 Hello we will give it a few moments for people to join in. So I've added the link to the chat so that's where the meeting notes are. It's a bit unfortunate Zoom no longer does an actual link anymore, they just have copy and paste text. It seems we've fixed it and without link. Ah funny, maybe I need to update Zoom, maybe that's the problem because it's not showing it as an income line. Great can everyone see the meeting notes? Yep. And is it clear do I need to zoom in or? Maybe a little I guess. Yeah this is better yeah. Oh yeah this monitor has an insanely high resolution so okay so let's go ahead and get started. So welcome to the next Network Service Mesh meeting. We have this meeting every week on Tuesdays at 8 a.m. We tend to have a meeting every other week as well. Did you all decide to cancel that meeting for the Asia friendly time for the moment? I think that was a decision. I think it will be on next week so we can just start it and check if it will be in our attendees. Probably we'll we should cancel it for a time. Okay so we're going to put that on hate it's pretty pretty soon so we have one more one more meeting in that area if we start to get interest in people in in those time zones and then we'll see about restarting it up. We also participate in the CNCF telecom user group which the next meeting is going to be Monday May 18th at 3 a.m. Pacific time. We also participate in the CNCF SIG network which occurs every first and third Thursday of the month at 11 a.m. Pacific time. The locations are located the URLs are located on the meeting notes. A couple major things that have happened so KubeCon has gone virtual and so in August 17th through 20th we will be having the virtual KubeCon. The schedules should still be the same in terms of in terms of the main sessions for NSM. As the tentative approach that we're going to take is that we still want the NSM con to occur and so we're working out details on to as to what's going to happen with that. If you have registered $50 for US for NSM con that should have been refunded to you since the reason for the for the $50 was to ensure that that people who signed up were indeed attending. So if you signed up look out for that $50 reverse on your credit card or however you paid. The second thing is the second thing that we were doing with that money was paying it into the diversity fund in order to help people get to KubeCon who historically would be unable to due to financial reasons and so since it's virtual that need does not exist for this specific one and so we're going to work on getting details about the next NSM con at KubeCon. So in terms of other events moving forward we also have ONES Los Angeles that is that is occurring it's that is going to be in September. The ONES Europe is currently been postponed and to be determined. I don't have information on that. Interestingly the ONES has been doing virtual keynotes and virtual mini conferences so I would expect considering many of the countries there are continuing to postpone I would expect this to probably go virtual as well. The final one KubeCon and cloud cloud native con North America is still in Boston call for papers are still open they close on June 12th so that is one month away from now so make sure you get your your entries in and as of now there's no schedule change to KubeCon North America so in terms of announcements so the first one is Ed is not showing up today because he's feeling he's feeling sick it's non-covid related he should be feeling better with with a bit of rest so other other things are going on in terms of the in terms of the community is we also we have we also have been working towards actually I'll say those for the main call so in terms of social media community team so in terms of our stats we are now up eight we have 761 followers we are following additional 10 people we we shout out 18 different retweets including call reminders last week's video recap cnc of webinars by the way if you haven't seen the cnc of webinar on zero trust please make sure to go see it there is a link further down in the in the agenda from last week and you can also find it if you'd look up zero zero trust and you put my name Frederick and cnc of webinar to google it should be one of the top hits it was so he was hosted not last week but the week before in terms of major events there is now a registration for open source summit in embedded linux conference so another virtual experience you can sign up for that now they've greatly reduced the cost of this if I recall properly I believe it's I think $50 to join in so there's a lot of really great material in open source summit and it's actually one of the places where NSM did one of its first set of talks so I highly recommend joining in to some of those you'll you'll learn a lot we also have LF networking which is going on they're providing they're also they're providing their training courses and certifications we tweeted out information about edge networking new guide that they put out we reposted things in kubernetes about how to how to thrive in a and evolve as a containers orchestration platform and their support for open source we also posted a telecom tv panel discussion about how telecoms must have a clear migration to cloud native if I recall this is actually one that I that I had was this one I participated in no this was a different one I participated in some telecom tv stuff before in the past in terms of in terms of migrating to cloud native definitely recommend taking a look at some of their stuff so it's it's also hosted people like dan cone and taylor in in addition to myself in in other in other