Does EVPN/VXLAN over SD-WAN Make Sense?
It looks like we might be seeing VXLAN-over-SDWAN deployments in the wild. Here’s the “why that makes sense” argument I received from a participant of the ipSpace.net Design Clinic in which I wasn’t exactly enthusiastic about the idea.
Also, the EVPN-over-WAN idea is not hypothetical since EVPN+VXLAN is now the easiest way to build L3VPN with data center switches that don’t support MPLS LDP. Folks with no interest in EVPN’s L2 features are still using it for L3VPN.
Let’s unravel this scenario a bit:
Why Single-Port LAGs?
I recommend always using LACP for external connections. It will make your life easier, even when you only have a single connection. Here’s why we do it.
If you set up a PNI with AS32590, we will strongly recommend the use of LACP, even for a single link. If you have two PNIs with us, they will each be separate single-member LAGs, because they will be on different routers on our side.
It’s only once you have more than 2 links that we start using LACP in the way most people think of it.
It’s not just us. In Google’s Peering Policy, under “Private peering physical connection requirements”, it states
Link aggregation via LACP is required for all links, including single links
Ever wondered why that is? What’s the point in setting up a LAG if I only have one link? What does it give me? More lines of config for no operational enhancement? And I thought we should use L3 everywhere anyway?
I can’t speak for Google, only for the way we operate our network. But I’m pretty sure their reasons are similar to ours. The obvious reason is for future growth, but there are operational benefits too.
Continue reading
Welcome to Birthday Week 2023
Having been at Cloudflare since it was tiny it’s hard to believe that we’re hitting our teens! But here we are 13 years on from launch. Looking back to 2010 it was the year of iPhone 4, the first iPad, the first Kinect, Inception was in cinemas, and TiK ToK was hot (well, the Kesha song was). Given how long ago all that feels, I'd have a hard time predicting the next 13 years, so I’ll stick to predicting the future by creating it (with a ton of help from the Cloudflare team).
Building the future is, in part, what Birthday Week is about. Over the past 13 years we’ve announced things like Universal SSL (doubling the size of the encrypted web overnight and helping to usher in the largely encrypted web we all use; Cloudflare Radar shows that worldwide 99% of HTTP requests are encrypted), or Cloudflare Workers (helping change the way people build and scale applications), or unmetered DDoS protection (to help with the scourge of DDoS).
This year will be no different.
Winding back to the year I joined Cloudflare we made our first Birthday Week announcement: our automatic IPv6 gateway. Fast-forward to today and Continue reading
Cisco Aims to Bolster Cloud Security and Resilience With Splunk
Cisco’s acquisition of Splunk will bring together powerful infrastructure security and observability offerings with advanced data management capabilities.Heavy Networking 702: Supporting Network Automation With The Pandas Python Library
Today's Heavy Networking covers Pandas. Not the cuddly bears that eat bamboo, but the Python library that makes it easy for you to work with a set of data. Import Pandas at the top of your Python script, follow one of many Pandas tutorials online, and in short order you’ll be able to perform data operations in a spreadsheet-like way. We talk network automation use cases for Pandas with Rick Donato.
The post Heavy Networking 702: Supporting Network Automation With The Pandas Python Library appeared first on Packet Pushers.
Heavy Networking 702: Supporting Network Automation With The Pandas Python Library
Today's Heavy Networking covers Pandas. Not the cuddly bears that eat bamboo, but the Python library that makes it easy for you to work with a set of data. Import Pandas at the top of your Python script, follow one of many Pandas tutorials online, and in short order you’ll be able to perform data operations in a spreadsheet-like way. We talk network automation use cases for Pandas with Rick Donato.Typo traps: analyzing traffic to exmaple.com (or is it example.com?)
A typo is one of those common mistakes with unpredictable results when it comes to the Internet’s domain names (DNS). In this blog post we’re going to analyze traffic for exmaple.com, and see how a very simple human error ends up creating unintentional traffic on the Internet.
Cloudflare has owned exmaple.com for a few years now, but don’t confuse it with example.com! example.com is a reserved domain name set by the Internet Assigned Numbers Authority (IANA), under the direction of the Internet Engineering Task Force (IETF). It has been used since 1999 as a placeholder, or example, in documentation, tutorials, sample network configurations, or to prevent accidental references to real websites. We use it extensively on this blog.
