DOCSLIB.ORG

Open Vswitch Release 2.8.0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Open Vswitch Release 2.8.0 Open vSwitch Release 2.8.0 May 05, 2020 Contents 1 Open vSwitch Documentation1 1.1 How the Documentation is Organised..................................1 1.2 First Steps................................................1 1.3 Deeper Dive...............................................1 1.4 The Open vSwitch Project........................................2 1.5 Getting Help...............................................2 2 Getting Started 3 2.1 What Is Open vSwitch?.........................................4 2.1.1 Overview............................................4 2.1.2 What’s here?..........................................5 2.2 Why Open vSwitch?...........................................5 2.2.1 The mobility of state......................................6 2.2.2 Responding to network dynamics...............................6 2.2.3 Maintenance of logical tags...................................6 2.2.4 Hardware integration......................................6 2.2.5 Summary............................................7 2.3 Installing Open vSwitch.........................................7 2.3.1 Installation from Source....................................7 2.3.2 Installation from Packages................................... 40 2.3.3 Upgrades............................................ 46 2.3.4 Others.............................................. 47 3 Tutorials 51 3.1 Open vSwitch Advanced Features.................................... 51 3.1.1 Getting Started......................................... 51 3.1.2 Using GDB........................................... 52 3.1.3 Motivation............................................ 53 3.1.4 Scenario............................................. 53 3.1.5 Setup.............................................. 54 3.1.6 Implementing Table 0: Admission control........................... 54 3.1.7 Testing Table 0......................................... 55 3.1.8 Implementing Table 1: VLAN Input Processing........................ 56 3.1.9 Testing Table 1......................................... 57 3.1.10 Implementing Table 2: MAC+VLAN Learning for Ingress Port................ 58 3.1.11 Testing Table 2......................................... 59 3.1.12 Implementing Table 3: Look Up Destination Port....................... 60 i 3.1.13 Testing Table 3......................................... 61 3.1.14 Implementing Table 4: Output Processing........................... 63 3.1.15 Testing Table 4......................................... 64 3.2 OVN Sandbox.............................................. 66 3.2.1 Getting Started......................................... 66 3.2.2 Using GDB........................................... 66 3.2.3 Creating OVN Resources.................................... 66 3.2.4 Using ovn-trace......................................... 67 3.3 OVN OpenStack Tutorial........................................ 68 3.3.1 Setting Up DevStack...................................... 68 3.3.2 DevStack preliminaries..................................... 71 3.3.3 Shortening UUIDs....................................... 71 3.3.4 Overview............................................ 72 3.3.5 Switching............................................ 73 3.3.6 Routing............................................. 84 3.3.7 Adding a Gateway....................................... 88 3.3.8 IPv6............................................... 92 3.3.9 ACLs.............................................. 95 3.3.10 DHCP.............................................. 97 3.3.11 Further Directions........................................ 99 4 Deep Dive 101 4.1 OVS................................................... 101 4.1.1 Design Decisions In Open vSwitch............................... 101 4.1.2 Open vSwitch Datapath Development Guide.......................... 116 4.1.3 Integration Guide for Centralized Control........................... 120 4.1.4 Porting Open vSwitch to New Software or Hardware..................... 123 4.1.5 OpenFlow Support in Open vSwitch.............................. 127 4.1.6 Bonding............................................. 132 4.1.7 OVSDB Replication Implementation.............................. 135 4.1.8 The DPDK Datapath...................................... 137 4.1.9 OVS-on-Hyper-V Design.................................... 144 4.1.10 Language Bindings....................................... 150 4.1.11 Testing............................................. 151 4.1.12 Tracing packets inside Open vSwitch.............................. 157 4.1.13 C IDL Compound Indexes................................... 