Moving from ifconfig to ip
I will try to describe the 1:1 mapping of the most common commands I use to just figure out what a linux box is configured with. There are tons of articles & cheat sheets out there which can be used too.
ifconfig commands - See & set interface properties
Data Center Networking – Openstack Neutron networking terms demystified!
Coming from a networking background I am used to the various TLAs (ironically: Three Letter Acronyms) and terms that sometime mean the same but completely different otherwise. Networking in the data-center is no different. People have now slowly moved away from a leaf-spine topology where an advanced pricey piece of equipment sits in the spine and relatively cheaper leaf devices connect the hosts and servers. We now have an old architecture that was used during telephony in a new form with new terms. Terms such as "Clos topology" where the the leaf-spine architecture is replaced by layers or levels of similar cheaper hardware allowing flexibility in its configuration forming a sort of mesh making it both scalable and reliable; and special protocols such as DCTCP (Data Center TCP) being interspersed in technical papers and company technology presentations. An outlook of these technologies is big enough to be a completely separate read and so I will not venture into it here.
Google's datacenter - Clos Topology research & implementation
Facebooks' datacenter architecture - 5 stage clos topology
With all these changes in the data center we now also see administrators isolating a complete data center/s or carving them Continue reading
Google's datacenter - Clos Topology research & implementation
Facebooks' datacenter architecture - 5 stage clos topology
With all these changes in the data center we now also see administrators isolating a complete data center/s or carving them Continue reading
Creating VLAN interfaces in Linux
Communicating over multiple VLAN's is possible by using VLAN sub interfaces in linux. A vlan interface can be created in linux which shows up as a network interface device. Each of these interfaces are used as you would use a normal linux interface - assign an IP to it, attach it to a bridge, add routing tables entries and more. One use case is when you need a VM to act as an L2 gateway having one leg on one VLAN and another leg on the other.
First thing you will need is to load the 8021q linux kernel module that is responsible for VLAN tagging/untagging. See RFC.
Check if you have VLAN module. You can check the ouput of lsmod and figure out if 8021q is loaded or I simply like to do this:
You should see 8021q and some other lines in the output.
Add module to linux. Note that you'll need to automate this. You can add it in systemctl Continue reading
As always this can be achieved in multiple ways: using the vconfig command, adding a new interface network-script file (CentOS/Redhat) or by using the "ip" command. I will describe all three methods here:
First thing you will need is to load the 8021q linux kernel module that is responsible for VLAN tagging/untagging. See RFC.
Check if you have VLAN module. You can check the ouput of lsmod and figure out if 8021q is loaded or I simply like to do this:
lsmod | grep 8021q
You should see 8021q and some other lines in the output.
Add module to linux. Note that you'll need to automate this. You can add it in systemctl Continue reading
Running VLAN, VXLAN and GRE together using Neutron & Openstack
There are numerous blogs out there with step by step instructions to setup OVS networking for openstack neutron to run various types of networks. I came up with this post to best explain how everything works in the Neutron land and what a typical openstack deployment looks like. If you are looking for a more step-by-step procedure to set things up this post is a good place to start i.e. understanding the networking concepts and design behind running all the commands listed on other blogs.
A Neutron openstack deployment or any cloud environment these days typically consist of a Network Controller (SDN controller) and a cluster of compute hosts or servers. The type of networking you choose to connect all of these together is entirely upto you and I've seen various ways by which this can be done. There is no correct or right way of doing this. It's what works for you but if you don't really have anything already setup and are planning on starting afresh you could probably use this as a template to design your networking.
What you see above are three servers - one network node and two compute nodes.
First we'll go through Continue reading
A Neutron openstack deployment or any cloud environment these days typically consist of a Network Controller (SDN controller) and a cluster of compute hosts or servers. The type of networking you choose to connect all of these together is entirely upto you and I've seen various ways by which this can be done. There is no correct or right way of doing this. It's what works for you but if you don't really have anything already setup and are planning on starting afresh you could probably use this as a template to design your networking.
What you see above are three servers - one network node and two compute nodes.
First we'll go through Continue reading
Gotchas for using a different subnet for a VM than that of the host in Openstack
It is definitely possible to have a completely different subnet for a VM than that of the host machine running libvirt and KVM using linux bridging. This is done by using NAT technique. The reason I decided to put this down in my post is to just have it on record for me to refer in the future. Just keep in mind that I have created the instances through nova & openstack.
As always networking doesn't always work as designed or planned to and there's no fun if you don't see packet drops and unknown network issues breaking communication. After experimenting extensively and carefully jotting down the changes that was needed to be done, here are the list of gotchas' I've come up with:
- Libvirt or other network filters do not block packets (Skip this step if you aren't using nova networks and Openstack)
You can check to see what the network filter is programmed to do. To do this first find the instance ID for your instance and then find the libvirt-network filter rule for the same. You can edit the rule to set the subnet that you want to allow.Find instances Continue reading
Quick tips and reference on tcpdump tool
Linux bridges are powerful virtual switches that come with the networking stack of core Linux. Bridging is loaded as part of the bridge kernel module. Linux bridges amongst others have made it possible to network virtual machines and containers on a KVM based linux node.
