Archive

Category Archives for "Networking"

Frontier still reigns as world’s fastest supercomputer

For the third time in a row, Frontier is ranked number one among the world’s fastest supercomputers, and it remains the only whose fastest speed exceeds one exaFLOPS.At 1.194 quintillion floating point operations per second (FLOPS), Frontier kept its ranking with more than double the top speed of its nearest competitor, according to the list compiled by TOP500, which issues the rankings twice a year. A quintillion is 1018 or one exaFLOPS (EFLOPS).The number two machine, Fugaku, maxed out at 442.01petaFLOPS. A petaFLOPS is 1015 FLOPS.Two competitors in the top 10 improved their speeds since the last ranking period that ended in November 2022, but not nearly enough to even draw close. Those two—LUMI and Leonardo—rank third and fourth, respectively.To read this article in full, please click here

Frontier still reigns as world’s fastest supercomputer

For the third time in a row, Frontier is ranked number one among the world’s fastest supercomputers, and it remains the only whose fastest speed exceeds one exaFLOPS.At 1.194 quintillion floating point operations per second (FLOPS), Frontier kept its ranking with more than double the top speed of its nearest competitor, according to the list compiled by TOP500, which issues the rankings twice a year. A quintillion is 1018 or one exaFLOPS (EFLOPS).The number two machine, Fugaku, maxed out at 442.01petaFLOPS. A petaFLOPS is 1015 FLOPS.Two competitors in the top 10 improved their speeds since the last ranking period that ended in November 2022, but not nearly enough to even draw close. Those two—LUMI and Leonardo—rank third and fourth, respectively.To read this article in full, please click here

VPP MPLS – Part 3

VPP

About this series

Special Thanks: Adrian vifino Pistol for writing this code and for the wonderful collaboration!

Ever since I first saw VPP - the Vector Packet Processor - I have been deeply impressed with its performance and versatility. For those of us who have used Cisco IOS/XR devices, like the classic ASR (aggregation service router), VPP will look and feel quite familiar as many of the approaches are shared between the two.

In the [first article] of this series, I took a look at MPLS in general, and how setting up static Label Switched Paths can be done in VPP. A few details on special case labels (such as Implicit Null which enabled the fabled Penultimate Hop Popping) were missing, so I took a good look at them in the [second article] of the series.

This was all just good fun but also allowed me to buy some time for @vifino who has been implementing MPLS handling within the Linux Control Plane plugin for VPP! This final article in the series shows the engineering considerations that went in to writing the plugin, which is currently under review but reasonably complete. Considering the VPP Continue reading

NVA Part III: NVA Redundancy – Connection from the Internet

This chapter is the first part of a series on Azure's highly available Network Virtual Appliance (NVA) solutions. It explains how we can use load balancers to achieve active/active NVA redundancy for connections initiated from the Internet.

In Figure 4-1, Virtual Machine (VM) vm-prod-1 uses the load balancer's Frontend IP address 20.240.9.27 to publish an application (SSH connection) to the Internet. Vm-prod-1 is located behind an active/active NVA FW cluster. Vm-prod-1 and NVAs have vNICs attached to the subnet 10.0.2.0/24.

Both NVAs have identical Pre- and Post-routing policies. If the ingress packet's destination IP address is 20.240.9.27 (load balancer's Frontend IP) and the transport layer protocol is TCP, the policy changes the destination IP address to 10.0.2.6 (vm-prod-1). Additionally, before routing the packet through the Ethernet 1 interface, the Post-routing policy replaces the original source IP with the IP address of the egress interface Eth1.

The second vNICs of the NVAs are connected to the subnet 10.0.1.0/24. We have associated these vNICs with the load balancer's backend pool. The Inbound rule binds the Frontend IP address to the Backend pool and defines the load-sharing policies. In our example, the packets of SSH connections from the remote host to the Frontend IP are distributed between NVA1 and NVA2. Moreover, an Inbound rule determines the Health Probe policy associated with the Inbound rule.

