Archive

Category Archives for "Virtualization"

Integrating RHV & OpenStack with Neutron

Hi folks, I recently posted an article on one of the official Red Hat blogs about the new Neutron integration between RHV and RHOSP. I have to say it’s very cool and might change the way you look at networking capabilities in RHV, at least if you’re also using RHOSP in the same data center.

As a side note, I’ve mentioned my friend and colleague, Tony James in recent posts and he makes another appearance this week. He helped pull together the configuration steps as well as the demo that we recorded. Big kudos to to “Big T”.

Back to the actual integration. If you don’t want to look at the other article, the condensed version of “why should you might care” is as follows:

  1. Run applications across RHV & RHOSP – front end of the app on RHOSP and the back end on RHV using the Neutron integration to bridge the network gap.
  2. Add SDN capabilities to RHV via the Neutron integration, even if the app only exists in RHV.
  3. Manage the SDN network topologies for both RHV and RHOSP from a single management space (web or programmatic).

Those are the 3 big use cases, in a nutshell. If Continue reading

Modern Storage Software Erodes Resistant Data Silos

With the record-breaking $60 billion Dell/EMC acquisition now complete, both of these companies and their customers now have more options than ever before to meet evolving storage needs. Joining forces helps the newly minted Dell Technologies combine the best of both worlds to better serve customers by blending EMC storage and support with Dell pricing and procurement.

But there is some trouble in paradise. Even when sold by the same vendor, most storage systems have been designed as secluded islands of data, meaning they aren’t terribly good at talking to each other.

In fact, this silo effect is exacerbated

Modern Storage Software Erodes Resistant Data Silos was written by Timothy Prickett Morgan at The Next Platform.

Test-driving EVPN route publishing with GoBGP

In recent times there has been a lot of interest in tunnel based L2 networks, especially for Cloud Networks implemented with VXLAN.  The tunnel based networks were initially proposed with the idea of alleviating the 4k limit imposed with VLAN based networks. EVPN based VXLAN tunneled networks use BGP as control plane for L2 learning. … Continue reading Test-driving EVPN route publishing with GoBGP

Is the next big thing VR, AI and Robotics? Or is it already here. Recap of AT&T Shape 2016

Attend any technology conference today (2016) and I bet you there is going to be a track for IoT (Internet of Things), VR (Virtual Reality), AI (Artificial Intelligence) and other buzz words like deep learning, machine learning, big data, robotics et all. Almost all industries across the board either already have something or in the process of inventing something that inches us closer to SkyNet and science fiction. Academia which is always a few years ahead of the industries also heavily invests in these topics.  VR, AI, Robotics and Machine Learning are few of the top research topics of 2016 listed by IEEE.

© Arun Sriraman
I was lucky to attend one such conference - AT&T Shape this year (2016) held at AT&T Park in SF on the 15th-16th of July. AT&T Shape is about showcasing future technology - a preview into what's possible & what's coming in the next few years. This year most of the exhibits & demos were VR, Robotics and AI themed. And speaking of machine learning/AI - look at the video above. It's a video generated by Google using the photos & videos I captured during the event. Google automatically has figured out the Continue reading

NFV Platforms with MirageOS Unikernels

Wassim Haddad is at Ericsson Silicon Valley where he currently works on distributed cloud infrastructure. Heikki Mahkonen and Ravi Manghirmalani work at Ericsson Research at Silicon Valley in the advanced Networking and Transport labs. The Ericsson team has a diverse background in different NFV, SDN and Cloud related R&D projects.

The push towards NFV

The Network Function Virtualization (NFV) paradigm breaks away from traditional “monolithic” approaches, which normally build network functions by tightly coupling application code to the underlying hardware. Decoupling these components offers a new approach to designing and deploying network services. One that brings a high degree of flexibility in terms of separating their lifecycle management and enabling much more efficient scaling. Moreover, the move away from specialized hardware coupled with a “virtualize everything” trend is fuelling operators and service providers’ expectations of significant cost reductions. This is undoubtedly a strong motivation behind NFV adoption.

Current NFV market trends point towards two key technologies: Cloud Orchestration (e.g., OpenStack) to provision and manage workflows, and Software Defined Networking (SDN) to enable dynamic connectivity between different workflows as well as network slicing. In parallel, there is also a strong desire to migrate from virtual machines towards microservice enablers, Continue reading

A simple metadata server to run cloud images on standalone libvirt :: KVM Hypervisor

With all the interest in Cloud Computing and virtualization, the OS vendors are providing ever more easier ways to deploy VMs. Most of them now come with cloud images. This makes it really easy for users to deploy VMs with the distro of their choice on a cloud platform like OpenStack or AWS. Here are … Continue reading A simple metadata server to run cloud images on standalone libvirt :: KVM Hypervisor

CyberChaff: HaLVM unikernels protecting corporate networks

Unikernel technologies, specifically the libraries, are applicable in many ways (e.g. the recent Docker for Mac and Windows products). However, unikernels themselves can enable new categories of products. One of the most prominent products is a network security tool called CyberChaff, based on open source HaLVM unikernels. Today Formaltech, a Galois subsidiary, revealed that Reed College is one of their happy CyberChaff users!

