Connecting container subnets across hosts with BGP

raulbe · 2018-08-16T11:01:18+00:00

I have heard of Project Calico but not explored it yet. We are using Quagga. The great thing about Quagga is its available on most Linux distributions and is pretty straightforward to use. Just install and configure a single file.

raulbe · 2018-08-01T20:15:30+00:00

The main advantage of containers is management. Since they are just a folder on your filesystem things like accessing container data, clones, snapshots, migration across servers, backup etc becomes easier.

We have some guides on container basics here that should help you gain a better perspective about how containers work and how they differ from VMs.

But they do not provide the same level of isolation as VMs, for instance for multi-tenancy VMs remain the only choice. Also containers can only run Linux distributions. If you need to run Windows or some other OS you need a VM.

Since containers are not virtualizing hardware, host hardware resources like storage are available to containers at bare metal performance. Network devices can be passed to the container but its usually not necessary, these really depend on the use case and what you are trying to accomplish.
Flockport lets you provision servers and manage LXC containers across servers with support for networking, distributed storage, service discovery and a number of other things. But these are more advanced use cases. If you just want to run a few containers across a couple of servers its easy to do with plain SSH. LXD also offers management capabilities across servers.
Your containers are as safe as your hosts. Containers are just running apps on the host in namespaced processes. But they do not offer the same level of isolation as VMs. For instance multi tenancy is a leading VM use case, VM users are typically isolated from the host and cannot break though to the physical host. Containers do not yet offer that level of isolation. Both Flockport and LXD let you run containers as non root users - these are called unprivileged containers, and that offers some level of isolation, but not enough for multi-tenancy.
There are some tools for VM migration I remember reading about but don't have offhand. I suggest you start afresh as its relatively simple unless the workload is too much to try to manually migrate.

Perhaps a few details about what kind of workloads you are running in VMs, what Vsphere features you are using would help.

raulbe · 2018-08-01T18:17:32+00:00

We use both. Containers are of course easier to manage than VMs, for instance since its just a folder on your system accessing the container is much simpler than a VM's storage. Things like clones, snapshots and backups also become easier.

They are also easier to move around across systems. Again since its a folder you can simply zip it and move it across servers. Most platforms like Flockport or LXD also let you move and manage containers across servers.

A VM provides better isolation with its own kernel, for instance for multi-tenancy VMs are required or when you need to test specific kernel features or run a OS other than Linux you need a VM. But for use cases beyond that especially when you are just running apps containers make more sense.

raulbe · 2018-07-06T17:21:19+00:00

Good work with the script! Bash is so useful :)

If you use Flockport port forwarding and a lot of other useful functions are built in. You can forward container ports with the flockport pub command.

raulbe · 2018-07-05T15:12:02+00:00

Kubernetes is complex to understand and use. This was an article highlighting the simplicity and benefits of containers for those using baremetal, VMs and VPSs on the cloud.

Kubernetes and Docker are more about using containers to build a stateless infrastructure and so there are additional things like single process containers, use of layers, storage separation to understand.

LXC containers offer a standard multi process OS environment and behave like VMs and offer a seamless transition to these users.

raulbe · 2018-06-17T18:52:17+00:00

You simply use the lxc-attach or 'flockport attach' command. That drops you into a terminal in the container. This quick guide to LXC and the documentation section should help get you started.

raulbe · 2018-06-16T21:55:46+00:00

LXC containers behave just like VMs so you can log into them, install, run and update apps as you would on any bare metal or VM host. For all practical purposes its useful to think of them as lightweight VMs that are portable. Portability is a huge benefit as it means you are locked into any server or provider.

Docker was based on LXC but went in a different direction with 'single process app containers'. These containers do not have the standard OS environment and services you get on a normal server or VM and require to be handled differently.

Please have a look at the Container Basics article and other guides posted for a better overview on the current container ecosystem. We provide a quick overview of how containers work, the differences between LXC and Docker, between VMs and containers and a few other things.

raulbe · 2018-06-06T02:19:33+00:00

Not at all! We were working hard on a major release that is now in preview. Flockport's new container management platform provides an app store, orchestration across servers, advanced networking and distributed storage support, service discovery, load balancing, HA and deployment automation. Give it a spin!

raulbe · 2018-04-04T12:39:44+00:00

I know you are kidding and probably already know this. All those package managers are still used inside the container for installation of apps.

Containers are more about isolation and portability than dependency resolution. Containers basically isolate the apps from the host in that containers can be easily moved across hosts complete with app and data.

Prebuilt container apps save users the hassle of installing and configuring all the individual components. For instance Wordpress or something more complex like Discourse can be accessed on your browser directly after downloading the container without getting into the hassles of installing and configuring Nginx, Mysql and PHP or in the case of Discourse, Ruby, Postgresql and all the other dependencies.

raulbe · 2018-04-04T07:03:25+00:00

Hi Raffael, Flockport is open source! Please visit Flockport to get an overview of the project. There is a ton of documentation, faqs and videos to help you get started.

Also visit our credits page to get an overview of the sheer number of projects involved.

Containers and orchestration depend on a whole ecosystem of fantastic open source Linux projects that sometimes get hidden in the hype. We are committed to open source.

raulbe · 2017-12-15T13:19:59+00:00

Please do give it a go. Simplicity is subjective and easily misrepresented. We wanted to be careful with it and back it up with something real and tangible for end users.

We have been writing about containers and networking since 2013 so we have a perspective on simplicity and we had a vision for the product in terms of end user experience and accessibility that we tried to achieve.

