OARC 40
OARC held a 2-day meeting in February, with a set of presentations on various DNS topics. Here’s some observations that I picked up from the presentations in that meeting.Navigating the security challenges of multi-tenancy in a cloud environment
Multi-tenancy can maximize the number of resources that are utilized in a cluster by sharing these resources between different groups, teams, or customers. However, boundaries must be placed to avoid problems associated with resource-sharing. On top of that, in a multi-tenant cluster, the number of security policies might gradually grow to the point where a slight misconfiguration could cause major security problems, performance issues, and service disruptions.
In this blog post, we will focus on multi-tenancy issues such as bandwidth shortage, security policy scaling, privacy impacts, and suggest a few solutions that you can deploy to solve them in your environment. We will also look at how an eBPF-based security design can offer better performance and help you navigate the complex multi-tenant environment with ease.
What is multi-tenancy?
Technologies such as virtualization, containerization, or any other technologies that allow a range of different workloads to share the underlying hardware resources, all have a common goal—allocate resources as efficiently as possible and make the most of the available hardware. However, it is common for workloads that are running in such an environment to not fully utilize all the potential power that the hardware can offer, and in many cases, leave a Continue reading
Bringing It All Together – VMware Project Monterey – Packet Pushers Livestream w/ Dell Technologies – Video
VMware’s Project Monterey creates a virtual environment to run applications and services on Data Processing Units (DPUs). VMware is partnering with multiple server OEMs and DPU vendors to bring Project Monterey to distributed infrastructure. In this video, Drew Conry-Murray from the Packet Pushers is joined by VMware’s Paul Turner, Vice President Product Management vSphere. We […]
The post Bringing It All Together – VMware Project Monterey – Packet Pushers Livestream w/ Dell Technologies – Video appeared first on Packet Pushers.
One year of war in Ukraine: Internet trends, attacks, and resilience
The Internet has become a significant factor in geopolitical conflicts, such as the ongoing war in Ukraine. Tomorrow marks one year since the Russian invasion of that country. This post reports on Internet insights and discusses how Ukraine's Internet remained resilient in spite of dozens of disruptions in three different stages of the conflict.
Key takeaways:
- Internet traffic shifts in Ukraine are clearly visible from east to west as Ukrainians fled the war, with country-wide traffic dropping as much as 33% after February 24, 2022.
- Air strikes on energy infrastructure starting in October led to widespread Internet disruptions that continue in 2023.
- Application-layer cyber attacks in Ukraine rose 1,300% in early March 2022 compared to pre-war levels.
- Government administration, financial services, and the media saw the most attacks targeting Ukraine.
- Traffic from a number of networks in Kherson was re-routed through Russia between June and October, subjecting traffic to Russia’s restrictions and limitations, including content filtering. Even after traffic ceased to reroute through Russia, those Ukrainian networks saw major outages through at least the end of the year, while two networks remain offline.
- Through efforts on the ground to repair damaged fiber optics and restore electrical power, Ukraine’s networks have Continue reading
Azure Networking Fundamentals: Virtual WAN Part 2 – VNet Segmentation
VNets and VPN/ExpressRoute connections are associated with vHub’s Default Route Table, which allows both VNet-to-VNet and VNet-to-Remote Site IP connectivity. This chapter explains how we can isolate vnet-swe3 from vnet-swe1 and vnet-swe2 using VNet-specific vHub Route Tables (RT), still allowing VNet-to-VPN Site connection. As a first step, we create a Route Table rt-swe12 to which we associate VNets vnet-swe1 and vnet-swe2. Next, we deploy a Route Table rt-swe3 for vnet-swe3. Then we propagate routes from these RTs to Default RT but not from rt-swe12 to rt-swe3 and vice versa. Our VPN Gateway is associated with the Default RT, and the route to remote site subnet 10.11.11.0/24 is installed into the Default RT. To achieve bi-directional IP connectivity, we also propagate routes from the Default RT to rt-swe-12 and rt-swe3. As the last step, we verify both Control Plane operation and Data Plane connections.
Figure 12-1: Virtual Network Segmentation.
IPv6 Buzz 120: Revisiting IPv6 Address Allocation – What’s The Right Size For Your Organization?
Today's podcast episode revisits the subject of IPv6 address allocation along with how changes in network planning and Regional Internet Registry (RIR) policy are influencing allocation size requests. We also look at how network trends around IoT, cloud, and SD-WAN might affect allocation size and how to overcome "IPv4 thinking."
The post IPv6 Buzz 120: Revisiting IPv6 Address Allocation – What’s The Right Size For Your Organization? appeared first on Packet Pushers.
IPv6 Buzz 120: Revisiting IPv6 Address Allocation – What’s The Right Size For Your Organization?
Today's podcast episode revisits the subject of IPv6 address allocation along with how changes in network planning and Regional Internet Registry (RIR) policy are influencing allocation size requests. We also look at how network trends around IoT, cloud, and SD-WAN might affect allocation size and how to overcome "IPv4 thinking."Veeam Version 12 Brings More Innovation to Backup and Recovery
The company’s new data platform approach focuses on three areas of data management that are critical to enterprises: data security, data recovery, and data freedom.How Many Spines Should a Leaf-and-Spine Fabric Have?
One of my readers sent me a question along these lines:
How do we determine the number of spines needed in a leaf-and-spine fabric? It’s easy to calculate the number of leaf nodes from the required number of server ports, and two spines give you the redundancy. Does it make sense to have more spines if two are good enough from the capacity perspective?
There are at least two factors to consider:
How Many Spines Should a Leaf-and-Spine Fabric Have?
One of my readers sent me a question along these lines:
How do we determine the number of spines needed in a leaf-and-spine fabric? It’s easy to calculate the number of leaf nodes from the required number of server ports, and two spines give you the redundancy. Does it make sense to have more spines if two are good enough from the capacity perspective?
There are at least two factors to consider:
Hedge 167: Christopher Wood and masque
For last week’s show, we had Christopher Wood on to talk about oDoH. This week, Chris joins us again to talk about Multiplexed Application Substrate over QUIC Encryption, or masque, which is a more generalized privacy proxy. You can find more about masque at the IETF WG page.
Chatbot Attack Vectors And Failure Modes In Networking And IT
With the release of ChatGPT as a product, Microsoft brought Machine Learning (ML) and Artificial Intelligence (AI) back into focus for millions of users—including network operators, coders, and other folks in information technology. People are once against asking if this technology will make them redundant or how it might change their day-to-day jobs. As always, […]
The post Chatbot Attack Vectors And Failure Modes In Networking And IT appeared first on Packet Pushers.