Linux network namespaces
•Download as PPTX, PDF•
1 like•1,324 views
This document discusses Linux network namespaces and how they are used in Docker and OpenStack. It provides examples of creating and using namespaces in C code and with iproute2 tools. Namespaces allow isolating networking configurations like routing tables, interfaces, and firewall rules. Docker uses namespaces for container isolation while OpenStack uses them to provide overlapping IP spaces across virtual networks. The OpenStack networking architecture with Open vSwitch is described along with how the neutron-l3-agent and neutron-dhcp-agent utilize namespaces.
Report
Share
Report
Share
Recommended
Network namespaces
The document discusses network namespaces in Linux. It explains that network namespaces allow Linux to spawn multiple isolated instances of the network stack. It provides examples of creating network namespaces, moving network interfaces between namespaces, and connecting namespaces by creating veth pairs and assigning each end to a different namespace. This allows processes in different namespaces to communicate as if they were on separate networks.
Namespaces and cgroups - the basis of Linux containers
Agenda:
* Background: namespaces/cgroups, the basis for container
virtualization
* Namespace implementation
* The 6 kernel namespaces - some implementation details.
* System calls for namespaces
* Usage examples
* cgroups kernel implementation
* cgroup VFS
* cgroup filesystem operations for handling cgroups examples
* The cgroup implementation + some userspace examples
* Checkpoint/Restore in brief
Inside Docker for Fedora20/RHEL7
The document discusses Docker and Linux containers. It begins with an overview of traditional server virtualization compared to containers. Containers provide isolation at the process level using kernel namespaces for resources like filesystem, network, users and CPUs. Docker uses device mapper thin provisioning to manage disk images for container filesystems and the networking and cgroups APIs to isolate other resources.
Docker Networking with New Ipvlan and Macvlan Drivers
This document introduces new Docker network drivers called Macvlan and Ipvlan. It provides information on setting up and using these drivers. Some key points:
- Macvlan and Ipvlan allow containers to have interfaces directly on the host network instead of going through NAT or VPN. This provides better performance and no NAT issues.
- The drivers can be used in bridge mode to connect containers to an existing network, or in L2/L3 modes for more flexibility in assigning IPs and routing.
- Examples are given for creating networks with each driver mode and verifying connectivity between containers on the same network.
- Additional features covered include IP address management, VLAN trunking, and dual-stack IPv4/
Library Operating System for Linux #netdev01
This document introduces a library operating system approach for using the Linux network stack in userspace. Some key points:
- It describes building the Linux network stack (including components like ARP, TCP/IP, Qdisc, etc) as a library that can be loaded and used in userspace.
- This allows flexible experimentation with and testing of new network stack ideas without modifying the kernel. Code can be added and tested through the library interface.
- Implementations described include directly executing the code (DCE) and using it to integrate with a network simulator, as well as a Network Stack in Userspace (NUSE) that provides a full-featured POSIX-like platform for the network stack in user
GlusterFS Update and OpenStack Integration
GlusterFS is an open source distributed file system that aggregates storage from multiple servers into a single logical volume. It uses a distributed hash table architecture to distribute files across storage nodes. The document discusses GlusterFS integration with OpenStack, including using GlusterFS as the backend storage for Glance images, Cinder volumes, and Nova instance disks. It provides an overview of the libgfapi application programming interface that allows direct access to GlusterFS volumes without using FUSE.
Introduction to eBPF and XDP
This document provides an introduction to eBPF and XDP. It discusses the history of BPF and how it evolved into eBPF. Key aspects of eBPF covered include the instruction set, JIT compilation, verifier, helper functions, and maps. XDP is introduced as a way to program the data plane using eBPF programs attached early in the receive path. Example use cases and performance benchmarks for XDP are also mentioned.
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS now supports VXLAN interfaces which allow multiple L2 segments to be multiplexed over a single physical network. VXLAN uses encapsulation to transport Ethernet frames over IP. The VNI field in VXLAN headers maps frames to different L2 segments. VyOS VXLAN interfaces can be configured and used like physical interfaces for routing, bridging, and protocols like OSPF. However, attributes like the VNI and multicast group cannot be changed after interface creation without deleting and recreating the interface.
Recommended
Network namespaces
The document discusses network namespaces in Linux. It explains that network namespaces allow Linux to spawn multiple isolated instances of the network stack. It provides examples of creating network namespaces, moving network interfaces between namespaces, and connecting namespaces by creating veth pairs and assigning each end to a different namespace. This allows processes in different namespaces to communicate as if they were on separate networks.
Namespaces and cgroups - the basis of Linux containers
Agenda:
* Background: namespaces/cgroups, the basis for container
virtualization
* Namespace implementation
* The 6 kernel namespaces - some implementation details.
* System calls for namespaces
* Usage examples
* cgroups kernel implementation
* cgroup VFS
* cgroup filesystem operations for handling cgroups examples
* The cgroup implementation + some userspace examples
* Checkpoint/Restore in brief
Inside Docker for Fedora20/RHEL7
The document discusses Docker and Linux containers. It begins with an overview of traditional server virtualization compared to containers. Containers provide isolation at the process level using kernel namespaces for resources like filesystem, network, users and CPUs. Docker uses device mapper thin provisioning to manage disk images for container filesystems and the networking and cgroups APIs to isolate other resources.
Docker Networking with New Ipvlan and Macvlan Drivers
This document introduces new Docker network drivers called Macvlan and Ipvlan. It provides information on setting up and using these drivers. Some key points:
- Macvlan and Ipvlan allow containers to have interfaces directly on the host network instead of going through NAT or VPN. This provides better performance and no NAT issues.
- The drivers can be used in bridge mode to connect containers to an existing network, or in L2/L3 modes for more flexibility in assigning IPs and routing.
- Examples are given for creating networks with each driver mode and verifying connectivity between containers on the same network.
