 So we're going to talk about future of service mesh is Cyclist with STL Ambient Service Mesh. So how many of you know STL is a graduated project in CNCF, raise up your hands. Woo-hoo, yes, we graduated last year. A little bit of introduction about me. So I flew a long way to here yesterday morning. So I come from Kerry, North Carolina, a small town on the east coast of the United States. I'm the head of open source working for a small company, Solodile. I've been one of the funding contributor to the STL project. It's really seven years ago. Since seven years ago, I've never been working on a project for this long. So it's been an amazing journey. And I used to work at IBM. Before I leave IBM, I took screenshots of the corporate directory. And I contributed to 207 patents to the IBM Corporation. I wrote two books about STL, STL Explained, and STL Ambient Explained. And most recently, I've been a CNCF ambassador. I'm also one of the newly elected CNCF TOC member. So very, very excited to be here with you all talking about STL Ambient Service Mesh. So I want to start talk about 2017, when we first had service mesh evolution. I remember in that KubeCon in Austin, remember that's the KubeCon we talked about? It's snowed in Austin. STL project was launched there and talked about how we introduced the sidecar to the service mesh world. Well, when your application talked to the other application source and destination, all the traffic are intercepted by the sidecar. So that was 2017. And also, in the same year, the LinkD project also announced their service mesh, not using sidecar, but using a node proxy, a proxy that's shared among multiple applications on the same node. Now, about just a little over a year ago, the ISSA project launched the new sidecar list mode for service mesh without sidecar. After hearing so many of our users being telling us, look, sidecar is nice, but I don't want to restart my application or deployment or my parts just to carry the sidecar with me. Look, sidecar is nice, but it's actually costing 30% of my resources for my data plan. That's not acceptable. So we really listened to the user, and we felt like we want to offer a way to be able to not compromise security, but allow users to continue their workload as they transition to the service mesh without leading to restart their Kubernetes deployments or parts. Matt Klein, how many of you know who Matt Klein is? Raise your hand. He is the Envoy project founder, which is a graduated project. So when it still allows ambient service mesh without sidecar, Matt actually chimed in, and he believed that's the right approach for the service mesh. So that means tremendously for our project that he weighed in. Now, I want to spend a minute to talk about node agents. So how many of you know Kubernetes node agent or node agent on your VR? So that's a very, very common concept, right? Raise your hand if you are familiar with a node agent in general as a common concept. Think about it. It's a process running on your node, whether your node is a Kubernetes node or a virtual machine. In Istio Ambient, we introduce a secure overlay layer. So what this layer does is providing a node agent for the layer for functionality, so you can get mutual TLIs, automatic certificate rotation for your mutual TLIs. You can get cryptographic identity that's managed by this zero trust tunnel, which it's kind of like a node agent. So be able to upgrade your connection to mutual TLIs from your source to destination automatically for you. We also introduce a concept called Waypoint. For those of you who are familiar with Gateway, you will understand what that's the waypoint processing do. So essentially, if you come to the service mesh, mutual TLIs is all you need, you are done. You don't need to look into Waypoint proxy, which provides a layer seven processing for you. But if you do need traffic shifting, traffic routing, traffic resiliency, distributed tracing, if you do need to reach layer seven authorization policies, this is when you need to deploy a Waypoint proxy. It's like a gateway for your application or for your namespace. So that's the way to think about what the Waypoint proxy is. And it's implemented using envoy proxy. Now, essentially what Istio Ambient service mesh is doing in addition to simplified operation, no need to run cycle, it's slicing the layers. So if you need just a secure overlay layer for traffic management, mutual TLIs or TCP based metrics and logging, the shared node proxy is sufficient for you. If you need a layer seven processing optionally, you can deploy the Waypoint proxy who serves as the gateway for your namespace or gateway for whatever tendonscope you feel comfortable and provide additional advanced traffic management, security and observability function for you. We actually did a cost analysis because early on I talked about how users walk away from Cycle because they didn't want to pay actual cost for service mesh. So we did a cost analysis on Google Cloud using NoMesh which means your workloads today before they are added to a service mesh and Cycle and also using Istio Ambient with just layer four and Istio Ambient with layer four and layer seven processing. With that study, what we find out is the cost of your data plan between NoMesh to Ambient is actually zero. The reason is there's slightly CPU and memory utilization, but that increasing utilization is like one to two percent. It's not gonna cost you to scale up new node for that. And the cost of using Istio Ambient for layer seven processing, I think it's about 16% increase and the cycle is about 32% increase as far as the cost, which matches what we heard from our user about a third of the cost that goes to the cycles. To summarize, Ambient is the new data plan introduced in Istio to allow you to enroll your workloads into service mesh without needing to restart your application, to simplify your operation, to really reduce the cost of the data plan. Zero trust tunnel is a no proxy. It's super lightweight with very little overhead. The layer seven processing is provided by Waypoint. It's optional. It's deployed for whatever tenant scope that you feel comfortable, whether it's name space or multiple name space or service account. And last, not the least, CyCa is continuing to be here to stay. If a user using CyCa today in service mesh and you love CyCa, we'd be happy you continue to stay with CyCa's. Ambient is really designed for the users who look at service mesh, but didn't want to use CyCa's. I think that's the end of my talk. Thank you so much. And I'm the last talk before lunch, so enjoy your lunch. Thank you.