you
all.