Ask me Anything Recap – April

ask me anything

I recently had the opportunity to emcee an Ask me Anything webinar in April 12, These sessions are a good opportunity for the community, customers, partners and more to talk directly to Red Hat employees about what is happening on Red Hat Ansible Automation Platform and beyond. For this webinar, we had an awesome group of individuals with a diverse talent range across multiple skill sets from Product Management, Technical Marketing and Engineering:

  • Richard Henshall - based in England, Richard is head of Product Management for Ansible Automation Platform
  • Hicham Mourad - based in Canada, Hicham is a Technical Marketing manager for Ansible Automation Platform on Microsoft Azure 
  • Anshul Behl - also in Canada, Anshul is a Technical Marketing manager for Ansible Automation Platform
  • Mike Graves - joining us from North Carolina, Mike is a senior software engineer working on Ansible for public clouds and Ansible for cloud native
  • Shane McDonald - senior principal software engineer working on automation controller, automation execution environments and Podman as well as Kubernetes and Red Hat OpenShift Integration

To watch the webinar on-demand check it out here

As it turns out, we can’t get to every question that comes in, so we had Continue reading

The Path the Resolverless DNS

Using the DNS without directly using recursive resolvers seems like an approach that is totally alien to the DNS as we know it, so it might be useful to ask: How did we get to this point where a resolverless form of DNS name resolution makes some sense? And, to whom does it make sense?

Networking Hardware/Software Disaggregation in 2022

I started preparing the materials for the SDN – 10 years later webinar, and plan to publish a series of blog posts documenting what I found on various aspects of what could be considered SDN1. I’m pretty sure I missed quite a few things; your comments are most welcome.

Let’s start with an easy one: software/hardware disaggregation in network devices.

Open-Source Network Operating Systems

I found several widely-used open-source2 network operating systems:

Read more …

Learning BGP Module 2 Lesson 2: Peering, Part 2 – Video

Russ White continues the discussion about BGP peering in part two of this lesson. Topics covered include: -Challenges with link-local next hop with IPv6 -How different BGP implementations handle these challenges -Promiscuous peering -Mitigating the attack surface of promiscuous peers -BGP Capabilities -Filtering before advertising/RFC 8212 You can subscribe to the Packet Pushers’ YouTube channel […]

The post Learning BGP Module 2 Lesson 2: Peering, Part 2 – Video appeared first on Packet Pushers.

Part 1: Rethinking Cache Purge, Fast and Scalable Global Cache Invalidation

Part 1: Rethinking Cache Purge, Fast and Scalable Global Cache Invalidation
Part 1: Rethinking Cache Purge, Fast and Scalable Global Cache Invalidation

There is a famous quote attributed to a Netscape engineer: “There are only two difficult problems in computer science: cache invalidation and naming things.” While naming things does oddly take up an inordinate amount of time, cache invalidation shouldn’t.

In the past we’ve written about Cloudflare’s incredibly fast response times, whether content is cached on our global network or not. If content is cached, it can be served from a Cloudflare cache server, which are distributed across the globe and are generally a lot closer in physical proximity to the visitor. This saves the visitor’s request from needing to go all the way back to an origin server for a response. But what happens when a webmaster updates something on their origin and would like these caches to be updated as well? This is where cache “purging” (also known as “invalidation”) comes in.

Customers thinking about setting up a CDN and caching infrastructure consider questions like:

  • How do different caching invalidation/purge mechanisms compare?
  • How many times a day/hour/minute do I expect to purge content?
  • How quickly can the cache be purged when needed?

This blog will discuss why invalidating cached assets is hard, what Cloudflare has done to make Continue reading

Learning BGP Module 2 Lesson 1: Peering Part 1 – Video

The first video in this second module of Russ White’s BGP course covers peering, including why BGP uses TCP for transport, passive and active peer, multi-hop peering, collisions, and more. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. […]

The post Learning BGP Module 2 Lesson 1: Peering Part 1 – Video appeared first on Packet Pushers.

