Build robust virtual networks on #Linux. This guide covers essential interface types including VXLAN for large-scale cloud deployments, IPVLAN for shared MAC addresses, MACsec for Layer 2 security, and netconsole for kernel debugging over the network. red.ht/4bOPXJo

Build robust virtual networks on #Linux. This guide covers essential interface types including VXLAN for large-scale cloud deployments, IPVLAN for shared MAC addresses, MACsec for Layer 2 security, and netconsole for kernel debugging over the network. red.ht/4bOPXJo

ラベルマッチしたPodのインターフェースにtcで遅延を入れるやつを(Claude Codeさんが)作ってみた github.com/orimanabu/tc-inje… Multusで追加したインターフェースでも大丈夫 (ipvlanでしか試してないけど)

Incığına cıncığına kadar docker öğreniyorum GÜN 2 Bugün Docker Networkinge giriş yaptım. Bridge host none overlay ipvlan ve macvlan driver mantalitesini, nasıl çalıştığını, mimarisini öğrendim. Daha önceki network tecrübem ve ilgim Docker Network ile buluşunca x2 keyifliydi

Docker Networks Explained Networking in docker allows containers to communicate with one another, with the docker host or external networks. The networking type defines how communication will happen and whether or not the container can be accessed on the host or externally. Type 1: Bridge Network - It is the default type. - Creates an internal private network on a single host. - It isolates private networks from one another. - It provides external access through NAT. Type 2: Host Network - Removes isolation between docker containers and the host. - The container uses the host network stack directly. - Containers don’t get allocated their own IP address. - Port mapping does not have any effect. Type 3: Overlay Network - Creates a distributed network across multiple docker hosts. - Allows secure communication between containers on different machines. - Used in Docker Swarm’s orchestration technology. Type 4: IPvlan Network - Containers get their own dedicated IP addresses from the host physical network. - Containers appear as distinct entities on the network. - Useful when containers need direct network access without NAT. Type 5: Macvlan Network - Containers get Mac and IP addresses as if they were physically connected devices on the network. - Containers communicate directly with physical devices. - Use case: accessing monitoring tool in containers from physical devices on the network. Type 6: None - Disables all networking from a container. - A container remains completely isolated and inaccessible.

Docker Networking Models → Docker provides multiple networking models to control how containers communicate with each other, with the host system, and with external networks. → Each networking mode offers different levels of isolation, flexibility, and performance. → Understanding these models is essential for building scalable, distributed, and secure containerized applications. 1. Bridge Network → The default networking model for standalone containers. → Docker creates a virtual bridge (usually docker0) that acts as a private internal network for containers. → Containers on the same bridge can communicate using internal IP addresses. → Port mapping (e.g., -p 8080:80) is required for external access. 2. Host Network → Containers share the host’s network namespace. → No virtual network, no NAT, and no port mapping required. → Highest performance because networking overhead is removed. → Reduces isolation and should be used for specialized workloads like monitoring tools. 3. None Network → The container has no network. → No external connections and no internal container-to-container communication. → Used for security-sensitive or isolated compute-only tasks. 4. Overlay Network → Used for multi-host or swarm-based applications. → Creates a virtual network that spans multiple Docker Engine nodes. → Allows containers on different machines to communicate securely. → Essential for distributed and scalable microservices architectures. 5. Macvlan Network → Assigns a unique MAC address to each container. → Containers appear as physical devices on the host’s network. → Useful when containers must be treated like standalone machines on the same LAN. → Common in environments where direct network routing is required. 6. IPvlan Network → Similar to Macvlan but handles layer-3 routing differently. → Allows more efficient IP address management. → Useful for large-scale deployments with strict routing requirements. Additional Networking Concepts Service Discovery → Docker provides internal DNS for resolving container names. → Containers can communicate using service names instead of IP addresses. Port Mapping → Exposes container ports to the host using: -p host_port:container_port Network Drivers → Docker’s networking models rely on selectable drivers such as: → bridge → host → overlay → macvlan → ipvlan Choosing the Right Network Model → Bridge: Best for local development and single-host deployments. → Host: Best for high-performance workloads needing direct host access. → Overlay: Best for multi-node, distributed applications. → Macvlan: Best when containers need real network identities. → None: Best for isolated tasks with no networking. Tip → Docker networking models provide flexibility for a wide range of deployment scenarios. → Selecting the right model improves performance, security, and application architecture. → Mastering these models is essential for advanced container orchestration and microservices communication. Grab the Docker Playbook: The Complete Guide to Building and Scaling Containers codewithdhanian.gumroad.com/…

