Kubernetes adoption continues to grow as enterprises increasingly rely on containerized environments to deploy and scale their application. However, the complexity of the Kubernetes environment has evolved dramatically. It ranges from single-cluster setups of workloads to multi-cluster environments spanning hybrid and multi-cloud infrastructure. Kubernetes deployments are now characterized by their scale and diversity. Further multi-tenancy within a single cluster is becoming standard practice, as seen with the accelerated adoption of managed Kubernetes services available with Microsoft AKS, Amazon EKS, and Google GKE, further complicating the tenant and their workload security.
Organizations are leveraging Kubernetes to manage thousands of workloads within a single cluster and distribute them across multiple clusters for redundancy, geographic coverage, and performance optimization. Additionally, hybrid and multi-cloud deployments allow businesses to balance cost, performance, and compliance requirements.
To manage and secure this growth, organizations must ensure robust network security while maintaining visibility and simplifying operations. Addressing these challenges requires a comprehensive understanding of Kubernetes traffic patterns and the solution to observe, aggregate, and correlate traffic data.
Kubernetes environments generate various traffic patterns, including:
Today, we are thrilled to announce the integration of the Coalition for Content Provenance and Authenticity (C2PA) provenance standard into Cloudflare Images. Content creators and publishers can seamlessly preserve the entire provenance chain — from how an image was created and by whom, to every subsequent edit — across the Cloudflare network.
When you hear the word provenance, you might have flashbacks to your high school Art History class. In that context, it means that the artwork you see at the Met in New York really came from the artist in question and isn’t a fake. Its provenance is how that piece of physical art changed possession over time, from the original artist all the way to the museum.
Digital content provenance builds upon this concept. It helps you understand how a piece of digital media — images, videos, PDFs, and more — was created and subsequently edited. The provenance of a photo I posted on Instagram might look like this: I took the picture with my iPhone, performed an auto-magic edit using Apple Photos’ editing tools, uploaded it to Instagram, cropped it using Instagram’s editing tools, and then posted Continue reading
If you work with Palo Alto firewalls, you might have heard of App-ID. They work well and let us create security policies based on 'applications' rather than TCP/UDP port numbers. For example, instead of allowing UDP/53, we can allow the application 'DNS'. In this blog post, we will look at how App-ID works with and without SSL Decryption. Let's get to it.
If you are new to App-ID and want to know how it works, feel free to check out my introductory post below.
As always, if you find this post helpful, press the ‘clap’ button on the left. It means a lot to me and helps me know you enjoy this type of content.
When you have an NGFW like Palo Alto, you don't want to rely on port numbers for your security policies. Instead of allowing TCP/3389, TCP/389, or UDP/514, you want to use RDP, LDAP, or Syslog. Using specific port numbers, like TCP/3389, Continue reading
At the moment, most of my documents are stored in Google Drive and locally on my machine. Whenever I need something, I go to Google Drive, search for it, and download it. While this works well, with all the concerns around privacy and data usage, I’d prefer to keep my documents locally rather than relying on cloud providers.
Recently, I came across a great self-hosted document manager called 'Paperless-NGX'. It not only helps with organising documents but also includes OCR functionality, allowing me to search within the documents themselves.
In this blog post, we'll go through how to set it up in a local environment and also cover how to put it behind the Caddy reverse proxy.
Paperless-NGX is a self-hosted document management system that helps organize and search documents easily. It comes with built-in OCR, allowing you to search within scanned documents and PDFs. One of the easiest ways to install Paperless-NGX is using Docker.
I went through the official documentation to Continue reading
There are three major ways to connect network devices in the physical world:
Implementing these connections in virtual labs is a bit harder than one might think, as all virtualization solutions assume you plan to run virtual servers connected to Ethernet segments.
In a previous tutorial, we configured an IPsec tunnel between a Cisco 1812 router and […]
The post IPsec VPN Cisco and StrongSwan first appeared on Brezular's Blog.
If you follow my blog, you may know that I recently migrated to Proxmox as my hypervisor, and I absolutely love it. My Proxmox server runs on a custom-built PC with an i9-10900K, 128GB RAM, and 3 x 1TB SSDs. I’m not using anything fancy, just a good number of VMs spread across two of the SSDs.
In this post, we’ll go through the process of setting up Proxmox Backup Server and backing up all the VMs from my Proxmox server to this backup server.
As always, if you find this post helpful, press the ‘clap’ button on the left. It means a lot to me and helps me know you enjoy this type of content.
I’ve been running Proxmox for a few months without any backups. I did create some snapshots inside Proxmox in case I messed up a VM, so I could roll back if needed. Continue reading
Hello my friend,
One of the important aspects of writing any application is to ensure that it can operate, as long it is safe, when “something” went wrong during its execution. This “something” can really be anything: it can be wrong user input, it could be temporary unreachable network device or service or API endpoint, it could be missing file or incorrect path. In certain circumstance, for example when we talk about API gateways and web servers, it becomes even more critical. In today’s blog post we’ll see how to handle errors/exceptions in Python and Go (Golang).
I recently worked on a big project, which involves a lot of moving parts. To make these parts moving smoothly, I needed to analyze and compare data across multiple systems before making a decision. The amount of data is huge, thousands of line of data in every system and it is very easy to make mistake, which will impact users. How can I be sure I don’t miss anything? Scripting and automating! I’ve developed a tool, which requests via APIs data from multiple sources, analyses it based on my criteria and collates final report.
