Archive

Category Archives for "Networking"

BGP in 2022 – The Routing Table

This past year marks a significant point in the evolution of the Internet where the strong growth numbers that were a constant feature of the past thirty years are simply not present in the data. The Internet’s growth is slowing down significantly. Have we got to the point of market saturation and there is no more demand capacity to fuel further growth? Or are we reeling from the combinations of a global pandemic, turmoil in energy markets and the signs of increased climate instability so that we are no longer as interested to throw more resources into more network infrastructure investment? Let’s take a look at the BGP view of 2022 and see how these larger economic and social considerations are reflected in the behaviour of the Internet’s inter-domain routing system.

Case study: How Mulligan Funding built a SOC 2-compliant fintech SaaS platform with Calico Cloud

The rise of fintech has pushed traditional financial institutions to provide online-based services and launch fintech applications. But these services must be secure and meet certain regulatory requirements, such as the Payment Card Industry Data Security Standard (PCI DSS), the General Data Protection Regulation (GDPR), or SOC 2.

When our customer, Mulligan Funding, needed to launch a new fintech SaaS platform, they had to ensure that all communication to and from the application would be secure and SOC 2 compliant, since the platform would handle sensitive personal and financial data. To achieve this, Mulligan Funding decided to standardize on Microsoft Azure Kubernetes Service (AKS) and chose Calico Cloud for its security and compliance needs.

Case study highlights

Mulligan Funding faced two major challenges when it came to achieving SOC 2 compliance:

  1. Ensure compliance and be notified of any control changes 24/7 in a way that’s scalable
  2. Gain visibility into clusters to immediately pinpoint issues that require troubleshooting

Read the case study to learn:

  • How Mulligan Funding bolstered its security posture at scale through unified security policy management.
  • Why deploying Calico Cloud not only helped Mulligan Funding achieve compliance, but also helped the company reduce service distributions and optimize troubleshooting.

Read Continue reading

Arista floats its answer to the strain AI puts on networks

If networks are to deliver the full power of AI they will need a combination of high-performance connectivity and no packet lossThe concern is that today’s traditional network interconnects cannot provide the required scale and bandwidth to keep up with AI requests, said Martin Hull, vice president of Cloud Titans and Platform Product Management with Arista Networks. Historically, the only option to connect processor cores and memory have been proprietary interconnects such as InfiniBand, PCI Express and other protocols that connect compute clusters with offloads but for the most part that won’t work with AI and its workload requirements.Arista AI Spine To address these concerns, Arista is developing a technology it calls AI Spine, which calls for switches with deep packet buffers and networking software that provides real-time monitoring to manage the buffers and efficiently control traffic.To read this article in full, please click here

Arista floats its answer to the strain AI puts on networks

If networks are to deliver the full power of AI they will need a combination of high-performance connectivity and no packet lossThe concern is that today’s traditional network interconnects cannot provide the required scale and bandwidth to keep up with AI requests, said Martin Hull, vice president of Cloud Titans and Platform Product Management with Arista Networks. Historically, the only option to connect processor cores and memory have been proprietary interconnects such as InfiniBand, PCI Express and other protocols that connect compute clusters with offloads but for the most part that won’t work with AI and its workload req uirements.Arista AI Spine To address these concerns, Arista is developing a technology it calls AI Spine, which calls for data-center switches with deep packet buffers and networking software that provides real-time monitoring to hep manage the buffers and efficiently control traffic.To read this article in full, please click here

Hedge 160: Avishai Ish-Shalom and Jurassic Cloud

Cloud might seem shiny and new—but that’s just the way it looks on the outside. Most cloud services are still built on decades old technology, from networking to file access. Avishai Ish-Shalom joins Tom Ammon and Russ White to discuss the impact of changes in hardware on the design of operating systems, and think through how things will need to change to continue the drive for more performance.

download

original article on USENIX here

How Cloudflare can help stop malware before it reaches your app

How Cloudflare can help stop malware before it reaches your app
How Cloudflare can help stop malware before it reaches your app

Let’s assume you manage a job advert site. On a daily basis job-seekers will be uploading their CVs, cover letters and other supplementary documents to your servers. What if someone tried to upload malware instead?

Today we’re making your security team job easier by providing a file content scanning engine integrated with our Web Application Firewall (WAF), so that malicious files being uploaded by end users get blocked before they reach application servers.

Enter WAF Content Scanning.

If you are an enterprise customer, reach out to your account team to get access.

Making content scanning easy

At Cloudflare, we pride ourselves on making our products very easy to use. WAF Content Scanning was built with that goal in mind. The main requirement to use the Cloudflare WAF is that application traffic is proxying via the Cloudflare network. Once that is done, turning on Content Scanning requires a single API call.

Once on, the WAF will automatically detect any content being uploaded, and when found, scan it and provide the results for you to use when writing WAF Custom Rules or reviewing security analytics dashboards.

