Portworx sponsored The New Stack’s coverage of KubeCon+CloudNativeCon North America 2019.
While you may thinking of Kubernetes as the future of computing, but it was, until recently, still stuck in the past in one way, namely that it was built on IPv4, the widely-used, though a soon-to-be-legacy version of the Internet Protocol upon which the internet was built.
The Internet Engineering Task Force has been long urging the internet service providers to move to IPv6, now that the world has exhausted the supply of 32-bit IPv4 addresses. With its 128-bit address space, IPv6 will offer an inexhaustibly supply of internet addresses.
“We ignored it,” admitted KubeCon + CloudNativeCon North America 2019 conference he gave with
Ashwath Nagaraj is co-founder and CTO of Aryaka, responsible for building the company’s vision and technology since its inception in 2009. He previously founded Allegro Systems; a security startup acquired by Cisco in 2001. Ashwath was also a founder of Assured Access Technologies, which developed WAN access and aggregation products. AAT was acquired by Alcatel in 1999. He holds 17 patents in storage, security, architecture and networking.
Business today moves at the speed of 1s and 0s, flashing through the internet into our computers, mobile phones, tablets and smart speakers. Digital Transformation is an undeniable driving force behind business success, and organizations that can’t adapt to the needs of their customers and the demands of their industry will get left behind. It has been eons (in internet terms) since just having a website was enough to be competitive. If your organization has mastered SEO, incorporated server virtualization, adapted to today’s mobile-first mentality — for both employees and customers — and are looking at the next step you can take to compete, SD-WAN is the next logical step.
SD-WAN (software-defined wide area network) at first glance appears to be an almost impossible chimera of “cheaper, faster and better” at Continue reading
Application delivery controller provider Project Nova, a cloud native, hosted ADC service that is managed from a browser.
Nova is a response to customers using their existing ADC device in a manner that was never intended, Snapt CEO request access, with a community edition providing free access for up to five deployed nodes. At launch, Project Nova provides support for native service discovery on Kubernetes, Docker, Rancher, Consul and more, as well as full-automation with a REST API.
Blakey says they expect Project Nova’s beta to be available by mid-November and a full integration with service meshes by mid-December, with ” the real idea to be this app delivery fabric, which just takes responsibility for the delivery of your app across whatever infrastructure you’re running in.” General availability, he says, is expected by early 2020.
Olivier Huynh Van
Olivier Huynh Van is the CTO and co-founder of Gluware and leads the Gluware R&D team. Olivier has spent 20+ years designing and managing mission-critical global networks for such organizations as ADM Investor Services, Groupe ODDO & Cie, Natixis, Oxoid and Deutsche Bank. He holds a Master’s Degree in Electronics, Robotics and Information Technology from ESIEA in Paris, France.
In the race to keep up with swiftly moving digital currents, enterprises are in search of ways to automate their networks. They want to remove complexity and make changes to their networks quickly and effectively. Vendors are offering a variety of scripting approaches to network management that are open-source. The use of scripts in DevOps has been effective since they are generally run on consistent operating systems and compute platforms.
The industry is now trying to push scripting on NetOps, but it is much harder due to the variation of vendors, operating systems and hardware platforms used in the networking layer. Scripts may provide a quick fix, but they are not reliable over time and not a long-term strategic solution. In addition, these approaches may be risky, as they could lead to costly errors and network outages.
For Continue reading
Virtual networking softwareKubernetes open source container orchestration software. While Kubernetes has extensive support for Role-Based Access Control (RBAC), the default networking stack based on Google Kubernetes Engine (GKE). Unlike other managed Kubernetes services, GKE comes with an integrated Calico stack that can be enabled during the cluster creation. It is also possible to configure Calico on an existing, running GKE cluster.
Start by launching a standard GKE cluster with network policies enabled. This can be done by clicking the Enable network policy checkbox available under Availability, networking, security, and additional features section.
After the cluster is up and running, we can check for Calico Pods deployed as a part of Daemonset in the kube-system namespace. Let’s download the calicoctl, Calico’s CLI to explore the environment further. We need to point calicoctl to etcd endpoints of GKE cluster. This can be done with the below settings:
Now, let’s go ahead and deploy one of the samples provided by Project Calico. Run the below commands to deploy the application. You can download the YAML files from Project Calico’s http://mi2.live.
The post Tutorial: Explore Project Calico Network Policies with Google Kubernetes Engine appeared first on The New Stack.
There are two things that seem to motivate developers — a speedy, self-explanatory onboarding experience and a bit of friendly competition. Certainly, Gremlin chaos as a service’s new Scenarios features seems to check both boxes.
The Scenarios feature, which launched Thursday at the company’s Lorne Kligerman.
