Introducing Cache Rules: precision caching at your fingertips

Ten years ago, in 2012, we released a product that put “a powerful new set of tools” in the hands of Cloudflare customers, allowing website owners to control how Cloudflare would cache, apply security controls, manipulate headers, implement redirects, and more on any page of their website. This product is called Page Rules and since its introduction, it has grown substantially in terms of popularity and functionality.

Page Rules are a common choice for customers that want to have fine-grained control over how Cloudflare should cache their content. There are more than 3.5 million caching Page Rules currently deployed that help websites customize their content. We have spent the last ten years learning how customers use those rules to cache content, and it’s clear the time is ripe for evolving rules-based caching on Cloudflare. This evolution will allow for greater flexibility in caching different types of content through additional rule configurability, while providing more visibility into when and how different rules interact across Cloudflare’s ecosystem.

Today, we’ve announced that Page Rules will be re-imagined into four product-specific rule sets: Origin Rules, Cache Rules, Configuration Rules, and Redirect Rules.

In this blog we’re going to discuss Cache Rules, and Continue reading

Introducing Configuration Rules

A powerful new set of tools

In 2012, we introduced Page Rules to the world, announcing:

“Page Rules is a powerful new set of tools that allows you to control how CloudFlare works on your site on a page-by-page basis.”

Ten years later, and with all F’s lowercase, we are excited to introduce Configuration Rules — a Page Rules successor and a much improved way of controlling Cloudflare features and settings. With Configuration Rules, users can selectively turn on/off features which would typically be applied to every HTTP request going through the zone. They can do this based on URLs - and more, such as cookies or country of origin.

Configuration Rules opens up a wide range of use cases for our users that previously were impossible without writing custom code in a Cloudflare Worker. Such use cases as A/B testing configuration or only enabling features for a set of file extensions are now made possible thanks to the rich filtering capabilities of the product.

Configuration Rules are available for use immediately across all plan levels.

Turn it on, but only when…

As each HTTP request enters a Cloudflare zone we apply a configuration. This configuration tells the Cloudflare Continue reading

HS034 Introducing Graphiant Stateless Cloud WAN – Sponsored

Graphiant Stateless Cloud WAN addresses the limitations of SDWAN - better scalability, more flexibility and service guarantees. Their stateless network core is multi-tenant, predictable and scalable. Customers get the benefit of SDWAN with less of the problems. We unpack the details in this episiode with Khalid Raza, Founder and CEO of Graphiant and ask questions to understand how it would fit your strategy.

The post HS034 Introducing Graphiant Stateless Cloud WAN – Sponsored appeared first on Packet Pushers.

HS034 Introducing Graphiant Stateless Cloud WAN – Sponsored

Juniper CN2 K8s Over MaaS Managed Infrastructure

please visit following git wiki

https://github.com/kashif-nawaz/Juniper_CN2_K8s_Over_MaaS_Managed_Infra

Repost: On the Viability of EVPN

Jordi left an interesting comment to my EVPN/VXLAN or Bridged Data Center Fabrics blog post discussing the viability of using VXLAN and EVPN in times when the equipment lead times can exceed 12 months. Here it is:

Interesting article Ivan. Another major problem I see for EPVN, is the incompatibility between vendors, even though it is an open standard. With today’s crazy switch delivery times, we want a multi-vendor solution like BGP or LACP, but EVPN (due to vendors) isn’t ready for a multi-vendor production network fabric.

Repost: On the Viability of EVPN

SD-WAN transport-side BGP

The majority of Cisco SD-WAN guides and posts I have found use static routing rather than routing protocols on the transport-side. Static routes are all very well for SD-WAN tunnel traffic but I was wanting to understand how you equate for DIA traffic in a more real-life situation where address ranges are advertised via BGP.

AWS IPSEC Site-to-Site VPN

Notes

https://meteor-honeycup-16b.notion.site/Site-to-Site-VPN-144441a6ac0b4e39a514adc67a8348d5 — This will be updated frequently and has the entire notes on the topics

Intro

VPN — Virtual Private Network, often used to communicate securely over untrusted networks like the internet.
IPSEC is the protocol which is used for securing the data. Some other tunnelling protocols and frameworks are GRE, DMVPN, Wireguard etc
Two types of VPNs — Site-to-Site other is Client-to-site /Remote Access VPN, this lab will be a site-to-site VPN.
Site-to-Site, as the name suggests usually connects two sites and a Site is typically referred to as a group of devices in a Data-Center. Site-to-Site will enable two sites separated from the internet to communicate privately and securely over the internet.

Site-to-Site

Think along the lines of two boundary devices which encrypt and decrypt LAN traffic
Design Redundancy and Scalability along these lines for these two end-points
It is important to note that you can have VPN to access any services within your VPC as VPC can be visualised as a virtual Data-Center and thus you can not have a VPN for a service like S3 which is a public offering and can be reached via the Internet

Let’s imagine you have built your Continue reading

Intelligence and Wisdom

I spent the last week at the Philmont Leadership Challenge in beautiful Cimarron, NM. I had the chance to learn a bit more about servant leadership and work on my outdoor skills a little. I also had some time to reflect on an interesting question posed to me by one of the members of my crew.

