Archive

Category Archives for "Networking – The New Stack"

Linkerd Graduates CNCF with Focus on Simplicity

The number of requirements around stability, adoption, maturity, and governance, and joins more than a dozen other graduated projects, such as Helm, Prometheus, Envoy, and Kubernetes. In a press release regarding Linkerd’s graduation, H-E-B is quoted as saying that they didn’t “choose a service mesh based on hype,” and that they “weren’t worried about which mesh had the most marketing behind it.” The service mesh being alluded to here is Istio, which, in the most recent William Morgan. “And the fact that it has attained graduation, that it has this community of enthusiastic and committed adopters, I think it’s pretty remarkable given that context. It’s hard not to talk about Linkerd without also talking about Istio, although I think the reality is, there’s some pretty fundamental philosophical differences between those projects.” Linkerd was created by Buoyant in 2016, and Morgan said its first iterations were rather complex before the project found its focus on simplicity. This simplicity, which starts with Linkerd using Envoy, is a key differentiator for the service mesh, and one of the fundamental philosophical differences Morgan speaks of. “Naturally, as engineers, what you want to do when you’re building infrastructure is, you want to solve every possible problem with this beautiful platform that can do all things for all people,” Morgan said. “I think when you go down that path, which feels very natural to an engineer, you end up with something that is really unwieldy, and that’s complex, and that is fundamentally unsatisfying. It sounds great, but it’s so hard to operate that you never accomplish your goals.” Part of the balancing act, said Morgan, is to deliver all the features of the service mesh around reliability, security, and observability, “without getting mired in all the complexity, without having to hire a team of developers or a team of engineers, service mesh experts, just to run your service mesh.” In the past year, Linkerd has seen a 300% increase in downloads, and part of that acceleration may be attributed to a migration away from Istio due to its complexity. Rather than focusing on moving away from Istio, which he says some users may end up using simply because they see it first, Morgan again focuses on Linkerd’s simplicity as the reason behind its increased adoption. “In the absence of having these marketing bullhorns, these huge marketing budgets, the way that Linkerd has grown has been by word of mouth,” said Morgan. “It’s been like the way that open source projects used to grow. The way that we’ve been able to accomplish that is by having a really clear vision and a really clear message around simplicity.” Another key architectural decision made around simplicity was that Linkerd was made to focus on Kubernetes. An earlier version, said Morgan, was made to work with Mesos, Zookeeper, Kubernetes and others, and they instead decided that they had to go with the “lowest common denominator,” which was Kubernetes. Linkerd’s decision to go with the Rust programming language, rather than Go, C, or C++, was another distinction for the service mesh in its evolution, and one Morgan stands behind. “It was a scary choice, but we did that because we felt that the future of the service mesh, and in fact the future of all cloud native technology, really has to be built in Rust,” he said. “There’s no reason for us, in 2021, to ever write code in C++ or in C anymore. That was a pretty scary, risky, controversial decision at the time, but it’s paid off because now we have the adoption to kind of show it off.” While Morgan calls the project’s CNCF graduation “a nice moment for us to reflect and to be grateful for all the people around the world who worked so hard to get Linkerd to this point,” he says that there is a long roadmap ahead, which includes things like server and client-side policies, and “mesh expansion” to allow the Linkerd data plane to operate outside of Kubernetes. But when your focus is on simplicity, where do you draw the line on additional features? Morgan said that, as a project designer, you have to ask yourself some questions. “What is the maximum number of those problems that I can solve, and then the rest, we’re just not going to solve? Like, that’s the stopping point,” said Morgan. “There are going to be use cases that Linkerd is just not going to solve, and that’s okay. For those folks, I do actually sometimes tell people to use Istio. There’s a set of things that Istio can do, super complicated situations, where I just don’t want Linkerd to be able to solve that because it would be too complicated.” The post Linkerd Graduates CNCF with Focus on Simplicity appeared first on The New Stack.

Decentralized Chat: Matrix Offers Red Pill to Slack Users

One of the most interesting internet trends of 2021 is the experimentation going on with decentralized technologies. We’re seeing a blossoming of open source, decentralized internet applications — many of them attempting to provide alternatives to big tech products. Privacy breaches, misinformation, black box algorithms, lack of user control — these are just some of the problems inherent in the proprietary, centralized social media and communications products of Facebook, Twitter, Apple, Google, and others. The question is: can decentralized applications be a panacea? Richard MacManus Richard is senior editor at The New Stack and writes a weekly column about web and application development trends. Previously he founded ReadWriteWeb in 2003 and built it into one of the world’s most influential technology news and analysis sites. In today’s column, I look at an emerging decentralized, open standard for real-time communications: defined as “an open standard for interoperable, decentralized, real-time communication over IP.” Products built on top of Matrix could provide an alternative to using commercial Instant Messaging products like Slack or WhatsApp.

