Archive

Category Archives for "Networking"

Configuring Linux Traffic Control in a Sane Way

Smart engineers were forever using Linux (in particular, its traffic control/queue discipline functionality) to simulate WAN link impairment. Unfortunately, there’s a tiny hurdle you have to jump across: the tc CLI is even worse than iptables.

A long while ago someone published a tc wrapper that simulates shitty network connections and (for whatever reason) decided to call it Comcast. It probably does the job, but I would prefer to have something in Python. Daniel Dib found just that – tcconfig – and used it to simulate WAN link behavior on VMware vSphere.

Configuring Linux Traffic Control in a Sane Way

Smart engineers were forever using Linux (in particular, its traffic control/queue discipline functionality) to simulate WAN link impairment. Unfortunately, there’s a tiny hurdle you have to jump across: the tc CLI is even worse than iptables.

A long while ago someone published a tc wrapper that simulates shitty network connections and (for whatever reason) decided to call it Comcast. It probably does the job, but I would prefer to have something in Python. Daniel Dib found just that – tcconfig – and used it to simulate WAN link behavior on VMware vSphere.

Multiple SD-WAN vendors can complicate move to SASE

Enterprises over the past several years have embraced SD-WAN for many reasons, including the flexibility of cloud architecture, enhanced security, centralized management of distributed locations, and improved application availability and performance. In turn, the popularity of SD-WAN has helped propel interest in secure access service edge (SASE), a network architecture that converges connectivity and security services.To read this article in full, please click here

Multiple SD-WAN vendors can complicate move to SASE

Enterprises over the past several years have embraced SD-WAN for many reasons, including the flexibility of cloud architecture, enhanced security, centralized management of distributed locations, and improved application availability and performance. In turn, the popularity of SD-WAN has helped propel interest in secure access service edge (SASE), a network architecture that converges connectivity and security services.To read this article in full, please click here

Connection errors in Asia Pacific region on July 9, 2023

Connection errors in Asia Pacific region on July 9, 2023
Connection errors in Asia Pacific region on July 9, 2023

On Sunday, July 9, 2023, early morning UTC time, we observed a high number of DNS resolution failures — up to 7% of all DNS queries across the Asia Pacific region — caused by invalid DNSSEC signatures from Verisign .com and .net Top Level Domain (TLD) nameservers. This resulted in connection errors for visitors of Internet properties on Cloudflare in the region.

The local instances of Verisign’s nameservers started to respond with expired DNSSEC signatures in the Asia Pacific region. In order to remediate the impact, we have rerouted upstream DNS queries towards Verisign to locations on the US west coast which are returning valid signatures.

We have already reached out to Verisign to get more information on the root cause. Until their issues have been resolved, we will keep our DNS traffic to .com and .net TLD nameservers rerouted, which might cause slightly increased latency for the first visitor to domains under .com and .net in the region.

Background

In order to proxy a domain’s traffic through Cloudflare’s network, there are two components involved with respect to the Domain Name System (DNS) from the perspective of a Cloudflare data center: external DNS resolution, and upstream or origin DNS resolution.

Continue reading

Network Break 437: Ethernet Turns 50; TSMC Imports Workers For Arizona Fab; BT, HPE Partner On Managed LAN

On today's Network Break, Greg Ferro wishes Ethernet an unhappy birthday, HPE and BT want to manage your LAN, TSMC brings in Taiwanese workers to build new fabs in Arizona, Nokia touts new Fixed Wireless Access milestones, and more IT news.

The post Network Break 437: Ethernet Turns 50; TSMC Imports Workers For Arizona Fab; BT, HPE Partner On Managed LAN appeared first on Packet Pushers.

Cross Training for Career Completeness

Are you good at your job? Have you spent thousands of hours training to be the best at a particular discipline? Can you configure things with your eyes closed and are finally on top of the world? What happens next? Where do you go if things change?

