Video: Typical Kubernetes Inter-Pod Traffic Walk
Stuart Charlton did his best to explain the concept of pods in the Kubernetes Networking Deep Dive webinar, but we were still a bit confused. Next step: let’s talk about typical inter-pod traffic scenario.
Parts of Kubernetes Networking Deep Dive webinar (including this video) are available with Free ipSpace.net Subscription.
Wendy Komadina: No one excited me more than Cloudflare, so I joined.
I joined Cloudflare in March to lead Partnerships & Alliances for Asia Pacific, Japan, and China (APJC). In the last month I’ve been asked many times: “Why Cloudflare?” I’ll be honest, I’ve had opportunities to join other technology companies, but no other organization excited me more than Cloudflare. So I jumped. And I couldn’t be more thrilled for the opportunity to build a strong partner ecosystem for APJC.
When I considered joining Cloudflare, I recall consistently reading the message around “Helping to Build a Better Internet”. At first those words didn’t connect with me, but they sounded like an important mission.
I did my research and read analyst reports to learn about Cloudflare's market position, and then it dawned on me, Cloudflare is leading a transformation. Taking traditional on-premise networking and security hardware and building a transformational cloud-based solution, so customers don’t need to worry about which company supplied their kit. I was excited to learn that Cloudflare customers can simply access the vast global network that has been designed to make everything that customers connect to on the Internet secure, private, fast, and reliable. So hasn’t this been done before? For compute and storage that transformation is almost Continue reading
Is Sensing the Next Killer App for Wi-Fi?
Wi-Fi Sensing technology can sense the disruption of the signal and use the information to determine the size, speed, and location of the disruption.The Dangers of 5G Technology for Airplanes
The next generation of wireless technology, 5G, is set to revolutionize the way we live and work. 5G works by using higher frequency signals than previous generations of wireless technology. These higher frequency signals are more easily absorbed by obstacles like buildings and trees, which can cause interference.
What is 5G technology and how does it work
5G uses a higher frequency of radio waves than previous generations of wireless technology. This means that 5G can carry more data and achieve higher speeds than 4G. However, it also means that 5G signals don’t travel as far as 4G signals and are more easily blocked by obstacles like walls and trees.
To overcome this challenge, 5G networks use a process called beamforming. Beamforming involves using multiple antennas to focus the signal in a specific direction. This allows the signal to travel further and Penetrate obstacles more easily. As a result, beamforming is a key technology that makes 5G possible.
In addition to beamforming, 5G networks also rely on a process called massive MIMO (multiple-input, multiple-output). Massive MIMO involves using dozens or even hundreds of antennas to send and receive data. This allows 5G networks to handle large amounts of traffic Continue reading
Monitoring our monitoring: how we validate our Prometheus alert rules
Background
We use Prometheus as our core monitoring system. We’ve been heavy Prometheus users since 2017 when we migrated off our previous monitoring system which used a customized Nagios setup. Despite growing our infrastructure a lot, adding tons of new products and learning some hard lessons about operating Prometheus at scale, our original architecture of Prometheus (see Monitoring Cloudflare's Planet-Scale Edge Network with Prometheus for an in depth walk through) remains virtually unchanged, proving that Prometheus is a solid foundation for building observability into your services.
One of the key responsibilities of Prometheus is to alert us when something goes wrong and in this blog post we’ll talk about how we make those alerts more reliable - and we’ll introduce an open source tool we’ve developed to help us with that, and share how you can use it too. If you’re not familiar with Prometheus you might want to start by watching this video to better understand the topic we’ll be covering here.
Prometheus works by collecting metrics from our services and storing those metrics inside its database, called TSDB. We can then query these metrics using Prometheus query language called PromQL using ad-hoc queries (for example to power Grafana Continue reading
IPv6 Buzz 101: Innovating With IPv6
In this episode of IPv6 Buzz, Ed, Scott, and Tom talk about innovation using IPv6. The limitless supply of addresses creates new opportunities for network engineers and application developers, including flat networks with many more nodes, robust segmentation options, supporting overlays, and more.IPv6 Buzz 101: Innovating With IPv6
In this episode of IPv6 Buzz, Ed, Scott, and Tom talk about innovation using IPv6. The limitless supply of addresses creates new opportunities for network engineers and application developers, including flat networks with many more nodes, robust segmentation options, supporting overlays, and more.
The post IPv6 Buzz 101: Innovating With IPv6 appeared first on Packet Pushers.
Mitigating controls for cloud-native applications: Why you need them and how Calico Cloud can help
Fixing vulnerabilities can be hard—especially so for cloud-native applications. Let’s take a deeper look at why this is, and how mitigating controls can help secure your cloud-native applications.
Vulnerabilities are like earthquakes—its best to be prepared
The trials and tribulations of Log4j are now safely in our rearview mirror. Most of us responsible for operating a container platform like Kubernetes have navigated through the remediation efforts and disaster has been averted.
But it was a wake-up call for many, and at the very least a healthy reminder for all of us. There have been many infamous vulnerabilities before Log4j, and much like living in an area of the world where earthquakes can strike at any moment, much can be learned from the big ones that came before.