videos in terms of linkedin stats we've added an additional follower and we've reposted everything in twitter into linkedin the plan in terms of our plans we we intend to retweet the the contributor podcast and continue to promote the registration for nsm con uh EU and promote the sessions there so in the terms of in terms of the agenda is there anything that anyone would like to bring up I have a community status update I can give but before we do that is there any topics anyone would like to discuss or or ask questions about this is uh john the berry here first time joining I actually presented last week at the sig networking about a research project more of a survey of l7 protocols and in and across the cncf landscape it's in relationship to the startup we're working on but it's really to identify how networking uh is implemented and some of the assumptions around well effectively hdp in a lot of projects um and where their opportunities as a community we can improve those capabilities enable alternative use cases like what I focus on which is iot or gaming or or telephoning um and ed was on the call and he definitely uh had a lot of good things to say about nsm and suggested I I join in and uh participate and learn um so I actually posted my slides in the slack channel the other day and the video recording um so I encourage people who are interested in that topic to check out um the document and the presentation um and beyond that I don't have anything else to say just that I'm going to be uh flying the wall for a bit and seeing where I can I can learn contribute cool do you have access to the uh to the uh meeting notes because you can you can add that into the agenda and post a link there so that people can easily find it perfect I'll do that right in cool and um yeah and I don't know how much ed told you in terms of nsm because I know it's not an nsm meeting that they have over there uh interestingly we focus primarily on layer two and layer three but uh layer seven is built on layer two and three and so there's there's a great uh there's some there's they're definitely very complementary and so if uh if you want to go into any of that in more detail as time as time moves forward let let us let us know and I'm more than happy to to dedicate some time in this in this meeting to discuss some of your some of your use cases awesome yeah um and we had a little interview about that in the it's an area I have to go deeper in um because a lot of the use cases are definitely layer seven and the model um as long as layer three four uh is is uh doable then great but there's actually a lot of protocols that are not even IP based or are sort of quasi IP and that's where um ed was saying hey there's there's some some stuff you you're all looking into so for example um ultra low bandwidth protocols in iot again because my background focused there um they they don't even use ip framing uh so how do we how do we square that circle kind of kind of thing and that's what definitely piqued my interest uh um and potential area I think of of discovery and conversation yeah we're definitely definitely well aligned in that space then uh because that is squarely one of our one of the things that we're looking at uh not that specific use case directly uh but uh analogous one so for example if you're working in the telecom space uh they also have a variety of different layer two and layer three protocols that they use that are uh that are not necessarily IP based and so uh it's it's not in common to find things like MPLS and one of the things that we found in the open stack world is that many of the vendors uh because Neutron was squarely uh IP and uh Mac based uh Ethernet based what people would do is they would say oh I needed MPLS label and there's no MPLS label that was available and now you can extend the API a little bit more so it's a little bit more flexible but still an issue where they're okay there's no MPLS label available so how do I inject one in I will repurpose the MAC address has the MPLS label and move forward and then they worked out that they can gain access to the RabbitMQ uh back end and inject their own messages into it which completely subverted the uh the protocol and so uh I think if if we don't solve these type of issues one of two things will end up happening either will end up pegging all of the users onto a frame or protocol that they don't really work well in like you can only speak over this specific thing that is IP based over L7 HTTP or we go the opposite direction and people will find ways to subvert the protocol out of out of necessity and then not out of maliciousness just just purely out of out of necessity to get their their use cases done and we end up with fragmentation at that point so I so I think the things that you describe um and we we go beyond Kubernetes as well so this isn't just like this is not only for Kubernetes networking it's also about how do you connect things that are that are outside of Kubernetes with each other and with with Kubernetes things or two two things where there's no Kubernetes in there at all so yeah so I think I think we'll be relatively well aligned um at a future time if you want to show off and discuss some of the stuff that you're looking at like feel free to feel free to add yourself to the agenda we'll be more more than happy to go over it awesome yeah and I think there's uh based off of just you know it's it's a nice conversation in this one there's areas I want to go and extend uh that I haven't done already so I'd be more than happy to present um what I presented to the SIG um in an upcoming meeting but then identify