suddenly in-kernel communication between lxc containers gets erratic

we’re using LXC containers to host multiple workloads on the same physical servers. e.g. few instances of database servers running side-by-side. once in a while we end up with strange situation where tcp connections between containers running on the same physical server get torn down abruptly. in our case – this manifested e.g. by those ... Read More

black hole, somewhere in the internet, swallowing UDP packets

UDP packets sent from specific source port, with public source IP address do not reach specific destination port of the public destination IP address. changing any of the parameters [ usually source port ] – fixes the issue. i’ve observed this phenomenon multiple times for long-running OpenVPN and Wireguard VPNs encapsulating encrypted traffic in UDP ... Read More

bridging lan segments across untrusted links

we’ve run out of the office space in one of the locations. in short term it was not possible to find a suitable and large enough place to rent so we had to split and relocate some of the staff to another building few kilometers away. it’s possible that we’ll shuffle people and servers between ... Read More

ucarp and vmware esxi

i’ve moved a linux router from 9yo physical box to a vm running under esxi 6.5. it’s a designated master in pair of master / slave managed by ucarp. it took me a while to figure out why it was not working – why didn’t the slave ‘see’ the master machine? as it turned out ... Read More

bridge on vlans on active-backup bonding under debian stretch

i use this setup for few lxc servers. bonding provides me layer2 failover based on arp probes [ so it’ll work even if switch link stays up yet forwarding fails the mechanism will kick in ]. this is continuation of an earlier post, this time under debian stretch

openvpn point-to-point server listening both on v4 and v6

at work i have openvpn between OVH dedicated server and our datacenter. due to varying bandwidth we sometimes use udp over ipv6 and sometimes over ipv4 as an encapsulation method. whenever we did the switch we always had to reconfigure both ends of the tunnel. it turns out that with recent openvpns and kernels it’s ... Read More

bridge on vlans on active-backup bonding under debian

the idea: i’d like to run kvm/lxc on debian, have guests bridged to couple of vlans and handle the network failover on the host level. network failure should be detected using arp probes not just the link [ mii ] status. after few attempts i got it working in the test environment.

OVH, failover IPs, IPv6, VMs

at work we rent a dedicated server from OVH; except unexplained openvpn throttling all is working pretty well for the price we pay. besides primary IPv4 address OVH can provide few additional ‘failover’ IPv4 addresses and /64 IPv6 subnet. in our setup some of IPv4s and IPv6s are routed to a KVM VM. below – ... Read More

openvpn throttled from ovh’s bhs datacenter?

for work we rent a dedicated server from OVH. it’s been 5 months now and i’m pretty satisfied with the service provided. at the initial stage we’ve bumped into a problem that was never really solved; i cannot be even 100% sure if it’s OVH’s fault. UDP-based OpenVPN connection established from OVH’s BHS datacenter to ... Read More

raspberry pi

few days ago, after 19 weeks of waiting, i have finally received my raspberry pi.

higher TCP ICW – real world tests

this post inspired me to check how much performance can we gain by just upgrading to more recent kernel on the internet-facing proxy servers at work.

interface teaming / bonding + vlan under linux / debian

goal: layer-2 failover without any special features on the switch level. after recent hang of on of switches i’d like to improve reliability of connectivity within a server rack. i already have all servers connected to two different switches… now it’s time for automated failover.