Introducing Warp: Fixing Mobile Internet Performance and Security
April 1st is a miserable day for most of the Internet. While most days the Internet is full of promise and innovation, on “April Fools” a handful of elite tech companies decide to waste the time of literally billions of people with juvenile jokes that only they find funny.
Cloudflare has never been one for the traditional April Fools antics. Usually we just ignored the day and went on with our mission to help build a better Internet. Last year we decided to go the opposite direction launching a service that we hoped would benefit every Internet user: 1.1.1.1.
The service's goal was simple — be the fastest, most secure, most privacy-respecting DNS resolver on the Internet. It was our first attempt at a consumer service. While we try not to be sophomoric, we're still geeks at heart, so we couldn't resist launching 1.1.1.1 on 4/1 — even though it was April Fools, Easter, Passover, and a Sunday when every media conversation began with some variation of: "You know, if you're kidding me, you're dead to me."
No Joke
We weren't kidding. In the year that's followed, we've been overwhelmed by the response. Continue reading
Lessons Learned in Cloud Networking – AWS vs Azure
I’ve been working a lot with cloud networking lately. I will share some of my findings as this is still quite new and documentation around some topics is poor. Especially on the Azure side. Let me just first start with two statements that I have seen made around cloud networking:
Cloud networking is easy! – Not necessarily so. I’ll explain more.
We don’t need networking in cloud! – Wrong. You do but in basic implementations it’s not visible to you.
This post will be divided into different areas describing the different components in cloud networking. You will see that there are many things in common between AWS and Azure.
System Routes
Within a VPC/VNET, there are system routes. If 10.0.0.0/22 was assigned to the VPC/VNET, there will be a system route saying along the lines of “10.0.0.0/22 local”. Subnets are then deployed in the VPC/VNET and there is full connectivity due to the system route. This route will point to a virtual router which is the responsibility of AWS/Azure. Normally this router will have a “leg” in each subnet, at the first IP address of the subnet, for example 10.0.0.1 for Continue reading
Upcoming Events and Webinars
In April 2019 we’re starting a new cloud security saga with Matthias Luft. The first webinar in this series will focus on the basics, subsequent live sessions spread through the rest of 2019 will cover individual technologies.
Another series we’re starting is Business Aspects of Networking, opening on April 4th with Three Paths of Enterprise IT.
We’ll also continue the math-in-networking series, this time focused on reliability functions and advanced reliability topics.
Part1 – Monitoring Network Traffic with ntopng and nProbe
Ntopng is the next generation version of the original ntop, a network traffic probe that monitors network usage. It provides a intuitive, encrypted web user interface for the exploration of realtime and historical traffic information. ntopng comes in three versions, Community, Professional (Small Business Edition) and Enterprise. The Community version is free to use and opensource. A physical NIC card of the server can be monitored by by specifying its interface name as
./ntopng -i eth0
However, we will use ntopng in flow collection mode along with nProbe which can act as probe/proxy. The communication between nProbe and ntopng takes place over ZeroMQ, a publish-subscribe protocol that allows ntopng to communicate with nProbe.
ntpong community version is installed on Ubuntu Server 18.04.1 with IP address 172.17.100.7/16. Ubuntu is running inside VirtualBox VM. The IP address of the host (Asus k55vm) is 172.17.100.2/16. The host is connected to the SOHO router that functions as gateway to the Internet gateway with the IP address 172.17.100.1/16. The network diagram is shown on the Picture 1.
nProbe is installed on Raspberry Pi 3B with the IP address 172.17.100.50/16. Windows 7 Continue reading
Understanding the BGP Table Version (3 part Blog Series)
The BGP Table Version is the most unknown and unexplained BGP concept/value that I rarely ever troubleshoot without. Seriously, I cannot imagine troubleshooting BGP without understanding the BGP table version. I always “eyeball” it at the very least when I’m... Read More ›
The post Understanding the BGP Table Version (3 part Blog Series) appeared first on Networking with FISH.
Transgender Day of Visibility
My name is Kas. I’m a Cloudflare employee and I wanted to share my story with you on International Transgender Day of Visibility.
I've been different for as long as I can remember. I've been the odd one out not just for the time I've spent in tech, but most of my life.