some of those those opportunities so you know for example what happens if you use one of these protocols that that are you know not L7 based um and how would you how would you implement that um how would you do load balancing congestion control uh security and all those things uh or how do how do network operators like telcos but also these up and coming satellite providers who um we're working with early on how do they integrate you know their call it like L1 L2 protocol um and actually travel all the way through so yeah I think this is there's a lot of um interesting ideas and opportunities to to make sure we build the right things yeah as as a person who's worked on ham radio that's also very exciting to me and so um now in terms of um you in terms of getting them to to communicate um yeah I yeah that that'll definitely be quite interesting so let's let's make sure that that uh when you're ready to to present let let us know and we'll we'll make sure that you're that you're on the agenda great thank you cool so in terms of um is is there any other uh questions or comments that people would like to bring up before we go into the main into the main status okay so in terms of uh work that's been going on so we have seven streams of work so the the first one uh it's I'll go over some of the stuff that Ed has been working on so Ed has been working on something called to go TEGO and this is to help with the development of NSM with some of the uh with some of the slowness in the in some of the bills so when you because NSM is a lot of small components in the Kubernetes reference implementation uh sometimes the the feedback loop can can get a bit long um and break you out of your flow so what to go does is it does a local build and then it passes the cache into uh into the Docker container and uh reruns the build there just for primarily for safety um and and then builds your your application that from from that point and so the the nice thing in this scenario is that uh it turns out that you can if you're careful you can transfer the cache artifacts from one node to another and reuse them as long as you meet certain certain requirements and to go is designed to to meet those and so that way when you do a build you're not rebuilding everything from from scratch instead you're only building things that have that have changed so that is uh um and so that's that's the first thing that we're that we're uh that we're focusing on is getting that uh I guess you would say go compiler accelerator it's very similar to uh ccache if you've if you've worked with uh if you've worked with that um so like another thing that uh we're working on is for the new SDK I'm getting very close to uh having a full a full working example showing off the the ICMP responder so we have a working ICMP responder in the main repo uh this is this one is using the new the new SDK and this this includes uh of an example that that goes from uh from from client server and back includes things like uh authentication it has uh it has a code in there demonstrating how do you do uh spiffy uh how do you get the gRPC spiffy links at the control level to authenticate each other with mutual tls and uh how do you how do you validate things I don't have the policy stuff in there just yet so I'm just doing a very permissive uh true true is equal to true policy and it passes uh hopefully and so I've uh so so at the moment though I that's I'm setting that up as an example where we can show all of the all of the main components in terms of how they in terms of how they work and uh make and make it easy for people to to work out how to how to build against the SDK as a as a full working example um in terms of in terms of the more detailed work that's going on there is uh continued work for inside of the NSM daemon to add uh callbacks and so uh callbacks was an interesting thing that we've added into our gRPC tooling uh where you when you connect in with gRPC one of the problems that tends to arise is uh is centered around bi-directional communication so gRPC is a server client-based model it does not have a true bi-directional even though I believe the acp framing the acp2 itself doesn't support it but the framing system itself I believe does and um what we've added onto it is a callback system that does not modify gRPC is built on top of it but allows you to create callbacks so that you can get some controlled bi-directional communication between multiple systems what this will allow us to do is to create a callback that when certain events happen in the network service manager uh that we'll be able and within the client that we'll be able to get that bi-directional communication between uh two systems and not have to work with multiple with multiple sockets at that point um another thing that we are focusing on is uh additional work on the vl3 space so we have uh registry work that is uh that we're currently focusing on uh specifically with some co-generation around building the the chain uh the vl3 is our is one of our main efforts that we are driving so basically uh we we can do l3 quite uh quite easily like that that's not a problem but when you start to put this thing into production then this is where things like how do we make sure that uh you get resiliency that you have the ability to load balance across multiple nodes as across across cluster organizational boundaries so that you can and how do you make sure that you fail over properly that you get your dns set up properly what if dns fails how do you how do you how do you heal it and so our our vl3 uh it's a milestone is a is a production quality vl3 uh so where you can hook