158 4.2 OVN................................................... 162 4.2.1 OVN Gateway High Availability Plan............................. 162 5 How-to Guides 171 5.1 OVS................................................... 171 5.1.1 Open vSwitch with KVM.................................... 171 5.1.2 Open vSwitch with SELinux.................................. 172 5.1.3 Open vSwitch with Libvirt................................... 175 5.1.4 Open vSwitch with SSL.................................... 176 5.1.5 Using LISP tunneling...................................... 180 5.1.6 Connecting VMs Using Tunnels................................ 181 5.1.7 Connecting VMs Using Tunnels (Userspace)......................... 184 5.1.8 Isolating VM Traffic Using VLANs.............................. 188 5.1.9 Quality of Service (QoS) Rate Limiting............................ 190 5.1.10 How to Use the VTEP Emulator................................ 193 5.1.11 Monitoring VM Trafic Using sFlow.............................. 196 5.1.12 Using Open vSwitch with DPDK................................ 199 5.2 OVN................................................... 209 ii 5.2.1 Open Virtual Networking With Docker............................. 209 5.2.2 Integration of Containers with OVN and OpenStack...................... 213 6 Reference Guide 217 6.1 Man Pages................................................ 217 6.1.1 ovs-test............................................. 217 6.1.2 ovs-vlan-test.......................................... 219 7 Open vSwitch FAQ 223 7.1 Basic Configuration........................................... 223 7.2 Development............................................... 226 7.3 Implementation Details......................................... 227 7.4 General.................................................. 228 7.5 Common Configuration Issues...................................... 230 7.6 Using OpenFlow............................................. 235 7.7 Quality of Service (QoS)......................................... 243 7.8 Releases................................................. 245 7.9 Terminology............................................... 248 7.10 VLANs.................................................. 248 7.11 VXLANs................................................. 252 8 Open vSwitch Internals 253 8.1 Contributing to Open vSwitch...................................... 253 8.1.1 Submitting Patches....................................... 253 8.1.2 Backporting patches...................................... 259 8.1.3 Open vSwitch Coding Style.................................. 262 8.1.4 Open vSwitch Windows Datapath Coding Style........................ 270 8.1.5 Open vSwitch Documentation Style.............................. 272 8.1.6 Open vSwitch Library ABI Updates.............................. 278 8.2 Mailing Lists............................................... 280 8.2.1 ovs-announce.......................................... 280 8.2.2 ovs-discuss........................................... 280 8.2.3 ovs-dev............................................. 280 8.2.4 ovs-git.............................................. 280 8.2.5 ovs-build............................................ 280 8.2.6 bugs............................................... 280 8.2.7 security............................................. 280 8.3 Patchwork................................................ 281 8.3.1 pwclient............................................. 281 8.4 Open vSwitch Release Process...................................... 281 8.4.1 Release Strategy........................................ 281 8.4.2 Release Numbering....................................... 282 8.4.3 Release Scheduling....................................... 282 8.4.4 Contact............................................. 282 8.5 Reporting Bugs in Open vSwitch.................................... 282 8.6 Open vSwitch’s Security Process.................................... 283 8.6.1 What is a vulnerability?..................................... 283 8.6.2 Step 1: Reception........................................ 284 8.6.3 Step 2: Assessment....................................... 284 8.6.4 Step 3a: Document....................................... 284 8.6.5 Step 3b: Fix........................................... 286 8.6.6 Step 4: Embargoed Disclosure................................. 286 8.6.7 Step 5: Public Disclosure.................................... 286 8.7 Expectations for Developers with Open vSwitch Repo Access..................... 287 iii 8.7.1 Pre-requisites.......................................... 287 8.7.2 Review............................................. 287 8.7.3 Git conventions......................................... 287 8.8 OVS Committer Grant/Revocation Policy................................ 288 8.8.1 Granting Commit Access.................................... 288 8.8.2 Revoking Commit Access................................... 289 8.8.3 Changing the Policy.....................................
