The Internet is an extraordinarily complex and evolving ecosystem. Its constituent protocols range from the ancient and archaic (hello FTP) to the modern and sleek (meet WireGuard), with a fair bit of everything in between. This evolution is ongoing, and as one of the most connected networks on the Internet, Cloudflare has a duty to be a good steward of this ecosystem. We take this responsibility to heart: Cloudflare’s mission is to help build a better Internet. In this spirit, we are very proud to announce Crypto Week 2019.
Every day this week we’ll announce a new project or service that uses modern cryptography to build a more secure, trustworthy Internet. Everything we release this week will be free and immediately useful. This blog is a fun exploration of the themes of the week.
Many pieces of the Internet in use today were designed in a different era with different assumptions. The Internet’s success is based on strong foundations that support constant reassessment and improvement. Sometimes these improvements require deploying new protocols.
Performing an upgrade on a system Continue reading
Cloudflare believes trust is fundamental to helping build a better Internet. One way Cloudflare is helping our customers earn their users’ trust is through industry standard security compliance certifications and regulations.
Security compliance certifications are reports created by independent, third-party auditors that validate and document a company’s commitment to security. These external auditors will conduct a rigorous review of a company’s technical environment and evaluate whether or not there are thorough controls - or safeguards - in place to protect the security, confidentiality, and availability of information stored and processed in the environment. SOC 2 was established by the American Institute of CPAs and is important to many of our U.S. companies, as it is a standardized set of requirements a company must meet in order to comply. Additionally, PCI and ISO 27001 are international standards. Cloudflare cares about achieving certifications because our adherence to these standards creates confidence to customers across the globe that we are committed to security. So, the Security team has been hard at work obtaining these meaningful compliance certifications.
Since the beginning of this year, we have been renewing our PCI DSS certification in February, achieving SOC 2 Type 1 compliance in March, obtaining Continue reading
Argo Tunnel lets you expose a server to the Internet without opening any ports. The service runs a lightweight process on your server that creates outbound tunnels to the Cloudflare network. Instead of managing DNS, network, and firewall complexity, Argo Tunnel helps administrators serve traffic from their origin through Cloudflare with a single command.
We built Argo Tunnel to remove the burden of securing and connecting servers to the Internet. This new model makes it easier to run a service in multi-cloud and hybrid deployments by replacing manual and error-prone work with a process that adds intelligence to the last-mile between Cloudflare and your origins or clusters. However, the service was previously only available to users with Cloudflare accounts. We want to make Argo Tunnel more accessible for any project.
Starting today, any user, even those without a Cloudflare account, can try this new method of connecting their server to the Internet. Argo Tunnel can now be used in a free model that will create a new URL, known only to you, that will proxy traffic to your server. We’re excited to make connecting a server to the Internet more accessible for everyone.
Argo Tunnel replaces Continue reading
The Packet Pushers' latest crash course podcast on wireless for wired engineers dives into beacons, roaming, SSIDs, the ugly reality of band steering, and more WLAN nerdery. Our guest is Chris Reed.
The post Heavy Networking 455: The Wonderful World Of Wireless – Beacons, Probes, SSIDs And More appeared first on Packet Pushers.
sudo mn --custom sflow-rt/extras/sflow.py --link tc,bw=10 \Mininet, ONOS, and segment routing provides an example using a Custom Topology, e.g.
--topo tree,depth=2,fanout=2
sudo env ONOS=10.0.0.73 mn --custom sr.py,sflow-rt/extras/sflow.py \This article describes how to incorporate sFlow monitoring in a fully custom Mininet script. Consider the following simpletest.py script based on Working with Mininet:
--link tc,bw=10 --topo=sr '--controller=remote,ip=$ONOS,port=6653'
#!/usr/bin/python
from mininet.topo import Topo
from mininet.net import Mininet
from mininet.util import dumpNodeConnections
from mininet.log import setLogLevel
class SingleSwitchTopo(Topo):
"Single switch connected to n hosts."
def build(self, n=2):
switch = self.addSwitch('s1')
# Python's range(N) generates 0..N-1
for h in range(n):
host = self.addHost('h%s' % (h + 1))
self.addLink(host, switch)
def simpleTest():
"Create and test a simple network"
topo = SingleSwitchTopo(n=4)
net = Mininet(topo)
net.start()
print "Dumping host connections"
dumpNodeConnections(net.hosts)
print "Testing bandwidth between h1 and h4"
h1, h4 = net.get( 'h1', 'h4' )
net.iperf( (h1, h4) )
net.stop()
if __name__ == '__main__':
# Continue reading
Some analysts now think the deal's approval chances are at less than 50%.
"Vendors want to ensure they can sell SD-WAN in conjunction with other services to maximize...
It uses the vendor’s Open5G Platform edge software stack and enables network operators and...
In this post, you will learn advanced applications of Ansible facts to configure Linux networking. Instead of hard-coding device names, you will find out how to specify network devices by PCI addresses. This prepares your configuration to work on different Red Hat Enterprise Linux releases with different network naming schemes.
The RHEL System Roles provide a uniform configuration interface across multiple RHEL releases. However, the names of network devices in modern Linux distributions can often not be stable for various releases. In the past, the kernel named the devices after their order of appearance. The first device got the name eth0, the next eth1, and so on.
To make the device names more reliable, developers introduced other methods. This interferes with creating a release-independent network configuration based on interface names. An initial solution to this problem is to address network cards by MAC address. But this will require an up-to-date inventory with MAC addresses of all network cards. Also, it requires updating the inventory after replacing broken hardware. This results in extra work. To avoid this effort, it would be great to be able to specify network cards by their PCI address. Continue reading
SDxeCentral Weekly Wrap for June 14, 2019: Cisco stays above the Huawei fray; Intel puts its shoes...
The 2019 European Chapters Meeting took place from 9-10 May in Bucharest, Romania. (Watch the livestream here.)
The two-day event gathered 31 participants consisting of 22 fellows coming from 20 Internet Society Chapters in the European region. The meeting agenda focused on discussions around Consolidation on the Internet Economy, Encryption, Consumer IoT Privacy & Security, and the Internet of Food.
This meeting was part of a series of events the Internet Society is organizing in 2019 across regions. It was particularly important because of the valuable feedback the Chapters provided on the key questions of the 2019 Global Internet Report and the direction of the long-term objectives for Strategy 2025.
Growing up in the age of technology has made it too easy for me to take the presence of the Internet for granted. It’s hard to imagine not being able to go online and connect with anyone in the world, whether I’m speaking with family members or following activists planning global rallies in support of a common cause. I find that as I forget the wonder of being connected, I become jaded. I imagine that many of you reading this blog feel the same way. I doubt you have gone a month, or even a week, this year without considering that the world might be better off without the Internet, or without parts of the Internet, or that your life would be better with a digital cleanse. Project Galileo is my antidote. For every person online who abuses their anonymity, there is an organization that literally could not fulfill their purpose without it. And they are doing amazing work.
As program manager for Project Galileo, Cloudflare’s initiative to provide free services to vulnerable voices on the Internet, a large portion of my time is spent interacting with the project’s participants and partners. This includes a variety of Continue reading