To K8s or Not to K8s Your OpenStack Control Plane

This is a liveblog of the Monday afternoon OpenStack Summit session titled “To K8s or Not to K8s Your OpenStack Control Plane”. The speaker is Robert Starmer of Kumulus Technologies. This session is listed as a Beginner-level session, so I’m hoping it’s not too basic for me (and that readers will still get some value from the liveblog).

Starmer begins with a quick review of his background and expertise, and then proceeds to provide—as a baseline—an overview of containers and Kubernetes for container orchestration. Starmer covers terminology and concepts like Pods, Deployments (and Replica Sets), Services, StatefulSets, and Persistent Volumes. Starmer points out that StatefulSets and Persistent Volumes are particularly applicable to the discussion about using Kubernetes to handle the OpenStack control plane. Following the discussion of Kubernetes components, Starmer points out that the Kubernetes architecture is designed to be resilient, talking about the use of etcd as a distributed state storage system, multiple API servers, separate controller managers, etc.

Next, Starmer spends a few minutes talking about Kubernetes networking and some of the components involved, followed by a high-level discussion around persistent volumes and storage requirements, particularly for StatefulSets.

Having covered Kubernetes, Starmer now starts talking about the requirements Continue reading

OpenStack Summit Sydney Day 1 Keynote

This is a liveblog of the day 1 keynote here at the OpenStack Summit in Sydney, Australia. I think this is my third or fourth trip to Sydney, and this is the first time I’ve run into inclement weather; it’s cloudy, rainy, and wet here, and forecasted to remain that way for most of the Summit.

At 9:02am, the keynotes (there are actually a set of separate keynote presentations this morning) kicks off with a video with Technical Committee memebers, community members, and others talking about the OpenStack community, the OpenStack projects, and the Summit itself. At 9:05am, the founders of the Australian OpenStack User Group—Tristan Goode and Tom Fifield—take the stage to kick off the general session. Goode and Fifield take a few minutes to talk about the history of the Australian OpenStack User Group and the evolution of the OpenStack community in Australia. Goode also takes a few moments to talk about his company, Aptira.

After a few minutes, Goode and Fifield turn the stage over to Mark Collier and Lauren Sell from the OpenStack Foundation. Collier and Sell set the stage for the upcoming presentations, do some housekeeping announcements, and talk about sponsors and support partners. Sell Continue reading

Perfect locality and three epic SystemTap scripts

In a recent blog post we discussed epoll behavior causing uneven load among NGINX worker processes. We suggested a work around - the REUSEPORT socket option. It changes the queuing from "combined queue model" aka Waitrose (formally: M/M/s), to a dedicated accept queue per worker aka "the Tesco superstore model" (formally: M/M/1). With this setup the load is spread more evenly, but in certain conditions the latency distribution might suffer.

After reading that piece, a colleague of mine, John, said: "Hey Marek, don't forget that REUSEPORT has an additional advantage: it can improve packet locality! Packets can avoid being passed around CPUs!"

John had a point. Let's dig into this step by step.

In this blog post we'll explain the REUSEPORT socket option, how it can help with packet locality and its performance implications. We'll show three advanced SystemTap scripts which we used to help us understand and measure the packet locality.

A shared queue

The standard BSD socket API model is rather simple. In order to receive new TCP connections a program calls bind() and then listen() on a fresh socket. This will create a single accept queue. Programs can share the file descriptor - pointing Continue reading

OpenStack now featured in Cumulus in the Cloud

First of all, we’re thrilled to announce that today we launched OpenStack with Cumulus in the Cloud. That means that you can now test out Cumulus Networks technology with an OpenStack environment easily and at zero cost to you.

I’ve written previously about Cumulus In The Cloud (CitC) when we first released it a month ago with Mesos as the initial release flavor. Since then, JR Rivers and his team have been diligently working on adding additional flavors to the CitC offering. I could not have been happier to hear the good news that they had integrated an OpenStack solution with the cloud testing framework.