It sounds like an age-old career question. You’ve mastered a role. You’ve learned all there is to learn. What more can you do? It’s not something specific to technology either. One of my favorite stories about this struggle comes from the iconic martial artist Bruce Lee. He spent his formative years becoming an expert at Wing Chun and no one would argue he wasn’t one of the best. As the story goes, in 1967 he engaged in a sparring match with a practitioner of a different art and, although he won, he was exhausted and thought things had gone on far too long. This is what encouraged him to develop Jeet Kun Do as a way to incorporate new styles together for more efficiency and eventually led to the development of mixed martial arts (MMA).

What does Bruce Lee have to do with tech? The value of cross training with different tech disciplines Continue reading

Creating a directory tree with a single command

The mkdir command can do more than create a single directory. It can create multiple directories at once and can even create an entire directory structure with a single command. The required command will be a tad complex, but not particularly challenging.NOTE: If you try to set up a multi-level directory structure with a command like the one shown below, it won't work if the initial directories ("this" and "that") don't already exist.$ mkdir this/that/the_othermkdir: cannot create directory ‘this/that/the_other’: No such file or directory Add a -p (for "parents") and the missing directories will be created and your this/that/the_other directory structure will be set up in your current directory as intended.To read this article in full, please click here

Creating a directory tree with a single command

The mkdir command can do more than create a single directory. It can create multiple directories at once and can even create an entire directory structure with a single command. The required command will be a tad complex, but not particularly challenging.NOTE: If you try to set up a multi-level directory structure with a command like the one shown below, it won't work if the initial directories ("this" and "that") don't already exist.$ mkdir this/that/the_othermkdir: cannot create directory ‘this/that/the_other’: No such file or directory Add a -p (for "parents") and the missing directories will be created and your this/that/the_other directory structure will be set up in your current directory as intended.To read this article in full, please click here

Tech Bytes: Deploying Sovereign Clouds With VMware And Tietoevry

Today on the Tech Bytes podcast, we explore the concept of sovereign clouds with sponsor VMware. Sovereign clouds provide the agility and scale of the cloud while ensuring data resides in a specific country or geography and meets area requirements for security and privacy. We speak with Tietoevry, one of the first VMware partners to offer major sovereign cloud solutions for its Nordic clients.

The post Tech Bytes: Deploying Sovereign Clouds With VMware And Tietoevry appeared first on Packet Pushers.

Tech Bytes: Deploying Sovereign Clouds With VMware And Tietoevry

Today on the Tech Bytes podcast, we explore the concept of sovereign clouds with sponsor VMware. Sovereign clouds provide the agility and scale of the cloud while ensuring data resides in a specific country or geography and meets area requirements for security and privacy. We speak with Tietoevry, one of the first VMware partners to offer major sovereign cloud solutions for its Nordic clients.

How Cloudflare Images addressed the aCropalypse vulnerability

How Cloudflare Images addressed the aCropalypse vulnerability
How Cloudflare Images addressed the aCropalypse vulnerability

Acropalypse (CVE-2023-21036) is a vulnerability caused by image editing tools failing to truncate images when editing has made them smaller, most often seen when images are cropped. This leaves remnants of the cropped contents written in the file after the image has finished. The remnants (written in a ‘trailer’ after the end-of-image marker) are ignored by most software when reading the image, but can be used to partially reconstruct the original image by an attacker.

The general class of vulnerability can, in theory, affect any image format if it ignores data written after the end of the image. In this case the applications affected were the ‘Markup’ screenshot editor that shipped with Google Pixel phones from the Pixel 3 (saving its images in the PNG format) and the Windows Snipping tool (with both PNG and JPEG formats).

Our customers deliver their images using Cloudflare Images products and may have images that are affected. We would like to ensure their images are protected from this vulnerability if they have been edited using a vulnerable editor.

As a concrete example, imagine a Cloudflare customer running a social network, delivering images using Cloudflare Images. A user of the social network might Continue reading