A History of Load Balancing
A visual representation of the company and, to a lesser extent, product history of the load balancing/application delivery field. My usual F5 bias is present but it seems justified considering their long-held market leading position. I’ve been itching to post this for a while but simply couldn’t stop changing the formatting. I can’t say I’m […]
Author information
The post A History of Load Balancing appeared first on Packet Pushers Podcast and was written by Steven Iveson.
DIY Web Server: Raspberry Pi + CloudFlare
The Raspberry Pi was created with a simple mission in mind: change the way people interact with computers. This inexpensive, credit card-sized machine is encouraging people, especially kids, to start playing with computers, not on them.
When the first computers came out, basic programming skills were necessary. This was the age of the Amigas, BBC Micros, the Spectrum ZX, and Commodore 64s. The generation that grew up with these machines gained a fundamental understanding how how computers work.
Computers today are easy to use and require zero understanding of programming to operate. They’re also expensive, and wrapped in sleek cases. While aesthetically pleasing designs and user friendly interfaces make computers appealing and accessible to everyone, these advances create a barrier to understanding how computers work and what they are capable of doing. This isn’t necessarily a problem, but for those who really understand computers, it seems that our collective sense of the power of computing has been dulled.
Raspberry Pi marks the beginning of a conscious effort to return to computing fundamentals. Starting at about $25—case not included—it’s purposely designed to remove barriers to tinkering, reprograming, and, ultimately, to understanding how computers work. This return to fundamentals is rejuvenating the Continue reading
Revisited: Layer-2 DCI over VXLAN
I’m still getting questions about layer-2 data center interconnect; it seems this particular bad idea isn’t going away any time soon. In the face of that sad reality, let’s revisit what I wrote about layer-2 DCI over VXLAN.
VXLAN hasn’t changed much since the time I explained why it’s not the right technology for long-distance VLANs.
Read more ...CloudFlare hiring Go programmers in London and San Francisco
Are you familiar with the Go programming language and looking for a job in San Francisco or London? Then think about applying to CloudFlare. We're looking for people with experience writing Go in both locations.
CC BY-SA 2.0 by Yuko Honda (cropped, resized)
CloudFlare uses Go extensively to build our service and we need to people to build and maintain those systems. We've written a complete DNS server in Go, our Railgun service is all Go and we're moving more and more systems to Go programs.
We've recently written about our open source Red October Go project for securing secrets, and open-sourced our CFSSL Go-based PKI package. Go is now making its way into our data pipeline and be used for processing huge amounts of data.
We even have a Go-specific section on our GitHub.
If you're interested in working in Go on a high-performance global network like CloudFlare, send us an email.
Not into Go? We're hiring for all sorts of other positions and technologies.
Building a router with Open vSwitch
As part of my work in OpenDaylight, we are looking at creating a router using Open vSwitch... Why? Well OpenStack requires some limited L3 capabilities and we think that we can handle those in a distributed router.
Blame the System For Resisting Change – Not The People
I often hear vendors and pundits proclaim that Enterprise is resisting change. In particular, they say that individuals in Enterprises can't see the change or won't discuss buying new technology. I see these objections as failure of the current system and much less due to the people.
The post Blame the System For Resisting Change – Not The People appeared first on EtherealMind.
Tinfoil Security vulnerability scanning now easy in CloudFlare Apps
We’re pleased to introduce a new CloudFlare App: Tinfoil Security. Tinfoil Security is a service designed to find possible web application vulnerabilities.
Security is central to CloudFlare's service. Our security features operate at the network level to identify and block malicious traffic from ever reaching your website or application. However, even with that protection in place, it’s still worth fixing problems at the application layer as well.
Tinfoil Security helps website owners learn about possible vulnerabilities in their applications by scanning for vulnerabilities, tests all access points, and providing step-by-step introductions on eliminating threats if found.
(Detail of an individual vulnerability report.)
Their developer-focused reports can be tied into continuous integration lifecycle with API hooks for kicking off new scans after changes are made.
Tinfoil offers several price points, including a free plan that checks for XSS (Cross-Site Scripting) concerns. The Tinfoil app is a quick and easy addition to your CloudFlare service. Take a look!
