Traffic Segmentation on Kubernetes Platform

When operating Kubernetes as a platform for multiple tenants, one of the concerns is controlling the network traffic. This is sometimes referred to as traffic segmentation. This initiative involves a broad range of technical topics from networking to containerization. By no means I am an expert on each of those topics. I have however developed … Read moreTraffic Segmentation on Kubernetes Platform

Kubernetes Networking Solutions Overview

Kubernetes networking involves a lot of details. We discuss some CNI plugins in this post. The most basic mode is kubenet. We use –network-plugin=kubenet with kubelet process to use it. Kubenet is not a CNI plugin, but it works with bridge, lo and host-local (CNI-compliant implementations). We can directly specify MTU with –network-plugin-mtu. Kubenet is … Read moreKubernetes Networking Solutions Overview

Virtualization 4 of 4 – Networking

Virtual LAN (VLAN) Although VLAN emerged before virtualization and is not part of virtualization topic. I’d just like to start from here as a refresher. Suppose we have computers from finance department and computers from sales department all connected to a single layer-2 switch. There are at least three problems: 1) too many devices on … Read moreVirtualization 4 of 4 – Networking

Docker network

Reading notes of “Docker DeepDive”. Docker networking is backed by libnetwork, which is an implementation of Container Network Model (CNM), an open-source pluggable architecture designed to provide networking to containers. Libnetwork also provides native service discovery and basic container load balancing solution. Docker networking also involves some drivers that extend the CNM model with specific … Read moreDocker network

Capture filter and Display filter in Network Analyzer

Capture filter is set before collecting packets. It is applied at the time of data acquisition and it impacts the size of the capture. It does not have as many variations as display filter and is usually not aware of protocols above TCP/UDP layer. A common form of capture filter is BPF (Berkerly Packet Filter) … Read moreCapture filter and Display filter in Network Analyzer

High Availability and Load Balancer

Overview Fault tolerance and high availability are two architectural characteristics that people often confuse with each other. High availability focuses on minimizing downtime. It guarantees uptime, but not performance in the event of component failures. Fault tolerance, on the other hand, focuses on stable capacity even in the event of component failures. Fault tolerance has … Read moreHigh Availability and Load Balancer