Category Archives for "Networking – The New Stack"

NS1: Avoid the Trap of DNS Single-Point-of-Failure

Third-party DNS providers have seen tremendous consolidation during the past few years, resulting in dependence on a smaller pool of providers that maintain the world’s largest website lookups. Reliance on only one of a few single DNS providers also represents a heightened risk in the event of a Carnegie Mellon University, 89.2% of the CDN MaxCDN, the researchers noted. A

Isovalent Harnesses eBPF for Cloud Native Security, Visibility

Veteran networking pros at Extended Berkeley Packet Filter (eBPF) technology, which makes the Linux kernel programmable, to address the ephemeral challenges of Kubernetes and microservices. “If you think about the Linux kernel, traditionally, it’s a static set of functionality that some Linux kernel developer over the course of the last 20 or 30 years decided to build and they compiled it into the Linux kernel. And it works the way that kernel developer thought about, but may not be applicable to the use case that we need to do today,” said Isovalent CEO

KubeCon+CloudNativeCon: Service Mesh Battle Stories and Fixes

KubeCon+CloudNativeCon. “There’s a lot to say about each of these service meshes and how they work: their architecture, why they’re made, what they’re focused on, what they do when they came about and why some of them aren’t here anymore and why we’re still seeing new ones,” Layer5, explained during his talk with “Service Mesh Specifications and Why They Matter in Your Deployment.” Service mesh is increasingly seen as a requirement to manage microservices in Kubernetes environments, offering a central control plane to manage microservices access, testing, metrics and other functionalities. One-third of the respondents in The New Stack survey of our readers said their organizations already use service mesh. Among the numerous service mesh options available; Envoy, Linkerd and

Primer: How XDP and eBPF Speed Network Traffic via the Linux Kernel

Every so often, however, a new buzzword or acronym comes around that really has weight behind it. Such is the case with XDP (eBPF programming language to gain access to the lower-level kernel hook. That hook is then implemented by the network device driver within the ingress traffic processing function, before a socket buffer can be allocated for the incoming packet. Let’s look at how these two work together. This outstanding example comes from Jeremy Erickson, who is a senior R&D developer with Sebastiano Piazzi on

Kubernetes IDE Lens Adds an API for Cloud Native Extensions

Lens, the integrated development environment (IDE) for Kubernetes, has seen some rapid growth in the past year, ever since it made some changes to its deployment model and found the backing of Mirantis, that company that in 2019 acquired Docker. At this month’s launched an extensions API alongside several pre-built extensions from popular cloud native products, which

Kyverno, a New CNCF Sandbox Project, Offers Kubernetes-Native Policy Management

Kyverno, the open source Kubernetes-native policy engine built by Cloud Native Computing Foundation (CNCF) this week at the sandbox level. The development team hopes the software will help adoption of Kubernetes policies, by providing a method for doing so with native tools and languages, rather than requiring users to learn and adopt new ones. kubectl, kustomize. Bugwadia explained that, by contrast, cert-manager, another new CNCF sandbox project, which Bugwadia said has expressed interest in using Kyverno for policies for certificate management. Joining the CNCF, he said, leads to those forms of collaboration, which we would not have been able to do otherwise. The Cloud Native Computing Foundation and KubeCon+CloudNativeCon are sponsors of The New Stack.  Feature image by Pixabay. The post Kyverno, a New CNCF Sandbox Project, Offers Kubernetes-Native Policy Management appeared first on The New Stack.

gRPC Remote Procedure Calls in a Nutshell

gRPC: Up and Running, published by O’Reilly Media. gRPC (gRPC Remote Procedure Calls) is one of the most popular inter-process communication protocols in the modern microservices and cloud native era. With the increasing adoption of gRPC, we thought it was important to write a book on gRPC and share our experience of building cloud native microservices apps with it. So, before we dive into the details of the book, let me give you a brief overview of what gRPC is. gRPC is modern inter-process communication technology that can overcome most of the shortcomings of the conventional inter-process communication technologies, such as RESTful services. Owing to the benefits of gRPC, most modern applications and servers are increasingly converting their inter-process communication protocols to gRPC. The foundation of a gRPC-based application is the service and Continue reading

Open Policy Agent for the Enterprise: Styra’s Declarative Authorization Service

Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, new three-tier product offering for Styra Declarative Authorization Service (DAS). Before diving into DAS, though, let’s make sure we’re all on the same page with OPA and policies in general. OPA is an open source, general-purpose policy engine that unifies policy enforcement across the stack. You write these policies in its high-level declarative language Datalog query language. With Rego, you can specify policy as code and create simple APIs to offload policy decision-making from your software. You can then use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more. And, what’s a policy engine you ask?

