Category Archives: cisco

My new Journey – Cisco to Google cloud

After an amazing 10+ years in Cisco Systems, I have decided to move on. I have joined Google’s cloud division. I thought its a good time to reflect on my learnings in Cisco and what I am looking forward for the next few years.

Before joining Cisco, I worked in few startups in US. I joined Cisco after I moved back to India. I worked in different development engineering groups in Cisco spanning carrier ethernet, service provider and data center products. I played different roles including Software Engineer, Technical lead/architect, Engineering manager. Cisco is a great company and it has given me lot of good opportunities.

I had a great set of managers in Cisco. I would like to especially call out 2 managers who helped me shape my career. First is Ritesh Dhoot, he is a charismatic leader who helped me understand the business value in everything we do. Second is Bhaskar Jayakrishnan whom I admired for his all-round skills and the tenacity with which he takes the opportunity and runs with it. Both of them gave me lot of freedom to plan/execute work in my own way and also encouraged me to pursue my interests.

I had a great set of colleagues and teams in Cisco. I got the opportunity to lead UCS switch team in Bangalore and saw the team grow pretty fast from 5 folks to 25 folks over a period of 2+ years. I was very humbled by the love and affection that I received from my team and especially the very warm farewell. Following is UCS Bangalore switch team(few folks are missing..) that I am very proud to be part of:

Ciscogroup

Considering that things have been so good, folks might ask why I left Cisco… Following are some reasons:

  • I had been in Telecom/Networking industry for the last 16+ years and I wanted a change away from this.
  • I have been active in Open source communities over last 4 years. I am an active techno blogger, author of “Mastering CoreOS” book and also a Docker Captain. I found it difficult to match my office work and personal interest.
  • I have been doing development roles all through my career and I wanted to try out roles close to customers.
  • Cisco has been great to survive downturns and reinvent itself many times. I was not convinced about Cisco’s adoption of cloud and the changing Cisco’s strategies in this area.

After I decided to look out, I had a choice of trying out startups or big companies. I did get few opportunities in startups. Even though I had dabbled in the cloud area for 4+ years, it was not at the professional level so I thought it will be good to work in a bigger company to understand the breadth of cloud technologies.

What better company can I ask for than Google. I have always admired Google for their super cool technology and the pace at which they innovate. In the cloud area, Google is lagging behind AWS and Azure and that’s primarily because Google started late in the Cloud domain. Google currently has a lot of focus in the cloud domain and I am confident that Google will catch up to Azure and AWS soon. Following are some reasons why I am very confident about this:

  • Google’s cloud products are already used by Google’s products. All Google’s products like Youtube, Maps, Photos runs in Google’s cloud and the same technology is exposed to end customers through Google cloud products. Each of the above products has 1+ billion users, this makes Google cloud products already proven at scale.
  • Google is a leader in open source technologies like Kubernetes, Tensorflow, Mapreduce and these technologies are incorporated nicely into Google’s cloud products. This gives Google a head-start in areas like Machine learning, Big data and Containers.
  • There are a lot of integration possibilities between Google’s cloud products and Google’s other products and that can provide lot of benefits to consumers on either side.

I started as a Partner Engineer in Google cloud’s Bangalore division. My primary responsibility is technical enablement of Google cloud partners and create appropriate solutions for Google cloud customers. I am hoping to understand customer issues, create solutions and evangelize cloud and Google’e products along the way. Even though  this role entails a breadth of Google cloud technologies,  I will try to have some focus on Docker, Containers, Kubernetes and GKE considering that I am also a Docker captain.

Even though I started only 6 weeks ago in Google, I feel that its been a long time. I already feel that I am in the best place and that there is a lot of learning for me to do. In the short span of time, I have attended 3 conferences, did container presentations, met few customers and partners along the way. I have also passed the “Google cloud architect” certification.

It does feel weird that I am starting on a tangential path compared to my previous background at this stage of my career. There are quite a few challenges that I need to overcome like getting used to a pre-sales role(been in Engineering all along), understand breadth and depth of cloud technologies and finally, prove myself in this new role. I am hoping that this will work out good.

I am looking forward to writing more blogs in the Google cloud and Containers/Docker areas.

PS:

Google cloud is hiring. If you are passionate about cloud with relevant experience and interested in creating and selling cloud customer solutions, please reach out to me.

Advertisements

Dockercon 2017 – My experiences

Dockercon 2017 was the first Docker global conference that I attended. The conference was hosted in Austin, Texas. It was a memorable experience and I had lot of fun attending the conference. In this blog, I will share some of my experiences from Dockercon 2017. I have covered details on important announcements, keynote demos, Cool hacks, Sessions that I attended, Security workshop conducted by me and Docker team and key takeaways for me.