Load more

Recommended publications
  • Integrating On-Premises Core Infrastructure with Microsoft Azure
    Course 10992 • Microsoft Azure Integrating On-Premises Core Infrastructure with Microsoft Azure Length This 3-day, instructor-led workshop covers a range • 3 days of components, including Azure Compute, Azure Audience Storage, and network services that customers can • IT professionals who have used on- benefit from when deploying hybrid solutions. In premises virtualization technologies, including both this context, the term hybrid means integrating Hyper-V and VMware platforms, but who want to deploy, configure, infrastructure technologies that customers host in and administer services and virtual on-premises datacenters with Azure IaaS and PaaS machines in Azure • IT professionals who have used services. This course offers an overview of these Microsoft System Center to services, providing the knowledge necessary to manage and orchestrate an on- premises server infrastructure design hybrid solutions properly. It also includes • Windows and Linux administrators who are looking to evaluate and several demonstrations and labs that enable migrate on-premises workloads students to develop hands-on skills that are and services to the cloud • IT professionals who need to necessary when implementing such solutions. implement network connectivity between on-premises environments and services that Workshop Outline Azure or Microsoft Office 365 hosts • IT professionals who want to use Module 1: Introduction to Microsoft Azure Azure to increase the resiliency and • Overview of cloud computing and Azure agility of their on-premises • Overview of
    [Show full text]
  • Hypervisor Based Password Security
    HyperPass: Hypervisor Based Password Security James "Murphy" McCauley, Radhika Mittal Abstract Phishing attacks: It has been shown that it is quite Passwords are the linchpin in the security of an increasing possible to fool users into divulging passwords and other number of online services – services that range from private data [11]. While some are quick to dismiss such social networking to business communication to banking. attacks as “user error”, phishing can be coupled with Given their importance, it is unfortunate that passwords network-based attacks or can incorporate techniques such are relatively easily stolen using a number of different as homograph domain names to create user experiences types of attack. We introduce HyperPass: an approach that are very difficult to differentiate from legitimate ones. and proof-of-concept system that aims to prevent some of Attacking hosts: By compromising a user’s machine, these attacks by moving passwords from a user’s normal passwords can be stolen directly in any of several operating environment into a secure hypervisor. Notably, ways, e.g., by examining HTTP post data, reading them this is done while maintaining compatibility with existing from browser password managers, or logging keystrokes. online services, applications, and operating systems. These techniques have been used by botnets (the Torpig botnet alone steals a password every second [30]) as well 1 Introduction as by off-the-shelf “spyware” which has even been pre- installed on rental computers [24]. While preventing Passwords are the linchpin of online security. Certainly, this sort of host compromise is an ongoing effort by both there are other major technologies involved in cyberse- industry and academia, it continues to be an elusive goal.
    [Show full text]
  • Ovirt and Docker Integration
    oVirt and Docker Integration October 2014 Federico Simoncelli Principal Software Engineer – Red Hat oVirt and Docker Integration, Oct 2014 1 Agenda ● Deploying an Application (Old-Fashion and Docker) ● Ecosystem: Kubernetes and Project Atomic ● Current Status of Integration ● oVirt Docker User-Interface Plugin ● “Dockerized” oVirt Engine ● Docker on Virtualization ● Possible Future Integration ● Managing Containers as VMs ● Future Multi-Purpose Data Center oVirt and Docker Integration, Oct 2014 2 Deploying an Application (Old-Fashion) ● Deploying an instance of Etherpad # yum search etherpad Warning: No matches found for: etherpad No matches found $ unzip etherpad-lite-1.4.1.zip $ cd etherpad-lite-1.4.1 $ vim README.md ... ## GNU/Linux and other UNIX-like systems You'll need gzip, git, curl, libssl develop libraries, python and gcc. *For Debian/Ubuntu*: `apt-get install gzip git-core curl python libssl-dev pkg- config build-essential` *For Fedora/CentOS*: `yum install gzip git-core curl python openssl-devel && yum groupinstall "Development Tools"` *For FreeBSD*: `portinstall node, npm, git (optional)` Additionally, you'll need [node.js](http://nodejs.org) installed, Ideally the latest stable version, be careful of installing nodejs from apt. ... oVirt and Docker Integration, Oct 2014 3 Installing Dependencies (Old-Fashion) ● 134 new packages required $ yum install gzip git-core curl python openssl-devel Transaction Summary ================================================================================ Install 2 Packages (+14 Dependent
    [Show full text]
  • Oracle® Linux Virtualization Manager Getting Started Guide
    Oracle® Linux Virtualization Manager Getting Started Guide F25124-11 September 2021 Oracle Legal Notices Copyright © 2019, 2021 Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
    [Show full text]
  • Container and Kernel-Based Virtual Machine (KVM) Virtualization for Network Function Virtualization (NFV)
    Container and Kernel-Based Virtual Machine (KVM) Virtualization for Network Function Virtualization (NFV) White Paper August 2015 Order Number: 332860-001US YouLegal Lines andmay Disclaimers not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. The products described may contain design defects or errors known as errata which may cause the product to deviate from published specifications. Current characterized errata are available on request. Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548-4725 or by visiting: http://www.intel.com/ design/literature.htm. Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Learn more at http:// www.intel.com/ or from the OEM or retailer. Results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance. For more complete information about performance and benchmark results, visit www.intel.com/benchmarks. Tests document performance of components on a particular test, in specific systems.
