IP Virtual Server(IPVS) 101

An introduction to Container Network Interface (CNI), including what problems it want solve and how it works. Also contains a example about how to write a simple CNI plugin with golang

SOSCON 2019.10.17 What are the methods for packet processing on Linux? And how fast are each packet processing methods? In this presentation, we will learn how to handle packets on Linux (User space, socket filter, netfilter, tc), and compare performance with analysis of where each packet processing is done in the network stack (hook point). Also, we will discuss packet processing using XDP, an in-kernel fast-path recently added to the Linux kernel. eXpress Data Path (XDP) is a high-performance programmable network data-path within the Linux kernel. The XDP is located at the lowest level of access through SW in the network stack, the point at which driver receives the packet. By using the eBPF infrastructure at this hook point, the network stack can be expanded without modifying the kernel. Daniel T. Lee (Hoyeon Lee) @danieltimlee Daniel T. Lee currently works as Software Engineer at Kosslab and contributing to Linux kernel BPF project. He has interest in cloud, Linux networking, and tracing technologies, and likes to analyze the kernel's internal using BPF technology.

The document provides an overview of Kubernetes networking concepts including single pod networking, pod to pod communication, service discovery and load balancing, external access patterns, network policies, Istio service mesh, multi-cluster networking, and best practices. It covers topics such as pod IP addressing, communication approaches like L2, L3, overlays, services, ingress controllers, network policies, multi-cluster use cases and deployment options.

In this session, we’ll review how previous efforts, including Netfilter, Berkley Packet Filter (BPF), Open vSwitch (OVS), and TC, approached the problem of extensibility. We’ll show you an open source solution available within the Red Hat Enterprise Linux kernel, where extending and merging some of the existing concepts leads to an extensible framework that satisfies the networking needs of datacenter and cloud virtualization.

왜 쿠버네티스는 cgroup을 관리하는데 systemd를 쓰려고 하는지 고찰한 문서입니다. 특히 v1.22로 올라가면서 systemd를 사용하도록 설정된 부분을 포함하고 있습니다.

BPF is one of the fastest emerging technologies of the Linux kernel. The talk provides an introduction to Cilium which brings the powers of BPF to Kubernetes and other orchestration systems to provide highly scalable and efficient networking, security and load balancing for containers and microservices. The talk will provide an introduction to the capabilities of Cilium today but also deep dives into the emerging roadmap involving networking at the socket layer and service mesh datapath capabilities to provide highly efficient connectivity between cloud native apps and sidecar proxies.

The document introduces the neutron packet logging framework. It discusses how the framework logs packets that are allowed or dropped by security policies to provide visibility for operators. It demonstrates the logging API and how to configure logging. Future plans include supporting additional resources like firewall groups and integrating with monitoring services.

This presentation features a walk through the Linux kernel networking stack covering the essentials and recent developments a developer needs to know. Our starting point is the network card driver as it feeds a packet into the stack. We will follow the packet as it traverses through various subsystems such as packet filtering, routing, protocol stacks, and the socket layer. We will pause here and there to look into concepts such as segmentation offloading, TCP small queues, and low latency polling. We will cover APIs exposed by the kernel that go beyond use of write()/read() on sockets and will look into how they are implemented on the kernel side.

OVN (Open Virtual Network) を用いる事により、OVS (Open vSwitch)が動作する複数のサーバー（Hypervisor/Chassis）を横断する仮想ネットワークを構築する事ができます。 本スライドはOVNを用いた論理ネットワークの構成と設定サンプルのメモとなります。 Using OVN, you can build logical network among multiple servers (Hypervisor/Chassis) running OVS (Open vSwitch). This slide is describes HOW TO example of OVN configuration to create 2 logical switch connecting 4 VMs running on 2 chassis.

The document discusses using routed fabrics for Ceph networking. Routed fabrics allow servers to participate in routing so that every network link is actively used. This provides redundancy so that if one path fails, data can take another path. The document outlines setting up a small proof-of-concept network with two switches and Ceph servers to demonstrate how routed fabrics can provide benefits even at a small scale. It provides details on configuring the switches and servers, including network assignments, OSPF routing, and Ceph configuration.

This presentation covers the basics about OpenvSwitch and its components. OpenvSwitch is a Open Source implementation of OpenFlow by the Nicira team. It also also talks about OpenvSwitch and its role in OpenStack Networking

OpenStack Ceph & Neutron에 대한 설명을 담고 있습니다. 1. OpenStack 2. How to create instance 3. Ceph - Ceph - OpenStack with Ceph 4. Neutron - Neutron - How neutron works 5. OpenStack HA- controller- l3 agent 6. OpenStack multi-region

BPF of Berkeley Packet Filter mechanism was first introduced in linux in 1997 in version 2.1.75. It has seen a number of extensions of the years. Recently in versions 3.15 - 3.19 it received a major overhaul which drastically expanded it's applicability. This talk will cover how the instruction set looks today and why. It's architecture, capabilities, interface, just-in-time compilers. We will also talk about how it's being used in different areas of the kernel like tracing and networking and future plans.

