Archive

Category Archives for "Networking"

Understand the impact of Waiting Room settings with Waiting Room Analytics

Understand the impact of Waiting Room settings with Waiting Room Analytics
Understand the impact of Waiting Room settings with Waiting Room Analytics

In January 2021, we gave you a behind-the-scenes look at how we built Waiting Room on Cloudflare’s Durable Objects. Today, we are thrilled to announce the launch of Waiting Room Analytics and tell you more about how we built this feature. Waiting Room Analytics offers insights into end-user experience and provides visualizations of your waiting room traffic. These new metrics enable you to make well-informed configuration decisions, ensuring an optimal end-user experience while protecting your site from overwhelming traffic spikes.

If you’ve ever bought tickets for a popular concert online you’ll likely have been put in a virtual queue. That’s what Waiting Room provides. It keeps your site up and running in the face of overwhelming traffic surges. Waiting Room sends excess visitors to a customizable virtual waiting room and admits them to your site as spots become available.

While customers have come to rely on the protection Waiting Room provides against traffic surges, they have faced challenges analyzing their waiting room’s performance and impact on end-user flow. Without feedback about waiting room traffic as it relates to waiting room settings, it was challenging to make Waiting Room configuration decisions.

Up until now, customers could only monitor their waiting room's Continue reading

Distributed Systems Resources

Distributed systems are complicated. Add networking to the mix, and you get traumatic challenges like the CAP theorem and Byzantine fault tolerance. Most of those challenges are unknown to engineers who have to suffer through the vendor marketing presentations, making it hard to determine whether the latest shiny gizmo works outside of PowerPoint.

I started collecting articles describing distributed-system gotchas years ago, wrote numerous blog posts on the topic in the heydays of the SDN Will Save the World lemming run, and organized them into the Distributed Systems Resources page.

Distributed Systems Resources

Distributed systems are complicated. Add networking to the mix, and you get traumatic challenges like the CAP theorem and Byzantine fault tolerance. Most of those challenges are unknown to engineers who have to suffer through the vendor marketing presentations, making it hard to determine whether the latest shiny gizmo works outside of PowerPoint.

I started collecting articles describing distributed-system gotchas years ago, wrote numerous blog posts on the topic in the heydays of the SDN Will Save the World lemming run, and organized them into the Distributed Systems Resources page.

Gen 2 AMD server chips have a crash bug

Semiconductors, especially CPUs, are immensely complex creations all done at the microscopic level. That there aren’t more bugs, for lack of a better word, is a testament to the efforts that these chipmakers put in to delivering solid products. But occasionally, something slips by.AMD has issued an alert that an older processor line has a minor error. The problem exists in its Epyc 7002 line, code-named Rome, which was released three years ago. The bug, first noted on a Reddit thread, says that servers running Rome-era chips will hang after 1,044 days of uptime or nearly three years.To read this article in full, please click here

Gen 2 AMD server chips have a crash bug

Semiconductors, especially CPUs, are immensely complex creations all done at the microscopic level. That there aren’t more bugs, for lack of a better word, is a testament to the efforts that these chipmakers put in to delivering solid products. But occasionally, something slips by.AMD has issued an alert that an older processor line has a minor error. The problem exists in its Epyc 7002 line, code-named Rome, which was released three years ago. The bug, first noted on a Reddit thread, says that servers running Rome-era chips will hang after 1,044 days of uptime or nearly three years.To read this article in full, please click here

Cisco jumps into SSE arena, boosts application security

Cisco this week took the wraps off a security service edge (SSE) offering that aims to help enterprises securely connect growing edge resources, including cloud, private and SAAS applications.Along with the SSE package, the vendor made two additional application security-related announcements at its Cisco Live! customer event. It unveiled Cisco Multicloud Defense, which is a new service designed to protect cloud service workloads, and it upgraded Panoptica, its cloud-native security application development software.To read this article in full, please click here

Cisco jumps into SSE arena, boosts application security

Cisco this week took the wraps off a security service edge (SSE) offering that aims to help enterprises securely connect growing edge resources, including cloud, private and SAAS applications.Along with the SSE package, the vendor made two additional application security-related announcements at its Cisco Live! customer event. It unveiled Cisco Multicloud Defense, which is a new service designed to protect cloud service workloads, and it upgraded Panoptica, its cloud-native security application development software.To read this article in full, please click here

What is SDN and where is is going?

Software-defined networking (SDN) is a network management technique that centralizes control of network appliances in software. SDN makes network management easier in two ways: it allows networks to be administered as a whole, rather than on a device-by-device basis, and it allows for administrative work to be automated and conducted on the fly in response to changing network needs and conditions.The first SDN system to gain traction was the open source OpenFlow protocol, which rolled out in 2011. There are now a number of possible SDN models, each providing significant benefits when compared to traditional networking.To read this article in full, please click here

Visualizing service connectivity, dependencies, and traffic flows in Kubernetes clusters

Today, the cloud platform engineers are facing new challenges when running cloud native applications. Those applications are designed, deployed, maintained and monitored unlike traditional monolithic applications they are used to working with.

