Docker networking
When docker launches a linux container it will, by default, assign it a private IP address out of RFC 1918 space. It connects this container to the host OS using a bridged interface (docker0). Connectivity between the outside world and the container depends on NAT.
Outbound traffic is NATed using the host’s IP address. Inbound traffic requires explicit port mapping rules that map a port on the host to a port in the container. Given that typically one runs multiple containers in the same host there needs to be a map between a host port (in the dynamic port range) and a service port on the container.
For example, the HTTP service port (80) in container-1 will be mapped to port 49153 while container-2 would see its HTTP port mapped to host port 49154. Ports that are not explicitly mapped cannot receive incoming traffic. Also containers within the same host will see different IP address ports than containers across different hosts (not very ‘cloudy’).
This is the reason why using a network virtualization solution such as OpenContrail is so appealing. OpenContrail, replaces docker’s networking implementation which can be disabled by using –net=none. It provides each container its own IP address in Continue reading
Tech Notes: Ping Sweep an IP Subnet
This is my current goto code snippet for using the BASH command line to perform a ping sweep through an IPv4 subnet. for i in `seq 1 255`; do ping -c 1 192.168.1.$i | tr \n ' ' | awk '/1 received/ {print $2}'; done This script is deliberately simple, only works for /24 subnets but […]
The post Tech Notes: Ping Sweep an IP Subnet appeared first on EtherealMind.
A10 – That Global Health Monitor Warning
In a previous post I whined that the A10 load balancers by default only need to see a single successful health check from a service in order to mark it as up. I argued that that’s not a good idea, … Continue reading
If you liked this post, please do click through to the source at A10 – That Global Health Monitor Warning and give me a share/like. Thank you!
Network Engineers, Pay Attention to Big Data
You have probably realized we are having a Big Data kind of week here at the Plexxi blog. And for good reason. The amount of development and change in this big bucket of applications we conveniently label “Big Data”, is astonishing.
Walking around at Hadoopworld in New York last week, I initially felt somewhat lost as a “networking guy”. But that feeling of “not belonging” is only superficial, the network has a tremendously important role in these applications. The challenge is that many “networking” folks don’t quite understand or realize that yet, but contrary to what I believed not too long ago, Big Data Application folks have a pretty good understanding of the role of the network in their overall application and its performance.
As an industry we have been talking about the increase in east-west traffic for quite a few years now. For your typical datacenter infrastructure today this is based on loosely coupled applications and semi-distributed storage. A web based application has many components that together make up the application we see as users. There are application load balancers, web server front ends, application back ends that in turn have databases for their data storage. And those databases Continue reading
Thoughts of My Day: VCE Always Was An EMC Property
EMC announced during it’s quarterly results that it was taking a larger position in VCE. VCE was always an EMC asset, co-operation with partners Cisco, Intel and VMware has never been strong and this simply closes out the current chapter. The end result positions EMC to also be a “IBM style” company with a full […]
The post Thoughts of My Day: VCE Always Was An EMC Property appeared first on EtherealMind.
IPv6 in a Global Company – a Real-World Example
More than a year ago I wrote a response to a comment Pascal wrote on my Predicting the IPv6 BGP table size blog post. I recently rediscovered it and figured out that it’s (unfortunately) as relevant as it was almost 18 months ago.
Other people have realized we have this problem in the meantime, and are still being told to stop yammering because the problem is not real. Let’s see what happens in a few years.
Read more ...Show 209 – HP Networks and Network Management – Sponsored
Talking about Network Management get mixed reactions in the network industry with a rich history of products that didn't match our expectations or needs. In today's sponsored podcast, HP Networking continues their mission to change the way network engineers feel about their NMS's through the HP Intelligent Management Center.
Author information
The post Show 209 – HP Networks and Network Management – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.
New CCIE RSv5 Troubleshooting/Full Scale Rack Rentals & Labs
Rack Rentals for INE’s CCIE RSv5 Workbook’s Troubleshooting Labs and Full Scale Labs are now available via the Members Site. To access them login to http://members.ine.com, click “Rack Rentals” on the dashboard on the left, and then click “Schedule” under “CCIE Routing & Switching v5 Full Scale.”