I immediately launched my own free instance of Cumulus in the Cloud using the standard steps. I was greeted with a new option where I could pick the flavor of CitC I wanted to initiate:

OpenStack Cumulus 1

Since I had already experimented with Mesos, I was eager to tinker with OpenStack to better learn this technology.

To be upfront, I am not an OpenStack expert. I have been diligently learning it over the past six months ever since a majority of my customer engagements have involved private cloud deployments leading with OpenStack. As a network engineer first, Continue reading

Introduction to Point to Point Authentication : PAP and CHAP protocols

Today I am going to talk about the PAP- Password Authentication Protocol and CHAP- challenge handshake authentication protocol. So let's talk about PAP and CHAP one by one.

PAP and CHAP is one of the basic and most important topic for CCNA candidates or the freshers who are going to work on the Point to point networks.

Before we are starting with the PAP and CHAP protocols, I would like to tell you that PAP and CHAP is the authentication procedure in Point to point network. So if you are using Point to point networks in your architecture you should opt for PAP or CHAP protocols as per the design required.

Below is the example showing the pictorial representation where we are defining the acceptance and the refusal of the connection in both the cases.

PAP- Password Authentication Protocol
So PAP is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. PAP generally consider as a very basic two-way process. There is no encryption. The username and password are sent in plain text. If it is accepted, the connection is allowed. 
The authentication phase of a PPP session is optional. If used, you can authenticate the Continue reading

Introduction to ACI Multi-Site Fabric Design Network

In my earlier post I talk about the ACI stretched Fabric and ACI multi-pod fabric designs with single and multiple APIC clusters. Now I am going to talk about the basics of the Cisco ACI Multi-site fabric design network in my article. If you want to have a look for my earlier article, please go through the below mentioned link and review before we will start with the Cisco ACI multi-site fabric network design.

Introduction to Cisco ACI stretched fabric and ACI Multi-pod Fabric Designs

So in short, you now understand the Cisco single-pod, Cisco ACI stretched fabric and Cisco ACI multi-pod fabric design. Now we are going to talk about the next level of Cisco ACI deployment model and this model is called as Cisco ACI Multi-site fabric design.

Cisco ACI Multi-site Fabric Network Design 
Making more innovation in the Cisco ACI with the APIC 2.0 release, Cisco said that a Multi-Site design is the architecture interconnecting multiple APIC cluster domains with their associated pods. 

A Multi-Site design could also be called a Multi-Fabric design, because it interconnects separate availability zones (fabrics), each deployed either as a single pod or multiple pods (a Multi-Pod design). Below is Continue reading

Introduction to Cisco ACI stretched fabric and ACI Multi-pod Fabric Designs

Today I am going to talk about Cisco ACI where Cisco is providing two different solutions on Cisco ACI. One solution is Cisco ACI Multi-pod and other solution is named as Cisco ACI Multi-Site design or architecture. 

Earlier Cisco ACI multi-pod environment we were doing the ACI stretched Fabric design but then Cisco come up with the solution called as Cisco ACI multi-pod.

What is Cisco ACI Multi-pod ?
Well ACI multi-pod is a kind of ACI stretched Fabric design with more benefits and features. In simple words we can say that ACI multi-pod is a multiple ACI fabrics that is under control of single management or administration. 

What is the key difference of ACI stretched fabric design and ACI multi-pod ?
Let's talk about the ACI stretched fabric design, Let us suppose we have two ACI fabric design where we have Spine-Leaf architecture. One is ACI-I and other is ACI-II, if you are going to connect the leaf switches of ACI-I with the spine switches of ACI-II and leaf switches of ACI-II with spine switches of ACI-I makes ACI Stretched fabric design. Below diagram shows the best way of Cisco ACI stretched fabric design between three ACI fabric networks.
Continue reading

Setting up multiple networks is going to be much faster in oVirt 4.2

Assume you have an oVirt cluster with hundreds of VM networks. Now you add a new host to the cluster. In order for it to move to the Operational state, it must have all required networks attached to it. The easiest way to do it is to attach networks to a label, and then place that label on a NIC of the added host. However, if there are too many networks, Engine could fail to setup them all at once. This is caused by a slow VDSM setupNetworks call that is not able to finish within the 180 seconds long vdsTimeout of Engine.

