networking

Much of my daily work involves using multiple clouds and I do the same for my personal infrastructure, too. Building mesh networks between each piece of cloud infrastructure, my home, and my mobile phone quickly became overwhelming. That’s where Tailscale came in and completely changed my workflow. What is Tailscale? The company claims it’s “a secure network that just works” and that definition fits well. Tailscale builds on protocols used in Wireguard to dynamically maintain a mesh network between any number of devices....

Sometimes automation is your best friend and sometimes it isn’t. Typically, when two devices are connected via ethernet cables, they negotiate the best speed they can manage across a network link. They also try to agree on whether they can run full or half duplex across the network link. Most of the time, this works beautifully. It can break down with strange networking configs, damaged adapters, or finicky cables....

My home internet comes from Spectrum (formerly Time Warner Cable) and they offer IPv6 addresses for cable modem subscribers. One of the handy features they provide is DHCPv6 prefix delegation. If you’re not familiar with that topic, here’s a primer on how you get IPv6 addresses: SLAAC: Your machine selects an IPv6 address based on router advertisements DHCPv6: Your machine makes a DHCPv6 request (a lot like DHCP requests) and gets an address back to use DHCPv6 with prefix delegation: Your machine makes a special DHCPv6 request where you provide a hint about the size of the IPv6 network prefix you want....

After writing my last post on my IPv6 woes with my Pixel 3, some readers asked how I’m handling IPv6 on my router lately. I wrote about this previously when Spectrum was Time Warner Cable and I was using Mikrotik network devices. There is a good post from 2015 on the blog and it still works today: Time Warner Road Runner, Linux, and large IPv6 subnets I am still using that same setup today, but some readers found it difficult to find the post since Time Warner Cable has renamed to Spectrum....

We have two Google Pixel phones in our house: a Pixel 2 and a Pixel 3. Both of them drop off our home wireless network regularly. It causes lots of problems with various applications on the phones, especially casting video via Chromecast. At the time when I first noticed the drops, I was using a pair of wireless access points (APs) from Engenius: EAP600 EAP1200H Also, here’s what I knew at the time:...

Managing iptables gets a lot easier with firewalld. You can manage rules for the IPv4 and IPv6 stacks using the same commands and it provides fine-grained controls for various “zones” of network sources and destinations. Quick example Here’s an example of allowing an arbitrary port (for netdata) through the firewall with iptables and firewalld on Fedora: ## iptables iptables -A INPUT -j ACCEPT -p tcp --dport 19999 ip6tables -A INPUT -j ACCEPT -p tcp --dport 19999 service iptables save service ip6tables save ## firewalld firewall-cmd --add-port=19999/tcp --permanent In this example, firewall-cmd allows us to allow a TCP port through the firewall with a much simpler interface and the change is made permanent with the --permanent argument....

After a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time: Keepalived_vrrp[801]: Cant find interface br-mgmt for vrrp_instance internal !!! Keepalived_vrrp[801]: Truncating auth_pass to 8 characters Keepalived_vrrp[801]: VRRP is trying to assign ip address 172.29.236.11/32 to unknown br-mgmt interface !!! go out and fix your conf !!! Keepalived_vrrp[801]: Cant find interface br-mgmt for vrrp_instance external !!! Keepalived_vrrp[801]: Truncating auth_pass to 8 characters Keepalived_vrrp[801]: VRRP is trying to assign ip address 192....

Although OpenStack-Ansible doesn’t fully support CentOS 7 yet, the support is almost ready. I have a four node Ocata cloud deployed on CentOS 7, but I decided to change things around a bit and use systemd-networkd instead of NetworkManager or the old rc scripts. This post will explain how to configure the network for an OpenStack-Ansible cloud on CentOS 7 with systemd-networkd. Each one of my OpenStack hosts has four network interfaces and each one has a specific task:...

My OpenStack cloud depends on Ubuntu, and the latest release of OpenStack-Ansible (what I use to deploy OpenStack) requires Ubuntu 16.04 at a minimum. I tried upgrading the servers in place from Ubuntu 14.04 to 16.04, but that didn’t work so well. Those servers wouldn’t boot and the only recourse was a re-install. Once I finished re-installing them (and wrestling with several installer bugs in Ubuntu 16.04), it was time to set up networking....

Thanks to everyone who attended my talk at the OpenStack Summit in Barcelona! I really enjoyed sharing some tips with the audience and it was great to meet some attendees in person afterwards. If you weren’t able to make it, don’t fret! This post will cover some of the main points of the talk and link to the video and slides. Purpose OpenStack clouds are inherently complex. Operating a cloud involves a lot of moving pieces in software, hardware, and networking....