Hedge 180: Network Operations Survey with Josh S
What has been happening in the world of network automation—and more to the point, what is coming in the future? Josh Stephens from Backbox joins Tom Ammon, Eyvonne Sharp, and Russ White to discuss the current and future network operations and automation landscape.
Unbounded memory usage by TCP for receive buffers, and how we fixed it
At Cloudflare, we are constantly monitoring and optimizing the performance and resource utilization of our systems. Recently, we noticed that some of our TCP sessions were allocating more memory than expected.
The Linux kernel allows TCP sessions that match certain characteristics to ignore memory allocation limits set by autotuning and allocate excessive amounts of memory, all the way up to net.ipv4.tcp_rmem max (the per-session limit). On Cloudflare’s production network, there are often many such TCP sessions on a server, causing the total amount of allocated TCP memory to reach net.ipv4.tcp_mem thresholds (the server-wide limit). When that happens, the kernel imposes memory use constraints on all TCP sessions, not just the ones causing the problem. Those constraints have a negative impact on throughput and latency for the user. Internally within the kernel, the problematic sessions trigger TCP collapse processing, “OFO” pruning (dropping of packets already received and sitting in the out-of-order queue), and the dropping of newly arriving packets.
This blog post describes in detail the root cause of the problem and shows the test results of a solution.
TCP receive buffers are excessively big for some sessions
Our journey began when we started noticing a lot Continue reading
People Aren’t Stupid Just Because They Don’t Understand Tech
As technical people, we spend immense time and energy mastering the nuances of specific technologies. Esoteric knowledge is our currency, and we often measure our personal value against the yardstick of technical nuance. And sometimes (maybe lots of times) we gauge other people with the same yardstick, and dismiss those who don’t measure up. This […]
The post People Aren’t Stupid Just Because They Don’t Understand Tech appeared first on Packet Pushers.
Kubernetes Unpacked 026: Data Backup And Recovery In Kubernetes
On today's Kubernetes Unpacked podcast, Michael and Kristina catch up with with Geoff Burke, Senior Cloud Solutions Architect, to talk about running backups for Kubernetes, how to recover those backups, and which tools to use for backup and disaster recovery. We're also pleased to welcome Kristina Devochko as full-time co-host of the podcast!
The post Kubernetes Unpacked 026: Data Backup And Recovery In Kubernetes appeared first on Packet Pushers.
Kubernetes Unpacked 026: Data Backup And Recovery In Kubernetes
On today's Kubernetes Unpacked podcast, Michael and Kristina catch up with with Geoff Burke, Senior Cloud Solutions Architect, to talk about running backups for Kubernetes, how to recover those backups, and which tools to use for backup and disaster recovery. We're also pleased to welcome Kristina Devochko as full-time co-host of the podcast!How New Chip Innovations Will Drive IT
Technology never stands still, and computer chip innovations are no exception. It’s time to revisit IT’s strategic roadmaps for what’s coming.Inter-VRF DHCP Relaying with Redundant DHCP Servers
Previous posts in this series covered numerous intricacies of DHCP relaying:
- DHCP relaying principles described the basics
- In Inter-VRFs relaying we figured out how a DHCP client reaches a DHCP server in another VRF without inter-VRF route leaking
- Relaying in VXLAN segments and relaying from EVPN VRF applied those lessons to VXLAN/EVPN environment.
- DHCP Relaying with Redundant DHCP Servers added relay- and server redundancy.
Now for the final bit of the puzzle: what if we want to do inter-VRF DHCP relaying with redundant DHCP servers?
Inter-VRF DHCP Relaying with Redundant DHCP Servers
Previous posts in this series covered numerous intricacies of DHCP relaying:
- DHCP relaying principles described the basics
- In Inter-VRFs relaying we figured out how a DHCP client reaches a DHCP server in another VRF without inter-VRF route leaking
- Relaying in VXLAN segments and relaying from EVPN VRF applied those lessons to VXLAN/EVPN environment.
- DHCP Relaying with Redundant DHCP Servers added relay- and server redundancy.
Now for the final bit of the puzzle: what if we want to do inter-VRF DHCP relaying with redundant DHCP servers?
Automating Green-House Photos through Event-Bridge Pipes and Lambda
Image sent to Telegram
I have a small greenhouse which was in the pipeline for over 2 years and I finally decided to build it. Whoever is in gardening will agree that anything grows better in the greenhouse at least it appears to be so.
Now, the initial impression is all good but I have plans to learn and explore both the plant sides of things and also some using some part of image analysis for a predictive action, for all that to happen I need a camera and a picture to start with.
Hardware —
- Raspberry Pi — I have an old one at home, you can technically have any shape or size as long as it fits your need, My recommendation — is Raspberry Pi Zero
What are the other simplest alternatives:
- I could have written a Python script which directly could have sent the image to Telegram storing the image locally or uploading it to S3
The reason I choose to go with Event-bridge Pipe is to put this more into practice and from there on connect more Lambda and step-functions for future expansion of the project.
Architecture Diagram for sending Images Continue reading
Achieving High Availability (HA) Redis Kubernetes clusters with Calico Clustermesh in Microsoft AKS
According to the recent Datadog report on real world container usage, Redis is among the top 5 technologies used in containerized workloads running on Kubernetes.
Redis database is deployed across multi-region clusters to be Highly Available(HA) to a microservices application. However, while Kubernetes mandates how the networking and security policy is deployed and configured in a single cluster it is challenging to enforce inter-cluster communication at pod-level, enforce security policies and connect to services running in pods across multiple clusters.
Calico Clustermesh provides an elegant solution to highly available multiple Redis clusters without any overheads. By default, deployed Kubernetes pods can only see pods within their cluster.
Using Calico Clustermesh, you can grant access to other clusters and the applications they are running. Calico Clustermesh comes with Federated Endpoint Identity and Federated Services.
Federated endpoint identity
Calico federated endpoint identity and federated services are implemented in Kubernetes at the network layer. To apply fine-grained network policy between multiple clusters, the pod source and destination IPs must be preserved. So the prerequisite for enabling federated endpoints requires clusters to be designed with common networking across clusters (routable pod IPs) with no encapsulation.
Federated services
Federated services works with federated endpoint identity, Continue reading
Day Two Cloud 196: Peering Behind The Curtain Of Podsqueeze’s AI Podcasting Service
Today's show gets behind the curtain of a cloud service called Podsqueeze. Podsqueeze is an application that ingests audio and video files and then produces text-based output including a show description, an episode transcript, suggested headlines, segment timestamps, suggested social media posts, and more. The Packet Pushers are experimenting with Podsqueeze as part of our own production. Being curious nerds, we thought this was a good opportunity to see how the service really works. Our guest is Tiago Ferreira, one of the entrepreneurs and developers of Podsqueeze.
The post Day Two Cloud 196: Peering Behind The Curtain Of Podsqueeze’s AI Podcasting Service appeared first on Packet Pushers.