VDSM performance changes would be included in ovirt-4.2, currently in ovirt-master.

Initscripts performance patch is targeted for EL 7.5.

The following table shows maximal number of networks that can be handled within the vdsTimeout. The measured setupNetworks command handles one network with static IP and N VLAN+bridge networks with no IP. Edit covered a move of all networks from one NIC to another.

Please note that given numbers are for reference only.

installed N add edit del
ovirt-4.2 190 180s 127s 67s
ovirt-4.2 and patched initscripts 350 138s 176s 89s
ovirt-4.1 150 Continue reading

General – Advice on Numbering Policies in Networking

There are several situations where we need to write some form of policy such as QoS, routing policies used in for example redistribution, filtering and policy-based routing, dot1x and so on. Lately I had to update a policy used by the master controller (MC) in an IWAN design. What are some important things to consider when writing the policy?

The number to start with – If you start with the number one then it won’t be possible to insert anything above this line at a later time. How certain are you that you will never have to put anything before the starting line? My recommendation is to start with a higher number such as 100.

Space between each line – Don’t number your lines 100, 101, 102, 103 and so on. Leave some more space between each line in case you have to insert something later between two lines. A spacing of 10 should be fine for most situations.

Go from most granular to least granular – The policy should go from as granular as possible to the least granular at the end. If you have a statement that is too broad you may catch more than you expected even Continue reading

Introduction to Next Generation Network Technology: IOT- Internet Of Things

Today I am going to talk about the next generation technology where we are going to connect many other infrastructure and electronic things and controlled and managed by single user or with group of the users. IOT is now the demand of many enterprise, Schools, Hospitals, Factories and many other places. IOT helps ease to work with the help of the latest technology.

IOT is the new technology where we automated the various appliances may be electronic and electric to make this world better. A aspect, within the internet of things, can be someone with a heart monitor implant, a farm animal with a biochip transponder, an car that has built-in sensors to alert the driver whilst tire pressure is low -- or every other natural or guy-made item that can be assigned an IP address and provided with the capacity to switch facts over a network.

The IoT permits objects to be sensed and managed remotely across current network infrastructure, developing opportunities for extra direct integration of the physical global into pc-based totally systems, and resulting in improved efficiency, accuracy and financial advantage.

What is the Basic Purpose of IOT ? How it will helpful for my Business ?

The Use of the Asymmetric routing

Today I am going to talk about the the concept of asymmetric routing and what is the purpose of the asymmetric routing in details. In simple words, Asymmetric routing is used when a packet takes one path to the destination and takes another path when returning to the source. It can be used of manual purposes where we want the sending and the receiving path will be different.

Asymmetric routing is common within most networks i.e. the larger the network, the more likely there is asymmetric routing in the network. Asymmetric routing is an undesirable situation for many network devices including, firewalls, VPNs, and Load Balancer appliances. These devices all rely on seeing every packet to function properly. 

Below is the example showing the asymmetric routing where we have two different paths for sending and receiving the packets or you can say traffic flow path are different for sending and receiving the packets. In the below topology, you can see that Site A sending the traffic to internet via Primary Router and then to ASA and then to internet Router while receiving from Internet router then secondary router and then to Site A via MPLS cloud. So this Continue reading

Hive Mind, Help Me Out with A10 AXAPI?

Dear Internet,

I am writing some automation code in Go to create client-ssl templates on an A10 load balancer running AXAPI version 2. It’s going as swimmingly as it can with the v2 API, but one area of non-complete API coverage has led to another issue and I’m wondering if anybody has seen the same thing.