He asked me, “You seem wise. How did you get so wise?” This caught me flat-flooted for a moment because I’d never really considered myself to be a very wise person. Experienced perhaps but not wise like Yoda or Gandalf. So I answered him as I thought more about it.

Intelligence is knowing what to do. Wisdom is knowing what not to do.

The more I thought about that quote the more I realized the importance of the distinction.

Basic Botany

There’s another saying that people tweeted back at me when I shared the above quote. It’s used in the context of describing Intelligence and Wisdom for Dungeons and Dragons roleplaying:

Intelligence is knowing that a tomato is a fruit. Wisdom is not putting tomatoes in a fruit salad.

It’s silly and funny but it gets right to the point and is a Continue reading

Shortages force network vendors into creative product redesigns

Supply chain problems have triggered most major networking players such as Cisco, Juniper, Arista, and others to redesign or re-engineer some products in an attempt to overcome component shortages and deliver products to customers.Lead times for some routers, switches and other gear is already delayed well beyond six months. Retooling to get hardware out the door can add is own delay and put additional pressure on engineers looking to reshape things like power supplies and board-level features without causing major problems themselves.To read this article in full, please click here

Where are the Apps in ‘Adaptive Apps?’

App delivery and security have typically been afterthoughts. Adaptive apps try to address these issues to ensure application availability and security.

The first Zero Trust SIM

This post is also available in Deutsch, Français and Español.

The humble cell phone is now a critical tool in the modern workplace; even more so as the modern workplace has shifted out of the office. Given the billions of mobile devices on the planet — they now outnumber PCs by an order of magnitude — it should come as no surprise that they have become the threat vector of choice for those attempting to break through corporate defenses.

The problem you face in defending against such attacks is that for most Zero Trust solutions, mobile is often a second-class citizen. Those solutions are typically hard to install and manage. And they only work at the software layer, such as with WARP, the mobile (and desktop) apps that connect devices directly into our Zero Trust network. And all this is before you add in the further complication of Bring Your Own Device (BYOD) that more employees are using — you’re trying to deploy Zero Trust on a device that doesn’t belong to the company.

It’s a tricky — and increasingly critical — problem to solve. But it’s also a problem which we think we can help with.

What Continue reading

Bringing Zero Trust to mobile network operators

At Cloudflare, we’re excited about the quickly-approaching 5G future. Increasingly, we’ll have access to high throughput and low-latency wireless networks wherever we are. It will make the Internet feel instantaneous, and we’ll find new uses for this connectivity such as sensors that will help us be more productive and energy-efficient. However, this type of connectivity doesn’t have to come at the expense of security, a concern raised in this recent Wired article. Today we’re announcing the creation of a new partnership program for mobile networks—Zero Trust for Mobile Operators—to jointly solve the biggest security and performance challenges.

SASE for Mobile Networks

Every network is different, and the key to managing the complicated security environment of an enterprise network is having lots of tools in the toolbox. Most of these functions fall under the industry buzzword SASE, which stands for Secure Access Service Edge. Cloudflare’s SASE product is Cloudflare One, and it’s a comprehensive platform for network operators. It includes:

Magic WAN, which offers secure Network-as-a-Service (NaaS) connectivity for your data centers, branch offices and cloud VPCs and integrates with your legacy MPLS networks
Cloudflare Access, which is a Zero Trust Network Access (ZTNA) service requiring strict verification for every Continue reading

Securing the Internet of Things

It’s hard to imagine life without our smartphones. Whereas computers were mostly fixed and often shared, smartphones meant that every individual on the planet became a permanent, mobile node on the Internet — with some 6.5B smartphones on the planet today.

While that represents an explosion of devices on the Internet, it will be dwarfed by the next stage of the Internet’s evolution: connecting devices to give them intelligence. Already, Internet of Things (IoT) devices represent somewhere in the order of double the number of smartphones connected to the Internet today — and unlike smartphones, this number is expected to continue to grow tremendously, since they aren’t bound to the number of humans that can carry them.

But the exponential growth in devices has brought with it an explosion in risk. We’ve been defending against DDoS attacks from Internet of Things (IoT) driven botnets like Mirai and Meris for years now. They keep growing, because securing IoT devices still remains challenging, and manufacturers are often not incentivized to secure them. This has driven NIST (the U.S. National Institute of Standards and Technology) to actively define requirements to address the (lack of) IoT device security, and the EU Continue reading

Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks

This week's Network Break podcast covers a startup backed by ex-Cisco CEO John Chambers, US federal agencies wanting service providers to get serious about BGP security, SASE growing 30% in a quarter, a thriving floppy disk business, and more IT news.

The post Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks appeared first on Packet Pushers.

Network Break 400: Ex-Cisco CEO Launches Network Startup; The Persistence Of Floppy Disks

Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored)

Today on the Tech Bytes podcast we talk with sponsor Palo Alto Networks about the latest AI Ops features for SD-WAN. AI Ops analyzes network data and then recommends fixes for probems, a capability that's becoming increasingly necessary as network complexity grows to encompass underlays, overlays, on and off-prem cloud destinations, remote working, and more.

The post Tech Bytes: Palo Alto Networks Enhances AIOps For Prisma SD-WAN (Sponsored) appeared first on Packet Pushers.