This topology uses 20 routers and 4 switches and is for both Troubleshooting and Full Scale Labs. The topology above it, “CCIE Routing & Switching v5″, uses 10 routers and 4 switches, and supports all the Advanced Technology Labs and Foundation Labs.
The loading and saving of initial configs is supported through the Rack Control Panel, which can greatly save you time in your studies, especially with very large topologies such as those used in the Troubleshooting and Full Scale Labs.
Additionally, Full Scale Lab 2 and Troubleshooting Lab 2 have been posted to the CCIE RSv5 Workbook. More Foundation, Troubleshooting, and Full Scale Labs are currently in development and will be posted soon. For discussion on these new labs please visit the CCIE RSv5 Workbook section of IEOC, our online community.
Gathering Ansible facts from network devices using SNMP
At times when I look at the tools available for server admins today I long for the times when I didn’t work in networking. Sure we can use tools like Puppet and Ansible for networking too. However the tools are made for servers. Of course there are tie-ins into network automation, but the functionality is rudimentary at best. The current problem as I see it is the lack of decent APIs, granted some vendors are better than others. And I haven’t had the pleasure of working with those who understand XML. Sometime in a not too distant future when we have flying skateboards, SDN and nano bots these problems will disappear, but we’re not there yet. Before I take a deep dive to see what’s actually possible to do with onePK, OpenDaylight and all that good stuff I wanted to see how much is possible to do today. So this post is about Ansible which is really simple to learn and SNMP, where one of the words in the acronym is “simple”. It should be a perfect match, right?
Continue reading
A10 Service Failure Recovery
A quick post today, about how the A10 load balancer handles the recovery of a server based on health checks. Kind of a warning actually. A10 Health Monitor Configuration In order to determine when a service should be considered “up” … Continue reading
If you liked this post, please do click through to the source at A10 Service Failure Recovery and give me a share/like. Thank you!
Making the World a Better Place with Big Data
I spent last week at the Strata + Hadoop World Conference in New York City with 5000 other “big data” customers, vendors, and enthusiasts. In the last 6 months we’ve seen demand for a “big data” based network infrastructure really start to take off, and I’ve spent a lot of time recently trying to better understand the evolving market and technology landscape and use cases. I’m particularly interested in how network infrastructure can drive a better experience for users of big data applications, or networking/infrastructure teams that need to support these applications, but ultimately I want to know what do businesses get out of these investments in data, analytics, and infrastructure.
[On a related note, as part of our efforts to provide the best “Big Data Fabric” we recently brought on @networkn3rd (Ed Henry) to Plexxi to fully define our reference architecture. Ed will be demo’ing the first fruits of his labor this Friday on SDN’s Central’s Demo Friday - Register Here].
Hadoop World was a really great experience. As a relative newbie to Big Data, I have a lot to learn and this was a great place to soak up actual customer use cases. While there was certainly Continue reading
All You Need Are Two Top-of-Rack Switches
Every time I’m running a classroom version of my Designing the Cloud Infrastructure workshop, I start with a simple question: “Who has more than 2000 VMs or bare-metal servers in the data center?”
I might see three hands on a good day; 90-95% of the audience have smaller data centers… and some of them get disappointed when I tell them they don’t need more than two ToR switches in their data center.
Read more ...Vulnerable OMA-DM Implementations and Over the Air Hacks
Earlier today, I was listening to Risky Business show #341. In this show Matt Solnik discussed vulnerabilities that he attempted to share at BlackHat. I say attempted, because it sounds like they may have had some issues with audio/video during critical times of the presentation. Nonetheless, it seems like there are many vulnerable implementations of the open mobile administration device management (OMA-DM). I took a minute to dig up some of the videos published by Accuvant that makes this stuff real.
Over the Air Code Execution and Jailbreak
NIA-Based Lock Screen Bypass
External Links
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may not reflect the position of past, present or future employers.
The post Vulnerable OMA-DM Implementations and Over the Air Hacks appeared first on PacketU.
