Archive

Category Archives for "Networking"

Full Stack Journey 066: Five IT Skills To Learn In 2022

Drew Conry-Murray and Du’An Lightfoot discuss essential skills for IT professionals in 2022. They include learning to code, learning Linux, and sharing your journey. This topic was inspired by a Tweet thread Du'An recently posted. We also talk about the role of content creation such as blogging and videos to enhance your own learning and advance your career. Du'An is a Sr. Cloud Networking Developer Advocate at AWS Cloud. You may know Du’An from his work as the creator behind LabEveryday, where he posts blogs and videos on technical topics and professional development. You can follow him on Twitter at @labeveryday.

Integrating Network Analytics Logs with your SIEM dashboard

Integrating Network Analytics Logs with your SIEM dashboard
Integrating Network Analytics Logs with your SIEM dashboard

We’re excited to announce the availability of Network Analytics Logs. Magic Transit, Magic Firewall, Magic WAN, and Spectrum customers on the Enterprise plan can feed packet samples directly into storage services, network monitoring tools such as Kentik, or their Security Information Event Management (SIEM) systems such as Splunk to gain near real-time visibility into network traffic and DDoS attacks.

What’s included in the logs

By creating a Network Analytics Logs job, Cloudflare will continuously push logs of packet samples directly to the HTTP endpoint of your choice, including Websockets. The logs arrive in JSON format which makes them easy to parse, transform, and aggregate. The logs include packet samples of traffic dropped and passed by the following systems:

  1. Network-layer DDoS Protection Ruleset
  2. Advanced TCP Protection
  3. Magic Firewall

Note that not all mitigation systems are applicable to all Cloudflare services. Below is a table describing which mitigation service is applicable to which Cloudflare service:


Mitigation System
Cloudflare Service
Magic Transit Magic WAN Spectrum
Network-layer DDoS Protection Ruleset
Advanced TCP Protection
Magic Firewall Continue reading

Debugging Hardware Performance on Gen X Servers

Debugging Hardware Performance on Gen X Servers
Debugging Hardware Performance on Gen X Servers

In Cloudflare’s global network, every server runs the whole software stack. Therefore, it's critical that every server performs to its maximum potential capacity. In order to provide us better flexibility from a supply chain perspective, we buy server hardware from multiple vendors with the exact same configuration. However, after the deployment of our Gen X AMD EPYC Zen 2 (Rome) servers, we noticed that servers from one vendor (which we’ll call SKU-B) were consistently performing 5-10% worse than servers from second vendor (which we'll call SKU-A).

The graph below shows the performance discrepancy between the two SKUs in terms of percentage difference. The performance is gauged on the metric of requests per second, and this data is an average of observations captured over 24 hours.

Debugging Hardware Performance on Gen X Servers
Machines before implementing performance improvements. The average RPS for SKU-B is approximately 10% below SKU-A.

Compute performance via DGEMM

The initial debugging efforts centered around the compute performance. We ran AMD’s DGEMM high performance computing tool to determine if CPU performance was the cause. DGEMM is designed to measure the sustained floating-point computation rate of a single server. Specifically, the code measures the floating point rate of execution of a real matrix–matrix multiplication with double Continue reading

Announcing our Spring Developer Challenge

Announcing our Spring Developer Challenge
Announcing our Spring Developer Challenge

After many announcements from Platform Week, we’re thrilled to make one more: our Spring Developer Challenge!

The theme for this challenge is building real-time, collaborative applications — one of the most exciting use-cases emerging in the Cloudflare ecosystem. This is an opportunity for developers to merge their ideas with our newly released features, earn recognition on our blog, and take home our best swag yet.

