Network Cloudification Key to CSP Energy Savings
Network operators seeking energy savings must apply a sustainability perspective at the design phase and support that with automatic network function optimization and orchestration.Exploring AKS networking options
At Kubecon 2023 in Amsterdam, Azure made several exciting announcements and introduced a range of updates and new options to Azure-CNI (Azure Container Networking Interface). These changes will help Azure Kubernetes Services (AKS) users to solve some of the pain points that they used to face in previous iterations of Azure-CNI such as IP exhaustion and big cluster deployments with custom IP address management (IPAM). On top of that, with this announcement Microsoft officially added an additional dataplane to the Azure platform.
The big picture
Worker nodes in an AKS (Azure Kubernetes Service) cluster are Azure VMs pre-configured with a version of Kubernetes that has been tested and certified by Azure. These clusters communicate with other Azure resources and external sources (including the internet) via the Azure virtual network (VNet).
Now, let’s delve into the role of the dataplane within this context. The dataplane operations take place within each Kubernetes node. It is responsible for handling the communication between your workloads, and cluster resources. By default, an AKS cluster is configured to utilize the Azure dataplane, which Continue reading
Tech Bytes: Modernizing Your Secure Web Gateway For A Distributed Workforce (Sponsored)
Today on the Tech Bytes podcast we explore Secure Web Gateways with sponsor Palo Alto Networks. Secure Web Gateways sit between users and Web traffic to enforce policies around Web and application access and inspect traffic for malware. We talk with Palo Alto Networks about customer challenges with secure Web gateways, innovations in Prisma Access Cloud Secure Web Gateways, and more.
The post Tech Bytes: Modernizing Your Secure Web Gateway For A Distributed Workforce (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Modernizing Your Secure Web Gateway For A Distributed Workforce (Sponsored)
Today on the Tech Bytes podcast we explore Secure Web Gateways with sponsor Palo Alto Networks. Secure Web Gateways sit between users and Web traffic to enforce policies around Web and application access and inspect traffic for malware. We talk with Palo Alto Networks about customer challenges with secure Web gateways, innovations in Prisma Access Cloud Secure Web Gateways, and more.Options For Connecting Your Private Cloud
The impulse to move absolute everything to the public cloud is coming to an end. Many companies are re-evaluating their strategies and adopting a hybrid model by bringing or migrating their workloads from the cloud to on-premises, mostly in the IaaS space. The main reasons companies are re-evaluating public cloud are cost, wanting total control […]
The post Options For Connecting Your Private Cloud appeared first on Packet Pushers.
Avoiding Perils with Using Gray Routes for A2P Messaging
Still used to cut costs, Gray routing of SMS messages opens enterprises to security, legal, and brand damage risks.Network Break 440: Broadcom Releases SONiC-Friendly Trident; Senator Requests Investigations Into Microsoft’s Shoddy Security
On this week's Network Break we discuss a new Broadcom ASIC, a request from US Senator Ron Wyden to three US agencies to investigate Microsoft for sloppy security practices, an Intel pledge to add AI to all its platforms, Juniper financial results, and more IT news.
The post Network Break 440: Broadcom Releases SONiC-Friendly Trident; Senator Requests Investigations Into Microsoft’s Shoddy Security appeared first on Packet Pushers.
Network Break 440: Broadcom Releases SONiC-Friendly Trident; Senator Requests Investigations Into Microsoft’s Shoddy Security
On this week's Network Break we discuss a new Broadcom ASIC, a request from US Senator Ron Wyden to three US agencies to investigate Microsoft for sloppy security practices, an Intel pledge to add AI to all its platforms, Juniper financial results, and more IT news.Amazon EC2 Credential Exfiltration: How It Happens and How to Mitigate It
An introduction to Amazon EC2 credentials
When you assign an Identity and Access Management (IAM) role to an Amazon
Elastic Compute Cloud (EC2) instance, the short-term credentials for the role
are made available via a web service known as the
Instance Metadata Service (IMDS).
