...
Attendees | |
Name | Company |
Wipro | |
Karan Dalal | Walmart |
Dave @Dave Thaler | Microsoft |
Daniel Havey | Microsoft |
Brian Merrell | |
Santhosh Fernandes | |
Taka Shinagawa | Microsoft |
Dhivya Reddy | |
Ragalaharis | |
Satya Ranjan Pradhan | |
Kanthi Pavauluri | |
Neil Hoff | |
LF Staff: Trishan de Lanerolle Kenny Paul
...
- Start the Recording
- We will start by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.
- General Topics
- LF Antitrust Policy
- Community meeting note taking
- Welcome to new attendees
- Use Cases
- Roadmap
- Developer and Testing Forum in January 2022 (virtual event)
- Project structure
- Governance
- Technical Steering Committee
- Conversation with the IO-Visor-Polycube community
- Focus
- Proposals on L3AF with Kubernetes
- Q&A
Minutes/Updates
Date: 11.24.2021
https://wiki.lfnetworking.org/display/L3AF/11-24-2021+TSC+Meeting+Minutes
Meeting Proceedings:
- Kubernetes
- eBPF – new defacto standard for all of the CNI use cases
- Can legacy CNI coexist with new eBPF CNI plugins?
- Thoughts?
- Santhosh: Cilium, Calico and many other CNI solutions eBPF and legacy
- Existing CNI solutions run on the node
- L3AF solutions run on VM attached to the NIC
- L3AF – Control Plane
- Could run as Operator
- L3AF – Data Plane
- Need to coexist with the existing CNI programs
- Adoption of eBPF in Kube is limited at the moment
- CNI is first use case adopted (Cilium, Calico)
- Iptables cannot scale beyond a certain size
- eBPF can scale out where iptables cannot
- Solutions as they currently exist are software solutions
- You get certain functionality out of the box and that is it
- If you have a custom use case (rate limiting, packet tracking)
- Isn’t a current solution that can coexist legacy CNI and custom use cases (eBPF plugin)
- Dave: relationship between eBPF and kube:
- In scope?
- Use eBPF to observe stats about kube (Hubble, etc.)
- inside container
- XDP programs cannot be attached inside the container
- Tc programs can be attached here
- eBPF progs to deploy into containers. Attach something inside the container. eBPF prog associated with something inside kube
- Only attach on a particular POD
- Use Kube orchestrator with L3AFd?
- Using containers or not. Kernel function orchestration for bare metal. (Not in container)
- L3AF has its own orch
- Priorities is chaining – make sure there is no breaking or packet loss.
- Orchestrate as a L3AF operator and run a L3AFD in the pod
- Custom templates to deploy them
- Other tools (Pixie, Cilium, etc.)
- WiPro – looking into observability and other projects
- Good to have an idea what others are doing for curation
- Do you want governance for other things besides the Kube pods?
- Dave : open question – Kube orch add/remove pods on different nodes. Separately the L3AF orch is deploying eBPF progs on different nodes.
- Can we have tighter integration or is there an impedance mismatch?
- Kube has a lot of orch features, can we reuse them?
- Eric: How do we push this into kube and keep track of all the versions and management?
- L3AF has its own orch
- We are still in exploring mode. Need more data.
- Taka – interesting use case: replace service mesh
- Service mesh adds latency and overhead
- Article: https://thenewstack.io/how-ebpf-streamlines-the-service-mesh/
- Eric: yes, very interesting use case. We should look at this.
- Dave: Kube to the edge. This is a use case both inside of and outside of containers
- Karan: model that works in virtual environments may not fit perfectly with eBPF. We will have to adapt.
- Dave: XDP hook is outside of container because it is so low-level.
- L3AF should be useful both inside and outside the container.
- Santhosh: Yes, we will provide the hooks to all the use cases
- Karan: Cilium and Calico have their own operators. Could there be some conflict in policy management?
- Santhosh: Cilium or Calico is running, and some policy comes from L3AF. Does Cilium provide some policy to see if this policy
- Karan: we need to be solution agnostic. We need to find a way to piggyback on the CNI
- One of the most adopted use cases for eBPF on Kube. Compliment the CNI and coexist.
- Broad example:
- Walmart: run multiple eBPF programs on kube clusters. So far, have not had need to think much about it from a control plane. Just use eBPF orch for programs and it just works.
- Ex: Prioritize traffic: Use eBPF to tag certain packets and the router does QoS
- However, what if we want to use an eBPF based CNI? Then what will be the order of chaining for the custom eBPF program? Does it run first? Last? Somewhere in the middle?
- The only other option is to keep embedding the functionality that we need into the CNI.
- This does not scale because embedding business logic into the CNI doesn’t make a lot of sense.
- Taka – interesting use case: replace service mesh
- Using containers or not. Kernel function orchestration for bare metal. (Not in container)
- inside container
- Kenny
- Polycube and ioviser communities should be talking (see Github repo)
- https://polycube.network/ has
- These are very similar. Folks should be talking
- Polycube and ioviser communities should be talking (see Github repo)
- Use eBPF to observe stats about kube (Hubble, etc.)
- In scope?
- CNI is first use case adopted (Cilium, Calico)