Category Archives for "Networking – The New Stack"

Introducing Contour: Routing Traffic to Applications in Kubernetes

KubeCon + CloudNativeCon and VMware sponsored this post, in anticipation of the virtual an incubation-level hosted project with the Cloud Native Computing Foundation (CNCF). This is a very proud moment and on behalf of the other project maintainers we want to thank the community for all of the work they put in to get us to this point. If you don’t already know it, Contour is a simple and scalable open source ingress controller for routing traffic to applications running in Kubernetes. We’ll be offering an in-depth look at how Contour works and outlining our development roadmap at a 

The HashiCorp Consul Service Comes to Microsoft Azure

The release of HashiCorp’s push to widen the scope of its managed services offerings on the cloud. The GA release of HCS on Armon Dadgar, co-founder and CTO of HashiCorp, said the Azure HCS release is part of HashiCorp’s shift to a more managed-services business model. “We are transitioning from being a desktop software vendor to becoming more of a cloud software vendor,” said Dadgar. Dadgar said HashiCorp opted for Azure since there is a lot of overlap between the kinds of customer organizations HashiCorp and Microsoft tend to focus on. The launch Continue reading

Gloo Federation Brings Unified Control Plane, Stitchable APIs Across Multicluster Deployments

For enterprises operating at scale and requiring high availability, ensuring failover at the Kubernetes node level simply isn’t enough. Instead, many are operating in a multicluster environment, ensuring that even if something fails at the cluster level their applications will remain operational. For companies also running API gateway and ingress controller, this multicluster environment had become a pain point, as each cluster would require its own Gloo deployment, which in turn meant configuration, management, and control plane. In response, has launched Idit Levine. With federation, Levine said, not only is Gloo able Continue reading

Google’s Management of Istio Raises Questions in the Cloud Native Community

When the proposed to be included in the still v.02, had only been around less than six months, and yet it aimed to skip the entry-level most young projects enter at and instead applied for inclusion at the secondary incubation tier. While the project was founded primarily by Google and IBM, and boasted numerous other contributors such as Yahoo, Apprenda, Concur, and AT&T, it was met with skepticism — it was so new, it didn’t really have adoption to speak of quite yet, and there were some CEO

Cloudflare’s Network Shutdown Shows Why DNS Is a DevOps Problem

Cloudflare’s Jonathan Sullivan, NS1 chief technology officer and co-founder, told The New Stack. While Cloudflare — an NS1 competitor — did have DNS redundancy built into its infrastructure, the resulting traffic drop in its network infrastructure was about 50% throughout its network and resulted in a 27-minutes outage of Cloudflare Internet properties and services, Cloudflare Chief Technology Officer blog post. A router overload in the state of Georgia resulted in the Cloudflare outage. One way Cloudflare learned to prevent such an event from recurring was to set a limit on the Georgia router’s traffic for BGP sessions. This will result in the shutdown of Continue reading

Publish-Subscribe: Introduction to Scalable Messaging

Matthew O’Riordan A serial entrepreneur and seasoned developer with over 15 years of hands-on development experience. Matthew is the CEO of Ably, an Infrastructure-as-a-Service (IaaS) provider. He was co-founder and technical director of Aqueduct, a leading digital agency in London and Founder of easyBacklog, a SaaS agile backlog management tool. Matthew co-founded Econsultancy, a global digital marketing publishing, training and research business, with Ashley Friedlein and exited via a £25m trade sale to Centaur Media plc in 2012. The publish-subscribe (or pub/sub) messaging pattern is a design pattern that provides a framework for exchanging messages that allows for loose coupling and scaling between the sender of messages (publishers) and receivers (subscribers) on topics they subscribe to. Messages are sent (pushed) from a publisher to subscribers as they become available. The host (publisher) publishes messages (events) to channels (topics). Subscribers can sign up for the topics they are interested in. This is different from the standard request/response (pull) models in which publishers check if new data has become available. This makes the pub/sub method the most suitable framework for streaming data in real-time. It also means that dynamic networks can be built at internet scale. However, building a messaging infrastructure at Continue reading

Contour Ingress Controller Joins CNCF at Incubation Level

The open source Envoy proxy, joined the Cloud Native Computing Foundation (CNCF) as an incubation level project, skipping over the traditional sandbox level entry point. The project, originally developed in 2017 at Heptio before the company’s acquisition by VMware, displayed a level of usage in the field, support in the community and activity in its ecosystem that warranted skipping the sandbox, said

Linkerd’s Little Secret: a Lightning Fast, Service Mesh Focused Rust Network Proxy

KubeCon + CloudNativeCon sponsored this post, in anticipation of Linkerd can deliver critical features such as transparent mutual TLS, gRPC load balancing, blue-green deploys, and golden metrics. But like all abstractions, these features come at a cost. Some of this cost is human in nature: the more complex the service mesh, the more effort required to operate it successfully. Some of the cost is system cost: a service mesh consumes CPU and memory, and introduces latency to the application. Linkerd’s goal is to minimize this cost by being the smallest, fastest service mesh for Kubernetes (a claim which

Kuma, a New CNCF Project, Enhances the Control Plane for Mixed Infrastructure

“I’m pretty sure that you won’t hear anybody saying, ‘Oh, yeah, we implemented a service mesh, and it was easy to do.’ They were just extremely complicated systems,” said Marco Palladino. The first generation of service meshes, released around 2017, “came with lots of moving parts, lots of dependencies, and lots of assumptions that we did not necessarily agree with.” Those meshes were hyperfocused on Kubernetes, he said, while customers, though perhaps running K8s, also were still running virtual machines. They don’t scale and require a new cluster for each mesh.

