Docker networking

When docker launches a linux container it will, by default, assign it a private IP address out of RFC 1918 space. It connects this container to the host OS using a bridged interface (docker0). Connectivity between the outside world and the container depends on NAT.

Outbound traffic is NATed using the host’s IP address. Inbound traffic requires explicit port mapping rules that map a port on the host to a port in the container. Given that typically one runs multiple containers in the same host there needs to be a map between a host port (in the dynamic port range) and a service port on the container.

For example, the HTTP service port (80) in container-1 will be mapped to port 49153 while container-2 would see its HTTP port mapped to host port 49154. Ports that are not explicitly mapped cannot receive incoming traffic. Also containers within the same host will see different IP address ports than containers across different hosts (not very ‘cloudy’).

This is the reason why using a network virtualization solution such as OpenContrail is so appealing. OpenContrail, replaces docker’s networking implementation which can be disabled by using –net=none. It provides each container its own IP address in Continue reading

Tech Notes: Ping Sweep an IP Subnet

This is my current goto code snippet for using the BASH command line to perform a ping sweep through an IPv4 subnet. for i in `seq 1 255`; do ping -c 1 192.168.1.$i | tr \n ' ' | awk '/1 received/ {print $2}'; done This script is deliberately simple, only works for /24 subnets but […]

The post Tech Notes: Ping Sweep an IP Subnet appeared first on EtherealMind.

A10 – That Global Health Monitor Warning

In a previous post I whined that the A10 load balancers by default only need to see a single successful health check from a service in order to mark it as up. I argued that that’s not a good idea, … Continue reading →

If you liked this post, please do click through to the source at A10 – That Global Health Monitor Warning and give me a share/like. Thank you!

Network Engineers, Pay Attention to Big Data

You have probably realized we are having a Big Data kind of week here at the Plexxi blog. And for good reason. The amount of development and change in this big bucket of applications we conveniently label “Big Data”, is astonishing.

Walking around at Hadoopworld in New York last week, I initially felt somewhat lost as a “networking guy”. But that feeling of “not belonging” is only superficial, the network has a tremendously important role in these applications. The challenge is that many “networking” folks don’t quite understand or realize that yet, but contrary to what I believed not too long ago, Big Data Application folks have a pretty good understanding of the role of the network in their overall application and its performance.

As an industry we have been talking about the increase in east-west traffic for quite a few years now. For your typical datacenter infrastructure today this is based on loosely coupled applications and semi-distributed storage. A web based application has many components that together make up the application we see as users. There are application load balancers, web server front ends, application back ends that in turn have databases for their data storage. And those databases Continue reading

Thoughts of My Day: VCE Always Was An EMC Property

EMC announced during it’s quarterly results that it was taking a larger position in VCE. VCE was always an EMC asset, co-operation with partners Cisco, Intel and VMware has never been strong and this simply closes out the current chapter.  The end result positions EMC to also be a “IBM style” company with a full […]

The post Thoughts of My Day: VCE Always Was An EMC Property appeared first on EtherealMind.

IPv6 in a Global Company – a Real-World Example

More than a year ago I wrote a response to a comment Pascal wrote on my Predicting the IPv6 BGP table size blog post. I recently rediscovered it and figured out that it’s (unfortunately) as relevant as it was almost 18 months ago.

Other people have realized we have this problem in the meantime, and are still being told to stop yammering because the problem is not real. Let’s see what happens in a few years.

Want to speak at or sponsor AnsibleFest London?

Are you interested in speaking or sponsoring AnsibleFest London? Simply visit our AnsibleFest London page to learn how you can do both.

Speakers and sponsors of previous AnsibleFests have included Google, Linode, Cisco, Big Panda, Rackspace, Cumulus Networks, Twitter, Telescope, and others. AnsibleFest London will be scheduled for early 2015. We'll announce more details soon.

Show 209 – HP Networks and Network Management – Sponsored

Talking about Network Management get mixed reactions in the network industry with a rich history of products that didn't match our expectations or needs. In today's sponsored podcast, HP Networking continues their mission to change the way network engineers feel about their NMS's through the HP Intelligent Management Center.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Show 209 – HP Networks and Network Management – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.