看了一下linux ipvlan驱动实现，这玩意儿master slave 接口之间的地址映射原来是用哈希表做的。。 这就很鸡肋了，如果想把一个ipv6 /64段前缀的地址交给某个slave接口处理，就不得不往这个哈希表里塞进去2^64个ip，那直接就爆了💩

HYBRID CLOUD INFRASTRUCTURE powering IBM’s Gen AI model development Delivering efficient & high-performing AI training requires an end-to-end solution that combines hardware, software & holistic telemetry to cater for multiple types of AI workloads. In this report, we describe IBM’s hybrid cloud infrastructure that powers our generative AI model development. Infrastructure includes: (1) Vela: AI-optimized supercomputing capability directly integrated into the IBM Cloud, delivering scalable, dynamic, multi-tenant & geographically distributed infrastructure for large-scale model training & other AI workflow steps. (2) Blue Vela: Large-scale, purpose-built, on-premises hosting environment that is optimized to support our largest & most ambitious AI model training tasks. Vela provides IBM w/ the dual benefit of high performance for internal use along w/ the flexibility to adapt to an evolving commercial landscape. Blue Vela provides us w/ the benefits of rapid development of our largest & most ambitious models, as well as future-proofing against the evolving model landscape in the industry. arxiv.org/html/2407.05467v1 Vela GPU nodes have multiple 100G network interfaces & IBM Cloud uses single root I/O virtualization (SR-IOV) pdfs.semanticscholar.org/409… to expose multiple virtual interfaces per each physical interface. Multi-NIC CNI foundation-model-stack.githu… a container-native interface built on top of Multus CNI w/ several important functions: Discovers all of the interfaces on each host & handles them as a pool. Assigns virtual interfaces for pods on top of the SR-IOV interfaces for TCP communication w/out encapsulation. Passes physical SR-IOV interfaces into the pods for GDR communication. These actions ensure that the workloads can achieve line rate network performance for TCP & GDR communication while code is running inside the pod. Multi-NIC CNI Architecture Multi-NIC CNI operator is composed of 3 main components: controller, daemon, & CNI. The controller implements Operator SDK to create & run a reconcile loop over the CNI custom resource that is MultiNicNetwork, HostInterfaces, CIDR, & IPPool via kube-apiserver. The controller periodically gets interface information from host networks by calling discovery protocol to the daemon & records in HostInterface resource. The controller creates Multus's NetworkAttachmentDefinition & dependent custom resources of main plugin CNI (e.g., sriovnetworknodepolicies of SR-IOV CNI) from MultiNicNetwork's spec. The generation of CIDR & IPPool, L3 route configuration, & IP allocation/deallocation can be found in Multi-NIC IPAM Plugin. The CNI component is delegated by Multus CNI. It communicates w/ daemon to select a set of master interfaces according to the policy if defined. If the built-in IPAM is used, it will request for IPs regarding these selected masters. Otherwise, it will delegate the common IPAM plugin to get IP address for each selected NIC. After getting IP addresses, it will delegate the common main plugin (e.g., ipvlan, macvlan, sriov) to config each additional interface. github.com/foundation-model-… Built-in Multi-NIC Network A common NAT-bypassing network solution w/out underlay infrastructure dependency based on L3 IPVLAN & neighbor routing table. The target is to attach secondary network interface cards at hosts to the container pods & bypass the costly network address translation to efficiently deliver network packets between pods on different hosts. IPVLAN is a software multiplexing tool that exposes Pod packet and Pod IP directly to master interface (NIC) on the host. In most cases, Pod IPs are not routable by the underlay virtual Cloud infrastructure. Configuring a neighbor route entry (L3 routes) on the host will enable communication between endpoints on the different hosts. Multi-NIC CNI computes a specific CIDR range for each interface & each host incrementally from the user-defined global subnet limiting by defined block sizes. github.com/foundation-model-…

“A MACVLAN or IPVLAN bridge configuration must be created in advance for Container Network Interface (CNI).” The CNI is how they interface us wirelessly to the Inferno ALICE Grid over at CERN and watch us under the skin in real time using MonALISA.

