One of the most frequent request from my client is “Upgrade the circuit so that application performance get better”. The request itself is easy, because just upgrade 10Mbps MPLS to 20Mbps MPLS is nothing complicated than just a traffic shaping. However, the actual customer desire to get the better performance for their application is not that easy.
There are lots of factors making your application slow. It may be some network misconfiguration or it may be some security misconfiguration. But it is usually the later part when my client requests me to upgrade the circuit. At that time they usually have done all the troubleshooting they could, and still have not found a clue how to solve it. I understand how badly they want to do whatever they can to solve the problem. But, please wait for just a few days, and take a look at your slow application.
If your affected application is the one from Microsoft, it may be very chatty. Chatty application needs to talk to the data source very frequently, and it may not gain much improvement by upgrading the network bandwidth.
It is easier to see what I mean. To show how they differ, I created test environment in AWS as follows:
Test will be done from src to dst. I installed a linux instance to intercept the traffic to emulate various slowness of network.
First I use scp to transfer a bulk data through slow network. The result is as follows:
It is very simple. As the latency increases, the time to transfer the data increases. And the bandwidth increases, the time decreases.
Next, I send 1000 http get request sequentially. The result is as follows:
The lower the latency, the time to transfer gets shorter. However, the third and the fourth row, both of the time to transfer is the same even though the bandwidth are different. Why this can happen? Because this test was to send the http request sequentially, it suffered from the latency rather than the bandwidth. So it doesn’t matter how big bandwidth you have for your network as long as it has big latency.
If your application suffers from network latency, there are numbers of approaches you can take. Again it depends hugely how your application is making a network connection and need to know deeply about your application. For example, splitting database might be a good idea if your MS Access is suffering slowness.
Circuit upgrade is the easiest choice, but it is not necessarily the best solution. Various vendors have WAN optimisation/acceleration built into their product, and it might be worth trying as they usually have demo unit available for potential client. Always ask for help for your network support vendor before making decision by yourself.
I’m a long user of Zabbix, about 9 years now. I’m using it to make sure all my services are working normal. However, it’s never been a go to tool for daily check, because the zabbix generated graph is usually very industrial and not exciting.
Zabbix 4.0.0 was released on October 2018, and it changed my mind. We can now have SVG graph on dashboard, it just looks like Grafana.
In this post, I’m going to configure Google Cloud Function as an interface among Fortigate, Slack and Github. Once all deploy completed, all the configuration changes on Fortigate will be automatically notified to Slack, and it will be uploaded to Github for version control.
After Github opened its free repository function to free users, I’m using Github private repository to store lots of my applications config file. I usually don’t use version management because they usually never changes after initial deployment. However, especially while I write blog post I need to make changes just to check the functionality. And sometimes I forgot to rollback config and need to check manually on the device.
In this post, I show you how to integrate Fortigate config backup script and Github API. And in the next post I will deploy them in CloudFunction so that it can be invoked by Fortigate automation stitch.
Previously I wrote a post how to backup the Fortigate config using session based authentication. As per the API reference, this is considered legacy, and other authentication method –API token, is preferred. In this post, I demonstrate how to use FortiOS RestAPI with API token. And I will introduce how to parse current configuration.
I used FortiOS 6.0.4 to deploy this, and it is most likely not working with other version(especially 5.x).
Is you PC protected at home? Where is your most valuable information stored?
In my case, my most valuable information is stored in my PC at home, or the cloud storage which only my PC can access to. It’s obvious that I need to protect my home network more than anything. It’s really scary for anyone getting your PC hacked like the one in BlackMirror.
From the next post, I will guide you how to bring up Kubernetes cluster locally.
I use Kubernetes The Hard Way as a guidepost, but I will re-order the procedure so that it goes component by component. If you are willing to take CKA(Kubernetes Certified Administrator) Certification, you should follow original kubernetes the hard way again after completing this agenda, so that you can improve your deployment speed.
Compute resource procurement … I use my desktop pc to host 4 virtual ubuntu machines
Etcd cluster bootstrap … Etcd is the base system of kubernetes to hold all the information
Control plane bootstrap 01 … API server installation and flags investigation
Control plane bootstrap 02 … Deploy LoadBalancer for API server
Worker node bootstrap … kubelet and kube-proxy are installed on nodes.
Control plane bootstrap 03 … Controller-Manager installation
Control plane bootstrap 04 … Scheduller installation
Pod network routes … configure network for inter-pod communication
DNS … Deploy coredns in cluster
Data encryption at rest … secure secret file encrypted
One of the most popular tutorial to bootstrap kubernetes components is Kelsey Hightower’s “Kubernetes The Hard Way“. It is really helpful to understand the complicated component structure of kubernetes.
I saw some people asking if there is any equivalent tutorial which is not using GCP(e.g. on-prem, AWS). Because Kubernetes The Hard Way is using GCP as its backend, it’s no wonder they think the tutorial is specific to GCP. But in fact, only a small bit of part is specific to GCP(maybe LoadBalancer, Swap configuration only), and most of the part is still applicable to any infrastructure.