A look at QUIC Use
QUIC as recently been standardized by the IETF and is now in the initial stages of deployment. Let's take a look at the current state of the use of QUIC in today's Internet.EVPN-VXLAN Explainer 6 – Symmetrical IRB
Now let's continue our look at routing with EVPN-VXLAN as we focus on symmetrical IRB.
This post is essentially building upon a lot of what we covered in the previous post. So, if you haven't read that yet, please do, then meet me back here. This post will make a lot more sense if you do.
🔬 Symmetrical IRB in Detail
While symmetrical and asymmetrical IRB have the same functional outcome; to route inter-subnet traffic, there are a number of major differences in the requirements and configuration of each.
Most notably, symmetrical IRB frees us from the requirement to configure all VLANs & L2VNIs on all VTEPs.
Here's an overview of the features and components that we'll be covering:
Symmetrical IRB Architecture Notes
- Symmetrical IRB offers a more scalable approach to routing VXLAN traffic because VTEPs are not required to have knowledge of all destination clients, they do not need to hold an ARP cache entry for a destination, unlike asymmetrical IRB.
- VTEPs are only configured with the VLANs, subnets and VNIs that host locally connected clients.
- To ensure successful end-to-end connectivity for inter-subnet traffic, a number of new requirements and features are deployed with symmetrical IRB:
- A L3VNI for Continue reading
Getting Tough with Cyberinsurance
I’ve been hearing a lot of claims recently about how companies are starting to rely more and more on cyberinsurance policies to cover them in the event of a breach or other form of disaster. While I’m a fan of insurance policies in general I think the companies trying to rely on these payouts to avoid doing any real security work is going to be a big surprise to them in the future.
Due Diligence
The first issue that I see is that companies are so worried about getting breached that they think taking out big insurance policies are the key to avoiding any big liability. Think about an organization that holds personally identifiable information (PII) and how likely it is that they would get sued in the event of a breach. The idea is that cyberinsurance would pay out for the breach and be used as a way to pay off the damages in a lawsuit.
The issue I have with this is that companies are expecting to get paid. They see cyberinsurance as a guaranteed payout instead of a last resort. In the initial days of taking out these big policies the insurers were happy to pay out Continue reading
NIST’s pleasant post-quantum surprise
On Tuesday, the US National Institute of Standards and Technology (NIST) announced which post-quantum cryptography they will standardize. We were already drafting this post with an educated guess on the choice NIST would make. We almost got it right, except for a single choice we didn’t expect—and which changes everything.
At Cloudflare, post-quantum cryptography is a topic close to our heart, as the future of a secure and private Internet is on the line. We have been working towards this day for many years, by implementing post-quantum cryptography, contributing to standards, and testing post-quantum cryptography in practice, and we are excited to share our perspective.
In this long blog post, we explain how we got here, what NIST chose to standardize, what it will mean for the Internet, and what you need to know to get started with your own post-quantum preparations.
How we got here
Shor’s algorithm
Our story starts in 1994, when mathematician Peter Shor discovered a marvelous algorithm that efficiently factors numbers and computes discrete logarithms. With it, you can break nearly all public-key cryptography deployed today, including RSA and elliptic curve cryptography. Luckily, Shor’s algorithm doesn’t run on just any computer: it needs Continue reading
Cloudflare’s view of the Rogers Communications outage in Canada
(Check for the latest updates at the end of this blog: Internet traffic started to come back at around July 9, 01:00 UTC, after 17 hours)
An outage at one of the largest ISPs in Canada, Rogers Communications, started earlier today, July 8, 2022, and is ongoing (eight hours and counting), and is impacting businesses and consumers. At the time of writing, we are seeing a very small amount of traffic from Rogers, but we are only seeing residual traffic, and nothing close to a full recovery to normal traffic levels.
Based on what we’re seeing and similar incidents in the past, we believe this is likely to be an internal error, not a cyber attack.
