OpenTelemetry is an open-source project that brings together tools, SDKs, and APIs for collecting telemetry--that is, logs, metrics, and traces---in a standardized way. The goal of the project is to help developers and operators instrument highly distributed applications and services to understand dependencies, monitor performance, and quickly troubleshoot problems. On today's Day Two Cloud podcast we explore OpenTelemetry and how it works. We also discuss the difference between visibility and observability, and why this matters. Our guest is Ben Hall.
The post Day Two Cloud 192: OpenTelemetry – Getting From Visibility To Observability With Ben Hall appeared first on Packet Pushers.
One of my readers worried about the control-plane-induced MAC learning lag in EVPN-based networks:
In all discussions about the advantages/disadvantages of VXLAN/EVPN, I can’t find any regarding the lag in learning new macs when you use the control plane for mac learning.
EVPN is definitely slower than data plane-based dynamic MAC learning (regardless of whether it’s done in hardware or software), but so is MLAG.
One of my readers worried about the control-plane-induced MAC learning lag in EVPN-based networks:
In all discussions about the advantages/disadvantages of VXLAN/EVPN, I can’t find any regarding the lag in learning new macs when you use the control plane for mac learning.
EVPN is definitely slower than data plane-based dynamic MAC learning (regardless of whether it’s done in hardware or software), but so is MLAG.
The annual Global InfoSec Awards from Cyber Defense Magazine (CDM) have been announced, and we are excited to unveil that Tigera has won the ‘Hot Company: Container Security’ category! This award recognizes the value of the work Tigera does as a security company, and we wouldn’t be where we are without the support of our teams, customers, and community.
“We are honored to be recognized as one of the best in container security by Cyber Defense Magazine. As this is one of the most esteemed awards in cybersecurity, we are so grateful to have been selected amongst a pool of qualified applicants and are eager to continue to innovate and provide better container security for organizations,” said Amit Gupta, Chief Product Officer, Tigera.
Tigera’s transformative approach to container security helps prevent, detect, and mitigate threats in containers and Kubernetes environments across build, deploy and runtime stages. Calico Cloud provides a unique solution that gives users a single container security solution to improve security posture, reduce the attack surface with fine-grained security controls, and provide threat defense from network and host based threats.
Cyber Defense Magazine is the Continue reading
I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.
Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.
The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.
One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading
I just upgraded my Netbox server from v2.7.6 to v3.4.8. This is just a record of what I did in case anyone want to know how I did it.
Since we’re running such an old version of Netbox, we need to do an interim upgrade to v2.11.x before proceeding to v3.x.x. We decided on v2.11.12.
The main idea here is that you export you data, install on a VM, upgrade the app on that VM, then export it out after your upgrades are done. Of course, that is very simplified.
One key here is to take snapshots every time you do something. I started with an Ubuntu 20.04 install, ran an update, then took a snapshot. That’s where the real work starts, and a place to restore to when Continue reading
Earlier today, April 25, 2023, researchers Pedro Umbelino at Bitsight and Marco Lux at Curesec published their discovery of CVE-2023-29552, a new DDoS reflection/amplification attack vector leveraging the SLP protocol. If you are a Cloudflare customer, your services are already protected from this new attack vector.
Service Location Protocol (SLP) is a “service discovery” protocol invented by Sun Microsystems in 1997. Like other service discovery protocols, it was designed to allow devices in a local area network to interact without prior knowledge of each other. SLP is a relatively obsolete protocol and has mostly been supplanted by more modern alternatives like UPnP, mDNS/Zeroconf, and WS-Discovery. Nevertheless, many commercial products still offer support for SLP.
Since SLP has no method for authentication, it should never be exposed to the public Internet. However, Umbelino and Lux have discovered that upwards of 35,000 Internet endpoints have their devices’ SLP service exposed and accessible to anyone. Additionally, they have discovered that the UDP version of this protocol has an amplification factor of up to 2,200x, which is the third largest discovered to-date.
Cloudflare expects the prevalence of SLP-based DDoS attacks to rise significantly in the coming weeks as malicious actors learn how to exploit Continue reading