Archive

Category Archives for "Virtualization"

A Unikernel eBook from O’Reilly

eBook Cover

I am pleased to announce that my FREE unikernel eBook is now available from O’Reilly.

I have been giving talks about unikernels for the past 2 years at conferences throughout North America. This eBook is my attempt to present most of the information from these talks in a written form. It is not a technical HowTo book, but rather an introduction to the basic concept of unikernels and an explanation of their value.

I hope this eBook will be a useful tool for introducing people to the whys and wherefores of unikernels.

You can download your copy here: http://www.oreilly.com/webops-perf/free/unikernels.csp

A Triple-Provider Vagrant Environment

In this post, I’d like to share with you some techniques I used to build a triple-provider Vagrant environment—that is, a Vagrant environment that will work unmodified with multiple backend providers. In this case, it will work (mostly) unmodified with AWS, VirtualBox, and the VMware provider (tested with Fusion, but should work with Workstation as well). I know this may not seem like a big deal, but it marks something of a milestone for me.

Since I first started using Vagrant a couple of years ago, I’ve—as expected—gotten better and better at leveraging this tool in a flexible way. You can see this in the evolution of the Vagrant environments found in my GitHub “learning-tools” repository, where I went from hard-coded data values to pulling data from external YAML files.

One thing I’d been shooting for was a Vagrantfile that would work with multiple backend providers without any modifications, and tonight I managed to build an environment that works with AWS, VirtualBox, and VMware Fusion. There are still a couple of hard-coded values, but the vast majority of information is pulled from an external YAML file.

Let’s take a look at the Vagrantfile that I created. Here’s Continue reading

Temporary Time Out

Hi folks, the Captain is taking a few weeks off as he has a brand new instance being spun up this week, if you catch my drift… ? You know, the kind of instance that takes 9 months to boot… I expect to be back at the keyboard by the end of October, but don’t be alarmed if you don’t see much in the way of posts, demos, or tweets. It’s all good.

The post Temporary Time Out appeared first on Captain KVM.

Why I’m Now Using VirtualBox with Vagrant

One of the things I often tell people is, “Use the right tool for the job.” As technologists, we shouldn’t get so locked onto any one technology or product that we can’t see when other technologies or products might solve a particular problem more effectively. It’s for this reason that I recently made VirtualBox—not VMware Fusion—my primary virtualization provider for Vagrant environments.

I know it seems odd for a VMware employee to use/prefer a non-VMware product over a competing VMware product. I’ve been a long-time Fusion user (since 2006 when I was part of the original “friends and family” early release). Since I started working with Vagrant about two years ago, I really tried to stick it out with VMware Fusion as my primary virtualization provider. I had a ton of experience with Fusion, and—honestly—it seemed like the right thing to do. After a couple of years, though, I’ve decided to switch to using VirtualBox as my primary provider for Vagrant.

Why? There’s a few different reasons:

  1. Greater manageability: VirtualBox comes with a really powerful CLI tool, vboxmanage, that lets me do just about anything from the command line. In fact, the VirtualBox documentation refers to Continue reading

Test-driving arbitrary data publishing over BGP

BGP is a routing protocol known for its strength in scaling and resilience. It is also flexible and extensible.  With its Multi-Protocol extension BGP can support distribution of various data types. Still to extend BGP for every new route data type  requires introduction of new address family(AFI/SAFI) and making BGP aware of the new data … Continue reading Test-driving arbitrary data publishing over BGP

Integrating RHV & OpenStack with Neutron

Hi folks, I recently posted an article on one of the official Red Hat blogs about the new Neutron integration between RHV and RHOSP. I have to say it’s very cool and might change the way you look at networking capabilities in RHV, at least if you’re also using RHOSP in the same data center.

As a side note, I’ve mentioned my friend and colleague, Tony James in recent posts and he makes another appearance this week. He helped pull together the configuration steps as well as the demo that we recorded. Big kudos to to “Big T”.

Back to the actual integration. If you don’t want to look at the other article, the condensed version of “why should you might care” is as follows:

  1. Run applications across RHV & RHOSP – front end of the app on RHOSP and the back end on RHV using the Neutron integration to bridge the network gap.
  2. Add SDN capabilities to RHV via the Neutron integration, even if the app only exists in RHV.
  3. Manage the SDN network topologies for both RHV and RHOSP from a single management space (web or programmatic).