New CCIE RSv5 Troubleshooting/Full Scale Rack Rentals & Labs

Rack Rentals for INE’s CCIE RSv5 Workbook’s Troubleshooting Labs and Full Scale Labs are now available via the Members Site. To access them login to http://members.ine.com, click “Rack Rentals” on the dashboard on the left, and then click “Schedule” under “CCIE Routing & Switching v5 Full Scale.”

This topology uses 20 routers and 4 switches and is for both Troubleshooting and Full Scale Labs. The topology above it, “CCIE Routing & Switching v5″, uses 10 routers and 4 switches, and supports all the Advanced Technology Labs and Foundation Labs.

The loading and saving of initial configs is supported through the Rack Control Panel, which can greatly save you time in your studies, especially with very large topologies such as those used in the Troubleshooting and Full Scale Labs.

Additionally, Full Scale Lab 2 and Troubleshooting Lab 2 have been posted to the CCIE RSv5 Workbook. More Foundation, Troubleshooting, and Full Scale Labs are currently in development and will be posted soon. For discussion on these new labs please visit the CCIE RSv5 Workbook section of IEOC, our online community.

Gathering Ansible facts from network devices using SNMP

At times when I look at the tools available for server admins today I long for the times when I didn’t work in networking. Sure we can use tools like Puppet and Ansible for networking too. However the tools are made for servers. Of course there are tie-ins into network automation, but the functionality is rudimentary at best. The current problem as I see it is the lack of decent APIs, granted some vendors are better than others. And I haven’t had the pleasure of working with those who understand XML. Sometime in a not too distant future when we have flying skateboards, SDN and nano bots these problems will disappear, but we’re not there yet. Before I take a deep dive to see what’s actually possible to do with onePK, OpenDaylight and all that good stuff I wanted to see how much is possible to do today. So this post is about Ansible which is really simple to learn and SNMP, where one of the words in the acronym is “simple”. It should be a perfect match, right?
Continue reading

Multi-Machine Vagrant with YAML

In this post, I’ll describe a technique I found for simplifying the use of multi-machine Vagrantfiles by extracting configuration data into a separate YAML file. This technique is by no means something that I invented or created, so I can’t take any credit whatsoever; this is an idea I first saw here. I wanted to share it here in the hopes that it might prove useful to a larger audience.

If you aren’t familiar with Vagrant and Vagrantfiles, you might start with my quick introduction to Vagrant.

I found this technique after trying to find a way to simplify the creation of multiple machines using Vagrant. Specifically, I was trying to create multiple instances of CoreOS along with an Ubuntu instance for testing things like etcd, fleet, Docker, etc. The Vagrantfile was getting more and more complex, and making changes (to add another CoreOS node, for example) wasn’t as straightforward as I would have liked.

So what’s the fix? As with other DSLs (domain-specific languages) such as Puppet, the fix was found in separating the data from the code. In Puppet, that means parameterizing the module or class, and I needed to use a similar technique here with Vagrant. So, Continue reading

A10 Service Failure Recovery

A quick post today, about how the A10 load balancer handles the recovery of a server based on health checks. Kind of a warning actually. A10 Health Monitor Configuration In order to determine when a service should be considered “up” … Continue reading →

If you liked this post, please do click through to the source at A10 Service Failure Recovery and give me a share/like. Thank you!

Making the World a Better Place with Big Data

I spent last week at the Strata + Hadoop World Conference in New York City with 5000 other “big data” customers, vendors, and enthusiasts. In the last 6 months we’ve seen demand for a “big data” based network infrastructure really start to take off, and I’ve spent a lot of time recently trying to better understand the evolving market and technology landscape and use cases. I’m particularly interested in how network infrastructure can drive a better experience for users of big data applications, or networking/infrastructure teams that need to support these applications, but ultimately I want to know what do businesses get out of these investments in data, analytics, and infrastructure.

[On a related note, as part of our efforts to provide the best “Big Data Fabric” we recently brought on @networkn3rd (Ed Henry) to Plexxi to fully define our reference architecture. Ed will be demo’ing the first fruits of his labor this Friday on SDN’s Central’s Demo Friday - Register Here].