Container Network Interface (CNI) Specification The CNI protocol is based on execution of binaries invoked by the container runtime. CNI defines the protocol between the plugin binary & the runtime. A CNI plugin is responsible for configuring a container's network interface in some manner. Plugins fall into 2 broad categories: "Interface" plugins, which create a network interface inside the container & ensure it has connectivity. "Chained" plugins, which adjust the configuration of an already-created interface (but may need to create more interfaces to do so). The runtime passes parameters to the plugin via environment variables & configuration. It supplies configuration via stdin. The plugin returns a result github.com/containernetworki… on stdout on success, or an error on stderr if the operation fails. Configuration & results are encoded in JSON. github.com/containernetworki… Support hostPort The CNI networking plugin supports hostPort. U can use the official portmap plugin offered by the CNI plugin team or use ur own plugin w/ portMapping functionality. This plugin will forward traffic from one or more ports on the host to the container. It expects to be run as a chained plugin. Rule structure (iptables) The plugin sets up 2 sequences of chains & rules - one “primary” DNAT sequence to rewrite the destination, & one additional SNAT sequence that will masquerade traffic as needed. DNAT The DNAT rule rewrites the destination port & address of new connections. There is a top-level chain, CNI-HOSTPORT-DNAT which is always created & never deleted. Each plugin execution creates an additional chain for ease of cleanup. So, if a single container exists on IP 172.16.30.2/24 w/ ports 8080 and 8043 on the host forwarded to ports 80 & 443 in the container. cni.dev/plugins/current/meta… Extension conventions There are 3 ways of passing information to plugins using the Container Network Interface (CNI), none of which require the spec to be updated. plugin specific fields in the JSON config args field in the JSON config CNI_ARGS environment variable github.com/containernetworki… Remember Cyrus Parsa ? Cyrus Parsa claims that w/ the interface & operating system constructed inside the body by virtue of the “vaccine”, the soul is removed & a vacuum left, which facilitates an alien-demonic entity to be downloaded into the body, which it then controls.“ beforeitsnews.com/strange/20…… He was RIGHT !!!!!! Guess what CERN uses to download these Demons? JAliEn - Alice Environment Grid Framework alien.web.cern.ch/content/al… BITS BITS is a build system based on GNU make tool which helps u to build & install AliEn releases & dependencies on your system. alien.web.cern.ch/content/bu… JAliEn - Java ALICE Environment gitlab.cern.ch/jalien/jalien JAliEn — ALICE Grid Environment Documentation jalien.docs.cern.ch/ MonALISA The MonALISA framework was chosen to monitor the entire JAliEn Grid system. jalien.docs.cern.ch/site/mon… MonALISA stands for Monitoring Agents using a Large Integrated Services Architecture. github.com/MonALISA-CIT/ MonALISA Repository for ALICE alimonitor.cern.ch/ ApMon ApMon is an API that can be used by any application to send monitoring information to MonALISA services github.com/MonALISA-CIT/apmo… ContainerVOBOX A container recipe that will allow you to quickly build & deploy a preconfigured ALICE VOBox (HTCondor). Just add ur host certificate key, & you're good to go. A MACVLAN or IPVLAN bridge configuration must be created in advance for Container Network Interface (CNI). gitlab.cern.ch/jalien/contai…

Day 3: Docker (Learning) 🐳 -Completed implementing Docker images & containers in a real project ✅ -Also started with Docker Networking - host, bridge (default), custom bridge, none, macvlan, ipvlan, overlay (theory for now).

TIL que si usás macvlan/ipvlan en docker no necesitás el bloque ports exponiendo los puertos TCP/UDP...

IPvlan

NetworkManager 1.52 Released with IPvlan Interface Support, ethtool FEC Mode linuxtoday.com/blog/networkm…

🚀 ¡NetworkManager 1.52 ha llegado! Mejora tu red con novedades en IPvlan, LTE, DHCP y DNS. 🛠️ Todo lo que necesitas saber aquí. #Linux #Actualización #NetworkManager linuxadictos.com/networkmana…

🚀 ¡NetworkManager 1.52 ha llegado! Mejora tu red con novedades en IPvlan, LTE, DHCP y DNS. 🛠️ Todo lo que necesitas saber aquí. #Linux #Actualización #NetworkManager linuxadictos.com/networkmana…

NetworkManager 1.52 Released with IPvlan Interface Support, ethtool FEC Mode, and More 9to5linux.com/networkmanager… #OpenSource #Linux

NetworkManager 1.52 Brings IPVLAN Interface Support, Ethtool FEC Mode phoronix.com/news/NetworkMan…

This article compares the performance of different networking solutions for Kubernetes, including Docker, Flannel, and IPvlan, to find the best solution for latency-sensitive applications ➤ machinezone.github.io/resear…