Archive

Category Archives for "Networking"

Managed Transforms: templated HTTP header modifications

Managed Transforms: templated HTTP header modifications
Managed Transforms: templated HTTP header modifications

Managed Transforms is the next step on a journey to make HTTP header modification a trivial task for our customers. In early 2021 the only way for Cloudflare customers to modify HTTP headers was by writing a Cloudflare Worker. We heard from numerous customers who wanted a simpler way.

In June 2021 we introduced Transform Rules, giving customers a simple UI letting them specify what the custom HTTP header’s name and value is—either a static string (i.e. X-My-CDN: Cloudflare) or a dynamically populated value (i.e. X-Bot-Score: cf.bot_management.score).

This made the job much simpler, however there is still a good amount of thought required—with a number of potential drop-off points on the user journey. For example, in order to dynamically populate the bot score into the value of an HTTP request header, the user needs to know the correct field name. To find that they'll need to go to the documentation site, find the correct section, etc.

When we analyzed how our customers use Transform Rules we found a set of very common use cases in the data. Four of the top eight fields used were relating to bot management; customers wanting to have the Continue reading

NaaS: Is it right for you, and how do you pick a vendor?

Enterprises have become comfortable switching from the purchase-and-refresh cycle for servers, storage and applications to a cloud-based as-a-service approach. So, why not take the same tack when it comes to the network?That’s the concept behind Network-as-a-Service (NaaS), which promises predictable costs, increased agility, better performance, cloud-style scalability, timely integration of new technologies, service-provider-level security, and a high degree of automation. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

Hedge 136: The IPv6 ULA Mess

IPv6’s designers built the concept of Unique Local Addresses, or ULAs, into the addressing architecture to make network address translation unnecessary for IPv6 deployments. As with many other plans of mice and men, however, the unintended consequences of what is a good idea tend to get in the way. Nick Buraglio joing Eyvonne Sharp, Tom Ammon, and Russ White to discuss the many problems of IPv6 ULA, why it isn’t practical in most network deployments, and the larger question of how standards bodies sometimes fail to consider the unintended consequences of a good idea.

download

Day Two Cloud 153: IaC With GPPL Or DSL? IDK

On Day Two Cloud we’ve had a lot of conversations about using infrastructure as code. We’ve looked at solutions like Ansible, Terraform, the AWS CDK, and Pulumi. Which begs the question, which IaC solution should you learn? A Domain Specific Language (DSL)? A General Purpose Programming Language (GPPL)? Something else? We discuss.

Internet Explorer, we hardly knew ye

Internet Explorer, we hardly knew ye
Internet Explorer, we hardly knew ye

On May 19, 2021, a Microsoft blog post announced that “The future of Internet Explorer on Windows 10 is in Microsoft Edge” and that “the Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10.” According to an associated FAQ page, those “certain versions” include Windows 10 client SKUs and Windows 10 IoT. According to data from Statcounter, Windows 10 currently accounts for over 70% of desktop Windows market share on a global basis, so this “retirement” impacts a significant number of Windows systems around the world.

As the retirement date for Internet Explorer 11 has recently passed, we wanted to explore several related usage trends:

  • Is there a visible indication that use is declining in preparation for its retirement?
  • Where is Internet Explorer 11 still in the heaviest use?
  • How does the use of Internet Explorer 11 compare to previous versions?
  • How much Internet Explorer traffic is “likely human” vs. “likely automated”?
  • How do Internet Explorer usage patterns compare with those of Microsoft Edge, its replacement?

The long goodbye

Publicly released in January 2020, and automatically rolled out to Windows users starting Continue reading

Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module

Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module
Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module

Linux Security Modules (LSM) is a hook-based framework for implementing security policies and Mandatory Access Control in the Linux kernel. Until recently users looking to implement a security policy had just two options. Configure an existing LSM module such as AppArmor or SELinux, or write a custom kernel module.

Linux 5.7 introduced a third way: LSM extended Berkeley Packet Filters (eBPF) (LSM BPF for short). LSM BPF allows developers to write granular policies without configuration or loading a kernel module. LSM BPF programs are verified on load, and then executed when an LSM hook is reached in a call path.