Common Network Design Concepts Part-1
There are design tools which we should consider for every design. LAN, WAN and the data center where these common design tolls and attributes should be considered. Many of the principles in this article series might be fit not only for the network part of the design but also compute, virtualization and storage technologies also […]
Author information
The post Common Network Design Concepts Part-1 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.
Do you really need to see all 512K Internet routes?
Last week the global routing table (as seen from some perspectives) supposedly exceeded 512K routes, and weird things started to happen to some people that are using old platforms that by default support 512K IPv4 routes in the switching hardware.
I’m still wondering whether the BGP table size was the root cause of the observed outages. Cisco’s documentation (at least this document) is pretty sloppy when it comes to the fact that usually 1K = 1024, not 1000 – I’d expect the hard limit to be @ 524.288 routes … but then maybe Cisco’s hardware works with decimal arithmetic.
Read more ...Show 201 – Internet Dies at 512K, Long Live the Internet
The Internet has Died at 512K routes. Ethan & Greg discuss some news and events of the last few weeks and nod nerdishly while noodling about nothing. Yeah, it's a nerd chat show this week.
Author information
The post Show 201 – Internet Dies at 512K, Long Live the Internet appeared first on Packet Pushers Podcast and was written by Greg Ferro.
FC vs FCoE
FC vs FCoE infrastructure, usually a common debate when designing the network infrastructure of a new Data Center or new part of a Data Center, after all the advantages of running a converged storage & IP network are hard to turn down. Many of us are probably already aware of the why FCoE is always […]
Using the OSPF Forwarding Address for traffic-steering
In this fairly short post, id like to address a topic that came up on IRC (#cciestudy @ freenode.net). Its about how you select a route thats being redistributed into an OSPF NSSA area and comes into the OSPF backbone area 0.
For my post i will be using the very simple topology below. Nothing else is necessary to illustrate what is going on.
First off, id like to clarify a few things about what takes place when redistributing routes into an NSSA area.
What happens is that you have an external network, 4.4.4.4/32 in our example. This is _not_ part of the current area 1. When this network is being redistributed into area 1, its forwarding address will be set to the highest active interface of the redistributing router in the area (R4 in our case). The highest interface in the area local to the router is Loopback100 with an address of 44.44.44.44/32.
*A reader noted that a loopback address will beat a physical interface even if it has a lower address. This is true and goes for OSPF in general. Thanks!
Lets verify the configuration on R4 and the result of Continue reading
Optimized Roaming, RSSI Low Check, RX-SOP, Oh My!
In the Cisco landscape today, there are three features that usually come up in the same conversation. They all solve what I'd call "related" problems, but are not the same. They are incredibly useful features and do share one thing in common...you must know your RF environment before implementing them. I'll provide use-cases and examples below, but it should be noted that in the case of "Optimized Roaming", this is based on public information currently available and could change prior to the WLC AirOS version 8.0 release.Optimized Roaming
The problem:The well known "sticky client" issue. For the uninitiated, when a client refuses to roam to an assumedly "better" AP (closer, stronger RSSI, better SNR etc.) that client is being "sticky". Why is this bad? Consider the following example of a lecture hall:
As the client enters the room, it associates to AP-1. As it moves farther away from AP-1 it's RSSI gets weaker, SNR gets worse, retransmissions occur, dynamic rate-shifting happens, and you end up with a client communicating at a much lower data-rate. Lower data-rate consumes more air-time to transfer the same information, resulting in higher channel utilization. Ideally, the client would roam to Continue reading
400k Views in 4 Years – A Review of My Last 4 Years
Very often in our lives we are fully focused on what is going to happen in the
future. We rarely look back at what we have done and how we got to where we
are now. People that know me, know that I’m a very focused person that is always
looking to improve my skillset.
In July of 2010 I decided that I wanted to become a CCIE. I was a CCNP at that
time and I was working in a role where I did 2nd level support. I decided that
I wanted to blog to keep my notes for the CCIE online. I wrote my first blog
post on July 16, 2010. Today on August 16, 2014, almost four years later I passed
400k views on the blog. It’s been an amazing journey and here is a look back at
what has happened since then. This post is meant to be inspirational, to see
what can be accomplished in four years if you put your heart to it, please don’t
take it as boasting :)
For my CCIE studies I used INE workbooks, I decided that it would be good practice
to answer questions on their forums to keep Continue reading
CPUG, and The Risk of Single-Admin Communities
CPUG, a Check Point user forum, is near death. The owner has been forced to get rid of it, but rather doing a graceful handover, it has been shut down pending a possible sale. This is a great shame, and it highlights the risks of contributing to a forum controlled by a single person.
