Archive

Category Archives for "Networking"

Hedge 162: Geoff Huston and Going Dark

Encrypt everything! Now! We don’t often do well with absolutes like this in the engineering world–we tend to focus on “get it down,” and not to think very much about the side effects or unintended consequences. What are the unintended consequences of encrypting all traffic all the time? Geoff Huston joins Tom Ammon and Russ White to discuss the problems with going dark.

download

Survey: NetOps is essential but undervalued in making multi-cloud decisions

By 2024, 88% of enterprises will use two or more infrastructure as a service (IaaS) providers, according to research by EMA, which believes that network infrastructure and operations teams must take a leadership role in defining network architecture that ensures the performance and security of their multi-cloud digital services.EMA recently polled a group of these enterprises, surveying 351 IT stakeholders, including 39% in network engineering, 21% in the CIO suite, 15% on cloud teams, and 11% in cybersecurity.EMA found that networking teams and network technology have become more important in 81% of multi-cloud strategies in recent years. Unfortunately, only 24% of research participants firmly believe that their networking teams have enough influence over cloud decision-making.To read this article in full, please click here

Survey: NetOps is essential but undervalued in making multi-cloud decisions

By 2024, 88% of enterprises will use two or more infrastructure as a service (IaaS) providers, according to research by EMA, which believes that network infrastructure and operations teams must take a leadership role in defining network architecture that ensures the performance and security of their multi-cloud digital services.EMA recently polled a group of these enterprises, surveying 351 IT stakeholders, including 39% in network engineering, 21% in the CIO suite, 15% on cloud teams, and 11% in cybersecurity.EMA found that networking teams and network technology have become more important in 81% of multi-cloud strategies in recent years. Unfortunately, only 24% of research participants firmly believe that their networking teams have enough influence over cloud decision-making.To read this article in full, please click here

Performance Measured: How Good Is Your WebAssembly?

WebAssembly adoption is exploding. Almost every week at least one startup, SaaS vendor or established software platform provider is either beginning to offer Wasm tools or has already introduced Wasm options in its portfolio, it seems. But how can all of the different offerings compare performance-wise? The good news is that given Wasm’s runtime simplicity, the actual performance at least for runtime can be compared directly among the different WebAssembly offerings. This direct comparison is certainly much easier to do when benchmarking distributed applications that run on or with Kubernetes, containers and microservices. This means whether a Wasm application is running on a browser, an edge device or a server, the computing optimization that Wasm offers in each instance is end-to-end and, and its runtime environment is in a tunnel of sorts — obviously good for security — and not affected by the environments in which it runs as it runs directly on a machine level on the CPU. Historically, Wasm has also been around for a while, before the World Wide Web Consortium (W3C) named it as a web standard in 2019, thus becoming the fourth web standard with HTML, CSS and JavaScript. But while web browser applications have Continue reading

Kubernetes Unpacked 017: Kubernetes In 2023 – 6 Things To Think About

On today's Kubernetes Unpacked podcast, host Michael Levan discusses six big ideas to consider as you build your Kubernetes foundation in 2023. Topics include abstractions, the need to understand what's beneath those abstractions, Kubernetes security, and more.

The post Kubernetes Unpacked 017: Kubernetes In 2023 – 6 Things To Think About appeared first on Packet Pushers.

Introducing Waiting Room Bypass Rules

Introducing Waiting Room Bypass Rules
Introducing Waiting Room Bypass Rules

Leveraging the power and versatility of Cloudflare's Ruleset Engine, Waiting Room now offers customers more fine-tuned control over their waiting room traffic. Queue only the traffic you want to with Waiting Room Bypass Rules, now available to all Enterprise customers with an Advanced Purchase of Waiting Room.

Customers depend on Waiting Room for always-on protection from unexpected and overwhelming traffic surges that would otherwise bring their site down. Waiting Room places excess users in a fully customizable virtual waiting room, admitting new visitors dynamically as spots become available on a customer’s site. Instead of throwing error pages or delivering poorly-performing site pages, Waiting Room empowers customers to take control of their end-user experience during unmanageable traffic surges.