Defending a Network With CyberChaff

CyberChaff is designed to detect one of the early and critical steps in a security breach: the point when an attacker pivots from their initial entry point to the more juicy parts of the network. This step, the pivot, typically involves scanning the network for hosts that may be better positioned, appear to have more privileges, or are running critical services.

To impair this step of the attack, CyberChaff introduces hundreds (or thousands) of false, lightweight nodes on the network. These hosts are indistinguishable from real hosts when scanned by the attacker, and are each implemented as their own HaLVM unikernel. See the diagram below where green nodes are the real hosts and the orange nodes are HaLVM CyberChaff nodes. This means that an attacker is faced with a huge Continue reading

Enable nested virtualization on supported hardware. (Fixing WARNING KVM acceleration not available, using ‘qemu’ issue)

Source: http://samadhisoft.com/wp-content/uploads/2009/05/nested-boxes.jpg     
Whats fun without pushing things to the limit, making them do things that they weren't designed for and creating something cool. If the end result isn't cool that's ok too. My take here is that giving something a try not only keeps you occupied  but also contributes to gaining knowledge. Insights acquired in this process of pushing boundaries is definitely worth all the effort. Nested Virtualization once was a cool thing and is still is for a lot of people out there. If you are on a modern x86 (Intel) architecture processor backed computer, it most probably will support nested virtualization.

© Warner Bros
For beginners out there, nested virtualization is nothing but the process of allowing a virtual medium such as a virtual machine or a container to be able to not only act as physical hardware but also further create another abstraction within itself. Think about it as a smaller container/box within a larger box. Although you can perceive the smaller box as the only box when seen from within, it isn't so. Now put a smaller box within it - that's nested virtualization. Each level of nesting does make it tighter Continue reading

Gotchas to configuring Calico with Docker

© Calico project - Metaswitch
Setting up Calico with Docker has been documented with step-by-step commands on the Calico github page and I will not be repeating them here again. I am going to use this as a scratch pad for the gotchas that I learnt from following that article on github. I hope it helps some of you.

Docker networking has seen a lot of improvements both in the native libnetwork library as well as other projects & solutions. Docker container networking especially across two physical hosts is an interesting problem with various solutions out there with their own pros and cons. You could go with flannel, a L2 overlay, VXLAN overlay to facilitate multi-host container networking or choose a pure L3-only solution like Calico. Speaking of the various choices for container networking I came across this article that compares the network glue : underlay/ overlay solutions using different parameters. Feel free to check that out if you want to get an idea into what each of these (VXLAN, flannel & Calico) offer but then of course making your own comparisons and benchmarks will not only provide with the differences/features you are looking for but also Continue reading

Running docker containers with native L2 networking & DHCP

A container normally comes up on the docker0 bridge with an IP from the static docker pool. This can be configured by editing docker options and restarting docker engine.
License: CC from Docker Blog / Dave Tucker

There are cases where a container needs to come up on a pre-existing bridge or a user defined bridge. This can be achieved by giving the --net option during docker run or configuring docker daemon options pre to docker engine boot. Creating an image with dhclient installed in it & programmed to start automatically is one way of doing l2-dhcp from the physical network infrastructure. There are other ways of doing this - macvlan, ipvlan or manually plugging in a veth pair between the docker container namespace and the host network stack. I will describe the former method here. macvlan and veth pair addition methods are described here [Cr1].

Step 1: Build a docker image with the required set of tools. An example is given below. This installs dhclient, netutils and iputils along with running sshd. User root’s password is set to centos using the start.sh script. Dockerfile & script source attributed to maxamillion (github link)

Dockerfile
 FROM centos:latest  
MAINTAINER Continue reading

Test-Driving OSPF on RouterOS – Interoperability

So I wrote about OSPF on RouterOS in my previous post. It was a nice experiment to learn about routing protocols. I wanted to take it a little further and test Interoperability of RouterOS with other open source solutions. This post is an update from the previous one and I will add OSPF neighbor nodes … Continue reading Test-Driving OSPF on RouterOS – Interoperability

Test-driving OSPF on RouterOS

I came across RouterOS by MikroTik© which provides advances routing protocol support. What is more amazing is they provide a RouterOS in a virtual form-factor called Cloud Hosted Router (CHR) that can be installed on hypervisors like KVM/VirtualBox/VMware. Please look at licensing model at http://wiki.mikrotik.com/wiki/Manual:CHR#CHR_Licensing This is perfect for learning purposes and experimenting at home. … Continue reading Test-driving OSPF on RouterOS

Kernel Programming 101 – Creating your own Linux Kernel Module


Have you ever wanted to write your own kernel module? This multi-part blog post will talk about creating your first kernel module, using the proc file system, gathering and updating statistics and will cover topics such as your kernel as a menu items to menuconfig, setting defaults in the kernel config, registering network callbacks for specific types of packets taking Cisco CDP as an example and some tips-tricks in writing and debugging kernel code.  A lot of my own learning has been through blogs and experiments. One source that is really great and does summarize a lot of what my blog will talk about and more is TLDP (The Linux Documentation Project).

