Archive

Category Archives for "Networking"

VMware Cloud on AWS with NSX: Connecting SDDCs Across Different AWS Regions

I prior shared this post on the LinkedIN publishing platform and my personal blog at HumairAhmed.com. In my prior blog post, I discussed how with VMware Cloud on AWS (VMC on AWS) customers get the best of both worlds for their move to a Software Defined Data Center (SDDC) – the leading compute, storage, and network virtualization stack for enterprises deployed on dedicated, elastic, bare-metal, and highly available AWS infrastructure. Another benefit of VMC on AWS, and the focus of this post, is that you can easily have a global footprint by deploying multiple VMC SDDCs in different regions. Continue reading

How “expensive” is crypto anyway?

I wouldn’t be surprised if the title of this post attracts some Bitcoin aficionados, but if you are such, I want to disappoint you. For me crypto means cryptography, not cybermoney, and the price we pay for it is measured in CPU cycles, not USD.

If you got to this second paragraph you probably heard that TLS today is very cheap to deploy. Considerable effort was put to optimize the cryptography stacks of OpenSSL and BoringSSL, as well as the hardware that runs them. However, aside for the occasional benchmark, that can tell us how many GB/s a given algorithm can encrypt, or how many signatures a certain elliptic curve can generate, I did not find much information about the cost of crypto in real world TLS deployments.

CC BY-SA 2.0 image by Michele M. F.

As Cloudflare is the largest provider of TLS on the planet, one would think we perform a lot of cryptography related tasks, and one would be absolutely correct. More than half of our external traffic is now TLS, as well as all of our internal traffic. Being in that position means that crypto performance is critical to our success, and as it Continue reading

How “expensive” is crypto anyway?

I wouldn’t be surprised if the title of this post attracts some Bitcoin aficionados, but if you are such, I want to disappoint you. For me crypto means cryptography, not cybermoney, and the price we pay for it is measured in CPU cycles, not USD.

If you got to this second paragraph you probably heard that TLS today is very cheap to deploy. Considerable effort was put to optimize the cryptography stacks of OpenSSL and BoringSSL, as well as the hardware that runs them. However, aside for the occasional benchmark, that can tell us how many GB/s a given algorithm can encrypt, or how many signatures a certain elliptic curve can generate, I did not find much information about the cost of crypto in real world TLS deployments.

CC BY-SA 2.0 image by Michele M. F.

As Cloudflare is the largest provider of TLS on the planet, one would think we perform a lot of cryptography related tasks, and one would be absolutely correct. More than half of our external traffic is now TLS, as well as all of our internal traffic. Being in that position means that crypto performance is critical to our success, and as it Continue reading

From Zero to One Hundred in the Arctic Slope

In November 2017, the Internet Society hosted the inaugural Indigenous Connectivity Summit in Santa Fe, New Mexico. The event brought together community network operators, Internet service providers, community members, researchers, policy makers, and Indigenous leadership. One of the participants shared her story.

“‘Mom, did you have YouTube?’” Patuk Glenn, recalls her six year old son asking. Glenn, who lives in Utqiaġvik – a city in Alaska north of the Arctic Circle – laughs as she remembers one of his first words: “loading,” thanks to the sluggish Internet speeds on the Arctic Slope. But things are changing, and soon. Fiber optic cable is going live in Glenn’s community and she has travelled to the Indigenous Connectivity Summit looking for lessons from other Indigenous communities. “We’re going from zero to one hundred overnight,” says Glenn. “How can we best prepare our people?”

It’s not just a question of digital literacy. Glenn’s looking for information on cybersecurity and entrepreneurship – as high-speed Internet opens avenues for economic development and for community members to share their own content with the rest of the world. Like many summit participants, Glenn sees connectivity as a pathway to enable education: not only unlocking online courses, but Continue reading

Twinax – Cheap, Cheerful and Annoyingly Chubby

What’s not to love about twinax? Formerly the exclusive domain of IBM systems, twinax has seen itself reborn in the last few years in the form of the Direct Attach Cable (DAC) used to connect systems at speeds of 10Gbps and 40Gbps (by way of bundling four twinax pairs in a single cable).

Twinax

Direct Attach Cables

Before diving into the pros and cons of DAC, it’s important to understand the different varieties that are available. A DAC is a cable which has SFP+ format connectors hard-wired on each end; plug each end into an SFP+ socket and, vendor support notwithstanding, the link should come up. A direct attach cable is frequently and erroneously referred to as a “DAC cable”, so if the words “PIN number” give you the jitters, working anywhere with DACs is likely to drive you to drink.

Passive Copper DAC (Twinax)

The most common kind of DAC is the passive DAC. The SFP+ connector on a passive DAC, give or take some electrical protection circuitry, is pretty much a direct connection from the copper in the twinax to the copper contacts which connect to the host device:

Passive Copper DAC

Sending a 10G signal over a single copper pair requires Continue reading

IDG Contributor Network: 4 advantages of using a Bluetooth mesh network

Companies everywhere are waking up and starting to realize that implementing a mesh network is the best choice for them if they want to remain relevant well into the future. While various technologies are being employed across the nation to achieve this goal, it remains inarguable that Bluetooth is the best option for most companies aiming to leverage a mesh network for success in the marketplace.So why should you choose to employ a Bluetooth-based strategy, and what specific advantages will you gain from it that others who shun it will miss out on? Check out these boons that you’ll soon be enjoying if you rely on a Bluetooth mesh network, and your company will be clamoring to adopt it in no time.To read this article in full, please click here

