Learning: Kubernetes – Service, Scalability, Rolling Updates

Service

There multiple challenges with pods. Suppose we have two pods with one front-end and one back-end. Now we have couple of questions –

How does the front-end app expose to the outside world?
How the front-end app talks to the back-end app?
When a pod dies a new pod gets created and get assigned with a new IP Address. How to resolve Pod IP changes, when pod die?

So, the services are the way of grouping of pods in a cluster. We can have as many as services in cluster. There are mainly three type of services in k8s –

ClusterIP – It actually deals with the pod IP change problem. It’s a static IP address that can be attached with each pod. So even the pod dies the service stays in place and don’t change. Exposes the Service on an internal IP in the cluster. Here the service only reachable within the cluster.
NodePort – Makes a Service accessible from outside the cluster.
Load Balancer – Creates an external load balancer in the current cloud (if supported) and assigns a fixed, external IP to the Service.

# Get the running services
$ kubectl get services

# Expose service to outside of the world
$ kubectl expose deployment/kubernetes-bootcamp --type="NodePort" --port 8080

# Delete a specific service
$ kubectl delete service -l app=kubernetes-bootcamp

Scalability

When we want to scale our app then we create multiple replica of the pods on the nodes and to balance the request on each pods we use load balancer service.

Rolling Update

K8s allows us to do rolling updates and let’s see how it does –

First it creates the new pod with updated config.
Then it replaces the new pods with old ones one by one and change the pod IP addresses.

It allows app to update in zero down time.

# Update image of the application
$ kubectl set image

# Get Rollout update status
$ kubectl rollout status <service_name>

# Get the service info
$ kubectl describe <service_name>

# Roll Back to the deployment to your last working version
$ kubectl rollout undo <deployment_name>

Learning: Kubernetes – Pods and ReplicaSet Simplified

Pods

A Pod is the smallest execution unit of a Kubernetes application. Each Pod represents a part of a workload that is running on your cluster.

We usually have one pod per application. Inside that pod we could have multiple container.

A Pod is a Kubernetes abstraction that represents a group of one or more application containers and some shared resources.
- It has shared volumes.
- Cluster IP(Every pod has unique IP even in same Node)
- Info about how to run container.
We don’t deal with containers instead we work with pods.
If a container dies inside a pod it will be automatically restarted.
Each pod is tied to one node until termination.
Pods that are running inside k8s are only visible from other pods and services inside the k8s cluster.
We have to expose the app to outside the k8s.

Multiple Container Pods – The pods are always designed to support multiple correlated containers. The containers in a pod is automatically scheduled in same VM or physical machine in the cluster.

The containers can communicate to each other and share resources.

Pods Networking –

Each pod is assigned with a unique IP address.
Each container in pods share the network share the same IP address with port.
The containers inside a pod can communicate to each other with localhost.
The containers inside a pod can also communicate using Inter Process Communication.

Life Cycle of a Pod

A pod is said to be ephemeral.
A pod is never rescheduled to a different node Instead the pod is replaced by a new one.
If a node fails the pods assigned to it also fail.

Generally a pod has 5 phases –

Pending – Pod has been accepted by the cluster but one or more container haven’t been setup.
Running – A pod has been bound to a node and containers have started.
Succeeded – All containers in the pod have been terminated successfully.
Failed – At least one container have been terminated in failure.
Unknown – For some reason the state of pod could not be obtained.

# Create a deployment
$ kubectl create deployment kubernetes-bootcamp --image=gcr.io/google-samples/kubernetes-bootcamp:v1

# Get deployment info
$ kubectl get deployments

# Get the list of pods running
$ kubectl get pods

# See which containers are running inside a pod
$ kubectl describe pods

# Run a command inside a container
$ kubectl exec $POD_NAME -- env

# Open bash inside a container
$ kubectl exec -it $POD_NAME -- bash

ReplicaSet

We don’t create the pods directly. The reason is suppose we need 4 pods in our deployment always and if we create the pods directly and the one pod goes down then we have to create the pods manually.

That’s why we use ReplicaSet. It is a management system that ensure that I have the desired set of pods in the k8s cluster. And the controller check the current state with the desired state and see if the current pod count match the ReplicaSet count or not. If not it creates or deletes pods.

