Addresses in a Networking Stack
After discussing names, addresses and routes, it’s time for the next question: what kinds of addresses do we need to make things work?
End-users (clients) are usually interested in a single thing: they want to reach the service they want to use. They don’t care about nodes, links, or anything else.
End-users might want to use friendly service names, but we already know we need addresses to make things work. We need application level service identifiers – something that identifies the services that the clients want to reach.
VRF Route Leaking with a FTD
Just had a blast playing with VRF Route Leaking with a FTD. It is so cool and super simple to do. Let’s say you have a Cisco Firewall, a 3140 FTD in this instance, and you want to have varying... Read More ›
The post VRF Route Leaking with a FTD appeared first on Networking with FISH.
Simple or Complex?
A few weeks ago, Daniel posted a piece about using different underlay and overlay protocols in a data center fabric. He says:
There is nothing wrong with running BGP in the overlay but I oppose to the argument of it being simpler.
One of the major problems we often face in network engineering—and engineering more broadly—is confusing that which is simple with that which has lower complexity. Simpler things are not always less complex. Let me give you a few examples, all of which are going to be controversial.
When OSPF was first created, it was designed to be a simpler and more efficient form of IS-IS. Instead of using TLVs to encode data, OSPF used fixed-length fields. To process the contents of a TLV, you need to build a case/switch construction where each possible type a separate bit of code. You must count off the correct length for the type of data, or (worse) read a length field and count out where you are in the stream.
Fixed-length fields are just much easier to process. You build a structure matching the layout of the fixed-length fields in memory, then point this structure at the packet contents in-memory. From there, Continue reading
Heavy Wireless 011: How You Can Participate In The Wi-Fi Awards 2023
The Wi-Fi Awards is an industry effort to recognize excellence and achievements in the wireless community. There are award categories for companies, products, and individuals. Award recipients are determined by a committee and by community votes. Today's Heavy Wireless explores the origins of the Wi-Fi Awards, discusses different award categories and the importance of recognizing individuals. We also discuss the nomination and selection process, and how listeners can nominate candidates.
The post Heavy Wireless 011: How You Can Participate In The Wi-Fi Awards 2023 appeared first on Packet Pushers.
Heavy Wireless 011: How You Can Participate In The Wi-Fi Awards 2023
The Wi-Fi Awards is an industry effort to recognize excellence and achievements in the wireless community. There are award categories for companies, products, and individuals. Award recipients are determined by a committee and by community votes. Today's Heavy Wireless explores the origins of the Wi-Fi Awards, discusses different award categories and the importance of recognizing individuals. We also discuss the nomination and selection process, and how listeners can nominate candidates.Full Stack Journey 082: Inside Talos Linux – The Distro Built For Kubernetes
Today's Full Stack Journey dives into Talos Linux, a "fit-for-purpose OS" designed for running Kubernetes. Host Scott Lowe speaks with Andrew Rynhard about Talos Linux and Sidero Labs, the company behind the Talos open source project. They discuss how Talos differs from other distributions, the concept of machine Linux, how Talos is designed for Kubernetes, and more.
The post Full Stack Journey 082: Inside Talos Linux – The Distro Built For Kubernetes appeared first on Packet Pushers.
Full Stack Journey 082: Inside Talos Linux – The Distro Built For Kubernetes
Today's Full Stack Journey dives into Talos Linux, a "fit-for-purpose OS" designed for running Kubernetes. Host Scott Lowe speaks with Andrew Rynhard about Talos Linux and Sidero Labs, the company behind the Talos open source project. They discuss how Talos differs from other distributions, the concept of machine Linux, how Talos is designed for Kubernetes, and more.
New! Rate Limiting analytics and throttling
Rate Limiting rules are essential in the toolbox of security professionals as they are very effective in managing targeted volumetric attacks, takeover attempts, scraping bots, or API abuse. Over the years we have received a lot of feature requests from users, but two stand out: suggesting rate limiting thresholds and implementing a throttle behavior. Today we released both to Enterprise customers!
When creating a rate limit rule, one of the common questions is “what rate should I put in to block malicious traffic without affecting legitimate users?”. If your traffic is authenticated, API Gateway will suggest thresholds based on auth IDs (such a session-id, cookie, or API key). However, when you don’t have authentication headers, you will need to create IP-based rules (like for a ‘/login’ endpoint) and you are left guessing the threshold. From today, we provide analytics tools to determine what rate of requests can be used for your rule.
So far, a rate limit rule could be created with log, challenge, or block action. When ‘block’ is selected, all requests from the same source (for example, IP) were blocked for the timeout period. Sometimes this is not ideal, as you would rather selectively block/allow requests to Continue reading
Names, Addresses and Routes
It always helps to figure out the challenges of a problem you’re planning to solve, and to have a well-defined terminology. This blog post will mention a few challenges we might encounter while addressing various layers of the networking stack, from data-link layer and all the way up to the application layer, and introduce the concepts of names, addresses and routes.
According to Martin Fowler, one of the best quotes I found on the topic originally came from Phil Karlton:
Names, Addresses and Routes
It always helps to figure out the challenges of a problem you’re planning to solve, and to have a well-defined terminology. This blog post will mention a few challenges we might encounter while addressing various layers of the networking stack, from data-link layer and all the way up to the application layer, and introduce the concepts of names, addresses and routes.
According to Martin Fowler, one of the best quotes I found on the topic originally came from Phil Karlton:
The Hidden Costs of Legacy Technology
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.Wi-Fi 6E Won’t Make a Difference
It’s finally here. The vaunted day when the newest iPhone model has Wi-Fi 6E. You’d be forgiven for missing it. It wasn’t mentioned as a flagship feature in the keynote. I had to unearth it in the tech specs page linked above. The trumpets didn’t sound heralding the coming of a new paradigm shift. In fact, you’d be hard pressed to find anyone that even cares in the long run. Even the rumor mill had moved on before the iPhone 15 was even released. If this is the technological innovation we’ve all been waiting for, why does it sound like no one cares?
Newer Is Better
I might be overselling the importance of Wi-Fi 6E just a bit, but that’s because I talk to a lot of wireless engineers. More than a couple of them had said they weren’t even going to bother upgrading to the new USB-C wonder phone unless it had Wi-Fi 6E. Of course, I didn’t do a survey to find out how many of them had 6E-capable access points at home, either. I’d bet the number was 100%. I’d be willing to be the survey of people outside of that sphere looking to buy an iPhone Continue reading