Cloudflare Radar shows a near complete loss of traffic from Rogers ASN, AS812, that started around 08:45 UTC (all times in this blog are UTC).
What happened?
Cloudflare data shows that there was a clear spike in BGP (Border Gateway Protocol) updates after 08:15, reaching its peak at 08:45.
BGP is a mechanism to exchange routing information between networks on the Internet. The big routers that make the Internet work have huge, constantly updated lists of the possible routes that can be Continue reading
Special: Heavy Strategy Ep27 Broadcom And VMware – What’s Gonna Happen?
Heavy Strategy is a new podcast from Packet Pushers. We look at the strategy and business of IT Infrastrucrure in two-sided debate format. We believe that the questions are more important than the answers since its all your responsibility anyway.
The post Special: Heavy Strategy Ep27 Broadcom And VMware – What’s Gonna Happen? appeared first on Packet Pushers.
Special: Heavy Strategy Ep27 Broadcom And VMware – What’s Gonna Happen?
Heavy Strategy is a new podcast from Packet Pushers. We look at the strategy and business of IT Infrastrucrure in two-sided debate format. We believe that the questions are more important than the answers since its all your responsibility anyway.Formatted CLI Data Is Not Good Enough For Automation
If you're learning to interact with Infrastructure as Code (IaC), you'll need to get accustomed to structured data, which is different from formatted data you're likely accuomsted to with the CLI. Here's some examples of structured data to help you understand the difference.
The post Formatted CLI Data Is Not Good Enough For Automation appeared first on Packet Pushers.
Weekend Reads 070822
We kick off this edition of the weekend reads with a few articles on security. Misconfigured cloud storage buckets and a failure to implement good password practices are, as always, a major source of security issues.
Another study showing the importance of DNS abuse in spreading malware.
Another reminder that Continue reading
Big Memory: The Evolution of New Memory Infrastructure
The time has come for enterprise technologists to begin planning infrastructure refreshes around a composable, data-centric, big memory architecture.Automatic Signed Exchanges may dramatically boost your site visitor numbers
It’s been about nine months since Cloudflare announced support for Signed Exchanges (SXG), a web platform specification to deterministically verify the cached version of a website and enable third parties such as search engines and news aggregators to serve it much faster than the origin ever could.
Giving Internet users fast load times, even on slow connections in remote parts of the globe, is to help build a better Internet (our mission!) and we couldn’t be more excited about the potential of SXG.
Signed Exchanges drive quite impressive benefits in terms of performance improvements. Google’s experiments have shown an average 300ms to 400ms reduction in Largest Contentful Paint (LCP) from SXG-enabled prefetches. And speeding up your website usually results in a significant bounce rate reduction and improved SEO.
And if setting up and maintaining SXGs through the open source toolkit is a complex yet very valuable endeavor, with Cloudflare’s Automatic Signed Exchanges it becomes a no-brainer. Just enable it with one click and see for yourself.
Our own measurements
Now that Signed Exchanges have been available on Chromium for Android for several months we dove into the change in performance Continue reading
Tier 1 Carriers Performance Report: June, 2022
The post Tier 1 Carriers Performance Report: June, 2022 appeared first on Noction.
What is eBPF? How is it used?
This will be a Series of Posts on eBPF extensively covering XDP and its usage.
New technology, implemented in Linux, extends kernel functionalities without having to modify the kernel, Safe to execute with a verification engine, JIT compiler and LLVM (Virtual Environment) basically a safe and secure tiny VM.
Medium – https://raaki-88.medium.com/what-is-ebpf-how-is-it-used-f897e8fb0934
Some Background
As my career is mainly in Network Engineering, when some talks about Network performance my initial thoughts jump to increase network throughput, Port-Density, High speed and secure interconnect, I recently came across Systems Performance by Brendan Gregg. I have to say I have never ever imagined that the role is sought out, I went through the book (https://www.amazon.co.uk/Systems-Performance-Enterprise-Brendan-Gregg/dp/0133390098) and I was indeed mind blown by the granularity that one can look into an individual system.