As I’m writing it, the autocorrect system transforms exmaple.com into example.com, every time, assuming I must have misspelled it. But in situations where there’s no automatic spelling correction (for example, while editing a configuration file) it’s easy for example to become exmaple.
And so, lots of traffic goes to exmaple.com by mistake — whether it was a typoed attempt to reach example.com or due to other random reasons. Fake email accounts in Continue reading
Repost: L2 Is Bad
Roman Pomazanov documented his thoughts on the beauties of large layer-2 domains in a LinkedIn article and allowed me to repost it on ipSpace.net blog to ensure it doesn’t disappear
First of all: “L2 is a single failure domain”, a problem at one point can easily spread to the entire datacenter.
Repost: L2 Is Bad
Roman Pomazanov documented his thoughts on the beauties of large layer-2 domains in a LinkedIn article and allowed me to repost it on ipSpace.net blog to ensure it doesn’t disappear
First of all: “L2 is a single failure domain”, a problem at one point can easily spread to the entire datacenter.
Kubernetes Unpacked 035: Chaos Engineering In Kubernetes And The Litmus Project
In today's Kubernetes Unpacked, Michael and Kristina catch up with Prithvi Raj and Sayan Mondal to talk about all things Chaos Engineering in the Kubernetes space! We chat about the open source and CNCF incubating project, Litmus, and various other topics including why Chaos Engineering is important, how it can help all organizations, how every engineer can use it, and more.
The post Kubernetes Unpacked 035: Chaos Engineering In Kubernetes And The Litmus Project appeared first on Packet Pushers.
Kubernetes Unpacked 035: Chaos Engineering In Kubernetes And The Litmus Project
In today's Kubernetes Unpacked, Michael and Kristina catch up with Prithvi Raj and Sayan Mondal to talk about all things Chaos Engineering in the Kubernetes space! We chat about the open source and CNCF incubating project, Litmus, and various other topics including why Chaos Engineering is important, how it can help all organizations, how every engineer can use it, and more.IPv6 Buzz 135: Making Sense Of IPv6 Address Formatting
Today's IPv6 Buzz episode dives into the topic of IPv6 address formatting, the do's and don'ts of representing an IPv6 address, and what guidance RFC 5952 provides for representing these very long addresses in text.
The post IPv6 Buzz 135: Making Sense Of IPv6 Address Formatting appeared first on Packet Pushers.
IPv6 Buzz 135: Making Sense Of IPv6 Address Formatting
Today's IPv6 Buzz episode dives into the topic of IPv6 address formatting, the do's and don'ts of representing an IPv6 address, and what guidance RFC 5952 provides for representing these very long addresses in text.Cisco Will Buy Splunk for $28B in Huge AI Cybersecurity Play
The companies will combine efforts to offer more software solutions aimed at AI cybersecurity.Hedge 195: DDoS Inflection with Barry Greene
DDoS attacks still play a major role in the global Internet, costing organizations tens (or hundreds) or millions of dollars each year. What are the current and future trends in DDoS attacks? Barry Greene, a global expert in DDoS mitigation, joins Russ White and Tom Ammon to discuss the future of DDoS.
Cloudflare Email Security now works with CrowdStrike Falcon LogScale
We are excited to announce an extended partnership between CrowdStrike and Cloudflare to bring together Cloudflare Email Security and CrowdStrike Falcon® LogScale. With this integration, joint customers who have both Falcon LogScale and Cloudflare Email Security can now send detection data to be ingested and displayed within their Falcon LogScale dashboard.
What is CrowdStrike Falcon LogScale?
CrowdStrike Falcon LogScale enables organizations to ingest, aggregate and analyze massive volumes of streaming log data from a wide array of sources at petabyte scale. It offers search and visualization capabilities, enabling users to easily query and explore their log data to gain valuable insights and identify security threats or anomalies.
Falcon LogScale helps customers by providing:
Log Ingestion It supports the collection of logs from diverse sources and can handle high volumes of log data in real time.
Real-Time Search Users can perform fast searches across their log data, enabling quick detection and investigation of security incidents or operational issues.
Dashboards and Visualizations Falcon LogScale offers customizable dashboards and visualizations to help teams gain insights from their log data.
All of these capabilities enable proactive threat hunting by leveraging advanced analytics. It helps security teams identify potential threats, detect anomalies, and quickly remediate Continue reading