Network Engineer in DevOps world

Posts

  • Apr 9, 2017

    Ephemeral remote access IPSEC VPN server with Terraform and StrongSWAN

    Introduction StrongSWAN is a great opensource product for building software VPN networks, based on IPSEC. It is really easy to build Site-2-Site or Remote-Access VPN with different architectures using StrongSWAN, lots of examples are published in their wiki. At the same time this piece of software provides great test suite options for integration testing. In this post we will try to make an automated and ephemeral remote access VPN server using Terraform infrastructure as a...
    Read more...

    Strongswan VPN IKEv2
  • Jul 14, 2016

    Using Consul as IPAM backend for CNI plugins

    In one of the previous posts we described PoC for Kubernetes network with BaGPipe BGP CNI plugin. However we used local IP allocator and storage that comes with CNI basic plugins bundle. Apparently that is not useful for distributed multi-node environment. To address this issue I made an effort to create a proof of concept that uses Consul backend to store IP allocations. Also here you can find examples how to use Go Consul API...
    Read more...

    Consul with CNI PoC
  • May 26, 2016

    Flannel network explanation and example

    The networking model proposed by flannel implies that all nodes participating in the overlay network are residing in the flat ip space with a wide mask, e.g. /16. It means that flannel0 interfaces on every node are assigned with ip address from this long network space. For this particular example flannel network would be described as the following JSON struct: { "Network": "10.1.0.0/16", "SubnetLen": 24, "Backend": { "Type": "vxlan", "VNI": 12345 } } Network can...
    Read more...

    Flannel network explanation
  • May 15, 2016

    Experiments with container networking: Part 3

    The third part of the discussion about CNI, Kubernetes and EVPN BGP brings us to the solution that is shown on a topology below. We want our solution to stitch a Kubernetes orchestrated datacenter and provide us with seamless inter and intra DC communication between pods. All this should be implemented with regards to service-oriented model. To show that we can deliver this design we will prepare a proof-of-concept environment. To do this we require...
    Read more...

    multi-datacenter kubernetes network routed with bgp
  • May 15, 2016

    Experiments with container networking: Part 2

    As a part of our discussion about container networking, CNI and Kubernetes lets have a look to a very intersting project BaGPipe BGP. This tool allows you to create a BGP speaker on the Linux machine that can advertise IP VPN and EVPN BGP routes, together with forwarding plane configuration. Implemented on Python it uses ExaBGP code for talking on BGP protocol and own python implemented libraries to manipulate Linux network namespaces, VXLAN networks and...
    Read more...

    Multi-datacenter container network routed with BGP
  • May 14, 2016

    Experiments with container networking: Part 1

    Introduction Container Network Interface is a great approach that allows to build container networking using different control and forwarding plane implementations available for Linux. In this post lets make quick introduction into Linux network namespaces and Container Network Interface. First of all to get better understanding what is CNI we will look into linux containers network principles. This diagram represents the way how network namespaces are organised on the typical node which uses containerisation. Usually...
    Read more...

    Introduction into Network Namespaces

subscribe via RSS