Archive

Category Archives for "Networking"

How we built it: the technology behind Cloudflare Radar 2.0

How we built it: the technology behind Cloudflare Radar 2.0
How we built it: the technology behind Cloudflare Radar 2.0

Radar 2.0 was built on the learnings of Radar 1.0 and was launched last month during Cloudflare's Birthday Week as a complete product revamp. We wanted to make it easier for our users to find insights and navigate our data, and overall provide a better and faster user experience.

How we built it: the technology behind Cloudflare Radar 2.0

We're building a Supercloud. Cloudflare's products now include hundreds of features in networking, security, access controls, computing, storage, and more.

This blog will explain how we built the new Radar from an engineering perspective. We wanted to do this to demonstrate that anyone could build a somewhat complex website that involves demanding requirements and multiple architectural layers, do it on top of our stack, and how easy it can be.

Hopefully, this will inspire other developers to switch from traditional software architectures and build their applications using modern, more efficient technologies.

High level architecture

The following diagram is a birds-eye view of the Radar 2.0 architecture. As you can see, it's divided into three main layers:

  • The Core layer is where we keep our data lake, data exploration tools, and backend API.
  • The Cloudflare network layer is where we host and run Radar and serve the public APIs.
  • Continue reading

Announcing the first Workers Launchpad cohort and growth of the program to $2 billion

Announcing the first Workers Launchpad cohort and growth of the program to $2 billion

This post is also available in 简体中文, 日本語, 한국어, Deutsch, Français, Español.

Announcing the first Workers Launchpad cohort and growth of the program to $2 billion

During Birthday Week 2022, we announced a $1.25 billion funding program for startups building on our developer platform, Cloudflare Workers. This was done in partnership with 26 leading VC firms who have been investing in or seeking to invest in Workers-based startups.

Today, we’re excited to reveal the first cohort of Launchpad Startups as well as 14 additional VC partners, bringing the Launchpad to $2 billion in potential funding from 40 VC firms in total.

Who are our new VC partners?

We are excited to welcome 14 additional firms to the Workers Launchpad, which you can find included in the image below. They have worked with hundreds of companies that have grown to become leaders in their areas including Asana, Canva, Figma, Netlify, Vercel, Area 1 Security (which Cloudflare acquired in 2022), and many others. Notably, they also represent a diverse group of investors who support startups across North and South America, Europe, and Asia.

Announcing the first Workers Launchpad cohort and growth of the program to $2 billion

Many of these investors have seen the competitive advantages of building on Workers through their own portfolio companies firsthand and are looking forward to providing the Continue reading

Incremental adoption of micro-frontends with Cloudflare Workers

Incremental adoption of micro-frontends with Cloudflare Workers

Bring micro-frontend benefits to legacy Web applications

Incremental adoption of micro-frontends with Cloudflare Workers

Recently, we wrote about a new fragment architecture for building Web applications that is fast, cost-effective, and scales to the largest projects, while enabling a fast iteration cycle. The approach uses multiple collaborating Cloudflare Workers to render and stream micro-frontends into an application that is interactive faster than traditional client-side approaches, leading to better user experience and SEO scores.

This approach is great if you are starting a new project or have the capacity to rewrite your current application from scratch. But in reality most projects are too large to be rebuilt from scratch and can adopt architectural changes only in an incremental way.

In this post we propose a way to replace only selected parts of a legacy client-side rendered application with server-side rendered fragments. The result is an application where the most important views are interactive sooner, can be developed independently, and receive all the benefits of the micro-frontend approach, while avoiding large rewrites of the legacy codebase. This approach is framework-agnostic; in this post we demonstrate fragments built with React, Qwik, and SolidJS.

The pain of large frontend applications

Many large frontend applications developed today fail to deliver good user Continue reading

Ways to look at logged in users on Linux

There are quite a few ways on Linux to get a list of the users logged into the system and see what they are doing. The commands described in this article all provide very useful information.users The users command displays a simple list of logged-in users. In this example, one user is logged in twice and is, therefore, listed twice.$ users nemo popeye shs shs Note that the users are listed in alphabetical order.who The who command provides additional information. The login terminal is identified along with the login date and time. The final field displays the terminal or the IP address of the connecting system.To read this article in full, please click here

Ways to look at logged in users on Linux

There are quite a few ways on Linux to get a list of the users logged into the system and see what they are doing. The commands described in this article all provide very useful information.users The users command displays a simple list of logged-in users. In this example, one user is logged in twice and is, therefore, listed twice.$ users nemo popeye shs shs Note that the users are listed in alphabetical order.who The who command provides additional information. The login terminal is identified along with the login date and time. The final field displays the terminal or the IP address of the connecting system.To read this article in full, please click here