Those are the 3 big use cases, in a nutshell. If Continue reading

Modern Storage Software Erodes Resistant Data Silos

With the record-breaking $60 billion Dell/EMC acquisition now complete, both of these companies and their customers now have more options than ever before to meet evolving storage needs. Joining forces helps the newly minted Dell Technologies combine the best of both worlds to better serve customers by blending EMC storage and support with Dell pricing and procurement.

But there is some trouble in paradise. Even when sold by the same vendor, most storage systems have been designed as secluded islands of data, meaning they aren’t terribly good at talking to each other.

In fact, this silo effect is exacerbated

Modern Storage Software Erodes Resistant Data Silos was written by Timothy Prickett Morgan at The Next Platform.

Test-driving EVPN route publishing with GoBGP

In recent times there has been a lot of interest in tunnel based L2 networks, especially for Cloud Networks implemented with VXLAN.  The tunnel based networks were initially proposed with the idea of alleviating the 4k limit imposed with VLAN based networks. EVPN based VXLAN tunneled networks use BGP as control plane for L2 learning. … Continue reading Test-driving EVPN route publishing with GoBGP

Is the next big thing VR, AI and Robotics? Or is it already here. Recap of AT&T Shape 2016

Attend any technology conference today (2016) and I bet you there is going to be a track for IoT (Internet of Things), VR (Virtual Reality), AI (Artificial Intelligence) and other buzz words like deep learning, machine learning, big data, robotics et all. Almost all industries across the board either already have something or in the process of inventing something that inches us closer to SkyNet and science fiction. Academia which is always a few years ahead of the industries also heavily invests in these topics.  VR, AI, Robotics and Machine Learning are few of the top research topics of 2016 listed by IEEE.

© Arun Sriraman
I was lucky to attend one such conference - AT&T Shape this year (2016) held at AT&T Park in SF on the 15th-16th of July. AT&T Shape is about showcasing future technology - a preview into what's possible & what's coming in the next few years. This year most of the exhibits & demos were VR, Robotics and AI themed. And speaking of machine learning/AI - look at the video above. It's a video generated by Google using the photos & videos I captured during the event. Google automatically has figured out the Continue reading

NFV Platforms with MirageOS Unikernels

Wassim Haddad is at Ericsson Silicon Valley where he currently works on distributed cloud infrastructure. Heikki Mahkonen and Ravi Manghirmalani work at Ericsson Research at Silicon Valley in the advanced Networking and Transport labs. The Ericsson team has a diverse background in different NFV, SDN and Cloud related R&D projects.

The push towards NFV

The Network Function Virtualization (NFV) paradigm breaks away from traditional “monolithic” approaches, which normally build network functions by tightly coupling application code to the underlying hardware. Decoupling these components offers a new approach to designing and deploying network services. One that brings a high degree of flexibility in terms of separating their lifecycle management and enabling much more efficient scaling. Moreover, the move away from specialized hardware coupled with a “virtualize everything” trend is fuelling operators and service providers’ expectations of significant cost reductions. This is undoubtedly a strong motivation behind NFV adoption.

Current NFV market trends point towards two key technologies: Cloud Orchestration (e.g., OpenStack) to provision and manage workflows, and Software Defined Networking (SDN) to enable dynamic connectivity between different workflows as well as network slicing. In parallel, there is also a strong desire to migrate from virtual machines towards microservice enablers, Continue reading

A simple metadata server to run cloud images on standalone libvirt :: KVM Hypervisor

With all the interest in Cloud Computing and virtualization, the OS vendors are providing ever more easier ways to deploy VMs. Most of them now come with cloud images. This makes it really easy for users to deploy VMs with the distro of their choice on a cloud platform like OpenStack or AWS. Here are … Continue reading A simple metadata server to run cloud images on standalone libvirt :: KVM Hypervisor

CyberChaff: HaLVM unikernels protecting corporate networks

Unikernel technologies, specifically the libraries, are applicable in many ways (e.g. the recent Docker for Mac and Windows products). However, unikernels themselves can enable new categories of products. One of the most prominent products is a network security tool called CyberChaff, based on open source HaLVM unikernels. Today Formaltech, a Galois subsidiary, revealed that Reed College is one of their happy CyberChaff users!