I'm transgender in that I am gender non-binary. I'm working with the word 'agender' right now, as it is the word that describes me best: I'm not a woman, or a man, just a human. I don't really have a gender, and I certainly don't identify with either binary label.
Being transgender in tech is difficult. There are many times where we have to work harder, smarter, and give up so much to stay afloat. Times where you have to weigh the benefits of correcting your pronouns against the title of the person who is to be corrected (are they a customer? Your bosses' bosses' boss?). Times where you don't know if you can even be 'out' with your coworkers, because you just don't know if, or how, they'll treat you differently, or fairly.
Being agender or outside the Continue reading
5 Days of 5G Firsts: Ericsson, Nokia, ZTE, Samsung
Within a span of 24 hours, Ericsson and Nokia both claimed to have 16 commercial 5G deals with...
The Importance of Automation: Using Ansible for Network Fabric Programming
As businesses go digital, the network plays a fundamental role in companies’ competitiveness in the marketplace – it becomes the...Heavy Networking 438: VMware NSX Evolution For Cloud Networking And Security (Sponsored)
Today's Heavy Networking, sponsored by VMware, dives into the latest security features in NSX-T, and examines how NSX is expanding from the data center to the WAN and the cloud. We also hear from NSX customer Sky UK about how NSX helps bridge the gap between infrastructure and developer teams.
The post Heavy Networking 438: VMware NSX Evolution For Cloud Networking And Security (Sponsored) appeared first on Packet Pushers.
SDxCentral Weekly Wrap: Oracle Reportedly Axes Hundreds of Jobs, Insists Its Cloud ‘Future Is Bright’
SDxCentral Weekly Wrap for March 29, 2019: Oracle jobs cuts are tied to the cloud; VeloCloud's...
From CCNA to SDN: Interview with David Bombal
A few weeks ago, I had an interesting video chat with David Bombal in which we covered a wide variety of topics including
- What would you do if you started networking today?
- How do you increase the value of your knowledge?
- Networking hasn’t changed in the last 40 years and whatever you learn about networking will still be valid 20 years from now;
- Why should I learn and implement network automation?
- When should I start learning about network automation?
Note: David posted the whole list of topics with timestamps in the pinned comment under the video.
Software Flaws, Security Vulnerabilities Persist in Huawei Equipment, UK Says
U.K. authorities have “limited confidence in Huawei’s ability to understand the content of any...
SD-WAN Requirements Evolve Past MPLS Replacement, Cost Savings
As SD-WAN matures it will need to meet the requirements of the changing enterprise, which include...
Kubernetes Kubectl CLI Tool Stung by ‘High’ Severity Security Flaw
If compromised, the flaw could allow an attacker to write files to any path on the user’s machine.
Microsoft Opens Azure Security Center for IoT
It connects Azure cloud security, visibility, and analysis tools with the company’s Azure IoT Hub...
Fast Friday – Aruba Atmosphere 2019
A couple of quick thoughts that I’m having ahead of Aruba Atmosphere next week in Las Vegas, NV. Tech Field Day has a lot going on and you don’t want to miss a minute of the action for sure, especially on Wednesday at 3:15pm PST. In the meantime:
- IoT is really starting to more down-market. Rather than being focused on enabling large machines with front-end devices to act as gateways we’re starting to see more and more IoT devices either come with integrated connective technology or interface with systems that do. Building control systems aren’t just for large corporations any more. You can automate an office on the cheap today. Just remember that any device that can talk can also listen. Security posture is going to be huge.
- I remember some of the discussions that we had during the heady early days of SDN and how unimpressed wireless and mobility people were when they figured out how the controllers and dumb edge devices really worked. Most wireless pros have been there and done that already. However, recently there has been a lot of movement in the OpenConfig community around wireless devices. And that really has the wireless folks excited. Because Continue reading
Instagram and Friday Photos
I’m making some changes to the Friday Photo series (which is why I’ve not posted any of these in a bit). I will be posting a small copy of each photo to Instagram, and a fuller image over on my smugmug page. I will be including a link to the smugmug version in the instagram post, but because of the way instragram sets things up you’ll have to copy the link out and paste it into a browser separately.
I will be going back through all my images and reprocessing them, so you will probably see duplicates from time to time.