Full Stack Journey 082: Inside Talos Linux – The Distro Built For Kubernetes
Today's Full Stack Journey dives into Talos Linux, a "fit-for-purpose OS" designed for running Kubernetes. Host Scott Lowe speaks with Andrew Rynhard about Talos Linux and Sidero Labs, the company behind the Talos open source project. They discuss how Talos differs from other distributions, the concept of machine Linux, how Talos is designed for Kubernetes, and more.
The post Full Stack Journey 082: Inside Talos Linux – The Distro Built For Kubernetes appeared first on Packet Pushers.
Full Stack Journey 082: Inside Talos Linux – The Distro Built For Kubernetes
Today's Full Stack Journey dives into Talos Linux, a "fit-for-purpose OS" designed for running Kubernetes. Host Scott Lowe speaks with Andrew Rynhard about Talos Linux and Sidero Labs, the company behind the Talos open source project. They discuss how Talos differs from other distributions, the concept of machine Linux, how Talos is designed for Kubernetes, and more.
New! Rate Limiting analytics and throttling
Rate Limiting rules are essential in the toolbox of security professionals as they are very effective in managing targeted volumetric attacks, takeover attempts, scraping bots, or API abuse. Over the years we have received a lot of feature requests from users, but two stand out: suggesting rate limiting thresholds and implementing a throttle behavior. Today we released both to Enterprise customers!
When creating a rate limit rule, one of the common questions is “what rate should I put in to block malicious traffic without affecting legitimate users?”. If your traffic is authenticated, API Gateway will suggest thresholds based on auth IDs (such a session-id, cookie, or API key). However, when you don’t have authentication headers, you will need to create IP-based rules (like for a ‘/login’ endpoint) and you are left guessing the threshold. From today, we provide analytics tools to determine what rate of requests can be used for your rule.
So far, a rate limit rule could be created with log, challenge, or block action. When ‘block’ is selected, all requests from the same source (for example, IP) were blocked for the timeout period. Sometimes this is not ideal, as you would rather selectively block/allow requests to Continue reading
Names, Addresses and Routes
It always helps to figure out the challenges of a problem you’re planning to solve, and to have a well-defined terminology. This blog post will mention a few challenges we might encounter while addressing various layers of the networking stack, from data-link layer and all the way up to the application layer, and introduce the concepts of names, addresses and routes.
According to Martin Fowler, one of the best quotes I found on the topic originally came from Phil Karlton:
Names, Addresses and Routes
It always helps to figure out the challenges of a problem you’re planning to solve, and to have a well-defined terminology. This blog post will mention a few challenges we might encounter while addressing various layers of the networking stack, from data-link layer and all the way up to the application layer, and introduce the concepts of names, addresses and routes.
According to Martin Fowler, one of the best quotes I found on the topic originally came from Phil Karlton:
The Hidden Costs of Legacy Technology
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.Wi-Fi 6E Won’t Make a Difference
It’s finally here. The vaunted day when the newest iPhone model has Wi-Fi 6E. You’d be forgiven for missing it. It wasn’t mentioned as a flagship feature in the keynote. I had to unearth it in the tech specs page linked above. The trumpets didn’t sound heralding the coming of a new paradigm shift. In fact, you’d be hard pressed to find anyone that even cares in the long run. Even the rumor mill had moved on before the iPhone 15 was even released. If this is the technological innovation we’ve all been waiting for, why does it sound like no one cares?
Newer Is Better
I might be overselling the importance of Wi-Fi 6E just a bit, but that’s because I talk to a lot of wireless engineers. More than a couple of them had said they weren’t even going to bother upgrading to the new USB-C wonder phone unless it had Wi-Fi 6E. Of course, I didn’t do a survey to find out how many of them had 6E-capable access points at home, either. I’d bet the number was 100%. I’d be willing to be the survey of people outside of that sphere looking to buy an iPhone Continue reading
VMware NSX Bare Metal Edge Performance
Every cloud environment is rooted in virtualization and is defined by three pillars: network virtualization, server virtualization, and storage virtualization. The VMware NSX Edge Node plays an essential role in virtualizing networking and security services. The throughput supported by the NSX Edge Node is critical for the entire ecosystem and network services running on it.
