Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Attendees

Name

Company
Wipro
Karan DalalWalmart
@Dave ThalerMicrosoft
Daniel HaveyMicrosoft
Brian Merrell

Santhosh Fernandes
Taka ShinagawaMicrosoft
Dhivya Reddy
Ragalahari
Satya Ranjan Pradhan
Kanthi Pavauluri
Neil Hoff
Eric Tice Wipro






LF Staff: Trishan de Lanerolle Kenny Paul

...

  • Kubernetes
    • eBPF – new defacto standard for all of the CNI use cases
    • Can legacy CNI coexist with new eBPF CNI plugins?
  • Thoughts?
    • Santhosh: Cilium, Calico and many other CNI solutions eBPF and legacy
    • Existing CNI solutions run on the node
    • L3AF solutions run on VM attached to the NIC
  • L3AF – Control Plane
    • Could run as Operator
  • L3AF – Data Plane
    • Need to coexist with the existing CNI programs
  • Adoption of eBPF in Kube is limited at the moment
    • CNI is first use case adopted (Cilium, Calico)
      • Iptables cannot scale beyond a certain size
      • eBPF can scale out where iptables cannot
    • Solutions as they currently exist are software solutions
      • You get certain functionality out of the box and that is it
      • If you have a custom use case (rate limiting, packet tracking)
      • Isn’t a current solution that can coexist legacy CNI and custom use cases (eBPF plugin)
    • Dave: relationship between eBPF and kube:
      • In scope?
        • Use eBPF to observe stats about kube (Hubble, etc.)
          • inside container
            • XDP programs cannot be attached inside the container
            • Tc programs can be attached here
        • eBPF progs to deploy into containers. Attach something inside the container. eBPF prog associated with something inside kube
          • Only attach on a particular POD
        • Use Kube orchestrator with L3AFd?
          • Using containers or not. Kernel function orchestration for bare metal. (Not in container)
            • L3AF has its own orch
              • Priorities is chaining – make sure there is no breaking or packet loss.
            • Orchestrate as a L3AF operator and run a L3AFD in the pod
              • Custom templates to deploy them
            • Other tools (Pixie, Cilium, etc.)
              • WiPro – looking into observability and other projects
              • Good to have an idea what others are doing for curation
              • Do you want governance for other things besides the Kube pods?
            • Dave : open question – Kube orch add/remove pods on different nodes. Separately the L3AF orch is deploying eBPF progs on different nodes.
              • Can we have tighter integration or is there an impedance mismatch?
              • Kube has a lot of orch features, can we reuse them?
            • Eric: How do we push this into kube and keep track of all the versions and management?
          • We are still in exploring mode. Need more data.
            • Taka – interesting use case: replace service mesh
            • Dave: Kube to the edge. This is a use case both inside of and outside of containers
            • Karan: model that works in virtual environments may not fit perfectly with eBPF. We will have to adapt.
            • Dave: XDP hook is outside of container because it is so low-level.
              • L3AF should be useful both inside and outside the container.
            • Santhosh: Yes, we will provide the hooks to all the use cases
            • Karan: Cilium and Calico have their own operators. Could there be some conflict in policy management?
            • Santhosh: Cilium or Calico is running, and some policy comes from L3AF. Does Cilium provide some policy to see if this policy
            • Karan: we need to be solution agnostic. We need to find a way to piggyback on the CNI
              • One of the most adopted use cases for eBPF on Kube. Compliment the CNI and coexist.
              • Broad example:
                • Walmart: run multiple eBPF programs on kube clusters. So far, have not had need to think much about it from a control plane. Just use eBPF orch for programs and it just works.
                • Ex: Prioritize traffic: Use eBPF to tag certain packets and the router does QoS
                • However, what if we want to use an eBPF based CNI? Then what will be the order of chaining for the custom eBPF program? Does it run first? Last? Somewhere in the middle?
                • The only other option is to keep embedding the functionality that we need into the CNI.
                  • This does not scale because embedding business logic into the CNI doesn’t make a lot of sense.
        • Kenny
        • Satya: More light on Polycube please.
        • Kenny: Polytech university in Turin has a number of contribs
        • Vicky: We should work with LJ to help coordinate. We should join each other's meetings.
        • Satya: Offline handshake and then set up meeting though tsc.
          • Videos? Reading material?

Action Items