CPUG.org started out as an independent Check Point forum in around 2005. It was seeded with Phoneboy’s original FW–1 FAQs, and quickly became the premier independent source of Check Point information. If you had a Check Point problem, chances were you could get a quick answer there.
I used to do a lot of Check Point work, and so I knew a fair bit about it. I had the time, knowledge, and the desire to help the community, so I got involved with CPUG, and became a top contributor. I put a huge amount of effort into it over the years, and hopefully I helped solve a few people’s problems. I have moved away from contributing recently, for various reasons.
At its best, the forum was a fantastic resource, where many of the smartest people were working to help solve the trickiest issues. It became Continue reading
Host-MLAG: Don’t Let a Switch Bring Down Your Servers
How do you protect against failures in a data center? Selecting a stable location and using quality equipment is a good start.
But no matter how much you spend and how lofty the promises of the vendor, hardware does fail. And because systems do inevitably fail, redundancy is your friend when it comes to minimizing the impact of a failure. Systems have redundant power supplies and fans. The connections between systems are redundant. The systems themselves are redundant. And in some cases entire data centers are redundant in different geographical locations.
With the release of Cumulus Linux 2.2, there is now an open solution for redundant layer 2 top of rack, or ToR, switches. No longer will a single ToR switch failure take out your entire rack of servers. This is because Cumulus Linux 2.2 includes Host-MLAG, which allows servers to connect to redundant ToR switches using active-active LACP bonding. Some of the advantages of Host-MLAG include:
- Unlike a single ToR solution, with Host-MLAG, the failure of one ToR switch still provides full connectivity to all of the servers.
- With active-active connections to the ToRs, the bandwidth to and from the servers is doubled.
- Host-MLAG requires no special Continue reading
HP OMW: Still Kicking, But Only Just
A year ago I asked “Has HP Abandoned Operations Manager?” There had been no significant development for a long time, and the signs were that HP was moving away from OM to OMi.
Last week HP made a move that confirms my original thinking: It’s dead (it just doesn’t know it yet). HP released a Customer Letter announcing an extension to the “End of Committed Support” date, from December 31, 2016 to June 30, 2018:
HP is committed to providing the highest level of customer care to you while you determine your future strategy for your HP Operations Manager for Windows 9.0x & HP Operations Manager for Windows Basic Suite 9.1x products.
(emphasis mine)
That’s right, no new version announcement, just extending support for the current version. Implication: no new versions coming any time soon.
Applying a few volts to OMW 9.0
HP has released patches OMW_00185 and OMW_00187 for OMW 9.0. These include the usual bugfixes, and these enhancements:
- Web console enhancements resulting in feature parity with the MMC console while offering significant performance advantages
- Management Server platform support extension to Windows Server 2012 and Windows Server 2012 R2
- MMC Console Continue reading
Where is Metadata Anyway?
There is an emerging picture that while networks, and network operators, make convenient targets for various forms of national security surveillance efforts, the reality of today’s IP network’s are far more complex, and Internet networks are increasingly ignorant about what their customers do. The result is that it's now quite common for Internet networks not to have the information that these security agencies are after. Not only can moderately well-informed users hide their activities from their local network, but increasingly this has been taken out of the hands of users, as the applications we have on our smartphones, tablets and other devices are increasingly making use of the network in ways that are completely opaque to the network provider.Jr. Network Admin Willing to Work In Columbus, Ohio? Let’s Talk!
Carenection is where I currently work as the Senior Network Architect. We are looking for a Junior Network Administrator. If you’re an experienced network engineer with many years under your belt, this is not your opportunity. But if you’re just getting into the networking field and are looking for a position where you can learn […]
Author information
The post Jr. Network Admin Willing to Work In Columbus, Ohio? Let’s Talk! appeared first on Packet Pushers Podcast and was written by Ethan Banks.