Words Matter: Finally, Tech Looks at Removing Exclusionary Language

This month the tech industry’s lexicon is seeing a small but significant shift: Common technical phrases, most notably “Master/Slave” and “Whitelist/Blacklist” that have been red-flagged as offensive, or even racist, sometimes for decades, are getting updates. Android and GitHub Android, Splunk. Many orgs are also looking at replacing the concept of “whitelist” in both its documentation and in its APIs. Other companies and open source projects are following suit. This work is in part to take another semantic and moral stand that Black Lives Matter. And, at times, it is

How HashiCorp Widened the Reach of the Consul Service Mesh

HashiCorp has expanded its Consul network control plane by widening its scope for different highly distributed services and environments — while simplifying and expanding its compliance and policy management capabilities. By adding gateway options and compliance features with today’s release of Consul 1.8, HashiCorp has made the control plane able to manage many different environments in a single interface, the company says. These might include services and applications running in containers, Kubernetes or virtual machines (VMs) on bare metal, traditional data centers or multicloud environments that are often widely dispersed geographically. “We are useful to customers because we offer a layer across [different environments] with a single management plane. The challenges customers have is they have many services that sit outside of service mesh, such as traditional applications, and need to bring them into the same fold,” HashiCorp, told The New Stack. “So how can services talk to your applications within your service mesh, and how do the applications in the service mesh talk out? Consul 1.8 solves that problem.” Consul 1.8’s audit logging and single sign-on (SSO) features (which are part of the enterprise version) Continue reading

Simplicity and Security: What Commercial Providers Offer for the Service Mesh

“Open source is free like a puppy,” said Aspen Mesh, provider of an enterprise version of the open source Linkerd, that is the only reason to turn to William Morgan, CEO of Buoyant. “This is more of a philosophical stance. However, if you want to have a commercial relationship with us, we will make sure the service mesh works for you, with services and integration and all that stuff.”  Taming Complexity Service meshes are designed for very complex architectures. They only make sense for companies Continue reading

How HAProxy Streamlines Kubernetes Ingress Control

In 2016, when the digital media arm of the in increasingly large numbers. “I remember the fear that the huge event we were experiencing could bring our platform down,” said recalled at HAProxy 2019. They kept watching the Grafana dashboard, searching for potential anomalies. In the end, however, nothing bad happened. “We ended up drinking beers and eating pizzas,” he said. But Gallissot didn’t want to go through such a stressful experience again, and so started an initiative to move M6 to the cloud. Like many organizations dealing with surges of traffic, M6 decided on Kubernetes as the platform for a multicloud architecture, to ease the process of easily scaling up and down traffic. And one of the most crucial parts of the Kubernetes setup is routing the incoming traffic to the appropriate services. Kubernetes itself offers an option to capture the

How the Network Effect Levels the Cybersecurity War Zone

Ian Baxter Ian Baxter is the Vice President of Pre-Sales Engineering at IRONSCALES and has more than 20 years of extensive industry experience in the information security, technology and communications fields, having held various positions including both individual contributor and systems engineering management roles. During his career, Ian has regularly presented at various industry events on security topics such as threat prevention, ransomware, and best practices. Prior to IRONSCALES, Ian served as Americas' Director of Data Center Sales for NetApp covering Canada, Latin America and the US. He's also worked for large multinational technology companies such as Palo Alto Networks, Foundry Networks/Brocade, Alcatel Lucent, and Fore Systems/Marconi. Ian is originally from South Africa, and now resides in the United States. Robert Metcalfe, co-inventor of Ethernet, is renowned for many things, but perhaps none more so than his namesake law: 

NS1 Shows How DNS Technology Can Speed VPN Connections

The need for faster and more reliable VPN connections has certainly spiked recently in the wake of the COVID-19 pandemic and the massive shift of workers away from office hubs to home locations. For developers who must rely on VPNs for data transfers, the act of loading code on git and other more mundane tasks can obviously take much longer depending on network saturation from remote locations. Productivity is obviously lost, as well as time, which is in short supply for so many these days. Managed DNS support for VPNs can help to boost both network data transfer rates and robustness for VPNs, as well as other network infrastructure for any user, in addition to developers working remotely. To that end, DNS solutions provider Terry Bernstein, NS1 director of product management, said. The end result is improved VPN connectivity, which through load-balancing and steering connections at the DNS layer, are connected to the best performing endpoint. NS1’s DNS Continue reading