FD.io Mini-Summit at KubeCon + CloudNativeCon North America 2018

Kubernetes network policies specify how groups of pods are allowed to communicate with each other and other network endpoints. For a packet forwarding engine, such as VPP, this is an abstract definition for access control between endpoints. This presentation will introduce a pure userspace implementation of kubernetes policies in VPP showing high performance and adding the flexibility of different data plane rendering. Service is a Kubernetes abstraction providing an entry point of access to a group of pods. In a Contiv/VPP,  load-balancing and translations between services and endpoints are done inside VPP using the high-performance VPP-NAT plugin. VPP-NAT plugin is an implementation of NAT44 and NAT64 for VPP. This presentation will introduce a Service Proxy implementation in VPP that enables high-performance load-balancing, forwarding and dynamic source-NAT node-outbound IPv4 traffic.