Introducing Waiting Room Bypass Rules
Take control of your customer experience with a fully customizable virtual waiting room

Additionally, customers use Waiting Room Event Scheduling to manage user flow and ensure reliable site performance before, during, and after online events such as product restocks, seasonal sales, and ticket sales. With Event Scheduling, customers schedule changes to their waiting rooms' settings and custom queuing page ahead of time, with options to pre-queue early arrivers and offload event traffic from their origins after the event has concluded.

As part of Continue reading

Relationships between Layer-2 (VLAN) and Layer-3 (Subnet) Segments

Sometimes it takes me years to answer interesting questions, like the one I got in a tweet in 2021:

Do you have a good article describing the one-to-one relation of layer-2 and layer-3 networks? Why should every VLAN contain one single L3 segment?

There is no mandatory relationship between multi-access layer-2 networks and layer-3 segments, and secondary IP addresses (and subnets) were available in Cisco IOS in early 1990s. The rules-of-thumb1 claiming there should be a 1:1 relationship usually derive from the oft-forgotten underlying requirements. Let’s start with those.

Relationships between Layer-2 (VLAN) and Layer-3 (Subnet) Segments

Sometimes it takes me years to answer interesting questions, like the one I got in a tweet in 2021:

Do you have a good article describing the one-to-one relation of layer-2 and layer-3 networks? Why should every VLAN contain one single L3 segment?

There is no mandatory relationship between multi-access layer-2 networks and layer-3 segments, and secondary IP addresses (and subnets) were available in Cisco IOS in early 1990s. The rules-of-thumb1 claiming there should be a 1:1 relationship usually derive from the oft-forgotten underlying requirements. Let’s start with those.

Day Two Cloud 178: Implementing Zero Standing Privilege (Sponsored)

On today's sponsored Day Two Cloud podcast we talk about zero standing privilege with strongDM. Zero standing privilege goes beyond just-in-time credentials to a model where no credentials pre-exist, but are created in real-time and paired with appropriate permissions built from policy, also created in real-time. Can such a thing be accomplished technically---and without irritating all your end users? StrongDM's Sebastian Mankowski is here to make the case.

The post Day Two Cloud 178: Implementing Zero Standing Privilege (Sponsored) appeared first on Packet Pushers.

Day Two Cloud 178: Implementing Zero Standing Privilege (Sponsored)

On today's sponsored Day Two Cloud podcast we talk about zero standing privilege with strongDM. Zero standing privilege goes beyond just-in-time credentials to a model where no credentials pre-exist, but are created in real-time and paired with appropriate permissions built from policy, also created in real-time. Can such a thing be accomplished technically---and without irritating all your end users? StrongDM's Sebastian Mankowski is here to make the case.

Telemetry steps into the enterprise-networking spotlight

Expect to hear a lot about telemetry this year as its use gains steam in open-source projects and vendors’ observability software.While telemetry has been used for monitoring network and application activity for years, historically it has been siloed in specific use cases, but with the advent of open-source application development along with ML- and AI-based systems, its use is expected expand significantly.“Traditional monitoring and/or siloed visibility does not work in a world driven by hybrid or cloud-native deployments, as application components have become smaller, more distributed, and shorter-lived,” said Carlos Pereira, Cisco Fellow and chief architect in its Strategy, Incubation & Applications group. ““Now it’s more about using that telemetry data to watch over multiple operational domains so you can track experience in real time.”To read this article in full, please click here

Feedback: Docker Networking Deep Dive

While the pundits keeps telling me Docker is dead (looking at its documentation I would say they’re right) and Kubernetes it the way to go (yay!), some people still have to deal with Docker networking, and at least some of them found the Docker Networking Deep Dive webinar useful. Here’s a recent review:

You can scroll over internet pages as long as you can, you will rarely find this kind of specialized knowledge. This is the next level in term of knowledge about Docker.

If you belong to the “Kubernetes will rule the world” camp, we have you covered as well: Stuart Charlton created a phenomenal Kubernetes Networking Deep Dive webinar (approximately half of it is already accessible with free subscription).