Configuring Linux Traffic Control in a Sane Way
Smart engineers were forever using Linux (in particular, its traffic control/queue discipline functionality) to simulate WAN link impairment. Unfortunately, there’s a tiny hurdle you have to jump across: the tc CLI is even worse than iptables.
A long while ago someone published a tc wrapper that simulates shitty network connections and (for whatever reason) decided to call it Comcast. It probably does the job, but I would prefer to have something in Python. Daniel Dib found just that – tcconfig – and used it to simulate WAN link behavior on VMware vSphere.
Configuring Linux Traffic Control in a Sane Way
Smart engineers were forever using Linux (in particular, its traffic control/queue discipline functionality) to simulate WAN link impairment. Unfortunately, there’s a tiny hurdle you have to jump across: the tc CLI is even worse than iptables.
A long while ago someone published a tc wrapper that simulates shitty network connections and (for whatever reason) decided to call it Comcast. It probably does the job, but I would prefer to have something in Python. Daniel Dib found just that – tcconfig – and used it to simulate WAN link behavior on VMware vSphere.
HS051 Things I Wish I’d Known Back When
Oft-asked question that doesn't have a right answer. We discuss non-convential answers that career coaches or self-help twaddle won't give you.
The post HS051 Things I Wish I’d Known Back When appeared first on Packet Pushers.
HS051: Things I Wish I’d Known Back When
Oft-asked question that doesn't have a right answer. We discuss non-convential answers that career coaches or self-help twaddle won't give you.
Connection errors in Asia Pacific region on July 9, 2023
On Sunday, July 9, 2023, early morning UTC time, we observed a high number of DNS resolution failures — up to 7% of all DNS queries across the Asia Pacific region — caused by invalid DNSSEC signatures from Verisign .com and .net Top Level Domain (TLD) nameservers. This resulted in connection errors for visitors of Internet properties on Cloudflare in the region.
The local instances of Verisign’s nameservers started to respond with expired DNSSEC signatures in the Asia Pacific region. In order to remediate the impact, we have rerouted upstream DNS queries towards Verisign to locations on the US west coast which are returning valid signatures.
We have already reached out to Verisign to get more information on the root cause. Until their issues have been resolved, we will keep our DNS traffic to .com and .net TLD nameservers rerouted, which might cause slightly increased latency for the first visitor to domains under .com and .net in the region.
Background
In order to proxy a domain’s traffic through Cloudflare’s network, there are two components involved with respect to the Domain Name System (DNS) from the perspective of a Cloudflare data center: external DNS resolution, and upstream or origin DNS resolution.
What to Consider When Choosing a SASE Vendor
SASE technology can be quite complex. There are a wide range of SASE vendors available. Find out what to consider when choosing the best SASE vendors.Network Break 437: Ethernet Turns 50; TSMC Imports Workers For Arizona Fab; BT, HPE Partner On Managed LAN
On today's Network Break, Greg Ferro wishes Ethernet an unhappy birthday, HPE and BT want to manage your LAN, TSMC brings in Taiwanese workers to build new fabs in Arizona, Nokia touts new Fixed Wireless Access milestones, and more IT news.
The post Network Break 437: Ethernet Turns 50; TSMC Imports Workers For Arizona Fab; BT, HPE Partner On Managed LAN appeared first on Packet Pushers.
Network Break 437: Ethernet Turns 50; TSMC Imports Workers For Arizona Fab; BT, HPE Partner On Managed LAN
On today's Network Break, Greg Ferro wishes Ethernet an unhappy birthday, HPE and BT want to manage your LAN, TSMC brings in Taiwanese workers to build new fabs in Arizona, Nokia touts new Fixed Wireless Access milestones, and more IT news.Patchless Cisco Flaw Breaks Cloud Encryption for ACI Traffic
Vulnerable Nexus 9000 Series Fabric Switches in ACI mode should be disabled, Cisco advisesCross Training for Career Completeness
Are you good at your job? Have you spent thousands of hours training to be the best at a particular discipline? Can you configure things with your eyes closed and are finally on top of the world? What happens next? Where do you go if things change?
It sounds like an age-old career question. You’ve mastered a role. You’ve learned all there is to learn. What more can you do? It’s not something specific to technology either. One of my favorite stories about this struggle comes from the iconic martial artist Bruce Lee. He spent his formative years becoming an expert at Wing Chun and no one would argue he wasn’t one of the best. As the story goes, in 1967 he engaged in a sparring match with a practitioner of a different art and, although he won, he was exhausted and thought things had gone on far too long. This is what encouraged him to develop Jeet Kun Do as a way to incorporate new styles together for more efficiency and eventually led to the development of mixed martial arts (MMA).
What does Bruce Lee have to do with tech? The value of cross training with different tech disciplines Continue reading
Eliminating Downtime with Internet Contingency Planning
By taking a proactive approach to contingency planning, enterprises can minimize downtime and reduce its impact on operations.Tech Bytes: Deploying Sovereign Clouds With VMware And Tietoevry
Today on the Tech Bytes podcast, we explore the concept of sovereign clouds with sponsor VMware. Sovereign clouds provide the agility and scale of the cloud while ensuring data resides in a specific country or geography and meets area requirements for security and privacy. We speak with Tietoevry, one of the first VMware partners to offer major sovereign cloud solutions for its Nordic clients.
The post Tech Bytes: Deploying Sovereign Clouds With VMware And Tietoevry appeared first on Packet Pushers.
Tech Bytes: Deploying Sovereign Clouds With VMware And Tietoevry
Today on the Tech Bytes podcast, we explore the concept of sovereign clouds with sponsor VMware. Sovereign clouds provide the agility and scale of the cloud while ensuring data resides in a specific country or geography and meets area requirements for security and privacy. We speak with Tietoevry, one of the first VMware partners to offer major sovereign cloud solutions for its Nordic clients.How Cloudflare Images addressed the aCropalypse vulnerability
Acropalypse (CVE-2023-21036) is a vulnerability caused by image editing tools failing to truncate images when editing has made them smaller, most often seen when images are cropped. This leaves remnants of the cropped contents written in the file after the image has finished. The remnants (written in a ‘trailer’ after the end-of-image marker) are ignored by most software when reading the image, but can be used to partially reconstruct the original image by an attacker.
The general class of vulnerability can, in theory, affect any image format if it ignores data written after the end of the image. In this case the applications affected were the ‘Markup’ screenshot editor that shipped with Google Pixel phones from the Pixel 3 (saving its images in the PNG format) and the Windows Snipping tool (with both PNG and JPEG formats).
Our customers deliver their images using Cloudflare Images products and may have images that are affected. We would like to ensure their images are protected from this vulnerability if they have been edited using a vulnerable editor.
As a concrete example, imagine a Cloudflare customer running a social network, delivering images using Cloudflare Images. A user of the social network might Continue reading
Fun Reading: History of the Early Internet
Bruce Davie collected numerous articles describing various aspects of early Internet history and pre-Internet days, including A Brief History of the Internet and The Design Philosophy of the DARPA Internet Protocols.
Have fun ;)