BGP Graceful Restart on the Cisco FTD: Part 1 – Configuring
Enabling BGP Graceful Restart on the Cisco Firepower Threat Defense (FTD) just got so easy! I’m stoked! So the other day I needed to put together an environment with the FTD eBGP peering with graceful restart enabled and test it.... Read More ›
The post BGP Graceful Restart on the Cisco FTD: Part 1 – Configuring appeared first on Networking with FISH.
Full Stack Journey 066: Five IT Skills To Learn In 2022
Drew Conry-Murray and Du’An Lightfoot discuss essential skills for IT professionals in 2022. They include learning to code, learning Linux, and sharing your journey. This topic was inspired by a Tweet thread Du'An recently posted. We also talk about the role of content creation such as blogging and videos to enhance your own learning and advance your career. Du'An is a Sr. Cloud Networking Developer Advocate at AWS Cloud. You may know Du’An from his work as the creator behind LabEveryday, where he posts blogs and videos on technical topics and professional development. You can follow him on Twitter at @labeveryday.
The post Full Stack Journey 066: Five IT Skills To Learn In 2022 appeared first on Packet Pushers.
Full Stack Journey 066: Five IT Skills To Learn In 2022
Drew Conry-Murray and Du’An Lightfoot discuss essential skills for IT professionals in 2022. They include learning to code, learning Linux, and sharing your journey. This topic was inspired by a Tweet thread Du'An recently posted. We also talk about the role of content creation such as blogging and videos to enhance your own learning and advance your career. Du'An is a Sr. Cloud Networking Developer Advocate at AWS Cloud. You may know Du’An from his work as the creator behind LabEveryday, where he posts blogs and videos on technical topics and professional development. You can follow him on Twitter at @labeveryday.
Integrating Network Analytics Logs with your SIEM dashboard
We’re excited to announce the availability of Network Analytics Logs. Magic Transit, Magic Firewall, Magic WAN, and Spectrum customers on the Enterprise plan can feed packet samples directly into storage services, network monitoring tools such as Kentik, or their Security Information Event Management (SIEM) systems such as Splunk to gain near real-time visibility into network traffic and DDoS attacks.
What’s included in the logs
By creating a Network Analytics Logs job, Cloudflare will continuously push logs of packet samples directly to the HTTP endpoint of your choice, including Websockets. The logs arrive in JSON format which makes them easy to parse, transform, and aggregate. The logs include packet samples of traffic dropped and passed by the following systems:
- Network-layer DDoS Protection Ruleset
- Advanced TCP Protection
- Magic Firewall
Note that not all mitigation systems are applicable to all Cloudflare services. Below is a table describing which mitigation service is applicable to which Cloudflare service:
Mitigation System |
Cloudflare Service | ||
|---|---|---|---|
| Magic Transit | Magic WAN | Spectrum | |
| Network-layer DDoS Protection Ruleset | ✅ | ❌ | ✅ |
| Advanced TCP Protection | ✅ | ❌ | ❌ |
| Magic Firewall | Continue reading | ||
HS 023 Horrors and Hurdles of Hybrid Work
What about changing the work we do ? Perhaps with orchestration / automation and even AI ? So many questions, not many answers.
HS 023 Horrors and Hurdles of Hybrid Work
What about changing the work we do ? Perhaps with orchestration / automation and even AI ? So many questions, not many answers.
The post HS 023 Horrors and Hurdles of Hybrid Work appeared first on Packet Pushers.
Are Routing Protocols Automation ?
Declarative and intentional. So maybe ?
Debugging Hardware Performance on Gen X Servers
In Cloudflare’s global network, every server runs the whole software stack. Therefore, it's critical that every server performs to its maximum potential capacity. In order to provide us better flexibility from a supply chain perspective, we buy server hardware from multiple vendors with the exact same configuration. However, after the deployment of our Gen X AMD EPYC Zen 2 (Rome) servers, we noticed that servers from one vendor (which we’ll call SKU-B) were consistently performing 5-10% worse than servers from second vendor (which we'll call SKU-A).
