SDxCentral’s Weekly Roundup — January 19, 2018
Comcast chooses AWS; Qualcomm puts up a fight against Broadcom; Maersk and IBM work with blockchain.
Stuff The Internet Says On Scalability For January 19th, 2017
Hey, it's HighScalability time:
If you like this sort of Stuff then please support me on Patreon. And I'd appreciate your recommending my new book—Explain the Cloud Like I'm 10—to anyone who needs to understand the cloud (who doesn't?). I think they'll like it. Now with twice the brightness and new chapters on Netflix and Cloud Computing.
- $268,895,000,000: Apple's cash and investments; 60%: growth in Amazon's ad revenue; ~80%: movie tickets sold in China are sold through mobile apps; £27,000: King Edward's yearly income; 3: new Google undersea cables; 7,500: Google edge caching nodes; 50,000x: microprocessor performance compared to a 1978 mini-computer at 0.25% of the cost; $15bn: spending on hosting services; 0.2 cycles per byte: ridiculously fast base64 encoding and decoding; $165B+: 2018 games software/hardware spending; 328 feet: air purification tower in China; 42 million: proteins molecules in a yeast cell;
- Quotable Quotes:
- Richard Jones: For now, what we can say is that the age of exponential growth of computer power is over. It gave us an extraordinary 40 years, but in our world all exponentials come to an end, and we’re now firmly Continue reading
Can Routing Be Oversimplified?
I don’t know if you’ve had a chance to see this Reddit thread yet, but it’s a funny one:
We eliminated routing protocols from our network!
Short non-clickbait summary: We deployed SD-WAN and turned off OSPF. We now have a /16 route for the internal network and a default route to the Internet where a lot of our workloads were moved into the cloud.
Bravo for this networking team for simplifying their network to this point. All other considerations aside, does this kind of future really bode well for SD-WAN?
Now You See Me
As pointed out in the thread above, the network team didn’t really get rid of their dynamic routing protocols. The SD-WAN boxes that they put in place are still running BGP or some other kind of setup under the hood. It’s just invisible to the user. That’s nothing new. Six years ago, Ivan Pepelnjak found out Juniper QFabric was running BGP behind the scenes too.
Hiding the networking infrastructure from the end user is nothing new. It’s a trick that has been used for years to allow infrastructures to be tuned and configured in such a way as to deliver maximum performance without letting anyone tinker Continue reading
oVirt 4.2.2 web admin UI browser bookmarks
oVirt web admin UI now allows the user to bookmark all entities and searches using their browser.
Synchronizing URL with application state
Whenever you select a detail view in the application, the browser URL is now updated to match the selected entity. For instance if you have a VM named MyVM and you click on the name to see the details, the URL of the browser will go to #vms-general;name=MyVM. If you switch to lets say the network interfaces tab the URL in your browser will switch to #vms-network_interfaces;name=MyVM. Changing entity or changing location will keep the browser URL synchronized. This allows you to use your browsers bookmark functionality to store a link to that VM.
Direct linking to entities
As a complementary functionality you can pass arguments to places that will execute some functionality based on the type of argument you have passed in. The following types are available:
- SEARCH, is for main views only, this allows you to pre populate the search string used in the search bar.
- NAME, most entities are uniquely named and you can use their name in a detail view to go directly to that named entity.
- DATACENTER, quota and networks are not uniquely Continue reading
The Role of Security in Edge Computing
A look at what's needed to mitigate IoT security threats.
SYN 패킷 처리 실제
역자주: 이 글은 Marek Majkowski의 https://blog.cloudflare.com/syn-packet-handling-in-the-wild/ 를 번역한 것입니다.
우리 Cloudflare 에서는 실제 인터넷상의 서버 운영 경험이 많습니다. 하지만 이런 흑마술 마스터하기를 게을리하지도 않습니다. 이 블로그에서는 인터넷 프로토콜의 여러 어두운 부분을 다룬 적이 있습니다: understanding FIN-WAIT-2 나 receive buffer tuning과 같은 것들입니다.
CC BY 2.0 image by Isaí Moreno
사람들이 충분히 신경쓰지 않는 주제가 하나 있는데, 바로 SYN 홍수(SYN floods) 입니다. 우리는 리눅스를 사용하고 있는데 리눅스에서 SYN 패킷 처리는 매우 복잡하다는 것을 알게 되었습니다. 이 글에서는 이에 대해 좀 더 알아 보도록 하겠습니다.
두개의 큐의 이야기
일단 만들어진 소켓에 대해 "LISTENING" TCP 상태에는 두개의 분리된 큐가 존재 합니다:
- SYN 큐
- Accept 큐
일반적으로 이 큐에는 여러가지 다른 이름이 붙어 있는데, "reqsk_queue", "ACK backlog", "listen backlog", "TCP backlog" 등이 있습니다만 혼란을 피하기 위해 위의 이름을 사용하도록 하겠습니다.
SYN 큐
SYN 큐는 수신 SYN 패킷[1] (구체적으로는 struct inet_request_sock)을 저장합니다. 이는 SYN+ACK 패킷을 보내고 타임아웃시에 재시도하는 역할을 합니다. 리눅스에서 재시도 값은 다음과 같이 설정됩니다:
$ sysctl net.ipv4.tcp_synack_retries
net.ipv4.tcp_synack_retries = 5
문서를 보면 다음과 같습니다:
tcp_synack_retries - 정수
수동 TCP 연결 시도에 대해서 SYNACK를 몇번 다시 보낼지를 지정한다.
이 값은 255 이하이어야 한다. 기본값은 5이며, 1초의 초기 RTO값을 감안하면
마지막 재전송은 31초 Continue readingPacket Forwarding on Linux on Software Gone Wild
Linux operating system is used as the foundation for numerous network operating systems including Arista EOS and Cumulus Linux. It provides most networking constructs we grew familiar with including interfaces, VLANs, routing tables, VRFs and contexts, but they behave slightly differently from what we’re used to.