- Additional features covered include IP address management, VLAN trunking, and dual-stack IPv4/
Library Operating System for Linux #netdev01
This document introduces a library operating system approach for using the Linux network stack in userspace. Some key points:
- It describes building the Linux network stack (including components like ARP, TCP/IP, Qdisc, etc) as a library that can be loaded and used in userspace.
- This allows flexible experimentation with and testing of new network stack ideas without modifying the kernel. Code can be added and tested through the library interface.
- Implementations described include directly executing the code (DCE) and using it to integrate with a network simulator, as well as a Network Stack in Userspace (NUSE) that provides a full-featured POSIX-like platform for the network stack in user
GlusterFS Update and OpenStack Integration
GlusterFS is an open source distributed file system that aggregates storage from multiple servers into a single logical volume. It uses a distributed hash table architecture to distribute files across storage nodes. The document discusses GlusterFS integration with OpenStack, including using GlusterFS as the backend storage for Glance images, Cinder volumes, and Nova instance disks. It provides an overview of the libgfapi application programming interface that allows direct access to GlusterFS volumes without using FUSE.
Introduction to eBPF and XDP
This document provides an introduction to eBPF and XDP. It discusses the history of BPF and how it evolved into eBPF. Key aspects of eBPF covered include the instruction set, JIT compilation, verifier, helper functions, and maps. XDP is introduced as a way to program the data plane using eBPF programs attached early in the receive path. Example use cases and performance benchmarks for XDP are also mentioned.
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS now supports VXLAN interfaces which allow multiple L2 segments to be multiplexed over a single physical network. VXLAN uses encapsulation to transport Ethernet frames over IP. The VNI field in VXLAN headers maps frames to different L2 segments. VyOS VXLAN interfaces can be configured and used like physical interfaces for routing, bridging, and protocols like OSPF. However, attributes like the VNI and multicast group cannot be changed after interface creation without deleting and recreating the interface.
Make Your Containers Faster: Linux Container Performance Tools
If you look under the hood, Linux containers are just processes with some isolation features and resource quotas sprinkled on top. In this talk, we will apply modern Linux performance tools to container analysis: get high-level resource utilization on running containers with docker stats, htop, and nsenter; dig into high-CPU issues with perf; detect slow filesystem latency with BPF-based tools; and generate flame graphs of interesting event call stacks.
Sasha Goldshtein is the CTO of Sela Group, a Microsoft MVP and Regional Director, Pluralsight and O'Reilly author, and international consultant and trainer. Sasha is the author of two books and multiple online courses, and a prolific blogger. He is also an active open source contributor to projects focused on system diagnostics, performance monitoring, and tracing -- across multiple operating systems and runtimes. Sasha authored and delivered training courses on Linux performance optimization, event tracing, production debugging, mobile application development, and modern C++. Between his consulting engagements, Sasha speaks at international conferences world-wide.
You can find more details on the meetup page - https://www.meetup.com/Tel-Aviv-Yafo-Linux-Kernel-Meetup/events/245319189/
Linux Containers From Scratch: Makfile MicroVPS
The latest releases of today’s popular Linux distributions include all the tools needed to do interesting things with Linux containers.
For the Makefile MicroVPS project, I set out to build a minimal virtual private server-like environment in a Linux container from scratch.
These are my requirements for the MicroVPS:
Minimal init sequence
Most of what happens in a rc.sysinit file is not needed (or wanted) in a container. However, to work like a virtual private server, the MicroVPS will need some kind of init system. The absolute minimum would be enough to start the network and at least one service.
Native network namespace
The MicroVPS will have a dedicated network namespace. It should be easy to configure.
Native package management
The package set installed in the container image will be managed using native tools like deb or rpm.
Automated build
An automated repeatable build process is a must.
Fast iteration cycle
The building and testing cycle must be fast enough not to drive me insane.
Easy management
It should be easy to distribute, monitor, and run a MicroVPS container.
In this tutorial, I will show how to use the tools included with Linux to build a virtual private server in a Linux container from scratch, using GNU Make to automate the build process.
introduction to linux kernel tcp/ip ptocotol stack
This document provides an introduction and overview of the networking code in the Linux kernel source tree. It discusses the different layers including link (L2), network (L3), and transport (L4) layers. It describes the input and output processing, device interfaces, traffic directions, and major developers for each layer. Config and benchmark tools are also mentioned. Resources for further learning about the Linux kernel networking code are provided at the end.
Playing BBR with a userspace network stack
Hajime Tazaki presented on using the Linux Kernel Library (LKL) to run a userspace network stack with TCP BBR. Initial benchmarks showed poor BBR performance with LKL due to imprecise timestamps. Improving the timestamp resolution and scheduler optimizations increased BBR throughput to be comparable to native Linux. Further work is needed to fully understand performance impacts and optimize for high-speed networks. LKL provides a reusable network stack across platforms but faces challenges with timing accuracy required for features like BBR.
Pipework: Software-Defined Network for Containers and Docker
Pipework lets you connect together containers in arbitrarily complex scenarios. Pipework uses cgroups and namespaces and works with "plain" LXC containers (created with lxc-start), and with the awesome Docker.
It's nothing less than Software-Defined Networking for Linux Containers!
This is a short presentation about Pipework, given at the Docker Networking meet-up November 6th in Mountain View.
More information:
- https://github.com/jpetazzo/pipework
- http://www.meetup.com/Docker-Networking/
Meet cute-between-ebpf-and-tracing
This document discusses how eBPF (extended Berkeley Packet Filter) can be used for kernel tracing. It provides an overview of BPF and eBPF, how eBPF programs are compiled and run in the kernel, the use of BPF maps, and how eBPF enables new possibilities for dynamic kernel instrumentation through techniques like Kprobes and ftrace.
Fun with FUSE
Dima Krasner talks about FUSE, Filesystem in Userspace, its pros and cons, usage, tips and tricks, and more.
Dima is a senior developer at Sam Seamless Network.
