Scott's Weblog The weblog of an IT pro specializing in virtualization, networking, open source, and cloud computing

Technology Short Take #68

Welcome to Technology Short Take #68, my erratically-published collection of links, articles, and posts from around the web—all focused on today’s major data center technologies. I’ve been trying to stick to a schedule that has these posts published on a Friday, but given the pending holiday weekend I wanted to get this out a bit early. As always, I hope that something I’ve included here proves useful to you.

Networking

  • Brent Salisbury retweeted a ton of MACVLAN- and IPVLAN-related posts right after I published the last Technology Short Take, so they had to get bumped to this one. First, we have this post on HiCube, which covers MACVLAN vs. IPVLAN. Next, we have a pair of articles by Sreenivas Makam; the first covers MACVLAN and IPVLAN basics, while the second tackles the Docker MACVLAN and IPVLAN network plugins. Both articles are useful, IMHO, especially considering that MACVLAN is no longer experimental as of the Docker 1.12 release.
  • I recently came across this mention of in-band network telemetry (INT), which looks really powerful. I think this will be something worth watching.
  • Oh, and while we’re discussing P4: Diego Dompe has an article talking about OpenSwitch and P4 that might be useful to read. I haven’t played with OpenSwitch (or the OpenSwitch simulator), so I can’t provide any feedback on the stuff Diego describes. (As a side note, almost every time I see “OpenSwitch” I have to do a double-take because I think it says “Open vSwitch”.)
  • Patrick Ogenstad outlines what’s involved with managing Cisco IOS upgrades with Ansible.
  • If you like geeking out over the hardware side of networking, you may find this Ars Technica article on the physical infrastructure of the global Internet to be an interesting read. (I did.)
  • Hannes Gredler has a post speculating on the end of the router, where he discusses how new technologies may have dramatic effects on routers as we know them. As you read it, keep in mind that Hannes founded a company (RtBrick) to explore some of the things he talks about in the article.
  • Here’s a good article from my friend Ivan Pepelnjak on whether OVSDB is a management plane or control plane protocol. I won’t spoil Ivan’s conclusion; go read the article!

Servers/Hardware

Nothing this time around, but I’ll stay tuned for items to include in future posts.

Security

  • Sysdig Falco, a behavioral security tool with support for containers (can run in a container and can monitor containers) looks like it could be a useful addition to your security toolset. It’s early yet (Falco is only at version 0.1.0), so keep that in mind—the blog post announcing Falco specifically calls out performance as something they’ll target in upcoming releases.
  • I was also recently introduced to a company called HexaTier (formerly GreenSQL), which provides a database security product supporting both on-premises deployments as well as cloud-based deployments, and supports public cloud database-as-a-service (DBaaS) offerings. I plan to do a more in-depth write-up on HexaTier soon, after I’ve had a bit of time to do more research.
  • In the event you accidentally locked yourself out of vCenter using NSX’s distributed firewall, this post by Roie Ben Haim provides a workaround for getting yourself out of this pickle. Angel Villar Garea also has a post on the same topic.

Cloud Computing/Cloud Management

  • Andrew Beekhof tackles some issues around the evolving OpenStack HA architecture; in particular, how and when Pacemaker should be used as more and more OpenStack services become able to operate in active/active configurations.

Operating Systems/Applications

  • How about a Salt plugin for vRealize Orchestrator?
  • It seems like container management solutions are a dime a dozen these days, with more popping up constantly. The latest I’ve found: Kontena.
  • This is a highly technical article on scheduling in the Linux kernel, but it’s well worth reading. One of the key takeaways, for me, was this phrase: “Scheduling, as in dividing CPU cycles among threads was thought to be a solved problem. We show that this is not the case.”
  • If you’re trying to keep up with this “serverless” stuff that’s happening, you can count on Massimo to keep you up to speed. His write-up from the ServerlessConf is very useful.
  • Here’s a quick post on optimizing the size of Docker containers made from just about any image.
  • VMware’s Photon OS recently hit 1.0; here’s a blog post about the release.
  • Consul, a distributed key-value store that sees use in a lot of Docker environments, is now available with its own official Docker image. More details are available in this blog post.
  • Jerome Petazzo has an article on bind-mounting the control socket inside another container, enabling you to control Docker Engine from within a container.
  • This post takes a look at SwarmKit, the code that powers the “swarm mode” available in the Docker 1.12 release. Keep in mind the post is several weeks old as of this post, so things may have changed slightly since that time.
  • Anand Patel describes a mechanism for distributing Docker cache across hosts using docker save and docker load between Docker Engine instances.
  • I recently came across KubeWeekly, a weekly aggregation of Kubernetes-related news. If Kubernetes is something in your wheelhouse, you may find this site useful.

Storage

Virtualization

  • It’s not uncommon for folks to use a tool like VirtualBox to run Linux VMs on which they run/test/develop Docker containers. The problem comes when you go to expose the services being provided by those Docker containers to the local network, and it’s here that a bit more work is generally needed. This post outlines the process for configuring VirtualBox’s NAT rules to expose services provided by Docker containers.
  • Folks new to the Linux virtualization space can often get confused by the relationship between QEMU and KVM, as described in this post by Ronald Bradford. Ronald does a great job of showing the various ways to verify whether or not KVM acceleration is being used, but regardless of KVM acceleration QEMU is still in the picture. (The long and short of it: KVM only handles the CPU acceleration piece, QEMU does everything else.)
  • Eric Wright brought to my attention a Vagrant plugin that keeps VirtualBox Guest Additions up-to-date. Nifty. Hey, VMware Fusion/Workstation team—want to know why people seem to prefer VB over your technically-superior product? This would be one reason.
  • This Microsoft TechNet thread discusses an issue running Windows 10 under KVM; some manual editing of the VM configuration is required to workaround the issue.

Career/Soft Skills

I have so much more content that I’d like to include, but it will have to wait until the next Technology Short Take. (This one is already too long!) Until then, enjoy and never stop learning!

Be social and share this post!