Linkerd Adds Default mTLS to Kubernetes to Enable Zero Trust

Linkerd, the open source service mesh, has been updated with a number of new features, including support for the ARM architecture, a new multicore proxy runtime, and the automatic enabling of mutual TLS (mTLS) security for all TCP connections. Buoyant, the company behind AWS Graviton, and support for Kubernetes’s new service topology feature will again increase operating efficiency with the ability to decide routing preferences. A complete rundown of Linkerd improvements, performance enhancements, and bug fixes can be found in the Ralf Skirr on 

Cisco Project Bridges Kubernetes and SD-WAN to Speed Microservice Messaging

SD-WAN ( software-defined networking in a wide area network) and Kubernetes are two major technological developments of interest for businesses on the journey toward digital transformation. SD-WAN extends the SDN feature programmable network and automation to the WAN networks. And Kubernetes has largely adopted a containerized application orchestrator that has solid API architecture, autoscaling, deep monitoring, and load balancing capabilities for dynamic and distributed infrastructures. Many companies are using them together, given that business applications are distributed to different data centers and edge cloud locations. Here, different Kubernetes clusters are connected to end-user applications and workloads, and SD-WAN is used to connect all the clusters and end users. Sagar Nangare Sagar Nangare is technology blogger, focusing on data center technologies (Networking, Telecom, Cloud, Storage) and emerging domains like Edge Computing, IoT, Machine Learning, AI). He is currently serving Calsoft Inc. as Digital Strategist. He is based in Pune. You can reach to him on Twitter @sagarnangare. But there are still gaps in this amalgamated solution. SD-WAN is used mostly on the public internet, which has different performances in different parts of the world. When we deploy microservice-based applications there may be cases where some microservices may have specific latency requirements Continue reading

Vint Cerf’s Mission to Bring the Internet to Outer Space

77-year-old Vint Cerf is credited as the father of the internet — but he’s now tackling an even bigger challenge. He’s joined with the scientists who envision a network that can scale across hundreds of millions of miles, in an airless vacuum, where data transmissions can be blocked by, for example, the planet Jupiter. Cerf’s working with a team whose lofty new dream is an internet which can connect our spacecraft in outer space — to the other spacecraft, and to listeners waiting here on earth. It’s instructive to see how engineers approach a task that stretches endless on an interplanetary scale — and what it took to lead scientists to this galaxy-sized dream. Guide to the Galaxy Back in the 1970s, Cerf co-developed the TCP/IP protocol with Bob Kahn, which became the foundation for all internet communication today. (Though in a recent article in Quanta, Cerf stresses that “A lot of people contributed to the creation of the internet.”) But what’s less known is that Cerf has also held a lifelong interest in outer space. One

Messaging Connectivity in a Hybrid Kubernetes Cloud Environment

KubeCon + CloudNativeCon North America 2020 – Virtual, Nov. 17-20. Lior Nabat Lior is KubeMQ’s technology leader and product architect. As a serial technology entrepreneur with over 20 years of experience in software ventures and product development, he brings cloud native expertise and hands-on experience. Lior founded Tradency (financial trading technology) 14 years ago and led as the CEO since inception. Previously he held key management positions at DSPG, Alpha Cell and TdSoft. Lior holds a B.A. in Mathematics and Computer Science from the Open University in Tel-Aviv Israel and AMP from the University of Pennsylvania-The Wharton School. @lior_nabat Hybrid cloud is a powerful IT architecture — backed by market leaders and used by many enterprise organizations — that connects a company’s on-premises, private cloud services and third-party, public cloud services into a single, flexible infrastructure for running the organization’s applications and workload. The principle behind hybrid cloud is a mix of public and private cloud resources — with a level of orchestration between them. This gives an organization the flexibility to choose the optimal cloud for each application or workload (and to move workloads freely Continue reading

NGINX Steps into the Service Mesh Fray Promising a Simpler Alternative

Earlier this month, NGINX NGINX Service Mesh (NSM), a free and open source service mesh that uses NGINX proxy, to power its data plane. While many service meshes are built from entirely open source components, NGINX Vice President of Marketing Aspen Mesh, the more advanced, Istio-based service mesh built by its now-parent company Service Mesh Interface (SMI) is not supported, but it is on the roadmap, and the NGINX Unit to “introduce something that’s a little bit different and more novel to advance the industry dialogue.” “We think there’s an option in the future to have a sidecar-less service mesh, where you’re not injecting sidecars in each service,” said Whitely. “Instead, you load your code, and you execute it, and the default runtime environment that’s executing your code has all the built-in proxying capabilities needed to handle east-west. It would take things down from a two container to one container kind of model.” Feature image by Unsplash. The post NGINX Steps into the Service Mesh Fray Promising a Simpler Alternative appeared first on The New Stack.

Choosing a Container-Native Network for Kubernetes

Similar to container-native storage, the container-native network abstracts the physical network infrastructure to expose a flat network to containers. It is tightly integrated with Kubernetes to tackle the challenges involved in pod-to-pod, node-to-node, pod-to-service and external communication. Kubernetes can support a host of plugins based on the Cloud Native Computing Foundation. Sponsor Note KubeCon + CloudNativeCon conferences gather adopters and technologists to further the education and advancement of cloud native computing. The vendor-neutral events feature domain experts and key maintainers behind popular projects like Kubernetes, Prometheus, Envoy, CoreDNS, containerd and more. Container-native networks go beyond basic connectivity. They provide dynamic enforcement of network security rules. Through a predefined policy, it is possible to configure fine-grained control over communications between containers, pods and nodes. Choosing the right networking stack is critical to maintain and secure the CaaS platform. Customers can select the stack from open source projects including Contiv, Project CalicoTungsten Fabric and

Where Service Mesh and SmartNICs Meet

Intel sponsored this post. Smart Network Interface Controllers (SmartNICS) puts the service mesh at center stage where the network and the application layer meet. The new dimensions that come with the integration of hardware and software is ushering in a new generation of capabilities such as cryptographic operations and new approaches to resource utilization. At VMworld last month, VMware featured SmartNICs as part of

1 6 7 8 9 10 12