Archive

Category Archives for "Networking"

What David Flanagan Learned Fixing Kubernetes Clusters

People are mean. That’s one of the first things David Flanagan learned by fixing 50+ deliberately broken Kubernetes clusters on his YouTube series, “Klustered.” In one case, the submitter substituted a ‘c’ character with a unicode doppleganger — it looked identical to a c on the terminal output — thus causing an error that led to Flanagan doubting himself and his ability to fix clusters. “I really hate that guy,” Flanagan confided at the Civo Navigate conference last week in Tampa. “That was a long episode, nearly two hours we spent trying to fix this. And what I love about that clip — because I promise you, I’m quite smart and I’m quite good with Kubernetes — but it had me doubting things that I know are not the fault. The fact that I thought a six digit number is going to cause any sort of overflow on a 64 bit system — of course not. But debugging is hard.” After that show, Klustered adopted a policy of no Unicode breaks. “You only learn when things go wrong,” Flanagan said. “This is why I really love doing Klustered. If you just have a cluster that just works, Continue reading

API Gateway, Ingress Controller or Service Mesh: When to Use What and Why

In just about every conversation on ingress controllers and service meshes, we hear some variation of the questions, “How is this tool different from an API gateway?” or “Do I need both an API gateway and an ingress controller (or service mesh) in Kubernetes?” This confusion is understandable for two reasons: Ingress controllers and service meshes can fulfill many API gateway use cases. Some vendors position their API gateway tool as an alternative to using an ingress controller or service mesh — or they roll multiple capabilities into one tool. Here, we will tackle how these tools differ and which to use for Kubernetes-specific API gateway use cases. For a deeper dive, including demos, watch the webinar “API gateway routes API requests from a client to the appropriate services. But a big misunderstanding about this simple definition is the idea that an API gateway is a unique piece of technology. It’s not. Rather, “API gateway” describes a set Continue reading

Hedge 166: Oblivious DoH with Chris Wood

DNS over HTTPS, or DoH, is designed to protect the end user’s DNS queries from last mile providers—but recursive servers (or resolvers) also have full access to what a user is asking for. How can users preserve their privacy against data collection at recursive servers? ODoH provides one answer. Listen in as Tom Ammon, Chris Wood, and Russ White discuss how ODoH works, and what this means for user privacy.

download

To DNSSEC or Not?

OARC held a 2-day meeting in February, with a set of presentations on various DNS topics. Here’s some observations that I picked up from the presentations in that meeting.

Aryaka to build new points of presence as enterprises shift to SaaS

Secure access service edge (SASE) and SD-WAN provider Aryaka is set to open 27 new points of presence in 21 countries and 15 major metropolitan areas, with the goal of delivering low-latency services to a broader potential client base.Aryaka's AppAssure routing and application performance solution will be present in all new and current POPs, providing SaaS-based application delivery across its network, according to a company announcement. Aryaka said it will also support wireless last-mile connectivity worldwide.To read this article in full, please click here

So long, and thanks for all the deployments: deprecating Wrangler v1

So long, and thanks for all the deployments:  deprecating Wrangler v1
So long, and thanks for all the deployments:  deprecating Wrangler v1

Cloudflare Workers allow developers to deploy code instantly across the globe. Wrangler is the CLI tool we build (and use!) to create, modify, and upload Workers. We recently announced a new version of Wrangler with a bunch of new features – including offline development, zero-config startup, and developer tools support. Since then, we’ve been working hard to make the developer experience with version 2 as smooth and enjoyable as possible. We’re confident in what we’ve built and are now planning to officially deprecate version 1.

What’s happening?

Version 1 of Wrangler (@cloudflare/wrangler on npm) is now deprecated, which means no new features or bug fixes will be published unless they’re critical. Beginning August 2023, no further updates will be provided and the Wrangler v1 GitHub repo will be archived. We strongly recommend you upgrade to version 2 (wrangler on npm) to receive continued support. We have a migration guide to make this process easy!

Why?