The idea for Scenarios pulled from their former chaotic lives as well as from customer success and developer advocates. “We know things will fail today. We Continue reading
HashiCorp has launched what it calls the first fully managed service mesh, Armon Dadgar, during the kickoff of the company’s annual Consul-based approach is to manage a mix of Kubernetes and non-Kubernetes assets, either on Azure or on other clouds or from private data centers, noted
Traefik and Maesh, a new open source service mesh, one designed to be easy to use by developers. Maesh is built using Traefik to provide proxy functionality, which Containous CEO Service Mesh Interface (SMI) compliance.
“This is really important because this standard means that everybody knows already how we work. And it’s provider agnostic, so if you want to change your service mesh, it can be done easily,” said Vauge. “This means that we are able to provide some observability features, some traffic management features like canary deployments, and some safety features like access control, which is super important. All of this is done thanks to the compliance to the SMI standard.”
Feature image by Pixabay.
The post Containous Builds a Service Mesh on Its Traefik Proxy appeared first on The New Stack.
Taking a look at how the internet’s HTTP/2 protocol works, Netflix engineers discovered CVE-2019-9512 Ping Flood. This enables an attacker to send continual ping requests to an HTTP/2 peer, causing the peer to create an internal queue of responses. When this happens a server’s CPU and memory can be consumed, which can lead to a denial of service.
already issued patches that are found in the following builds:
Red Hat is unveiling its own service mesh for Jaeger project for tracing, and service mesh typically runs as a sidecar as a communication layer between services for microservices-based application architectures. It handles traffic management, policy enforcement and service identity and security.
“We have taken the upstream Istio and written an Operator that handles the deployment and management of Istio itself. With the upstream version, you have to run all the sidecar containers with an escalated level of privilege — the Kubernetes equivalent of running things as a root user,” explained OpenShift Service Mesh, through having the Operator there and a CNI (container networking interface) plugin we wrote, you can run Istio and bring up those sidecar components without providing additional privileges to the application components of Istio itself,” he added.
Its features include:
Tracing and measurement: using Jaeger, developers can track a request between services from start to finish.
Visualization and observability: Kiali Continue reading
Dell Technologies has joined with AT&T to collaborate on a number of open source technologies that the companies say will contribute to edge computing and 5G deployments, namely the Metal3-io (for Kubernetes) and Ryan Van Wyk, AT&T assistant vice president of network cloud software engineering at AT&T, in an interview with The New Stack.
“The net effect is we’re helping to accelerate the deployment of open infrastructure that supports [software defined network] workloads. We see it as a flywheel effect in terms of making it easier for folks to deploy infrastructure and that makes it easier for them to grow their SDN ecosystem,” said Van Wyk. “Dell’s going to bring some focus to an area that’s core to their competency. When it comes to working on how to manage the RAID, the discs, the servers, the BIOS configurations, and validation of the hardware itself, and then integrate some of that stuff natively back into the Kubernetes Cluster API, those are things that are Continue reading
San Francisco-based startup Avi Freedman, Kentik CEO. “They may say there’s a problem over in the network, but what is it? …We’re embracing [the network], but taking a more AI approach to surfacing insights and automation approach to what you do with that.”
The AI-enabled capabilities include:
Network operations insight into infrastructure and traffic across cloud, data center, WAN and campus environments, including traffic growth and capacity run-out dates.
Edge network utilization and costs, including predicting cost overages and alerting on traffic spikes so teams can shift traffic to avoid network congestion.
Network protection by setting smart baselines and thresholds to automatically recognize traffic anomalies, more easily investigate incidents such as DDoS attacks, and automatically prevent threats from causing performance and availability issues.
The majority of Kentik’s early customers are service providers. AIOps can help them understand how their customers and subscribers use their services to more quickly Continue reading
Chris Wade serves as the co-founder and CTO of Itential, a network automation software company focused on simplifying and accelerating the adoption of network automation and transforming network operations practices.
SD-WAN (software-defined networking in a wide area network) was originally touted as a way to leverage both private (MPLS) and public (internet) networks to route traffic to the most appropriate network. Over time, SD-WAN has evolved and enabled the acceleration for more innovative services. In an effort to extend SD-WAN into a multicloud reality, SD-WAN 2.0 enhances security and analytics while connecting innovation at the edge with application and cloud concepts. While we have seen tremendous innovation in the cloud ecosystems, network and application domains are adopting similar concepts to build software-centric, programmable networks.
Given these applications and networks now span clouds, data centers, WANs, LANs, and edge, the automation of networks should be viewed as a Multidomain problem. Each domain has unique challenges which should be automated locally while providing an end-to-end capability to align with the target network reality.
Applications and services are becoming more distributed and require connectivity and policy enforcement across a variety of domains. Whether it is zero-trust security, intelligent network automation, Continue reading