I definitely would recommend anyone in Networking/Cloud/Systems Engineering to go through this book if you haven’t t already, it exposes a whole new level of Linux Kernel and E-BPF and Performance methodologies (Chapter 2) which I instantly fell in love with.
What Inspired me?
When I first saw the book I was under the initial impression that this was meant for Linux system Continue reading
How Conversation-Driven Collaborative Triaging Optimizes IT Event Resolution
AIOps can be augmented with something called conversation-driven collaborative triaging — a digitally supported process for quickly connecting the right enterprise experts to resolve issues.What is Liposomal Curcumin (and How Can It Help You Live a Better Life?)
Liposomal curcumin is a powerful anti-inflammatory that has been shown to be effective in a wide range of inflammatory diseases. It is also a potent antioxidant and has been shown to protect cells from damage caused by oxidative stress.
Liposomal curcumin is thought to be more effective than regular curcumin because it is better absorbed by the body. One study showed that liposomal curcumin was absorbed into the bloodstream four times better than regular curcumin.
Liposomal curcumin has been shown to be effective in treating inflammatory diseases such as arthritis, Crohn’s disease, and ulcerative colitis. It is also thought to be helpful in managing symptoms of Alzheimer’s disease and other forms of dementia.
How does it work?
Liposomal curcumin works by inhibiting the production of inflammatory molecules called cytokines. It is also a powerful antioxidant and protects cells from damage caused by oxidative stress.
Benefits of Liposomal Curcumin
There are many potential benefits of liposomal curcumin. Some of the most well-studied benefits include:
Reduced inflammation
Liposomal curcumin has been shown to reduce inflammation in a wide range of inflammatory diseases, including arthritis, Crohn’s disease, and ulcerative colitis. It is thought to work by inhibiting the production of inflammatory molecules called Continue reading
Announcing support for WASI on Cloudflare Workers
Today, we are announcing experimental support for WASI (the WebAssembly System Interface) on Cloudflare Workers and support within wrangler2 to make it a joy to work with. We continue to be incredibly excited about the entire WebAssembly ecosystem and are eager to adopt the standards as they are developed.
A Quick Primer on WebAssembly
So what is WASI anyway? To understand WASI, and why we’re excited about it, it’s worth a quick recap of WebAssembly, and the ecosystem around it.
WebAssembly promised us a future in which code written in compiled languages could be compiled to a common binary format and run in a secure sandbox, at near native speeds. While WebAssembly was designed with the browser in mind, the model rapidly extended to server-side platforms such as Cloudflare Workers (which has supported WebAssembly since 2017).
WebAssembly was originally designed to run alongside Javascript, and requires developers to interface directly with Javascript in order to access the world outside the sandbox. To put it another way, WebAssembly does not provide any standard interface for I/O tasks such as interacting with files, accessing the network, or reading the system clock. This means if you want to respond to an event from Continue reading
New WAF intelligence feeds
Cloudflare is expanding our WAF’s threat intelligence capabilities by adding four new managed IP lists that can be used as part of any custom firewall rule.
Managed lists are created and maintained by Cloudflare and are built based on threat intelligence feeds collected by analyzing patterns and trends observed across the Internet. Enterprise customers can already use the Open SOCKS Proxy list (launched in March 2021) and today we are adding four new IP lists: “VPNs”, “Botnets, Command and Control Servers”, “Malware” and “Anonymizers”.
Customers can reference these lists when creating a custom firewall rule or in Advanced Rate Limiting. For example, you can choose to block all traffic generated by IPs we categorize as VPNs, or rate limit traffic generated by all Anonymizers. You can simply incorporate managed IP lists in the powerful firewall rule builder. Of course, you can also use your own custom IP list.
Where do these feeds come from?
These lists are based on Cloudflare-generated threat feeds which Continue reading