Hadoop World was a really great experience. As a relative newbie to Big Data, I have a lot to learn and this was a great place to soak up actual customer use cases. While there was certainly Continue reading

Multi-Machine Vagrant with YAML

In this post, I’ll describe a technique I found for simplifying the use of multi-machine Vagrantfiles by extracting configuration data into a separate YAML file. This technique is by no means something that I invented or created, so I can’t take any credit whatsoever; this is an idea I first saw here. I wanted to share it here in the hopes that it might prove useful to a larger audience.

If you aren’t familiar with Vagrant and Vagrantfiles, you might start with my quick introduction to Vagrant.

I found this technique after trying to find a way to simplify the creation of multiple machines using Vagrant. Specifically, I was trying to create multiple instances of CoreOS along with an Ubuntu instance for testing things like etcd, fleet, Docker, etc. The Vagrantfile was getting more and more complex, and making changes (to add another CoreOS node, for example) wasn’t as straightforward as I would have liked.

So what’s the fix? As with other DSLs (domain-specific languages) such as Puppet, the fix was found in separating the data from the code. In Puppet, that means parameterizing the module or class, and I needed to use a similar technique here with Vagrant. So, Continue reading

All You Need Are Two Top-of-Rack Switches

Every time I’m running a classroom version of my Designing the Cloud Infrastructure workshop, I start with a simple question: “Who has more than 2000 VMs or bare-metal servers in the data center?”

I might see three hands on a good day; 90-95% of the audience have smaller data centers… and some of them get disappointed when I tell them they don’t need more than two ToR switches in their data center.

Vulnerable OMA-DM Implementations and Over the Air Hacks

Earlier today, I was listening to Risky Business show #341. In this show Matt Solnik discussed vulnerabilities that he attempted to share at BlackHat. I say attempted, because it sounds like they may have had some issues with audio/video during critical times of the presentation. Nonetheless, it seems like there are many vulnerable implementations of the open mobile administration device management (OMA-DM). I took a minute to dig up some of the videos published by Accuvant that makes this stuff real.

Over the Air Code Execution and Jailbreak

NIA-Based Lock Screen Bypass

External Links

• Cellular Exploitation On A Global Scale: The Rise and Fall of the Control Protocol (slides available)

Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may not reflect the position of past, present or future employers.

The post Vulnerable OMA-DM Implementations and Over the Air Hacks appeared first on PacketU.

Alcatel switches Auto Vlan Assignement

Response: HowTo Configure IP Multicast PIM on ECMP| Mellanox Interconnect Community

Today I spent several hours reading up on PIM Bidirectional for an customer implementation on an ECMP networking. I realise that somewhere inside my head there is a lot of IP Multicast knowledge that hasn’t been lost but it is definitely hiding. I had to re-learn a number of concepts before I started feel confident. […]

The post Response: HowTo Configure IP Multicast PIM on ECMP| Mellanox Interconnect Community appeared first on EtherealMind.

The Ultimate Portable Laptop Stand – Rooststand !!

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
I was looking for a portable laptop stand as I have been starting to get neck pain hunched over my laptop all day. Working at home, in the office and on client sites I needed a laptop stand and it had to be portable. I searched the internet for portable laptop stands and apart from... [Read More]

Post taken from CCIE Blog

Original post The Ultimate Portable Laptop Stand – Rooststand !!

Twitter, Please Stop Giving Me Things I Don’t Want

Last week, Twitter confirmed that they will start injecting tweets from users you don’t follow into your timeline.  The collective cry from their user base ranged from outrage to a solid “meh”.  It seems that Twitter has stumbled onto the magic formula that Facebook has perfected: create a feature the users don’t care about and force it onto them.  Why?

Twitter Doesn’t Care About Power Users

Twitter has an interesting mix of users.  They reported earlier this year that 44% of their user base has never tweeted.  That’s a lot of accounts that were created for the purpose of reserving a name or following people in read-only mode.  That must concern Twitter.  Because people that don’t tweet can’t be measure for things like advertising.  They won’t push the message of a sponsored tweet.  They won’t add their voice to the din.  But what about those users that tweet regularly?

Power users are those that tweet frequently without a large follower base.  Essentially, everyone that isn’t a celebrity with a million followers or a non-tweeting account.  You know, the real users on Twitter.  The people that make typos in their tweets and actually check to see who follows them.  The ones Continue reading