up multiple clusters together and have them interoperate with the with each other workload workload uh and so it's the production version of uh of that use case so right now the focus is on is on the the registry to get works done in that space we also have so this stuff is uh the icmp responder one is is going to be in the new repo that's going to be now can i look at it or yeah you can take a look you can take a look at it i i need to push the code up and the same with this vl3 stuff it's the same thing that this guy showed at the msm con in san diego is it when you have like a mesh so when you can so you can reach services from other clusters i mean you're buying the two msm clusters together so it's it's the same it's the same use case what we're what we're doing is we're we're creating a production version of that very good are you putting it also in the new repo where will that show up yeah that this this all we're aiming all of this development to to work in the in the new repo with the new architecture where everything is an nc more or less even the data for orders or something that ed mentioned last time exactly that that's exactly what we're doing i think this is really cool i want to see this stuff now i i'm ready so you can continue just that's okay no worries and uh feel free to interrupt me anyone who if you have any questions uh it's it's best to do it now while it's still in context yep is is this vl3 use case already captured in the use case documentation oh i i don't know i'll have to double check that um the the vl3 use case uh is i i believe that it is but i know i know that there certainly is documentation um i'll i'll ask um uh i'll ask andre uh andre are you on right now yep yep yeah if you can if you can have your have some of your team look into that and uh and add that to the agenda for next for next week uh and then we can go over say uh the vl3 use case uh next week in more detail for people to see what we're doing yeah i think the initial take about it yeah cool so that gives us an agenda for next week thank you thank you very much yeah and so uh this stuff is still relatively early and it's in it's in its life cycle but we're working really hard to to make that all happen and in terms uh yeah in in terms of the the new repo yeah i'll we'll continue to make sure that that stuff i i haven't pushed it uh i have not uh merged it anything into master just yet because what i'm doing is i'm doing an initial first pass where i get things to to work and then i'm going to break it down into small commits that i can push up in a more controlled way so uh so i don't want to push to i don't want to push a large set of changes uh all at once so that's that's my one hesitation at getting this uh getting this out uh uh asap is i want to make sure that that we give the changes time to to trickle in and get the proper reviews as well just to make sure we keep the quality high so but once the icmp responder is is up and running i'll push the stuff that i have up now it's it's part of a branch called icmp server so i'll push up what i have it's very messy code right now so i'll push up what i have right now uh but uh i'm going to continue to improve to improve that you don't have to feel stressed i'm just very eager to see the new the new yeah ping ping ping me and slack and i'll link you so that way that way i don't forget cool um okay so another thing we've been focusing on is uh vpp uh is is on getting wire guard support directly into into vpp so for those of you that are not familiar with wire guard uh wire guard is a point-to-point tunneling cryptographic tunnel that you can that you can use to connect multiple systems together uh it has one payload that payload is ip and so in terms of it now has main it's now been built into the mainline kernel uh so one of the things that we recognized is that in order to hook up in order to hook up the uh vpp to um to wire guard uh did we have two paths that we can take one of them is we could reuse and lift the stuff that's within the kernel uh which uh was uh which was prototyped and uh and shown off the second thing that um that we can do is uh build that support directly into vpp so that means we don't have to to uh waste any kernel interfaces on it and this actually has some has a nice property because there's a limitation on every system as to how many kernel interfaces you can have how many R request if you don't do any tuning how many sorry how how large is your is your R table so there's there's a variety of different knobs that and limitations that you have in addition to getting the performance hit every time you have to recross into the uh into the uh uh user space and kernel boundary in order to send those messages off and so this will this will allow us at the end of the day this will allow us to get a full kernel bypass uh where you have a client connecting in through memif or vhost user to vpp then vpp having direct memory access to your to your um to your nick card it'll allow you to get that full kernel bypass uh and be able to use wire guard as your tunneling uh mechanism and get you those secure crypt those cryptographically secure tunnels between uh between your connections in a in a seamless way so that's um so that's where we're currently heading with the vpp stuff and right now they're working on the vpp handshake uh and uh we're uh and uh progressing towards getting uh getting that out um there is also work being done towards uh towards sri lv there was an interesting use uh use case that was brought up uh that and so people are familiar with the first two use cases which is you load something up with