# Get the replica set
$ kubectl get rs

# Scale up the app and change replicaset
$ kubectl scale deployments/kubernetes-bootcamp --replicas=4

# Scale down the app
$ kubectl scale deployments/kubernetes-bootcamp --replicas=2

# To see a pod in managed by ReplicaSet
$ kubectl get pods <pod_name> -o yaml

# Delete the ReplicaSet
$ kubectl delete rs <replica_name>

# Delete the replica set but keep the pods
$ kubectl delete rs <replica_name> --cascade=false

Learning: Kubernetes – Cluster, Control Plane, Nodes

Cluster

It is a set of machines connected and work together to run as a single unit. The idea is deploying the containerized application without tying them to a specific machine.

There are mainly two component of any k8s cluster –

Master Node or Control Plane
Worker Nodes
Virtual Network

Control Plane

In general it is the control panel of a cluster and manages the entire cluster.

It runs the API server which works as the entry point for the Kubernetes cluster.
It runs the controller manager which keeps an overview of the cluster and Maintain application desired state.
It runs scheduler which is responsible for scheduling containers and pods for different nodes based on workload and available server resources on each node. After deciding which Node to use for pod or container creation it actually sends the requests to the particular node’s kubelet process and kubelet does the creation of the pod and containers.
Another important thing that runs is ETCD Key-value storage which holds the current state of the cluster.

Nodes

It is a physical computer or VM that serves as a worker machine in a k8s cluster.

Each worker node have docker containers of different application deployed on it.
The kubelet manage the node ****talk to the control plane.
The node use Kubernetes API to communicate to the control plane.
Two node can’t have the same name as name identifies the node.

# Start the cluster with minikube
$ minikube start

# Get the cluster info
$ kubectl cluster-info

# Get node information
$ kubectl get nodes

Daily Learning: Computer Networks – Securing TCP/IP

There are 5 points that to me mentioned while understanding security in TCP/IP –

Encryption – It’s the scramble of data such a manner that in between the data can’t be read. Also at the receiving end the the data must be descramble.
Integrity – It’s the guarantee that data that is received is same as originally sent.
Nonrepudiation – A person cannot deny that they took a specific action.
Authentication – It means that who ever is accessing the data is the person you want to access the data. username & password defines the authentication.
Authorization – It means what an authenticated person do with the data.

Encryption

A packet of data on the Internet often comes with a port number encapsulated in the segment or datagram, for example, so a bad guy quickly knows what type of data he’s reading. All data starts as cleartext, which roughly means the data hasn’t been encrypted yet.

Here comes the encryption and we use cipher. A cipher is a general term for a way to encrypt data. An algorithm is the mathematical formula that underlies the cipher. When you run plaintext through a cipher algorithm using a key, you get the encrypted ciphertext.

Types of encryption –

Symmetric Encryption – It is the encryption algorithm which use single key to both encrypt and decrypt the data. So the key must be shared between the sender and receiver. There are major two kind of symmetric key –
- Block cipher – Here it divide the data in blocks and encrypt each block. usually 128 bit block.
- Stream cipher – Here the algorithm encrypt each bit coming from stream of bits.
Asymmetric Encryption – There was a major drawback in the symmetric encryption that the key is tampered then the communication is vulnerable. For that we use asymmetric encryption. Here suppose there is two people Alice & David and alice wants to send the data to the david then alice will create a key pair of public and private key. The public key is used for the encryption and the private key is used for the decryption. So the alice will give her public key to david and david will encrypt the data and send it to the david. Now alice will decrypt the data with the help of her private key.

Hash

It’s a mathematical function that we run in a string and get a fixed length of string(checksum or message digest).
The message digest will always be same length regardless of the input string length.
The hash is a one way function that we can’t get back the message from the hash.

Uses –

When we download any file from the internet the download provider also provide a message digest of the download file.
We first download the checksum and download the file.
Then we compare our checksum with the downloaded checksum.
If the checksum is not correct then the data has been tampered in the middle.

Digital Signature

It is the proof of truth about someone took some action in a network. and they can’t deny it.

First sender hashes the message and encrypt with sender’s private key.
Then send the data to the receiver.
Then the receiver decrypts the message with the help of sender’s public key.
If the hash match then it’s the proof that the sender has sent the message.

SSH

The invention of SSH was heavily related to the telnet protocol because the telnet protocol was completely unsecured that everything was transferred in plain text. Then a student from Helsinki University Of Technology Tatu Ylonen created another protocol called SSH after his network was breached because of telnet.

Working Principal

When a client wants to connect to the server for the first time the server sends it’s public key to the client.
Then the client create a session ID and encrypt it using the public key and sends it back to the server.
Then the server decrypt the session ID using it’s private key and use in all the data communication going forward.
Then the client server decides the type of encryption will be used for the session(Generally AES).