Linux Kernel Library - Reusing Monolithic Kernel
The document summarizes the Linux Kernel Library (LKL), which allows running Linux kernel code in userspace. LKL provides a hardware-independent architecture and interfaces to underlying resources like clocks and memory allocation. This allows Linux drivers and code to run on different platforms like Windows and as application libraries. LKL implements common kernel functions with pthreads and exposes syscall interfaces for applications. It has various use cases like instant kernel bypass, reusing kernel code in userspace programs, and building unikernels. The performance of LKL is evaluated and shows improvements from optimizations like avoiding dynamic allocation.
FreeBSD and Drivers
Have you ever heard of FreeBSD? Probably.
Have you ever interacted with its kernel? Probably not.
In this talk, Gili Yankovitch (nyxsecuritysolutions.com) will talk about the FreeBSD operating system, its network stack and how to write network drivers for it.
The talk will cover the following topics:
* Kernel/User interation in FreeBSD
* The FreeBSD Network Stack
* Network Buffers API
* L2 and L3 Hooking
Advanced Namespaces and cgroups
The document provides an overview of the cgroup subsystem and namespace subsystem in Linux, which form the basis of Linux containers. It discusses how cgroups and namespaces enable lightweight virtualization of processes through isolation of resources and namespaces. It then covers specific aspects of cgroups like the memory, CPU, devices, and PIDs controllers. It also summarizes the key differences and improvements in the cgroup v2 implementation, such as having a single unified hierarchy and consistent controller interfaces.
Network stack personality in Android phone - netdev 2.2
An alternate approach to updating the Android network stack is to implement the stack in userspace using the Linux Kernel Library (LKL). This allows new network protocols and stacks to be added without replacing the host kernel. Measurements show the userspace LKL stack can achieve comparable performance to the native kernel over WiFi, and higher throughput over multipath TCP despite processing packets twice. However, results are often unstable and there are some limitations like asynchronous signal safety that require further work. Overall, using LKL provides a way to more easily distribute new network code without waiting for kernel upgrades.
Virtualization which isn't: LXC (Linux Containers)
LXC (Linux Containers) provides operating-system-level virtualization without the overhead of full virtualization. It isolates processes into containers using kernel namespaces and control groups. Containers can be limited in their CPU, memory, storage, and network usage. Common commands like lxc-start are used to deploy whole operating systems within containers. LXC provides many of the benefits of virtualization with less overhead since it leverages existing Linux kernel features rather than requiring a separate kernel like traditional virtualization.
Linux Containers From Scratch
Velocity Europe 2014 presentation on the building blocks of linux containers. Watch the video: http://vimeo.com/115073286
Microservices Network Architecture 101
Watch this presentation and learn all about Microservices.
*Flannel, Weave, IPVLAN, MacVLAN and how they fit together with Docker, Swarm or Kubernetes
*How containers communicate with each other
*How the choice of Networking Interface impacts router and switch deployment in the Data Center
Docker network
The document discusses Docker networks and provides details about the default networks that are automatically created when Docker is installed. There are three default networks: bridge, none, and host. The bridge network represents the docker0 network and is the default network that containers are connected to. The none network adds containers without a network interface, and the host network gives containers the same network stack as the Docker host. The default bridge network uses IP address 172.17.0.1/16 and connects newly launched containers to it.
Linux cgroups and namespaces
Luiz Viana e André Ferraz (Cazé) mostram uma visão geral das tecnologias nativas para isolamento de recursos em ambiente Linux.
Modern Linux Tracing Landscape
Agenda:
The Linux kernel has multiple "tracers" built-in, with various degrees of support for aggregation, dynamic probes, parameter processing, filtering, histograms, and other features. Starting from the venerable ftrace, introduced in kernel 2.6, all the way through eBPF, which is still under development, there are many options to choose from when you need to statically instrument your software with probes, or diagnose issues in the field using the system's dynamic probes. Modern tools include SystemTap, Sysdig, ktap, perf, bcc, and others. In this talk, we will begin by reviewing the modern tracing landscape -- ftrace, perf_events, kprobes, uprobes, eBPF -- and what insight into system activity these tools can offer. Then, we will look at specific examples of using tracing tools for diagnostics: tracing a memory leak using low-overhead kmalloc/kfree instrumentation, diagnosing a CPU caching issue using perf stat, probing network and block I/O latency distributions under load, or merely snooping user activities by capturing terminal input and output.
Speaker:
Sasha is the CTO of Sela Group, a training and consulting company based in Israel that employs over 400 developers world-wide. Most of Sasha's work revolves around performance optimization, production debugging, and low-level system diagnostics, but he also dabbles in mobile application development on iOS and Android. Sasha is the author of two books and three Pluralsight courses, and a contributor to multiple open-source projects. He blogs at http://blog.sashag.net.
Small, Simple, and Secure: Alpine Linux under the Microscope
Alpine Linux is a distro that has become popular for Docker images. Why do we need another distro? Why does Alpine matter? How does it differ from other distros?
In this talk, we'll answer all these questions – and a few more.
The Basic Introduction of Open vSwitch
This document provides an overview of Open vSwitch, including what it is, its main components, features, and how it can be used to build virtual network topologies. Open vSwitch is a software-defined networking switch that can be used to create virtual networks and handle network traffic between virtual machines and tunnels. It uses a distributed database, ovsdb-server, and a userspace daemon, ovs-vswitchd, to implement features like virtual switching, tunneling protocols, and OpenFlow support. Examples are provided for using Open vSwitch with KVM virtual machines and GRE tunnels to create virtual network topologies.
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
In this talk, Madhu Venugopal will present Docker Networking & Service Discovery features shipped in 1.11 and new Experimental Vlan network drivers introduced in 1.11.
Operationalizing VRF in the Data Center
VRF (Virtual Routing and Forwarding) provides logical isolation of routing domains within a physical network. The document discusses VRF support in Linux kernels and Cumulus Linux. It provides examples of VRF configuration and management, including interface assignment, routing protocols, and troubleshooting tools. VRF allows multiple routing instances to operate on the same physical router or switch for improved network segmentation and security.
