11-24-2021 TSC Meeting Minutes
- LJ Illuzzi
- Daniel Havey
- VM (Vicky) Brasseur
TSC Meeting Zoom link
Meeting Recording
Meeting Chat File
Attendees & Representation. Please add your name to the attendance table below.
Attendees | |
Name | Company |
@VM (Vicky) Brasseur | Wipro |
@Karan Dalal | Walmart |
@Dave Thaler | Microsoft |
@Daniel Havey | Microsoft |
@Brian Merrell | Walmart |
@Rishabh Gupta | Walmart |
@Santhosh Fernandes | Walmart |
@Taka Shinagawa | Microsoft |
Dhivya Reddy | Walmart |
@Ragalahari | Walmart |
Satya Ranjan Pradhan | Walmart |
Kanthi Pavauluri | Walmart |
@Neil Hoff | |
@Eric Tice | Wipro |
LF Staff: @Trishan de Lanerolle @Kenny Paul
Agenda
Start the Recording
We will start by mentioning the project's Antitrust Policy, which you can find linked from the LF and project websites. The policy is important where multiple companies, including potential industry competitors, are participating in meetings. Please review and if you have any questions, please contact your company legal counsel. Members of the LF may contact Andrew Updegrove at the firm Gesmer Updegrove LLP, which provides legal counsel to the LF.
General Topics
LF Antitrust Policy
Community meeting note taking
Welcome to new attendees
Use Cases
Roadmap
Developer and Testing Forum in January 2022 (virtual event)
Project structure
Governance
Technical Steering Committee
Conversation with the IO-Visor-Polycube community
Focus
Proposals on L3AF with Kubernetes
Q&A
Minutes/Updates
Date: 11.24.2021
https://lf-networking.atlassian.net/wiki/display/L3AF/11-24-2021+TSC+Meeting+Minutes
Meeting Proceedings:
Kubernetes
eBPF – new defacto standard for all of the CNI use cases
Can legacy CNI coexist with new eBPF CNI plugins?
Thoughts?
Santhosh: Cilium, Calico and many other CNI solutions eBPF and legacy
Existing CNI solutions run on the node
L3AF solutions run on VM attached to the NIC
L3AF – Control Plane
Could run as Operator
L3AF – Data Plane
Need to coexist with the existing CNI programs
Adoption of eBPF in Kube is limited at the moment
CNI is first use case adopted (Cilium, Calico)
Iptables cannot scale beyond a certain size
eBPF can scale out where iptables cannot
Solutions as they currently exist are software solutions
You get certain functionality out of the box and that is it
If you have a custom use case (rate limiting, packet tracking)
Isn’t a current solution that can coexist legacy CNI and custom use cases (eBPF plugin)
Dave: relationship between eBPF and kube:
In scope?
Use eBPF to observe stats about kube (Hubble, etc.)
inside container
XDP programs cannot be attached inside the container
Tc programs can be attached here
eBPF progs to deploy into containers. Attach something inside the container. eBPF prog associated with something inside kube
Only attach on a particular POD
Use Kube orchestrator with L3AFd?
Using containers or not. Kernel function orchestration for bare metal. (Not in container)
L3AF has its own orch
Priorities is chaining – make sure there is no breaking or packet loss.
Orchestrate as a L3AF operator and run a L3AFD in the pod
Custom templates to deploy them
Other tools (Pixie, Cilium, etc.)
WiPro – looking into observability and other projects
Good to have an idea what others are doing for curation
Do you want governance for other things besides the Kube pods?
Dave : open question – Kube orch add/remove pods on different nodes. Separately the L3AF orch is deploying eBPF progs on different nodes.
Can we have tighter integration or is there an impedance mismatch?
Kube has a lot of orch features, can we reuse them?
Eric: How do we push this into kube and keep track of all the versions and management?
We are still in exploring mode. Need more data.
Taka – interesting use case: replace service mesh
Service mesh adds latency and overhead
Article: https://thenewstack.io/how-ebpf-streamlines-the-service-mesh/
Eric: yes, very interesting use case. We should look at this.
Dave: Kube to the edge. This is a use case both inside of and outside of containers
Karan: model that works in virtual environments may not fit perfectly with eBPF. We will have to adapt.
Dave: XDP hook is outside of container because it is so low-level.
L3AF should be useful both inside and outside the container.
Santhosh: Yes, we will provide the hooks to all the use cases
Karan: Cilium and Calico have their own operators. Could there be some conflict in policy management?
Santhosh: Cilium or Calico is running, and some policy comes from L3AF. Does Cilium provide some policy to see if this policy
Karan: we need to be solution agnostic. We need to find a way to piggyback on the CNI
One of the most adopted use cases for eBPF on Kube. Compliment the CNI and coexist.
Broad example:
Walmart: run multiple eBPF programs on kube clusters. So far, have not had need to think much about it from a control plane. Just use eBPF orch for programs and it just works.
Ex: Prioritize traffic: Use eBPF to tag certain packets and the router does QoS
However, what if we want to use an eBPF based CNI? Then what will be the order of chaining for the custom eBPF program? Does it run first? Last? Somewhere in the middle?
The only other option is to keep embedding the functionality that we need into the CNI.
This does not scale because embedding business logic into the CNI doesn’t make a lot of sense.
Kenny
Polycube and L3AF are very similar. Communities should be talking
LJ: Some overlap. Should see what can work together
Should we set something up at LFN: dev test forum? (See CFP above)
Click link on CFP page. Deadline Dec. 3rd.
LJ: More light on Polycube please.
Kenny: Polytech university in Turin has a number of contribs
Vicky: We should work with LJ to help coordinate. We should join each other's meetings.
LJ: Offline handshake and then set up meeting though tsc.
Videos? Reading material?
Proceedural:
Need at least a days' notice of agenda. Can we send agenda out?
Trishan: will take it up with LJ
Which weeks in December will we be meeting?
1, 8, 15, 22, 29, Jan 5th
22 and 29th are cancelled
Topics:
Karan to speak with LJ to have agenda pushed out.