Our goal is to make development on the Cloudflare platform as smooth and enjoyable as possible. Whether that means simplifying common workflows, incorporating powerful tools into the Wrangler codebase, or opening up Wrangler for use as a library Continue reading

Oracle outages serve as warning for companies relying on cloud technology

Multiple Oracle Cloud Infrastructure (OCI) outages have hit users around the world this week, and coming after interruptions in Microsoft's cloud services last month, are a reminder of the importance of site engineering for systems administrators whose businesses rely on cloud-based mission critical applications.The biggest OCI outage this week began on 17:30 GMT Monday and stretched till Wednesday 22:30 GMT, impacting customers across North and South America, Australia, Asia Pacific, Middle East, Europe and Africa.“Oracle engineers identified a performance issue within the back-end infrastructure supporting the OCI Public DNS API, which prevented some incoming service requests from being processed as expected during the impact window,” the company said on its cloud infrastructure  website.To read this article in full, please click here

Kubernetes Unpacked 019: Understanding Service Meshes And Linkerd

In today's Kubernetes Unpacked podcast, we explore the concept of a service mesh and why you might want to run one in a Kubernetes cluster. While there are many service meshes to choose from we focus on Linkerd. Linkerd is available under an Apache 2.0 license and hosted by the Cloud Native Computing Foundation (CNCF).

The post Kubernetes Unpacked 019: Understanding Service Meshes And Linkerd appeared first on Packet Pushers.

Day Two Cloud 182: Assembling The Multicloud Networking Puzzle To Operate At Cloud Speed (Sponsored)

Today's Day Two Cloud assembles a panel to discuss the challenges of multicloud networking. We're sponsored by Prosimo, and the recording took place live at AWS re:Invent 2022. We discuss how and why an org goes multicloud, cloud networking issues, integrating ZTNA, and more.

The post Day Two Cloud 182: Assembling The Multicloud Networking Puzzle To Operate At Cloud Speed (Sponsored) appeared first on Packet Pushers.

Process monitoring: How you can detect malicious behavior in your containers

The default pod provisioning mechanism in Kubernetes has a substantial attack surface, making it susceptible to malevolent exploits and container breakouts. To achieve effective runtime security, your containerized workloads in Kubernetes require multi-layer process monitoring within the container.

In this article, I will introduce you to process monitoring and guide you through a Kubernetes-native approach that will help you enforce runtime security controls and detect unauthorized access of host resources.

What is process monitoring?

When you run a containerized workload in Kubernetes, several layers should be taken into account when you begin monitoring the process within a container. This includes container process logs and artifacts, Kubernetes and cloud infrastructure artifacts, filesystem access, network connections, system calls required, and kernel permissions (specialized workloads). Your security posture depends on how effectively your solutions can correlate disparate log sources and metadata from these various layers. Without effective workload runtime security in place, your Kubernetes workloads, which have a large attack surface, can easily be exploited by adversaries and face container breakouts.

Traditional monitoring systems

Before I dive into the details on how to monitor your processes and detect malicious activities within your container platform, let us first take a look at some of Continue reading

Cisco chips away at product backlog but challenges remain

Cisco is getting more products out the door, thanks to significant product redesigns and relentless efforts by its supply-chain team to address component shortages, but the situation is still challenging.“While components for a few product areas remain highly constrained, we did see an overall improvement in the supply chain,” said Cisco CEO Chuck Robbins during a call with financial analysts to discuss the vendor's second-quarter results. Cisco reduced its backlog 6% sequentially in the second quarter, however total backlog grew year over year, Robbins said, though he didn't cite an exact dollar figure. The company still expects to have a backlog that’s roughly double what it would normally be at the end of the year. (In February of last year, Cisco said its product backlog was valued at nearly $14 billion.)To read this article in full, please click here

Cisco chips away at product backlog but challenges remain

Cisco is getting more products out the door, thanks to significant product redesigns and relentless efforts by its supply-chain team to address component shortages, but the situation is still challenging.“While components for a few product areas remain highly constrained, we did see an overall improvement in the supply chain,” said Cisco CEO Chuck Robbins during a call with financial analysts to discuss the vendor's second-quarter results. Cisco reduced its backlog 6% sequentially in the second quarter, however total backlog grew year over year, Robbins said, though he didn't cite an exact dollar figure. The company still expects to have a backlog that’s roughly double what it would normally be at the end of the year. (In February of last year, Cisco said its product backlog was valued at nearly $14 billion.)To read this article in full, please click here