Worth Reading: Internet WAN Edge Design
Brandon Hitzel published a detailed document describing various Internet WAN edge designs. Definitely worth reading and bookmarking.
RIPE 86 Bites – Encryption and Active Network Management
RIPE held a community meeting in May in Rotterdam. There were a number of presentations that sparked my interest, but rather than write my impressions in a single lengthy note, I thought I would just take a couple of topics and use a shorter, and hopefully more readable bite-sized format. Here’s the third of these bite-sized notes from the RIPE 86 meeting, on the topic of the implications of an encrypted content on active network management.Worth Reading: Unbounded TCP Memory Usage
Another phenomenal detective story published on Cloudflare blog: Unbounded memory usage by TCP for receive buffers, and how we fixed it.
TL&DR: Moving TCP window every time you acknowledge a segment doesn’t work well with scaled window sizes.
The interesting takeaways:
Worth Reading: Unbounded TCP Memory Usage
Another phenomenal detective story published on Cloudflare blog: Unbounded memory usage by TCP for receive buffers, and how we fixed it.
TL&DR: Moving TCP window every time you acknowledge a segment doesn’t work well with scaled window sizes.
The interesting takeaways:
Back to Basics: A Primer on Communication Fundamentals
Motivation
In our rapidly advancing world, communication speeds are increasing at a fast pace. Transceiver speeds have evolved from 100G to 400G, 800G, and soon even 1.6T. Similarly, Optical systems are evolving to keep up with the pace. If we dig deeper, we will discover that many concepts are shared across various domains, such as Wi-Fi, optical communications, transceivers, etc. Still, without the necessary background, It’s not easy to identify the patterns. If we have the essential knowledge, it becomes easier to understand the developments happening in the respective areas, and we can better understand the trade-offs made by the designers while designing a particular system. And that’s the motivation behind writing this post is to cover fundamental concepts which form the basis for our modern communication system and how they all relate to each other.
Waves
So let’s start with the most fundamental thing, i.e., wave. A wave is a disturbance that carries energy from one location to another without displacing matter. Waves transfer energy from their source and do not cause any permanent displacement of matter in the medium they pass through. The following animation demonstrates this concept.
Ocean and sound waves are mechanical waves Continue reading
Heavy Networking 682: Automating Upgrades And Ensuring Compliance With BackBox (Sponsored)
If you’ve shied away from network automation because you’re a network engineer not a coder, fear not. There are network automation approaches that can help you get needful work done and don’t require a computer science degree. On today's Heavy Networking we talk with sponsor BackBox about its practical approach to network automation and dive into use cases including network OS backups and compliance.
The post Heavy Networking 682: Automating Upgrades And Ensuring Compliance With BackBox (Sponsored) appeared first on Packet Pushers.
Heavy Networking 682: Automating Upgrades And Ensuring Compliance With BackBox (Sponsored)
If you’ve shied away from network automation because you’re a network engineer not a coder, fear not. There are network automation approaches that can help you get needful work done and don’t require a computer science degree. On today's Heavy Networking we talk with sponsor BackBox about its practical approach to network automation and dive into use cases including network OS backups and compliance.Time Is Not On Your Side
It’s been almost five years since I wrote about the challenges of project management and timing your work as an engineer. While most of that information is still very true even today I’ve recently had my own challenges with my son’s Eagle Scout project. He is of a mind that you can throw together a plan and just do a whole week of work in just a couple of days. I, having worked in the IT industry for years, have assured him that it absolutely doesn’t work like that. Why is there a disconnect between us? And how does that disconnect look to the rest of the world?
Time Taking You
The first problem that I often see when working with people that aren’t familiar with projects is that they vastly underestimate the amount of time it takes to get something done. You may recall from my last post that my project managers at my old VAR job had built in something they called Tom Time to every quote. That provided a way for my estimate to reflect reality once I arrived on site and found the things didn’t go according to plan.
Part of the reason why my estimates Continue reading
Dynamic data collection with Zaraz Worker Variables
Bringing dynamic data to the server
Since its inception, Cloudflare Zaraz, the server-side third-party manager built for speed, privacy and security, has strived to offer a way for marketers and developers alike to get the data they need to understand their user journeys, without compromising on page performance. Cloudflare Zaraz makes it easy to transition from traditional client-side data collection based on marketing pixels in users’ browsers, to a server-side paradigm that shares events with vendors from the edge.
When implementing data collection on websites or mobile applications, analysts and digital marketers usually first define the set of interactions and attributes they want to measure, formalizing those requirements along technical specifications in a central document (“tagging plan”). Developers will later implement the required code to make those attributes available for the third party manager to pick it up. For instance, an analyst may want to analyze page views based on an internal name instead of the page title or page pathname. They would therefore define an example “page name” attribute that would need to be made available in the context of the page, by the developer. From there, the analyst would configure the tag management system to pick the attribute’s Continue reading
Video: Link State Routing Protocol Basics
After introducing the routing protocols and explaining the basics of link-state routing it was time for implementation considerations including:
- Collecting local endpoint reachability information
- Finding neighbors and exchanging the collected information (hint: a link-state topology database is just a distributed key-value store)
- Running the SPF algorithm (including partial SPF details) and installing the results
You need Free ipSpace.net Subscription to watch the video.
Video: Link State Routing Protocol Basics
After introducing the routing protocols and explaining the basics of link-state routing it was time for implementation considerations including:
- Collecting local endpoint reachability information
- Finding neighbors and exchanging the collected information (hint: a link-state topology database is just a distributed key-value store)
- Running the SPF algorithm (including partial SPF details) and installing the results
You need Free ipSpace.net Subscription to watch the video.
Hedge 181: Roundtable
It’s time for Eyvonne, Tom, and Russ to talk about some current stories in the world of networking—the May roundtable. Yes, I know it’s already June, and I’m a day late, but … This month we talk about the IT worker shortage, Infiniband, and the “next big thing.”
So draw up a place to sit and hang out with us as we chat.
RIPE 86 Bites – What’s the Time?
RIPE held a community meeting in May in Rotterdam. There were a number of presentations that sparked my interest, but rather than write my impressions in a single lengthy note, I thought I would just take a couple of topics and use a shorter, and hopefully more readable bite-sized format. Here’s the second of these bite-sized notes from the RIPE 86 meeting, on the topic of time.What Is Standalone 5G and How Will Network Operators Use It?
Networks running standalone 5G could deliver faster speeds with lower latency for tasks such as monitoring the health of government vehicles and tracking edge devices.Encryption in container environments
Kubernetes has become the de facto standard for container orchestration, providing a powerful platform for deploying and managing containerized applications at scale. As more organizations adopt Kubernetes for their production workloads, ensuring the security and privacy of data in transit has become increasingly critical. Encrypting traffic within a Kubernetes cluster is one of the most effective components in a multi-layered defence when protecting sensitive data from interception and unauthorized access. Here, we will explore why encrypting traffic in Kubernetes is important and how it addresses compliance needs.
Why Encryption is Necessary
Two encryption methods are commonly adopted for protecting the data integrity and confidentiality; encryption at rest and encryption in transit. Encryption at rest refers to encrypting stored data, e.g. in your cloud provider’s managed disk solution, whereby if the data was simply copied and extracted the raw information obtained would be unintelligible without cryptographic keys to decrypt the data.
Encrypting data in transit is an effective security mechanism and a critical requirement for organization compliance and regulatory frameworks, as it helps protect sensitive information from unauthorized access and interception while it is being transmitted over the network. We will dive deeper into this requirement.
Encrypting data in transit Continue reading