Archive

Category Archives for "Networking"

Too Big To Fail is More Likely to Fail ?

People think that big companies are too big to fail and thats why you should buy from big companies.  Except that this is no longer true. To whit: HPE just divested all of its software assets. While HPE maintains a substantial interest in the new owner, I’m confident that HPE will walk away from those […]

BrandPost: BUILDING A BEST-OF-BREED MULTICLOUD STRATEGY

Best-of-breed strategies have long since fallen out of favor in the enterprise, because the work required to stitch together the components proved to be too difficult. But best of breed is back with cloud. Companies today are hell-bent on buying the ideal SaaS, PaaS, and IaaS cloud services for the job, and while APIs make the integration work easier, the resultant cloud silos create a new challenge: How do you assure service performance in this multi-cloud world?The short answer: By maintaining global knowledge of what is happening (and where) across IT infrastructure, applications, and services. But we’ll get back to that.Companies use eight cloud providers on average, according to IHS Markit Ltd., a research firm in London. IHS’ survey of 155 companies in a range of industries shows that number swelling to 11 within two years. When you include any and all SaaS services, the average number of cloud applications that companies use explodes to almost 1,500, by some counts. To read this article in full, please click here

BrandPost: SERVICE INTELLIGENCE: CLOUD MIGRATION’S SECRET WEAPON

By now, it's pretty clear that cloud migration can yield big benefits. In fact, a recent survey from research firm ESG found that nearly 40% of respondents said migrating reduced data center build-out costs. It also increases resource elasticity and speeds up service provisioning.Reaping those benefits is by no means a sure thing, however.  To attain cloud migration nirvana, companies must successfully navigate a host of challenges, including retaining visibility and control over service quality and performance.To read this article in full, please click here

On the ‘web: The Best Decicions

A long time ago, when I worked for a major vendor’s escalation team, I was called into a customer to help them move from one routing protocol to another. We spent some time looking over their network, discussing how best to approach the problems they would probably encounter, how long it would take to make the change, and many other issues involved. Finally, over lunch, I asked why they were planning on changing routing protocols. @ECI

Cloudflare launches 1.1.1.1 DNS service with privacy, TLS and more

There was an important development this month with the launch of Cloudflare’s new 1.1.1.1 DNS resolver service. This is a significant development for several reasons, but in particular it supports the new DNS-over-TLS and DNS-over-HTTPS protocols that allow for confidential DNS querying and response.

Why 1.1.1.1?

Before we get to that though, Cloudflare joins Google’s Public DNS that uses 8.8.8.8 and Quad9 DNS that uses 9.9.9.9, by implementing 1.1.1.1 as a memorable IP address for accessing its new DNS service. IP addresses are generally not as memorable as domain names, but you need access to a DNS server before you can resolve domain names to IP addresses, so configuring numbers is a necessity. And whilst a memorable IP address might be cool, it’s also proved important recently when DNS resolvers have been blocked or taken down, requiring devices to be pointed elsewhere.

The 1.1.1.1 address is part of the 1.1.1.0 – 1.1.1.255 public IP address range actually allocated to APNIC, one of the five Regional Internet Registries, but it has been randomly used as an address for Continue reading

One in five serverless apps has a critical security vulnerability

Serverless computing is an emerging trend that is likely to explode in popularity this year. It takes the idea of a smaller server footprint to the next level. First, there were virtual machines, which ran a whole instance of an operating system. Then they were shrunk to containers, which only loaded the bare minimum of the OS required to run the app. This led to a smaller footprint.Now we have “serverless” apps, which is a bit of a misnomer. They still run on a server; they just don’t have a dedicated server, virtual machine, or container running 24/7. They run in a server instance until they complete their task, then shut down. It’s the ultimate in small server footprint and reducing server load.To read this article in full, please click here