    [Show full text]
  • USING the ZERTO RED HAT CLUSTER MANAGER ZVR-RHC-5.5U3 Rev 01 Dec2017
    USING THE ZERTO RED HAT CLUSTER MANAGER ZVR-RHC-5.5U3 Rev 01 Dec2017 Using the Zerto Red Hat Cluster Manager, you can protect a Red Hat Cluster that is comprised of two virtual machines sharing a disk and is managed by Red Hat Clustering Services. Using Jenkins infrastructure hosted by Docker on a Linux virtual machine, Zerto Red Hat Cluster Manager periodically checks the status of the active and passive hosts. If they have changed, the Zerto Cluster Manager: ■ Pauses the VPG that contains the newly passive virtual machine, also known as the passive node. ■ Resumes the VPG that contains the newly active virtual machine, also known as the active node. ■ Forces a sync to ensure that the newly active virtual machine, the active node, is fully synchronized with the recovery site. You can also manually perform the tasks that the Zerto Red Hat Cluster Manager performs. This document describes the following: ■ “Zerto Red Hat Cluster Manager Requirements”, on page 1 ■ “Installing and Configuring the Zerto Red Hat Cluster Manager”, on page 2 ■ “Upgrading a Docker Container”, on page 3 ■ “Protecting a Red Hat Cluster with the Zerto Orchestrator”, on page 4 Zerto Red Hat Cluster Manager Requirements ■ The Zerto Red Hat Cluster Manager works with: ■ Zerto Virtual Replication 4.5 U1 and higher. ■ vCenter Server only. ■ Docker 1.10 and higher. ■ The shared disk in the cluster in the recovery site must be defined as an eager zeroed thick disk. Use this disk for preseeding after the VPG is created. ■ One task in the Zerto Red Hat Cluster Manager can work with a maximum of two nodes.
    [Show full text]
  • Circuit‐Based Logical Layer 2 Bridging in Software‐Defined Data Center Networking
    Received: 2 November 2018 Revised: 3 May 2019 Accepted: 13 July 2019 DOI: 10.1002/dac.4128 RESEARCH ARTICLE Circuit‐based logical layer 2 bridging in software‐defined data center networking Yao‐Chun Wang | Ying‐Dar Lin Computer Science, National Chiao Tung Summary University, Hsinchu, Taiwan With the expansion of the size of data centers, software‐defined networking Correspondence (SDN) is becoming a trend for simplifying the data center network manage- Yao‐Chun Wang, Computer Science, National Chiao Tung University, Hsinchu, ment with central and flexible flow control. To achieve L2 abstractions in a Taiwan. multitenant cloud, Open vSwitch (OVS) is commonly used to build overlay Email: [email protected] tunnels (eg, Virtual eXtensible Local Area Network [VXLAN]) on top of existing underlying networks. However, the poor VXLAN performance of OVS is of huge concern. Instead of solving the performance issues of OVS, in this paper, we proposed a circuit‐based logical layer 2 bridging mechanism (CBL2), which builds label‐switched circuits and performs data‐plane multicasting in a software‐defined leaf‐spine fabric to achieve scalable L2 without overlay tunneling. Our evaluations indicate that direct transmission in OVS improves throughput performance by 58% compared with VXLAN tunneling, and data‐ plane multicasting for ARP reduces address resolution latency from 149 to 0.5 ms, compared with control‐plane broadcast forwarding. The evaluation results also show that CBL2 provides 0.6, 0.4, and 11‐ms protection switching time, respectively, in the presence of switch failure, link failure, and port shutdown in practical deployment. KEYWORDS cloud, datacenter, layer 2, multitenancy, network virtualization, OpenFlow, SDN 1 | INTRODUCTION Infrastructure‐as‐a‐Service (IaaS)1 providers enable enterprise customers (who are also called tenants) to obtain flex- ible and on‐demand virtualized infrastructures, by using virtualization technologies that share the computing resources (eg, servers, storages, and networks) in a data center.