Linux offers an extensive selection of programmable and configurable networking components from traditional bridges, encryption, to container optimized layer 2/3 devices, link aggregation, tunneling, several classification and filtering languages all the way up to full SDN components. This talk will provide an overview of many Linux networking components covering the Linux bridge, IPVLAN, MACVLAN, MACVTAP, Bonding/Team, OVS, classification & queueing, tunnel types, hidden routing tricks, IPSec, VTI, VRF and many others.

This document provides an introduction to eBPF and XDP. It discusses the history of BPF and how it evolved into eBPF. Key aspects of eBPF covered include the instruction set, JIT compilation, verifier, helper functions, and maps. XDP is introduced as a way to program the data plane using eBPF programs attached early in the receive path. Example use cases and performance benchmarks for XDP are also mentioned.

The Cilium project is a popular networking solution for Kubernetes, based on eBPF. This talk uses eBPF code and demos to explore the basics of how Cilium makes network connections, and manipulates packets so that they can avoid traversing the kernel's built-in networking stack. You'll see how eBPF enables high-performance networking as well as deep network observability and security.

When it comes to networking inside Kubernetes, selecting the correct networking solution may be one of the most important decisions you may face. This is especially true if you are trying to run a Kubernetes cluster in production.  Therefore it's beneficial to have a good understanding of different CNI options out there and most importantly how these networking options are different from each other. This presentation goes over packet by packet-level details of how the network plumbing is happening with different CNI plugins including, Flannel, Calico & Cilium. 

Passive benchmarking with docker LXC and KVM using OpenStack hosted in SoftLayer. These results provide initial incite as to why LXC as a technology choice offers benefits over traditional VMs and seek to provide answers as to the typical initial LXC question -- "why would I consider Linux Containers over VMs" from a performance perspective. Results here provide insight as to: - Cloudy ops times (start, stop, reboot) using OpenStack. - Guest micro benchmark performance (I/O, network, memory, CPU). - Guest micro benchmark performance of MySQL; OLTP read, read / write complex and indexed insertion. - Compute node resource consumption; VM / Container density factors. - Lessons learned during benchmarking. The tests here were performed using OpenStack Rally to drive the OpenStack cloudy tests and various other linux tools to test the guest performance on a "micro level". The nova docker virt driver was used in the Cloud scenario to realize VMs as docker LXC containers and compared to the nova virt driver for libvirt KVM. Please read the disclaimers in the presentation as this is only intended to be the "chip of the ice burg".

This document provides an overview of Kubernetes and how it can be integrated with Cisco Application Centric Infrastructure (ACI) through the ACI Networking plugin for Kubernetes. It discusses Kubernetes concepts like pods, deployments, services and namespaces. It then explains how the ACI plugin maps these Kubernetes objects to ACI objects like endpoint groups, contracts and virtual device contexts to provide network isolation and policies. The rest of the document outlines a hands-on lab where users can set up their own Kubernetes cluster integrated with ACI and deploy applications with different levels of network isolation.

how to join legacy VMs and bare metal machines to a Kubernetes service mesh so that VMs can consume Kubernetes services AND publish services used by Kubernetes hosted applications

Demystifying Docker & Kubernetes The document provides an overview of container networking standards and models including Docker's Container Network Model (CNM) and Kubernetes' Container Networking Interface (CNI). It discusses Docker networking drivers like bridge, overlay, and host networking. It also covers Kubernetes networking fundamentals like pods, services, ingress, and network policies. The agenda includes a dive into CNM and CNI standards as well as examples of container networking in Docker and Kubernetes.

We will dive into KubeVirt and see how we could create and manage VMs in Kubernetes In this session we will talk about what is KubeVirt and how it works on a kubernetes platform. KubeVirt allows users to create and manage virtual machines within a Kubernetes Cluster. This session will be covering the following topics: KubeVirt Installation Basic KubeVirt objects and components How to deploy and manage virtual machines KubeVirt Storage KubeVirt Networking Benefits : Kubernetes is a well established container platform, but migrating applications/services to containers is not always easy. KubeVirt allows in such situations to migrate virtual machine based workloads to the same platform where the containers are already running, thus helping converge IT Infrastructure into one single platform, Kubernetes.

Collabnix Slack Channel accomodates around 1300+ members and conducted the first online webinar. One of Dockerlabs contributor "Balasundaram Natarajan" talked around Demystifying Docker & Kubernetes Networking.

Presented at All Things Open RTP Meetup Presented by Brad Topol Title: An Introduction to Kubernetes and Continuous Delivery Fundamentals Abstract: Kubernetes is a cloud infrastructure that has emerged as the de facto standard platform for managing, orchestrating, and provisioning container-based cloud native computing applications. Cloud native computing applications are built from a collection of smaller services and take advantage of the speed of development and scalability cloud computing environments provide. In this talk, we provide an overview of the fundamentals of Kubernetes. We begin with a short introduction to the concept of containers and describe the Kubernetes architecture. We then present several core features provided by Kubernetes such as Pods, ReplicaSets, Deployments, Service objects, and autoscaling capabilities. We conclude with a discussion of Kubernetes continuous delivery fundamentals and tools, including how to do small batch changes, source control, and developer access to production-like environments.