Cloud Foundry HTTP/2 Support Thwarted by GoLang Indifference

A Go Router reverse proxy removes headers that would let a CF application know it can send and receive HTTP/2 traffic. Such capability could be coded in, bypassing the Go language library entirely, but the project team doesn’t want to take on the responsibility for supporting such a potentially widely-used function. spoke about this challenge at this year’s virtual

Turbocharging AKS Networking with Calico eBPF

Reza Ramezanpour Reza is a developer advocate at Tigera, working to promote adoption of Project Calico. Before joining Tigera, Reza worked as a systems engineer and network administrator. A single Kubernetes cluster expends a small percentage of its total available assigned resources on delivering in-cluster networking. We don’t have to be satisfied with this, though, achieving the lowest possible overhead can provide significant cost savings and performance improvements if you are running network-intensive workloads. This article explores and explains the improvements that can be achieved in Microsoft Azure using Calico instructions for installing Calico’s network policy engine with AKS use a version of Calico that pre-dates eBPF mode. Accelerating Network Performance Test Methodology To show how Calico accelerates AKS network performance using eBPF, the Calico team ran a series of network Continue reading

Real-Time Data Access Across Highly Distributed Environments

The goal is straightforward, but getting there has proven to be a challenge: how to offer real- or near real-time access to data that is continually refreshed on an as-needed basis across a number of different distributed environments. Consequently, as different systems of data and their locations can proliferate across different network environments — including multiclouds and on-premises and, in many cases, geographic zones — organizations can struggle to maintain low-latency connections to the data their applications require. The challenges are especially manifest when users require and increasingly demand that their experiences, which are often transactional-based, are met in near- or real-time that require data-intensive backend support. Many organizations continue to struggle with the challenges of maintaining and relying on data streaming and other ways, such as through so-called “speed layers” with cached memory, to maintain low-latency connections between multicloud and on-premises environments. In this article, we describe the different components necessary to maintain asynchronously updated data sources consisting of different systems of record for which real-time access is essential for the end-user experience. For the CIO, the challenges consist of the ability for applications to have low-latency access to data, often dispersed across a number of often highly distributed Continue reading

CNCF Projects Bring Service Mesh Interoperability, Benchmarks

Both the Service Mesh Performance (SMP) projects joined the Cloud Native Computing Foundation (CNCF) earlier this month at the Sandbox level. Meshery is a multiservice mesh management plane offering lifecycle, configuration, and performance management of service meshes and their workloads, while SMP is a standard for capturing and characterizing the details of infrastructure capacity, service mesh configuration, and workload metadata. When the projects first applied in April for inclusion, the Technical Oversight Committee (TOC) had one clarifying question for them: should they be combined with or aligned in some manner with the Lee Calcote, founder of verifies that, in fact, it is a certain kind of a service mesh,” said Calcote. “So all in one Continue reading

Infoblox: How DDI Can Help Solve Network Security and Management Ills 

Network connections can be likened to attending an amusement park, where Dynamic Host Configuration Protocol (DHCP), serves as the ticket to enter the park and the domain name system (DNS) is the map around the park. Network management and security provider Infoblox made a name for itself by collapsing those two core pieces into a single platform for enterprises to be able to control where IP addresses are assigned and how they manage network creation and movement. “They control their own DNS so that they can have better control over their traffic,” explained Infoblox: How DDI Can Help Solve Network Security and Management Ills  Also available on Google Podcasts, PlayerFM, Spotify, TuneIn Infoblox’s name for this unified service is DDI, which is

Scuttlebutt: Decentralize and Escape the Social Media Rat Race

Richard MacManus Richard is senior editor at The New Stack and writes a weekly column about web and application development trends. Previously he founded ReadWriteWeb in 2003 and built it into one of the world’s most influential technology news and analysis sites. When Twitter began imposing Diaspora — a kind of decentralized Facebook — was founded by four New York students. Later, in 2017, a federated social network named surge of popularity. Now, in 2021, there is a growing underground project called Manyverse and Dominic Tarr, a New Zealander who lived on a boat and had sporadic internet coverage. Tarr’s lifestyle (which, Continue reading