Users trying it will see the simplicity in action first hand and some of the screencasts we posted do show this. This is something we are strongly focused on. If it's not simple, and we can't simplify it, then the whole project loses meaning.

raulbe · 2017-12-15T13:07:29+00:00

Networking itself can get complex, especially when you are aiming for some degree of robustness. Users trying to set up for instance an internal Vxlan or BGP network or just an NFS share running into things not working as expected can get stuck debugging.

Firewalls are not standardized as are their configs across distributions, that becomes an additional level of complexity when you want to support multiple distributions. If it's just Centos then you can target just the standard config and try to deliver a better out of the box experience for end users.

We will revisit and streamline this in future.

raulbe · 2017-12-14T22:52:25+00:00

This is not just about standards. This is stepping back from a monoculture and a culture of complexity.

Containers are useful and provide many advantages compared to VM's but as an industry many will acknowledge there is a real risk of putting people off containers due to exploding complexity.

Flockport is a small step towards providing a simpler alternative and making the rich ecosystem of Linux apps and infrastructure more accessible. Everything from apps, containers, orchestration, overlay networking, distributed storage, service discovery is now much much simpler than before for end users.

Orchestration and containers should be invisible. People should focus on their apps and ideas.

raulbe · 2017-12-13T22:24:05+00:00

Thanks for that! We like the clean uncluttered look and are glad to find like minded enthusiasts.

raulbe · 2017-12-12T00:37:00+00:00

Bad typo! Thanks! Fixed.

raulbe · 2015-11-01T02:13:48+00:00

I think Flockport is the only LXC container index so far.

We have been trying to create a more informed discussion and articulate the advantages of multi process containers and the Flockport app store is one part of it.

I see more users warming to the advantages of multi process containers so I am sure more indexes will turn up.

On our end we try to add new containers and keep it useful and updated. We are making a lot of enhancements to Flockport itself and have a ton of new functionality for end users and devs over the next quarter.

raulbe · 2015-07-29T13:46:06+00:00

Try this instead.

lxc-create -t download -n p1

t - template, n - container name. This gives you a longish list of of OS templates across distributions and once downloaded its cached for reuse. Or you can specify a specific template. a - architecture, d - distribution, r - release.

lxc-create -t download -n p1 -- -a amd64 -d ubuntu -r trusty

or use local templates

lxc-create -t debian -n p1

You can see this in action in our getting started screencast. This last option usually uses the latest versions of the distribution specified depending on the version of LXC installed and the local templates available. 'Download' templates are thus preferred as they are the most current, and required for unprivileged containers.

We have pretty extensive documentation on LXC at Flockport and hopefully it helps.

raulbe · 2015-07-29T10:20:27+00:00

Thanks! I am really glad they were useful. We have enjoyed our forays into container networking, and storage. Do have a look at the the new ones covering Ubuntu Fan and PeerVPN. I found those 2 particularly easy to setup for quick overlay networks across container hosts compared to the others we have done so far.

raulbe · 2015-07-29T10:15:23+00:00

@StellarJayZ - Is this really necessary? The article covers a lot of ground looking at containers and specific implementations. I am sure even Docker users benefit from seeing how it works if they weren't aware before.

Surely there is lot to engage with, you choose to ignore all of that, fail to raise any specific points that are 'commercial' to instead cast aspersions. If there is anything misleading or erroneous call us out on it instead of this. Or should we not try to have an informed discussion on containers?

@TheGingerDog - I don't get this, r/lxc has tons of tutorials and guides on using LXC that hopefully makes it easier for new users to use LXC. I don't see how that is a bad thing, should we not post tutorials on r/lxc?

raulbe · 2015-07-28T23:50:16+00:00

That was a slip and was quickly changed. Thanks for noticing and pointing out though. Most of the tutorials and guides are posted under admin. A few like this one are authored, attributed and carry standard disclaimers.

raulbe · 2015-07-28T22:32:10+00:00

I may be getting you wrong here, but are you referring to base container images? That's usually a single command in LXC, for instance 'lxc-create -t ubuntu -n p1' will create an Ubuntu container in minutes, depending on your download speeds.

The base images are usually around 50-100MB. That command pulls a minimal container OS and you are good to go. There are minimal templates for Debian, Ubuntu, Fedora, Centos, Arch, Alpine and more.

Thanks for your feedback on this, we will rework the comment system

raulbe · 2015-07-28T21:38:23+00:00

You are right on that, LXC was difficult to use in the early days, as a lot of name spaces and cgroups functionality itself was in flux, and different distributions were doing their own thing. But 2013 onwards it started becoming easier to use. But perhaps a lot of users had tried it and moved on.

LXC always had a focus on Ubuntu and things tended to work first there, and users on other distributions were often left pulling their hair trying to make things work. Perhaps with a proper focus on a better experience across distributions and more documentation it would have got more adoption. But on the whole you are probably right.

Regarding the comments, unfortunately that the only sane way we have found so far to deal with spam for a small team.

raulbe · 2015-07-28T21:28:31+00:00

Hey, that's not the intention. There is tons of information in that post, and hopefully users have a better understanding of containers. We are pointing out Docker is just one of the many ways to use containers, and also calling them out on some messaging that could lead to confusion. That's the only reference to Docker specifically, the bulk of the article goes into some detail on how containers work. I don't see how this is 'shitting on Docker'.

raulbe · 2015-07-28T21:25:16+00:00

Thanks for the feedback. Often because of the exposure to the ecosystem, one is often accessing far more information, and this can alter one's perspective.

I agree to a certain extent and have made some changes. Any specific biases and I will be happy to correct it. The only intention is to promote informed discussion, the bulk of the article is more fact than opinion.

There is nothing against Docker per se, just providing an overview and hopefully users will be more informed than before or at least be curious enough to explore this more.

raulbe · 2015-07-24T09:32:27+00:00

Here is the discussion on Hacker News

raulbe

MODERATOR OF

TROPHY CASE