Making better use of libvirt hooks
Libvirtd includes handy hooks for doing management work at various phases in the lifecycle of the libvirt daemon, attached networks, and virtual machines. I've been using these hooks for various things and have found them particularly useful for management of short-lived Linux containers. Some of my use cases for these hooks include:- changing network policy
- instantiating named routing tables
- creating ramdisks for use by containers
- pre-loading data before container startup
- archiving interesting data at container shutdown
- purging data at container destruction
Here's how the hooks work on a system with RedHat lineage:
The hook scripts live in /etc/libvirt/hooks. The scripts are named according to their purpose. I'm focusing right now on the LXC hook which is named /etc/libvirt/hooks/lxc. Note that neither the directory, nor the scripts exist by default.
The lxc script is called several times in each container's lifecycle, and is passed arguments that specify the libvirt domain id and the lifecycle phase. During startup and shutdown of one of my LXC systems, the script gets called five times, like this:
/etc/libvirt/hooks/lxc MyAwesomeContainer prepare begin -
/etc/libvirt/hooks/lxc MyAwesomeContainer start begin -
/etc/libvirt/hooks/lxc MyAwesomeContainer started begin -
/etc/libvirt/hooks/lxc MyAwesomeContainer stopped end -
/etc/libvirt/hooks/lxc MyAwesomeContainer release end -
In addition to having those Continue reading
Community Show – Killing the Spanning Tree with Anthony Sequeira and Orhan Ergun
No country for old men !!. This week in the Orhan Show, Anthony Sequeira and Orhan Ergun are talking about spanning tree , its drawbacks, spanning tree modes, technologies which can eliminate the spanning tree’s drawbacks or completely do not use it. Orhan recommends all audience to read this blog post about spanning tree which […]
Author information
The post Community Show – Killing the Spanning Tree with Anthony Sequeira and Orhan Ergun appeared first on Packet Pushers Podcast and was written by Orhan Ergun.
Community Show – Killing the Spanning Tree with SPB,TRILL,Fabricpath from Anthony Sequeira and Orhan Ergun
[player] No country for old men !!. This week in the Orhan Show, Anthony Sequeira and Orhan Ergun are talking about spanning tree , its drawbacks, spanning tree modes, technologies which can eliminate the spanning tree’s drawbacks or completely do not use it. Orhan recommends all audience to read this blog post about spanning tree […]
The post Community Show – Killing the Spanning Tree with SPB,TRILL,Fabricpath from Anthony Sequeira and Orhan Ergun appeared first on Packet Pushers.
Network Automation with Python, Ansible, and Twitter Integration
Last month I wrote about using the Cisco Nexus NX-API to extract stats from a Nexus switch while using Ansible. For some reason, last night I finally went on to tackle how to integrate with the Twitter API and then integrated the two together. Integrating with Twitter has always been top of mind, but just put it on the back burner. Funny enough though, it was a pretty quick integration thanks to the great people at Google.
What am I talking about?
In the code I pushed last month, I created an Ansible playbook that pulls interface stats from a Nexus 9000 (or any other Nexus device supporting NX-API) and then creates a template report for those stats. It was pretty vanilla, nothing fancy about it.
There have been integrations with other social platforms, but to be honest, the one that has been stuck in my brain is Hubot that is used at GitHub. Several months back I remember hearing about Hubot for the second or third time while listening to the Cloudcast podcast with Mark Imbriaco (just before he went to Digital Ocean). It is amazing to see what can be done Continue reading
In the code I pushed last month, I created an Ansible playbook that pulls interface stats from a Nexus 9000 (or any other Nexus device supporting NX-API) and then creates a template report for those stats. It was pretty vanilla, nothing fancy about it.
There have been integrations with other social platforms, but to be honest, the one that has been stuck in my brain is Hubot that is used at GitHub. Several months back I remember hearing about Hubot for the second or third time while listening to the Cloudcast podcast with Mark Imbriaco (just before he went to Digital Ocean). It is amazing to see what can be done Continue reading
Running Docker on OSX and Other Fun Things
I have a friend who wants to test a tool I wrote in perl (yes yes, I know) but it seemed to me that it was going to be a big pain for him to have to install all the … Continue reading
If you liked this post, please do click through to the source at Running Docker on OSX and Other Fun Things and give me a share/like. Thank you!