AMD partners with Arm developer for exascale computing

AMD has announced plans to work with French chip designer SiPearl to build exascale-level supercomputing systems that use SiPearl's Arm-based Rhea processor with AMD's Instinct GPU accelerators.SiPearl is a relatively small startup that began operation in 2019 with a license for Arm’s Neoverse high-performance technology. It has forged a number of alliances with partners including Intel, Nvidia, HPE, and Graphcore.SiPearl is also involved with the European Processor Initiative (EPI), a consortium selected by the European Union to support the development of a European microprocessor specifically for high performance computing (HPC), as well as emerging applications such as artificial intelligence. The EPI's goal is to develop an Arm-based processor for an exascale supercomputer by 2023.To read this article in full, please click here

AMD partners with Arm developer for exascale computing

AMD has announced plans to work with French chip designer SiPearl to build exascale-level supercomputing systems that use SiPearl's Arm-based Rhea processor with AMD's Instinct GPU accelerators.SiPearl is a relatively small startup that began operation in 2019 with a license for Arm’s Neoverse high-performance technology. It has forged a number of alliances with partners including Intel, Nvidia, HPE, and Graphcore.SiPearl is also involved with the European Processor Initiative (EPI), a consortium selected by the European Union to support the development of a European microprocessor specifically for high performance computing (HPC), as well as emerging applications such as artificial intelligence. The EPI's goal is to develop an Arm-based processor for an exascale supercomputer by 2023.To read this article in full, please click here

Multihoming Cannot Be Solved within a Network

Henk made an interesting comment that finally triggered me to organize my thoughts about network-level host multihoming1:

The problems I see with routing are: [hard stuff], host multihoming, [even more hard stuff]. To solve some of those, we should have true identifier/locator separation. Not an after-thought like LISP, but something built into the layer-3 addressing architecture.

Proponents of various clean-slate (RINA) and pimp-my-Internet (LISP) approaches are quick to point out how their solution solves multihoming. I might be missing something, but it seems like that problem cannot be solved within the network.

Multihoming Cannot Be Solved within a Network

Henk made an interesting comment that finally triggered me to organize my thoughts about network-level host multihoming1:

The problems I see with routing are: [hard stuff], host multihoming, [even more hard stuff]. To solve some of those, we should have true identifier/locator separation. Not an after-thought like LISP, but something built into the layer-3 addressing architecture.

Proponents of various clean-slate (RINA) and pimp-my-Internet (LISP) approaches are quick to point out how their solution solves multihoming. I might be missing something, but it seems like that problem cannot be solved within the network.

Cisco announces $600M restructuring plan, including layoffs

Cisco today said it will take a $600 million charge associated with layoffs and restructuring of its businesses. In an 8-K filing for its fiscal first-quarter, the company announced a restructuring plan “in order to rebalance the organization and enable further investment in key priority areas. This rebalancing will include talent movement options and restructuring.” The company said it will make some real estate changes as well.During a financial call with analysts, CEO Chuck Robbins talked briefly about the restructuring but said employees will hear more details on Thursday.To read this article in full, please click here

A Kubernetes Primer

As Kubernetes continues to gain popularity, engineers have to know how Kubernetes works, and why it might make sense in their environment. What benefits does Kubernetes have in your environment and ultimately, what do technologies like containerization do for organizations. In this blog post, I’ll provide some basic background on containers and Kubernetes, and some […]

The post A Kubernetes Primer appeared first on Packet Pushers.

Networking and Security in VMware Cloud on AWS: New Video Series

VMware Cloud on AWS provides a range of powerful security and networking capabilities. From enforcing granular security rules for traffic using NSX Advanced Firewall, to managing complex routes between your AWS environment and external resources via Transit Connect, there’s no shortage of tools available for supporting your business’s unique requirements when you leverage AWS as part of a VMware-based SDDC strategy. 

To showcase some of the most powerful security and networking features of VMware Cloud on AWS, we’ve prepared a set of short videos where Ron Fuller, Senior Technical Product Manager at VMware, explains how the features work and how to get started using them. If you’re looking for a quick introduction to key security and networking concepts that impact VMware Cloud on AWS workloads, these videos are for you. 

Keep reading for links to the videos, along with summaries of what you’ll learn from each one. We recommend watching the videos in order because Ron explains core Software-Defined Data Center (SDDC) concepts as he progresses through the videos, although viewers who are already familiar with SDDC may prefer to skip ahead. 

