We often think of protocol choice as a purely technical decision, but it’s a critical factor in the user experience and how your application is consumed. This is a high-impact business decision, making it crucial for the technical team first to understand the business situation and priorities.
Choosing the right transport protocol — TCP, UDP or QUIC — profoundly impacts scalability, reliability and performance. These protocols function like different postal services, each offering a unique approach to delivering messages across networks. Should your platform prioritize the reliability of a certified letter, the speed of a doorstep drop-off or the innovation of a couriered package with signature confirmation?
This decision-making framework breaks down the strengths, weaknesses, and ideal use cases of TCP, UDP and QUIC. It gives platform engineers and architects the insights to choose the proper protocol for their systems.
Overview of Protocols
Most engineers are familiar with TCP and have heard of UDP. Some may even have hands-on experience with QUIC. However, to make the right choice, it’s helpful to align on how these protocols compare before diving into the decision-making framework.
TCP: The Certified Letter
Engineers from the Chinese social media conglomerate ByteDance are taking early advantage of a recently released feature of the Linux kernel called netkit that provides a faster way for containers to communicate with each other across a cluster.
First released in Linux kernel 6.7 in December 2023, netkit is a now-discontinued Netkit that was used to create virtual networks on a single server) and has been touted as a way to streamline container networking.
Like the rest of the cloud native world, ByteDance uses Virtual Ethernet (had a number bottlenecks that slowed communication rates across containers. In fact, veth requires each packet to traverse two network stacks — one of the sender and the other of the recipient — even if the two containers communicating were on the same Continue reading
Modeling hyperscaler cloud architecture is gaining significant momentum in enterprise data centers as many IT teams are repatriating their public cloud workloads back on premises, modernizing their data center for cloud native workloads or building their own specialized public cloud services. They want to integrate the best capability and efficiency aspects of the public cloud with on-premises control. Several key benefits of the public cloud are driving data-center requirements, which include efficiency, scalability, flexibility, automation and agility.
Technological innovations have emerged as key enablers of best-of-breed cloud architecture to achieve the benefits promised by the public cloud, which are software-defined storage, open source orchestrators such as Kubernetes, and NVMe-oF (Nonvolatile Memory Express Over Fabrics). All are gaining popularity as foundational components of modern cloud architecture.
What Is NVMe-oF?
The NVMe-oF v1.0 specification was released in June 2016. NVMe-oF is a network protocol that extends the parallel access and low latency features of Nonvolatile Memory Express (NVMe) protocol across networked storage. Originally designed for local storage and common in direct-attached storage (DAS) architectures, NVMe delivers high-speed data access and low latency by directly interfacing with solid-state disks. NVMe-oF allows these same advantages to be achieved in distributed and Continue reading
The evolution of internet-centric application delivery has worsened IT’s visibility gaps into what impacts an end user’s experience. This problem is exacerbated when these gaps lead to negative business consequences, such as loss of revenue or lower Net Promoter Scores (NPS). The need to address this worsening visibility gap problem is reinforced by Gartner’s recent publication of its first
OpenVPN has been a dominant player in the VPN space since its release in 2001. With a 23-year history, OpenVPN has proven to be a reliable and secure protocol. However, it has some downsides, particularly regarding performance and ease of use.
OpenVPN creates a secure tunnel between two endpoints using SSL/TLS for encryption. While robust, the protocol is complex and requires considerable resources to run efficiently. Setting up and managing OpenVPN can be cumbersome, especially for DevOps teams juggling multiple environments and configurations. It wouldn’t be the first time an OpenVPN server stopped working because the TLS certificates expired.
WireGuard, on the other hand, is the new kid on the block, having been introduced in recent years. What sets WireGuard apart from OpenVPN is its simplicity and efficiency. While OpenVPN relies on older, more complex cryptographic algorithms, WireGuard uses modern encryption that is both faster and more secure.
Unlike OpenVPN, WireGuard is integrated directly into the Linux kernel, meaning it operates at a lower level and with less overhead. This results in faster connection times and lower resource usage. One of the significant benefits of WireGuard is its minimal codebase — about 10% the size of OpenVPN’s — which reduces Continue reading
Unless you’ve studied for a network cert, the Open Systems Interconnection (OSI) model is probably somewhat of a mystery to you. Maybe you heard of it from a coworker, or maybe you saw it in a marketing campaign for something on AWS.
