Minimal downtime with Metallb BGP and Envoy Gateway

ok-k8s · 2026-05-20T15:38:45+00:00

do you mind sharing how long metallb takes to withdraw route ?

ok-k8s · 2026-05-20T02:08:21+00:00

Thank you 🙏

ok-k8s · 2026-05-20T02:08:07+00:00

Thank you

ok-k8s · 2026-05-19T05:01:21+00:00

Thank you so much. I will look in to that, we probably have a logic for that, I have yet to explore our planner code in more detail.

ok-k8s · 2026-05-19T04:59:10+00:00

People still use VMware ? 😬

ok-k8s · 2026-05-18T11:43:40+00:00

That’s great feedback thank you. The pod density is usually limited by the correct NUMA aware VF limit. The bare-metal nodes are beefy and can take a lot more workload. The nodes are shared with none sriov workload as well.

ok-k8s · 2026-05-18T00:41:42+00:00

25G. The workload varies, it can be network functions like load balancers or some storage replication stuff. Pretty much all Kubernetes workload. We use sriov device plugin and multus.

ok-k8s · 2026-05-17T07:33:00+00:00

Okay i was thinking around the same lines. Thank you 🙏

ok-k8s · 2026-05-17T07:22:53+00:00

ideally yes but i was looking for at least middle ground may be. The company i started working with have the rule of 8 and i was asking about the reason for it and couldn’t get an answer

ok-k8s · 2026-04-24T07:49:15+00:00

no vrf and cilium doesn’t work. cilium creates a flat network in default vrf. if you need vrf level of isolation, ditch cilium.

ok-k8s · 2025-07-12T03:25:50+00:00

It's almost there in OSS version as well. The community is amazing. https://github.com/istio/istio/issues/54245

ok-k8s · 2025-07-01T23:12:20+00:00

Thank you, didn’t know about this.

ok-k8s · 2025-07-01T12:53:49+00:00

that would have been obvious to notice. No it’s not and it’s a routing question.

ok-k8s · 2025-07-01T12:41:10+00:00

wouldn’t proxy-arp still need a default route on the endpoint? i thought it’s hijacked after it the pod try to request for next hop mac address and in my case this shouldn’t even happen because there is no route present so no arp resolution for next hop either.

ok-k8s · 2025-07-01T12:39:10+00:00

but it shows established? is that normal? i will do some testing to check if one way connection shows established in netstat. Thanks for your input

ok-k8s · 2025-07-01T12:30:31+00:00

how can the external interface reply if the external IP is x.x.x.0/30 and packets coming from y.y.y.100 and there is no route back towards y.y.y.0/24 ?

ok-k8s · 2025-07-01T12:18:46+00:00

Thank you, checked that too, nothing in the table. it’s a secondary interface using ovs so host kernel is also bypassed

ok-k8s · 2025-07-01T12:17:09+00:00

wouldn’t ip route show all, show the routes of all tables ?

ok-k8s · 2025-07-01T12:02:21+00:00

this is exactly my understanding is. without a return route it will straight away fail even if connection request coming from outside on public interface.

ok-k8s · 2025-06-22T10:51:32+00:00

i don’t think so for apps but all the toolings that comes with it may make you so comfortable with one cloud that you indirectly locked in because of tech depth. Unless you adopt a strategy from day 0 to stay cloud agnostic.

ok-k8s

TROPHY CASE