Archive

Category Archives for "Networking"

Routing information now on Cloudflare Radar

Routing information now on Cloudflare Radar
Routing information now on Cloudflare Radar

Routing is one of the most critical operations of the Internet. Routing decides how and where the Internet traffic should flow from the source to the destination, and can be categorized into two major types: intra-domain routing and inter-domain routing. Intra-domain routing handles making decisions on how individual packets should be routed among the servers and routers within an organization/network. When traffic reaches the edge of a network, the inter-domain routing kicks in to decide what the next hop is and forward the traffic along to the corresponding networks. Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet.

Today, we are introducing another section on Cloudflare Radar: the Routing page, which focuses on monitoring the BGP messages exchanged to extract and present insights on the IP prefixes, individual networks, countries, and the Internet overall. The new routing data allows users to quickly examine routing status of the Internet, examine secure routing protocol deployment for a country, identify routing anomalies, validate IP block reachability and much more from globally distributed vantage points.

It’s a detailed view of how the Internet itself holds together.

Routing information now on Cloudflare Radar

Collecting routing statistics

The Internet consists of tens of thousands of interconnected Continue reading

Q2 2023 Internet disruption summary

Q2 2023 Internet disruption summary

This post is also available in Deutsch, Français, 日本語, 简体中文, 繁體中文 and 한국어.

Q2 2023 Internet disruption summary

Cloudflare operates in more than 300 cities in over 100 countries, where we interconnect with over 12,000 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions.

The second quarter of 2023 was a particularly busy one for Internet disruptions, and especially for government-directed Internet shutdowns. During the quarter, we observed many brief disruptions, but also quite a few long-lived ones. In addition to the government-directed Internet shutdowns, we also observed partial or complete outages due to severe weather, cable damage, power outages, general or unspecified technical problems, cyberattacks, military action, and infrastructure maintenance.

As we have noted in the past, this post is intended as a summary overview of observed disruptions, and is not an exhaustive or complete list of issues that have occurred during the quarter.

Government directed

Late spring often marks the start of a so-called “exam season” in several Continue reading

GigaIO introduces single-node AI supercomputer

Installation and configuration of high-performance computing (HPC) systems can be a considerable challenge that requires skilled IT pros to set up the software stack, for example, and optimize it for maximum performance – it isn't like building a PC with parts bought off NewEgg.GigaIO, which specializes in infrastructure for AI and technical computing, is looking to simplify the task. The vendor recently announced a self-contained, single-node system with 32 configured GPUs in the box to offer simplified deployment of AI and supercomputing resources.Up to now, the only way to harness 32 GPUs would require four servers with eight GPUs apiece. There would be latency to contend with, as the servers communicate over networking protocols, and all that hardware would consume floor space.To read this article in full, please click here

GigaIO introduces single-node AI supercomputer

Installation and configuration of high-performance computing (HPC) systems can be a considerable challenge that requires skilled IT pros to set up the software stack, for example, and optimize it for maximum performance – it isn't like building a PC with parts bought off NewEgg.GigaIO, which specializes in infrastructure for AI and technical computing, is looking to simplify the task. The vendor recently announced a self-contained, single-node system with 32 configured GPUs in the box to offer simplified deployment of AI and supercomputing resources.Up to now, the only way to harness 32 GPUs would require four servers with eight GPUs apiece. There would be latency to contend with, as the servers communicate over networking protocols, and all that hardware would consume floor space.To read this article in full, please click here

Day Two Cloud 204: Deploying Cloud-Delivered Security With Cisco Secure Access (Sponsored)

On today's Day Two Cloud we get inside Cisco Secure Access, a new set of cloud-delivered security services from Cisco. We discuss the security capabilities on offer, the service's architecture and components, how Cisco addresses concerns around user experience and performance, and more. This is a sponsored episode.

The post Day Two Cloud 204: Deploying Cloud-Delivered Security With Cisco Secure Access (Sponsored) appeared first on Packet Pushers.

SD-WAN Deployment Failures 101: Lessons From The Field

SD-WAN is a cost-effective, flexible alternative to traditional MPLS networks, but the high rate of failed deployments indicates that achieving successful implementation is not straightforward. Organizations must be prepared to embrace new experience-driven approaches to network management, such as the need for visibility into unmanaged networks, to deploy SD-WAN effectively.

The post SD-WAN Deployment Failures 101: Lessons From The Field appeared first on Packet Pushers.

Is your data center ready for generative AI?

Enterprise adoption of generative artificial intelligence (AI), which is capable of generating text, images, or other media in response to prompts, is in its early stages, but is expected to increase rapidly as organizations find new uses for the technology.“The generative AI frenzy shows no signs of abating,” says Gartner analyst Frances Karamouzis.  “Organizations are scrambling to determine how much cash to pour into generative AI solutions, which products are worth the investment, when to get started and how to mitigate the risks that come with this emerging technology.”To read this article in full, please click here

Is your data center ready for generative AI?

Enterprise adoption of generative artificial intelligence (AI), which is capable of generating text, images, or other media in response to prompts, is in its early stages, but is expected to increase rapidly as organizations find new uses for the technology.“The generative AI frenzy shows no signs of abating,” says Gartner analyst Frances Karamouzis.  “Organizations are scrambling to determine how much cash to pour into generative AI solutions, which products are worth the investment, when to get started and how to mitigate the risks that come with this emerging technology.”To read this article in full, please click here

Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored)

Wireless pros sit at the intersection of networking and security. On today's Heavy Wireless, sponsored by Fortinet, Keith Parsons and guest Ben Wilson discuss this convergence, why visibility into the WLAN and device identity are essential, how Fortinet integrates its Fortigate firewalls with wired and wireless neteworks for unified management and policy enforcement, and more.