Video 1: Introduction to Security Tools in VMware Cloud on AWS 

Continue reading

Palo Alto targets zero-day threats with new firewall software

Palo Alto Networks has released next-generation firewall (NGFW) software that includes some 50 new features aimed at helping enterprise organizations battle zero-day threats and advanced malware attacks.The new features are built into the latest version of Palo Alto's firewall operating system – PAN 11.0 Nova – and include upgraded malware sandboxing for the company’s WildFire malware-analysis service, advanced threat prevention (ATP), and a new cloud access security broker (CASB).WildFire is Palo Alto’s on-prem or cloud-based malware sandbox that is closely integrated with Palo Alto’s firewalls. When a firewall detects anomalies, it sends data to WildFire for analysis. WildFire uses machine learning, static analysis, and other analytics to discover threats, malware and zero-day threats, according to the vendor.To read this article in full, please click here

Palo Alto targets zero-day threats with new firewall software

Palo Alto Networks has released next-generation firewall (NGFW) software that includes some 50 new features aimed at helping enterprise organizations battle zero-day threats and advanced malware attacks.The new features are built into the latest version of Palo Alto's firewall operating system – PAN 11.0 Nova – and include upgraded malware sandboxing for the company’s WildFire malware-analysis service, advanced threat prevention (ATP), and a new cloud access security broker (CASB).WildFire is Palo Alto’s on-prem or cloud-based malware sandbox that is closely integrated with Palo Alto’s firewalls. When a firewall detects anomalies, it sends data to WildFire for analysis. WildFire uses machine learning, static analysis, and other analytics to discover threats, malware and zero-day threats, according to the vendor.To read this article in full, please click here

Networking for remote work puts the emphasis on people, not sites

Many companies had to support work-from-home (WFH) during COVID, and most looked forward to having their staff back in the office. Most now tell me that some or all of the staff isn’t coming back, and that remote work is a given for at least some positions, likely for a very long time. That’s opened major questions about how these now-forever-roaming workers are connected to information resources and to each other.Didn’t we solve this already, with Zoom and Teams? Sort of. Collaborative video applications provide a reasonable substitute for meetings, but you still have the challenge of application access and information delivery. A bit over 80% of enterprises I’ve talked with say they need to make a remote worker look like they’re at their desk, and they need to be able to work as though they were as well.To read this article in full, please click here

Day Two Cloud 172: Lock Down Access With Zero Standing Privilege (Sponsored)

On today’s Day Two Cloud we talk through the idea of “zero standing privilege”. Zero standing privilege is an evolution of credentials management that goes beyond always-on usernames and passwords and more advanced forms of privileged access management to help lock down access to sensitive systems. Our sponsor is strongDM and our guest is Britt Crawford, Director of Product.

The post Day Two Cloud 172: Lock Down Access With Zero Standing Privilege (Sponsored) appeared first on Packet Pushers.

Day Two Cloud 172: Lock Down Access With Zero Standing Privilege (Sponsored)

On today’s Day Two Cloud we talk through the idea of “zero standing privilege”. Zero standing privilege is an evolution of credentials management that goes beyond always-on usernames and passwords and more advanced forms of privileged access management to help lock down access to sensitive systems. Our sponsor is strongDM and our guest is Britt Crawford, Director of Product.

RDMA network visibility

The Remote Direct Memory Access (RDMA) data shown in the chart was gathered from The International Conference for High Performance Computing, Networking, Storage, and Analysis (SC22) being held this week in Dallas. The conference network, SCinet, is described as the fastest and most powerful network on Earth, connecting the SC community to the world.
Resilient Distributed Processing and Reconfigurable Networks is one of the demonstrations using SCinet - Location: Booth 2847 (StarLight). Planned SC22 focus is on RDMA enabled data movement and dynamic network control.
  1. RDMA Tbps performance over global distance for timely Terabyte bulk data transfers (goal << 1 min Tbyte transfer on N by 400G network).
  2. Dynamic shifting of processing and network resources from on location/path/system to another (in response to demand and availability).
The real-time chart at the top of this page shows an up to the second view of RDMA traffic (broken out by source, destination, and RDMA operation).
The chart was generated using industry standard streaming sFlow telemetry from switches and routers in the SCinet network. An instance of the sFlow-RT analytics engine computes the RDMA flow metrics shown in the chart. RESTflow describes how sFlow disaggregates the traditional NetFlow / IPFIX analytics pipeline Continue reading