A common technique to help TLS migrations is providing a redirect. For example, this blog, hosted on Wordpress.com, redirects all HTTP requests on port 80 to one using TLS on port 443. $ curl -v http://virtualandy.wordpress.com * Rebuilt URL to: / * Trying 192.0.78.13... * TCP_NODELAY set * Connected to virtualandy.wordpress.com (192.0.78.13) port 80 (#0) > GET / HTTP/1.1 > Host: virtualandy.wordpress.com > User-Agent: curl/7.54.0 > Accept: */* > Referer: > < HTTP/1....
LLDP is a wonderful protocol which paints a picture of datacenter topology. lldpd is a daemon to run on your servers to receive LLDP frames outputs network location and more. There’s also a recently patched lldp Ansible module. Like all tools, using LLDP/lldpd has had some issues. Here’s the ones I’ve seen in practice, with diagnosis and resolution: Switch isn’t configured to send LLDP frames Diagnosing: [code] tcpdump -i eth0 -s 1500 -XX -c 1 ’ether proto 0x88cc' [/code]...
Recently I got to work with the NSX API and write a tool to do a quick health check of NSX networks. nsxchecker is a valuable operational tool to quickly report a NSX network’s health. One of the promises of SDN is automated tooling for operational teams and with the NSX API I was quickly able to deliver. nsxchecker accepts a NSX lswitch UUID or a neutron_net_id. Rackspace’s Neutron plugin, quark, tags created lports with a neutron_net_id....
Operating Open vSwitch brings a new set of challenges. One of those challenges is managing Open vSwitch itself and making sure you’re up to date with performance and stability fixes. For example, in late 2013 there were significant performance improvements with the release of 1.11 ( flow wildcarding!) and in the 2.x series there are even more improvements coming. This means everyone running those old versions of OVS (I’m looking at you, <=1....
Measure all the things! Graphite & statsd are my weapons of choice. One set of metrics in particular that we wanted to measure are the various TCP stats, including TCP Retransmit rate. We crafted a Python script to send all of the metrics in a single UDP packet and hit a weird scenario. The python script was all ready to roll except that StatsD was only logging one metric. All of the metric packets were arriving at the StatsD instance, but only one was being processed....
This post is a collection of useful articles/videos that I’ve collected about networking on XenServer and Linux. XenServer Xen Network Throughput and Performance Guide (Technical Overview) XenServer: Under the Hood < Specifically device -> PIF -> network -> VIF relationship Linux (video) Through the Ether and Back Again < discusses python and the Linux Sockets API How SKBs work Queueing in the Linux Network Stack Linux Advanced Routing & Traffic Control HOWTO Linux Device Drivers 3rd Edition < specifically chapter 17 As you can see, there are a multitude of elements to consider when looking into host networking issues for a Linux VM running on XenServer (which is Linux underneath the covers anyway)....
In the physical world when you power on a server it’s already cabled (hopefully). With VMs things are a bit different. Here’s the sequence of events when a VM is started in Nova and what happens on XenServer to wire it up with Open vSwitch. nova-compute starts the VM via XenAPI XenAPI VM.start creates a domain and creates the VM’s vifs on the hypervisor The Linux user device manager manages receives this event, and scripts within /etc/udev/rules....
DISCLAIMER: I’m still getting my feet wet with Open vSwitch. This post is just a cleaned up version of my scratchpad. Open vSwitch has a few ways of providing rate limiting - this deep dive will go into the internals of reverse engineering an existing virtual interface’s egress rate limits applied with tc-htb. Hierarchy Token Bucket (htb) is a standard linux packet scheduling implementation. More reading on HTB can be done on the author’s site - I found the implementation and theory pretty interesting....
Switch and Network Adapter Fault Tolerance Each of the VMware ESX hosts that we had were equipped with dual Network Adapters (NICs). With a typical physical server, two NICs could demonstrate fault tolerance. However, for ESX hosts the dual NIC is not fault tolerant. VMware ESX has three major types of traffic: VMkernel – used for vMotion, which allows host downtime without an interruption of service Service Console – initiates vMotion, serves as the primary venue of managing Virtual Machines...