Nowadays there are very few use-cases where bare metal should be preferred over virtualisation.

Linux professionals should have a thorough understanding of virtualization under Linux: Linux is a very good platform when it comes to virtualizing systems, enabling virtualisation even using simple suites such as libvirt with KVM. Figure out that even VMWare relied on Linux: the early version of its hypervisor, called ESX, included a Linux kernel, and there are several full-featured products, such as Red Hat’s RHEVM and Oracle’s VM, that still relies on it.

Virtualisation provided a great deal of resilience, but also added some complexity that professionals should be able to deal with: it speculates that the average resources consumption is far less than the sum of the provisioned capacity, but spikes happens, and professionals should know how to cope with them. Professionals should be able to design and implement 24×7 resilient virtualisation infrastructures, and be able to maintain and quickly troubleshoot them when issues arises.

Besides exploiting virtualisation to create virtual infrastructures, professionals should know how to take advantage of the power and resilience provided by virtualisation, for example to be able to quickly mock-up virtual environments to test what they are working onto, or to provide the required infrastructure to launch automated integration tests.

This requires the knowledge of automation tools targeted to manage virtualized environments such as Vagrant.

Setup a GENEVE tunnel with OpenVSwitch and Podman

Posted on December 12, 2023December 12, 2023 by Marco Antonio Carcano

Overlay networking enables to implement tunnels to interconnect networks defined inside a host (such as Docker/Podman private networks): for example flannel based Kubernetes uses VxLANs to interconnect the Minion’s private networks. Anyway VxLAN is only one of the available technologies: other technologies such as GENEVE, STT or NVGRE are available.

In this post we setup a GENEVE tunnel with OpenVSwitch and Podman - the described set up goes beyond the simple interconnection on of layer 3 network segments, interconnecting two Podman’s private networks configured with the same IP subnet (so they share the same broadcast domain) - the layer 2 data are exchange between the OpenVSwitch bridges on the two hosts through the GENEVE tunnel.

SDN tutorial – OpenFlow with OpenVSwitch on Oracle Linux

Posted on November 28, 2023 by Marco Antonio Carcano

OpenVSwitch (OVS) is the pillar used by several emblazoned software, such as OpenStack or Red Hat's OpenShift to set up their Software Defined Networks (SDN): it enables users to quickly and easily implement multiple bridges to which connect Virtual Machines or Containers.

These bridges can be left standalone, creating isolated networks, or interconnected to the machine (or VM) NICs, providing bidirectional access to the network segment the NIC is connected to. In addition to that, it also enables the set up VxLAN Tunnel EndPoint (VTEP) on these bridges, enabling interconnecting OVS bridges from different machines. Last but not least, it also enforces traffic policies defined using OpenFlow.

The SDN tutorial - OpenFlow with OpenVSwitch on Oracle Linux, starts from where we left in the "Free Range Routing (FRR) And OpenVSwitch On OracleLinux" post, extending its Lab and provides a practical guide on how to write and set OpenFlow rules on OpenVSwitch.

Free Range Routing (FRR) and OpenVSwitch on Oracle Linux

Posted on November 15, 2023November 28, 2023 by Marco Antonio Carcano

In an Infrastructure As Code (IaC) scenario, rather than provision a VM and install a networking dedicated appliance, it is best to provide something without a web-UI but that provides a good configuration API or that sources its settings from something that can be easily managed by automated configuration tools.

In such as scenario it is more convenient to just use one (or more) Linux VM with a very basic installation, having it manage infrastructural networking: these VM can not only manage networking using routing protocol such as RIP, OCSP and even BGP, but also enforce security policies dropping unauthorised traffic.

In this post we see Free Range Routing (FRR) and OpenVSwitch on Oracle Linux in action, setting up a Lab with two virtual machines providing routing sharing routing tables using OCSP: we achieve this by installing Free Range Routing (FRR) - a free and open source Internet routing protocol suite for Linux. The advanced setup shown in this lab also makes use of OpenVSwitch, stacking FRR on top of it.

This dual layer setup enables us to exploit the Software Defined Networking (SDN) features provided by OpenVSwitch, enhancing by adding dynamic routing support, but also providing a compatibility layer with legacy bare metal devices such as "traditional" hardware routers.

Vagrant – Installing and operating

Posted on April 12, 2021November 17, 2023 by Marco Antonio Carcano

Vagrant is a personal tool to automatically provision virtual machine environments. It comes for free along with VirtualBox plugin, although there are commercial plugins for other virtualization engines such as VMWare. It is a very handy tool, especially for developers: it enables them to quickly mock-up or destroy even complex virtual machine environments by executing just one command. Within this post we'll see how easily it can be installed, and how easy it is operating with it.