Weekend Reads 051322


Cloudflare, a company that specializes in web security and distributed denial of service (DDoS) attack mitigation, just reported that it managed to stop an attack of an unprecedented scale.


Cloud operators provide price incentives so that users gravitate towards newer generations (and between server architectures). Figure 1 shows lines of best fit for the average cost per virtual central processing unit (vCPU, essentially a physical processor thread as most processor cores run two threads simultaneously) of a range of AWS virtual instances over time.


Passwordless sign-ins are already a practical reality, but they’re sometimes clunky — and three of the biggest tech companies believe they can reduce the friction.


Within a decade, the growth of powerful quantum computers will lead to a new era in security, in which once-impenetrable public-key techniques like RSA and ECC will fall to higher levels of brute force.


Cisco Systems on Wednesday shipped security patches to contain three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could permit an attacker to fully compromise and take control over the hosts.


Developers understand the importance of security, and overwhelmingly want to deploy secure and quality code, but software vulnerabilities continue to be exploited.


The National Institute Continue reading

Using Python to Calculate Cisco SD-WAN Tunnel Numbers – Part 1

When using Cisco SD-WAN on IOS-XE, it uses tunnel interfaces to configure parameters of the implementation. There is a mapping between what interface the tunnel is sourcing from and the name of the tunnel interface. For example, if the tunnel source is GigabitEthernet0, the tunnel interface is Tunnel0, if the tunnel source is GigabitEthernet0.100, the tunnel interface is Tunnel100000. When provisioning a router and not using Zero Touch Provisioning (ZTP), you build a small bootstrap configuration that configures mandatory parameters such as Site ID, System IP, Organization Name, but also a tunnel interface to be able to connect to the controllers. It is possible to create this configuration in vManage, and hence find out the tunnel interface name, but I thought it would be interesting to do this with code and not be dependent on vManage.

In this post, I will describe the code I used and what my logic was when creating different parts of the code. In this first post I will use the code that I came up with. In the second part, my friend Rodrigo who runs an excellent Python blog ,analyzed my code and came up with improvements, which I will describe in that Continue reading

Learning BGP Module 1 Lesson 4: Intra-AS Models And Route Reflectors – Video

This lesson in Russ White’s BGP course delves into synchronization within an Autonomous System (AS) and confederation within an AS. It also discusses route reflectors, including how they prevent loops, route reflector clients, route reflector multi-path, and multi-path pros and cons. Russ White is a network architect, author, and instructor. You can subscribe to the […]

The post Learning BGP Module 1 Lesson 4: Intra-AS Models And Route Reflectors – Video appeared first on Packet Pushers.

AMD makes steady gains on Intel in server chip market

AMD continues to increase its share of both the overall x86 chip market and the server x86 market in particular, despite a large-scale general downturn in shipments, according to a report released this week by Mercury Research.The majority of the fall-off in x86 shipments was felt in the desktop market, the report said, but the server market was also down on a quarterly volume basis — despite reaching record highs in revenue.Dean McCarron, president of Mercury Research, said that the decline was due to a combination of factors."There's a pretty heavy uplift in Q4 on consumer systems due to holiday buying, and it drops off in Q1," he said. "Typically, the worst drop of the year happens in Q1, so not only did that happen, but there's also some excess inventory that got built up and negatively impacted sales."To read this article in full, please click here

Juniper Extends Contrail To Kubernetes For Cloud-Native Virtual Networking

Juniper Networks’ network virtualization software Contrail can now integrate with Kubernetes. Originally designed for OpenStack, Juniper calls this new version of Contrail “CN2.” Contrail is a Software Defined Networking (SDN) platform for spinning up, configuring, and managing virtual networks on compute nodes rather than traditional network hardware. Contrail enables virtualized routing, switching, load balancing, and […]

The post Juniper Extends Contrail To Kubernetes For Cloud-Native Virtual Networking appeared first on Packet Pushers.

What’s New in Calico v3.23

Hey everyone. We’re excited to announce the release of Calico v3.23! Thanks to everyone in the community who contributed to the release. We could not have fitted this many improvements in without you. To view the detailed release notes, please visit us here. While we have many improvements in this release, here’s a brief overview of some of the larger features to be aware of.