Containers and Namespaces in the Linux Kernel
This document discusses containers and namespaces in the Linux kernel. It begins by comparing containers to hypervisors, describing the key kernel components that enable containers including namespaces for PID, network, users and more. It then covers resource management using cgroups and checkpoint/restart capabilities. The document provides examples of different namespace types and discusses ongoing work related to namespaces and resource management in containers.
More Related Content
What's hot
Make Your Containers Faster: Linux Container Performance Tools
If you look under the hood, Linux containers are just processes with some isolation features and resource quotas sprinkled on top. In this talk, we will apply modern Linux performance tools to container analysis: get high-level resource utilization on running containers with docker stats, htop, and nsenter; dig into high-CPU issues with perf; detect slow filesystem latency with BPF-based tools; and generate flame graphs of interesting event call stacks.
Sasha Goldshtein is the CTO of Sela Group, a Microsoft MVP and Regional Director, Pluralsight and O'Reilly author, and international consultant and trainer. Sasha is the author of two books and multiple online courses, and a prolific blogger. He is also an active open source contributor to projects focused on system diagnostics, performance monitoring, and tracing -- across multiple operating systems and runtimes. Sasha authored and delivered training courses on Linux performance optimization, event tracing, production debugging, mobile application development, and modern C++. Between his consulting engagements, Sasha speaks at international conferences world-wide.
You can find more details on the meetup page - https://www.meetup.com/Tel-Aviv-Yafo-Linux-Kernel-Meetup/events/245319189/
Linux Containers From Scratch: Makfile MicroVPS
The latest releases of today’s popular Linux distributions include all the tools needed to do interesting things with Linux containers.
For the Makefile MicroVPS project, I set out to build a minimal virtual private server-like environment in a Linux container from scratch.
These are my requirements for the MicroVPS:
Minimal init sequence
Most of what happens in a rc.sysinit file is not needed (or wanted) in a container. However, to work like a virtual private server, the MicroVPS will need some kind of init system. The absolute minimum would be enough to start the network and at least one service.
Native network namespace
The MicroVPS will have a dedicated network namespace. It should be easy to configure.
Native package management
The package set installed in the container image will be managed using native tools like deb or rpm.
Automated build
An automated repeatable build process is a must.
Fast iteration cycle
The building and testing cycle must be fast enough not to drive me insane.
Easy management
It should be easy to distribute, monitor, and run a MicroVPS container.
In this tutorial, I will show how to use the tools included with Linux to build a virtual private server in a Linux container from scratch, using GNU Make to automate the build process.
introduction to linux kernel tcp/ip ptocotol stack
This document provides an introduction and overview of the networking code in the Linux kernel source tree. It discusses the different layers including link (L2), network (L3), and transport (L4) layers. It describes the input and output processing, device interfaces, traffic directions, and major developers for each layer. Config and benchmark tools are also mentioned. Resources for further learning about the Linux kernel networking code are provided at the end.
Playing BBR with a userspace network stack
Hajime Tazaki presented on using the Linux Kernel Library (LKL) to run a userspace network stack with TCP BBR. Initial benchmarks showed poor BBR performance with LKL due to imprecise timestamps. Improving the timestamp resolution and scheduler optimizations increased BBR throughput to be comparable to native Linux. Further work is needed to fully understand performance impacts and optimize for high-speed networks. LKL provides a reusable network stack across platforms but faces challenges with timing accuracy required for features like BBR.
Pipework: Software-Defined Network for Containers and Docker
Pipework lets you connect together containers in arbitrarily complex scenarios. Pipework uses cgroups and namespaces and works with "plain" LXC containers (created with lxc-start), and with the awesome Docker.
It's nothing less than Software-Defined Networking for Linux Containers!
This is a short presentation about Pipework, given at the Docker Networking meet-up November 6th in Mountain View.
More information:
- https://github.com/jpetazzo/pipework
- http://www.meetup.com/Docker-Networking/
Meet cute-between-ebpf-and-tracing
This document discusses how eBPF (extended Berkeley Packet Filter) can be used for kernel tracing. It provides an overview of BPF and eBPF, how eBPF programs are compiled and run in the kernel, the use of BPF maps, and how eBPF enables new possibilities for dynamic kernel instrumentation through techniques like Kprobes and ftrace.
Fun with FUSE
Dima Krasner talks about FUSE, Filesystem in Userspace, its pros and cons, usage, tips and tricks, and more.
Dima is a senior developer at Sam Seamless Network.
Linux Kernel Library - Reusing Monolithic Kernel
The document summarizes the Linux Kernel Library (LKL), which allows running Linux kernel code in userspace. LKL provides a hardware-independent architecture and interfaces to underlying resources like clocks and memory allocation. This allows Linux drivers and code to run on different platforms like Windows and as application libraries. LKL implements common kernel functions with pthreads and exposes syscall interfaces for applications. It has various use cases like instant kernel bypass, reusing kernel code in userspace programs, and building unikernels. The performance of LKL is evaluated and shows improvements from optimizations like avoiding dynamic allocation.
FreeBSD and Drivers
Have you ever heard of FreeBSD? Probably.
Have you ever interacted with its kernel? Probably not.
In this talk, Gili Yankovitch (nyxsecuritysolutions.com) will talk about the FreeBSD operating system, its network stack and how to write network drivers for it.
The talk will cover the following topics:
* Kernel/User interation in FreeBSD
* The FreeBSD Network Stack
* Network Buffers API
* L2 and L3 Hooking
Advanced Namespaces and cgroups
The document provides an overview of the cgroup subsystem and namespace subsystem in Linux, which form the basis of Linux containers. It discusses how cgroups and namespaces enable lightweight virtualization of processes through isolation of resources and namespaces. It then covers specific aspects of cgroups like the memory, CPU, devices, and PIDs controllers. It also summarizes the key differences and improvements in the cgroup v2 implementation, such as having a single unified hierarchy and consistent controller interfaces.
