Archive

Category Archives for "Networking"

Tech Bytes: Pica8 NOS Enables Multi-Vendor Networking To Solve Campus Supply Chain Problems (Sponsored)

Today on the Tech Bytes podcast we speak with sponsor Pica8 about how whitebox networking gives engineers the flexibility to choose the hardware and software that best meets their campus needs. Because Pica8’s network OS can run on multiple hardware platforms, engineers can overcome challenges including supply chain disruptions, end-of-life hardware, and security events.

The post Tech Bytes: Pica8 NOS Enables Multi-Vendor Networking To Solve Campus Supply Chain Problems (Sponsored) appeared first on Packet Pushers.

Tech Bytes: Pica8 NOS Enables Multi-Vendor Networking To Solve Campus Supply Chain Problems (Sponsored)

Today on the Tech Bytes podcast we speak with sponsor Pica8 about how whitebox networking gives engineers the flexibility to choose the hardware and software that best meets their campus needs. Because Pica8’s network OS can run on multiple hardware platforms, engineers can overcome challenges including supply chain disruptions, end-of-life hardware, and security events.

Network Break 431: Juniper NAC Emerges From The Mist; New Google TLDs Are A Bad Idea

This week's Network Break looks at a new Network Access Control (NAC) offering from Juniper, plus a ChatGPT integration with Juniper's Marvis. Google debuts new Top-Level Domains that have security experts worried, Cisco reports a robust Q3, Broadcom tries to assuage EU regulators about its VMware acquisition, and more tech news.

The post Network Break 431: Juniper NAC Emerges From The Mist; New Google TLDs Are A Bad Idea appeared first on Packet Pushers.

5G network slices could be vulnerable to attack, researchers say

5G promises increased speed, lower latency, and support for a significantly larger number of connected devices. But the growth in devices and in new applications that will ensue also will expand the attack surface, offering new opportunities for malicious actors to take advantage of security gaps.Plus, as with any new technology, there is a great deal of potential for misconfigurations, errors, and unpatched vulnerabilities while companies are still learning how to deploy and secure 5G at scale.About 75% of communication service providers worldwide said that they had experienced up to six security breaches of 5G networks within the past year, according to a November 2022 survey by GlobalData and Nokia. Half of the respondents said that they experienced an attack that resulted in the leakage of customer data, and nearly three quarters said that an attack had caused a service outage.To read this article in full, please click here

Recapping Developer Week

Recapping Developer Week
Recapping Developer Week

Developer Week 2023 is officially a wrap. Last week, we shipped 34 posts highlighting what has been going on with our developer platform and where we’re headed in the future – including new products & features, in-depth tutorials to help you get started, and customer stories to inspire you.

We’ve loved already hearing feedback from you all about what we’ve shipped:

Launching our new Open Source Software Sponsorships Program

Launching our new Open Source Software Sponsorships Program
Launching our new Open Source Software Sponsorships Program

In 2018, we first launched our Open Source Software Sponsorships program, and since then, we've been listening to your feedback, and realized that it's time to introduce a fresh and enhanced version of the program that's more inclusive and better addresses the needs of the OSS community.

Launching our new Open Source Software Sponsorships Program
A subset of open source projects on Cloudflare. See more >>

Previously, our sponsorship focused on engineering tools, but we're excited to announce that we've now opened it to include any non-profit and open source projects.

Program criteria and eligibility

To qualify for our Open Source Sponsorship Program, projects must be open source and meet the following criteria:

  1. Operate on a non-profit basis.
  2. Include a link back to our home page.

Please keep in mind that this program isn't intended for event sponsorships, but rather for project-based support.

Sponsorship benefits

As part of our sponsorship program, we offer the following benefits to projects:

Can Cloudflare help your open source project be successful and sustainable? Fill out the application form to submit your project Continue reading

Announcing Cohort #2 of the Workers Launchpad

Announcing Cohort #2 of the Workers Launchpad
Announcing Cohort #2 of the Workers Launchpad

We launched the $2B Workers Launchpad Funding Program in late 2022 to help support the over one million developers building on Cloudflare’s Developer Platform, many of which are startups leveraging Cloudflare to ship faster, scale more efficiently, and accelerate their growth.

Cohort #1 wrap-up

Since announcing the program just a few months ago, we have welcomed 25 startups from all around the world into our inaugural cohort and recently wrapped up the program with the Demo Day. Cohort #1 gathered weekly for Office Hours with our Solutions Architects for technical advice and the Founders Bootcamp, where they spent time with Cloudflare leadership, preview upcoming products with our Developer Platform Product Managers, and receive advice on a wide range of topics such as how to build Sales teams and think about the right pricing model for your product.

Learn more about what these companies are building and what they’ve been up to below:

Authdog

Identity and Access Management streamlined.

Demo Day pitch

Why they chose Cloudflare
“Cloudflare is the de facto Infrastructure for building resilient serverless products, it was a no-brainer to migrate to Cloudflare Workers to build the most frictionless experience for our customers.”

