In an interesting twist of fate, I’ve been called back into the world of OpenStack and more specifically the world of
Imagine you’re developing an application for your internal network that requires a certain network speed to function properly. You could open a web browser and point it to one of the many network speed tests on the market but I’m sure you know what that does… it tests your connection to the outside world. What if you’re looking to test the speed of your LAN itself? OpenSpeedTest comes in. OpenSpeedTest is a free, open source HTML5 network performance estimation tool that doesn’t require any client-side software or plugin to function. Once deployed, the tool can be accessed from a standard, modern web browser. Even better, OpenSpeedTest can be deployed with Docker. It uses a combination of NGINX and Alpine Linux to use very little resources on your Docker server. You can run OpenSpeedTest with or without
IPv6, the most recent version of the Internet Protocol, was designed to overcome the address-space limitations of IPv4, which has been overwhelmed by the explosion of the digital ecosystem. Although major companies like Google, Meta, Microsoft and YouTube are gradually adopting IPv6, the overall adoption of this technologically superior protocol has been slow. As of September, only 22% of websites have made the switch. What is slowing the adoption of IPv6? Let’s take a walk through the possible causes and potential solutions. Why IPv6? IPv6 has a 128-bit address format that allows for a vastly larger number of unique IP addresses than its predecessor, IPv4. The latter uses a 32-bit address format and has an address catalog sufficient for only340 undecillion (340 trillion³) addresses, more than enough to accommodate the projected surge of devices. In addition to expanding the address space, IPv6 offers these improvements: Streamlined network management: Unlike IPv4, which requires manual configuration or external servers like DHCP (Dynamic Host Configuration Protocol), IPv6 supports stateless Continue reading
In this article, we will embark on an in-depth journey into Kubernetes Gateway API policies and their pivotal role in managing and controlling traffic within Kubernetes clusters. Gateway API logo With a comprehensive understanding of these policies, how they can be effectively leveraged, and the transformative impact they can have on traffic management strategies, you will be equipped with the knowledge and practical insights needed to harness the full potential of Kubernetes Gateway API policies for optimized traffic management. Benefits of Using Kubernetes Gateway API for Traffic Management Kubernetes Gateway API introduces a paradigm shift in how we manage and control traffic within Kubernetes clusters, offering a range of significant advantages. First and foremost, it simplifies configuration by abstracting away complexities and providing a user-friendly, declarative approach to define routing and traffic policies. Furthermore, its native integration with Kubernetes ensures a seamless fit, leveraging Kubernetes’ orchestration and scalability capabilities. With the Kubernetes Gateway API, fine-grained control over traffic becomes possible, allowing for precise management with policies applied at various stages, from request routing to response transformations. As applications scale, the Kubernetes Gateway API scales effortlessly, handling high traffic loads and adapting to changing workloads without manual intervention. It incorporates Continue reading
Kubernetes, the stalwart of container orchestration, has ushered in a new era of application deployment and management. But as the Kubernetes ecosystem evolves, networking within these clusters has posed persistent challenges. Enter the Gateway API, a transformative solution poised to redefine Kubernetes networking as we know it. At its core, the Gateway API represents a paradigm shift in Kubernetes networking. It offers a standardized approach to configuring and managing network routing, traffic shaping, and security policies within Kubernetes clusters. This standardization brings with it a host of compelling advantages. Firstly, it simplifies the intricate world of networking. By providing a declarative and consistent method to define routing rules, it liberates developers and operators from the complexities of network intricacies. This shift allows them to channel their energies toward refining application logic. The Gateway API doesn’t stop there; it brings scalability to the forefront. Traditional Kubernetes networking solutions, like Ingress controllers, often falter under the weight of burgeoning workloads. In contrast, the Gateway API is engineered to gracefully handle high loads, promising superior performance for modern, dynamic applications. NGINX, now a part of F5, is the company behind the popular open source project, NGINX. NGINX offers a suite of technologies Continue reading
eBPF (extended Berkeley packet filter) is a powerful technology that operates directly within the Linux kernel, offering robust hooks for extending runtime observability, security, and networking capabilities across various deployment environments. While eBPF has gained widespread adoption, organizations are encouraged to leverage tools and layers built on eBPF to effectively harness its functionality. For instance, Gartner advises that most enterprises lack the expertise to directly utilize Cilium offers additional capabilities with eBPF to help secure the network connectivity between runtimes deployed on Docker and Kubernetes, as well as other environments, including bare metal and virtual machines. Isovalent, which created Cilium and donated it to the CNCF, and the contributors are also, in parallel, developing Cilium capabilities to offer network observability and network security functionality through Cilium sub-projects consisting of Hubble and Tetragon, respectively. This graduation certifies that Cilium — created by
