Archive

Category Archives for "Networking"

Cloudflare’s approach to handling BMC vulnerabilities

Cloudflare’s approach to handling BMC vulnerabilities
Cloudflare’s approach to handling BMC vulnerabilities

In recent years, management interfaces on servers like a Baseboard Management Controller (BMC) have been the target of cyber attacks including ransomware, implants, and disruptive operations. Common BMC vulnerabilities like Pantsdown and USBAnywhere, combined with infrequent firmware updates, have left servers vulnerable.

We were recently informed from a trusted vendor of new, critical vulnerabilities in popular BMC software that we use in our fleet. Below is a summary of what was discovered, how we mitigated the impact, and how we look to prevent these types of vulnerabilities from having an impact on Cloudflare and our customers.

Background

A baseboard management controller is a small, specialized processor used for remote monitoring and management of a host system. This processor has multiple connections to the host system, giving it the ability to monitor hardware, update BIOS firmware, power cycle the host, and many more things.

Cloudflare’s approach to handling BMC vulnerabilities

Access to the BMC can be local or, in some cases, remote. With remote vectors open, there is potential for malware to be installed on the BMC from the local host via PCI Express or the Low Pin Count (LPC) interface. With compromised software on the BMC, malware or spyware could maintain persistence on the server.

Cloudflare’s approach to handling BMC vulnerabilities

Continue reading

How we treat content as a product

How we treat content as a product
How we treat content as a product

At Cloudflare, we talk a lot about how to help build a better Internet. On the Product Content Experience (PCX) team, we treat content like a product that represents and fulfills this mission. Our vision is to create world-class content that anticipates user needs and helps build accessible Cloudflare products. We believe we can impact the Cloudflare product experience and make it as wonderful as possible by intentionally designing, packaging, and testing the content.

What is “content like a product”?

I like taking on projects. A singular goal is met, and I clearly know I’m successful because the meaning of “done” is normally very clear. For example, I volunteer some of my time editing academic papers about technology. My role as an editor is temporary and there is a defined beginning and end to the work. I send my feedback and my task is largely complete.

“Content like a product” is when you shift your mindset from completing projects to maintaining a product, taking into consideration the user and their feedback. Product content at Cloudflare is an iterative, living, breathing thing. Inspired by the success of teams that adopt an agile mindset, along with some strategic functions you might find Continue reading

Kubernetes Unpacked 001: Prerequisites For Kubernetes Success

Welcome to the inaugural episode of Kubernetes Unpacked, a new podcast in the Packet Pushers Community Channel. The goal of this podcast is to help IT professionals understand Kubernetes: how it works; how and why it's used; how to deploy, operate, and manage the platform on premises and in the cloud; Kubernetes networking and security concepts; and more.

The post Kubernetes Unpacked 001: Prerequisites For Kubernetes Success appeared first on Packet Pushers.

Look to Google to solve looming data-center speed challenges

When you think of data-center networking, you almost certainly think of Ethernet switches. These gadgets have been the foundation of the data-center network for decades, and there are still more Ethernet switches sold into data-center applications than any other technology.  Network planners, though, are starting to see changes in applications, and those changes are suggesting that it’s time to think a bit harder about data center network options. Your data center is changing, and so should its network.To read this article in full, please click here

Vultr offers affordable access to Nvidia GPUs

Cloud services provider Vultr has launched what it claims is the first GPU virtualization platform for smaller and midsize companies that don’t need the much more powerful and much more expensive options offered by the big cloud players.When Nvidia introduced its Ampere A100 processor in 2020, it emphasized that it was the first graphics processor to support Multi-Instance GPU, or MIG. This allows for partitioning the GPU into seven virtual GPUs, in much the same way a hypervisor partitions CPU cores.Now Vultr says it’s the first cloud provider to offer fractional A100 GPU instances to customers through its Vultr Talon platform. The company notes there’s no one size fits all when it comes to customer workloads. Other cloud services providers that offer GPU instances make the full GPU available for a hefty price. Talon is a much smaller instance with a much lower price for customers who just need a snack, not a seven-course meal.To read this article in full, please click here

Look to Google to solve looming data-center speed challenges

When you think of data-center networking, you almost certainly think of Ethernet switches. These gadgets have been the foundation of the data-center network for decades, and there are still more Ethernet switches sold into data-center applications than any other technology.  Network planners, though, are starting to see changes in applications, and those changes are suggesting that it’s time to think a bit harder about data center network options. Your data center is changing, and so should its network.To read this article in full, please click here

Worth Reading: Resolverless DNS

Every network engineer should be familiar with the DNS basics – after all, all network failures are caused by DNS… unless it’s BGP.