Network stack personality in Android phone - netdev 2.2
An alternate approach to updating the Android network stack is to implement the stack in userspace using the Linux Kernel Library (LKL). This allows new network protocols and stacks to be added without replacing the host kernel. Measurements show the userspace LKL stack can achieve comparable performance to the native kernel over WiFi, and higher throughput over multipath TCP despite processing packets twice. However, results are often unstable and there are some limitations like asynchronous signal safety that require further work. Overall, using LKL provides a way to more easily distribute new network code without waiting for kernel upgrades.
Virtualization which isn't: LXC (Linux Containers)
LXC (Linux Containers) provides operating-system-level virtualization without the overhead of full virtualization. It isolates processes into containers using kernel namespaces and control groups. Containers can be limited in their CPU, memory, storage, and network usage. Common commands like lxc-start are used to deploy whole operating systems within containers. LXC provides many of the benefits of virtualization with less overhead since it leverages existing Linux kernel features rather than requiring a separate kernel like traditional virtualization.
Linux Containers From Scratch
Velocity Europe 2014 presentation on the building blocks of linux containers. Watch the video: http://vimeo.com/115073286
Microservices Network Architecture 101
Watch this presentation and learn all about Microservices.
*Flannel, Weave, IPVLAN, MacVLAN and how they fit together with Docker, Swarm or Kubernetes
*How containers communicate with each other
*How the choice of Networking Interface impacts router and switch deployment in the Data Center
Docker network
The document discusses Docker networks and provides details about the default networks that are automatically created when Docker is installed. There are three default networks: bridge, none, and host. The bridge network represents the docker0 network and is the default network that containers are connected to. The none network adds containers without a network interface, and the host network gives containers the same network stack as the Docker host. The default bridge network uses IP address 172.17.0.1/16 and connects newly launched containers to it.
Linux cgroups and namespaces
Luiz Viana e André Ferraz (Cazé) mostram uma visão geral das tecnologias nativas para isolamento de recursos em ambiente Linux.
Modern Linux Tracing Landscape
Agenda:
The Linux kernel has multiple "tracers" built-in, with various degrees of support for aggregation, dynamic probes, parameter processing, filtering, histograms, and other features. Starting from the venerable ftrace, introduced in kernel 2.6, all the way through eBPF, which is still under development, there are many options to choose from when you need to statically instrument your software with probes, or diagnose issues in the field using the system's dynamic probes. Modern tools include SystemTap, Sysdig, ktap, perf, bcc, and others. In this talk, we will begin by reviewing the modern tracing landscape -- ftrace, perf_events, kprobes, uprobes, eBPF -- and what insight into system activity these tools can offer. Then, we will look at specific examples of using tracing tools for diagnostics: tracing a memory leak using low-overhead kmalloc/kfree instrumentation, diagnosing a CPU caching issue using perf stat, probing network and block I/O latency distributions under load, or merely snooping user activities by capturing terminal input and output.
Speaker:
Sasha is the CTO of Sela Group, a training and consulting company based in Israel that employs over 400 developers world-wide. Most of Sasha's work revolves around performance optimization, production debugging, and low-level system diagnostics, but he also dabbles in mobile application development on iOS and Android. Sasha is the author of two books and three Pluralsight courses, and a contributor to multiple open-source projects. He blogs at http://blog.sashag.net.
Small, Simple, and Secure: Alpine Linux under the Microscope
Alpine Linux is a distro that has become popular for Docker images. Why do we need another distro? Why does Alpine matter? How does it differ from other distros?
In this talk, we'll answer all these questions – and a few more.
The Basic Introduction of Open vSwitch
This document provides an overview of Open vSwitch, including what it is, its main components, features, and how it can be used to build virtual network topologies. Open vSwitch is a software-defined networking switch that can be used to create virtual networks and handle network traffic between virtual machines and tunnels. It uses a distributed database, ovsdb-server, and a userspace daemon, ovs-vswitchd, to implement features like virtual switching, tunneling protocols, and OpenFlow support. Examples are provided for using Open vSwitch with KVM virtual machines and GRE tunnels to create virtual network topologies.
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
In this talk, Madhu Venugopal will present Docker Networking & Service Discovery features shipped in 1.11 and new Experimental Vlan network drivers introduced in 1.11.
What's hot (20)
Make Your Containers Faster: Linux Container Performance Tools
Make Your Containers Faster: Linux Container Performance Tools
introduction to linux kernel tcp/ip ptocotol stack
introduction to linux kernel tcp/ip ptocotol stack
Pipework: Software-Defined Network for Containers and Docker
Pipework: Software-Defined Network for Containers and Docker
Network stack personality in Android phone - netdev 2.2
Network stack personality in Android phone - netdev 2.2
Virtualization which isn't: LXC (Linux Containers)
Virtualization which isn't: LXC (Linux Containers)
Small, Simple, and Secure: Alpine Linux under the Microscope
Small, Simple, and Secure: Alpine Linux under the Microscope
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Docker Meetup: Docker Networking 1.11, by Madhu Venugopal
Viewers also liked
Operationalizing VRF in the Data Center
VRF (Virtual Routing and Forwarding) provides logical isolation of routing domains within a physical network. The document discusses VRF support in Linux kernels and Cumulus Linux. It provides examples of VRF configuration and management, including interface assignment, routing protocols, and troubleshooting tools. VRF allows multiple routing instances to operate on the same physical router or switch for improved network segmentation and security.
Containers and Namespaces in the Linux Kernel
This document discusses containers and namespaces in the Linux kernel. It begins by comparing containers to hypervisors, describing the key kernel components that enable containers including namespaces for PID, network, users and more. It then covers resource management using cgroups and checkpoint/restart capabilities. The document provides examples of different namespace types and discusses ongoing work related to namespaces and resource management in containers.