Maybe you thought “Layer 3” was just some new buzzword. Such shorthand references to the OSI model, however, can be useful if you can decode them, as they can help you understand where in your network stack a tool could fit or where to look for a problem during an incident call.
Before we get too far, let me address a point of contention. Many people will say the theoretical OSI model is outdated. The model is theoretical, true, and the real world is certainly more complex than it may lead you to believe. Its layers don’t neatly map to specific devices, and other models exist that more accurately reflect the real world, such as the Transmission Control Protocol/Internet Protocol (TCP/IP) model.
Image 1
It’s useful to think of the OSI model as an abstraction that allows us to reason about the separation of concerns on a network. We use it to think through troubleshooting steps should Continue reading
We’ve all been frustrated by latency, either as users of an application, or as developers building such apps.
At ScyllaDB‘s annual Pekka Enberg, founder and CTO of shared his favorite tips for spotting and removing latency from systems.
“Latency lurks everywhere,” said Enberg, who also has authored a once estimated that it loses 1% of sales for every 100ms of latency.
Screenshot
Enberg has thought plenty about ways of reducing latency and has boiled down his solutions into three different approaches:
Reduce data movement
Continue reading
The traditional way to enable things hosted in different clouds to talk to each other has been to order a physical cross-connect (a literal cable) from a colo provider that hosts the clouds’ “onramps” (private connections to the clouds’ networks) to link them.
Various software-defined alternatives have emerged in recent years. Some do essentially the same thing but virtually, while others, like typical SD-WANs, rely on things like IPsec or other encryption protocols to secure connections traversing the internet.
There are other, less mature approaches, including some cloud providers’ own intercloud connectivity services. And there’s always the option to send your cloud-to-cloud API requests over the public internet and hope for the best.
The traditional ways tend to be costly and complex to set up, requiring specialized networking knowledge. A little more than a year ago, we decided to build a cloud-to-cloud private connectivity service that would be easier to use. The goal was to give developers who are proficient in cloud but not in networking a way to create multicloud connections and manage them with familiar tools, like Terraform or Pulumi, without hosting any infrastructure in our data centers.
It was an interesting challenge, not in the least from Continue reading
Network Attached Storage (NAS) is a great way to build out storage for your business. Instead of relying solely on external drives, shared directories or expensive cloud storage, why not deploy a tool that was created specifically for scalable storage?
That’s where TrueNAS comes into play.
TrueNAS is a take on Linux that is purpose-built for storage and comes with all the NAS capabilities you can imagine. TrueNAS can be installed on off-the-shelf hardware (even small form-factor PCs or virtual machines), so your storage server can be tucked out of the way.
This storage solution includes features like:
User/group management
Alerts
SSH connectivity
2-Factor authentication
Storage pools
Snapshots
Disks (and disk importing)
Support for directory services such as Active Directory, LDAP, NIS, and Kerberos
Sharing via Apple Shares, Block Shares, UNIX Shares, WebDAV, and SMB
Service management
Plugins
Jails
Virtual Machines
Shell access
The installation of TrueNAS is all text-based but is incredibly simple to take care of and takes very little time. With minimal configuration work for the installation, I had an instance of TrueNAS up and running within about 2 minutes. The only thing you need to do is set a root password during the installation, which is Continue reading
The .io domain was originally created for the British Indian Ocean Territory but eventually became popular with the tech sector, for obvious reasons.
Part of the reason for this is that ‘io’ is similar in appearance to I/O (aka input/output), which is why the tech sector started gobbling up the .io domains. There were issues soon after the creation of the domain that had to do with the distribution of profit. A lot of app developers use the .io domain. The New Stack uses the .io domain.
It’s everywhere.
But there’s a problem, and it’s one that could have a cascading effect within the realm of the tech sector.
