tldr - powered by Generative AI

• Psyllium experiment started in 2016 with IPv6-only container networking using EBPF and XDP
• IPv6 adoption has progressed in Kubernetes and hyperscale environments
• IPv6 offers more IPAM flexibility and larger cluster scale
• IPv6-only clusters unlock new Linux kernel innovations in networking and EBPF for data intensive workloads
• Cilium's networking data plane enables a low-latency architecture suitable for BIG TCP-based workloads requiring IPv6 for 100Gbit/s transfers and beyond for a single socket
• Cilium developed a new veth driver replacement for the kernel to achieve host networking performance characteristics for Pods
• With the resulting EBPF forwarding architecture, most unneeded parts of the stack are bypassed, drastically improving networking

tldr - powered by Generative AI

• Kubernetes clusters require IP addressing for network communication between pods and agents on nodes.
• Assigning large IP blocks for Kubernetes constructs can cause fragmentation problems within organizations and make it difficult to migrate workloads to new clusters.
• The Kubernetes networking team has introduced solutions such as single stack IPv6 and IPv4 only support, dual stack IPv4 and IPv6 support, and multiple cluster ciders support for node ipam to address these challenges.
• Upcoming solutions include multiple service ciders and reserving static and dynamic allocation for service IP ranges.
• Best practices for Kubernetes IP management include starting with a smaller application allocation for IP address ciders and gradually building up, and moving towards IPv6.
• The networking community is being asked for feedback on the possibility of mixed mode services.

tldr - powered by Generative AI

• Kubernetes can abstract the challenges of IPv6 addressing and make it easier for developers to adopt
• IPv6 implementation in Kubernetes can make pods addressable and routable on the internet, which can be dangerous without proper education and resources
• The addition of optional APIs in Kubernetes allows for more control over IPv6 implementation
• The goal is to have more end-users up on stage discussing their experiences with IPv6 implementation in Kubernetes

tldr - powered by Generative AI

• SIG-NETWORK is responsible for Kubernetes network components such as pod networking, ingress and egress traffic, service abstractions, and network policies
• The SIG is focused on major projects such as dual stack support, gateway API for L4 and L7, and network policy improvements
• IPv4 v6 dual stack is now GA and services and pods now support both IPv4 and IPv6
• Gateway API has made significant progress towards v1 alpha 2 and aims to be role-oriented and extensible
• Reference policy governs whether or not a given resource is allowed to be referenced from another namespace
• A CVE was discovered in the 122-123 cycle regarding endpoint or endpoint slice APIs directing traffic with unintended effects
• The mitigation for this issue is to treat the ability to create, modify endpoint and endpoint slices as a privileged operation and remove this capability from the ordinary users of your cluster