General – Behavior Of QoS Queues On Cisco IOS
I have been running some QoS tests lately and wanted to share some of my results. Some of this behavior is described in various documentation guides but it’s not really clearly described in one place. I’ll describe what I have found so far in this post.
QoS is only active during congestion. This is well known but it’s not as well known how congestion is detected. the TX ring is used to hold packets before they get transmitted out on an interface. This is a hardware FIFO queue and when the queue gets filled, the interface is congested. When buying a subrate circuit from a SP, something must be added to achieve the backpressure so that the TX ring is considered full. This is done by applying a parent shaper and a child policy with the actual queue configuration.
The LLQ is used for high priority traffic. When the interface is not congested, the LLQ can use all available bandwidth unless an explicit policer is configured under the LLQ.
A normal queue can use more bandwidth than it is guaranteed when there is no congestion.
When a normal queue wants to use more bandwidth than its guaranteed, it can if Continue reading
Docker Security Gets a Hardware Assist
DockerCon EU kicks off with a few practical new features.
How to get rid of VNC and use telnet access for your Linux image?
We are, network engineers, have many *nix tools at our disposal: exaBGP, nmap, tcpdump, to name a few. And with UNetlab its very easy to run a linux system inside a topology (not to mention that you could use cloud pnet interface to bridge unetlab topology with the real world). By default UNetLab’s linux template optsWelcome!
This is Under Construction Personal blog, travel stories, opinions and more craptology![[ Summary content only, you can read everything now, just visit the site for full story ]]
Rancher Gets Hyperconverged with Its Docker Platform
Nexenta and Redapt are helping Rancher flesh out Linux-container infrastructure.
k8s + opencontrail on AWS
For anyone interested in running a testbed with Kubernetes and OpenContrail on AWS i managed to boil down the install steps to the minimum:
- Use AWS IAM to create a user and download a file “credentials.csv”
- Checkout the scripts via `git clone https://github.com/pedro-r-marques/examples.git`
- Change to the “ec2-k8s-cluster” directory (e.g. /Users/roque/src/examples/ec2-k8s-cluster)
- Edit “credentials.sh” with the location of you csv file and user name and then “eval” this script.
- Run ./setup.sh
The setup script will:
- Create 5 VMs in a VPC on AWS;
- Run the ansible provisioning script that installs the cluster;
- Run a minimal sanity check on the cluster;
- Launch an example;
- Fetch the status page of the example app in order to check whether it is running successfully.
Please let me know if you run into any glitch… the “setup.sh” script can be rerun multiple times (the ansible provisioning is designed to be idempotent).
Next, I need to wrap this up with a Jenkins CI pipeline. And build permutations for:
- kubernetes vs openshift;
- single vs multiple network interfaces;
- direct internet access vs http-proxy;
- software gateway or a vSRX (for hybrid cloud interconnect);
The fun never stops !
SDxCentral Weekly News Roundup — November 13, 2015
Azure is letting users kick the tires on virtual machine scale sets while A10 debuts a new security offering.
Docker Online Meetups #28 and #29: Production-Ready Docker Swarm and Docker Networking is Now GA
This week, we hosted two Docker Online Meetups. The first on Wednesday featured Alexander Beslic presenting on production-ready Swarm. For the second one on Thursday, Madhu Venugopal discussed the recently-GA Docker Networking. Below are the recorded videos and slides from … ContinuedThe secret to a successful identity provider deployment: federate your identity data with a hub
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Companies are securing more users who are accessing more applications from more places through more devices than ever before, and all this diversity is stretching the current landscape of identity and access management (IAM) into places it was never designed to reach. At the same time, security has never been more paramount—or difficult to ensure, given today’s outdated and overly complex legacy identity systems. I call this the “n-squared problem,” where we’re trying to make too many hard-coded connections to too many sources, each with its own protocols and requirements.
To read this article in full or to leave a comment, please click here
How to solve today’s top three virtual environment challenges
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
Virtualization is a mature technology but if you don’t have a virtualization wizard on staff managing the environment can be a challenge. Benefits such as flexibility, scalability and cost savings can quickly give way to security risks, resource waste and infrastructure performance degradation, so it is as important to understand common virtual environment problems and how to solve them.
The issues tend to fall into three main areas: virtual machine (VM) sprawl, capacity planning and change management. Here’s a deeper look at the problems and what you can do to address them:
To read this article in full or to leave a comment, please click here
OPNFV Summit Q&A With Chris Wright
Wright's vision for NFV, and the key role of open source from his perspective.
SC15 live real-time weathermap
From the SCinet web page, "SCinet brings to life a very high-capacity network that supports the revolutionary applications and experiments that are a hallmark of the SC conference. SCinet will link the convention center to research and commercial networks around the world. In doing so, SCinet serves as the platform for exhibitors to demonstrate the advanced computing resources of their home institutions and elsewhere by supporting a wide variety of bandwidth-driven applications including supercomputing and cloud computing."
The real-time weathermap leverages industry standard sFlow instrumentation built into network switch and router hardware to provide scaleable monitoring of the over 6 Terrabit/s aggregate link capacity comprising the SCinet network. Link colors are updated every second to reflect operational status and utilization of each link.
Clicking on a link in the map pops up a 1 second resolution strip chart showing the protocol mix carried by the link.
The SCinet real-time weathermap was constructed using open source components running on the sFlow-RT real-time analytics engine. Download sFlow-RT and see what Continue reading
OPNFV Won’t Be a Product
Code writing is hard, but defining the scope of the project may be even harder.