bestov.io

As part of the datacenter-wide visibility upgrade I’m working on for a customer, I’m setting up monitoring one of their legacy network applications. This application has no logging support whatsoever, and upgrade path available: the original developers have published a new version 10+ years ago, and have no interest for supporting it apart from (sometimes) replying to support tickets. Thus, to set up at least some basic metrics, the solution I came up with is to monitor the COM+ components that work together to make it up...

Docker is a container engine for the Linux operating system. It leverages two Linux kernel functionalities, chroot jails (or, nowadays, the pivot_root system call, but the details don’t really matter here) and namespaces, to create containers, or isolated environments where you can run processes separately from your host system. This has roughly the same advantages of virtualization: isolation (not), portability, separation of concerns, reproducibility. These are all good things for a lot of applications, including CI, orchestration, resilient setups, etc...

In the previous installment of the series, we analyzed the problem of near-istantaneous Internet connection failover without breaking existing connections for live video streaming. The solution we devised consists in setting up L2 GRE tunnels to a fixed gateway with a very reliable internet connection (think a dedicated machine in a datacenter), and using the Linux Bonding Driver’s link monitoring functionality to manage the failover for us. Now we are going to try and make it work...

Last week, a friend of mine posed the interesting problem he was facing at the company he’s working at of streaming video reliably from multiple commodity Internet connections. Since this is my kind of thing, I decided to give it a go. After discussing the problem a bit, we came up with the following requirements: It should be implemented at the network level, to work with any streaming software and/or device It should provide near-instantaneous (or even no-interruption) failover to allow for seamless live streaming It should be portable (i...

Today I migrated an IPsec (with IKEv1) site-to-site setup from a pfSense machine to a Debian machine. Since the pfSense machine was still the Internet gateway for the network, IKE and ESP packets still had to go through it. Now, I recalled something about firewalls not playing too nice with IPsec, so I researched a bit, and I concluded I needed some very specific SNAT rules. (I also realized that IPsec was not really meant for what we’re using it for, but over the course of many years enough functionality was kludged together RFCs were written to make it work and industry has adopted it quite widely...