In the previous note, we learned about a typical principle of VPN through TUN/TAP devices when introducing network devices, but did not practice how TUN/TAP virtual network devices specifically function practically in linux. In this note we will look at how a very typical IPIP tunnel in the cloud computing field is implemented through TUN devices. IPIP Tunneling As we mentioned in the previous note, the TUN network device can encapsulate a Layer 3 (IP) network packet within another Layer 3 network packet, and it looks like the packet sent out through the TUN device will look like this.

The bridge is a virtual network device, so it has the characteristics of a virtual network device and can be configured with IP, MAC address, etc. Unlike other virtual network devices, the bridge is a virtual switch and has similar functions to a physical switch. Unlike other virtual network devices, bridge is a virtual switch with similar functions as a physical switch. bridge is connected to a protocol stack at

A veth virtual network device is connected to a protocol stack on one end and another veth device on the other end instead of a physical network. A packet sent out of a pair of veth devices goes directly to another veth device. Each veth device can be configured with an IP address and participate in the Layer 3 IP network routing process. The following is an example of a typical veth device pair.

The TUN/TAP virtual network device is connected to the protocol stack at one end, and at the other end is not a physical network, but another application in user space. That is, the packets sent from the protocol stack to the TUN/TAP can be read by the application, and of course the application can send packets directly to the TUN/TAP. A typical TUN/TAP example is shown in the following figure.

Network Virtualization is the process of building a virtual network with a different topology than the physical network. For example, if a company has multiple offices around the world, but wants its internal network to be one, it needs network virtualization technology. Starting with NAT Suppose one machine in the Beijing office has an IP of 10.0.0.1 (which is an intranet IP and cannot be used on the Internet) and one machine in the Shanghai office has an IP of 10.

I recently wanted to check out the new pattern matching features in Python 3.10, and I just happened to understand some of the basics of compiling, so I tried to compile a copy of the latest Python on the test machine I usually use. Working environment The operating system of the test machine is Ubuntu 20.10, with basic development tools such as gcc and git already installed. The following steps

You have heard that the Rust language has Safe as one of its features, but due to the sad fact that hardware is Unsafe, all “safe” must be encapsulated in “Insecure” must be encapsulated on top of “Insecure”. This leads to the fact that “Safe” in the full sense of the word is very difficult to achieve and extremely limited in functionality. So let’s see where Rust’s Safe boundary lies.

Today, I encountered an unexpected situation when copying a folder using COPY while writing a dockerfile. I’ll document the correct way to use it here. Background Notes Today, when I copied the folder to the image via dockerfile, I found that the contents of the folder were copied in. The dockerfile looks like this. 1 2 3 4 5 FROM node:alpine WORKDIR /usr/src/app COPY dist node_modules package.json ./ EXPOSE 3000 CMD ["yarn", "start:prod"] I wanted to copy both dist and node_modules folders into the mirror, but I didn’t want to use multiple COPYs to copy them separately, which would result in an extra layer, and found that dist and node_modules folders themselves were not copied into the mirror, but the contents of the folders were copied into the mirror separately.

In order to save server bandwidth and speed up pages, we want to enable the Brotli plugin for Nginx. I found out that Brotli, a very popular lossless compression plugin, is still not included in the official Nginx docker image, so we have to do it ourselves. 1. Results I pushed the built image to Github’s Docker registry, which can be used directly if you are too lazy to toss it.

Redis 7.0 is now available, having been in development for almost a year and having gone through three release candidates. Today, the development team believes it is stable enough to be used in production. In short, Redis 7.0 includes incremental improvements to almost every aspect of Redis. The most notable of these are Redis Functions, ACLv2, command introspection, and Sharded Pub/Sub, which represent a significant evolution of existing functionality based on user feedback and production lessons learned.

1 Preface Caching can be a powerful tool for high-performance systems, and it can be found in many systems. When cache resources are tight, we always expect cache entries that will be used in the future to remain in the cache, and eliminate cache entries that will not be used in the future. According to the locality principle of caching, the more recently accessed cache entries are more likely to be used again in the future, and the most recently accessed cache entries are more likely to be used again in the future.

0. Preface For databases where the storage medium is disk or SSD, the mainstream has long used B+ trees as an index structure to achieve fast data lookup. When the data volume is not too large, B+ tree read and write performance is very good. But in the case of massive data, the B+ tree is getting taller and taller, and because the B+ tree needs to split and merge pages along the B+ tree layer by layer when updating and deleting data, it seriously affects data writing performance.

Preface Under the ten-year cloud computing wave, DevOps, containers, microservices and other technologies are developing rapidly, and cloud-native has become a trend. Enterprises are moving from “ON Cloud” to “IN Cloud” and becoming “new cloud-native enterprises”, where new capabilities and existing capabilities are established but not broken, with organic synergy to achieve Resource efficiency, application agility, business intelligence, security and trustworthiness. The whole concept of cloud-native is very big, and

Whenever we write a non-hello world utility Go program or library, we will trudge around in front of the three “thresholds” of project structure, code style, and identifier naming for a long time, and never even get a satisfactory answer. In this article, we will introduce in detail how to cross the “threshold” of Go project structure to help you get into the core hinterland of Go language faster and

Recently, I am studying PostgreSQL to do search engine, in short, the main use of the search engine is the inverted index, that is, an article or statement, the first word, the article into N words, each word has a certain weight, there are many places in this step can be optimized, the article will be cut into the exact meaning of the word, the impact on the subsequent search

Recently I’ve been using golang-migrate for database change management, and according to the official tutorial, I need to download a local binary first and generate the change file on the command line. 1 2 3 $ migrate create -ext sql -dir db/migrations -seq create_article_table ...项目路径/db/migrations/0000

This article is not a tutorial on how to use http-proxy-middleware. Please also refer to the official tutorial for more information on how to use it. This article is mainly to record some precautions when using it. 1. can not continue to flow routes As we use express and other frameworks, we will declare multiple routes, some routes are used to handle business logic, some are to collect relevant information,

Kubernetes Multi-tenant Model Along with the development and promotion of cloud-native technologies, Kubernetes has become the operating system of the cloud computing era. In the mainframe era, the operating system had the need for multiple tenants sharing the same physical machine resources; in the cloud computing era, the need for multiple tenants sharing the same Kubernetes cluster has emerged. In this regard, the community’s Kubernetes Multi-tenancy Working Group has defined three models of multi-tenancy for Kubernetes.

The slightly delayed Kubernetes 1.24 release is expected to be released on May 3 according to the release schedule; it contains a major shift, namely, built-in support for dockershim will be removed completely. If you use Docker Engine as Kubernetes cluster container runtime, then you need to be ready to migrate in 1.24. To check if you are affected, see Check if dockershim deprecation affects you. Officially, dockershim was officially announced as early as December 2020, and is expected to be deprecated in April 2022 Kubernetes 1.

Developer Drew DeVault has announced a new system programming language, Hare, which has been in development for nearly two and a half years and uses a statically typed system, manual memory management and a minimal runtime, making it ideal for writing operating systems, system tools, compilers and other low-level, high-performance tasks. According to Drew DeVault, Hare is most similar to C, and almost any program written in C can also