Key announcements

Following were key announcements as part of Keynote sessions:

  • Moby opensource projectMoby is a framework to assemble specialized container systems. Docker is 1 of the assembled container systems from Moby. There can be other container systems that users can create. For example, 1 of the example demonstrated in keynote is to use Moby to build a container system to run Kubernetes on Mac. Moby is an effort to keep Docker open source projects and Docker product separate.
  • LinuxkitLinuxkit is a toolkit for building custom, minimal and immutable Linux distributions. This is used by Microsoft to run Linux containers in Windows. Linuxkit is 1 of the components of Moby that allows us to build a bootable container system. This system can be run either on bare-metal or on cloud.
  • IBM is running Docker in their powerpc and Z systems.
  • Oracle enterprise DB is available in Docker store and can be tried free for personal use.
  • I am glad to mention the Cisco announcements.  Cisco and Docker are partnering on Modernizing traditional applications(MTA) program. Contiv 1.0  is available as GA.

Keynote Demos

Live demos are a key part of Dockercon. These demos were done as part of keynote sessions from Solomon and Ben.

  • Multistage Docker build to reduce Docker image size and desktop to cloud integration for moving applications across Swarms.
  • Deploying an application securely with multiple services on Docker swarm cluster. The application was deployed with Docker compose using TLS, Secrets.
  • Secure supply chain using DDC, Security scan and Docker secrets
  • Deploying 3rd party VM applications with containers using image2docker and Docker datacenter. image2docker can do migration of VMs to Containers and this would be helpful for migrating legacy applications.

Hacks

Following 2 hacks were done by Docker captains. These were selected from the many hacks submitted for Dockercon.

  1. PWD – play with Docker
    PWD is a great tool for running Docker containers using browser without having to install Docker. This is great for workshops and it is also a good Docker beginner tool. For more details on PWD, please refer to my earlier blog here.
  2. FaaS – This is a framework for building serverless functions on Docker Swarm. The demo was a cool one with integration with Alexa service.

Sessions attended

Following are the sessions that I attended over the Dockercon week:

  • Cilium: Network and application security using BPF and XDP –
    • Berkeley packet filter(BPF) and extended data processing(XDP) runs in Linux kernel.
    • Learnt use cases of BPF where policy can be forced at network layer inside linux kernel using BPF.
    • Cilium can be used as Docker networking plugin.
    • XDP extends BPF to network drivers which makes packet filtering even faster. Facebook says that XDP is 10 times faster with switching packets.
  • Solving the storage problem for cloud-native applications – Portworx
    • Portworx is a container storage solution that is trying to solve the big problem of persistent container storage. This is a complex problem to solve and there are many players trying to address this problem.
  • Scaling App defense with intent based security – Twistlock
    • This session went into details of Twistlock container security platfrom. Dynamic secure policies can be created by Twistlock automatically.
  • Docker networking: from application plane to Data plane
    • Covered Docker networking from beginning to now including tools to debug common Docker networking issues.
  • Infinit’s next generation key value store
    • Covered how Infinit’s solution is unique, distributed and scalable. Object store and file system can be on top of key-value store, this is targeted for 4th quarter of this year.
  • Journey to Docker production: evolving your infrastructure and processes
    • Talk from Docker Captain Bret fisher – Explained the production considerations for small and big Docker clusters.
  • Container performance analysis – Netflix
    • Netflix tools to debug container performance. Covered tools like Netflix victor, titus, flame graphs.
  • From ARM to Z: multi-platform Docker swarm
    • Cross-platform containers using manifest tool. Same container image can be used across multiple platforms so that developer don’t need to remember platform details.
  • Building a secure app with Docker
    • Best practices to be followed for building secure applications

I am eagerly waiting to watch the recording of the other sessions.

Security workshop

I conducted Docker Security workshop along with Nigel, Nass, Matt. Nigel is a Docker captain and Nass and Matt are from Docker team. Around 50 folks attended the session. It was a 3 hr session with presentations and labs on different Docker security topics including Swarm mode, Content trust, Security scan, Networking, Secrets and Linux container security features. The labs were done on AWS cloud. The session was interactive and we got interesting questions from the audience. The labs and the slides are posted here.

