Célébrer le 14 Juillet avec Marseille, le 36ème point de présence de CloudFlare
What better day than the 14th of July (Bastille Day) to announce the latest addition to our network in Marseille, France? Our data center in the southern city of Marseille is our 2nd in France, 12th in Europe and 36th globally.
Pourquoi Marseille?
Marseille, France’s second largest city following Paris, is home to 2 million Internet users across the surrounding metropolitan area. It also serves as another point of redundancy to our Paris data center, one of our most trafficked facilities in the whole of Europe.
However, the true importance of Marseille is not just redundancy or its size. Marseille’s southern location makes it a major Internet gateway for networks throughout the Mediterranean, including many African and Middle Eastern countries. This is reflected by the fact that a substantial number of undersea submarine cables carrying Internet traffic are routed through Marseille (7 to be exact, and for those fastidious followers of our blog).
Marseille: a key interconnection point for traffic throughout the Mediterranean
These undersea cables are the principal means by which many countries are able to access the rest of the Internet—that is to say, access all of the other global networks that make up this big Continue reading
CloudFlare Lands a New Office in Singapore
After months of preparation, my teammates Algin, Marty, Adam, Jono and I touched down in Singapore and were greeted by skyscrapers, malls, Singlish, chili crab, and Marty’s special sweet and sour chicken. It immediately hit us that we were no longer in San Francisco.
The Internet never sleeps, which means it is crucial for us to have a presence in Asia to operate our globally distributed network. Singapore was a natural choice for us given the thriving tech community, the business friendliness of the country, the delicious hawker stalls, and our harbor view rooftop hangout:
Since we are new in town, if there are meetups or groups in Singapore that you think we should be part of (or any good restaurants we should try) – let us know. We will be at RSA Asia Pacific & Japan on Friday July 24 here in Singapore. Come meet us in person and learn more about CloudFlare during Nick Sullivan’s session on The New Key Management - Unlocking the Safeguards of Keeping Keys Private.
As one global company, we took team members from both our San Francisco and London offices to be the foundation for the local team. We are actively looking to Continue reading
Extracting Traffic from Rolling Capture Files
Every so often I need to extract a subset of traffic from a set of rolling timestamped pcap files. One common place I do this is with Security Onion; one of the great features of SO is its full-packet-capture feature: you can easily pivot from Snort, Suricata, or Bro logs to a full packet capture view, or download the associated pcap file.But what if you don't have an associated alert or Bro log entry? Or if you're doing pcap on some system that's not as user-friendly as Security Onion, but nonetheless supports rolling captures?
The way I usually do this is with find and xargs. Here's an example of my most common workflow, using timestamps as the filtering criteria for find:
> find . -newerct "16:07" ! -newerct "16:10" | xargs -I {} tcpdump -r {} -w /tmp/{} host 8.8.8.8
> cd /tmp
> mergecap -w merged.pcap *.pcap
Translated:
- Find all files in the current directory created after 16:07 but not created after 16:10. This requires GNU find 4.3.3 or later. It supports many different time and date formats.
- Using xargs, filter each file with the "host 8.8.8. Continue reading
Extracting Traffic from Rolling Capture Files
Every so often I need to extract a subset of traffic from a set of rolling timestamped pcap files. One common place I do this is with Security Onion; one of the great features of SO is its full-packet-capture feature: you can easily pivot from Snort, Suricata, or Bro logs to a full packet capture view, or download the associated pcap file.But what if you don't have an associated alert or Bro log entry? Or if you're doing pcap on some system that's not as user-friendly as Security Onion, but nonetheless supports rolling captures?
The way I usually do this is with find and xargs. Here's an example of my most common workflow, using timestamps as the filtering criteria for find:
> find . -newerct "16:07" ! -newerct "16:10" | xargs -I {} tcpdump -r {} -w /tmp/{} host 8.8.8.8
> cd /tmp
> mergecap -w merged.pcap *.pcap
Translated:
- Find all files in the current directory created after 16:07 but not created after 16:10. This requires GNU find 4.3.3 or later. It supports many different time and date formats.
- Using xargs, filter each file with the "host 8.8.8. Continue reading
LTE’s Move into the Unlicensed Spectrum Continues
A lot has been going on with the proposals for LTE Operation in Unlicensed Spectrum . The FCC recently requested industry input on LTE-U (LTE Unlicensed) and LAA (LTE Licensed-Assisted Access), 3GPP’s formal action to move both the LAA and...SK Telecom Chooses Accedian for Performance Monitoring
SK Telecom looks to Accedian Networks for help with its mobile network.
Revisiting Apple and IPv6
A few weeks ago I wrote about Apple's IPv6 announcements at the Apple Developers Conference. While I thought that in IPv6 terms Apple gets it, the story was not complete and there were a number of aspects of Apple's systems that were not quite there with IPv6. So I gave them a 7/10 for their IPv6 efforts. Time to reassess that score in the light of a few recent posts from Apple.SDN router using merchant silicon top of rack switch
The talk from David Barroso describes how Spotify optimizes hardware routing on a commodity switch by using sFlow analytics to identify the routes carrying the most traffic. The full Internet routing table contains nearly 600,000 entries, too many for commodity switch hardware to handle. However, not all entries are active all the time. The Spotify solution uses traffic analytics to track the 30,000 most active routes (representing 6% of the full routing table) and push them into hardware. Based on Spotify's experience, offloading the active 30,000 routes to the switch provides hardware routing for 99% of their traffic.David is interviewed by Ivan Pepelnjak, SDN ROUTER @ SPOTIFY ON SOFTWARE GONE WILD. The SDN Internet Router (SIR) source code and documentation is available on GitHub.
Highlight: Inside Cisco IOS Software Architecture
The post Highlight: Inside Cisco IOS Software Architecture appeared first on 'net work.
Plexxi Announces New Network Switch Series to Power the Next Era of IT
Its not very often that something comes along that has the potential to be transformative through a new and truly differentiated approach. With Plexxi’s announcement this morning of our new Switch 2 Series , coupled with Plexxi Control and Plexxi Connect, we’re making strides to change the way networks function to support the business. Based on the needs of individual data and application workloads, the Switch 2 Series uses the innovation of Plexxi Control to dynamically change fabric topology in real time, intelligently forwarding traffic and delivering needed network capacity.
The next era of IT is being forged by the evolution of virtualization, hyperconvergence, Big Data and scale-out applications. Storage and compute have rapidly evolved over the last decade to keep pace but networking architectures have remained relatively unchanged.
Here is the evolution of networking, as we see it:
Platform One:
The network has, for decades, been built in the same multi-tier (core, leaf/spine) approach making it static and defined by it’s physical cabling. This architecture was perfectly suited for stationary users and non-mobile applications, which created predictable north/south traffic. The traditional approach for introducing new applications in platform 1 was to “pour” them into the static network, and then Continue reading