And you can build such Continue reading
The dashboard shown above is from a simulated network 1,000 switches, each with 48 ports access ports connected to a host. Activity occurs in a 256mS on / off cycle to emulate an AI learning run. The metrics include:
Note: Clicking on peaks in the charts shows values at that time.
This article gives step-by-step instructions to run the AI Metrics application in a production environment and integrate Continue reading
As of January 2024, the linuxserver/unifi-controller
Docker image has been deprecated and is no longer receiving updates. This means it may no longer be secure or compatible with newer versions of UniFi devices. Users are now advised to switch to the linuxserver/unifi-network-application
image, which is actively maintained and provides the latest version of the UniFi Network Application.
In this blog post, we will cover how to run the new image in Docker and how to migrate from the old image to the new one without losing your existing configuration.
As always, if you find this post helpful, press the ‘clap’ button on the left. It means a lot to me and helps me know you enjoy this type of content.
In my homelab, I have a USW Lite 8 PoE, U6-Pro, and U6 Mesh. I had been running the older linuxserver/unifi-controller
Docker image since I first set them up. My controller was on version 8.0.34, if I remember correctly.
Recently, I moved to a new host, so I decided it was the right time to migrate to the new linuxserver/unifi-network-application
image. While checking their GitHub page, I found this note.
You Continue reading
Every recruiter and hiring manager wants people with five years of experience, but you cannot get experience without being hired into a position. How can you break this conundrum? Daniel Dib joins Tom and Russ to talk about how folks just coming into IT, or even those with lots of experience who are trying to shift their focus, can gain experience.
During the last three weeks, we were busy squashing bugs (device configuration fixes, other bug fixes). Some were recent; others were ancient pests uncovered by better integration tests. The end result: netlab release 1.9.4.
netlab release 1.9.4 passed hundreds of integration tests and should be a better choice than the previous 1.9 releases. To upgrade, execute pip3 install --upgrade networklab
.
We still missed a few quirks :( Release 1.9.4-post1 addresses those (and, unfortunately, I’m pretty sure there will be more).
sudo tcpdump -i any -s 0 -w sflow.pcap udp port 6343Run the command above on the system you are using to collect sFlow data (if you aren't yet collecting sFlow, see Agents for suggested configuration settings). Type Control-C to end the capture after 5 to 10 minutes. Copy the resulting sflow.pcap file to your laptop.
docker run --rm -it -v $PWD/sflow.pcap:/sflow.pcap sflow/sflowtool \ -r /sflow.pcap -P 1Either compile the latest version of sflowtool or, as shown above, use Docker to run the pre-built sflow/sflowtool image. The -P (Playback) option replays the trace in real-time and displays the contents of each sFlow message. Running sflowtool using Docker provides additional examples, including converting the sFlow messages into JSON format for processing by a Python script.
docker run --rm -it -v $PWD/sflow.pcap:/sflow.pcap sflow/sflowtool \ -r /sflow.pcap -f 192.168.4.198/6343 -P 1The -f (forwarding) option takes an IP address and UDP port number as arguments, in this Continue reading
Welcome back to another post on local LLMs. In this post, we’ll look at setting up a fully local coding assistant inside VSCode using the Continue extension and Ollama. Let’s get started.
As always, if you find this post helpful, press the ‘clap’ button on the left. It means a lot to me and helps me know you enjoy this type of content.
We’ve covered Ollama and Local LLMs in previous blog posts (linked below), but here’s a quick summary.
Ollama is a tool that lets you run large language models (LLMs) directly on your local machine. Local LLMs are language models that run on your computer instead of relying on cloud-based services like ChatGPT. This means you can use them without sending your data to external servers, which is great for privacy. They also work offline, so you’re not dependent on an Internet connection.
That said, it’s important to note that local models, especially on smaller setups, won’t match the speed or performance of cloud-based models like ChatGPT. These cloud models are powered by massive infrastructure, so they’re faster and often more accurate. However, the trade-off is privacy and offline access, which local LLMs provide.
When I first started using local LLMs with Ollama, I quickly realised it relies on a command-line interface to interact with the models. It also comes with an API, but let’s be honest, most of us, myself included, prefer a GUI, much like the one ChatGPT provides. There are plenty of options available, but I decided to try Open Web GUI. In this blog post, we’ll explore what Open-WebGUI is and how simple it is to set up a web-based interface for your local LLMs.
As always, if you find this post helpful, press the ‘clap’ button on the left. It means a lot to me and helps me know you enjoy this type of content.
Ollama is a tool for running local LLMs, offering privacy and control over your data. Out of the box, it lets you interact with models via the terminal or through its API. Installing Ollama is straightforward, and if you’d like a detailed guide, check out my other blog post which is linked below.
This blog post assumes you already have Ollama set up and running. For reference, I’m running this on my MacBook (M3 Pro with 18GB of RAM).
Open Continue reading
I’m going to start by saying I’m totally new to LLMs and running them locally, so I’m not going to pretend like I know what I am doing. I’ve been learning about Ollama for some time now and thought I would share it with my readers as always. This is such an interesting topic and I’m ready to go into the rabbit hole.
As always, if you find the content useful, don’t forget to press the ‘clap’ button to your left. This is one way for me to know that you like this type of content, which means a lot to me. So, let's get started.
LLMs, or Large Language Models, are a type of artificial intelligence designed to process and generate natural language. They are trained on vast amounts of text data, enabling them to understand context, identify patterns, and produce human-like responses. These models can perform various tasks such as answering questions, translating languages, summarising text, generating creative content, and assisting with coding. LLMs have gained significant attention in recent years due to their impressive performance and versatility.