The graph below shows the performance discrepancy between the two SKUs in terms of percentage difference. The performance is gauged on the metric of requests per second, and this data is an average of observations captured over 24 hours.
Compute performance via DGEMM
The initial debugging efforts centered around the compute performance. We ran AMD’s DGEMM high performance computing tool to determine if CPU performance was the cause. DGEMM is designed to measure the sustained floating-point computation rate of a single server. Specifically, the code measures the floating point rate of execution of a real matrix–matrix multiplication with double Continue reading
Announcing our Spring Developer Challenge
After many announcements from Platform Week, we’re thrilled to make one more: our Spring Developer Challenge!
The theme for this challenge is building real-time, collaborative applications — one of the most exciting use-cases emerging in the Cloudflare ecosystem. This is an opportunity for developers to merge their ideas with our newly released features, earn recognition on our blog, and take home our best swag yet.
Here’s a list of our tools that will get you started:
- Workers can either be powerful middleware connecting your app to different APIs and an origin — or it can be the entire application itself. We recommend using Worktop, a popular framework for Workers, if you need TypeScript support, routing, and well-organized submodules. Worktop can also complement your existing app even if it already uses a framework, such as Svelte.
- Cloudflare Pages makes it incredibly easy to deploy sites, which you can make into truly dynamic apps by putting a Worker in front or using the Pages Functions (beta).
- Durable Objects are great for collaborative apps because you can use websockets while coordinating state at the edge, seen in this chat demo. To help scale any load, we also recommend Durable Object Groups.
- Workers Continue reading
Ethernet Encryptor Market Overview (2022 Edition)
Christoph Jaggi, the author of Ethernet Encryption webinar, published a new version of Ethernet Encryptor Market Overview including:
- Network standards and platforms
- Data plane encryption
- Control plane security
- Key- and system management
- Relevant approvals
- Vendors and products, including detailed feature support matrices.
Using Python to Calculate Cisco SD-WAN Tunnel Numbers – Part 2
In the first post I shared with you my code to calculate tunnel numbers in Cisco SD-WAN. I’m a beginner in Python so I thought it would be a great learning experience to have someone experienced in Python, such as Rodrigo, take a look at the code and come up with improvements. As I like to share knowledge, I’m taking this journey with you all. Let’s get started!
You may recall that I had a function to calculate the tunnel number. It looked like this:
def calculate_tunnel_number(interface_name:str) -> int:
<SNIP>
return total_score
Rodrigo’s comment was that the function name is excellent as it is clear what the function does. However, my return statement returns total_score which is not clear what it does. It would be better to return tunnel_number which is what the function is calculating.
The next comment is that when splitting things and it is known how many pieces you have, it is better to unpack them, that is, assign the unwanted piece to a throwaway variable rather than using indexing. My code looked something like this:
interface_number = split_interface(interface_name)[1]
It would be better to do something like this:
_, interface_number = split_interface(interface_name)[1]
The first variable, a Continue reading
Tech Bytes: Cloudflare Simplifies Wide Area Networks With Magic WAN (Sponsored)
Today on the Tech Bytes podcast we’re talking WAN architectures and how to simplify and secure them with sponsor Cloudflare. Cloudflare's Magic WAN is a network-as-a-service offering. Customers can connect data centers, branches, and users to Cloudflare's private network; add security services; and integrate with third-party SD-WANs.Tech Bytes: Cloudflare Simplifies Wide Area Networks With Magic WAN (Sponsored)
Today on the Tech Bytes podcast we’re talking WAN architectures and how to simplify and secure them with sponsor Cloudflare. Cloudflare's Magic WAN is a network-as-a-service offering. Customers can connect data centers, branches, and users to Cloudflare's private network; add security services; and integrate with third-party SD-WANs.
The post Tech Bytes: Cloudflare Simplifies Wide Area Networks With Magic WAN (Sponsored) appeared first on Packet Pushers.