Cloud native applications are designed and built to exploit the scale, elasticity, resiliency, and flexibility the cloud provides. They are a group of micro-services that are run in containers within a Kubernetes cluster and they all talk to each other. It can quickly become overwhelming for any cloud engineer to understand and visualize their environment.

Visualizing Kubernetes network traffic and service dependencies presents significant challenges due to the dynamic and distributed nature of Kubernetes environments. The dynamic nature of Kubernetes clusters, with frequent scaling of pods, creation and deletion of services, and changes in network connections, makes it difficult to capture an accurate and up-to-date representation of network traffic and service dependencies.

Additionally, the complexity of Kubernetes networking, involving multiple components such as pods, services, and network policies, further complicates the visualization of network traffic flow and understanding of service dependencies. The use of microservices architecture in Kubernetes, where applications consist of interconnected services, adds to the complexity, particularly as the number of services grows.

Moreover, the scalability Continue reading

Cisco vision takes networking to the cloud in a big way

Cisco is taking the wraps off an overarching architecture it expects will let enterprise customers manage and control its vast arsenal of networking hardware and software for years to come.The Cisco Networking Cloud, unveiled at this week’s Cisco Live! customer event, will involve a broad range of software and cloud system integration and has as its ultimate, if somewhat vague, goal to converge networking platforms over time, culminating in a unified management platform that works on premises or cloud for improved visibility and enterprise automation, according to Jonathan Davidson, executive vice president and general manager of Cisco Networking.To read this article in full, please click here

Examining HTTP/3 usage one year on

Examining HTTP/3 usage one year on
Examining HTTP/3 usage one year on

In June 2022, after the publication of a set of HTTP-related Internet standards, including the RFC that formally defined HTTP/3, we published HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends. One year on, as the RFC reaches its first birthday, we thought it would be interesting to look back at how these trends have evolved over the last year.

Our previous post reviewed usage trends for HTTP/1.1, HTTP/2, and HTTP/3 observed across Cloudflare’s network between May 2021 and May 2022, broken out by version and browser family, as well as for search engine indexing and social media bots. At the time, we found that browser-driven traffic was overwhelmingly using HTTP/2, although HTTP/3 usage was showing signs of growth. Search and social bots were mixed in terms of preference for HTTP/1.1 vs. HTTP/2, with little-to-no HTTP/3 usage seen.

Between May 2022 and May 2023, we found that HTTP/3 usage in browser-retrieved content continued to grow, but that search engine indexing and social media bots continued to effectively ignore the latest version of the web’s core protocol. (Having said that, the benefits of HTTP/3 are very user-centric, and arguably offer minimal benefits to Continue reading

Heavy Networking 683: Palo Alto Networks Integrates AIOps Into ADEM For Faster Remediation (Sponsored)

On today’s Heavy Networking we have a conversation about monitoring, visibility, and observability with sponsor Palo Alto Networks. More specifically we’ll dig into Palo Alto Networks’ Autonomous Digital Experience Management, or ADEM product, and how Palo Alto Networks is integrating ADEM with AIOps.

The post Heavy Networking 683: Palo Alto Networks Integrates AIOps Into ADEM For Faster Remediation (Sponsored) appeared first on Packet Pushers.

NVA Part IV: NVA Redundancy with Azure Internal Load Balancer

Introduction

To achieve active/active redundancy for a Network Virtual Appliance (NVA) in a Hub-and-Spoke VNet design, we can utilize an Internal Load Balancer (ILB) to enable Spoke-to-Spoke traffic.

Figure 5-1 illustrates our example topology, which consists of a vnet-hub and spoke VNets. The ILB is associated with the subnet 10.0.1.0/24, where we allocate a Frontend IP address (FIP) using dynamic or static methods. Unlike a public load balancer's inbound rules, we can choose the High-Availability (HA) ports option to load balance all TCP and UDP flows. The backend pool and health probe configurations remain the same as those used with a Public Load Balancer (PLB).

From the NVA perspective, the configuration is straightforward. We enable IP forwarding in the Linux kernel and virtual NIC but not pre-routing (destination NAT). We can use Post-routing policies (source NAT) if we want to hide real IP addresses or if symmetric traffic paths are required. To route egress traffic from spoke sites to the NVAs via the ILB, we create subnet-specific route tables in the spoke VNets. The reason why the "rt-spoke1" route table has an entry "10.2.0.0/24 > 10.0.1.6 (ILB)" is that vm-prod-1 has a public IP address used for external access. If we were to set the default route, as we have in the subnet 10.2.0.0/24 in "vnet-spoke2", the external connection would fail.

Figure 5-1: ILB Example Topology.

EIGRP Third-Party Next Hops

EIGRP routing updates have always contained the next hop field (similar to BGP updates), which was unused until Cisco IOS release 12.3 when the no ip next-hop-self eigrp AS-number interface configuration command was implemented.

EIGRP does not set the next hop field by default. An EIGRP router receiving a routing update thus assumes that the next hop of the received routes is the sending router. This behavior usually works well, but prevents site-to-site shortcuts to be established in DMVPN networks, and results in suboptimal routing in some route redistribution scenarios.