Recent updates
Learn more about Continue reading

Frontier still reigns as world’s fastest supercomputer

For the third time in a row, Frontier is ranked number one among the world’s fastest supercomputers, and it remains the only whose fastest speed exceeds one exaFLOPS.At 1.194 quintillion floating point operations per second (FLOPS), Frontier kept its ranking with more than double the top speed of its nearest competitor, according to the list compiled by TOP500, which issues the rankings twice a year. A quintillion is 1018 or one exaFLOPS (EFLOPS).The number two machine, Fugaku, maxed out at 442.01petaFLOPS. A petaFLOPS is 1015 FLOPS.Two competitors in the top 10 improved their speeds since the last ranking period that ended in November 2022, but not nearly enough to even draw close. Those two—LUMI and Leonardo—rank third and fourth, respectively.To read this article in full, please click here

Frontier still reigns as world’s fastest supercomputer

For the third time in a row, Frontier is ranked number one among the world’s fastest supercomputers, and it remains the only whose fastest speed exceeds one exaFLOPS.At 1.194 quintillion floating point operations per second (FLOPS), Frontier kept its ranking with more than double the top speed of its nearest competitor, according to the list compiled by TOP500, which issues the rankings twice a year. A quintillion is 1018 or one exaFLOPS (EFLOPS).The number two machine, Fugaku, maxed out at 442.01petaFLOPS. A petaFLOPS is 1015 FLOPS.Two competitors in the top 10 improved their speeds since the last ranking period that ended in November 2022, but not nearly enough to even draw close. Those two—LUMI and Leonardo—rank third and fourth, respectively.To read this article in full, please click here

VPP MPLS – Part 3

VPP

About this series

Special Thanks: Adrian vifino Pistol for writing this code and for the wonderful collaboration!

Ever since I first saw VPP - the Vector Packet Processor - I have been deeply impressed with its performance and versatility. For those of us who have used Cisco IOS/XR devices, like the classic ASR (aggregation service router), VPP will look and feel quite familiar as many of the approaches are shared between the two.

In the [first article] of this series, I took a look at MPLS in general, and how setting up static Label Switched Paths can be done in VPP. A few details on special case labels (such as Implicit Null which enabled the fabled Penultimate Hop Popping) were missing, so I took a good look at them in the [second article] of the series.

This was all just good fun but also allowed me to buy some time for @vifino who has been implementing MPLS handling within the Linux Control Plane plugin for VPP! This final article in the series shows the engineering considerations that went in to writing the plugin, which is currently under review but reasonably complete. Considering the VPP Continue reading

NVA Part III: NVA Redundancy – Connection from the Internet

This chapter is the first part of a series on Azure's highly available Network Virtual Appliance (NVA) solutions. It explains how we can use load balancers to achieve active/active NVA redundancy for connections initiated from the Internet.

In Figure 4-1, Virtual Machine (VM) vm-prod-1 uses the load balancer's Frontend IP address 20.240.9.27 to publish an application (SSH connection) to the Internet. Vm-prod-1 is located behind an active/active NVA FW cluster. Vm-prod-1 and NVAs have vNICs attached to the subnet 10.0.2.0/24.

Both NVAs have identical Pre- and Post-routing policies. If the ingress packet's destination IP address is 20.240.9.27 (load balancer's Frontend IP) and the transport layer protocol is TCP, the policy changes the destination IP address to 10.0.2.6 (vm-prod-1). Additionally, before routing the packet through the Ethernet 1 interface, the Post-routing policy replaces the original source IP with the IP address of the egress interface Eth1.

The second vNICs of the NVAs are connected to the subnet 10.0.1.0/24. We have associated these vNICs with the load balancer's backend pool. The Inbound rule binds the Frontend IP address to the Backend pool and defines the load-sharing policies. In our example, the packets of SSH connections from the remote host to the Frontend IP are distributed between NVA1 and NVA2. Moreover, an Inbound rule determines the Health Probe policy associated with the Inbound rule.

Note! Using a single VNet design eliminates the need to define static routes in the subnet-specific route table and the VM's Linux kernel. This solution is suitable for small-scale implementations. However, the Hub-and-Spoke VNet topology offers simplified network management, enhanced security, scalability, performance, and hybrid connectivity. I will explain how to achieve NVA redundancy in the Hub-and-Spoke VNet topology in upcoming chapters.



Figure 4-1: Example Diagram. 

Why Is Source Address Validation Still a Problem?

I mentioned IP source address validation (SAV) as one of the MANRS-recommended actions in the Internet Routing Security webinar but did not go into any details (as the webinar deals with routing security, not data-plane security)… but I stumbled upon a wonderful companion article published by RIPE Labs: Why Is Source Address Validation Still a Problem?.

The article goes through the basics of SAV, best practices, and (most interesting) using free testing tools to detect non-compliant networks. Definitely worth reading!

Why Is Source Address Validation Still a Problem?

I mentioned IP source address validation (SAV) as one of the MANRS-recommended actions in the Internet Routing Security webinar but did not go into any details (as the webinar deals with routing security, not data-plane security)… but I stumbled upon a wonderful companion article published by RIPE Labs: Why Is Source Address Validation Still a Problem?.

The article goes through the basics of SAV, best practices, and (most interesting) using free testing tools to detect non-compliant networks. Definitely worth reading!

1 211 212 213 214 215 3,442