What has happened is that the
Back in the 70s, if you wanted to be online, you had to be a college student, researcher, or in the military to be on the internet. That was it. Joe or Jane User? Forget about it. Then, during a Chicago blizzard, a young computer scientist, online services such as CompuServe started as early as 1969. However, unlike the free BBSs, these services could cost as much as $30 an hour in 1970s dollars or $130 an hour in today’s money. XMODEM file transfer protocol in 1977. This innovative method broke binary files into packets, ensuring reliable delivery over unstable analog telephone lines. XMODEM became a cornerstone of early online file sharing and inspired numerous subsequent file transfer protocols.
While considered inefficient by today’s standards, XMODEM established key concepts that are still used in file transfers. These include breaking data into packets for transmission, using checksums or CRCs for error detection, and implementing handshaking between sender and receiver.
Thanks to XMODEM, people began sharing files with one another. This, in turn, helped create
Kubernetes recently Kubernetes to enter its rebellious phase.
It will experience awkward growth spurts (as new use cases force Kubernetes to adapt); it might go through an identity crisis (is it a platform or is it an API?); it will ask for less supervision and more independence (and rely on AI-driven tooling to require less direct human oversight).
As Kubernetes matures into adolescence, let’s consider how its networking and security circulatory systems grow and adapt. With eBPF, the technology that lets you run custom programs within the Linux (and, soon, Windows) kernel, is not stopping. Beyond networking and security (and the Tetragon projects I work on), more use cases are emerging as you will learn during KubeCon:
Measuring Introducing Continue reading
The keepers of the internet standards are Internet Architecture Board (IAB), a group of theThe Next Era of Network Management Operations (NEMOPS) workshop, to compile a list of technologies that might be useful for an internet of the future.
They did this before, RFC 6241), the Network Configuration protocol, now widely-used to install, manipulate, and delete the configuration of network devices.
YANG (RFC 8040), a programmatic interface for YANG.
CORECONF (
A Git repository simplifies the sharing of code to a team. Many teams opt to go the GitHub route but there might be an occasion when you need to spin up a quick repository that is only available to those team members working on your LAN.
When you need to deploy a Git repository on your LAN and you need to give other team members access to it, the goal is to do it quickly and securely. Thanks to git and Secure Shell (SSH), this isn’t nearly as challenging as you might think. And although this setup might not be an option for team members who work outside of your LAN, it’s great for a temporary repository offered to those within your company network.
How does it work? Let me show you.
What You’ll Need
To make this work, you’ll need the following:
A Linux machine with Git installed.
An SSH key pair.
A user with sudo privileges (if the minimum requirements aren’t installed).
That’s it. Let’s make some Git magic.
Installing Git
On the off-chance Git isn’t installed, here’s how you can take care of that:
Ubuntu-based distributions – sudo apt-get install git -y
Fedora-based distributions – sudo dnf Continue reading
It was in 2022 when Meta engineers started to see the first clouds of an incoming storm, namely how much AI would change the nature —and volume — of the company’s network traffic.
“Starting 2022, we started seeing a whole other picture,” said Meta’s Networking @Scale 2024 conference, being held this week both virtually and at Santa Clara Convention Center, in Calif.
Mind you, Meta owns one of the world’s largest private backbones, a global network physically connecting 25 data centers and 85 points of presence with millions of miles of fiber optic cable, buried under both land and sea. Its reach and throughput allows someone on an Australian beach to see videos being posted by their friend in Greece nearly instantaneously.
And for the past five years, this global capacity has grown consistently by 30% a year.
Yet, the growing AI demands on the backbone is bumpy and difficult to predict.
“The impact of large clusters, GenAI, and AGI is yet to be learned,” Sundaresan said. “We haven’t yet fully flushed out what that means for the backend.”
Nonetheless, the networking team has gotten creative Continue reading
Tired of dealing with cloud providers and mulling a move to a private cloud instead? Broadcom wants you to take a look at its operation of a private cloud.
This week at Paul Turner, Broadcom vice president of products for VCF, in a press briefing.
Broadcom is positioning VCF as a lower-cost, more secure alternative to public cloud computing.
Overall, the goal is to help the organization create an infrastructure that works together as a single, unified whole while supporting modern application architectures.
Virtual Cloud Foundation architecture (VMware)
Big Results Moving to a Private Cloud
According to the company, a private cloud approach can result in:
Continue reading