IPv6 VXLAN support

Calico now supports VXLAN encapsulation for IPv6 networks. This expands our support for any users who have adopted IPv6.

VPP data plane beta

We are ecstatic to announce that the Calico VPP data plane has reached beta status! A huge thanks to the VPP team for working tirelessly over the last few releases to increase stability, performance, and feature compatibility. Try it out by visiting our documentation here.

Calico networking support in AKS

You can now install Calico networking in your AKS clusters to take advantage of all of the Calico networking features. To try it out, follow the Calico on AKS installation instructions. To learn more about using your own network plugin in AKS, see the AKS documentation here.

BGP enhancements

We have added new configuration options to allow for Continue reading

Learning BGP Module 1 Lesson 3: How BGP Really Converges – Video

This lesson in Russ White’s BGP course gets into withdrawing a route, MRAI time, implicit withdraws, BGP Hunt, graceful restart, and other topics. Russ White is a network architect, author, and instructor. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content […]

The post Learning BGP Module 1 Lesson 3: How BGP Really Converges – Video appeared first on Packet Pushers.

Quality To Be Named Later

programming

First off, go watch this excellent video from Ken Duda of Arista at Networking Field Day 28. It’s the second time he’s knocked it out of the park when it comes to talking about code quality:

One of the things that Ken brings up in this video that I thought would be good to cover in a bit more depth is the idea of what happens to the culture of your organization, specifically code quality, when you acquire a new company. Every team goes through stages of development from formation through disagreement and finally to success and performance. One of the factors that can cause a high-performing team to regress back to a state of challenges is adding new team members to the group.

Let’s apply this lesson to your existing code infrastructure. Let’s say you’ve spent a lot of time building the best organization that has figured out and your dev teams are running like a well-oiled machine. You’re pushing out updates left and right and your users are happy. Then, you buy a company to get a new feature or add some new blood to the team. What happens when that new team comes on-board? Are they going Continue reading

Announcing the Cloudflare Images Sourcing Kit

Announcing the Cloudflare Images Sourcing Kit
Announcing the Cloudflare Images Sourcing Kit

When we announced Cloudflare Images to the world, we introduced a way to store images within the product and help customers move away from the egress fees met when using remote sources for their deliveries via Cloudflare.

To store the images in Cloudflare, customers can upload them via UI with a simple drag and drop, or via API for scenarios with a high number of objects for which scripting their way through the upload process makes more sense.

To create flexibility on how to import the images, we’ve recently also included the ability to upload via URL or define custom names and paths for your images to allow a simple mapping between customer repositories and the objects in Cloudflare. It's also possible to serve from a custom hostname to create flexibility on how your end-users see the path, to improve the delivery performance by removing the need to do TLS negotiations or to improve your brand recognition through URL consistency.

Still, there was no simple way to tell our product: “Tens of millions of images are in this repository URL. Go and grab them all from me”.  

In some scenarios, our customers have buckets with millions of images Continue reading

Send email using Workers with MailChannels

Send email using Workers with MailChannels
Send email using Workers with MailChannels

Here at Cloudflare we often talk about HTTP and related protocols as we work to help build a better Internet. However, the Simple Mail Transfer Protocol (SMTP) — used to send emails — is still a massive part of the Internet too.

Even though SMTP is turning 40 years old this year, most businesses still rely on email to validate user accounts, send notifications, announce new features, and more.

Sending an email is simple from a technical standpoint, but getting an email actually delivered to an inbox can be extremely tricky. Because of the enormous amount of spam that is sent every single day, all major email providers are very wary of things like new domains and IP addresses that start sending emails.

That is why we are delighted to announce a partnership with MailChannels. MailChannels has created an email sending service specifically for Cloudflare Workers that removes all the friction associated with sending emails. To use their service, you do not need to validate a domain or create a separate account. MailChannels filters spam before sending out an email, so you can feel safe putting user-submitted content in an email and be confident that it won’t ruin your domain Continue reading

1 2 3 3,254