SSH can use public key for encryption and we can turn off the password based authentication.

Use Public/Private Key for authentication –

client first generate a key pair using ssh-keygen.
The the public key is sent to the server and the private key is kept safe in the client machine.
WHen you connect to the server the client create a signature using it’s private key and send to server.
The server check the signature using it’s public key and if everything matches you are authenticated to the server.

Daily Learning: Computer Networks – Access Control Methods – CSMA(Carrier Sensing Multiple Access)/CD(Collision Detection)

Properties

There can be multiple stations in a network.
It will sense if the transmission line is busy or not. If it is not busy then it will transmit the data.
It will also sense for any type of collision while sending the data.

Persistence Methods

1 Persistent – It sense the medium continuously. When the medium is free it sends the packet imediately.
Non-Persistent – It first sense the medium then waits for a random amount of time then again sense.
P Persistent – It fist sense the medium continuously then when the medium is free it generate a random number and check if the number is less than the probability of which host if the number is less than some host’s probability then that host will transmit the data.

CSMA

Vulnerable Time – It is the total propagation time Tp. If first bit of the packet reaches to the end of the medium then every station will heard of the transmission and no one will transmit.

CSMA/CD

The Carrier Sense Multiple Access/ Collision Detection protocol is used to detect a collision in the media access control (MAC) layer. Once the collision was detected, the CSMA CD immediately stopped the transmission by sending the signal so that the sender does not waste all the time to send the data packet. Suppose a collision is detected from each station while broadcasting the packets. In that case, the CSMA CD immediately sends a jam signal to stop transmission and waits for a random time context before transmitting another data packet. If the channel is found free, it immediately sends the data and returns it.

It is used in the wired medium and used by Ethernet.

Transmission Time – Tt = 2 * Tp

CSMA/CA

CSMA stands for Carrier Sense Multiple Access with Collision Avoidance. It means that it is a network protocol that uses to avoid a collision rather than allowing it to occur, and it does not deal with the recovery of packets after a collision. It is similar to the CSMA CD protocol that operates in the media access control layer. In CSMA CA, whenever a station sends a data frame to a channel, it checks whether it is in use. If the shared channel is busy, the station waits until the channel enters idle mode. Hence, we can say that it reduces the chances of collisions and makes better use of the medium to send data packets more efficiently.

It is used in the wireless interface

Interframe Space(IFS) = Collision are avoided by deferring transmission even if the channel is found idle. When an idle channel is found, the station does not send immediately. It waits for a period of time called the interframe space.
Contention Window – We divide the network into windows and if some signal collide the it has to wait for the next window which is 2^n [n = number of collision]

Minimum amount of data – L ≥ 2 * Tp * B

Efficiency(η) = Tt / (C * 2 * Tp) + Tt + Tp

Back off Algorithm – Wt – K * Tslwt [ k = 0 – 2^n-1 ] [ n = collision number ]

Daily Learning: Computer Networks – Access Control Methods – TDM, Polling, Token Passing, Aloha

Types of Communication Links

Point to Point Link
Broadcast Link – The connection is shared between all the stations.

Need Of Access Control

In the broadcast link if all stations are sending data simultaneously then there will be collision that’s why we implement the Access Control.

Types Of Access Control Method

1. TDM(Time Division Multiplexing) –

Divide the time into slots and assign each slot to one station.

Efficiency(η) = 1 / 1 + a [ a = Tp / Tt ]

2. Polling –

When a station wants to transmit the data then only we give the chance to that station to transmit the data.

Efficiency(η) = Tt / Tpoll + Tt + Tp [ Tt = Time taken for transmission, Tp = Time taken for propagation]

3. Token passing-

Token – A token is a small message composed of a special bit pattern.

Ring Latency – It is time taken by a bit to cover the entire ring and come back to the same point.

RL = d / v + N * b

[ d = length of the ring, v = velocity of data in ring, N = no. of stations in ring, b = time taken by each station to hold the bit before transmitting it (bit delay)]

Cycle Time – The time taken by the token to complete one revolution of the ring is known as cycle time.

CL – d / v + N * (THT)

[ d = length of the ring, v = velocity of data in ring, N = no. of stations in ring, THT = Token Holding Time ]

Strategies –

Delayed Token Reinsertion (DTR) –

Station keeps holding the token until the last bit of the data packet transmitted by it takes the complete revolution of the ring and comes back to it.