A10 Networks Logo

Background – Disabling SSLv3

SSL access to VIPs on the A10 load balancer is controlled by means of client-ssl templates which define which certificates should be presented and the ciphers and protocols supported for the incoming connection. In this case therefore, disabling SSLv3 is accomplished in the client-ssl template (unfortunately there is no global switch to turn SSLv3 off by default). A typical template might look like this in the configuration:

slb template client-ssl mytemplate
   cert my_certificate
   key my_private_key
   chain-cert some_chain_cert
   disable-sslv3
!

As it turns out, all aspects of the client-ssl template are exposed via the API except for “disable-sslv3” which shows neither as a returned property of the template (highly annoying), nor as a property which can be set when creating a template (also annoying). Thus to replicate a template like the one above, I choose to set everything I can using the Continue reading

New IBM platform turns your data center into a cloud

What if you could flip a switch and turn your stodgy old data center full of legacy apps into a cloud-enabled one capable of migrating apps and data to the public cloud with ease by containerizing your legacy apps?IBM says it has just such an offering in IBM Cloud Private, a platform focused on assisting private data centers looking for a relatively simple way to move into the cloud. The idea is to offer a consistent way of managing your application stack, regardless of where they reside. Also on Network World: IBM’s latest private cloud is built on Kubernetes, and is aimed at Microsoft IBM Cloud Private takes middleware and other legacy applications, places them inside Kubernetes containers and transforms them into contemporary applications using Kubernetes container orchestration. The software itself is already containerized, including IBM tools and most major open source databases. To read this article in full or to leave a comment, please click here

New IBM platform turns your data center into a cloud

What if you could flip a switch and turn your stodgy old data center full of legacy apps into a cloud-enabled one capable of migrating apps and data to the public cloud with ease by containerizing your legacy apps?IBM says it has just such an offering in IBM Cloud Private, a platform focused on assisting private data centers looking for a relatively simple way to move into the cloud. The idea is to offer a consistent way of managing your application stack, regardless of where they reside. Also on Network World: IBM’s latest private cloud is built on Kubernetes, and is aimed at Microsoft IBM Cloud Private takes middleware and other legacy applications, places them inside Kubernetes containers and transforms them into contemporary applications using Kubernetes container orchestration. The software itself is already containerized, including IBM tools and most major open source databases. To read this article in full or to leave a comment, please click here

Fujitsu, NetApp Tag Team For Converged Infrastructure

Converged and hyperconverged infrastructure, those tightly integrated systems that bring together compute and storage into pre-tested and pre-configured stacks, continues to be in high demand from enterprises that are looking to rework their datacenters to become private clouds that can more easily and, in the long run, more cheaply host fast-emerging technologies like analytics, mobile applications, Internet of Things telemetry, virtual and augmented reality, and various software-defined infrastructure. These CI and HCI platforms are designed to bring greater flexibility and scalability, ease deployment and management, and reduce costs in areas such as acquisition and power consumption.

IDC analysts have been

Fujitsu, NetApp Tag Team For Converged Infrastructure was written by Jeffrey Burt at The Next Platform.

Cumulus content roundup: November

Saddle-up and get ready to ride — the Cumulus content roundup is back to take you on a journey through the best in industry news! It’s been a great month for innovation and forward-thinking, here at Cumulus Networks and beyond. From clouds to chassis to microservices, we’ve got the latest in data center networking trends covered. Check out what’s going on, and let us know what you think!

The best from Cumulus:

Private vs. public cloud white paper: Trying to decide which cloud is best for your organization? This white paper weighs the costs and benefits of private, public, and hybrid clouds for you. Read more so you can pick the perfect cloud.

Cumulus Networks inducted into JPMorgan Chase Hall of Innovation: We are humbled and honored to announce that Cumulus Networks has been inducted into the JPMorgan Chase Hall of Innovation. Read this blog to see what it takes to be an innovator.

Technical video and demo: NetQ: This video is perfect for anyone searching for a technical breakdown and demonstration of NetQ’s immense capabilities. Watch here, and see the awesome power of NetQ for yourself.

Choosing your chassis: This blog post provides an up-close Continue reading

1 1,829 1,830 1,831 1,832 1,833 3,833