Today programming involving systems  is about providing the flexibility and pace for software development by providing user space APIs that interact with the linux kernel through system calls. This approach also provides the abstraction needed to carve out the complexity in direct kernel programming. So before we dive into kernel programming-101, lets answer this question - Why Kernel Programming

When there's need to perform operations without  cpu cycles wastage and/or reduce user space copy overheads, kernel programming suits the bill. Taking networking and linux networking stack as Continue reading

ContainerWorld2016 conference in review – Part II (Container Orchestration)




© Arun Sriraman
Picking up from Part I of ContainerWorld2016 conference in review, this post describes the various orchestration mechanisms available to manage containers. There are more than just the tree mechanisms out there to setup & manage containers but these; Kubernetes, Mesos and Docker Swarm are gaining traction and popularity. The Open Container Night Meetup (SVDevOps meetup group) although wasn't part of the conference tracks and hosted after day 1 sessions at the same venue was very informative. As part of this meetup's lightening talks, Adrian Otto provided a good in-depth comparison of the various container orchestration tools along with the roadmap for Openstack Magnum project and Carina by Rackspace.

When talking about containers and orchestration, as Adrian put it, one can think of two methods or paradigms of interacting with any system - imperative where you have complete control on how you want the system to work  along with configuration knobs accessible to you at every step and declarative where you describe the outcome and the system automates everything for you making it simple and easy but giving you less flexibility and configurability. The degree of configuration control and ease of use are two important factors that Continue reading

Setting up bonding on Ubuntu 14.04


This one was a twister to me. Linux bonding is fairly simple and there are numerous blogs out there explaining the steps to get two interfaces on a linux machine bonded. There's tons of information and step-by-step guides describing what needs to be done on an Ubuntu based system for bond configuration. I was surprised when I failed to get it working after multiple attempts. I finally ended up mixing steps from more than two different blog sources to get the setup configured correctly and more importantly persist it over reboots.

Before diving deep with specifics and yet another step-by-step guide to setting up bonds on an Ubuntu 12.02 or 14.04 machine, lets see what linux bonds are and why bonding in the first place. If you were a kid in the 90's or before you'd know what a NIC is. These days with PC's going almost extinct in the home and personal computing space, it is quite hard for users to be acquainted with network cards housing one or more NICs (Network Interface Controller). This era is all about wireless - you still do have a wireless card in your laptop or notebooks or tablets but that's Continue reading

ContainerWorld2016 conference in review – Part I

© ContainerWorld (Informa) - Taken from container world photo gallery
One would think that attending a multi-day conference is sedentary, just meeting new people and lending your ear to speakers and watching presentations. On the contrary it isn't so. Its extremely tiring and by the end of the day you are completely drained out. In this sense,  ContainerWorld2016  that took place last week (17th, 18th Feb) proved no different than other conferences and I ended quite exhausted at the end of the conference. Although exhausting, it was informative and it turned out to be more of a vendor neutral & community oriented conference compared to many others. Talk subjects varied from customer production deployment of containers to pain points of adopting the cloud native model. This multi-part post tries to summarize take-aways and interesting discussions that took place over the two days.

The conference was well received with participation from multiple vendors and customers such as RedHat, Canonical, Docker, Google, Yelp, CapitalOne, Paypal, eBay, Netflix, Veritas and Nordstrom to name a few. Right from day one keynote all the way to closing remarks on day two, customers and vendors alike reasoned the various advantages Continue reading

Want to sell your brand to a developer? Laptop stickers could be yet another way!

© Arun Sriraman
A sign of pride and fun for some but chaos for others; laptop stickers as I recently figured out is yet another way of marketing and branding. I'm sure a lot of people have wondered why a company gives away goodies in conferences and exhibitions. It's for direct+indirect marketing. When you see people walking around wearing a company printed T-Shirt or a cap, that company reaches people it never spoke to directly. It can be thought about as "flooding" in networking terms.

If its known that stickers are a marketing technique, why would someone want to mutilate their laptop with them?

Good question indeed.  I have seen people fret at the sight of my laptop and come at me with the expression of - "Oh my god! What has he done to the poor laptop".. The picture you see above is my work laptop. I like stickers and I put them on my laptop because I agree with a product or the company that makes a product and would want to share this with others (i.m.o. it also makes it look cool).

Laptop stickers though a smaller marketing channel, are nevertheless effective. Continue reading