kernel uh with kernel mode uh you can also load something in direct mode which is you do the full kernel bypass and write directly to the device um there's a third use case that popped up uh and we'll make sure this gets written in to some of the some of the use cases which is what if you have a device what if you have uh a system uh say a pod or something else that needs to connect into a through a specific top of rack port in order to reach a certain network but that compute is not on the same device or is not on the same node as your as the system that is connected up to the uh to the s to that sROv uh net card and so there's a so there's a an example that was put forward that showed how you can hook up a remote node that this could be a worker node and how we can then use nsm to basically wire in a remote sROv device into uh into that using kernel mode uh for for the moment um and showing off that that connectivity uh even though the sROv device is on another system so of course this doesn't this doesn't meet requirements in terms of performance for if you have those strong performance requirements but if your requirement is not a performance requirement but is a I need connectivity to something that is only available behind the top of rack switch uh it it falls very nicely in in that environment um the last part is uh there there is work going into the new SDK for getting more expressive open policy agent uh policies so before we were only taking in the token of the last thing that that uh you connected to we're now passing in the full path information uh and there's a there's going to be examples uh soon as to to show off how how that works and so you can that'll allow you to to cryptographically check the entire path of your system of of your connection so if you want to make sure like uh that like for example in some in some scenarios you may have you may due to legal requirements need to have a legal agreement with everything you connect to uh in terms of other entities and so if you have like a firewall as a service and you have a and you have some third party uh cloud application service you connect to uh ensuring that when you connect that you have uh that you have the right set of policies enabled and that you're controlling those in a in a uh in a very uh clean way um and controlling what you what you're connecting to uh across the chain uh becomes important those in those scenarios and so uh this also this also will help because uh there's there's a set of uh discussions going on in the specific community the specific community is working on something called transitive identity transitive identity they actually have a full working group on this so if you're interested in transitive identity go hit go hit up the uh specific the specific community on how to join that uh what transitive identity basically is is like how do you how do you pass on properties of your identity to another entity so that it can then do operations on on your behalf and so uh for example as a user when you connect into a friend and application gateway and you wanted to do a payment then you're you are actually doing some form of of transitive identity that you're asking that application gateway to connect in and and make a payment on and submit all the details on on your behalf and so so some of the work that we're doing in here in msm is relevant to that because the connecting and clients may only have certain capabilities that's allowed to do and it must go through a certain path like it must maybe go through a firewall and choose your detection system to a certain vpn gateway and client and giving that transitive identity story up and down the entire chain is extremely powerful because that means that both the client and the endpoint can can can can control cryptographic through cryptographic identity and policy the the type of connections are willing to make and uh this is the this is one of the enabling technologies is this open work that's going on for for that use case so those are the mainstream so we that we have going on if i forgot one please please bring it up it's not out of not out of it being when you any less important it's about just there's a lot of stuff going on and cool so that was the the main status that we that we have are there any other topics anyone would like to discuss before we before we finish the meeting up cool and just a couple reminders we have let's go ahead and organize we have two topics that we want to add onto the agenda the first one is is going to be the the work from jonathan berry on moving beyond htp and so i let me jonathan if are you still on yep so yeah let me know if you're on slack you can find me i'm frederick kouts kautz if you are able to find me or if you can't find me ping me up on the nsm channel on on the cncf slack and we'll see about organizing some time for you to talk sounds great and um yeah and and so we also have the the vl3 uh stuff that's going on so definitely i had mixed i should already be i should already have a message on that but uh yeah hit me up on on the slack as well anyone who's interested on the vl3 stuff and i'll or the icmp responder stuff and i'll see about getting you all uh sneak peeks on on what's going on with that and we'll make sure that we go over the vl3 stuff in in greater detail in this in this channel so that we can get uh more visibility on on what's going on in that space um with that um i i don't think we have anything else that's uh that's urgent to discuss and so uh thank you all for attending and you all have a great day we'll see you all next week at the same time thank you thanks bye take care