In Software Gone Wild Episode 86 Roopa Prabhu and David Ahern explained the fundamentals of packet forwarding on Linux, and the differences between Linux and more traditional network operating systems.
Read more ...I Became Cisco Champion for 2018
How Does Internet Work - We know what is networking
I just received an e-mail from Cisco with the notice that I was elected Cisco Champion for 2018. As Cisco says: “Cisco Champions are a group of highly influential technical experts who generously enjoy sharing their knowledge, expertise, and thoughts on the social web and with Cisco. The Cisco Champion program encompasses a diverse set of areas such as Data Center, Internet of Things, Enterprise Networks, Collaboration, and Security. Cisco Champions are located all over the world.” I must say that last 7 years of writing this blog was the primary reason why one should pick me for this flattering
The ARC of Satori
Authors: Pete Arzamendi, Matt Bing, and Kirk Soluk. Satori, the heir-apparent to the infamous IOT malware Mirai, was discovered by researchers in December 2017. The word “satori” means “enlightenment” or “understanding” in Japanese, but the evolution of the Satori malware has brought anything but clarity. […]The ARC of Satori
Authors: Pete Arzamendi, Matt Bing, and Kirk Soluk Satori, the heir-apparent to the infamous IOT malware Mirai, was discovered by researchers in December 2017. The word “satori” means “enlightenment” or “understanding” in Japanese, but the evolution of the Satori malware has brought anything but clarity. […]Technology Short Take 93
Welcome to Technology Short Take 93! Today I have another collection of data center technology links, articles, thoughts, and rants. Here’s hoping you find something useful!
Networking
- Matt Klein breaks down service mesh components, using terms networking professionals know well, like “data plane” and “control plane.” Those familiar with networking concepts will identify well with the ideas in this article, I think.
- This is pretty cool: a WYSIWYG topology designer for VMware NSX. Neat!
- Daniel Hertzberg provides an overview of Salt integration in Arista EOS.
- Barry Peddycord shares an update on Ansible support for the Cumulus Linux NCLU.
Servers/Hardware
Nothing this time around. Feel free to hit me up on Twitter if you have links you think I should include next time!
Security
- Detectify has a nice, in-depth write-up on AWS S3 access controls. Given the recent plethora of data breaches that have been attributed to misconfigured S3 buckets, now might be a good time to read this post.
Cloud Computing/Cloud Management
- The VMware Cloud-Native Apps group has a breakdown of some of the new features/functionality found in the 1.9 release of Kubernetes.
- Via Maish Saidel-Keesing, I saw this post about 10 open source Kubernetes tools for Continue reading
A New Architecture For NVM-Express
NVM-Express is the latest hot thing in storage, with server and storage array vendors big and small making a mad dash to bring the protocol into their products and get an advantage in what promises to be a fast-growing market.
With the rapid rise in the amount of data being generated and processed, and the growth of such technologies as artificial intelligence and machine learning in managing and processing the data, demand for faster speeds and lower latency in flash and other non-volatile memory will continue to increase in the coming years, and established companies like Dell EMC, NetApp …
A New Architecture For NVM-Express was written by Jeffrey Burt at The Next Platform.
BiB 023: netYCE Is Orchestrated Control Of Your Network
NetYCE gives Ethan Banks an overview of their platform and shares some of the latest capabilities they’ve baked in.
The post BiB 023: netYCE Is Orchestrated Control Of Your Network appeared first on Packet Pushers.
Getting started with Linux: the basics – part 2
In part 1 of our series about getting started with Linux, we learned how to download Linux, whether you should use the CLI or the GUI, how to get a SSH client, how to login to Linux and how to get help. In this post, you’ll learn how to know what type of Linux you are using and how to navigate the Linux file system.
How do I know what type of Linux I am using?
Because there are so many different types of Linux, you want to be sure you know what distribution and version you are using (for the sake of searching the right documentation on the Internet, if nothing else). Keep in mind a couple different commands to identify your Linux version.
The uname command shows the basic type of operating system you are using, like this:
david@debian:~$ uname -a
Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.43-2 (2017-04-30) i686 GNU/Linux
And the hostnamectl command shows you the hostname of the Linux server as well as other system information, like the machine ID, virtualization hypervisor (if used), operating system and Linux kernel version. Here’s an example:
david@debian:~$ hostnamectl
Static hostname: debian
Icon name: computer-vm
Continue reading
Response: Do we really need a new BGP? | APNIC Blog
Russ White on the tragedy of BGP
Beta for Docker Enterprise Edition with Kubernetes Integration Now Available
Today we are excited to launch the public beta for Docker Enterprise Edition (Docker EE), our container management platform. First announced at DockerCon Europe, this release features Kubernetes integration as an optional orchestration solution, running side-by-side with Docker Swarm. With this solution, organizations will be able to deploy applications with either Swarm or fully-conformant Kubernetes while maintaining the consistent developer-to-IT workflow users have come to expect from Docker, especially when combined with the recent edge release of Docker for Mac with Kubernetes support. In addition to Kubernetes, this release includes enhancements to Swarm and to Docker Trusted Registry (DTR) which can be tested during the beta period.
Due to the high interest in this beta, license keys will be rolled out in batches over the next few weeks. Individuals who signed up for beta at www.docker.com/kubernetes will receive instructions on how to access this release and where to submit feedback. We also encourage our partners to use this time to test and validate their Docker and Kubernetes solutions against this release. Registrations will remain open throughout this beta testing period.
Explore the New Features
At DockerCon Europe, we demonstrated the management integration of Kubernetes within Docker EE. You can Continue reading