Built.fm Podcast with David Gee
I had a lovely chat with David Gee on his built.fm podcast sometime in December. David switched jobs in the meantime, and so it took him a bit longer than expected to publish it. Chatting with David is always fun; hope you’ll enjoy our chat as much as I did.
Built.fm Podcast with David Gee
I had a lovely chat with David Gee on his built.fm podcast sometime in December. David switched jobs in the meantime, and so it took him a bit longer than expected to publish it. Chatting with David is always fun; hope you’ll enjoy our chat as much as I did.
Hedge 163: Netops, Mapping, and Working Hard
It’s one of those episodes where Tom, Eyvonne, and Russ just sit around and talk about the news of the day. We cover three topics in this show. The first is Netops, automation, and where this is all going. The second is on the FCC mapping process and the reality of broadband in the US. The third—perhaps a little controversial—is about IT work habits, innovation, and adding value.
Calico Open Source 2022 highlights
2022 has been a year full of new releases, new events, and new projects for Open Source Calico. Let’s take a look at Project Calico’s 2022 highlights and see if you’ve missed any exciting news.
New version releases
Project Calico is maintained by Tigera’s engineering team who are dedicated to adding new features, fixing bugs, and improving the user experience. Based on the feedback and support our team has received from the community, they have successfully released three new versions of Calico in the past year: v3.22, v3.23, and v3.24.
V3.22 (January 28th 2022)
- Project Calico is now only a single directory, making it easier for contributors to add their changes
- Ability to convert Kubernetes NetworkPolicy objects into Calico NetworkPolicies
V3.23 (May 9th 2022)
- Added IPv6 VXLAN support
- Added VPP dataplane beta
- Added Calico networking support in AKS
- BGP enhancements
- Added container storage interface (CSI) support
- Added Windows HostProcess containers support (tech preview)
V3.24 (August 18th 2022)
- Added IPv6 WireGuard support
- Added IPAM API enhancements
- More operator installation configuration options
- Added ability to split IP pools
- Transitioned from pod security policies to pod security standards
Calico education and training
The newest addition to our Continue reading
Azure Networking Fundamentals: Internet Access with VM-Specific Public IP
Comment: Here is a part of the introduction section of the Third chapter of my Azure Networking Fundamentals book. I will also publish other chapters' introduction sections soon so you can see if the book is for you. The book is available at Leanpub and Amazon (links on the right pane).
In chapter two, we created a VM vm-Bastion and associated a Public IP address to its attached NIC vm-bastion154. The Public IP addresses associated with VM’s NIC are called Instance Level Public IP (ILPIP). Then we added a security rule to the existing NSG vm-Bastion-nsg, which allows an inbound SSH connection from the external host. Besides, we created VMs vm-front-1 and vm-Back-1 without public IP address association. However, these two VMs have an egress Internet connection because Azure assigns Outbound Access IP (OPIP) addresses for VMs for which we haven’t allocated an ILPIP (vm-Front-1: 20.240.48.199 and vm-Back-1-20.240.41.145). The Azure portal does not list these IP addresses in the Azure portal VM view. Note that neither user-defined nor Azure-allocated Public IP addresses are not configured as NIC addresses. Instead, Azure adds them as a One-to-One entry to the NAT table (chapter 15 introduces a Continue reading
Writing An IETF Draft: Formatting, Authorship, And Submissions
This series started by discussing the history of the IETF and some of the tools you might use to build submissions to the IETF process. This, the second, post, will consider document formatting and two of the (sometimes) more difficult sections of an IETF draft to fill in. Formatting Just using one of the acceptable […]
The post Writing An IETF Draft: Formatting, Authorship, And Submissions appeared first on Packet Pushers.
IPv6 Buzz 118: IPv6 Training At RIPE NCC
In today's IPv6 Buzz podcast, Ed, Scott, and Tom speak with Jad El Cham about the RIPE NCC IPv6 training program as well as RIPE NCC's role as the European and Middle Eastern Regional Internet Registry providing Internet resources including IPv6 addresses.