Let’s solve a real-world problem

Modern operating systems provide facilities allowing "partitioning" of kernel resources. For example FreeBSD has "jails", Solaris has "zones". Linux is different - it provides a set of seemingly independent facilities each allowing isolation of a specific resource. These are called "namespaces" and have been growing in the kernel for years. They are the base of popular tools like Docker, lxc or firejail. Many of the namespaces are uncontroversial, like the UTS namespace which allows the host system to hide its hostname and time. Others are complex but straightforward - NET and NS (mount) namespaces Continue reading

Tigera has been awarded Microsoft’s 2022 Partner of the Year award for OSS on Azure

We are proud to announce that we have won the 2022 Microsoft OSS on Azure Partner of the Year award! The Microsoft Partner of the Year Awards recognize Microsoft partners that have developed and delivered outstanding Microsoft-based applications, services, and devices during the past year. Awards were classified in various categories, with honorees chosen from a set of more than 3,900 submitted nominations from more than 100 countries worldwide. Tigera was recognized for providing outstanding solutions and services for open source on Azure.

Since June 2021, Tigera and Microsoft Azure together provide users with active build, deploy, and runtime security with full-stack observability for securing, monitoring, and troubleshooting containers on Azure and AKS. Tigera works closely with Microsoft to offer networking, security, and observability for containerized workloads running in Microsoft Azure.

We are very proud to be recognized as Microsoft’s Partner of the Year for OSS on Azure as it re-affirms the reach and pervasiveness of Tigera’s Calico Open Source solution for container networking and security on Azure and AKS. As enterprises standardize across Microsoft Azure, customers require a resource-efficient and scalable networking and security solution that protects the workloads in a hybrid environment extending from the cloud (Azure and Continue reading

IDC: Enterprises still moving workloads back from the cloud

An overwhelming majority of enterprises continue to move workloads from the cloud back to on-premises data centers, although it is a smaller percentage than before, according to IDG research.A survey found that 71% of respondents expect to move all or some of their workloads currently running in public clouds back to private IT environments over the next two years. Only 13% expect to run all their workloads in the cloud, according to the survey sponsored by Supermicro.In the past, those expecting to move workloads back from the cloud was as high as 85%, according to Natalya Yezhkova, research vice president in IDC’s enterprise infrastructure practice.To read this article in full, please click here

HPE adds to GreenLake on-prem cloud features

HPE has upgraded its GreenLake on-premises cloud platform to include new compute offerings, services for data fabric, and disaster recovery as well as products targeting verticals including payment processing and digital engagement.GreenLake for Private Cloud Enterprise, which can incorporate private-cloud applications into the GreenLake framework, is the biggest announcement about the platform that the company made at its ongoing Discover conference in Las Vegas. That offering opens new options for organizations that are subject to heavy regulation or those with operational concerns about putting their data in the public cloud.To read this article in full, please click here

Open-sourced tool speeds up Linux scripts via parallelization

MIT has open-sourced pa.sh (also called pash), a tool that can dramatically speed up Linux scripts by using parallelization, saving time and without risk of introducing errors.The process of parallelization first examines a script for code that can be run separately and independently, so not all scripts can benefit from the tool. But when pa.sh does find portions that can run independently, it runs them in parallel on separate CPUs. It also uses other techniques to get the code to run faster.Below is a demonstration I ran on my home Fedora box, first running a script on its own and then again using pa.sh. Note that this script was provided with the pa.sh tool and lends itself to parallelization. It’s not nearly as demanding as scripts that might process gigabytes of data in a scientific or artificial-intelligence lab, so the results are not dramatic.To read this article in full, please click here

Open-sourced tool speeds up Linux scripts via parallelization

MIT has open-sourced pa.sh (also called pash), a tool that can dramatically speed up Linux scripts by using parallelization, saving time and without risk of introducing errors.The process of parallelization first examines a script for code that can be run separately and independently, so not all scripts can benefit from the tool. But when pa.sh does find portions that can run independently, it runs them in parallel on separate CPUs. It also uses other techniques to get the code to run faster.Below is a demonstration I ran on my home Fedora box, first running a script on its own and then again using pa.sh. Note that this script was provided with the pa.sh tool and lends itself to parallelization. It’s not nearly as demanding as scripts that might process gigabytes of data in a scientific or artificial-intelligence lab, so the results are not dramatic.To read this article in full, please click here

VMware brings on-prem cloud connectivity to vSphere, vSAN

VMware is upgrading vSphere virtualization and vSAN hyperconverged software packages to better manage and efficiently meld on-prem applications with cloud-based resources.The company introduced two subscription-based offerings: vSphere+ and vSAN+ that integrate cloud connectivity into both, enabling cloud services for workloads running on vSphere, but specifically targeting on-premise apps. The packages will include all necessary components such as VMware vCenter instances, VMware ESXi hosts, Tanzu Standard Runtime, and Tanzu Mission Control Essentials and support. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here