What I enjoyed the most

  • Meeting the folks in person with whom I have interacted over mails and slack
  • Keynote demos
  • Interacting with other Docker captains. Docker has an amazing Captains group and I am privileged to be part of the group. From Bangalore, 2 other Docker captains Neependra and Ajeet also attended the conference. Following picture was taken in the Captains summit.

captains_picture

  • Captains discussion with Solomon Hykes.
  • Presenting and interacting with folks in Docker Security workshop
  • Seeing overall Docker excitement with attendees
  • Talking to companies in their booth and understanding container ecosystem
  • Everyday after conference party…

 

 

Hybrid cloud recent solutions from Microsoft and VMWare – 2 different ends of the hybrid cloud spectrum

Public clouds have grown tremendously over the last few years and there are very few companies who do not use public cloud at this point. Even traditional enterprises with in-house data centers have some presence in the public cloud. I was looking at Amazon’s re:Invent conference details and I was amazed by the number of new services and enhancements that were announced this year.  It is very difficult for private clouds to keep up in pace with the new features of public cloud. There is no doubt that public clouds will overtake private clouds in the long term. Private clouds still have a wide deployment and there will be enough use cases for quite some time to deploy private cloud. The use cases includes regulated industries, compute needed in remote locations not having access to public cloud and some specialized requirements that public clouds cannot meet. For some enterprises, private cloud would make more sense from a costing perspective. Having hybrid cloud option is a safe bet for most companies as it provides the best of both worlds. I saw 2 recent announcements in hybrid cloud that captured my attention. One is Azure stack that allows running Azure stack in private cloud. Another is VMWare cloud on AWS that allows running entire VMware stack in AWS public cloud. I see these two services as 2 ends of the hybrid cloud spectrum. In 1 case, public cloud infrastructure software is made to run on private cloud(Azure stack) and in another case, private cloud infrastructure software is made to run on public cloud(Vmware cloud on AWS). In this blog, I have tried to capture more details on these 2 services.

Hybrid cloud

There are predominantly 2 options currently to run Private cloud. 1 option is to use vendor based cloud management software along with hardware from same vendor.

Continue reading Hybrid cloud recent solutions from Microsoft and VMWare – 2 different ends of the hybrid cloud spectrum

Contiv Networking policy Hands-on

Contiv is an Open source project driven primarily by Cisco for policy based networking, storage and cluster management for containerized applications. In this blog, I will cover some of the hands-on stuff that I tried with Contiv Networking. I used the sample examples provided in Contiv documentation as starting point. For Contiv networking basics, you can refer to my previous blog here.

Contiv environment

I followed the “Contiv getting started” guide to setup a two node Contiv cluster with Vagrant. I started the cluster in Packet baremetal cloud. Contiv netmaster runs in one of the nodes, Contiv netplugin is installed in both the nodes.

git clone https://github.com/contiv/netplugin
cd netplugin; make demo

Following command shows the 2 node Vagrant cluster:

root@contiv:~/netplugin# vagrant status
Current machine states:

netplugin-node1           running (virtualbox)
netplugin-node2           running (virtualbox)

Following are the business details of the sample application that I have used in this blog:

Continue reading Contiv Networking policy Hands-on

Contiv – Policy based networking for Containers

Contiv is an Open source project driven primarily by Cisco for policy based networking, storage and cluster management for containerized applications. In this blog, I will focus on how Contiv does policy based Container networking. In the next blog, I will cover some hands-on stuff that I tried with Contiv.

Container Policy

Policies have become critical to control the business logic in a Cloud environment. There are 2 ways to describe policy. In imperative model, policy is defined in terms of how the end goal is achieved. For example, we specify the filters and actions with Openflow protocol that achieves end goal of packet handling and this is an example of imperative model. In declarative model, policy is defined in terms of the end goal and it gives flexibility to the end-system to implement the policy in different ways. Congress and Opflex are examples of declarative policy model. With declarative model, it is possible to specify the policy in terms of business logic without specifying implementation detail. For example, the business logic can say that web container should not talk to database container. The implementation of this business logic can be achieved by having an iptables rule or by having a hardware tcam rule to block specific ports. In a cloud computing world, policies can be defined for compute, storage and networking. Both Containers and VM needs policies to implement business logic. Following are examples of some policies that can be applied to applications deployed in Cloud using either VMs or Containers:

  • Authorization policy – Specifies tenants and their privileges.
  • Resource usage policy – Specifies resource constraints for tenants, containers and VMs.
  • Application access policy – Specifies containers that can communicate to each other and containers that are exposed to outside world.

Contiv Networking

Contiv Networking project provides policy based networking for Docker Containers. Following are some details on Contiv Networking:

Continue reading Contiv – Policy based networking for Containers

Microservices Infrastructure using Mantl

Mantl is an Open source project from Cisco and it provides an integrated solution to deploy distributed Microservices. Any company deploying Microservices has to integrate different components before the solution becomes production ready. Mantl makes it easier by integrating the different components and providing the glue software that integrates the components. In this blog, I will cover the following:

  • Distributed Microservice infrastructure components and the need for Mantl.
  • Mantl Architecture.
  • Mantl installation using Vagrant
  • Mantl installation using AWS public cloud

Microservices infrastructure

Following are typical components in Container based Microservices infrastructure:

Continue reading Microservices Infrastructure using Mantl