The post Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored) appeared first on Packet Pushers.

Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored)

Wireless pros sit at the intersection of networking and security. On today's Heavy Wireless, sponsored by Fortinet, Keith Parsons and guest Ben Wilson discuss this convergence, why visibility into the WLAN and device identity are essential, how Fortinet integrates its Fortigate firewalls with wired and wireless neteworks for unified management and policy enforcement, and more.

Network giants unite to fight security risks

A group of industry stalwarts is banding together to help enterprises, services providers and telcos fight cyber foes.The Network Resilience Coalition includes AT&T, Broadcom, BT Group, Cisco Systems, Fortinet, Intel, Juniper Networks, Lumen Technologies, Palo Alto Networks, Verizon and VMware. Its aim is to deliver open and collaborative techniques to help improve the security of network hardware and software across the industry.The coalition was brought together under the Center for Cybersecurity Policy & Law, a nonprofit organization dedicated to improving the security of networks, devices and critical infrastructure. The Center has a broad security mission, but at least for now, it wants the Resilience group to focus on routers, switches and firewalls that are older, may have reached end-of-life vendor support, or have been overlooked for security patching or replacement. To read this article in full, please click here

Network giants unite to fight security risks

A group of industry stalwarts is banding together to help enterprises, services providers and telcos fight cyber foes.The Network Resilience Coalition includes AT&T, Broadcom, BT Group, Cisco Systems, Fortinet, Intel, Juniper Networks, Lumen Technologies, Palo Alto Networks, Verizon and VMware. Its aim is to deliver open and collaborative techniques to help improve the security of network hardware and software across the industry.The coalition was brought together under the Center for Cybersecurity Policy & Law, a nonprofit organization dedicated to improving the security of networks, devices and critical infrastructure. The Center has a broad security mission, but at least for now, it wants the Resilience group to focus on routers, switches and firewalls that are older, may have reached end-of-life vendor support, or have been overlooked for security patching or replacement. To read this article in full, please click here

Preventing Vulnerable Container Deployments with Admission Control

In a previous blog post, Hands-on guide: How to scan and block container images to mitigate SBOM attacks, we looked at how Software Supply Chain threats can be identified and assessed. The severity of these vulnerabilities determine the posture or scan result for an image i.e. Pass, Warning or Fail. The next question is “What can we do with these results?”. To improve the security posture to reduce attacks on your workload we must ensure that workloads have the fewest possible vulnerabilities and layer on configuration security with KSPM, egress controls, and microsegmentation.

In this post we will cover how the scan results can be leveraged to add an additional layer of protection during Deploy Time in application deployment lifecycles.

It’s worth noting that Calico’s Image Scanner is an offline binary which can be run locally. This means the Image Scanner can be baked into any existing Continuous Integration/Continuous Delivery(CI/CD) pipeline. For example, after an image has been built the image can be scanned by the Image Scanner in an Execution Environment. Here checks can be configured to prevent the image from being pushed to a registry should vulnerabilities be detected. This is effectively how image scanning Continue reading

The real risk of AI in network operations

OK, you used to worry about nuclear war, then pandemics, then maybe an asteroid hitting earth or the sun going nova. Now, some want you to add AI to the list of things to worry about, and yes, you should probably do that. I’d hold off on worrying that AI will end life on earth, but users themselves tell me that AI does pose some risks, particularly the current ultra-hot “generative AI” that ChatGPT popularized. That’s particularly true for those who want to apply it to network operations.I got input from 197 senior IT and network professionals over the last month, and none of them believed that AI could lead to the mass extinction of humanity. Well over half said that they hadn’t seen any crippling long-term downsides to AI use, and all of them said that their company used AI “somewhere.” Thirty-four offered real insight into the use of AI in network operations, and I think this group offers us the best look at AI in network missions.To read this article in full, please click here

How Cloudflare is staying ahead of the AMD Zen vulnerability known as “Zenbleed”

How Cloudflare is staying ahead of the AMD Zen vulnerability known as “Zenbleed”
How Cloudflare is staying ahead of the AMD Zen vulnerability known as “Zenbleed”

Google Project Zero revealed a new flaw in AMD's Zen 2 processors in a blog post today. The 'Zenbleed' flaw affects the entire Zen 2 product stack, from AMD's EPYC data center processors to the Ryzen 3000 CPUs, and can be exploited to steal sensitive data stored in the CPU, including encryption keys and login credentials. The attack can even be carried out remotely through JavaScript on a website, meaning that the attacker need not have physical access to the computer or server.

Cloudflare’s network includes servers using AMD’s Zen line of CPUs. We have patched our entire fleet of potentially impacted servers with AMD’s microcode to mitigate this potential vulnerability. While our network is now protected from this vulnerability, we will continue to monitor for any signs of attempted exploitation of the vulnerability and will report on any attempts we discover in the wild. To better understand the Zenbleed vulnerability, read on.

Background

Understanding how a CPU executes programs is crucial to comprehending the attack's workings. The CPU works with an arithmetic processing unit called the ALU. The ALU is used to perform mathematical tasks. Operations like addition, multiplication, and floating-point calculations fall under this category. The CPU's clock Continue reading

1 152 153 154 155 156 3,414