The pilot episode of Software Gone Wild podcast featuring Snabb Switch created plenty of additional queries (and thousands of downloads) – it was obviously time for another deep dive episode discussing the intricate innards of this interesting virtual switch.
During the deep dive Luke Gorrie, the mastermind behind the Snabb Switch, answered a long list of questions, including:
Read more ...In my last post, we covered setting up the basic install of the Chef Server, the Chef client, and a test node that we bootstrapped with Chef. Now let’s talk about some of the basics and hopefully by the end of this post we’ll get to see Chef in action! Let’s start off by talking about some of the basic constructs with Chef…
Cookbooks
Cookbooks can be seen as the fundamental configuration item in Chef. Cookbooks are used to configure a specific item. for instance, you might have a cookbook that’s called ‘mysql’ that’s used to install and configure a MySQL server on a host. There might be another cookbook called ‘httpd’ that installs and configures the Apache web server on a host. Cookbooks are created on the Chef client and then uploaded and stored on the Chef server. As we’ll see going forward, we don’t actually spend much time working directly on the Chef server. Rather, we work on the Chef client and then upload our work to the server for consumption by Chef nodes.
Recipes
Recipes are the main building block of cookbooks. Cookbooks can contain the Continue reading
Monitor features in Cisco devices are able to show data flows but Cisco IOS lacks the option to export data on the fly. I wrote tiny GNU/Linux shell script to solve this restriction.
That is something like ASA capture (https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios) via HTTP/HTTPS.
I tested script on:
Router(config)#uname -a
IOSv Router IOS 15.4 Cisco IOS Software, vios Software (vios-ADVENTERPRISEK9-M), Experimental Version 15.4(20131213:232637) [lucylee-ca_pi23 137]
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Mon 16-Dec-13 19:50 by lucylee Unknown Unknown IOS
1. Create user and add privilege level 15 (root)
username user secret userpass
username user privilege 15
2. Start HTTP server, authentication style and optional (set max connection to 16 (default 5))
For security reasons you should set HTTP/HTTPS authorization with ACL and instead of HTTP use HTTPS server.
ip http server
ip http authentication local
ip http max-connections 16
3. Configure Monitor settings
Below I created a circular buffer called MY_BUFFER. Linear buffer is limited that means, if buffer is full IOS will stop capture. In circular buffer "old" data will be rewritten when buffer is full.
monitor capture buffer MY_BUFFER size 1024 max-size 9500 circular
Next step is to create a capture point. I created the Continue reading
It’s long been assumed that Spammers use a technique called IP squatting to get around IP reputation lists and to make it harder to find the real source of the spammers. In this blog we’ll take a closer look at Spam operations and their techniques.
IP Squatting
We’ve all read the reports about IPv4 running out of free address space and while that is certainly true there’s still a lot of address space that has been allocated but is not actually routed on the Internet today. A significant portion of that space are prefixes that were allocated a long time ago and folks are no longer using these allocations, forgot about it or have other reasons to not use their IP address space on the Internet. IP squatters look for space that hasn’t been routed for a while and will claim ownership of the space. This can then be used for things such as Spamming. There is vast range address space that is not currently announced on the Internet and it is not uncommon for IP squatters to cycle through this space using one or more prefixes at a time for a brief period.
Below we’ll expose two actual Spam Continue reading
This one has seriously crept up on me; it’s only a week until the kickoff presentation for Networking Field Day 8 in Silicon Valley. I’m truly honored to be able to attend another Tech Field Day event, and this one … Continue reading
If you liked this post, please do click through to the source at NFD8 Is Coming! and give me a share/like. Thank you!
This post was co-authored by Justin Pettit, Staff Engineer, Networking & Security Business Unit at VMware, and Ravi Shekhar, Distinguished Engineer, S3BU at Juniper Networks.
********************
As discussed in other blog posts and presentations, long-lived, high-bandwidth flows (elephants) can negatively affect short-lived flows (mice). Elephant flows send more data, which can lead to queuing delays for latency-sensitive mice.
VMware demonstrated the ability to use a central controller to manage all the forwarding elements in the underlay when elephant flows are detected. In environments that do not have an SDN-controlled fabric, an alternate approach is needed. Ideally, the edge can identify elephants in such a way that the fabric can use existing mechanisms to treat mice and elephants differently.
Differentiated services (diffserv) were introduced to bring scalable service discrimination to IP traffic. This is done using Differentiated Services Code Point (DSCP) bits in the IP header to signal different classes of service (CoS). There is wide support in network fabrics to treat traffic differently based on the DSCP value.
A modified version of Open vSwitch allows us to identify elephant flows and mark the DSCP value of the outer IP header. The fabric is then configured to handle packets Continue reading
There’s been some misconceptions and misinformation lately about FCoE. Like any technology, there are times when it makes sense and times when it doesn’t, but much of the anti-FCoE talk lately has been primarily ignorance and/or wilful misrepresentation.
