From 574ac7545d9eb5b1e2cea8f796925bfca0678d9b Mon Sep 17 00:00:00 2001
From: Claes Mogren <mogren@amazon.com>
Date: Wed, 16 Sep 2020 16:35:12 -0700
Subject: [PATCH] Update readme

---
 README.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/README.md b/README.md
index a3d87096e7..ac269f2b32 100644
--- a/README.md
+++ b/README.md
@@ -424,6 +424,18 @@ Default: `false`
 To enable security groups for pods you need to have at least an EKS 1.17 eks.3 cluster. Setting `ENABLE_POD_ENI` to `true`
 will add the `vpc.amazonaws.com/has-trunk-attached` label to the node, signifying that the feature is enabled. 
 
+---
+
+`DISABLE_TCP_EARLY_DEMUX` (Since v1.7.3)
+
+Type: Boolean as a String
+
+Default: `false`
+
+If `ENABLE_POD_ENI` is set to `true`, in order for the kubelet on the node to talk to pods using the per pod security group feature,
+`DISABLE_TCP_EARLY_DEMUX` should be set to `true`. This will increase the local TCP connection latency slightly, that is why it is not
+ on by default. Details on why this is needed can be found in this [#1212 comment](https://github.com/aws/amazon-vpc-cni-k8s/pull/1212#issuecomment-693540666).
+
 
 ### ENI tags related to Allocation