Authorize Better: Istio Traffic Policies with OPA, Styra DAS

Adam Sandor Adam is a solution architect at Styra, helping companies to adopt OPA and Styra DAS. He has been working in the cloud native space for the past six years, focusing on Kubernetes adoption and software delivery. In his free time, Adam is a dedicated DCS World pilot and happy cyclist roaming the cycle paths of the Netherlands. Cloud native tooling for authorization is an emerging trend poised to revolutionize the way we approach this oft-neglected part of our applications. Styra DAS offer. When services are connected using the Istio service mesh, all those sidecar proxies running Envoy are great places to make authorization decisions. All HTTP requests flow through them with metadata included about the source and destination services. The capabilities of Envoy are exposed by Istio in the form of the

Video Game Security Should Be Simple for Developers

Video games continue to Bharat Bhat (Okta marketing lead for developer relations) cover why and how video game platforms and connections should be more secure, with guest Okta senior developer advocate Video Game Security Should Be Simple for Developers Also available on Google Podcasts, PlayerFM, Spotify, TuneIn The gaming industry has often served as a showcase for some of the industry’s greatest programming talents. As a case in point,

Solo.io Adds Legacy SOAP Integration for Gloo Edge 1.8 Release

Service mesh integration software provider Solo.io has released into general availability (GA) version 1.8 of its Gloo Edge Kubernetes-native ingress controller and API gateway. Version 1.8 offers integration for legacy SOAP (Simple Object Access Protocol) web services and other features, as Solo seeks to improve API-centric support for scaling needs across cloud native environments. Based on the Gloo Edge now helps DevOps teams integrate decades-old SOAP through a single API. Gloo Edge 1.8’s support for SOAP is “the biggest breakout feature” of the release, blog post, Gaun described how SOAP, an XML messaging protocol from the turn of the century, “remains prevalent today for enterprise web services across a number of industries, including financial services and healthcare.” Yet, “Unfortunately, SOAP (and associated legacy middleware applications) hold back large-scale modernization efforts because there hasn’t been a viable migration approach in the market,” Gaun wrote. “Organizations haven’t been able to tackle incremental deprecation of SOAP web services over time without great difficulty.” Gloo Edge Enterprise 1.8, with the addition of

4 Advancements That Led to Decentralized Cloud Storage

The evolution of cloud storage as we know it is a fascinating journey filled with projects that built on one another to bring us to where we are today. Interestingly enough, most of the technology used to build a decentralized cloud storage network today has been available for decades. The fact that decentralized cloud storage is viable is mostly because of the growth of storage capacity available at the edge and the incredible increases we’ve made across the globe in bandwidth. Here are four key advancements throughout the years that have paved the way for decentralized cloud storage. Advancement #1: Network Bandwidth Increased JT Olio JT is the CTO at Storj. He oversees product development and led the re-architecture of Storj’s distributed cloud storage platform. He was previously director of engineering at Space Monkey, which was acquired by Vivint in 2014. JT has an MS in computer science from the University of Utah and a BS in computer science and mathematics from the University of Minnesota. There is a great paper by Charles Blake and Rodrigo Rodrigues entitled “

Install Calico to Enhance Kubernetes’ Built-in Networking Capability

Calico, from network software provider Tigera, is a third-party plugin for Kubernetes geared to make full network connectivity more flexible and easier. Out of the box, Kubernetes provides the NetworkPolicy API for managing network policies within the cluster. The problem many Kubernetes admins find (especially those new to the technology) is that network can quickly become a rather complicated mess of YAML configurations, where you must configure traffic ingress and egress properly, or communication between Kubernetes objects (such as pods and containers) can be difficult. That’s where the likes of Flannel, which cannot configure network policies. With Calico, you can significantly enhance the Kubernetes networking configuration. Take, for instance, the feature limitations found in the default NetworkPolicy, which are: Policies are limited to a single environment and are applied only to pods marked with labels. You can only apply rules to pods, environments, or subnets. Rules can only contain protocols, numerical ports, or named ports. When you add the Calico plugin, the Continue reading