Note! Using a single VNet design eliminates the need to define static routes in the subnet-specific route table and the VM's Linux kernel. This solution is suitable for small-scale implementations. However, the Hub-and-Spoke VNet topology offers simplified network management, enhanced security, scalability, performance, and hybrid connectivity. I will explain how to achieve NVA redundancy in the Hub-and-Spoke VNet topology in upcoming chapters.



Figure 4-1: Example Diagram. 

Why Is Source Address Validation Still a Problem?

I mentioned IP source address validation (SAV) as one of the MANRS-recommended actions in the Internet Routing Security webinar but did not go into any details (as the webinar deals with routing security, not data-plane security)… but I stumbled upon a wonderful companion article published by RIPE Labs: Why Is Source Address Validation Still a Problem?.

The article goes through the basics of SAV, best practices, and (most interesting) using free testing tools to detect non-compliant networks. Definitely worth reading!

Why Is Source Address Validation Still a Problem?

I mentioned IP source address validation (SAV) as one of the MANRS-recommended actions in the Internet Routing Security webinar but did not go into any details (as the webinar deals with routing security, not data-plane security)… but I stumbled upon a wonderful companion article published by RIPE Labs: Why Is Source Address Validation Still a Problem?.

The article goes through the basics of SAV, best practices, and (most interesting) using free testing tools to detect non-compliant networks. Definitely worth reading!

Weekend Reads 051923


When it comes to understanding what exactly confidential computing entails, it all begins with a trusted execution environment (TEE) that is rooted in hardware.


So, just for fun, we pulled out the trust Excel spreadsheet and tried to estimate what the feeds and speeds of the MI300 and the MI300A GPUs, the latter of which will be at the heart of the El Capitan system might be. Y


The popular PC storage manufacturer, Western Digital, has confirmed that it experienced a network security breach earlier this year, in which an unauthorized third party gained control of several of its systems.


How bad is the human security weakness problem? Verizon’s 2022 Data Breaches Investigations Report says 82 percent of data breaches have human involvement.


On 13 April 2023, through our recently launched Threat Intelligence Data Feeds (TIDF), we identified more than 1 million suspicious and malicious domains that figured in phishing, malware distribution, spam, and other cyber attacks, such as brute-force and distributed denial-of-service (DDoS) attacks.


Although honeypots are an effective solution for tracking attackers and preventing data theft, they have yet to be widely adopted due to their setup and maintenance difficulties.


If you want to get a sense of Continue reading

Heavy Networking 680: Speed Up Mean Time To WAN Innocence With Broadcom NetOps (Sponsored)

It's common for SD-WAN vendors to offer monitoring as part of the solution, but leaves the question … how do I monitor the rest of the network? Today’s sponsor Broadcom offers digital experience monitoring that is independent of the underlying WAN infrastructure. We explore how it works with guest is Jeremy Rossbach, Chief Technical Evangelist, NetOps by Broadcom.

The post Heavy Networking 680: Speed Up Mean Time To WAN Innocence With Broadcom NetOps (Sponsored) appeared first on Packet Pushers.

Heavy Networking 680: Speed Up Mean Time To WAN Innocence With Broadcom NetOps (Sponsored)

It's common for SD-WAN vendors to offer monitoring as part of the solution, but leaves the question … how do I monitor the rest of the network? Today’s sponsor Broadcom offers digital experience monitoring that is independent of the underlying WAN infrastructure. We explore how it works with guest is Jeremy Rossbach, Chief Technical Evangelist, NetOps by Broadcom.

