Bigger, Faster, Better (and Cheaper!)
There has been much speculation on the evolution of the Internet. Is our future somewhere out there in the blockchains? Is it all locked up in crypto? Or will it all shatter under the pressure of fragmentation? It seems to me that all this effort is being driven by a small number of imperatives: making it bigger, faster and better. Oh, and making it cheaper as well!I, The Braggart – A Network Fable
My boss stepped into our shared cubicle space and rested his arm on top of the fabric wall. He peered down at me. “Hey.” He always started with a quiet “hey” when he was about to ask me to do something new. I glanced at my whiteboard filled with projects and statuses, and steeled myself for the fresh request.
“Hey. I just got out of a meeting with Lewis.” I groaned inwardly. Lewis was my boss’s boss, and while Lewis was a fantastic human being, meetings with him were usually in the context of projects. Big ones. I put on a fake smile to mask creeping despair. “Oh? How did that go?”
My boss ripped off the band-aid. “Lewis wants a monthly summary from everyone of what they’ve been doing. So, on the last Friday of the month, make sure you have all your project statuses updated, including key milestones. Your whiteboard is great for you and me since we share this space, but now you’re going to need to log your statuses into the project database.” He smirked. “Like a big boy.”
I died a little inside. One of the reasons I’d left consulting Continue reading
Hedge 141: Improving WAN Router Performance
Wide area networks in large-scale cores tend to be performance choke-points—partially because of differentials between the traffic they’re receiving from data center fabrics, campuses, and other sources, and the availability of outbound bandwidth, and partially because these routers tend to be a focal point for policy implementation. Rachee Singh joins Tom Ammon, Jeff Tantsura, and Russ White to discuss “Shoofly, a tool for provisioning wide-area backbones that bypasses routers by keeping traffic in the optical domain for as long as possible.”
Notes from DNS OARC 38
There is still much in the way the DNS behaves that we really don't know, much we would like to do that we can't do already, and much we probably want to do better. DNS-OARC Meetings bring together a collection of people interested in all aspects of the DNS, from its design through to all aspects of its operation, and the presentations and discussions at OARC meetings touch upon the current hot topics in the DNS today.Building and using Managed Components with WebCM
Managed Components are here to shake up the way third-party tools integrate with websites. Two months ago we announced that we’re open sourcing parts of the most innovative technologies behind Cloudflare Zaraz, making them accessible and usable to everyone online. Since then, we’ve been working hard to make sure that the code is well documented and all pieces are fun and easy to use. In this article, I want to show you how Managed Components can be useful for you right now, if you manage a website or if you’re building third-party tools. But before we dive in, let’s talk about the past.
Third-party scripts are a threat to your website
For decades, if you wanted to add an analytics tool to your site, a chat widget, a conversion pixel or any other kind of tool – you needed to include an external script. That usually meant adding some code like this to your website:
<script src=”https://example.com/script.js”></script>
If you think about it – it’s a pretty terrible idea. Not only that you’re now asking the browser to connect to another server, fetch and execute more JavaScript code – you’re also completely giving up the control on your Continue reading
What Can Network Managers Do About Cloud Outages? (Not Much)
Better observability tools can help net managers maintain some resilience to cloud service outages, but provider misconfigurations and DNS infrastructure issues are out of their control.Three Paths to Better Network Evidence
Analysts, threat hunters, and management teams need the right evidence for a variety of reasons. There isn't a workaround for "I don't have the data!"EVPN-VXLAN: Symmetrical IRB versus Asymmetrical IRB
Now that we've covered the two flavours of IRB in depth, I want to share more of a discussion piece. Technical details are interesting, sometimes even fun, but what about real-world operational considerations?
"Everyone has a plan..."
Viewing the intimidating assortment of pikes, swords, sharp, and bashy objects in the Tower of London armoury during a recent visit, I was reminded of that Tyson quote "Everyone has a plan until they get punched in the mouth."
My train of thought was, "being a knight riding around on horseback would be fun and all until an encounter with a big stick with a pointy metal end."
Similarly (or maybe not similar at all, but I hope you get where I'm going here), playing around with the various types of IRB for EVPN has been enlightening and, at times, fun; but what about on a real-world network with its everyday concerns and risk of outages - the pokey, hurty things in my analogy.
What works on paper might not be feasible on a live network, when the focus is primarily on reliability and deploying networks that the NetOps team can realistically support.
Symmetrical IRB - it scales, but at Continue reading
What is eBPF and what are its use cases
With the recent advancements in service delivery through containers, Linux has gained a lot of popularity in cloud computing by enabling digital businesses to expand easily regardless of their size or budget. These advancements have also brought a new wave of attack, which is challenging to address with the same tools we have been using for non cloud-native environments. eBPF offers a new way to interact with the Linux kernel, allowing us to reexamine the possibilities that once were difficult to achieve.
In this post, I will go through a brief history of the steps that eBPF had to take to become the Swiss army knife inside the Linux kernel and point out how it can be used to achieve security in a cloud-native environment. I will also share my understanding of what happens inside the kernel that prevents BPF programs from wreaking havoc on your operating system.
BPF history
In the early days of computing, Unix was a popular solution for capturing network traffic, and using CMU/Stanford packet filter (CSPF) to capture packets using 64KB PDP-11 was gaining popularity by the second. Without a doubt, this was a pioneering work and a leap forward for its time but like Continue reading
BGP Peering (part 1)
Why does BGP use TCP for peering? What happens if two BGP speakers begin the peering process at the same time? In this video, recorded for Packet Pushers, I start looking at the BGP peering process.
Load Balancing with Weighted Pools
Anyone can take advantage of Cloudflare’s far-reaching network to protect and accelerate their online presence. Our vast number of data centers, and their proximity to Internet users around the world, enables us to secure and accelerate our customers’ Internet applications, APIs and websites. Even a simple service with a single origin server can leverage the massive scale of the Cloudflare network in 270+ cities. Using the Cloudflare cache, you can support more requests and users without purchasing new servers.
Whether it is to guarantee high availability through redundancy, or to support more dynamic content, an increasing number of services require multiple origin servers. The Cloudflare Load Balancer keeps our customer’s services highly available and makes it simple to spread out requests across multiple origin servers. Today, we’re excited to announce a frequently requested feature for our Load Balancer – Weighted Pools!
What’s a Weighted Pool?
Before we can answer that, let’s take a quick look at how our load balancer works and define a few terms:
Origin Servers - Servers which sit behind Cloudflare and are often located in a customer-owned datacenter or at a public cloud provider.
Origin Pool - A logical collection of origin servers. Most pools Continue reading