    [Show full text]
  • Labtainers Student Guide
    Labtainers Student Guide Fully provisioned cybersecurity labs December 1, 2020 1 Introduction This manual is intended for use by students performing lab exercises with Labtainers. Labtain- ers provide a fully provisioned execution environment for performing cybersecurity laboratory exercises, including network topologies that include several different interconnected computers. Labtainers assume you have a Linux system, e.g., a virtual machine appliance described below. If you are accessing a Labtainers VM via a web browser, you can skip to section2. 1.1 Obtaining and installing Labtainers The easiest way to obtain Labtainers is to download one of the pre-configured virtual machines from https://nps.edu/web/c3o/virtual-machine-images, and import it into either Virtu- alBox or VMWare. Follow the brief instructions on that download page. When you first boot the resulting VM, Labtainers will take a moment to update itself. You are then provided a terminal that includes some hints, and can be used to run Labtainers. Note that the VM's Ubuntu Linux distribution is configured to NOT automatically perform system updates. It may prompt you to download and install updates. That is typically not necessary and may tie up your network bandwidth. Yes, we are suggesting you not update your Linux VM unless and until you have the time and the bandwidth. You may now skip to section2. 1.2 Alternatives to the Labtainers VM Appliance Skip this section and go to section2 if you are using a Labtainers VM appliance or accessing Labtainers remotvely via a browser. Please note that Docker runs as a privileged service on your computer, and Labtainers containers run as privileged containers.
    [Show full text]
  • Introduction to Containers
    Introduction to Containers Martin Čuma Center for High Performance Computing University of Utah [email protected] Overview • Why do we want to use containers? • Containers basics • Run a pre-made container • Build and deploy a container • Containers for complex software 06-Nov-20 http://www.chpc.utah.edu Slide 2 Hands on setup 1. Download the talk slides http://home.chpc.utah.edu/~mcuma/chpc/Containers20s.pdf https://tinyurl.com/yd2xtv5d 2. Using FastX or Putty, ssh to any CHPC Linux machine, e.g. $ ssh [email protected] 3. Load the Singularity and modules $ module load singularity 06-Nov-20 http://www.chpc.utah.edu Slide 3 Hands on setup for building containers 1. Create a GitHub account if you don’t have one https://github.com/join {Remember your username and password!} 2. Go to https://cloud.sylabs.io/home click Remote Builder, then click Sign in to Sylabs and then Sign in with GitHub, using your GitHub account 3. Go to https://cloud.sylabs.io/builder click on your user name (upper right corner), select Access Tokens, write token name, click Create a New Access Token, and copy it 4. In the terminal on frisco, install it to your ~/.singularity/sylabs-token file nano ~/.singularity/sylabs-token, paste, ctrl-x to save 06-Nov-20 http://www.chpc.utah.edu Slide 4 Why to use containers? 06-Nov-20 http://www.chpc.utah.edu Slide 5 Software dependencies • Some programs require complex software environments – OS type and versions – Drivers – Compiler type and versions – Software dependencies • glibc, stdlibc++ versions • Other libraries
    [Show full text]
  • Neutron Integration
    oVirt – Neutron Integration July 2013 Mike Kolesnik 1/49 Agenda oVirt network configuration Neutron overview Integration benefits External providers Neutron as an external provider Under the hook Future work 2/49 oVirt Network Configuration 3/49 Network View Network - a logical entity that represents a layer 2 broadcast domain Defined within the scope of a data center 4/49 Adding a New Network Give it a name Define the network properties (VLAN, MTU, VM/Non-VM) 5/49 Adding a New Network Make the network available in the selected clusters. 6/49 Host Level Configuration Optional vs. required networks Host level configuration: 7/49 Adding Network to a vNIC 8/49 Supported Configuration - Linux Bridge 1 .. N 1 .. N VM VM VM VM SW Bridge SW Bridge SW Bridge VLAN VLAN VLAN bond NIC NIC 9/49 Neutron Overview 10/49 OpenStack Networking - Neutron Neutron provides network connectivity-as-a- service It offers a plug-in architecture designed to support various network technologies through vendor specific plug-ins and API extensions Exposes REST API for accessing the service Available plugins: Linux Bridge, OVS, Cisco Nexus, NVP, Ryu, NEC, etc... 11/49 Neutron high level architecture Neutron API Neutron Plugin - Create network - Create network . Compute nodes API clients . configured according to - Create Port - Create Port selected plugin, by either: * Agent at each node * External network controller (e.g. UCSM) API extensions DB API + plugin = Neutron service Compute nodes 12/49 Integration Benefits Add support in oVirt for the various network technologies provided via Neutron plugins Leverage L3 services modeled in Neutron Enjoy both worlds: Neutron for managing VM networks oVirt for managing infrastructure networks (Migration network, storage network etc.) Neutron networks are exposed side by side with oVirt networks which allows the user to use oVirt mature implementation for network configuration 13/49 Integration bits 14/49 External Providers An external product that can be used to provide resources for oVirt Resources that can be provided: hosts, networks, etc.