2015/03/12 ver1.0 published. 2015/03/26 ver1.1 fixed: flannel's tunnel type to VXLAN. 2015/04/03 ver1.2 fixed: Flannel's mechanism for VXLAN processing.

The document provides an overview of Kubernetes and OpenStack. It includes an agenda that covers topics like containers, orchestration, Kubernetes architecture, components and concepts like pods, replication controllers, and namespaces over 4 days of training. Background information is provided on containers, Docker, and orchestration. Examples are given of defining pods and services using YAML files in Kubernetes.

The document provides an overview of containers and Kubernetes. It discusses the need for containers due to microservices and infrastructure as code. It then covers technical details of containers like Dockerfiles, images, and registries. It also discusses Kubernetes and its components like kube-apiserver, etcd, and kubelet. Finally, it covers Kubernetes concepts like pods, services, deployments, and how they are configured.

Getting Kafka running on Kubernetes is only step one of a journey to create a production-ready Kafka cluster. This talk walks through the other steps: 1) Monitoring and remediating faults. 2) Updates to Kubernetes nodes for clusters not using shared storage. 3) Automating Kafka updates and restarts. We present how to create fault-tolerant Kafka clusters on Kubernetes without sacrificing availability, durability, or latency. Learn about Lyft's overlay-free Kubernetes networking driver and how we use it to keep performance on par with non-Kubernetes clusters.

Looking for a way to deploy a stable OpenStack Cloud Environment with Opendaylight at ease? This session is about learning to deploy a Cloud environment with OPNFV Fuel deployer. Fuel is a deployment tool which deploys a wide variety of distributions with third party plugins like OpenDayLight, while abstracting out complexities of the deployment. The intent of this session is to familiarize deployment of OpenStack with OpenDaylight. About the presenter: Pramod Raghavendra Jayathirth is a software developer in OpenStack and OpenDayLight, working for OTC, SSG at Intel. His Area of Interest is in Cloud Networking and Applications. He has prior experience in Databases and his current focus is on developing features of Cloud Networking Platform. He holds Masters Degree from San Jose State University.

Video recording: https://www.youtube.com/watch?v=tGlIgUeoGz8 It’s no news that containers represent a portable unit of deployment, and OpenStack has proven an ideal environment for running container workloads. However, where it usually becomes more complex is that many times an application is often built out of multiple containers. What’s more, setting up a cluster of container images can be fairly cumbersome because you need to make one container aware of another and expose intimate details that are required for them to communicate which is not trivial especially if they’re not on the same host. These scenarios have instigated the demand for some kind of orchestrator. The list of container orchestrators is growing fairly fast. This session will compare the different orchestation projects out there - from Heat to Kubernetes to TOSCA - and help you choose the right tool for the job. Session link from teh summit: https://openstacksummitmay2015vancouver.sched.org/event/abd484e0dedcb9774edda1548ad47518#.VV5eh5NViko

This document provides an overview and comparison of different orchestration tools, including Docker Swarm, Kubernetes, Terraform, TOSCA/Cloudify, and Heat. It describes the architecture and workflow for deploying a sample application using each tool. The sample application involves deploying a MongoDB database with replica sets, config servers, and shards, load balanced Node.js application servers, and monitoring. Key pros and cons are discussed for each tool's approach to container and infrastructure orchestration.

The document provides an overview of the logical architecture of Kubernetes. It describes the main components that make up the Kubernetes control plane (API server, scheduler, etc.) and Kubernetes workers, as well as core Kubernetes objects like pods, replica sets, deployments, services, ingress and configmaps/secrets. It also touches on controllers, operators, Kubernetes manifests and provides an example manifest configuration.

Introduction talk from Alejandro Galue about Kubernetes and how to run OpenNMS services on Kubernetes based platforms.

It’s no news that containers represent a portable unit of deployment, and OpenStack has proven an ideal environment for running container workloads. However, where it usually becomes more complex is that many times an application is often built out of multiple containers. What’s more, setting up a cluster of container images can be fairly cumbersome because you need to make one container aware of another and expose intimate details that are required for them to communicate which is not trivial especially if they’re not on the same host. These scenarios have instigated the demand for some kind of orchestrator. The list of container orchestrators is growing fairly fast. This session will compare the different orchestation projects out there - from Heat to Kubernetes to TOSCA - and help you choose the right tool for the job.

Kubernetes is an open-source container management platform. It has a master-node architecture with control plane components like the API server on the master and node components like kubelet and kube-proxy on nodes. Kubernetes uses pods as the basic building block, which can contain one or more containers. Services provide discovery and load balancing for pods. Deployments manage pods and replicasets and provide declarative updates. Key concepts include volumes for persistent storage, namespaces for tenant isolation, labels for object tagging, and selector matching.

This session discusses OpenShift Enterprise (or OpenShift Container Platform). OpenShift Container Platform is Red Hat's on-premise private platform as a service product, built around a core of application containers powered by Docker, with orchestration and management provided by Kubernetes, on a foundation of Red Hat Enterprise Linux.