Here’s a list of our tools that will get you started:

  • Workers can either be powerful middleware connecting your app to different APIs and an origin — or it can be the entire application itself. We recommend using Worktop, a popular framework for Workers, if you need TypeScript support, routing, and well-organized submodules. Worktop can also complement your existing app even if it already uses a framework,  such as Svelte.
  • Cloudflare Pages makes it incredibly easy to deploy sites, which you can make into truly dynamic apps by putting a Worker in front or using the Pages Functions (beta).
  • Durable Objects are great for collaborative apps because you can use websockets while coordinating state at the edge, seen in this chat demo. To help scale any load, we also recommend Durable Object Groups.
  • Workers Continue reading

Using Python to Calculate Cisco SD-WAN Tunnel Numbers – Part 2

In the first post I shared with you my code to calculate tunnel numbers in Cisco SD-WAN. I’m a beginner in Python so I thought it would be a great learning experience to have someone experienced in Python, such as Rodrigo, take a look at the code and come up with improvements. As I like to share knowledge, I’m taking this journey with you all. Let’s get started!

You may recall that I had a function to calculate the tunnel number. It looked like this:

def calculate_tunnel_number(interface_name:str) -> int:
    <SNIP>
    return total_score

Rodrigo’s comment was that the function name is excellent as it is clear what the function does. However, my return statement returns total_score which is not clear what it does. It would be better to return tunnel_number which is what the function is calculating.

The next comment is that when splitting things and it is known how many pieces you have, it is better to unpack them, that is, assign the unwanted piece to a throwaway variable rather than using indexing. My code looked something like this:

interface_number = split_interface(interface_name)[1]

It would be better to do something like this:

_, interface_number = split_interface(interface_name)[1]

The first variable, a Continue reading

Extracting substrings on Linux

There are many ways to extract substrings from lines of text using Linux and doing so can be extremely useful when preparing scripts that may be used to process large amounts of data. This post describes ways you can take advantage of the commands that make extracting substrings easy.Using bash parameter expansion When using bash parameter expansion, you can specify the starting and ending positions for the text that you want to extract. For example, you can create a variable by assigning it a value and then use syntax like that shown below to select a portion of it.To read this article in full, please click here

Extracting substrings on Linux

There are many ways to extract substrings from lines of text using Linux and doing so can be extremely useful when preparing scripts that may be used to process large amounts of data. This post describes ways you can take advantage of the commands that make extracting substrings easy.Using bash parameter expansion When using bash parameter expansion, you can specify the starting and ending positions for the text that you want to extract. For example, you can create a variable by assigning it a value and then use syntax like that shown below to select a portion of it.To read this article in full, please click here

Tech Bytes: Cloudflare Simplifies Wide Area Networks With Magic WAN (Sponsored)

Today on the Tech Bytes podcast we’re talking WAN architectures and how to simplify and secure them with sponsor Cloudflare. Cloudflare's Magic WAN is a network-as-a-service offering. Customers can connect data centers, branches, and users to Cloudflare's private network; add security services; and integrate with third-party SD-WANs.

The post Tech Bytes: Cloudflare Simplifies Wide Area Networks With Magic WAN (Sponsored) appeared first on Packet Pushers.

MikroTik – ROSv7 – VPLS over IPv6 MPLS with LDPv6


The great migration

IPv6 adoption has really picked up in the last 12 months and MikroTik RouterOSv7 development is no exception. Dual stack networks are still the most common and easiest to initially deploy for carriers.

However, single stack networks with IPv4 as a service overlay are definitely on the horizon for MikroTik users now that MPLS can operate purely on IPv6.

Single stack networks are easier and cheaper to operate in the long run and are a natural evolution of dual stack networks as we begin to turn IPv4 off for underlay infrastructure.

LDPv6

There are a few different ways to distribute labels in IPv6 MPLS. SR-MPLS (less common and usually with IS-IS) and SRv6 are the other options besides LDPv6.

While I generally am in favor of SR-MPLS/SRv6 long term due to the protocol simplification and traffic management capabilities, having an IPv6 MPLS stack is a great starting point for MikroTik.

LDPv6 is defined by RFC 7552 and is fairly recent as it finalized in 2015. It generally operates in much the same way as LDPv4.


Use Cases

The most common use case among MikroTik users is more efficient subnetting of IPv4 and directly replaces LDPv4 for this Continue reading