Very so often I have had to go in and figure out where the packets either egressing the VM or ingress traffic to the VM magically vanishes and tcpdump has been one of the most valuable tools for me. Debugging in the networking world pretty much has a standard algorithm to it: Start from the source and check for packets along the route to the destination at every hop. Once you figure out where the packet disappears, where the black hole is, it is half the problem solved.
To do exactly this we have a variety of debugging tools ranging from Wireshark that captures packets to tcpdump and sniffers. All of these have one thing in common - they are user processes that hook onto specific kernel parameters to capture the packets. For example, although you do not explicitly set an interface in promiscuous mode this interface is moved to promiscuous mode when the packet Continue reading
Running devstack older than Kilo release
| The famous network topology diagram as seen in Juno - Openstack (My preference over the one in Kilo/Liberty) |
Juno and older code is now represented as tags and may or may not be supported by the individual project teams. However thanks to subversioning and git, you can check out code of juno or older releases by using tags now.
#git tag -l --> Lists the tags present in the repository.
#git checkout tags/ -b --> Checkout code from a tag.
All stable older releases have now been named following the convention "
Interface naming in Linux – Choose the name you want for your interfaces using udev
Have you tried the recent CentOS7.X flavor or the latest of the Redhat versions? If you have then you would have noticed the change in nomenclature of network interfaces. While the traditional approach was to use "eth" shortened from "Ethernet" as a precursor word followed by a sequence of numbers starting at 0 to name network interfaces in a system and now from the v197 scheme we have the udev rules choose names automatically for interfaces using naming schemes dependent on either the firmware/BIOS indexes for on board NICs or slot numbers for add-on nics or the mac of the nic or the physical/geo location.
Although this intuitively sounds complicated it makes life much more easier and reliable. The older scheme worked in a way that could make naming unpredictable. When a nic interface driver gets initialized udev allocates the next available number to that nic and if a host has more than one nic card (either on board or external-extended) there is a possibility of the driver load order to change thus changing the name for the NICs. A power user could add rules to udev scripts to fix a name for a particular mac address in order Continue reading
Understanding VLAN terminology – Access Trunk Native Tagged Untagged
Ever so often I myself have searched around for the exact difference between all of the different terms associated with VLAN's (Virtual Local Area Networks) and I'm sure a lot of people out there do the same. There's so much out there explaining these terms but it gets confusing when everything is virtualized. How does networking work in a virtualized host where the operating system networking stack provide virtual network functions such as a virtual switch?
I will start out by stating that networking works the same way it is expected to work in the physical world with wires and hardware boxes that switch or route traffic. To understand what these terms mean you need to first understand how VLANs work. VLAN segregation can happen on a IP range basis, on a port to port basis on the switch, based on protocol, based on mac addresses or just based on some other higher layer abstractions. The most common implementation is however port based and I will go ahead by explaining these terms with respect to this premise. Also some of these terms are specifically defined by Cisco switches and have then on gone to become popular in network design vocabulary Continue reading
I will start out by stating that networking works the same way it is expected to work in the physical world with wires and hardware boxes that switch or route traffic. To understand what these terms mean you need to first understand how VLANs work. VLAN segregation can happen on a IP range basis, on a port to port basis on the switch, based on protocol, based on mac addresses or just based on some other higher layer abstractions. The most common implementation is however port based and I will go ahead by explaining these terms with respect to this premise. Also some of these terms are specifically defined by Cisco switches and have then on gone to become popular in network design vocabulary Continue reading
Slack has transformed the way teams communicate & they now plan to go IPO!
Having kept my pensive empty for quite some time now its time for a kick start. And what better way to start than to talk about Slack - A communication tool that has revolutionized intra-team, inter-team interactions and day to day messaging.
After the dot com burst and the difficult times of 2009 technology industry is now at a point where innovation is ever more flourishing with new companies announcing their birth and the more mature ones going through multiple rounds of funding, acquisitions and IPOs. Slack is one such company that has gone from a small startup to a multi-billion dollar venture and now in the process of going IPO (TechCrunch). The customer first approach with product re-engineering from customer feedback has yet again proved to be one of the most important ingredients to being successful along with laser sharp focus areas. Slack's growth trajectory is clearly exponential, one that I'm sure any founder would love to have in their annual revenue reports.
Being an engineer in a startup, I am lucky enough to be using this communication tool daily. Having used other paid tools like Cisco Jabber to the free ones like Google Hangouts, Skype and Continue reading