The May 2022 ISP Column by Geoff Huston is an excellent place to brush up on your DNS basics and learn about new ideas, including a clever one to push DNS entries that will be needed in the future to a web client through a DNS-over-HTTPS session.

Worth Reading: Resolverless DNS

Every network engineer should be familiar with the DNS basics – after all, all network failures are caused by DNS… unless it’s BGP.

The May 2022 ISP Column by Geoff Huston is an excellent place to brush up on your DNS basics and learn about new ideas, including a clever one to push DNS entries that will be needed in the future to a web client through a DNS-over-HTTPS session.

Concatenating strings and using += in bash

It's quite easy to get bash to concatenate strings and do simple math on Linux, but there are a number of options for you to use. This post focusses on concatenating strings, but also shows how one of the operators (+=) also plays a primary role in incrementing numbers.Concatenating strings In general, the only time that you'd want to concatenate strings on Linux is when one string is already defined and you want to add more to it. For example, if you have a script that greets the person running it, you might set up a string in the script to prepare the greeting and then add the person's username or name before displaying it. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

Concatenating strings and using += in bash

It's quite easy to get bash to concatenate strings and do simple math on Linux, but there are a number of options for you to use. This post focusses on concatenating strings, but also shows how one of the operators (+=) also plays a primary role in incrementing numbers.Concatenating strings In general, the only time that you'd want to concatenate strings on Linux is when one string is already defined and you want to add more to it. For example, if you have a script that greets the person running it, you might set up a string in the script to prepare the greeting and then add the person's username or name before displaying it. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

Broadcom targets enterprise infrastructure with $61B VMware acquisition

Semiconductor manufacturer and infrastructure software giant Broadcom will acquire virtualization and enterprise cloud vendor VMware in a deal worth roughly $61 billion in stock and cash, the companies announced on Thursday. Broadcom will also assume $8 billion of VMware net debt as part of the deal.The deal, which is still subject to customary regulatory approval and closing conditions, will see the existing Broadcom Software Group fully rebranded as VMware.The deal is the latest in Broadcom's years-long pattern of high-profile acquisitions. The company acquired network switching vendor Brocade in 2016 for almost $6 billion, development and security software firm CA Technologies in 2018 for $19 billion, and security firm Symantec's enterprise security business in 2019 for over $10 billion.To read this article in full, please click here

Broadcom targets enterprise infrastructure with $61B VMware acquisition

Semiconductor manufacturer and infrastructure software giant Broadcom will acquire virtualization and enterprise cloud vendor VMware in a deal worth roughly $61 billion in stock and cash, the companies announced on Thursday. Broadcom will also assume $8 billion of VMware net debt as part of the deal.The deal, which is still subject to customary regulatory approval and closing conditions, will see the existing Broadcom Software Group fully rebranded as VMware.The deal is the latest in Broadcom's years-long pattern of high-profile acquisitions. The company acquired network switching vendor Brocade in 2016 for almost $6 billion, development and security software firm CA Technologies in 2018 for $19 billion, and security firm Symantec's enterprise security business in 2019 for over $10 billion.To read this article in full, please click here

Cisco: Enterprises grapple with hybrid-cloud security, operational complexity

Hybrid cloud and multicloud have become the norm as enterprises look to improve business agility and scalability, but adoption is not without challenges.A new study from Cisco and 451 Research sought to gauge how enterprises are doing with their cloud environments and examine the benefits and challenges of using cloud-based services. 451 Research interviewed 2,500 cloud, DevOps, and networking professionals for the Cisco-sponsored survey. Read more: Hybrid cloud success: 5 things to forget about, 4 things to rememberTo read this article in full, please click here

Why Core or Backbone is used in Networking?

Why Core or Backbone is used in Networking?. Before we start explaining this question, let’s note that these two terms are used interchangeably. Usually, Service Providers use Backbone, and Enterprise Networks use Core terminology but they are the same thing.

Why Network Core is Necessary?

The Key Characteristics of the Core, the Backbone part of the networks are:

  • High-Speed Connectivity. Today it is 100s of Gigabit networks and is usually used as a bundle to increase the capacity.
  • Bringing Internet Gateway, Access, Aggregation, and Datacenter networks together. It connects many different parts of the network, and glues together.
  • Redundancy and High Availability are so important. Redundant physical circuits and devices are very common.
  • Failure impact is so high in this module, compared to other modules
  • Full Mesh or Partial Mesh deployment is seen mostly as these type of topologies provides the most amount of redundancy and the direct path between the different locations.
  • Commonly known in the Operator community as Backbone or ‘P Layer

Redundancy in this module is very important.

Most of the Core Network deployments in ISP networks are based on Full Mesh or Partial Mesh.

The reason for having full mesh physical connectivity in the Core network Continue reading