Category: virtualization

We did several podcasts describing how one could get stellar packet forwarding performance on x86 servers reimplementing the whole forwarding stack outside of kernel (Snabb Switch) or bypassing the Linux kernel and moving the packet processing into userspace (PF_Ring).

Now let’s see if it’s possible to improve the Linux kernel forwarding performance. Thomas Graf, one of the authors of Cilium claims it can be done and explained the intricate details in Episode 64 of Software Gone Wild.

We got pretty far in our Data Center optimization journey. We virtualized the workload, got rid of legacy technologies, and reduced the number of server uplinks and replaced storage arrays with distributed file system.

Final step on the journey: replace physical firewalls and load balancers with virtual appliances.

Dinesh Dutt started his excellent Docker Networking webinar with introduction to the concepts of microservices and Linux containers. You won’t find any deep dives in this part of the webinar, but all you need to do to get the details you’re looking for is to fill in the registration form.

Does it make sense to run OpenStack on top of VMware infrastructure? How well does NSX work as a Neutron plug-in? Marcos Hernandez answered these questions (and a lot of others) in the Episode 61 of Software Gone Wild (admittedly after a short marketing pitch in the first 10 minutes).

One of my readers left this question on the blog post resurfacing the idea of running BGP between servers and ToR switches:

When using BGP on a VM for mobility, what is the best way to establish a peer relationship with a new TOR switch after a live migration? The VM won't inherently know the peer address or the ASN.

As always, the correct answer is it depends.

One of my subscribers considered attending the Virtual Firewalls workshop on September 1st and asked:

Would it make sense to attend the workshop? How is it different from the Virtual Firewalls webinar? Will it be recorded?

The last answer is easy: No. Now for the other two.

After the fantastic Docker 101 webinar by Matt Oswalt a few people approached me saying “that was great, but we’d need something more on Docker networking”, and during one of my frequent chats with Dinesh Dutt he mentioned that he already had the slides covering that topic.

Problem solved… and Dinesh decided to do it as a free webinar (thank you!), so all you have to do is register. Hurry up, there are only 1000 places left ;)

Virtual Firewalls is the featured webinar in June 2016, and the featured videos (marked with a star) explain the difference between virtual contexts and virtual appliances, and the virtual firewalls taxonomy.

To view the videos, log into my.ipspace.net (or enroll into the trial subscription if you don’t have an account yet), select the webinar from the first page, and watch the videos marked with star.

If you're a trial subscriber and would like to get access to the whole webinar, use this month's featured webinar discount (and keep in mind that every purchase brings you closer to the full subscription).

A few weeks after I published Docker Networking podcast, Brent Salisbury sent me an email saying “hey, we have experimental Macvlan and Ipvlan support for Docker” – a great topic for another podcast.

It took a while to get the stars aligned, but finally we got Brent, Madhu Venugopal, John Willis and Nick Buraglio on the same Skype call resulting in Episode 57 of Software Gone Wild.

One of my readers left a comment on my “optimize your data center by virtualizing the servers” blog post saying (approximately):

Seems like LinkedIn did it without virtualization :) Can enterprises achieve this to some extent?

Assuming you want to replace physical servers with one or two CPU cores and 4GB of memory with modern servers having dozens of cores and hundreds of GB of memory the short answer is: not for a long time.

Mr. A. Anonymous, frequent contributor to my blog posts left this bit of wisdom comment on the VMware NSX Update blog post:

I don't understand the statement that "whole NSX domain remains a single failure domain" because the 3 NSX controllers are deployed in the site with primary NSX manager.

I admit I was a bit imprecise (wasn’t the first time), but is it really that hard to ask oneself “what happens if the DCI link fails?”

A while ago I guestimated that most private clouds don’t have more than a few thousand VMs, and that they don’t need more bandwidth than what two ToR switches could provide.

Last autumn Iwan Rahabok published a blog post describing the compute- and storage parts of it, and I had a presentation describing the networking aspects of high-density consolidation. However…

One of the engineers watching the vSphere 6 Networking Deep Dive found it particularly useful:

There were pearls of knowledge in there which expanded my understanding of ESX and gave me more than a few "aha!" moments […] The course is worth the money and time for sections "uplink redundancy & load balancing" and "VLAN based virtual networks" alone.

Not convinced? Check out other reviews and survey results.

A few months ago VMware launched NSX version 6.2, and I asked my friend Anthony Burke to tell us more about the new features. Not surprisingly, we quickly started talking about troubleshooting, routing problems, and finished with route-health-injection done with a Python script. The end result: Episode 50 of Software Gone Wild. Enjoy!

It all started with a tweet by Stephane Clavel:

@ioshints @BradHedlund I'm puzzled NSX dFW does not track connections seq #. Still true? To me this is std fw feature.

— stephaneclavel (@stephaneclavel) January 31, 2016

Trying to fit my response into the huge Twitter reply field I wrote “Tracking Seq# on FW should be mostly irrelevant with modern TCP stacks” and when Gal Sagie asked for more elaboration, I decided it’s time to write a blog post.