Virtual Routing and Forwarding, (VRF-lite)
VRF-Lite allows a single physical router to virtualize multiple routers by creating independent virtual routing tables (VRFs). Each VRF logically isolates the routing tables and network traffic of customers or applications. The physical router uses VLAN trunking to keep traffic from different VRFs separate when sending data to other devices. Configuring VRF-Lite involves defining VRFs, assigning interfaces to VRFs, and configuring routing protocols for each VRF.
VRF (virtual routing and forwarding)
VRF (Virtual Routing and Forwarding) is a technology that allows multiple instances of a routing table to
co-exist within the same router at the same time. This increases functionality by allowing network paths
to be segmented without using multiple devices. Because traffic is automatically segregated, VRF also
increases network security and can eliminate the need for encryption and authentication. Internet
service providers (ISPs) often take advantage of VRF to create separate virtual private networks (VPNs)
for customers; thus the technology is also referred to as VPN routing and forwarding. Because the
routing instances are independent, the same or overlapping IP addresses can be used without
conflicting with each other.
Namespace
The document discusses namespaces in C#. Key points:
- Namespaces prevent naming conflicts by allowing names to be separated into different declarative regions.
- The .NET Framework uses the System namespace. Other common namespaces include System.IO.
- Namespaces become important as the number of classes, methods, etc. grows to avoid conflicts.
- Namespaces are declared using the namespace keyword followed by the name.
- The using directive imports namespaces so their contents can be accessed without qualification.
- Namespaces can be nested within each other and multiple namespaces of the same name can be declared.
Resource Management of Docker
How to improve the network of Docker? How to integrate with OpenVSwitch? How to apply more fine-grained QoS limitation and monitor the resource usage of containers? How to improve Docker in non-intrusive ways? This slides shared by Li Yulai, the Chief Architect of SpeedyCloud, is to answer questions above. Visit http://www.speedycloud.cn to find out more.
Linux containers-namespaces(Dec 2014)
presentation held at SUSE Linux Expert Forum December 2014
Linux container history and Linux namespaces
examples include:
* Move a VPN connection to its own namespace(p 25)
* User namespaces demo(p 28)
see collection of useful articles and advanced container usecases pp 29
LSA2 - 02 Namespaces
This document discusses Linux namespaces, which allow isolation and virtualization of system resources like process IDs, network interfaces, mounted filesystems, and more. It provides examples of different namespace types like UTS, user, PID, IPC, mount, and network namespaces. It also covers the kernel configuration and software implementation using clone() and setns() system calls to create and join namespaces.
Introduction to VRF
This is a presentation regarding the introduction to the heating and cooling system technology called variable refrigerant flow systems. (non-commercial)
Linux container, namespaces & CGroup.
An introduction to Linux Container, Namespace & Cgroup.
Virtual Machine, Linux operating principles. Application constraint execution environment. Isolate application working environment.
Fun with Network Interfaces
Agenda:
In this session, Shmulik Ladkani discusses the kernel's net_device abstraction, its interfaces, and how net-devices interact with the network stack. The talk covers many of the software network devices that exist in the Linux kernel, the functionalities they provide and some interesting use cases.
Speaker:
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
An Overview of Linux Networking Options
This presentation provides an introductory overview of Linux networking options, including network namespaces, VLAN interfaces, MACVLAN interfaces, and virtual Ethernet (veth) interfaces.
Docker란 무엇인가? : Docker 기본 사용법
Docker란 무엇인가? : Docker 기본 사용법
Docker Seoul Meetup #1 발표 자료입니다.
Docker 기본 개념과 사용 방법을 설명하였습니다.
도커 무작정 따라하기: 도커가 처음인 사람도 60분이면 웹 서버를 올릴 수 있습니다!
도커 무작정 따라하기
- 도커가 처음인 사람도 60분이면 웹 서버를 올릴 수 있습니다!
도커의 기본 개념부터 설치와 사용 방법까지 설명합니다.
더 자세한 내용은 가장 빨리 만나는 도커(Docker)를 참조해주세요~
http://www.pyrasis.com/private/2014/11/30/publish-docker-for-the-really-impatient-book
Realizing Linux Containers (LXC)
Linux containers (LXC) provide operating system-level virtualization using features of the Linux kernel such as cgroups, namespaces, and chroot. This allows for the creation of lightweight isolated environments called containers that share the kernel of the host system. Containers offer many advantages over traditional virtual machines such as near-native performance, flexibility, and lightweight resource usage. The document discusses the key building blocks and technologies that underpin LXC such as cgroups for resource control and namespaces for process isolation. It also covers the benefits of using LXC and how container images are realized on Linux.
Docker, Linux Containers (LXC), and security
Linux containers provide isolation between applications using namespaces and cgroups. While containers appear similar to VMs, they do not fully isolate applications and some security risks remain. To improve container security, Docker recommends: 1) not running containers as root, 2) dropping capabilities like CAP_SYS_ADMIN, 3) enabling user namespaces, and 4) using security modules like SELinux. However, containers cannot fully isolate applications that need full hardware or kernel access, so virtual machines may be needed in some cases.
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems?
In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.
Viewers also liked (19)
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Anatomy of a Container: Namespaces, cgroups & Some Filesystem Magic - LinuxCon
Similar to Linux network namespaces
Dockerizing the Hard Services: Neutron and Nova
Talk about the benefits and pitfalls involved in successfully running complex services like Neutron and Nova inside of Docker containers.
Topics include:
* What magic incantations are needed to run these services at all?
* How to prevent HA router failover on service restarts.
* How to prevent network namespaces from breaking everything.
