network specifics problems solutions Vasiliy Tolstoy EMC RCOE v 05 Application vs System Application agnostic System takes everything under control 2 LinuxPiter2015 Application configures network Vasiliy Tolstoy EMC ID: 468287
Download Presentation The PPT/PDF document "Application configures" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Application configures network: specifics, problems, solutions
Vasiliy TolstoyEMC RCOE
v
0.5Slide2
Application vs. System
Application: agnostic
System: takes everything under control
2
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
Network
config
Application
System
Application
Applications
Network
config
LinuxSlide3
Why Should Application Bother?SecurityAccess to net
config == access to blow it all upInconsistency guaranteedUser eXperience
Nobody likes ip(8)Term system does not match user’s one
3
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMCR
ed eyes/moose sweaters excluded
Wait
f
or two slides!
Typical modern GUISlide4
PersistenceKernel
netlink/procIOCTLSystem V startup
config filesFirewallbatch config
load / config dumplibc
(resolving)direct disk file config
4
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
N
o persistence
P
ersistent
(as far root FS is)
Limited capabilities
(
however know bonding and
ethtool
)
/
etc
/
sysconfig
/network-scripts/
ifcfg-ethN
systemd-networkd
???Slide5
Entity translation IPGW
DNSPort speed/MTUVLANBondingDynamic routing on/offRoutes
5
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
IP
A
rbitrary routes + metrics
R
esolving
config
P
olicy
based routing
rules/tables/priorities
N
etwork namespaces/containers
DHCP, SLAAC/DHCPv6
VLAN
,
VxLAN
, macvlan, ipvlan virtual devices
BondingBridgingPort speed/negotiation/physical media
FirewallOpen vSwitch config
Dynamic routing daemon config
auto/manual
switch
User
System
probably
f
or sureSlide6
Just Setting An IP…Steps (abridged)
:Read network stack stateGenerate free routing table number, remember (e.g. 366)Check that there is
mod8021q (VLAN) virtual device on your NIC device (e.g. eth12.1077
on eth12)If not found, create oneAdd an IP address to the VLAN device (
e.g. 10.22.33.56).Create a rule for this IP PBR table, using the remembered number (ip rule add
...)
Fill the table #366
,
adding two routes
:
10.22.33.0/24
--> eth0.1077;
default
via 10.22.33.1
Delete the subnet route to 10.22.33.0/24 from the main table Find the PBR table with the requested virtual server mark (e.g. mark 0x1a -> table #350)If the table #350 misses the subnet route to 10.22.33.0/24, add one
Announce the created IP sending the forced ARP reply for 10.22.33.56 from the eth12.1077 device6
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
One created by Linux
Different for IPv6
Powerful magic here is!
OK, if we keep track of the changes we can skip this one
NB:
Real
corner cases are not dealt with hereSlide7
SuperpositionMany (virtual) servers
Virtual device sharingTransaction isolationRollback support
7
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
Requested by server A
Requested by
virtual server
B_12
Requested by server C
User domain operations
are non-atomic!
vlan
N
ethX
IP4
IP3
IP2
IP1
. . .
. . .
Acting MAC
802.1q (VLAN)
virtual deviceSlide8
API Unificationiproute2
CLIethtool CLIBridges CLIB
onds CLInetlinkIOCTL (device tune-up)/proc
Physical files (e.g. for resolving lib)iptables certified CLInftables
binary APIDHCP client CLI...
8
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
Binary API
Do the same
CLI
Two different firewalls
“Comrades application programmers, demand the single API!"Slide9
Speed1 IP: 0.5 seconds2000 IPs: 20 minutesSmall programs may stuck at start on heavily loaded systems
Better stick to binary API and stay in RAM9
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
Duh. Who cares.
Ridiculously long startup time!
I mean really, for minutes!Slide10
What Have We Got?PersistenceEntity translationSuperposition
API unificationSpeed
10LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
Looks like we have summoned a daemon!Slide11
11
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
Kernel
Applications
VS
B_1
VS
B_2
VS
B_3
NC daemon
P
ersistent storage
NC daemon
Classic server C
Classic server A
Virtual server application B
Scenario
Scenario
Scenario
netlink
socket
/proc FS
Application domain
commands
Linux atomic
commands
TCP/IP
transport
Network
C
onfiguration
D
aemon
IOCTL
Firewall
libc
Other daemons
Files
CLI
CLI
From HA subsystemSlide12
Daemon Features
Starts before the applications
Domain-defined APITCP/IP control transportInternal library of scenariosTransaction support
Persistent storageSupports all system binary APIsConfigures libc
and firewallTalks to other daemons12
LinuxPiter'2015 "Application configures network..." Vasiliy Tolstoy, EMC
Can be suppressed
Not necessarily so
Typical speed
Atomic
Lunix
:
IP: < 50uS
Full-scale daemon:
1
st
IP: < 20
mS
1001
st
IP: < 200
mS
We plan to make it better!Slide13
Thank you!
Vasiliy Tolstoy
EMC Russia Center of Excellence
Saint Petersburg, Russia
tolstv@emc.com