Kubernetes Unpacked 031: Is Kubernetes Getting Boring?
In today's Kubernetes Unpacked, Kristina and Michael talk about whether Kubernetes is getting boring, and how elements such as service mesh, security-centric CNIs, and movements such as GitOps, can keep Kubernetes moving forward.
The post Kubernetes Unpacked 031: Is Kubernetes Getting Boring? appeared first on Packet Pushers.
Kubernetes Unpacked 031: Is Kubernetes Getting Boring?
In today's Kubernetes Unpacked, Kristina and Michael talk about whether Kubernetes is getting boring, and how elements such as service mesh, security-centric CNIs, and movements such as GitOps, can keep Kubernetes moving forward.Routing information now on Cloudflare Radar
Routing is one of the most critical operations of the Internet. Routing decides how and where the Internet traffic should flow from the source to the destination, and can be categorized into two major types: intra-domain routing and inter-domain routing. Intra-domain routing handles making decisions on how individual packets should be routed among the servers and routers within an organization/network. When traffic reaches the edge of a network, the inter-domain routing kicks in to decide what the next hop is and forward the traffic along to the corresponding networks. Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet.
Today, we are introducing another section on Cloudflare Radar: the Routing page, which focuses on monitoring the BGP messages exchanged to extract and present insights on the IP prefixes, individual networks, countries, and the Internet overall. The new routing data allows users to quickly examine routing status of the Internet, examine secure routing protocol deployment for a country, identify routing anomalies, validate IP block reachability and much more from globally distributed vantage points.
It’s a detailed view of how the Internet itself holds together.
Collecting routing statistics
The Internet consists of tens of thousands of interconnected Continue reading
Q2 2023 Internet disruption summary
This post is also available in Deutsch, Français, 日本語, 简体中文, 繁體中文 and 한국어.
Cloudflare operates in more than 300 cities in over 100 countries, where we interconnect with over 12,000 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions.
The second quarter of 2023 was a particularly busy one for Internet disruptions, and especially for government-directed Internet shutdowns. During the quarter, we observed many brief disruptions, but also quite a few long-lived ones. In addition to the government-directed Internet shutdowns, we also observed partial or complete outages due to severe weather, cable damage, power outages, general or unspecified technical problems, cyberattacks, military action, and infrastructure maintenance.
As we have noted in the past, this post is intended as a summary overview of observed disruptions, and is not an exhaustive or complete list of issues that have occurred during the quarter.
Government directed
Late spring often marks the start of a so-called “exam season” in several Continue reading
Day Two Cloud 204: Deploying Cloud-Delivered Security With Cisco Secure Access (Sponsored)
On today's Day Two Cloud we get inside Cisco Secure Access, a new set of cloud-delivered security services from Cisco. We discuss the security capabilities on offer, the service's architecture and components, how Cisco addresses concerns around user experience and performance, and more. This is a sponsored episode.
The post Day Two Cloud 204: Deploying Cloud-Delivered Security With Cisco Secure Access (Sponsored) appeared first on Packet Pushers.
Day Two Cloud 204: Deploying Cloud-Delivered Security With Cisco Secure Access (Sponsored)
On today's Day Two Cloud we get inside Cisco Secure Access, a new set of cloud-delivered security services from Cisco. We discuss the security capabilities on offer, the service's architecture and components, how Cisco addresses concerns around user experience and performance, and more. This is a sponsored episode.2023 IT Pay Holds Steady Despite Economic Pressures and AI Boom
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.6 Best Practices for Data Security Posture Management (DSPM)
DSPM can greatly enhance an enterprise’s cyber defenses and proactively protect its sensitive data against unauthorized access and other types of data breaches.SD-WAN Deployment Failures 101: Lessons From The Field
SD-WAN is a cost-effective, flexible alternative to traditional MPLS networks, but the high rate of failed deployments indicates that achieving successful implementation is not straightforward. Organizations must be prepared to embrace new experience-driven approaches to network management, such as the need for visibility into unmanaged networks, to deploy SD-WAN effectively.
The post SD-WAN Deployment Failures 101: Lessons From The Field appeared first on Packet Pushers.
Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored)
Wireless pros sit at the intersection of networking and security. On today's Heavy Wireless, sponsored by Fortinet, Keith Parsons and guest Ben Wilson discuss this convergence, why visibility into the WLAN and device identity are essential, how Fortinet integrates its Fortigate firewalls with wired and wireless neteworks for unified management and policy enforcement, and more.
The post Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored) appeared first on Packet Pushers.
Heavy Wireless 007: Why Networking And Security Convergence Is Important For Wireless Pros (Sponsored)
Wireless pros sit at the intersection of networking and security. On today's Heavy Wireless, sponsored by Fortinet, Keith Parsons and guest Ben Wilson discuss this convergence, why visibility into the WLAN and device identity are essential, how Fortinet integrates its Fortigate firewalls with wired and wireless neteworks for unified management and policy enforcement, and more.CXL: A New Memory High-Speed Interconnect Fabric
CXL enables the disaggregation of memory from compute, which can dramatically improve the performance of data-intensive workloads.Preventing Vulnerable Container Deployments with Admission Control
In a previous blog post, Hands-on guide: How to scan and block container images to mitigate SBOM attacks, we looked at how Software Supply Chain threats can be identified and assessed. The severity of these vulnerabilities determine the posture or scan result for an image i.e. Pass, Warning or Fail. The next question is “What can we do with these results?”. To improve the security posture to reduce attacks on your workload we must ensure that workloads have the fewest possible vulnerabilities and layer on configuration security with KSPM, egress controls, and microsegmentation.
In this post we will cover how the scan results can be leveraged to add an additional layer of protection during Deploy Time in application deployment lifecycles.
It’s worth noting that Calico’s Image Scanner is an offline binary which can be run locally. This means the Image Scanner can be baked into any existing Continuous Integration/Continuous Delivery(CI/CD) pipeline. For example, after an image has been built the image can be scanned by the Image Scanner in an Execution Environment. Here checks can be configured to prevent the image from being pushed to a registry should vulnerabilities be detected. This is effectively how image scanning Continue reading