Archive

Category Archives for "Networking"

RIPE 76 Sees Strong Focus on Routing Security

The RIPE 76 meeting is happening this week in Marseille, France, held at the fantastic location of the Palais du Pharo overlooking Marseille’s Old Port. And it’s also another record attendance with over 850 people registered.

The first couple of days have primarily been devoted to plenary sessions, and there’s been a big focus on routing security. Erik Bais (A2B Internet) kicked off the discussion with a presentation on ‘Why are we still seeing DDoS traffic?‘, which highlighted that DDoS attacks are still originating from the same networks. Looking at the list of the worst offenders, there’s even one amongst the regular RIPE attendees, and he called for networks to clean up their acts. This was also a good opportunity to highlight the MANRS initiative, which of course includes measures to mitigate amplification attacks, and encourages networks to make good routing practices the norm.

Alexander Azimov (Qrator Labs) reinforced this message by outlining the current problems with BGP, including the ongoing route leaks and hijacks affecting the Internet. There are currently only moral obligations to not use other providers’ address space or to support anti-spoofing policies, yet major providers (including Tier 1 providers) continue to both originate Continue reading

IDG Contributor Network: Rationale in irrationality – The coming of cloud bust?

Any technology, product, or service can become so popular that it develops a trendiness, in which case it becomes difficult to determine if the tool actually has its perceived value or is causing overzealousness in the market. Cloud computing has the huge visibility that could allow it to become an overvalued product, which could allow industry analysts to think it will expand more rapidly than it actually will. This article explores the current industry growth rate projections for the cloud and signs that these growth rates could begin to slow in the years ahead.The numbers: how fast is cloud growing? For many reasons, businesses are turning toward the cloud. One key one is that a greater understanding has developed that the security of cloud is preferable to the security of on-premise architecture.To read this article in full, please click here

Survey: Mainstream adoption of SDN, SD-WAN finally arrives

In 2018, for the first time cloud and software-defined data-center concerns have become the primary focus of enterprise network teams, bumping server virtualization from the top spot, according to an Enterprise management Associates (EMA) report based on a survey of 251 North American and European enterprise network managersThis is the first shift in their priorities for in more than a decade. Since 2008, EMA has been asking network managers to identify the broad IT initiatives that drive their priorities. Server virtualization has dominated their responses year after year. Cloud and software-defined data center (SDDC) architectures have always been secondary or tertiary drivers.To read this article in full, please click here

Survey: Mainstream adoption of SDN, SD-WAN finally arrives

In 2018, for the first time cloud and software-defined data-center concerns have become the primary focus of enterprise network teams, bumping server virtualization from the top spot, according to an Enterprise management Associates (EMA) report based on a survey of 251 North American and European enterprise network managersThis is the first shift in their priorities for in more than a decade. Since 2008, EMA has been asking network managers to identify the broad IT initiatives that drive their priorities. Server virtualization has dominated their responses year after year. Cloud and software-defined data center (SDDC) architectures have always been secondary or tertiary drivers.To read this article in full, please click here

Get Familiar with Leaf-and-Spine Fabrics

An attendee of my Building Next-Generation Data Center online course asked me what the best learning path might be for a total (data center) beginner that has to design and install a small leaf-and-spine fabric in a near future.

This blog post was written for ipSpace.net subscribers who want to get the most out of ipSpace.net content. If you’re only interested in free stuff, you might feel it’s a waste of your time. You’ve been warned ;)

Read more ...

Why I’m Joining Cloudflare

Why I'm Joining Cloudflare

I love working as a Chief Security Officer because every day centers around building something that makes people safer. Back in 2002, as I considered leaving my role as a cybercrime federal prosecutor to work in tech on e-commerce trust and safety, a mentor told me, “You have two rewarding but very different paths: you can prosecute one bad actor at a time, or you can try to build solutions that take away many bad actors' ability to do harm at all.” And while each is rewarding in its own way, my best days are those where I get to see harm prevented—at Internet scale.