IDG Contributor Network: 4 advantages of using a Bluetooth mesh network

Companies everywhere are waking up and starting to realize that implementing a mesh network is the best choice for them if they want to remain relevant well into the future. While various technologies are being employed across the nation to achieve this goal, it remains inarguable that Bluetooth is the best option for most companies aiming to leverage a mesh network for success in the marketplace.So why should you choose to employ a Bluetooth-based strategy, and what specific advantages will you gain from it that others who shun it will miss out on? Check out these boons that you’ll soon be enjoying if you rely on a Bluetooth mesh network, and your company will be clamoring to adopt it in no time.To read this article in full, please click here

Tech predictions for 2018: Data center trends to watch for

Yes, it's that time of the year again. Another year gone by, which means another batch of predictions for the future.As is always the case, I own up to my misfires by leading off with the predictions I made last year and admitting what came true and what didn't. So, let's get that out of the way.My 2017 predictions: some hits, some misses Apple continues to lose its cool. — I think I got this one right. iPhone 8/X sales are not what they were expected to be, the list of complaints is growing and more and more people say the company has fallen behind. Hell, even I switched to a Galaxy after frustration with the poor quality of iOS 11. Cloud adoption will slow. — Oh, boy, did I blow that one. Some tech manufacturing will return to the U.S. — I don’t know about tech, although I did see Microsoft has moved Surface manufacturing to China. But overall, manufacturing has gained 138,000 jobs in 2017 vs. a loss of 34,000 in 2016. And we all know who will take credit for that. China will lose its luster as a manufacturing hub. — Clearly that has Continue reading

Tech predictions for 2018: Data center trends to watch for

Yes, it's that time of the year again. Another year gone by, which means another batch of predictions for the future.As is always the case, I own up to my misfires by leading off with the predictions I made last year and admitting what came true and what didn't. So, let's get that out of the way.My 2017 predictions: some hits, some misses Apple continues to lose its cool. — I think I got this one right. iPhone 8/X sales are not what they were expected to be, the list of complaints is growing and more and more people say the company has fallen behind. Hell, even I switched to a Galaxy after frustration with the poor quality of iOS 11. Cloud adoption will slow. — Oh, boy, did I blow that one. Some tech manufacturing will return to the U.S. — I don’t know about tech, although I did see Microsoft has moved Surface manufacturing to China. But overall, manufacturing has gained 138,000 jobs in 2017 vs. a loss of 34,000 in 2016. And we all know who will take credit for that. China will lose its luster as a manufacturing hub. — Clearly that has Continue reading

(Micro)benchmarking Linux kernel functions

Usually, the performance of a Linux subsystem is measured through an external (local or remote) process stressing it. Depending on the input point used, a large portion of code may be involved. To benchmark a single function, one solution is to write a kernel module.

Minimal kernel module

Let’s suppose we want to benchmark the IPv4 route lookup function, fib_lookup(). The following kernel function executes 1,000 lookups for 8.8.8.8 and returns the average value.1 It uses the get_cycles() function to compute the execution “time.”

/* Execute a benchmark on fib_lookup() and put
   result into the provided buffer `buf`. */
static int do_bench(char *buf)
{
    unsigned long long t1, t2;
    unsigned long long total = 0;
    unsigned long i;
    unsigned count = 1000;
    int err = 0;
    struct fib_result res;
    struct flowi4 fl4;

    memset(&fl4, 0, sizeof(fl4));
    fl4.daddr = in_aton("8.8.8.8");

    for (i = 0; i < count; i++) {
        t1 = get_cycles();
        err |=  Continue reading

Our commitment to open networking

On Monday we released our latest version of Cumulus Linux, 3.5. It includes symmetric VxLAN routing, Voice VLAN and 10 new hardware platforms. This includes General Availability (GA) of our two supported chassis, the four slot Backpack and eight slot OMP800. We announced Early Access (EA) support for both chassis in our previous release, Cumulus Linux 3.4.

At Cumulus, moving fast to fix problems and get features in the hands of our customers is core to our culture. In today’s webscale networks, it’s hard for even the largest of organizations to operate on classic 18+ month buying cycles. Some folks want the ability to use new technology as soon as possible.

The EA process gives customers the ability to use working software or hardware and provide direct feedback on the final product. That feedback improves all aspects of the product, from purchasing, delivery, default configurations or operations.

When we announced EA for our chassis systems, we had many Fortune 500 customers express interest. For some, the EA process allowed them to start the purchasing process knowing that it would take months until a final purchase order was ready. For others, they were able to put working, stable Continue reading

Programming Unbound

I’m doing some research on Facebook’s Open/R routing platform for a future blog post. I’m starting to understand the nuances a bit compared to OSPF or IS-IS, but during my reading I got stopped cold by one particular passage:

Many traditional routing protocols were designed in the past, with a strong focus on optimizing for hardware-limited embedded systems such as CPUs and RAM. In addition, protocols were designed as purpose-built solutions to solve the particular problem of routing for connectivity, rather than as a flexible software platform to build new applications in the network.

Uh oh. I’ve seen language like this before related to other software projects. And quite frankly, it worries me to death. Because it means that people aren’t learning their lessons.

New and Improved

Any time I see an article about how a project was rewritten from the ground up to “take advantage of new changes in protocols and resources”, it usually signals to me that some grad student decided to rewrite the whole thing in Java because they didn’t understand C. It sounds a bit cynical, but it’s not often wrong.

Want proof? Check out Linus Torvalds and his opinion about rewriting the Linux kernel in Continue reading

1 1,514 1,515 1,516 1,517 1,518 3,443