* Bonus: How network namespace fixes also helped fix Cinder NFS backend
Rac on NFS
This document describes how to install Oracle 10g RAC on Linux using NFS for shared storage. Key steps include:
1. Installing Oracle Enterprise Linux on two nodes and configuring networking and prerequisites.
2. Setting up NFS shares on one node for shared file systems and disks.
3. Installing the Oracle Clusterware software and configuring the two-node cluster.
Docker Multi Host Networking, Rachit Arora, IBM
This document discusses Docker multi-host networking options. It provides an overview of Docker networking and describes goals of making the network a first class object and supporting networks across multiple hosts. It then discusses libnetwork, the updated Docker networking stack, and multi-host networking options like Open vSwitch, Weave, and software defined networks (SDNs). Specific setup instructions are provided for Open vSwitch and Weave. Performance comparisons show Weave and Open vSwitch with optimizations can achieve over 90 MB/s bandwidth while the default Open vSwitch configuration is much lower. An alternative OpenStack Neutron-based design is also briefly outlined.
Slackware Demystified [SELF 2011]
Slackware Demystified provides an overview of the Slackware Linux distribution. It discusses Slackware's philosophy of keeping things simple and sticking close to upstream. It describes Slackware's init system, configuration files, package structure, and community support. The presentation emphasizes Slackware's minimalist approach and encourages learning through documentation rather than abstracted interfaces.
Direct Code Execution - LinuxCon Japan 2014
Direct Code Execution (DCE) is a userspace kernel network stack that allows running real network stack code in a single process. DCE provides a testing platform that enables reproducible testing, fine-grained parameter tuning, and a development framework for network protocols. It achieves this through a virtualization core layer that runs multiple network nodes within a single process, a kernel layer that replaces the kernel with a shared library, and a POSIX layer that redirects system calls to the kernel library. This allows full control and observability for testing and debugging the network stack.
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...
Slides from Barak Michener's talk "CoreOS: Building the Layers of the Scalable Cluster for Containers" at ContainerDays Boston 2015: http://dynamicinfradays.org/events/2015-boston/programme.html#layers
TechDay - Cambridge 2016 - OpenNebula at Harvard Univerity
This document provides an overview and summary of OpenNebula configuration at Harvard FAS Research Computing using Puppet. It describes the hardware setup including OpenNebula and Ceph nodes, network configuration using VLANs across multiple datacenters, and configuration of OpenNebula and associated services like Ceph and MySQL using Puppet modules, roles, profiles, Hiera data and exported resources. The goal is automated provisioning and configuration management of OpenNebula and associated infrastructure at scale.
LibOS as a regression test framework for Linux networking #netdev1.1
This document describes using the LibOS framework to build a regression testing system for Linux networking code. LibOS allows running the Linux network stack in a library, enabling deterministic network simulation. Tests can configure virtual networks and run network applications and utilities to identify bugs in networking code by detecting changes in behavior across kernel versions. Example tests check encapsulation protocols like IP-in-IP and detect past kernel bugs. Results are recorded in JUnit format for integration with continuous integration systems.
Develop QNAP NAS App by Docker
This document provides information on developing QNAP NAS apps using Docker. It introduces Docker and how apps can be packaged and run as Docker containers on QNAP NAS. It discusses using QDK/QDK2 to build QPKG packages for apps and deploying them to QNAP NAS through Container Station. Examples of building a Ghost blogging platform app and debugging techniques are also presented. The document aims to educate developers on leveraging Docker for app development on QNAP NAS.
Continuous Delivery: The Next Frontier
Code testing and Continuous Integration are just the first step in a source code to production process. Combined with infrastructure-as-code tools such as Puppet the whole process can be automated, and tested!
Red Hat OpenStack 17 저자직강+스터디그룹_4주차
This document outlines the curriculum for a 4-week Red Hat OpenStack 17 study group. Week 4 focuses on deploying the overcloud and troubleshooting. The agenda includes creating an NFS server, preparing template files, deploying the overcloud, and previewing the next session. The template files define roles, networks, ports, and services for the overcloud nodes. Deploying the overcloud uses these templates to install OpenStack services onto the nodes from the repository containers.
Postgres the hardway
Presentation at March 2019 Dutch Postgres User Group Meetup on lessons learnt while migrating from Oracle to Postgres, demo'ed via vagrant test environments and using generic pgbench datasets.
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
In this presentation I explain using video examples how kubernetes works and how this can be used to host your Drupal 7 or 8 site. There are obviously also gotcha's and I'd like to warn you to not use this in production until you've verified it
Corwin on Containers
This was a talk given internally at BloomReach as well as a guest lecture to a grad level Data Structures and Algorithms class at the University of Texas at Arlington.
A Deep dive on the history of containers, and how they work under the cover utilizing Linux Kernel features such as Process Namespaces and Control Groups.
I also go over a bit of the history of Container technology, going from Chroot and Jails and Zones, to LXC and Docker
Practical Tips for Novell Cluster Services
This session will use Novell Open Enterprise Server 2 SP2 to demonstrate how to cluster critical services—from NSS and Novell iPrint to Novell GroupWise, AFP and beyond. We'll cover the new features of Novell Cluster Services in the latest release of Novell Open Enterprise Server, and we'll show you how you can ensure consistency by using AutoYaST to build your nodes. This will be a practical session, so be prepared for a few thrills and spills along the way!
Speakers:
Tim Heywood CTO NDS 8
Mark Robinson CTO Linux NDS8
Devops in Networking
This document discusses DevOps in networking and provides examples of using Python libraries and Ansible to programmatically configure and monitor network devices. It describes motivations for DevOps in networking like SDN technologies, availability of network automation tools, and cloud networking. Use cases presented include configuration of L2/L3 protocols and services and network monitoring. The document also discusses network APIs, models like YANG, and tools like Ansible, Python, and protocol standards. An example demonstrates using the PyEAPI Python library to read and create VLANs on an Arista switch and using Ansible to get LLDP neighbors from a Cisco device.
Sheep it
This document summarizes Lucas Fontes' approach to deploying applications with Docker and Consul at Uken Studios, which has around 150 servers running 70 application servers and 40 databases. It outlines challenges with their previous deployment process and infrastructure, and describes how their new system addresses these using Docker for building and running applications, Consul for service discovery and configuration, and Consul Template to reload applications when configurations change. The workflow involves building Docker images, running containers securely, and releasing new versions by pushing images to a registry and notifying Consul to trigger reloads.