To keep the world connected, telecommunication networks demand performance and programmability to meet customers when and where they are, from streaming the winning goal of the world cup to coordinating responses to the latest natural disaster. When switchboards were still run by human operators, telco companies were all about custom hardware with “black boxes” from vendors providing the speed the network needed. These black boxes controlled the performance of the network, which also made it dependent on where they were actually deployed. As telcos moved from traditional phone calls to additional services like messaging and mobile data, the demands on the network pushed the boundaries of what was possible. Network Functions Virtualization (NFV) sought to allow telcos to use “white box” commodity hardware to scale out throughput and increase flexibility. Technologies like the Data Plane Development Kit (
At some point in either your cloud- or container-development life, you’re going to have to share a folder from the Linux server. You may only have to do this in a dev environment, where you want to be able to share files with other developers on a third-party, cloud-hosted instance of Linux. Or maybe file sharing is part of an app or service you are building. And because
Although legacy applications and infrastructure may not be a popular topic, their significance to organizations is crucial. As cloud native technologies are poised to become a dominant part of computing, certain applications and infrastructure must remain on premises, particularly in regulated and other industries. Amid the buzz surrounding no-code and low-code platforms, technologists must prioritize acquiring the appropriate tools and insights to manage on-premises environments’ availability and performance. Consumer expectations for flawless digital experiences continue to rise, so companies must optimize their on-premises customer-facing applications to accommodate. For Some, On-Premises Infrastructure Will Remain Essential Much of the recent digital transformation across multiple industries can be attributed to a substantial shift to the cloud. Cloud native technologies are in high demand due to their ability to expedite release velocity and optimize operations with speed, agility, scale and resilience. Nevertheless, it’s easy to overlook the fact that many organizations, especially larger enterprises, still run their applications and infrastructure on premises. While this may seem surprising, it’s partially due to the time-consuming process of seamlessly and securely migrating highly intricate, legacy applications to the cloud. Often, only a portion of an application may be migrated to the cloud while major components will remain Continue reading
Data networks are generally used for file sharing, application operations or internet access, but what about a network strictly for distributing application programming interfaces? After all, an API is pretty esoteric, given that it is not standard data but a set of rules that define how two pieces of software can interact with each other. Well, that out-of-the-ordinary system now exists, and it’s designed to do a ton of heavy lifting behind the scenes that developers will appreciate. Bangalore- and San Francisco-based Hasura DDN, a new edge network using Graph Query Language and designed for transporting real-time, streaming and analytical data. It enables developers to run low-latency/high-performance data APIs at a global scale, with no additional effort and no additional fees, according to the company. Hasura CEO and co-founder
Where are the application networking features heading, and how might this affect the way we design and approach distributed applications in the future? The revelations might surprise you. Let’s explore the shifting sands of application networking, focusing on the movement of networking concerns with the rise of the Istio’s Continue reading
VANCOUVER — At OpenStack Platform 17.1. This release is the product of the company’s ongoing commitment to support telecoms as they build their next-generation 5G network infrastructures. In addition to bridging existing 4G technologies with emerging 5G networks, the platform enables advanced use cases like Red Hat OpenShift, the company’s
WithSecure has unveiled a mission to reduce software energy consumption, backing research on how users trade off energy consumption against performance and developing a test bench for measuring energy use, which it ultimately plans to make open source. The Finnish cyber security firm has also kicked off discussions on establishing standards for measuring software power consumption with government agencies in Finland and across Europe, after establishing that there is little in the way of guidance currently. Power Consumption Power consumption by backend infrastructure is a known problem. Data centers, for example, account for up to 1.3% of worldwide electricity consumption, user devices consume more energy than networks and data centers combined. Sphere 2023 in Helsinki, saying that most of the firm’s own operations run in the cloud, which gives it good visibility into the resources it was using and their CO2 impact. Most of the data centers Continue reading
How do you allow people to use their technologies in their workflows? The first thing you do is not force people to use containers, says
As communication service providers (CSPs) continue to provide essential services to businesses and individuals, the demand for faster and more reliable network connectivity continues to grow in demand and in complexity. To meet these demands, CSPs must offer a variety of connectivity services that provide high-quality network performance, reliability and scalability. When it comes to offering network connectivity services, CSPs have many options when providing Layer 2 (data link) or Layer 3 (network or packet layer) connectivity of the Open Systems Interconnection (OSI) model for network communication. This article will explore some of the advantages and benefits of each type of connectivity, in order for CSPs to determine which one may be better suited for different types of environments or applications. What Is Layer 2 Connectivity? At a basic level, Layer 2 connectivity refers to the use of the data link layer of the
