Clouds, Networking and Technology

In order to troubleshoot a network issue, we will need to figure out the veth end points connecting a container to its host. There are multiple ways of going about this problem, I will show 2 simple ways and point out to a third. # Technique-1: Quick & Simple Get the interface details inside the container: / # ip addr show eth0 9 : eth0@ if 10 : mtu 1500 qdisc noqueue     link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff     inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0        valid_lft forever preferred_lft forever The output is telling us that, the veth has two end points. One end point is called eth0@if10 which is assigned to the container and on the host the other end point will be named as vethxxx@if9. Lets check the host to confirm this. root@botserver1:~# ip a | grep  veth 10 : vetha708f89@ if9 : mtu 1500 qdisc noqueue master docker0 state UP group default Cool. The host has a vet...

Linux supports virtual networking via various artifacts such as: Soft Switches (Linux Bridge, OpenVSwitch) Virtual Network Adapters (tun, tap, veth and a few more) In this blog, we will look at the virtual network adapters tap and veth. From a practical view point, both seem to be having the same functionality and its a bit confusing as to where to use what. A quick definition of tap/veth is as follows: TAP A TAP is a simulated interface which exists only in the kernel and has no physical component associated with it. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program. When a user space program (in our case the VM) gets attached to the tap interface it gets hold of a file descriptor, reading from which gives it the data being sent on the tap interface. Writing to the file descri...

Juniper has released a virtual form factor SRX called Firefly Perimeter (vSRX). It provides security and networking features of the SRX Series Gateways in a virtual machine format. It can be spawned as a VM on a KVM+QEMU/VMWare hypervisor running on a X86 server. This post will give details on how to set it up as a standalone SRX box which can be used in any of your network deployments just like a normal SRX. Pre-requisites Have an X86 server with atleast 4 GB ram, 4 GB harddisk space and two ethernet ports. Install Ubuntu 14.04 on it (Centos should also work provided KVM related changes are taken care of) Assumption: You have logged into the system as root user. Get the Software Firefly Perimeter can be download as a part of Juniper's software evaluation program and can be tried out for 60 days. You will need a Juniper account to download it here . For the purpose of this post I will be using the appliance at "Firefly KVM Appliance - FOR EVALUATION ". Configure...