The IMDS provides an HTTP endpoint for retrieving instance metadata
such as the instance IP address, AWS Region the instance is running in, the
Amazon Machine Image used to launch the instance, and the access key, secret
access key, and session token associated with the instance's IAM role. The AWS
documentation describes how to
retrieve instance role credentials
from IMDS. If you've seen or used the http://169.254.169.254 or
http://fd00:ec2::254 endpoints, then you've seen/used IMDS.
Retrieval of instance role credentials from IMDS is the mechanism by which the AWS CLI and SDKs learn the credentials belonging to the instance's IAM role without you having to configure anything on the instance. Quoting the IAM documentation:
The AWS SDKs, AWS CLI, and Tools for Windows PowerShell automatically get the credentials from the EC2 Instance Metadata Service (IMDS) and use them.
This is great! It means you can start using the AWS CLI, SDKs, or Tools Continue reading
Striking a Balance: Exploring Fairness in Buffer Allocation and Packet Scheduling
Recently, I’ve been contemplating the concept of fairness, and I see interesting parallels between being a parent and being a network professional. As human beings, we have an inherent, intuitive sense of fairness that manifests itself in various everyday situations. Let me illustrate this idea with a couple of hypothetical scenarios:
Scenario 1: Imagine I’m a parent with four young children, and I’ve ordered a pizza for them to share. If I want to divide the pizza fairly among the children, fairness would mean that each child receives an equal portion - in this case, one-quarter of the pizza.
Scenario 2: Now let’s say I’ve ordered another pizza for the same four children, but one of the kids only cares for pizza a little and will only eat one-tenth of his share. In this situation, it wouldn’t be fair for me to give that child who doesn’t like pizza more than one-tenth of the piece because the excess would go to waste. The fair way to divide the pizza would be to give the child who doesn’t like pizza a one-tenth portion and split the remaining nine-tenths evenly among the other three kids.
The approach mentioned in the second scenario Continue reading
Hedge 188: Sidewalk, Who’s Responsible?, and Data Breaches
It’s the last show of the month, which means it is time for a roundtable! Today we are discussing three news stories, including Amazon’s Sidewalk Labs, a court case in California involving Cisco and the Great Firewall of China, and yet another data breach.
In case you didn’t see it I’m uploading the rough *machine generated) transcript of each episode about a week after the episode airs. It takes a little time for the transcription to be created, and then for me to log back in and upload the file.
Heavy Networking 692: Implementing Practical Network Automation – With Tony Bourke
If you’ve been staring down the barrel of network automation and wonder what the proper approach might be, today’s episode is for you. The Packet Pushers chat with Tony Bourke about what network automation tools and techniques have become the default standard, how to prepare your network and team for automation, and how to get started.
The post Heavy Networking 692: Implementing Practical Network Automation – With Tony Bourke appeared first on Packet Pushers.
Heavy Networking 692: Implementing Practical Network Automation – With Tony Bourke
If you’ve been staring down the barrel of network automation and wonder what the proper approach might be, today’s episode is for you. The Packet Pushers chat with Tony Bourke about what network automation tools and techniques have become the default standard, how to prepare your network and team for automation, and how to get started.Considering Private 5G? Here’s What You need to Know
Has private 5G wireless stood up to the hype? In this Tech Insight Report, we break down the major pros and cons for enterprises considering a private 5G network.Cloudflare Radar’s new BGP origin hijack detection system
Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet. It enables networks and organizations to exchange reachability information for blocks of IP addresses (IP prefixes) among each other, thus allowing routers across the Internet to forward traffic to its destination. BGP was designed with the assumption that networks do not intentionally propagate falsified information, but unfortunately that’s not a valid assumption on today’s Internet.
Malicious actors on the Internet who control BGP routers can perform BGP hijacks by falsely announcing ownership of groups of IP addresses that they do not own, control, or route to. By doing so, an attacker is able to redirect traffic destined for the victim network to itself, and monitor and intercept its traffic. A BGP hijack is much like if someone were to change out all the signs on a stretch of freeway and reroute automobile traffic onto incorrect exits.
You can learn more about BGP and BGP hijacking and its consequences in our learning center.
At Cloudflare, we have long been monitoring suspicious BGP anomalies internally. With our recent efforts, we are bringing BGP origin hijack detection to the Cloudflare Radar platform, sharing our detection results with the Continue reading