CloudFlare: From IP packets to HTTP
Want to know some details behind the CloudFlare SD-WAN implementation? You might find them in From IP packets to HTTP: the many faces of our Oxy framework.
I don’t know enough about Linux networking to figure out whether one could use those details to build something similar, but CloudFlare blog posts keep begin much better than Google’s Look How Awesome We Are recruitment drives.
CloudFlare: From IP packets to HTTP
Want to know some details behind the CloudFlare SD-WAN implementation? You might find them in From IP packets to HTTP: the many faces of our Oxy framework.
I don’t know enough about Linux networking to figure out whether one could use those details to build something similar, but CloudFlare blog posts keep begin much better than Google’s Look How Awesome We Are recruitment drives.
Heavy Networking 676: Implementing ZTNA And SASE With Fortinet (Sponsored)
Fortinet is a security vendor most of you have heard of. But if all you think of when you hear the name “Fortinet” is firewalls, well yeah, but you should think more broadly. On today's sponsored Heavy Networking we're going after the work-from-anywhere challenge with Fortinet’s Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) tech, all of which is baked into FortiOS. If you’re running a FortiGate, you’ve got these capabilities already.
The post Heavy Networking 676: Implementing ZTNA And SASE With Fortinet (Sponsored) appeared first on Packet Pushers.
Heavy Networking 676: Implementing ZTNA And SASE With Fortinet (Sponsored)
Fortinet is a security vendor most of you have heard of. But if all you think of when you hear the name “Fortinet” is firewalls, well yeah, but you should think more broadly. On today's sponsored Heavy Networking we're going after the work-from-anywhere challenge with Fortinet’s Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) tech, all of which is baked into FortiOS. If you’re running a FortiGate, you’ve got these capabilities already.Hedge 176: OpenAI, ChatGPT, and the Cost of a Data Center
It’s time for the April Hedge roundtable! This month Eyvonne, Russ, and Tom are talking about OpenAI, the hype around AI, the “pause letter” and the lack of a real conversation, and the rising costs of building and operating a data center. As always, let us know if you have topics you’d like to hear us talk about, or guests you’d like to hear.
Thanks for listening!
Driver adventures for a 1999 webcam
Driver adventures for a 1999 webcam
We generally know that when we buy a piece of technology that it will not last forever, connectors wear out and/or go out of fashion. But I think the most frust
Advantages and Drawbacks of EVPN-based Multihoming
Lukas Krattiger wrapped up his EVPN-versus-MLAG presentation (part of EVPN Deep Dive webinar) with an overview of the advantages and drawbacks of EVPN-based multihoming solutions:
- N-way multihoming
- Flexible connectivity (no need for a peer link)
- Fabric-wide scope (MAC multipathing required on ingress node)
You need Free ipSpace.net Subscription to watch the video. To watch the whole webinar, buy Standard or Expert ipSpace.net Subscription.
Advantages and Drawbacks of EVPN-based Multihoming
Lukas Krattiger wrapped up his EVPN-versus-MLAG presentation (part of EVPN Deep Dive webinar) with an overview of the advantages and drawbacks of EVPN-based multihoming solutions:
- N-way multihoming
- Flexible connectivity (no need for a peer link)
- Fabric-wide scope (MAC multipathing required on ingress node)
You need Free ipSpace.net Subscription to watch the video. To watch the whole webinar, buy Standard or Expert ipSpace.net Subscription.
Why Five Nines of Service Availability Matters for SASE
The following sponsored blog post was written by Anupam Upadhyaya at Palo Alto Networks. We thank Palo Alto Networks for being a sponsor. Prisma Access, the cloud-delivered security service from Palo Alto Networks, delivers an industry-leading 99.999% uptime SLA A question that is often asked in the industry is “Do we really need 99.999% uptime […]
The post Why Five Nines of Service Availability Matters for SASE appeared first on Packet Pushers.
Using Calico Egress gateway and access controls to secure traffic
As more organizations embrace containerization and adopt Kubernetes, they reap the benefits of platform scalability, application portability, and optimized infrastructure utilization. However, with this shift comes a new set of security challenges related to enabling connectivity for applications in heterogeneous environments.
In this blog post, we’ll explore a real-life scenario of security exposure resulting from egress traffic leaving the Kubernetes cluster. We’ll examine how the Calico Egress Gateway can help mitigate these issues by providing robust access control. By using Calico Egress Gateway, enterprises can secure communication from their Kubernetes workloads to the internet, 3rd party applications and networks while maintaining a high level of security.
The Calico Egress Gateway enforces security policies to regulate traffic flowing out of the Kubernetes cluster, providing granular control over egress traffic. This ensures that only authorized traffic is allowed to leave the cluster, mitigating the risks associated with unauthorized outbound traffic.
Egress security challenges
For enterprises developing cloud-native applications with containers and Kubernetes, a frequent requirement is to connect to a database server hosted either on-prem or in the cloud, which is safeguarded by a network-based firewall. Since workloads with Kubernetes are dynamic without a fixed IP address, enabling such connectivity from workloads Continue reading
Kubernetes Unpacked 024: Day Zero Kubernetes With Kristina Devochko
In this episode, Michael catches up with Kristina Devochko, a Senior Software Architect to talk about Day Zero Kubernetes. Originally, Michael thought that it would be similar to Day One and Day Two Ops, but Day Zero is drastically different. Kristina and Michael discuss what engineers need to know to get the job done, how to think about planning Kubernetes architecture, and overall security best practices for what’s needed in Day Zero.
The post Kubernetes Unpacked 024: Day Zero Kubernetes With Kristina Devochko appeared first on Packet Pushers.
Kubernetes Unpacked 024: Day Zero Kubernetes With Kristina Devochko
In this episode, Michael catches up with Kristina Devochko, a Senior Software Architect to talk about Day Zero Kubernetes. Originally, Michael thought that it would be similar to Day One and Day Two Ops, but Day Zero is drastically different. Kristina and Michael discuss what engineers need to know to get the job done, how to think about planning Kubernetes architecture, and overall security best practices for what’s needed in Day Zero.Mastodon Needs More Brand Support
As much as I want to move over to Mastodon full time, there’s one thing I feel that is massively holding it back. Yes, you can laud the big things about federations and freedom as much as you want. However, one thing I’ve seen hanging out in the fringes of the Fediverse that will ultimately hold Mastodon back is the hostility toward brands.
Welcoming The Crowd
If you’re already up in arms because of that opening, ask yourself why. What is it about a brand that has you upset? Don’t they have the same right to share on the platform as the rest of us? I will admit that not every person on Mastodon has this outward hostility toward companies. However I can also sense this feeling that brands don’t belong.
It reminds me a lot of the thinly veiled distaste for companies that some Linux proponents have. The “get your dirty binary drivers out of my pristine kernel” crowd. The ones that want the brands to bend to their will and only do things the way they want. If you can’t provide us the drivers and software for free with full code support for us to hack as much Continue reading