Automating a Multi-Action Security Workflow with VMware NSX
This post was written by VMware’s John Dias, (VCP-DCV), Sr. Systems Engineer, Cloud Management Solutions Engineering Team, and Hadar Freehling, Security & Compliance Systems Engineer Specialist
***
Through a joint effort with Hadar Freehling, one of my esteemed peers here at VMware, we co-developed a proof-of-concept workflow for a network security use case. Hadar created a short video showing and explaining the use case, but in summary this is a workflow that reacts to and remediates a security issue flagged by third-party integration with VMware NSX. In the video, TrendMicro is used but it could be any other partner integration with vShield Endpoint.
Here’s what happens:
- A virus is detected on a VM and is quarantined by the AV solution
- The AV solution tags the VM with an NSX security tag
- VMware NSX places the VM in a new Security Group, whose network policies steer all VM traffic through an intrusion prevention system (IPS)
- vCenter Orchestrator (vCO) monitors the security group for changes and when a VM is added
- a snapshot of the VM is taken for forensic purposes
- a vSpan session (RSPAN) is set up on the Distributed Virtual Switch to begin capturing inbound/outbound traffic on the VM
- once the Continue reading
Nontraditional network integrations
If you listen to the chatter around the network industry, you are starting to see a lot more discussion about integration. While particularly clueful individuals have been hip to the fact for awhile, it seems the industry at large is just awakening to the idea that the network does not exist in isolation. Put differently, the idea that the network can be oblivious to everything around it (and they to the network) is losing steam as orchestration frameworks like OpenStack take deeper root.
Having glue between the major infrastructure components is critical to having seamless operation across all the resources required to satisfy an application or tenant workload. But there is additional (potentially greater!) advantage to be had by performing some less traditional integrations.
Where do integrations matter?
There are two primary reasons to have integrated infrastructure: to cut down on time and to cut down on mistakes. Integration is almost always in support of automation. Depending on the exact integration, that automation is in support of making things faster and cheaper, or in making things less prone to Layer 8 issues.
The point here is that integration is rarely done just for the sake of integration. Companies need Continue reading
You’ve been doing the same thing for the last 20 years
When we were discussing my autumn travel plans, my lovely wife asked me “What are you going to talk about in Bern?” She has a technical background, but I didn’t feel like going into the intricacies of SDN, SDDC and NetOps, so I told her the essence of my keynote speech:
Read more ...The History of Open
Everybody is talking about “open” this or that – from Cisco making claims to new companies embracing open source code as a means of developing or accelerating their go-to-market strategies. But what does “open” really mean?
One challenge in using a broad and you might say amorphous term like open is that it can lead to confusion or a negative first impression that “this is just marketing.” To get some perspective, let’s look back a bit and see how we got to this point of open and what the original intent was.
Open systems are computer systems that provide some combination of interoperability, portability, and open software standards. (“Open” can also refer to specific installations that are configured to allow unrestricted access by people and/or other computers; this article does not discuss that meaning.)
The term “open” was popularized in the early 1980s, mainly to describe systems based on Unix, especially in contrast to the more entrenched mainframes, minicomputers, and engineering workstations in use at that time. Unlike older legacy systems, the newer generation of Unix systems featured standardized programming interfaces and peripheral interconnects. Third party development of hardware and software was Continue reading
OpenDaylight in the Enterprise: OpenFlow and NETCONF in the right places
When using Open Daylight (ODL), two open standards for configuration are OpenFlow & NETCONF. Which is the better choice ? Is there an option for both ? A use case on when to use OpenFlow and NETCONF protocols in the Enterprise by using the best features of each protocol.
The post OpenDaylight in the Enterprise: OpenFlow and NETCONF in the right places appeared first on EtherealMind.
How We Filter Information About IT Products
The amount of information to be found out about tech products is astonishing. Anything you’d like to know about virtually any product is a Google search away. The hits you’ll get back are loaded with information, some useful and some…less useful. I am awash in data to ingest each and every day. I […]Close to the wire: How route analytics can help prevent BGP-caused outages
Close to the wire: How route analytics can help prevent BGP-caused outages
by Brian Boyko, Contributor - September 16, 2014
At around 3:00 a.m. Eastern Daylight Time on August 13th, Internet users started reporting slow connectivity and intermediate outages. This impacted many large networks and hosting providers including eBay, Comcast, and Time-Warner.
The problem was that some older Cisco routers have a default limit of 512k border gateway protocol (BGP) routing entries in their TCAM memory. Normally, routing tables typically have around 500k entries, so there’s a little bit of a buffer. But BGP prefix aggregation for a major service provider’s systems temporarily failed. The service provider quickly fixed the problem on their end, but not before 15,000 new prefixes were sent to the global routing table, surpassing that 512k limit.
There is a work-around for these routers to increase the maximum size for the routing tables, but one has to wonder why these routers were running so close to maximum to begin with. In short, there is clearly a need for a larger margin of error.