In this blog, we outline NSX Bare Metal Edge performance for customers implementing Bare Metal Edge for their virtual networking infrastructure. Using NSX Bare Metal Edge (with no services running) with 4x100Gbp interfaces, RFC2544 performance tests yielded a North-South throughput of up to 388 Gbps (97%-line rate) and up to 3 Tbps for the entire cluster (when using 8 Edge Nodes), providing significant throughput for North-South traffic in the virtual network infrastructure.
Please refer to VMware NSX Bare Metal Edge Performance white paper for more information on test and settings used to achieve these results.
Key Hardware Considerations for NSX Bare Metal Edge
The choice of hardware for the NSX Bare Metal Edge is driven by bandwidth requirements and the throughput you want to achieve. Key considerations include:
- Physical NIC: Consider the bandwidth, connectivity, and resiliency requirements for the Bare Metal Edge.
- CPU: NSX Continue reading
Network Break 447: Cisco Chases AI Ethernet Fabrics With New Silicon One ASICs; Nokia Announces Routers With Custom Silicon
Today on Network Break we get a plethora of networking news, including Cisco rolling out new custom Ethernet switch ASICs to compete for AI fabrics. Nokia announces new routers also boasting custom silicon, Intel makes noise about the Thunderbolt 5 connector, Marvell touts ASICs for automotive Ethernet, the AfriNIC registry goes into receivership, and more tech news.
The post Network Break 447: Cisco Chases AI Ethernet Fabrics With New Silicon One ASICs; Nokia Announces Routers With Custom Silicon appeared first on Packet Pushers.
Network Break 447: Cisco Chases AI Ethernet Fabrics With New Silicon One ASICs; Nokia Announces Routers With Custom Silicon
Today on Network Break we get a plethora of networking news, including Cisco rolling out new custom Ethernet switch ASICs to compete for AI fabrics. Nokia announces new routers also boasting custom silicon, Intel makes noise about the Thunderbolt 5 connector, Marvell touts ASICs for automotive Ethernet, the AfriNIC registry goes into receivership, and more tech news.Empowering Enterprise IT: The Transformative Power of Network-as-a-Service (NaaS)
NaaS serves as the catalyst for enterprise IT transformation. However, for the global NaaS market to reach its full potential, automation must be standards-based.Dataplane MAC Learning with EVPN
Johannes Resch submitted the following comment to the Is Dynamic MAC Learning Better Than EVPN? blog post:
I’ve also recently noticed some vendors claiming that dataplane MAC learning is so much better because it reduces the number of BGP updates in large scale SP EVPN deployments. Apparently, some of them are working on IETF drafts to bring dataplane MAC learning “back” to EVPN. Not sure if this is really a relevant point - we know that BGP scales nicely, and its relatively easy to deploy virtualized RR with sufficient VPU resources.
While he’s absolutely correct that BGP scales nicely, the questions to ask is “what is the optimal way to deliver a Carrier Ethernet service?”
Dataplane MAC Learning with EVPN
Johannes Resch submitted the following comment to the Is Dynamic MAC Learning Better Than EVPN? blog post:
I’ve also recently noticed some vendors claiming that dataplane MAC learning is so much better because it reduces the number of BGP updates in large scale SP EVPN deployments. Apparently, some of them are working on IETF drafts to bring dataplane MAC learning “back” to EVPN. Not sure if this is really a relevant point - we know that BGP scales nicely, and its relatively easy to deploy virtualized RR with sufficient VPU resources.
While he’s absolutely correct that BGP scales nicely, the questions to ask is “what is the optimal way to deliver a Carrier Ethernet service?”
On the ‘net: Network Models at Packet Pushers
I’ve just started a new series on network models over at Packet Pushers. The first two installments are here: