Linux has supported many kinds of tunnels, but new users may be confused by their differences and unsure which one is best suited for a given use case. In this article, I will give a brief introduction for commonly used tunnel interfaces in the Linux kernel. There is no code analysis, only a brief introduction to the interfaces and their usage on Linux. Anyone with a network background might be interested in this information. A list of tunnel interfaces, as well as help on specific tunnel configuration, can be obtained by issuing the iproute2 command
ip link help.
Continue reading “An introduction to Linux virtual interfaces: Tunnels”
Have you tried the Red Hat Enterprise Linux 8 (RHEL8) Beta yet? Read on to learn how to stand up a LAMP stack on top of RHEL8 Beta quickly, and play around with new features built into the operating system.
A LAMP stack is made up out of four main components, and some glue. The first main component in a LAMP stack is Linux. In my example, I’m using Red Hat Enterprise Linux 8 Beta for that, which gives me a secure operating system, a modern programming environment, and user-friendly set of tools to control it.
Continue reading “How to set up a LAMP stack quickly on Red Hat Enterprise Linux 8 Beta”
I work at Red Hat on GCC, the GNU Compiler Collection, and I spent most of the past year making GCC easier to use. Let’s look at C and C++ improvements that will be in the next major release of GCC, GCC 9.
Continue reading “Usability improvements in GCC 9”
Diving into XDP
In the first part of this series on XDP, I introduced XDP and discussed the simplest possible example. Let’s now try to do something less trivial, exploring some more-advanced eBPF features—maps—and some common pitfalls.
XDP is available in Red Hat Enterprise Linux 8, which you can download and run now.
Continue reading “Using eXpress Data Path (XDP) maps in RHEL 8: Part 2”
XDP: From zero to 14 Mpps
In past years, the kernel community has been using different approaches in the quest for ever-increasing networking performance. While improvements have been measurable in several areas, a new wave of architecture-related security issues and related counter-measures has undone most of the gains, and purely in-kernel solutions for some packet-processing intensive workloads still lag behind the bypass solution, namely Data Plane Development Kit (DPDK), by almost an order of magnitude.
But the kernel community never sleeps (almost literally) and the holy grail of kernel-based networking performance has been found under the name of XDP: the eXpress Data Path. XDP is available in Red Hat Enterprise Linux 8, which you can download and run now.
Continue reading “Achieving high-performance, low-latency networking with XDP: Part I”
In most glibc-based operating systems, there’s a file /etc/nsswitch.conf that most people ignore, few people understand, but all people generally rely on. This file determines where the system finds things like host names, passwords, and protocol numbers. Does your company use LDAP? NIS? Plain files? The nsswitch file (it stands for “name services switch”) tells the system what service to use for each type of name lookup.
Continue reading The Non-complexity of /etc/nsswitch.conf
We often use
ssh-copy-id to copy ssh keys from our local Linux computers to RHEL servers in order to connect without typing in a password. This is not only for convenience; it enables you to script and automate tasks that involve remote machines. Also, using ssh keys correctly is considered a best practice. If you are conditioned to respond with your password every time you are prompted, you might not notice a prompt that isn’t legitimate (for example, spoofed).
What about when you can’t use
ssh-copy-id or the target user ID doesn’t have a password (for example, an Ansible service user)? This article explains how to do it manually and avoid the common pitfall of forgetting to set the proper permissions.
Continue reading “How to manually copy SSH public keys to servers on Red Hat Enterprise Linux”
Linux has rich virtual networking capabilities that are used as basis for hosting VMs and containers, as well as cloud environments. In this post, I will give a brief introduction to all commonly used virtual network interface types. There is no code analysis, only a brief introduction to the interfaces and their usage on Linux. Anyone with a network background might be interested in this blog post. A list of interfaces can be obtained using the command
ip link help.
This post covers the following frequently used interfaces and some interfaces that can be easily confused with one another:
After reading this article, you will know what these interfaces are, what’s the difference between them, when to use them, and how to create them.
Continue reading “Introduction to Linux interfaces for virtual networking”
Red Hat Enterprise Linux (RHEL) 7.6 Beta was released a few days ago and one of the first new features I noticed is Podman. Podman complements Buildah and Skopeo by offering an experience similar to the Docker command line: allowing users to run standalone (non-orchestrated) containers. And Podman doesn’t require a daemon to run containers and pods, so we can easily say goodbye to big fat daemons.
Podman implements almost all the Docker CLI commands (apart from the ones related to Docker Swarm, of course). For container orchestration, I suggest you take a look at Kubernetes and Red Hat OpenShift.
Podman consists of just a single command to run on the command line. There are no daemons in the background doing stuff, and this means that Podman can be integrated into system services through
We’ll cover some real examples that show how easy it can be to transition from the Docker CLI to Podman.
Continue reading “Intro to Podman (Red Hat Enterprise Linux 7.6 Beta)”
This article is for people interested in long-term Linux kernel maintenance. It introduces you to tools that can help keep the binary interfaces between the kernel and its loadable modules stable during the entire lifetime of a supposedly stable kernel, while the code is modified. As these tools are essentially analysis tools, they can be used not only by kernel developers, but also by quality assurance engineers and advanced kernel users (system programmers).
Upstream in-tree kernel modules: the ideal situation
In the canonical development model of the Linux kernel, the source code of all dynamically loaded modules is hosted alongside the source code of the core kernel. In this model, whenever the core kernel changes the interface it exposes to its modules, the compilers detects that the interface changed, making it easy to adjust the code of the modules accordingly.
Continue reading “Analyzing Changes to the Binary Interface Between the Linux Kernel and its Modules”