EVPN on the host for multi-tenancy
As an SE at Cumulus, I’m involved in designing and implementing data center networks for MSPs and enterprises. While doing so, I have to be aware of how Cumulus can integrate our solution with solutions from multiple other vendors depending on the solution that is needed. While I’m not a software engineer or protocol developer myself, I’m interested in deploying these solutions in real world environments. Cumulus Linux is a standard Linux environment, and as a company, we use and develop on open-source tools and solutions. In this blog, I would like to address a common requirement in data center networks: multi tenancy, and how this can be achieved in the Linux ecosystem, open-source software and various other tools, specifically with EVPN on the host.
Multi tenancy use-cases
There are two major ones that are often deployed:
• Virtual machines
• Container environments
Virtual machines in the Linux ecosystem are mostly KVM deployments and in many cases deployed in combination with Openstack. There are different multi tenant architectures, but the most common one is to build an overlay network with VXLAN between the hypervisors. To reach resources outside the specific tenant environment, dedicated network nodes are being used.
While this architecture is Continue reading
How to save costs on your API Gateway solution using Cloudflare Workers
The following is a guest post by Janusz Jezowicz, CEO of Speedchecker. The Speedchecker team runs a global distributed measurement network and offer speed test solutions using the Cloudflare platform.
Software companies contemplating offering a public API to 3rd party developers have many options to choose from for how to offer their API securely with high reliability and with fast performance. When it comes to cost though, commercial solutions are expensive and open-source solutions require a lot of time managing servers and the synchronization between them. This blog post describes how we successfully moved our API gateway to Cloudflare Workers and slashed our costs by a factor of 10.
Our original solution based on the Kong open-source API gateway
When we built our measurement network API for cost reasons we opted for open-source solution Kong. Kong is a great solution which has a vibrant community of users and plug-in developers who extend and maintain the platform. Kong is a good alternative to commercial solutions from companies such as Apigee or Mulesoft whose solutions are really catering for larger businesses who can afford them. Kong is free and it works. On the other hand, if your business has complex needs Continue reading
Statement concerning events at Glowbeam Technologies
All of Cloudflare's staff were shocked at the events depicted in NCIS Season 16 Episode 1 where incorrect use of random numbers for encryption resulted in the insertion of multiple trojan horses that brought a nuclear reactor within seconds of a meltdown.
Although Cloudflare has long been a competitor of the company responsible, Glowbeam Technologies, and uses similar random number generation technology, we would like to emphasize that there are significant differences between the two companies.
Firstly, Cloudflare's Lava Lamps are not an "encryption engine" and thus they are not susceptible to tampering by the janitor.
Secondly, all Cloudflare staff undergo extensive background checks.
Thirdly, we were shocked that Glowbeam Technologies' wall of Lava Lamps was a single point of failure. In contrast, Cloudflare uses multiple sources of randomness.
Lastly, Glowbeam Technologies' CEO confirmed that the company did not use "AES" or "key block ciphers", but instead relied solely on their Lava Lamp "encryption engine". Cloudflare strongly advocates for never writing or inventing encryption algorithms and works closely with groups like the IETF to use standard, well understood encryption.
As a result of these events Cloudflare has acquired the assets of Glowbeam Technologies, please visit glowbeamtechnologies.com for more information.
John Graham-Cumming
Chief Technology Officer
Cloudflare, Inc.
Cisco dCloud Access From Linux Host
Use OpenConnect to access Cisco dCloud labs.Cisco dCloud Access From Linux Host
A project I am currently working on requires me to configure Cisco ACI. I have not previously had the opportunity to work with ACI and I had no access to a lab environment to prove out my changes before implementing them into production. A while ago a heard about a service Cisco is offering...AT&T, Microsoft Score Multi-Million-Dollar Air Force Wins
Both are “service experiments” in that the military wants to trial private companies — as opposed to Air Force service members — to provide IT and networking services.
Weekly Wrap Podcast: Nutanix Trumps VMware
Sept. 28, 2018 — CenturyLink takes SD-WAN global; Vodafone and China Mobile tap ONAP; and more.
Birthday Week Wrap-Up: Every day is launch day at Cloudflare
Our customers are accustomed to us launching new services, features, and functionality at a feverish pace, but recently, we’ve been especially active. This week we celebrated our 8th Birthday Week by announcing new offerings that benefit our customers and the global Internet community. Our mission is to help build a better Internet, and we’re convinced that launching new capabilities that benefit not only our customers, but also the broader Internet overall, is the best way to fulfill our mission.
Helping build a better Internet, one launch at a time
As an organization, we could choose to celebrate Cloudflare’s birthday in lots of different ways (a press release, a company party, or fun gifts for all our employees). But at Cloudflare, we have a unique birthday tradition: we roll up our sleeves and give our customers and the Internet community a new capability (i.e. a gift) every day of our birthday week.
Some of this past week’s launches have been entirely new offerings, like providing key-value storage across Cloudflare’s global cloud network with Cloudflare Workers KV. Other birthday week launches help improve the overall Internet ecosystem: the Bandwidth Alliance reduces data transfer charges from major cloud hosts and Cloudflare Registrar Continue reading
Short Take – BGP Peering Updates
In this Short Take, Russ shares some of the recent innovations around BGP peering and route exchange coming out of the standards bodies.
