Short Take – Cache Covert Channel
The spectre and meltdown vulnerabilities took advantage of deficiencies in processor caching mechanisms. In this Network Collective Short Take, Russ White talks through how these attacks work and what further implications there may be in speculative processor cacheing.
Russ White
The post Short Take – Cache Covert Channel appeared first on Network Collective.
BiB 069: Plixer’s FlowPro Shines A Light On Network Darkness
Plixer has announced the FlowPro network probe to shine some light on sections of the network with limited flow export capability. Available both as hardware and virtual appliances, FlowPro observes network packets via SPAN or ERSPAN and can, based on its observations, create and export flow records to Scrutinizer. But that’s not all that FlowPro can do. There’s a bunch of analytical capability baked into the tool with both APM and security use cases.
The post BiB 069: Plixer’s FlowPro Shines A Light On Network Darkness appeared first on Packet Pushers.
DNS Flag Day
The 1st of February was DNS Flag Day, which is an initiative of several DNS vendors and operators to address the problems of DNS name server implementations that are not in compliance with long-established DNS standards. This is causing the DNS to not only be unnecessarily slow and inefficient, but prevent operators from deploying new functionality including mechanisms to protect against DDoS attacks.
DNSSEC and other extended features of the DNS require EDNS0 (Extension Mechanisms for DNS – RFC 6891), and properly implemented name servers should either reply with an EDNS0 compliant response, or provide a regular DNS response if they don’t understand.
However, a lot of name server software is not implemented properly which has meant resolvers have had to incorporate workarounds when name servers don’t respond correctly. These cause unnecessary retries, delays, and prevent the newer features of the DNS being used.
As a result, the vendors of the most commonly used DNS software (BIND, Ubound, PowerDNS and Knot) will no longer be supporting these workarounds in new versions of their software, whilst a number of public DNS resolver operators (CleanBrowsing, Cloudflare, Google and Quad9) will no longer resolve hostnames served by broken name server implementations.
This may mean Continue reading
InvenSense Deploys Aryaka SD-WAN to Meet Growing Business Needs
SD-WAN allowed the sensor manufacturer to streamline and automate operations, and ultimately make it in a rapidly changing industry.
How to make CI/CD with containers viable in production
Continuing Integration and Continuing Development (CI/CD), and containers are both at the heart of modern software development. CI/CD developers regularly break up applications into microservices, each running in their own container. Individual microservices can be updated independently of one another, and CI/CD developers aim to make those updates frequently.
This approach to application development has serious implications for networking.
There are a lot of things to consider when talking about the networking implications of CI/CD, containers, microservices and other modern approaches to application development. For starters, containers offer more density than virtual machines (VMs); you can stuff more containers into a given server than is possible with VMs.
Meanwhile, containers have networking requirements just like VMs do, meaning more workloads per server. This means more networking resources are required per server. More MAC addresses, IPs, DNS entries, load balancers, monitoring, intrusion detection, and so forth. Network plumbing hasn’t changed, so more workloads means more plumbing to instantiate and keep track of.
Containers can live inside a VM or on a physical server. This means that they may have different types of networking requirements than traditional VMs, (only talking to other containers within the same VM, for example) than other workloads. Continue reading
Cumulus content roundup: January
The new year is now in full swing and we’re excited about all the great content we’ve shared with you so far! In case you missed some of it, here’s our Cumulus content roundup- January edition. As always, we’ve kept busy last month with lots of great resources and news for you to read. One of the biggest things we announced was our new partnership with Nutanix but wait, there’s so much more! We’ve rounded up the rest of the right here, so settle in and stay a while!
From Cumulus Networks:
Cumulus + Nutanix = Building and Simplifying Open, Modern Data Centers at Scale: We are excited to announce that Cumulus and Nutanix are partnering to build and operate modern data centers with open networking software.
Cumulus Networks Strengthens Board of Directors Amid Record Growth and Market Adoption of its Open, Modern Networking Software: Former Deutsche Bank Group COO, Kim Hammonds, joins board as company leads the transition to open networking and data center modernization
Moving a Prototype Network to Production: With prototyping production networks, the network becomes elevated to a standard far superior to the traditional approaches.
Operations guide: We thought it would be great Continue reading