SockMi is a mechanism for the migration of a TCP/IP connection between two Linux systems. Only the migrating peer of the connection needs to reside on a Linux system. The migration is completely transparent for the other peer that can reside on a system running any operating system. SockMi requires neither changes to existing Linux kernel data structures nor new system calls.
Shmoocon 2013 - C10M Defending The Internet At Scale (by theprez98)
Now that we have the C10K concurrent connection problem licked, how do we level up and support 10 million concurrent connections? Impossible you say. Nope, systems right now are delivering 10 million concurrent connections using techniques that are as radical as they may be unfamiliar.
A gentle introduction to the difficult art of writing kernel module.
I recommend this introduction to SDN (Software Defined Networking) from Nick McKeown in the Open Networking Summit. I love the example he gives where SDNs are used for implementing an intelligent distributed load balancer in a complex country-wide topology. I have also discovered the Mininet network simulator, a “real-network” simulator based on Linux namespaces and their ability to have isolated network spaces in a kernel.
"Metal as a service" is one of the last cutting edge technology in the cloud world, where a provider does not offer you a virtual machine but a physical, bare-metal machine, something where you can install whatever OS you want to run. More power for you, but also more difficult to maintain and more expensive.
Canonical is really into it (with Juju) and Openstack has some support in the latest version, and there are some providers (ie, baremetalcloud, stormondemand, etc) that already offer these features as well…
An explanation on how Valgrind works. Basically, Valgrind acts as a virtual machine that executes your program, intercepting every single call to allocate/free memory, and performing some accountancy for detecting memory leaks.
A look at how Go programs keep time information in Linux. Syscalls, monotonic clocks and locales…
CoreOS is just that: a core Linux operating system. Designed as a minimal Linux, it is free of all the packages that come pre-installed with standard distributions. The reason for that is because, once the OS has booted up, CoreOS has been designed for running docker containers.
CoreOS has some unique features, like:
- some sort of dual-boot feature for auto-updates, where one instance of the OS updates the main installation
- fleet, a cluster management tool that promises to be like systems for clusters (developed in Go)
- and etcd, a distributed key-value database (also developed in Go), as the main configuration system.
Namespaces is a Linux abstraction that makes a system resource to appear within that namespace as an isolated instance. For example:
Network namespaces […] provide isolation of the system resources associated with networking. Thus, each network namespace has its own network devices, IP addresses, IP routing tables, /proc/net directory, port numbers, and so on.
So processes associated with a namespace will see completely different network devices, routing tables, etc. than other processes running in the same system. This enables one of the most important lightweight “virtualization" technologies used nowadays, containers, where a group of processes have the illusion they are the only ones running on bare metal hardware.
There are currently 6 different types of namespaces (mount, UTS, IPC, PID, network, user). But one of the most interesting things is yet to come:
Starting in Linux 3.8, unprivileged processes can create user namespaces, which opens up a raft of interesting new possibilities for applications
The most common case would be a unprivileged process (i.e., user) that becomes root when entering a particular namespace.