This schedule only shows sessions in Chinese. See the full program here.

  • 01:00-01:50 UTC

    Welcome (China)

    By Iris Ding, Jimmy Song & Lin Sun

    Opening message and project update for Chinese audience.
  • 02:00-02:10 UTC

    Introduction of the Service Mesh industry and community in China

    By Jimmy Song

    This talk will be delivered in Chinese and will cover the development of service mesh technology in China, and the use of Istio in the Chinese industry. I’ll discuss the growth of the community, and introduce ‘ServiceMesher’ – the service mesh community group in China. This talk will also cover how to get involved in the Istio community, and what study materials are available to people who want to join. As Istio becomes more popular and widely used, this talk will highlight the ways that the Chinese community has contributed to the growth of service mesh, and how we’re all continuing to learn and grow as users, what resources we have to support our knowledge.
  • 02:10-02:20 UTC


    By 超 许

    Content: Brief history of service mesh development in Baidu. Large-scale application of ISTIO in Baidu. Future.
  • 02:20-02:30 UTC

    How HP set up secure and wise platform with Istio

    By John Zheng

    In this talk we will share what we have done at HP with Istio (all the way back from v 0.2) in order to support huge loads.
  • 02:40-03:20 UTC

    Secure your microservices with Istio step by step

    By JF Ding & Luyao Zhong

    This talk will walk you through the key concepts for Istio security and show you how Istio can secure your microservices easily via a step by step demos: Deploy the micro services into kubernetes Add services into Istio service mesh Secure service to service communication via auto-mTLS. Enforce service to service communication securely via PeerAuthentication Secure ingress traffic via TLS Termination in istio ingress gateway Secure ingress traffic via RequestAuthentication Authorize accesss to services via AuthorizationPolicy.
  • 03:20-04:00 UTC

    Best practice: from Spring Cloud to Istio

    By Chaomeng Zhang

    Spring Cloud has been widely used as a micro service framework in the past several years, especially in traditional enterprise cases. Istio, as a leading service mesh solution, is gaining great popularity, and widely used in cloud-native applications. Istio help customer build a highly resilient, secure, observable and scalable microservice architecture by offloading the complexity from application code to a separate infrastructure layer. In this presentation, inspired by several typical customers’ cloud native solutions, Chaomeng will share a topic of best practice of Spring Cloud and Istio.
  • 04:00-04:40 UTC

    Preserve Original Source Address within Istio

    By Zhonghu Xu

    Original source address is heavily relied on by many scenarios, however in service mesh, with sidecar injected and traffic proxied by a sidecar, it is naturally unable to get the original client ip address. In this presentation, Zhonghu will introduce what istio and envoy have done to help preserve original source ip both for TCP and HTTP protocols. And then he will present a live demo about how to achieve original src IP preserve with proxy protocol, original source filter, and TProxy.
  • 04:40-05:20 UTC

    Performance tuning and best practices in a Knative based, large-scale serverless platform with Istio

    By Gong Zhang & Yu Zhuang

    Istio is the default networking layer solution of Knative and it is leveraged for routing, traffic splitting, security and so on. We’re now building a large-scale, multi-tenant serverless platform on top of Knative and Istio. While building it, one of the main questions was how to tune Istio together with Knative so it can unleash the maximum scalability and performance. In this session, we will share how we detected performance bottlenecks using difficult but fruitful analysis processes, tuned and optimized Istio and our platform, and eventually reduced over 90% latency in Knative service provision scenario.
  • 01:00-01:50 UTC

    Istio Project Roadmap (China)

    By Neeraj Poddar & Louis Ryan

    Neeraj Poddar and Louis Ryan from the Istio technical oversight committee, lead an update on the development of the project and the roadmap for 2021.
  • 02:00-02:40 UTC

    Federated Access Point - eBay统一流量管理方案

    By Jesse Meng

    eBay拥有上百个Kubernetes集群,承载数千个不同通络拓扑的微服务应用。部署跨地域的高可用应用,并做精细化流量管理和日常运维,是互联网公司面临的日渐严峻的挑战。 本演讲会展示eBay如何基于Isito的统一的流量管理模型,基于集群联邦,完成跨地域,跨集群的南北和东西流量统一管理。包括智能DNS,四层和七层负载均衡配置,流量变更的灰度发布,智能化流量再平衡策略等。
  • 02:40-03:20 UTC

    Is Your Virtual Machine Really Ready-to-go with Istio?

    By Kailun Qin & Haoyuan Ge

    Using Kubernetes and containers is the easiest and most practical way to run Istio. However, both academic and industry surveys show that massive organizations and users are still deploying their workloads in VMs to fulfill their needs like security, multi-tenancy, fitting into the existing processes and hybrid multi-clouds. To include those workloads outside of K8s, Istio has introduced VM support since 1.6. In this talk, we will: Go through the real use cases and tumultuous odyssey of Istio’s VM integration; Summarize the key VM mesh features, designs and tradeoffs introduced, e.
  • 03:20-04:00 UTC

    How Is Apache SkyWalking Powering Istio Observability

    By Sheng Wu

    Istio provides a default observability solution through telemetry v2, which improves a lot than the Mixer v1 solution. Apache SkyWalking, as a widely adopted and powerful open-source APM project. It provides all tracing, metrics, and logging out of the box. For the Istio ecosystem, it provides full observability for k8s and VM environments and covers both the Data Panel and Control Panel. In this session, we are going to introduce how we do this, what is more, we bring to the end-users through these.
  • 04:00-04:40 UTC

    Extending service mesh capabilities using a streamlined way based on WASM and ORAS

    By Xi Ning Wang

    With the introduction of WebAssembly (for short,WASM) support, you can extend the data plane’s functionality by writing custom Filters for out-of-process Envoy proxy in service mesh. But it’s not easy to build, deploy and run WASM filters within service mesh. ORAS is a proposed implementation for the OCI Artifacts project, which aims to extend the OCI registry specification and simplify storing arbitrary content in OCI registries. In this topic, we will present how to use ORAS client to push the WASM modules with the allowed media types into ACR registry, and then deploy the WASM filter into all the pods corresponding to the specified workload selection criteria.
  • 04:40-05:20 UTC

    Accelerate istio-cni with ebpf

    By Yizhou Xu & Ruijing Guo

    Datapath between envoy(sidecar) and service is an nonnegligible part in Istio, Isito-cni inserts iptables to intercept and redirect traffic between envoy and service, which brings costs like real TCP/IP traffic over loopback and has to insert IPTables rules. eBPF is a revolutionary technology that can run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules.Replacing iptables with ebpf allows data traverse from Envoy‘s inbound socket to its outbound socket directly,reducing datapath over loopback interface and sparing iptable rules.