Buoyant Cloud Beta Brings Simplified Linkerd

Network software provider Linkerd service mesh, has launched the public beta of William Morgan emphasizes that operational simplicity has always been a focus, he says that they expect Buoyant Cloud to take that one step further. “We want to take the operational burden off of the shoulders of whoever is bringing Linkerd into their organization. We want to handle that for you,” he said. “We want to carry the pager for you, we want to make it so that running Linkerd in production is a trivial task. This falls right in line with everything we’ve been doing with Linkerd since the very beginning — our focus has been really heavily on operational simplicity and on making it so that when you operate Linkerd, you’re not in this horrendous situation where you need to hire a team of experts just to maintain your service mesh. With Buoyant Cloud, we have the opportunity to take on a lot of those operational tasks for you, and make it so you get all Continue reading

Lightning-Fast Kubernetes Networking with Calico and VPP

Reza Ramezanpour Reza is a developer advocate at Tigera, working to promote adoption of Project Calico. Before joining Tigera, Reza worked as a systems engineer and network administrator. Public cloud infrastructures and microservices are pushing the limits of resources and service delivery beyond what was imaginable until very recently. To keep up with the demand, network infrastructures and network technologies had to evolve as well. Software-defined networking (SDN) is the pinnacle of advancement in cloud networking. By using SDN, developers can deliver an optimized, flexible networking experience that can adapt to the growing demands of their clients. This article will discuss how Tigera’s new Project Calico is an open source networking and security solution. Although it focuses on securing Kubernetes networking, Calico can also be used with OpenStack and other workloads. Calico uses a modular data plane that allows a flexible approach to networking, providing a solution for both current and future networking needs. VPP Continue reading

What the Heck Happened to the Internet? Fastly’s Hard Fall and Quick Recovery

Well, wasn’t that fun? On June 8, 2021, many internet users went to their usual sites such as Amazon, Reddit, CNN, or the New York Times and found nothing but an “Error 503 service unavailable” and an ominous “connection failure” note. So, what happened? The Commercial Internet Exchange (CIX) other features became important. In particular, everyone started demanding faster performance and lower latency. The solution? CDNs. These companies, which besides Fastly include market-leader Cloudflare, all use the same basic techniques to speed up the net. They take the data from popular sites and place it in distributed caches in points of presence (PoP) close to consumers. If that sounds familiar to you even if you’re a cloud native developer and not a network administrator there’s a good reason. CDNs were one of the first business models Continue reading

VMware Redefines Security After a Surge in Attacks

Enterprise virtualization software giant VMware says it is “redefining” security as it seeks to help customers meet the challenges associated with a skyrocketing number of threats, more numerous attack vectors, and having fewer human resources at their disposal to help keep attacks at bay. “So what we’re asking all of these IT security teams to do is essentially to do more — and there’s a lot more complexity,” 2020 Threat Landscape report results, 81% of the survey respondents reported a breach during the past 12 months — with four out of the five breaches (82%) deemed material. At the Continue reading

Birth of the Cloud: A Q&A with Vint Cerf and Linode’s Christopher Aker

Mike Maney Mike Maney leads corporate communications for Linode. Over the years, he’s led global communications teams for high profile, culture-shifting businesses at Fortune 50 companies and helped early stage startups tell better stories. I have had the opportunity to work with a number of tech pioneers over the course of my career. So when an opportunity to interview two who were at the forefront of the internet and the cloud, I jumped at it. a vice president and chief internet evangelist for Google). Years later after the creation of TCP/IP, Linode, the company Aker built, turns 18 this year, I asked Cerf and Aker to weigh in on where we’ve been, where we are today, and where we’re going. You’ve both been in the business of cloud for many years. Looking back to when you first started in this business, how has Continue reading

Calico Integration with WireGuard Using kOps

Reza Ramezanpour Reza is a developer advocate at Tigera, working to promote adoption of Project Calico. Before joining Tigera, Reza worked as a systems engineer and network administrator. It has been a while since I have been excited to write about encrypted tunnels. It might be the sheer pain of troubleshooting old technologies or countless hours of falling down the rabbit hole of a project’s source code that always motivated me to pursue a better alternative — without much luck. However, I believe luck is finally on my side. In this blog post, we will explore using open source Tigera announced a tech preview of its TLS were available to encrypt workloads’ traffic at higher TCP/IP layers, in this case, the application layer. However, WireGuard targets traffic at a lower layer, the transport layer, which makes it effective for a wider range Continue reading

1 8 9 10 11 12 18