Bare Metal to OpenStack with Razor and Chef
Razor is an open source provisioning tool that was originally developed by EMC and Puppet Labs. It can discover hardware, select images to deploy, and provision nodes using model-based provisioning. The demo showed setting up a Razor appliance, adding images, models, policies, and brokers. It then deployed an OpenStack all-in-one environment to a new VM using Razor and Chef. The OpenStack cookbook walkthrough explained the roles, environments, and cookbooks used to deploy and configure OpenStack components using Chef.
Docker and friends at Linux Days 2014 in Prague
Docker allows deploying applications easily across various environments by packaging them along with their dependencies into standardized units called containers. It provides isolation and security while allowing higher density and lower overhead than virtual machines. Core OS and Mesos both integrate with Docker to deploy containers on clusters of machines for scalability and high availability.
Quick and Solid - Baremetal on OpenStack | Rico Lin
The document discusses using OpenStack Ironic to provision bare metal servers. Key points include:
- Ironic allows provisioning of physical servers alongside virtual instances managed by Nova.
- Commands are provided to enroll bare metal nodes in Ironic, create ports, validate and power on nodes, and deploy an image using Nova.
- Tips discuss issues with large-scale deployments, PXE boot, and driver/library conflicts.
Similar to Linux network namespaces (20)
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...
ContainerDays Boston 2015: "CoreOS: Building the Layers of the Scalable Clust...
TechDay - Cambridge 2016 - OpenNebula at Harvard Univerity
TechDay - Cambridge 2016 - OpenNebula at Harvard Univerity
LibOS as a regression test framework for Linux networking #netdev1.1
LibOS as a regression test framework for Linux networking #netdev1.1
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Drupaljam 2017 - Deploying Drupal 8 onto Hosted Kubernetes in Google Cloud
Quick and Solid - Baremetal on OpenStack | Rico Lin
Quick and Solid - Baremetal on OpenStack | Rico Lin
Recently uploaded
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Pitangent Analytics & Technology Solutions Pvt. Ltd
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Dmitrii Kamaev, PhD
Senior Product Owner - QIAGEN
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Tomaz Bratanic
Graph ML and GenAI Expert - Neo4j
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Gursev Pirge, PhD
Senior Data Scientist - JohnSnowLabs
The Microsoft 365 Migration Tutorial For Beginner.pptx
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Dandelion Hashtable: beyond billion requests per second on a commodity server
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
HCL Notes and Domino License Cost Reduction in the World of DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Apps Break Data
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
Artificial Intelligence and Electronic Warfare
Artificial Intelligence and Electronic WarfarePapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
AI & Electronic WarfareDriving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Leveraging the Graph for Clinical Trials and Standards
Katja Glaß
OpenStudyBuilder Community Manager - Katja Glaß Consulting
Marius Conjeaud
Principal Consultant - Neo4j
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Recently uploaded (20)
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Linux network namespaces
- 1. Linux Network Namespaces (and how they are used in Docker vs OpenStack)
- 2. VRF? (kinda) Virtual routing and forwarding (VRF) is a technology included in IP (Internet Protocol) network routers that allows multiple instances of a routing table to exist in a router and work simultaneously. This increases functionality by allowing network paths to be segmented without using multiple devices.
- 3. Namespace = VRF++ Each Linux namespace has its own set of: /proc/net connection tracking netfilter tables and chains (iptables, ebtables, arptables, …) myriad settings: buffers, window sizing, congestion tuning, omg, yes, yes, yes! network devices routing table
- 4. Why? The purpose of the patch series that includes network namespaces is primarily to enable containers. Which just like VMs provide: Isolation Resource allocation Lightweight++, security-- (when compared to kvm)
- 5. Small example in C Full(er) version at : https://github.com/geekinutah/create_net_namespace // Declarations above skipped static char child_stack[1048576]; int use_clone() { printf("Welcome to your new network namespace!n"); printf("Here's the new output of 'ip link show'n"); system("/sbin/ip link show"); printf("nn"); system("/bin/bash"); printf("Back to the old namespace.n"); } int main (int argc, char **argv) { // Lots of code skipped here pid_t child_pid = clone(use_clone, child_stack+1048576, CLONE_NEWPID | CLONE_NEWNET | SIGCHLD, NULL); waitpid(child_pid, NULL, 0); return 0; }
- 6. Using iproute2 # ip netns create testing && echo “We have a new namespace.” We have a new namespace # ls -l /var/run/netns/testing -r--r--r--. 1 root root 0 Aug 27 15:33 /var/run/netns/testing # ip netns exec testing ip link show 1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 # ip netns delete testing # ls -l /var/run/netns/ total 0
- 7. Where is my net namespace #!/bin/bash PID=`pgrep ${@}` # Arg should produce one match NS=`ls -1 /proc/${PID}/ns/net` print “${NS} is the file you are looking for” # What now, symlink $NS to /var/run/netns/a_random_name? # We could also use nsenter?
- 11. And also... Overlays!!! (Clouds love them)
- 12. OpenStack networking Lots of choices: Open vSwitch Linuxbridge Commercial (several) Most people use Open vSwitch Free Featureful
- 13. Neutron + Open vSwitch Overlays (GRE, VXLAN) Provider networks External/Floating networks Isolation Programmable via API Decent performance and stability Good job Neutron developers!!!
- 14. OpenStack part 1 In OpenStack network namespaces are really used to provide just one thing: Overlapping IP space
- 15. OpenStack part2 Two different neutron agents make use of namespaces: neutron-l3-agent neutron-dhcp-agent
- 16. eth1 Namespace BNamespace A n Router Namespaces eth0 OpenStack part3 br-ex br-int qg qrqrqg qg dnsmasq A dnsmasq B Vlan tag 1 Vlan tag 2 This is simplified for space, if you look at a network node it will look a bit different.