lots of factors that influence the choice of cryptoperiod From NIST SP 800-57: ○ Strength of cryptographic algorithms used ○ Implementation ○ Operating environment ○ Volume of data ○ Re-keying method all key-management processes and procedures for cryptographic keys used for encryption of cardholder data, including the following: 3.6.4 Cryptographic key changes for keys that have reached the end of Envelope encryption: best practices Managing DEKs: ● Generate DEKs locally ● Use a strong cryptographic algorithm ● For easy access, store the DEK near the data that it encrypts ● Ensure DEKs are

Does SNAT nic nic Y N • How IPVS talks with eBPF program? • eBPF map id is passed to IPVS module • Ip_vs_new_conn() inserts eBPF map • Key: (protocol, cip:cport , rsip:rsport) • Value: (protocol unroll • Size limitation of BPF program <= 4096 • Move SNAT allocate port loop into IPVS kernel module • Bounded loop support in Linux 5.3 • Size limitation of BPF program is one million after Linux

Product2 Used Quota 25 Product2 Used Quota 10 Product2 Used Quota 15 Quota allocation module Cluster 1 allocates 50 quota Cluster 2 allocates 20 quota Cluster 3 allocates 30 quota Allocate