Working –

After a station acquires the token,

It transmits its data packet.
It holds the token until the data packet reaches back to it.
After data packet reaches to it, it discards its data packet as its journey is completed.
It releases the token.

Token Holding Time (THT) = Transmission delay + Ring Latency = Tt + Tp [ Tt = Transmission time, Tp = Propagation time ]

Ring Latency = Tp + N x bit delay = 0 [ bit delay = 0 ]

Early Token Reinsertion (ETR) –

Station releases the token immediately after putting its data packet to be transmitted on the ring.

Token Holding Time (THT) = Transmission delay of data packet = Tt

4. Aloha

Rules –

Any station can transmit data to a channel at any time.
No carrier sensing.
There is no collision detection.
It re-transmit the data after some time.(If acknowledgement don’t come)

There are mainly two type of aloha –

Pure Aloha –

The total vulnerable time = 2 * Tfr [ Tfr = Average time required to send a packet ]
Maximum throughput occurs when G = 1/ 2 that is 18.4%.
Successful transmission of data frame is S = G * e ^ – 2 G.

Slotted Aloha –

We divide the process into slots and a host can only send packets at the beginning of any slot. If it comes after then it has to wait till next slot.

Maximum throughput occurs in the slotted Aloha when G = 1 that is 37%.
The probability of successfully transmitting the data frame in the slotted Aloha is S = G * e ^ – 2 G.
The total vulnerable time required in slotted Aloha is Tfr.

5.

Daily Learning: Computer Networks – Sliding Window Protocol

Go Back N

If there is a packet lost in the receiver side then it is going to discard the subsequent packets and re transmit the the entire window means it is going back N values and re transmit the the packets

Sender window size is go back N is N
Receiver Window size is always 1.
Acknowledgement –
- Cumulative – One acknowledgement is used for many packets.
  - Adv – Traffic is low
  - Dis Adv – Reliability low
- Independent – One acknowledgement is used for one packet.
  - Adv – Reliability is high
  - Dis Adv – Traffic is high

Relationship Between Window Sizes and Sequence Numbers

Minimum sequence numbers required in GBN = N + 1

Bits Required in GBN = log2 (N + 1)

If the sequence number is N then Sender window size is N – 1. Receiver window size is 1.

If the bit is K then sequence number 2^k, Sender Window size is 2^k – 1. Receiver window size is 1.

Formula

Maximum window size = 1 + 2 * a [a=Tp/Tt]
Minimum sequence numbers required = 1 + 2 * a
Number of Bits in Sequence Number Field = log2(1+2a)

Selective Repeat

This protocol(SRP) is mostly identical to GBN protocol, except that buffers are used and the receiver, and the sender, each maintains a window of size. Here we only re transmit the lost packet not the entire window again.

Sender window size is greater than 1 (Ws > 1)
Receiver window size = sender window size (Wr == Ws)
Acknowledgements are independent. If bits in the packets are corrupted then SR will send a negative acknowledgement.

Note – If N is the size of sequence number field in the header in bits, then we can have 2N sequence numbers.

Window Size = min(1+2*a, 2^N)

	Stop & Wait	GBN	SR
Efficiency	1/1+2a	N/1+2a	N/1+2a
Buffer	1+1	N+1	N+N
Segment Number	1+1	N+1	N+N
Retransmission	1	N	1
Bandwidth	low	high	medium
CPU	low	medium	high
Implementation	simple	medium	complex

Daily Learning: Computer Networks – Delay in Transmission & Flow Control & Stop and Wait

Delays

There are many types of delays –

Transmission Delay – The time taken for host to put the entire packet in the line is transmission delay. If the first bit of the packet on the the line at time t1 and the last bit of the packet is put on the line at time t2, so the transmission delay of the packet is (t2 – t1). We define transmission delay as Tt = L/B (L = Length of packet, B = Bandwidth) Notation Data
Propagation Delay – The time taken for a bit to travel from source to destination is propagation delay. Tp = d/v (d = Distance of host to destination, v = velocity of the packet)
Queuing delay – Packets are received in the receiver and sit in a queue until all packet come it is called queuing delay.
Processing Delay – Packets are taken from the queue and taken to the processor for processing that is called processing delay.

Flow Control

Sometime wile sending data from sender to receiver the other end there may be queue is full in that case the later packets will be discarded for that we use stop and wait protocol. Here we send a packet and from other end it sends an acknowledgement for this there are some transmission d delay and inefficiency.