UK announces $1.2B chip strategy, faces criticism over funding size

The UK government has finally unveiled its delayed 10-year strategy for supporting the country’s semiconductor industry, which includes £1 billion ($1.24 billion) in  investments to drive research and development efforts and shore up the industry’s talent pipeline.More than two years after the strategy was first promised, Prime Minister Rishi Sunak announced the policy Friday at a meeting of leaders of the G7 group of nations in Japan, coinciding with an agreement to launch a "semiconductors partnership" between the two countries in order to boost supply-chain resilience.“Semiconductors underpin the devices we use every day and will be crucial to advancing the technologies of tomorrow,” Sunak said in a statement. “Our new strategy focuses our efforts on where our strengths lie, in areas like research and design, so we can build our competitive edge on the global stage.”To read this article in full, please click here

Meta is working on its own chip, data center design for AI workloads

Facebook parent company Meta has revealed plans for the development of its own custom chip for running artifical intelligence models, and a new data center architecture for AI workloads.“We are executing on an ambitious plan to build the next generation of Meta’s AI infrastructure and today, we’re sharing some details on our progress. This includes our first custom silicon chip for running AI models, a new AI-optimized data center design and the second phase of our 16,000 GPU supercomputer for AI research,” Santosh Janardhan, head of infrastructure at Meta, wrote in a blog post Thursday.To read this article in full, please click here

Meta is working on its own chip, data center design for AI workloads

Facebook parent company Meta has revealed plans for the development of its own custom chip for running artifical intelligence models, and a new data center architecture for AI workloads.“We are executing on an ambitious plan to build the next generation of Meta’s AI infrastructure and today, we’re sharing some details on our progress. This includes our first custom silicon chip for running AI models, a new AI-optimized data center design and the second phase of our 16,000 GPU supercomputer for AI research,” Santosh Janardhan, head of infrastructure at Meta, wrote in a blog post Thursday.To read this article in full, please click here

More Node.js APIs in Cloudflare Workers — Streams, Path, StringDecoder

More Node.js APIs in Cloudflare Workers — Streams, Path, StringDecoder
More Node.js APIs in Cloudflare Workers — Streams, Path, StringDecoder

Today we are announcing support for three additional APIs from Node.js in Cloudflare Workers. This increases compatibility with the existing ecosystem of open source npm packages, allowing you to use your preferred libraries in Workers, even if they depend on APIs from Node.js.

We recently added support for AsyncLocalStorage, EventEmitter, Buffer, assert and parts of util. Today, we are adding support for:

We are also sharing a preview of a new module type, available in the open-source Workers runtime, that mirrors a Node.js environment more closely by making some APIs available as globals, and allowing imports without the node: specifier prefix.

You can start using these APIs today, in the open-source runtime that powers Cloudflare Workers, in local development, and when you deploy your Worker. Get started by enabling the nodejs_compat compatibility flag for your Worker.

Stream

The Node.js streams API is the original API for working with streaming data in JavaScript that predates the WHATWG ReadableStream standard. Now, a full implementation of Node.js streams (based directly on the official implementation provided by the Node.js project) is available within the Workers runtime.

Let's start with a quick example:

 Continue reading

Cloudflare Queues: messages at your speed with consumer concurrency and explicit acknowledgement

Cloudflare Queues: messages at your speed with consumer concurrency and explicit acknowledgement
Cloudflare Queues: messages at your speed with consumer concurrency and explicit acknowledgement

Communicating between systems can be a balancing act that has a major impact on your business. APIs have limits, billing frequently depends on usage, and end-users are always looking for more speed in the services they use. With so many conflicting considerations, it can feel like a challenge to get it just right. Cloudflare Queues is a tool to make this balancing act simple. With our latest features like consumer concurrency and explicit acknowledgment, it’s easier than ever for developers to focus on writing great code, rather than worrying about the fees and rate limits of the systems they work with.

Queues is a messaging service, enabling developers to send and receive messages across systems asynchronously with guaranteed delivery. It integrates directly with Cloudflare Workers, making for easy message production and consumption working with the many products and services we offer.

What’s new in Queues?

Consumer concurrency

Oftentimes, the systems we pull data from can produce information faster than other systems can consume them. This can occur when consumption involves processing information, storing it, or sending and receiving information to a third party system. The result of which is that sometimes, a queue can fall behind where it should be. Continue reading

1 251 252 253 254 255 3,483