Linux

An introduction to Linux virtual interfaces: Tunnels

An introduction to Linux virtual interfaces: Tunnels

Linux has supported many kinds of tunnels, but new users may be confused by their differences and unsure which one is best suited for a given use case. In this article, I will give a brief introduction for commonly used tunnel interfaces in the Linux kernel. There is no code analysis, only a brief introduction to the interfaces and their usage on Linux. Anyone with a network background might be interested in this information. A list of tunnel interfaces, as well as help on specific tunnel configuration, can be obtained by issuing the iproute2 command ip link help.

Continue reading “An introduction to Linux virtual interfaces: Tunnels”

Share
How to set up a LAMP stack quickly on Red Hat Enterprise Linux 8 Beta

How to set up a LAMP stack quickly on Red Hat Enterprise Linux 8 Beta

Have you tried the Red Hat Enterprise Linux 8 (RHEL8) Beta yet? Read on to learn how to stand up a LAMP stack on top of RHEL8 Beta quickly, and play around with new features built into the operating system.

A LAMP stack is made up out of four main components, and some glue. The first main component in a LAMP stack is Linux. In my example, I’m using Red Hat Enterprise Linux 8 Beta for that, which gives me a secure operating system, a modern programming environment, and user-friendly set of tools to control it.

Continue reading “How to set up a LAMP stack quickly on Red Hat Enterprise Linux 8 Beta”

Share
Using eXpress Data Path (XDP) maps in RHEL 8: Part 2

Using eXpress Data Path (XDP) maps in RHEL 8: Part 2

Diving into XDP

In the first part of this series on XDP, I introduced XDP and discussed the simplest possible example. Let’s now try to do something less trivial, exploring some more-advanced eBPF features—maps—and some common pitfalls.

XDP is available in Red Hat Enterprise Linux 8, which you can download and run now.

Continue reading “Using eXpress Data Path (XDP) maps in RHEL 8: Part 2”

Share
Achieving high-performance, low-latency networking with XDP: Part I

Achieving high-performance, low-latency networking with XDP: Part I

XDP: From zero to 14 Mpps

In past years, the kernel community has been using different approaches in the quest for ever-increasing networking performance. While improvements have been measurable in several areas, a new wave of architecture-related security issues and related counter-measures has undone most of the gains, and purely in-kernel solutions for some packet-processing intensive workloads still lag behind the bypass solution, namely Data Plane Development Kit (DPDK), by almost an order of magnitude.

But the kernel community never sleeps (almost literally) and the holy grail of kernel-based networking performance has been found under the name of XDP: the eXpress Data Path. XDP is available in Red Hat Enterprise Linux 8, which you can download and run now.

Continue reading “Achieving high-performance, low-latency networking with XDP: Part I”

Share
The Non-complexity of /etc/nsswitch.conf

The Non-complexity of /etc/nsswitch.conf

In most glibc-based operating systems, there’s a file /etc/nsswitch.conf that most people ignore, few people understand, but all people generally rely on. This file determines where the system finds things like host names, passwords, and protocol numbers. Does your company use LDAP? NIS? Plain files? The nsswitch file (it stands for “name services switch”) tells the system what service to use for each type of name lookup.

Continue reading The Non-complexity of /etc/nsswitch.conf

Share
How to manually copy SSH public keys to servers on Red Hat Enterprise Linux

How to manually copy SSH public keys to servers on Red Hat Enterprise Linux

We often use ssh-copy-id to copy ssh keys from our local Linux computers to RHEL servers in order to connect without typing in a password. This is not only for convenience; it enables you to script and automate tasks that involve remote machines.  Also, using ssh keys correctly is considered a best practice.  If you are conditioned to respond with your password every time you are prompted, you might not notice a prompt that isn’t legitimate (for example, spoofed).

What about when you can’t use ssh-copy-id or the target user ID doesn’t have a password (for example, an Ansible service user)? This article explains how to do it manually and avoid the common pitfall of forgetting to set the proper permissions.

Continue reading “How to manually copy SSH public keys to servers on Red Hat Enterprise Linux”

Share
Introduction to Linux interfaces for virtual networking

Introduction to Linux interfaces for virtual networking

Linux has rich virtual networking capabilities that are used as basis for hosting VMs and containers, as well as cloud environments. In this post, I will give a brief introduction to all commonly used virtual network interface types. There is no code analysis, only a brief introduction to the interfaces and their usage on Linux. Anyone with a network background might be interested in this blog post. A list of interfaces can be obtained using the command ip link help.

This post covers the following frequently used interfaces and some interfaces that can be easily confused with one another:

After reading this article, you will know what these interfaces are, what’s the difference between them, when to use them, and how to create them.

Continue reading “Introduction to Linux interfaces for virtual networking”

Share
Intro to Podman (Red Hat Enterprise Linux 7.6 Beta)

Intro to Podman (Red Hat Enterprise Linux 7.6 Beta)

Red Hat Enterprise Linux (RHEL) 7.6 Beta was released a few days ago and one of the first new features I noticed is Podman. Podman complements Buildah and Skopeo by offering an experience similar to the Docker command line: allowing users to run standalone (non-orchestrated) containers. And Podman doesn’t require a daemon to run containers and pods, so we can easily say goodbye to big fat daemons.

Podman implements almost all the Docker CLI commands (apart from the ones related to Docker Swarm, of course). For container orchestration, I suggest you take a look at Kubernetes and Red Hat OpenShift.

Podman consists of just a single command to run on the command line. There are no daemons in the background doing stuff, and this means that Podman can be integrated into system services through systemd.

We’ll cover some real examples that show how easy it can be to transition from the Docker CLI to Podman.

Continue reading “Intro to Podman (Red Hat Enterprise Linux 7.6 Beta)”

Share
Analyzing Changes to the Binary Interface Between the Linux Kernel and its Modules

Analyzing Changes to the Binary Interface Between the Linux Kernel and its Modules

This article is for people interested in long-term Linux kernel maintenance. It introduces you to tools that can help keep the binary interfaces between the kernel and its loadable modules stable during the entire lifetime of a supposedly stable kernel, while the code is modified. As these tools are essentially analysis tools, they can be used not only by kernel developers, but also by quality assurance engineers and advanced kernel users (system programmers).

Upstream in-tree kernel modules: the ideal situation

In the canonical development model of the Linux kernel, the source code of all dynamically loaded modules is hosted alongside the source code of the core kernel. In this model, whenever the core kernel changes the interface it exposes to its modules, the compilers detects that the interface changed, making it easy to adjust the code of the modules accordingly.

Continue reading “Analyzing Changes to the Binary Interface Between the Linux Kernel and its Modules”

Share