Why I'm Joining Cloudflare

In 2016, while traveling the United States to conduct hearings on the condition of Internet security as a member of President Obama's cyber commission, my co-commissioners noticed I had fallen into a pattern of asking the same question of every panelist: “Who is responsible for building a safer online environment where small businesses can set up shop without fear?” We heard many answers that all led to the same “not a through street” conclusion: Most law enforcement agencies extend their jurisdiction online, but there are no digital equivalents to the Department of Continue reading

Dismantling Cisco’s Conservation of Complexity Gambit

From the very beginning, Cisco Systems tightly embraced the use of complexity as a market differentiator. Creating a complicated CLI to configure networking gear instead of a relatively simple GUI – Wellfleet’s choice — was an early move down this path.   The next cab off this particular rank was the creation of the CCIE (Cisco Certified Internetwork Expert) program in the early 1990’s, which, in full disclosure, I had a hand in developing back in the day.  This program was explicitly designed to be as difficult and complicated as possible – mirroring the products themselves – so that a CCIE “diploma” on a cubicle wall would be considered a badge of honor and give bragging rights to its owner.  And, with something like 3-1/2-million CCIEs out there today, this particular bit of planned complexity was clearly a winner.

The inherent irony in all of this is that ante-Cisco life in networking was quite a simple place, really. (Show of hands anyone who remembers the two top bridging vendors, Halley Systems and Vitalink?)  But, at the end of the day, networks had to grow so that businesses and, eventually, the Internet, could run on them, and bridging technology simply Continue reading

Dismantling Cisco’s Conservation of Complexity Gambit

From the very beginning, Cisco Systems tightly embraced the use of complexity as a market differentiator. Creating a complicated CLI to configure networking gear instead of a relatively simple GUI – Wellfleet’s choice — was an early move down this path.   The next cab off this particular rank was the creation of the CCIE (Cisco Certified Internetwork Expert) program in the early 1990’s, which, in full disclosure, I had a hand in developing back in the day.  This program was explicitly designed to be as difficult and complicated as possible – mirroring the products themselves – so that a CCIE “diploma” on a cubicle wall would be considered a badge of honor and give bragging rights to its owner.  And, with something like 3-1/2-million CCIEs out there today, this particular bit of planned complexity was clearly a winner.

The inherent irony in all of this is that ante-Cisco life in networking was quite a simple place, really. (Show of hands anyone who remembers the two top bridging vendors, Halley Systems and Vitalink?)  But, at the end of the day, networks had to grow so that businesses and, eventually, the Internet, could run on them, and bridging technology simply Continue reading

You get TLS 1.3! You get TLS 1.3! Everyone gets TLS 1.3!

You get TLS 1.3! You get TLS 1.3! Everyone gets TLS 1.3!

It's no secret that Cloudflare has been a big proponent of TLS 1.3, the newest edition of the TLS protocol that improves both speed and security, since we have made it available to our customers starting in 2016. However, for the longest time TLS 1.3 has been a work-in-progress which meant that the feature was disabled by default in our customers’ dashboards, at least until all the kinks in the protocol could be resolved.

With the specification finally nearing its official publication, and after several years of work (as well as 28 draft versions), we are happy to announce that the TLS 1.3 feature on Cloudflare is out of beta and will be enabled by default for all new zones.

You get TLS 1.3! You get TLS 1.3! Everyone gets TLS 1.3!

For our Free and Pro customers not much changes, they already had TLS 1.3 enabled by default from the start. We have also decided to disable the 0-RTT feature by default for these plans (it was previously enabled by default as well), due to its inherent security properties. It will still be possible to explicitly enable it from the dashboard or the API (more on 0-RTT soon-ish in another blog post).

Our Business and Continue reading

Culture Shifts and Work Travel Learnings

I’ve seen a few Twitter threads recently about learning to live with the sudden plenty of working for tech companies. If you didn’t grow up that way, the adjustment takes time. It made me think about a few things I’ve learnt about corporate travel, and mistakes I’ve made along the way. People who grew in the corporate world instinctively know stuff I had to learn. Here’s some of the mistakes, and learnings:

Sudden Change of Scene

There’s been a few threads recently on Twitter related to the concept of “growing up poor, and learning how to adapt to working in well-paid industries.”

Here’s an example thread:

Read the thread - there’s some gems in there. Stuff like these hit home for me: