Scott's Weblog The weblog of an IT pro specializing in cloud computing, virtualization, and networking, all with an open source view

Technology Short Take #65

Welcome to Technology Short Take #65! As usual, I gathered an odd collection of links and articles from around the web on key data center technologies and trends. I hope you find something useful!

Networking

  • Michael Ryom has a nice (but short) article on using Log Insight along with a NetFlow proxy to help provide more detailed visibility into traffic flows between VMs on NSX logical networks.
  • Brent Salisbury has an article on GoBGP, a Go-based BGP implementation. BGP seems to be emerging as an early front-runner for a standards-based control plane for software networking. Couple something like GoBGP with IPVLAN L3 (see Brent’s article) and you’ve got a new model for your data center network.
  • Andy Hill has an article on doing rolling F5 upgrades using Ansible.
  • Filip Verloy has an article that discusses the integration between Nuage Networks and Fortinet.
  • This should probably go in the “Cloud Computing/Cloud Management” section, but the boundaries between areas are getting more and more blurry every day. (Thankfully, due to LASIK my vision is sharper than ever.) In any case, here’s a post by Marcos Hernandex on the use of subnet pools in OpenStack. Although Marcos’ post discusses them in conjunction with NSX, they’re really a Neutron feature and should work with just about any Neutron plugin. In any case, I can see some very useful cases for subnet pools, particularly in conjunction with tenant networks that use “routable” IPs and don’t use source NAT on the logical router(s).

Servers/Hardware

Nothing this time around. Maybe next time!

Security

  • Bruce Schneier asks the question that society has yet to answer (and may be afraid to answer): “…do we prioritize security over surveillance, or do we sacrifice security for surveillance?”
  • Mike Foley recently published a two-part series on two factor authentication (2FA) for vSphere (part 1 is here; part 2 is here). Now you have no excuses for not using 2FA with your vSphere environment.

Cloud Computing/Cloud Management

  • VMware’s Cloud-Native Apps group recently released v0.8 of Photon Controller, and along with that comes a BOSH CPI for Photon Controller. If you’re interested in taking Photon Controller for a spin, William Lam is in the midst of a series on Photon Controller; go have a look at part 1, part 2, and part 3 (that’s all he’s written so far; more are planned).
  • And while we are still on the topic of Photon Controller…Kris Thieler has a nice article on how to reduce the resource requirements needed to run Kubernetes on Photon Platform.
  • There’s been a fair amount of noise recently about running OpenStack on Kubernetes (here’s one example). If I’m understanding it correctly, it’s just running the OpenStack management components (API servers, message queues, databases, etc.) on Kubernetes, which does make a fair amount of sense. If it’s something more than that…well, I’d need to ponder that a bit to make sure I grok it.

Operating Systems/Applications

  • Although it’s not feature-complete (by a long shot), VMware recently open-sourced version 0.1 of vSphere Integrated Containers (VIC). Bj√∂rn Bundert has a brief article on installing VIC 0.1 via VMware Photon OS TP2.
  • An Ubuntu userspace and Bash shell running on Windows, eh? My my, how the world has changed.
  • And for further evidence that the Windows world is drastically changing, note this article by Taylor Brown announcing Hyper-V Containers on Windows 10 and PowerShell for Docker. This almost entices me to try Windows again. Almost—but not quite.
  • Oh, speaking of PowerShell (well, sort of), Luc Dekens has an update on the Get-EsxCLI cmdlet. If this is one you use in your scripts, you may want to read Luc’s article.
  • It looks like there may be some “gotchas” when it comes to using user namespaces with Docker and also needing access to the Docker socket. Phil Estes explores the problem in this post.
  • I haven’t messed with Puppet for a while, but here’s a good post by Gareth Rushgrove on using Puppet with CoreOS. It’s worth a read if these two technologies fall into your wheelhouse.
  • Want to run Docker Swarm with IPv6? Shannon McFarland has you covered in this post.
  • One of the potential drawbacks of the “single process per container” model that Docker advocates is that it can have some unintended side effects. This Yelp Engineering blog post talks about one of these unintended side effects (processes running as PID 1 are treated differently by the Linux kernel). The blog post also discusses a potential fix for the issue, in the form of the “dumb-init” process.
  • Ubuntu 16.04 is out (get it here), marking the first LTS release from Canonical that leverages systemd as its init system. Interestingly, despite a convergence on systemd across the major Linux distributions (RHEL/CentOS and Debian were already on systemd), I’m finding some noticeable differences in the systemd implementations. The more things change, the more they stay the same.

Storage

  • Here’s an article I found interesting. GitHub recently changed their storage architecture, using a Git-based solution called DGit. More details are available in this GitHub Engineering blog post.
  • A reader pointed me to this article he wrote on NFS v4.1 multipathing with KVM. It’s still pretty raw (the technology, not the article)—you have to patch and compile the kernel yourself—but it’s an interesting look into where things are headed. As I told the reader/author (Martin Houry), I’m looking forward to seeing this land in the mainstream kernel!

Virtualization

  • This one isn’t quite virtualization, but isn’t quite hardware either, so we’ll throw it in here. A conversation with a very talented engineer at VMware drew me to this post on EVO SDDC workload domains, published by Jason Lochhead.
  • Frank Denneman has a nice post on using an OS X system to manage your vSphere environment. There are some good tips in here. Psst, hey Frank: “Mac” is the hardware from Apple, “MAC” is an acronym that stands for Media Access Control (in networking circles, as in “MAC address”) or “Mandatory Access Control” (in security circles). Just sayin’.
  • Jason Boche walks you through the steps needed to recover your VCSA 6 appliance in the event an fsck (file system check) fails.

Career/Soft Skills

  • Somewhat (sort of) related to my recent rant on lock-in, here’s Walt Mossberg weighing in on the (to borrow a phrase from Massimo) the “incestuous” relationship(s) between open and closed software in today’s technology world. TL;DR: It’s not as simple as it may seem at times, and there are often more important things on which technologists should be spending their time.
  • If you’re considering the AWS Certified Solution Architect Associate certification (I’m exploring it, trying to decide), here’s a write-up by Alex Galbraith on his recent exam prep and exam experience.

It’s time to wrap up now, or I’ll never get this thing published. Happy Friday everyone!

Metadata and Navigation

Be social and share this post!