note: the notes are checked in after every meeting to https://github.com/containernetworking/meeting-notes An editable copy is hosted at https://hackmd.io/jU7dQ49dQ86ugrXBx1De9w. Feel free to add agenda items there 2025-07-07 Deadline for kubecon November maintainer track is approaching. We discuss the ownership of Multus, now that Tomo and Doug have wandered off to more ecxAIting work.

SIG: sig-policy Begin Design Discussion: 2024-07-01 Cilium Release: 1.17 Authors: Casey Callendrello cdc@isovalent.com, You, and you too. Summary Add explicit, user-supplied rule ordering to the policy engine.

SIG: SIG-Policy Begin Design Discussion: 2024-02-12 Cilium Release: 1.16 Authors: Casey Callendrello cdc@isovalent.com, Sebastian Wicki sebastian@isovalent.com Summary Improve FQDN-based policy performance by changing how identities and labels are managed. Rather than propagating FQDN -> IP mappings to selectors, label IPs by the FQDN selector(s) that return them.

Background We are proposing making network configuration part of the CRI. That way, runtimes could expose network configuration management to the orchestrator / end-user. Overview Network configuration is part of the CRI API. There are CRUD methods for managing network configuration CRI-compliant runtimes maintain CNI (or other potential plugin systems) configurations in response to CRI calls. The implementation is not defined. (optional) There may be more than one network configuration. Kubernetes integration This prototype does not include a corresponding Kubernetes API type for network configuration. Configuring a network within a runtime could be accomplished by:

Issue: https://github.com/containernetworking/cni/issues/928 GOAL Make PRs like these go away: https://github.com/cilium/cilium/pull/22358 Stop chained plugins from having to rewrite CNI configs to add themselves to a chain dynamically, whereupon the original plugin may then delete/update the config and blow away the subsequent plugin's changes. Behavior changes When calling libcni.ConfListFromFile("<dirname>/<filename>.conflist"):

Links Paper: SICO: Surgical Interception Attacks by Manipulating BGP Communities RPKI: NLNet RPKI Docs Cue dramatic music It's 2008. Tony Kapela and Alex Pilosov get on stage at DEFCON. They announce that they are, presently, intercepting a good portion of traffic to the venue. On stage, they open a tcpdump and start grepping for plaintext POP logins.

Resources: You should read and understand: Paper: Stable Internet routing without global coordination, Lixin Gao & Jennifer Rexford (GR'01) BGP Path Selection: https://learn.nsrc.org/bgp/path_selection Fun other links: RIPE statistics: https://stat.ripe.net/