The August 13th event highlights one of the reasons that route analytics are more important than ever. With the visibility Continue reading
Network Monitoring Videos from NFD8
In yesterday’s post (Network Monitoring – So Many Choices), I neglected to link to the videos from Networking Field Day 8 covering the network monitoring portions of the presentations from Gigamon, Pluribus and Big Switch. So rather than go back … Continue reading
If you liked this post, please do click through to the source at Network Monitoring Videos from NFD8 and give me a share/like. Thank you!
Why is Lync The Killer SDN Application?
The key to showing the promise of SDN is to find a real-world application to showcase capabilities. I recently wrote about using SDN to slice education networks. But this is just one idea. When it comes to real promise, you have to shelve the approach and trot out a name. People have to know that SDN will help them fix something on their network or optimize an troublesome program. And it appears that application is Microsoft Lync.
MIssing Lync
Microsoft Lync (neè Microsoft Office Communicator) is a software application designed to facilitate communications. It includes voice calling capability, instant messaging, and collaboration tools. The voice part is particularly appealing to small businesses. With a Microsoft Office 365 for Business subscription, you gain access to Lync. That means introducing a voice soft client to your users. And if it’s available, people are going to use it.
As a former voice engineer, I can tell you that soft clients are a bit of a pain to configure. They have their own way of doing things. Especially when Quality of Service (QoS) is involved. In the past, tagging soft client voice packets with Cisco Jabber required setting cluster-wide parameters for all clients. It Continue reading
After cheap, what is important for cloud services?
Amazon is indisputably the biggest name in cloud service providers. They have built up a strong market presence primarily on the argument that access to cheap compute and storage resources is attractive to companies looking to shed IT costs as they move from on-premises solutions to the cloud. But after the initial push for cheap resources, how will this market develop?
Is cheap really cheap?
Amazon has cut prices to their cloud offering more than 40 times since introducing the service in 2006. The way this gets translated in press circles is that cloud services pricing is approaching some floor. But is that true?
In October 2013, Ben Kepes over at Forbes wrote an interesting article that included a discussion of AWS pricing. In the article, he quotes some work done by Profitbricks that shows AWS pricing relative to Moore’s Law. The article is here, and the image from the article is below:
Moore’s Law tells us that performance will roughly double every two years. Of course it is not really a law but more a principle useful in forecasting how generalized compute and storage performance will track over time. The other side of this law is that we have Continue reading
python interface-checker
I’d like helpdesk to be able to enable and disable switchports without requiring them to know the underlying OS. My plan is to have a webpage with a list of devices. When you click on a device it will check the interfaces status via SNMP and display administrative and operational status of all interfaces on […]The Four Paths to SDN
After the initial onslaught of SDN washing, four distinct approaches to SDN have started to emerge, from centralized control plane architectures to smart reuse of existing protocols.
As always, each approach has its benefits and drawbacks, and there’s no universally best solution. You just got four more (somewhat immature) tools in your toolbox. And now for the details.
Read more ...Show 205 – Open Source Network Monitoring with OMDistro.org
Network monitoring is one of our most requested topics on Packet Pushers, and this week we take on open source monitoring solutions. Why open source? Because commercial NMS solutions are all over the place in functionality and price. So, if it’s possible to put a solid NMS in place based on open source, then it’s […]
Author information
The post Show 205 – Open Source Network Monitoring with OMDistro.org appeared first on Packet Pushers Podcast and was written by Ethan Banks.
The Evolution from Products to Platforms in Software Driven Cloud Networking
Legacy networking vendors have often declared that they do not build “boxes” but actually build “systems and architectures”. I have tried to understand what that really means. Undoubtedly, new applications on the Internet have evolved and now depend on a modern infrastructure that outlives any particular static workload or physical machine. Indeed, at Arista, we along with our customers are looking at a technology evolution that goes beyond individual components to a universal cloud architecture.
Disruptive Innovation Begins with Products, aka “Boxes”
Building a “best of breed” product is a vital foundation to building a good system. Typical metrics may include feeds and speeds such as latency, power, port density (non-blocking), fabric capacity, throughput and scale combined with a feature-rich network operating system. Examples of this include Cisco’s routers and Catalyst switches (with IOS) in the 1990s, F5’s Big IP and Splunk’s data analytics in the past decade, or even more recently, Arista’s 7000 series Leaf-Spine-Spline products. Vendors with breakthrough products are pioneers and thought-leaders in their markets and often establish trends rather than follow them. Sustained differentiation beyond point features is a common theme. Such products are disruptive in nature, bringing critical business benefits and reducing capex spend within Continue reading