When Heartbleed was publicly disclosed in 2014 it sent shockwaves around the world. It was a critical vulnerability in the ubiquitous OpenSSL library—a cryptographic software library that is used to implement the Transport Layer Security (TLS) protocol. Most of the web relies on TLS to secure communication between clients and servers, and the vulnerability came about through a simple bug that resulted in improper input validation for heartbeats.
The bug existed in OpenSSL Continue reading
Eurovision 2022, the Internet effect version
There’s only one song contest that is more than six decades old and not only presents many new songs (ABBA, Celine Dion, Julio Iglesias and Domenico Modugno shined there), but also has a global stage that involves 40 countries — performers represent those countries and the public votes. The 66th edition of the Eurovision Song Contest, in Turin, Italy, had two semi-finals (May 10 and 12) and a final (May 14), all of them with highlights, including Ukraine’s victory. The Internet was impacted in more than one way, from whole countries to the fan and official broadcasters sites, but also video platforms.
On our Eurovision dedicated page, it was possible to see the level of Internet traffic in the 40 participant countries, and we tweeted some highlights during the final.
#Ukraine just won the #Eurovision in Turin, #Italy
— Cloudflare Radar (@CloudflareRadar) May 14, 2022
Video platforms DNS traffic in Ukraine today, during the event, was 22% higher at 23:00 CEST compared to the previous Saturday. The @Eurovision final is being transmitted live via YouTube.
— @Cloudflare data. pic.twitter.com/juBmtDj1FP
First, some technicalities. The baseline for the values we use in the following charts Continue reading
NSX-T 3.2.1: Rolling Upgrade for NSX Management Plane
VMware NSX 3.2.1 continues to deliver enhancements for improving the VMware NSX upgrade process, including rolling upgrades that shorten upgrade maintenance windows and improved visibility into the NSX upgrade progress.
During the upgrade, the management plane will always be available, normal operation, ie, API calls, configuration changes, adding and removing Transport Nodes can be performed. If there’s an issue that occurred during the upgrade, users can roll back to the previous release without deploying a new NSX cluster and restoring the backup. The rolling upgrade feature applies to only the NSX Manager upgrade portion of the upgrade. In other words, the sequence of the NSX components upgrade remains in the following order: NSX Upgrade Coordinator upgrade, NSX Edge upgrade, Host upgrade, then the NSX Manager upgrade.
How Rolling Upgrade works
Prior to NSX 3.2.1 release, we upgrade all the manager nodes in the management cluster simultaneously. The advantage of the parallel upgrade is that it takes less time to upgrade the management plane. The tradeoff is that the management plane will not be available for a period during the upgrade process. With the rolling upgrade, the manager nodes will be upgraded sequentially. During the management upgrade Continue reading
Migrate from Cross-VC to Federation using NSX-T Migration Coordinator
NSX-T 3.2.1
With the VMware NSX-T 3.2.1 release, Migration Coordinator adds one more game changing feature: migrating from multisite NSX for vSphere deployments directly to NSX Federation. This feature builds on top of the User Defined Topology mode of migration. Folks familiar with the User Defined Topology will find the workflow similar and following the same simple model.
In this blog post, we will look at this new feature and how to leverage it. Please check out the resource links for more information on Migration Coordinator. Here, we will start with a high-level overview before digging into the details.
Migration Coordinator
Migration Coordinator is a tool that was introduced around 3 years ago, with NSX-T 2.4, to enable customers to migrate from NSX for vSphere to NSX-T. It is a free fully supported tool that is built into NSX-T. Migration Coordinator is flexible with multiple options enabling multiple ways to migrate based on customer requirements.
With the NSX-T 3.2 release, Migration Coordinator offered three primary modes for migration:
- Migrate Everything: From edges, to compute, to workloads — in an automated fashion and with a workflow that is like an in-place upgrade on existing hardware. This mode only needs enough resources to host NSX-T manager appliances and edges along Continue reading
Business Agility and Continuity with NSX Federation and Traceflow
Resilient application architectures have evolved quite significantly over the years. It is increasingly more common for Enterprises to deploy multiple data centers to support flexible workload placement and redundancy to achieve application and network high availability.
Here, we discuss key reasons to deploy multiple data centers and how NSX Federation and the recently introduced traceflow support simplify associated infrastructure strategy and implementation.
Workload Placement and Mobility
Applications and the associated infrastructure (compute, storage, networking, and security) are deployed in multiple locations to support workload mobility between these locations for use cases such as Data Center migration and Disaster Recovery testing.
Figure: Multi-Cloud Mobility
Data Center Expansion
In this scenario, IT runs out of capacity at a location (rack, building, site) and wants additional capacity at a different location for hosting new applications. Capacity can be of different types such as compute (servers), and/or storage, and/or network (bandwidth).
Figure: Multi-Cloud Growth
Disaster Avoidance / Disaster Recovery
This is a scenario where you lose one of your locations completely (rack, building, site) and you need to maintain the availability of your application services (compute, storage, network and security).
Figure: Multi-Location DR