Defending a Network With CyberChaff

CyberChaff is designed to detect one of the early and critical steps in a security breach: the point when an attacker pivots from their initial entry point to the more juicy parts of the network. This step, the pivot, typically involves scanning the network for hosts that may be better positioned, appear to have more privileges, or are running critical services.

To impair this step of the attack, CyberChaff introduces hundreds (or thousands) of false, lightweight nodes on the network. These hosts are indistinguishable from real hosts when scanned by the attacker, and are each implemented as their own HaLVM unikernel. See the diagram below where green nodes are the real hosts and the orange nodes are HaLVM CyberChaff nodes. This means that an attacker is faced with a huge Continue reading

Enable nested virtualization on supported hardware. (Fixing WARNING KVM acceleration not available, using ‘qemu’ issue)

Source: http://samadhisoft.com/wp-content/uploads/2009/05/nested-boxes.jpg     
Whats fun without pushing things to the limit, making them do things that they weren't designed for and creating something cool. If the end result isn't cool that's ok too. My take here is that giving something a try not only keeps you occupied  but also contributes to gaining knowledge. Insights acquired in this process of pushing boundaries is definitely worth all the effort. Nested Virtualization once was a cool thing and is still is for a lot of people out there. If you are on a modern x86 (Intel) architecture processor backed computer, it most probably will support nested virtualization.

© Warner Bros
For beginners out there, nested virtualization is nothing but the process of allowing a virtual medium such as a virtual machine or a container to be able to not only act as physical hardware but also further create another abstraction within itself. Think about it as a smaller container/box within a larger box. Although you can perceive the smaller box as the only box when seen from within, it isn't so. Now put a smaller box within it - that's nested virtualization. Each level of nesting does make it tighter Continue reading

Gotchas to configuring Calico with Docker

© Calico project - Metaswitch
Setting up Calico with Docker has been documented with step-by-step commands on the Calico github page and I will not be repeating them here again. I am going to use this as a scratch pad for the gotchas that I learnt from following that article on github. I hope it helps some of you.

Docker networking has seen a lot of improvements both in the native libnetwork library as well as other projects & solutions. Docker container networking especially across two physical hosts is an interesting problem with various solutions out there with their own pros and cons. You could go with flannel, a L2 overlay, VXLAN overlay to facilitate multi-host container networking or choose a pure L3-only solution like Calico. Speaking of the various choices for container networking I came across this article that compares the network glue : underlay/ overlay solutions using different parameters. Feel free to check that out if you want to get an idea into what each of these (VXLAN, flannel & Calico) offer but then of course making your own comparisons and benchmarks will not only provide with the differences/features you are looking for but also Continue reading

Running docker containers with native L2 networking & DHCP

A container normally comes up on the docker0 bridge with an IP from the static docker pool. This can be configured by editing docker options and restarting docker engine.
License: CC from Docker Blog / Dave Tucker

There are cases where a container needs to come up on a pre-existing bridge or a user defined bridge. This can be achieved by giving the --net option during docker run or configuring docker daemon options pre to docker engine boot. Creating an image with dhclient installed in it & programmed to start automatically is one way of doing l2-dhcp from the physical network infrastructure. There are other ways of doing this - macvlan, ipvlan or manually plugging in a veth pair between the docker container namespace and the host network stack. I will describe the former method here. macvlan and veth pair addition methods are described here [Cr1].

Step 1: Build a docker image with the required set of tools. An example is given below. This installs dhclient, netutils and iputils along with running sshd. User root’s password is set to centos using the start.sh script. Dockerfile & script source attributed to maxamillion (github link)

Dockerfile
 FROM centos:latest  
MAINTAINER Continue reading

Test-Driving OSPF on RouterOS – Interoperability

So I wrote about OSPF on RouterOS in my previous post. It was a nice experiment to learn about routing protocols. I wanted to take it a little further and test Interoperability of RouterOS with other open source solutions. This post is an update from the previous one and I will add OSPF neighbor nodes … Continue reading Test-Driving OSPF on RouterOS – Interoperability