One in five serverless apps has a critical security vulnerability

Serverless computing is an emerging trend that is likely to explode in popularity this year. It takes the idea of a smaller server footprint to the next level. First, there were virtual machines, which ran a whole instance of an operating system. Then they were shrunk to containers, which only loaded the bare minimum of the OS required to run the app. This led to a smaller footprint.Now we have “serverless” apps, which is a bit of a misnomer. They still run on a server; they just don’t have a dedicated server, virtual machine, or container running 24/7. They run in a server instance until they complete their task, then shut down. It’s the ultimate in small server footprint and reducing server load.To read this article in full, please click here

One in five serverless apps has a critical security vulnerability

Serverless computing is an emerging trend that is likely to explode in popularity this year. It takes the idea of a smaller server footprint to the next level. First, there were virtual machines, which ran a whole instance of an operating system. Then they were shrunk to containers, which only loaded the bare minimum of the OS required to run the app. This led to a smaller footprint.Now we have “serverless” apps, which is a bit of a misnomer. They still run on a server; they just don’t have a dedicated server, virtual machine, or container running 24/7. They run in a server instance until they complete their task, then shut down. It’s the ultimate in small server footprint and reducing server load.To read this article in full, please click here

DNA data storage closer to becoming reality

Hundreds of megabytes of data have been encoded using DNA in the last few years by scientists. But more recently, not only has the media been stored perfectly in the synthetic variant of the genetic instructions that make up all organic life, but archived data files have been individually retrieved with zero errors, too.It appears that Microsoft Research’s target of a DNA storage system actually functioning within a data center by the turn of the decade, as reported by MIT’s Technological Review a year ago, might be becoming increasingly viable.To read this article in full, please click here

Introducing Spectrum: Extending Cloudflare To 65,533 More Ports

Introducing Spectrum: Extending Cloudflare To 65,533 More Ports

Today we are introducing Spectrum, which brings Cloudflare’s security and acceleration to the whole spectrum of TCP ports and protocols for our Enterprise customers. It’s DDoS protection for any box, container or VM that connects to the internet; whether it runs email, file transfer or a custom protocol, it can now get the full benefits of Cloudflare. If you want to skip ahead and see it in action, you can scroll to the video demo at the bottom.

Introducing Spectrum: Extending Cloudflare To 65,533 More Ports

DDoS Protection

The core functionality of Spectrum is its ability to block large DDoS attacks. Spectrum benefits from Cloudflare’s existing DDoS mitigation (which this week blocked a 900 Gbps flood). Spectrum’s DDoS protection has already been battle tested. Just soon as we opened up Spectrum for beta, Spectrum received its first SYN flood.

One of Spectrum's earliest deployments was in front of Hypixel’s infrastructure. Hypixel runs the largest minecraft server, and because gamers can be - uh, passionate - they were one of the earliest targets of the terabit-per-second Mirai botnet. “Hypixel was one of the first subjects of the Mirai botnet DDoS attacks and frequently receives large attacks. Before Spectrum, we had to rely on unstable services & techniques Continue reading

Abusing Linux’s firewall: the hack that allowed us to build Spectrum

Abusing Linux's firewall: the hack that allowed us to build Spectrum

Today we are introducing Spectrum: a new Cloudflare feature that brings DDoS protection, load balancing, and content acceleration to any TCP-based protocol.

Abusing Linux's firewall: the hack that allowed us to build Spectrum
CC BY-SA 2.0 image by Staffan Vilcans

Soon after we started building Spectrum, we hit a major technical obstacle: Spectrum requires us to accept connections on any valid TCP port, from 1 to 65535. On our Linux edge servers it's impossible to "accept inbound connections on any port number". This is not a Linux-specific limitation: it's a characteristic of the BSD sockets API, the basis for network applications on most operating systems. Under the hood there are two overlapping problems that we needed to solve in order to deliver Spectrum:

  • how to accept TCP connections on all port numbers from 1 to 65535
  • how to configure a single Linux server to accept connections on a very large number of IP addresses (we have many thousands of IP addresses in our anycast ranges)

Assigning millions of IPs to a server

Cloudflare’s edge servers have an almost identical configuration. In our early days, we used to assign specific /32 (and /128) IP addresses to the loopback network interface[1]. This worked well when we had dozens of IP Continue reading

1 1,448 1,449 1,450 1,451 1,452 3,495