Stop and Wait Automatic Repeat Request

ARQ (Automatic Repeat Request) – If a sender sends a data and the packet is lost then the receiver won’t send the acknowledgement at all and the system will get into a deadlock. In order to break the deadlock we use a Timeout Timer and if no acknowledge comes in the that time we resend the packet again.
Duplicate Packet Problem – If the acknowledgement is lost and then the sender will again assume that the data is lost and the sender will resend the packet and receiver will re process it. In order to overcome the problem we use sequence number to the data.
Missing Packet Problem – If the sender sends a packet p1 and the acknowledgement A got delayed for that sender again sends the packet p1 and got the acknowledgement A then it sends packet p2 and the packet got lost but the first acknowledgement for p1 got arrived now the sender will think that the packet p2 got send successfully. In order to solve the problem we use a acknowledgement number.

Some time the sender may send a lot of data and the receiver may not that much capable of handling the data.
So the here the sender first send one data packet and wait for a particular time the acknowledgement from the receiver.
If the acknowledgement comes in that time or before time then good.
Otherwise the sender then automatically resend the data.

Properties

When the receiver receives the packet it send acknowledgement for the next packet(not the packet that was received.)
In this method there is only one packet the channel always so the when a packet is sent successfully we can reuse the sequence number of that packet again.

Formulas

Total Time – Tt + 2 * Tp [Tt = Transmission time for data, Tp = Propagation time]
Efficiency(η) – 1 / 1 + 2a [a = Tp / Tt]
Throughput or Effective Bandwidth or Bandwidth Utilization – η * B [η = Efficiency, B = bandwidth]

Daily Learning: Computer Networks – Supernetting or Aggregation

In the routing table there is entry for all the sub networks present in a network. And as the network increase the size of the routing table also increase. For this the router combine multiple networks to form a bigger network.

Rules

IP addresses must be contiguous.
All network should be of same size(the size also should be 2^n).
The first network ID should be divisible by the size of the block(number of host).

200.1.0.0
200.1.1.0
200.1.2.0
200.1.3.0

Let’s see the IP address can form a supernet or not. Ans is yes they can. because-

All are contiguous.
All network of same size.
Total number of host is 4 * 2^8 then the first IP address is divisible.

Supernet Mask

We put all 1 in the place of Network ID and all 0 in the place of Host ID.

      200.1.00000000.00000000
      200.1.00000001.00000000
      200.1.00000010.00000000
      200.1.00000011.00000000
------------------------------------
    255.255.11111100.00000000   Mask

Supernet Mask is - 255.255.252.0

Daily Learning: Computer Networks – Classless Inter Domain Routing(CIDR)

In classfull representation Every network used to get same amount of host regarding of the class of the network. But that is a waste in many cases where if a user need 2^14 host and buy the class B network then 49152 network are wasted. To counter this situation IANA came up with a new technique –

CIDR

It is also a 32 bit number but it has a special number which represents the number of bit present in block ID.

a.b.c.d/n
20.10.50.100/20

Here the number of Host present in the network is 2^(32-n) or here 2^12.

Rules
1. All the IP addresses re contiguous. Means there can’t be any fragmentation.
2. Block size must be power of 2(2^n). If the block size is 2^5 then the Host ID will contain 5 bits and the Block ID will be 27 bits.
3. First IP address must be evenly divisible by the size of the block. Means the least significant part should always start with zeroes in Host ID.
- Check whether 100.1.2.32 to 100.1.2.47 is a valid IP address block or not?
  1. All the IP addresses are contiguous.
  2. Total number of IP addresses in the Block = 16 = 2^4
  3. 1st IP address: 100.1.2.00100000 . Since, Host Id will contains last 4 bits and all the least significant 4 bits are zero. Hence, first IP address is evenly divisible by the size of the block.

Subnetting

Suppose our CIDR address is 20.30.40.10/25 means the host ID is 7 bit 20.30.40.00001010

So the network ID will be 20.30.40.00000000 . Now If I want to divide the network in 2 part I will need to use 1 bit from the host ID. So the total ID part is now 26. 1st part : starting address is 20.30.40.00000000(20.30.40.0/26) & the direct broadcast address is 20.30.40.00111111(20.30.40.63/26).

2nd Part : Starting address is 20.30.40.01000000(20.30.40.64/26) & the direct broadcast address is 20.30.40.01111111(20.30.40.127/26). Same as if we wanted to divide the network in 4 parts we will have we will have ID part will be 27.