Five years ago, when the hype around the service mesh was at its greatest, William Morgan, fielded a lot of questions about the company’s flagship
No doubt, countless engineers and hackers remember the first time they used newly-developed microscope to view cells for the first time ever: What was once just an inscrutable package had opened up to reveal a treasure trove of useful information. This year, the venerable Wireshark has turned 25, and its creators are taking a step back from this massively successful open source project, to let additional parties to help govern. This month, Sysdig, the current sponsor of Wireshark, launched a new foundation that will serve as the long-term custodian of the project. The
Malware is sneaky AF. It tries to hide itself and cover up its actions. It detects when it is being studied in a virtual sandbox, and so it sits still to evade detection. But when it senses a less secure environment — such as an unpatched Windows 7 box — it goes wild, as if Tudor Dumitras, in a recently posted talk from red pills, which helps malware detect when it is in a controlled environment, and change its behavior accordingly. As a result, many of the signatures used for commercial malware detection packages may not Continue reading
JSON web tokens (JWTs) are great — they are easy to work with and stateless, requiring less communication with a centralized authentication server. JWTs are handy when you need to securely pass information between services. As such, they’re often used as ID tokens or access tokens. This is generally considered a secure practice as the tokens are usually signed and encrypted. However, when incorrectly configured or misused, JWTs can lead to broken object-level authorization or broken function-level authorization vulnerabilities. These vulnerabilities can expose a state where users can access other data or endpoints beyond their privileges. Therefore, it’s vital to follow best practices for using JWTs. Knowing and understanding the fundamentals of JWTs is essential when determining a behavior strategy. Curity is a leading IAM and API security technology provider that enables user authentication and authorization for digital services. The Curity Identity Server is highly scalable, handles the complexities of the leading identity standards, making them easier to use, customize and deploy. Learn More The latest from Curity $(document).ready(function() { $.ajax({ method: 'POST', url: '/no-cache/sponsors-rss-block/', headers: { 'Cache-Control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Expires': '0' }, data : { sponsorSlug : 'curity', numItems : 3 }, success : Continue reading
Whether one pronounces SASE as “sassy” or “sayce,” a secure access service edge is IT that is fast becoming central to enterprise systems as increasing amounts of data come into them from a multiplicity of channels. Palo Alto Networks this week revealed new capabilities to update its Prisma SASE platform by — you guessed it — adding Matt De Vincentes told The New Stack. “You can mix and match these components from multiple different vendors, and you get a potential stack when you have these capabilities kind of integrated together,” De Vincentes said. “But increasingly, we’re seeing a movement toward what we call single-vendor SASE, which is all of these capabilities brought together by a single thing that you can simplify. That’s exactly what we’re doing. “So all of the capabilities that a customer would need to build out this SASE deployment they can get through a single (SaaS) service. Then on top of that, with one vendor you can bring all the data together into one single data lake — and do some interesting AI on top of that.” AIOps Palo Alto Networks calls this Autonomous Digital Experience Management (ADEM), which also provides users end-to-end observability across their network, De Vincentes said. Since ADEM is integrated within Prisma SASE, it does not require additional appliances or agents to be deployed, De Vincentes said. Capabilities that AIOps for ADEM provides are, according to De Vincentes: proactively remediates issues that can cause service interruption through AI-based problem detection and predictive analytics; isolates issues faster (reduced mean time to repair) through an easy-to-use query interface; and discovers network anomalies from a single dashboard. PA Networks also announced three new SD-WAN (software-defined wide-area network) features for users to secure IoT devices, automate branch management, and manage their SD-WAN via on-premises controllers. Capabilities, according to the company, include: Prisma SD-WAN Command Center provides AI-powered and segment-wise insights and always-on monitoring for network and apps for proactive problem resolution at the branch level. Prisma SD-WAN with integrated IoT security enables existing Prisma SD-WAN appliances to help secure IoT devices. This enables accurate detection and identification of branch IoT devices. On-Prem Controller for Prisma SD-WAN helps meet customer regulatory and compliance requirements and works with on-prem and cloud controller deployments. Users can now elect to deploy Prisma SD-WAN using the cloud-management console, on-prem controllers, or both in a hybrid scenario, the company said. All new capabilities will be available by May 2023, except the Prisma SD-WAN Command Center, which will be available by July, the company said. The post Palo Alto Networks Adds AI to Automate SASE Admin Operations appeared first on The New Stack.