The entire process runs inline with your HTTP traffic and requires no change to your Continue reading

AI is coming to the network

AI-enabled management platforms and infrastructure are beginning to make their way into enterprise networks. I say “beginning” because despite lots of AI-washing marketing efforts over the last few years, a lot of what has been characterized as “AI-driven” or “powered by AI” hasn’t really materialized. It's not that these systems don’t do what the marketers say, so much as they don't do it in the way they imply.Even some tools that do truly employ AI in meaningful ways, and with visibly different results than are possible without it, don’t feel qualitatively different from what has come before. They may be better, for example by dramatically reducing the number of false positives in alert traffic, but not different.To read this article in full, please click here

AI is coming to the network

AI-enabled management platforms and infrastructure are beginning to make their way into enterprise networks. I say “beginning” because despite lots of AI-washing marketing efforts over the last few years, a lot of what has been characterized as “AI-driven” or “powered by AI” hasn’t really materialized. It's not that these systems don’t do what the marketers say, so much as they don't do it in the way they imply.Even some tools that do truly employ AI in meaningful ways, and with visibly different results than are possible without it, don’t feel qualitatively different from what has come before. They may be better, for example by dramatically reducing the number of false positives in alert traffic, but not different.To read this article in full, please click here

9 steps to protecting backup servers from ransomware

Now that ransomware organizations are specifically targeting on-site backup servers, it’s even more important that enterprises defend them vigorously.Here are nine steps to protect your backups and why you should take them.Patch religiously Make sure your backup server is among in the first group to receive the latest operating system updates. Most ransomware attacks exploit vulnerabilities for which patches have been available for a long time, but that didn’t get installed. Also, subscribe to whatever automatic updates your backup software provides, again to take advantage of whatever new protections they might include.To read this article in full, please click here

Using the Linux locale command

The locale settings in Linux systems help ensure that information like dates and times are displayed in a format that makes sense in the context of where you live and what language you speak. Here's how to use them.NOTE: None of the commands described in this post will change your locale settings. Some merely use a different locale setting to display the response you might be seeing from a different location.List your settings If you’re in the US, you should see something like this when you use the locale command to list your settings:$ locale LANG=en_US.UTF-8 LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8" LC_ALL= The en_US.UTF-8 settings in the above output all represent US English. If you’re in France, this response is more likely:To read this article in full, please click here

Using the Linux locale command

The locale settings in Linux systems help ensure that information like dates and times are displayed in a format that makes sense in the context of where you live and what language you speak. Here's how to use them.NOTE: None of the commands described in this post will change your locale settings. Some merely use a different locale setting to display the response you might be seeing from a different location.List your settings If you’re in the US, you should see something like this when you use the locale command to list your settings:$ locale LANG=en_US.UTF-8 LC_CTYPE="en_US.UTF-8" LC_NUMERIC="en_US.UTF-8" LC_TIME="en_US.UTF-8" LC_COLLATE="en_US.UTF-8" LC_MONETARY="en_US.UTF-8" LC_MESSAGES="en_US.UTF-8" LC_PAPER="en_US.UTF-8" LC_NAME="en_US.UTF-8" LC_ADDRESS="en_US.UTF-8" LC_TELEPHONE="en_US.UTF-8" LC_MEASUREMENT="en_US.UTF-8" LC_IDENTIFICATION="en_US.UTF-8" LC_ALL= The en_US.UTF-8 settings in the above output all represent US English. If you’re in France, this response is more likely:To read this article in full, please click here

Basic Step-Functions Input and Output and Lambda— Passing Data From one to another

< MEDIUM: https://medium.com/aws-in-plain-english/basic-step-functions-input-and-output-and-lambda-passing-data-from-one-to-another-b433666f6216 >

With so much focus on serverless in Re-Invent 2022 and the advantages of Step Functions, I have started to transform some of my code from Lambda to Step Functions.

Step-Function was hard until I figured out how data values can be mapped for input and how data can be passed and transformed between Lambda functions. I have made a small attempt for someone who is starting in step functions for understanding the various steps involved.

Basically, Step Functions can be used to construct business logic and Lambda can be used to transform the data instead of transporting with Lambda-Invokes from Lambda Functions.

Let’s take the following example

I have step_function_1 which has the requirement to invoke another lambda if my_var is 1 else do not do anything.

This is a simple if-else logic followed by the lambda-invoke function

Now, the power of step-functions will come into play to write these conditional and also pass data from Lambda to Other making it super scalable for editing in future and all of the code will seem very logical and pictorial, best part is this can be designed instead of learning Amazon’s State Language.

let’s try to do Continue reading

Asking Meaningful Questions: How To Break Negative Patterns

Unconscious patterns of behavior can impede our professional progress. For example, you might watch others capitalize on ideas you have but don’t act on. Or your abrupt delivery of “the facts” alienates your colleagues and creates friction that can be detrimental. As I’ve recognized patterns in my own life and career, I’ve developed ways to […]

The post Asking Meaningful Questions: How To Break Negative Patterns appeared first on Packet Pushers.

Azure Host-Based SDN: Part 1 – VFP Introduction

Azure Virtual Filtering Platform (VFP) is Microsoft’s cloud-scale virtual switch operating as a virtual forwarding extension within a Hyper-V basic vSwitch. Figure 1-1 illustrates an overview of VFP building blocks and relationships with basic vSwitch. Let’s start the examination from the VM vm-nwkt-1 perspective. Its vNIC vm-cafe154 has a synthetic interface eth0 using a NetVSC driver (Network Virtual Service Client). The Hyper-V vSwitch on the Parent Partition is a Network Virtual Service Provider (NetVSP) with VM-facing vPorts. Vm-cafe154 is connected to vPort4 over the logical inter-partition communication channel VMBus. VFP sits in the data path between VM-facing vPorts and default vPort associated with physical NIC. VFP uses port-specific Layers for filtering traffic to and from VMs. A VFP Layer is a Match Action Table (MAT) having a set of policy Rules. Rules consist of Conditions and Actions and are divided into Groups. Each layer is programmed by independent, centralized Controllers without cross-controller dependencies.

Let’s take a concrete example of Layer/Group/Rule object relationship and management by examining the Network Security Group (NSG) in the ACL Layer. Each NSG has a default group for Infrastructure rules, which allows Intra-VNet traffic, outbound Internet connection, and load balancer communication (health check, etc.). We Continue reading

1 300 301 302 303 304 3,455