Alcatel switches Auto Vlan Assignement
Switch configuration includes many tasks, some of them are just boring and error prone. Vlan port assignment on access switches, excited huh? There can be many vlans (clients, printers, access-point, security cameras and more) and it may not be easy…Response: HowTo Configure IP Multicast PIM on ECMP| Mellanox Interconnect Community
Today I spent several hours reading up on PIM Bidirectional for an customer implementation on an ECMP networking. I realise that somewhere inside my head there is a lot of IP Multicast knowledge that hasn’t been lost but it is definitely hiding. I had to re-learn a number of concepts before I started feel confident. […]
The post Response: HowTo Configure IP Multicast PIM on ECMP| Mellanox Interconnect Community appeared first on EtherealMind.
The Ultimate Portable Laptop Stand – Rooststand !!
Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
I was looking for a portable laptop stand as I have been starting to get neck pain hunched over my laptop all day. Working at home, in the office and on client sites I needed a laptop stand and it had to be portable. I searched the internet for portable laptop stands and apart from... [Read More]
Post taken from CCIE Blog
Original post The Ultimate Portable Laptop Stand – Rooststand !!
Twitter, Please Stop Giving Me Things I Don’t Want
Last week, Twitter confirmed that they will start injecting tweets from users you don’t follow into your timeline. The collective cry from their user base ranged from outrage to a solid “meh”. It seems that Twitter has stumbled onto the magic formula that Facebook has perfected: create a feature the users don’t care about and force it onto them. Why?
Twitter Doesn’t Care About Power Users
Twitter has an interesting mix of users. They reported earlier this year that 44% of their user base has never tweeted. That’s a lot of accounts that were created for the purpose of reserving a name or following people in read-only mode. That must concern Twitter. Because people that don’t tweet can’t be measure for things like advertising. They won’t push the message of a sponsored tweet. They won’t add their voice to the din. But what about those users that tweet regularly?
Power users are those that tweet frequently without a large follower base. Essentially, everyone that isn’t a celebrity with a million followers or a non-tweeting account. You know, the real users on Twitter. The people that make typos in their tweets and actually check to see who follows them. The ones Continue reading
Software-Defined Data Center Straight Talk with Tom Burns & JR Rivers
The data center is flush with change and it’s hard to know where to turn for advice. The myriad vendor positions on technology are confusing and seem self-motivated to lock you into their technology. Meanwhile, your data center is being flooded with more traffic every day.
Getting advice is hard so it’s not every day you get to talk with two of the world’s foremost thinkers in the data center world. With Tom Burns (Vice President and General Manager, Dell Networking and Enterprise Infrastructure) and JR Rivers (Co-founder/CEO of Cumulus Networks) joining me, I will get that special privilege on November 20 when I host a webinar to discuss open networking in the software-defined data center (SDDC).
Yeah, I know what you’re thinking. Another webinar with a bunch of marketing buzzwords. Well, if you know these guys you know that won’t be the case. I’ll moderate the discussion by teeing up a few questions and getting out of their way.
We’re planning to discuss a number of topics that will be sure to provoke some strategic thinking on your part. We’ll discuss:
- Major data center challenges and how best to address them,
- The current state of enterprise-ready SDDC technologies and Continue reading
Secrets Behind A10 Health Monitors
Whether you use A10, f5 or some other load balancer, you’re probably used to the idea of health monitors, or “health checks”. The load balancer periodically performs some kind of connectivity test to the servers that are used to service … Continue reading
If you liked this post, please do click through to the source at Secrets Behind A10 Health Monitors and give me a share/like. Thank you!
Outcome bias and the psychology that prevents sustained success
In psychology, there is a phenomenon called Outcome Bias, which basically means that we tend to judge the efficacy of a decision based primarily on how things turn out. After a decision is made, we rarely examine the conditions that existed at the time of the decision, choosing instead to evaluate performance based solely (or mostly) on whether the end result was positive or not.
But what happens as luck plays a role in outcomes? Did we actually make the best decision? Or was the result really a product of conditions outside of our control?
Understanding Outcome Bias
A relatively strong example of Outcome Bias can be found in the gambling world. Take poker, for instance. Many players will overplay the cards they are dealt. Imagine that you have four cards to a straight. There are two remaining cards to play. You might make bets that are statistically weak, but if the card you were looking for shows up, you will evaluate your own performance as strong for the hand. After all, you did win, right?
The challenge with Outcome Bias is that the fortuitous turn of events leads you play other hands in a similar way. Despite the fact Continue reading