In an effort to fight that ignorance, I put together a quick introduction to how FC and FCoE works. They both operate on the basic premise that you can’t drop any frames. Fibre Channel was built as a lossless protocol, and with a bit of work, Ethernet can also be lossless.
Check it out:
If you’re a regular reader of my blog, you know that I spent a lot of time during the last three years debunking SDN myths, explaining the limitations of OpenFlow and pointing out other technologies one could use to program the network.
During the summer of 2014 I organized my SDN- and OpenFlow-related blog posts into a digital book. I want to make this information as useful and as widely distributed as possible – for a limited time you can download the PDF free of charge.
Just a quick reminder: As of today you have only two weeks to sign up for the very first ever public Docker training class in San Francisco! Here’s your chance to rapidly get up to speed on Docker’s container technology with plenty of first-hand attention. The class, held in a small intimate setting in downtown San Francisco, will be led by myself and the legendary Jérôme Petazzoni. We are both Solutions Engineers at Docker Inc. with strong backgrounds in development and operations. The training will be held September 17th and 18th and will cover a wide range of topics from fundamentals to best practices to orchestration and beyond.
Click here to reserve your spot today!
Want to learn more and stay up-to-date?
You’ve probably heard it before. The myth goes something like this: “With software based overlays, troubleshooting in real-time where a flow is going with ECMP hashing on the fabric is going to be a real problem.” The implied message being that this can only be possible with special hardware in a new proprietary fabric switch.
I’ve heard this one a number times, usually while seated comfortably in a session presented by a vendor who’s invested in the failure of software-centric network virtualization such as VMware NSX. As if this person has never heard of Netflow? Or maybe they assume you won’t bother to do the research, connect the dots, and in fact discover all that is possible.
Well, guess what? I decided to do the research :-) And I put together a short demo showing you just how simple it is to get this troubleshooting capability with generally available software, using any standard network switch, constructed in any standard fabric design (routed Leaf/Spine, L2 with MLAG, etc).
I presented this demo to the VMworld TV crew and embedded it here for your convenience:
It’s really simple, actually. Here’s what I explain in the video:
The Continue reading
You’ve probably heard it before. The myth goes something like this: “With software based overlays, troubleshooting in real-time where a flow is going with ECMP hashing on the fabric is going to be a real problem.” The implied message being that this can only be possible with special hardware in a new proprietary fabric switch.
I’ve heard this one a number times, usually while seated comfortably in a session presented by a vendor who’s invested in the failure of software-centric network virtualization such as VMware NSX. As if this person has never heard of Netflow? Or maybe they assume you won’t bother to do the research, connect the dots, and in fact discover all that is possible.
Well, guess what? I decided to do the research :-) And I put together a short demo showing you just how simple it is to get this troubleshooting capability with generally available software, using any standard network switch, constructed in any standard fabric design (routed Leaf/Spine, L2 with MLAG, etc).
I presented this demo to the VMworld TV crew and embedded it here for your convenience:
It’s really simple, actually. Here’s what I explain in the video:
The Continue reading
You’ve probably heard it before. The myth goes something like this: “With software based overlays, troubleshooting in real-time where a flow is going with ECMP hashing on the fabric is going to be a real problem.” The implied message being that this can only be possible with special hardware in a new proprietary fabric switch.
I’ve heard this one a number times, usually while seated comfortably in a session presented by a vendor who’s invested in the failure of software-centric network virtualization such as VMware NSX. As if this person has never heard of Netflow? Or maybe they assume you won’t bother to do the research, connect the dots, and in fact discover all that is possible.
Well, guess what? I decided to do the research :-) And I put together a short demo showing you just how simple it is to get this troubleshooting capability with generally available software, using any standard network switch, constructed in any standard fabric design (routed Leaf/Spine, L2 with MLAG, etc).
I presented this demo to the VMworld TV crew and embedded it here for your convenience:
It’s really simple, actually. Here’s what I explain in the video:
The Continue reading
This guest post is by Drew Conry-Murray, Director of Content & Community at Interop and a good friend of the Packet Pushers. SPECIAL NOTE: Interop is offering the Packet Pushers community a 25% discount on Total Access and Conference Passes or a FREE Expo Pass for the New York show. Register today with the code PACKETP to receive the discount. The […]
The post Five Reasons To Be At Interop New York appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.
Containers virtualize at the operating system level, Hypervisors virtualize at the hardware level. Hypervisors abstract the operating system from hardware, containers abstract the application from the operation system. Hypervisors consumes storage space for each instance. Containers use a single storage space plus smaller deltas for each layer and thus are much more efficient. Containers can boot and be […]
The post Basics – Docker, Containers, Hypervisors, CoreOS appeared first on EtherealMind.