OpenStack SDN – Distributed Virtual Routing
In this post we’ll explore how DVR is implemented in OpenStack Neutron and what are some of its benefits and shortcomings.
Continue readingNetwork Automation RFP Requirements
After finishing the network automation part of a recent SDN workshop I told the attendees “Vote with your wallet. If your current vendor doesn’t support the network automation functionality you need, move on.”
Not surprisingly, the next question was “And what shall we ask for?” Here’s a short list of ideas, please add yours in comments.
Read more ...FCIP Cheat Sheet Released
Here is the FCIP Cheat Sheet however, There is not much detail and terms about FCIP really, it's a straight forward protocol.
If you found a bug or want new content to be added, please report it!
FCIP Cheat Sheet Released
Here is the FCIP Cheat Sheet however, There is not much detail and terms about FCIP really, it's a straight forward protocol.
All the best and please report in case of any bug.
Authenticated access to Kubernetes pods
When running a micro-services style application in a public cloud, one of the problems to solve is how to provide access to debug information. At Laserlike, we run our application stack on GKE. Most of the stack consists of golang Pods that run an HTTP listener that serves /debug and /metrics handlers.
For metrics scrapping we use prometheus; and grafana for visualization. Our grafana server is nodePort service behind a GCE Load Balancer which uses oauth2 based authentication for access. This still leaves a gap in terms of access to the pod debug information such as /debug/vars or /debug/pprof.
In order to address this gap, we created a simple HTTP proxy for kubernetes services and endpoints. We deploy this proxy behind a oauth2 authenticator which is then exposed via an external load balancer.
The service proxy uses the kubernetes client library in order to consume annotations on the service objects. For example, the following annotation, instructs the service proxy to expose the debug port of the endpoints of the specified service:
metadata:
annotations:
k8s-svc-proxy.local/endpoint-port: "8080"
The landing page on the proxy then displays a set of endpoints:
Authenticated access to Kubernetes pods
When running a micro-services style application in a public cloud, one of the problems to solve is how to provide access to debug information. At Laserlike, we run our application stack on GKE. Most of the stack consists of golang Pods that run an HTTP listener that serves /debug and /metrics handlers.
For metrics scrapping we use prometheus; and grafana for visualization. Our grafana server is nodePort service behind a GCE Load Balancer which uses oauth2 based authentication for access. This still leaves a gap in terms of access to the pod debug information such as /debug/vars or /debug/pprof.
In order to address this gap, we created a simple HTTP proxy for kubernetes services and endpoints. We deploy this proxy behind a oauth2 authenticator which is then exposed via an external load balancer.
The service proxy uses the kubernetes client library in order to consume annotations on the service objects. For example, the following annotation, instructs the service proxy to expose the debug port of the endpoints of the specified service:
metadata:
annotations:
k8s-svc-proxy.local/endpoint-port: "8080"
The landing page on the proxy then displays a set of endpoints:
Cloud IT Infrastructure Spending Continues To Climb
IDC's Worldwide Quarterly Cloud IT Infrastructure Forecast nudges total IT budget spent on cloud to 36.9% in 2016.
Raising The Standard For Storage Memory Fabrics
People tend to obsess about processing when it comes to system design, but ultimately an application and its data lives in memory and anything that can improve the capacity, throughput, and latency of memory will make all the processing you throw at it result in useful work rather than wasted clock cycles.
This is why flash has been such a boon for systems. But we can do better, and the Gen-Z consortium announced this week is going to create a new memory fabric standard that it hopes will break down the barriers between main memory and other storage-class memories on …
Raising The Standard For Storage Memory Fabrics was written by Timothy Prickett Morgan at The Next Platform.
WTF Yahoo/FISA search in kernel?
A surprising detail in the Yahoo/FISA email search scandal is that they do it with a kernel module. I thought I’d write up some (rambling) notes.What the government was searching for
As described in the previoius blog post, we’ll assume the government is searching for the following string, and possibly other strings like it within emails:
### Begin ASRAR El Mojahedeen v2.0 Encrypted Message ###
I point this out because it’s simple search identifying things. It’s not natural language processing. It’s not searching for phrases like “bomb president”.
Also, it's not AV/spam/childporn processing. Those look at different things. For example, filtering message containing childporn involves calculating a SHA2 hash of email attachments and looking up the hashes in a table of known bad content (or even more in-depth analysis). This is quite different from searching.
The Kernel vs. User Space
Operating systems have two parts, the kernel and user space. The kernel is the operating system proper (e.g. the “Linux kernel”). The software we run is in user space, such as browsers, word processors, games, web servers, databases, GNU utilities [sic], and so on.
The kernel has raw access to the machine, memory, network devices, graphics Continue reading
Worth Reading: Why I care about Segment Routing
The post Worth Reading: Why I care about Segment Routing appeared first on 'net work.