Russ White
The post Short Take – BGP Peering Updates appeared first on Network Collective.
Will Verizon’s Fixed 5G Wireless Suffer the Same Fate as WiMAX?
The operator’s upcoming fixed 5G wireless service launch will likely face some significant challenges in terms of coverage, return on investment, and scalability.
Perhaps MANO Is Irrelevant for Virtualized Carrier Networks
Good integrated CI/CD and an orchestrator like Kubernetes could negate the need for MANO.
SDxCentral’s Weekly Roundup — September 28, 2018
Vasona Networks gets purchased by ZephyrTel; Kubernetes releases its newest version; and news out of Microsoft Ignite.
Sprint Says Packet, Open19 Give It 5G Flexibility
Sprint's Aaron Hinkle also weighed in on SDN: “When you move to the edge you have to be able to do a full SDN deployment.”
Weekly Show 409: The 100G Data Center And Other Roundtable Topics
Today's Weekly Show is a roundtable discussion with network engineers on dealing with a lack of carrier diversity, equipment refresh cycles for the 100GbE data center, and more nerdy topics.
The post Weekly Show 409: The 100G Data Center And Other Roundtable Topics appeared first on Packet Pushers.
Weekend Reads 092818
As the topic of hacking back continues to resurface among elected officials, those of us in the cybersecurity community are scratching our heads over why this concept refuses to die. After digging deeper, one can see that there are many misperceptions regarding what the terms “hacking back” and “active cyber defense” (ACD) actually mean. General frustration and misinformation are driving the interest, but the mixing of Continue reading
Outing Your Outages
How are you supposed to handle outages? What happens when everything around you goes upside down in an instant? How much communication is “too much”? Or “not enough”? And is all of this written down now instead of being figured out when the world is on fire?
Team Players
You might have noticed this week that Webex Teams spent most of the week down. Hard. Well, you might have noticed if you used Microsoft Teams, Slack, or any other messaging service that wasn’t offline. Webex Teams went offline about 8:00pm EDT Monday night. At first, most people just thought it was a momentary outage and things would be back up. However, as the hours wore on and Cisco started updating the incident page with more info it soon became apparent that Teams was not coming back soon. In fact, it took until Thursday for most of the functions to be restored from whatever knocked them offline.
What happened? Well, most companies don’t like to admit what exactly went wrong. For every CloudFlare or provider that has full disclosures on their site of outages, there are many more companies that will eventually release a statement with the least amount of technical Continue reading
Push for Greater Control Over the Internet Coming Back Around
A group of countries will likely try to resurrect old battles on international control of Internet in the coming months, during upcoming meetings related to Internet Governance, some experts say.
The effort to relitigate unresolved debates on government control over the Internet will likely come up during the International Telecommunication Union’s Plenipotentiary Conference starting Oct. 29 in Dubai, said Robert Morgus, senior policy director focused on cybersecurity at U.S. think tank New America.
Morgus expects Russia, China, and other countries to renew their push for new internationally sanctioned controls over the Internet during the ITU meeting, he said Thursday at an Internet governance discussion hosted by New America and co-sponsored by the Internet Society’s Washington Chapter.
While the ITU has traditionally stayed away from Internet policy decisions, the group of authoritarian countries will likely push for a new World Conference on International Telecommunications (WCIT) meeting, Morgus said, where Internet control and governance issues have been hot topics.
The last WCIT meeting, in December 2012, ended with the United States, the U.K., Japan, and a handful of other countries declining to sign an agreement supported by 89 nations that called for international cooperation in fighting security problems Continue reading
Building With Workers KV, a Fast Distributed Key-Value Store
Your Workers now have access to a low-latency key-value data store which lives inside our network all around the world!
For those who don’t know, Cloudflare Workers is a new type of compute platform, built on top of our global network of 152+ data centers around the world. It allows you to write serverless code which runs in the fabric of the Internet itself, allowing you to engage with your users faster than other platforms can even get a packet to where your code is running. It’s built on a new architecture which eliminates cold starts and dramatically reduces the memory overhead of keeping your code running when compared to a platform like Amazon Lambda.
As powerful as this is, compute is just one component of what you need to build an application, you also need the ability to store data. We evaluated many of the available open source data stores on the market, but ultimately nothing was designed for a world with quite as many distributed nodes as our network. Instead, we have begun releasing our own vision for distributed storage, beginning today.
The Workers KV is a highly distributed, eventually-consistent, key value store. It will allow you to Continue reading
Introducing Workers KV
In 1864 British computer pioneer Charles Babbage described the first key-value store. It was meant to be part of his Analytical Engine. Sadly, the Analytical Engine, which would have been the first programmable computer, was never built. But Babbage lays out clearly the design for his key-value store in his autobiography. He imagined a read-only store implemented as punched cards. He referred to these as Tables:
I explained that the Tables to be used must, of course, be computed and punched on cards by the machine, in which case they would undoubtedly be correct. I then added that when the machine wanted a tabular number, say the logarithm of a given number, that it would ring a bell and then stop itself. On this, the attendant would look at a certain part of the machine, and find that it wanted the logarithm of a given number, say of 2303. The attendant would then go to the drawer containing the pasteboard cards representing its table of logarithms. From amongst these he would take the required logarithmic card, and place it in the machine.
Punched card illustration from Babbage’s autobiography showing an integer key (2303) and value representing the decimal part of Continue reading