    [Show full text]
  • Flexible, Software-Defined Networking Infrastructure
    Flexible, software-defined networking infrastructure Red Hat Enterprise Linux enabling the clouds Clouds Need Red Hat Enterprise Linux Rashid Khan Russell Bryant Networking Services Office of Technology Wednesday, May 03, 2017 #redhat #rhsummit OS Matters Red Hat Enterprise Linux Enables, Empowers, Excels, Enterprise Cloud Red Hat Enterprise Linux (RHEL) #redhat #rhsummit OS Matters ! Core operating system needs support ● Evaluation of patches regarding stability and ● Dedicated to RHEL impact (Hardening) ○ ~700 Developers ● Single point of support (no tennis match of bugs) ○ ~ 400 QA ● Minimizes downtime with balance of stability and security (CVE) ● In addition ○ Layered products Guarantee of API and ABI ■ Developers ● Applications will work after minor upgrades ■ QA ● 3rd party kernel modules under kabi program will ○ Support Services continue work ○ ~14,000 people ready to ● Synchronization of user space with kernel ensure your success features ○ ● Somethings like HW Integration with layered products, and Ansible, and a acceleration cannot be done whole portfolio of products without the OS! #redhat #rhsummit Network Security, Isolation, Tunnels Security and Isolation For Multi-tenancy, Fairness, Enterprise readiness ● Robust Firewalling ○ Connection Tracking with NAT in OVS ○ NetFilter ● Network Namespaces ● L2 Security via MACsec ● L3 Security via IPsec #redhat #rhsummit Tunnels and Isolation ● VLANs (limited identifiers) ● VXLAN with HW offload with IPv6 also ● Geneve (more flexible) ● QinQ 802.1ad (great results) C C C C C V C
    [Show full text]
  • Kubernetes Vs Docker: a Quick Comparison
    Kubernetes vs Docker: A Quick Comparison Kubernetes and Docker are different technologies that may work separately—but they’re best paired to facilitate high scalability and availability in containerized applications. While Docker specifically manages containers on individual nodes, Kubernetes helps you automate tasks likeload balancing, scaling, container provisioning, and networking across several hosts within a cluster. Increasing organizational best practices patterns also suggests integrating Kubernetes and Docker to create an isolation mechanism that lets you augment container resources more efficiently. With these constructs, developers can collaborate on complex projects without having to replicate the entire application in their respective IDEs. (This article is part of our Kubernetes Guide. Use the right- hand menu to navigate.) Docker overview Docker is an open-sourcecontainerization platform that simplifies the deployment of applications on any computing infrastructure. While there is a host of other containerized technologies worldwide, Docker continues to be the most popular Platform as a Service for application build and deployment. Through a text file format (dockerfile), Docker lets you package applications as self-sufficient, portable components that you can easily deploy on-premises or on the cloud. Docker’s runtime environment, theDocker Engine, allows developers to build applications on any machine and share images through a registry for faster deployments. Kubernetes overview As applications scale up in size, they require multiple containers hosted on distributed servers. When many distributed containers make operating the application tedious and complicated, Kubernetes forms a framework that efficiently controls how containers run. Besides allowing your containers to run, Kubernetes also solves issues that arise when scaling several distributed containers by orchestrating a cluster ofvirtual machines (VMs) and creates a schedule for running containers on each VM.
    [Show full text]