The post IPv6 Buzz 118: IPv6 Training At RIPE NCC appeared first on Packet Pushers.
IPv6 Buzz 118: IPv6 Training At RIPE NCC
In today's IPv6 Buzz podcast, Ed, Scott, and Tom speak with Jad El Cham about the RIPE NCC IPv6 training program as well as RIPE NCC's role as the European and Middle Eastern Regional Internet Registry providing Internet resources including IPv6 addresses.Navigating the changing data localization landscape with Cloudflare’s Data Localization Suite
This post is also available in Português.
At Cloudflare, we believe that deploying effective cybersecurity measures is the best way to protect the privacy of personal information and can be more effective than making sure that information stays within a particular jurisdiction. Yet, we hear from customers in Europe, India, Australia, Japan, and many other regions that, as part of their privacy programs, they need solutions to localize data in order to meet their regulatory obligations.
So as we think about Data Privacy Day, which is coming up on January 28, we are in the interesting position of disagreeing with those who believe that data localization is a proxy for better data privacy, but of also wanting to support our customers who have to comply with certain regulations.
For this reason, we introduced our Data Localization Suite (DLS) in 2020 to help customers navigate a data protection landscape that focuses more and more on data localization. With the DLS, customers can use Cloudflare’s powerful global network and security measures to protect their businesses, while keeping the data we process on their behalf local. Since its launch, we’ve had many customers adopt the Data Localization Suite. In this blog post we Continue reading
Hiding Malicious Packets Behind LLC SNAP Header
A random tweet1 pointed me to Vulnerability Note VU#855201 that documents four vulnerabilities exploiting a weird combination of LLC and VLAN headers can bypass layer-2 security on most network devices.
Before anyone starts jumping up and down – even though the VLAN header is mentioned, this is NOT VLAN hopping.
The security researcher who found the vulnerability also provided an excellent in-depth description focused on the way operating systems like Linux and Windows handle LLC-encapsulated IP packets. Here’s the CliffNotes version focused more on the hardware switches. Even though I tried to keep it simple, you might want to read the History of Ethernet Encapsulation before moving on.
Hiding Malicious Packets Behind LLC SNAP Header
A random tweet1 pointed me to Vulnerability Note VU#855201 that documents four vulnerabilities exploiting a weird combination of LLC and VLAN headers can bypass layer-2 security on most network devices.
Before anyone starts jumping up and down – even though the VLAN header is mentioned, this is NOT VLAN hopping.
The security researcher who found the vulnerability also provided an excellent in-depth description focused on the way operating systems like Linux and Windows handle LLC-encapsulated IP packets. Here’s the CliffNotes version focused more on the hardware switches. Even though I tried to keep it simple, you might want to read the History of Ethernet Encapsulation before moving on.
Why Your Organization Needs Rule-Based Access Control
Widely used role-based security offers strong network protection. Lesser-known rule-based access control can provide even more resiliency.HS039 Operating an Enterprise Architecture Function
After setting questions and perspectives on What is Enterprise Architecture, the natural sequence is How to Maintain and Operate an Architecture team.
The post HS039 Operating an Enterprise Architecture Function appeared first on Packet Pushers.
HS039 Operating an Enterprise Architecture Function
After setting questions and perspectives on What is Enterprise Architecture, the natural sequence is How to Maintain and Operate an Architecture team.
Day Two Cloud 179: Will CXL Make Composable Infrastructure Real?
On today's Day Two Cloud podcast we talk about Compute Express Link (CXL), a technology for composable infrastructure. The idea is to take all the peripherals in a system---network cards, memory, graphical processing units, and so on---and put them on a bus outside the chassis to share them among multiple hosts. Is this the dream of composable infrastructure coming true?
The post Day Two Cloud 179: Will CXL Make Composable Infrastructure Real? appeared first on Packet Pushers.