Identifying content gaps in our documentation
If you’ve tuned into this blog for long enough, you’ll notice that we’re pretty big on using and stress-testing our own products (“dogfooding”) at Cloudflare.
That applies to our security team, product teams, and – as my colleague Kristian just blogged about – even our documentation team. We’re incredibly excited to be on the Pages platform, both because of the performance and workflow improvements and the opportunity to help the platform develop.
What you probably haven’t heard about is how our docs team uses dogfooding – and data – to improve our documentation.
Dogfooding for docs
As a technical writer, it’s pretty common to do the thing you’re documenting. After all, it’s really hard to write step-by-step instructions if you haven’t been through those steps. It’s also a great opportunity to provide feedback to our product teams.
What’s not as common for a writer, however, is actually using the thing you’re documenting. And it’s totally understandable why. You’re already accountable to your deadlines and product managers, so you might not have the time. You might not have the technical background. And then there’s the whole problem of a real-world use case. If you’re really dedicated, you can set Continue reading
Repost: Buffers, Congestion, Jitter, and Shapers
Béla Várkonyi left a great comment on a blog post discussing (among other things) whether we need large buffers on spine switches. I don’t know how many people read the comments; this one is too valuable to be lost somewhere below the fold
You might want to add another consideration. If you have a lot of traffic aggregation even when the ingress and egress port are roughly at the same speed or when the egress port has more capacity, you could still have congestion. Then you have two strategies, buffer and suffer jitter and delay, or drop and hope that the upper layers will detect it and reduce the sending by shaping.
Repost: Buffers, Congestion, Jitter, and Shapers
Béla Várkonyi left a great comment on a blog post discussing (among other things) whether we need large buffers on spine switches. I don’t know how many people read the comments; this one is too valuable to be lost somewhere below the fold
You might want to add another consideration. If you have a lot of traffic aggregation even when the ingress and egress port are roughly at the same speed or when the egress port has more capacity, you could still have congestion. Then you have two strategies, buffer and suffer jitter and delay, or drop and hope that the upper layers will detect it and reduce the sending by shaping.
Automation 14. Deep dive into Building CI/CD for Network Automation and Software Development with GitHub Actions
Hello my friend,
We planned to write this blogpost for a few weeks if not months, but due to various reasons it was delayed. We are delighted to finally post it, so that you can get some useful ideas how you can build your own CI/CD pipeline with GitHub, probably the most popular platform for collaborative software development.
2
3
4
5
retrieval system, or transmitted in any form or by any
means, electronic, mechanical or photocopying, recording,
or otherwise, for commercial purposes without the
prior permission of the author.
Regards
A lot of lessons about building the CI/CD pipelines and importance of unit testing and linting checks I learned from a colleague of mine, Leigh Anderson, whom I’m very grateful for that.
CI/CD Overview
CI/CD is an approach, which is very often used in software development, and discussed outside of that area. It stands for:
- CI (Continuous Integration) is a process, where the created software (for sake of simplicity, any piece of code) is getting ready to be deployed.
- CD (Continuous Deployment) is a process, where the software, which is ready for deployment, is actually deployed Continue reading
Optics Are More Important Than Your Switches At 400G
This post originally appeared on the Packet Pushers’ Ignition site on January 9, 2020. This slide from the Cisco Live BRKOPT-2006 presentation on “Preparing for 400 GbE” jumped out at me. I recommend you download the whole presentation and keep it for future reference. It’s an excellent resource with lots of useful information. Optics […]
The post Optics Are More Important Than Your Switches At 400G appeared first on Packet Pushers.
Worth Reading: Smart Highways or Smart Cars?
I stumbled upon an interesting article in one of my RSS feeds: should be build smart highways or smart cars?
The article eloquently explains how ridiculous and expensive it would be to put the smarts in the infrastructure, and why most everyone is focused on building smart cars. The same concepts should be applied to networking, but of course the networking vendors furiously disagree – the network should be as complex, irreplaceable, and expensive as possible. I collected a few examples seven years ago, and nothing changed in the meantime.
Worth Reading: Smart Highways or Smart Cars?
I stumbled upon an interesting article in one of my RSS feeds: should we build smart highways or smart cars?
The article eloquently explains how ridiculous and expensive it would be to put the smarts in the infrastructure, and why most everyone is focused on building smart cars. The same concepts should be applied to networking, but of course the networking vendors furiously disagree – the network should be as complex, irreplaceable, and expensive as possible. I collected a few examples seven years ago, and nothing changed in the meantime.
Six Coaching Principles That Took Me Years to Learn
This post is overdue. Perhaps by a few years. Finally, earlier this week, I saw a few posts on Reddit that made me thumb through stacks of papers to find my initial draft. What comes here, at its finest, is merely personal experience. I would call the lesson “established rules” if I had enough scientific […]
The post Six Coaching Principles That Took Me Years to Learn appeared first on Packet Pushers.
Heavy Networking 636: Mindfulness And IT Leadership
Today on Heavy Networking we’re talking about mindfulness in the workplace. Mindfulness, which is about being aware of your senses and feelings in the moment, could be a useful tool to help you navigate the high-stress, high-stakes IT profession. Our guest is Jennifer “JJ” Minella. She’s an IT practitioner, network architect, author, and the founder and principal advisor of Viszen Security.
The post Heavy Networking 636: Mindfulness And IT Leadership appeared first on Packet Pushers.
Heavy Networking 636: Mindfulness And IT Leadership
Today on Heavy Networking we’re talking about mindfulness in the workplace. Mindfulness, which is about being aware of your senses and feelings in the moment, could be a useful tool to help you navigate the high-stress, high-stakes IT profession. Our guest is Jennifer “JJ” Minella. She’s an IT practitioner, network architect, author, and the founder and principal advisor of Viszen Security.The Silver Lining of Cisco Live
Cisco Live 2022 Attendees by the big sign
Cisco Live was last week and it was an event full of both relief and worry. Having not seen any of my friends and colleagues during the Geek Summer Camp for since 2019 I was excitedly anticipating how things would go this year. While I was thrilled to see everyone in real life again there were also challenges that presented themselves by the end of the event that we need to discuss as well.
I could spend volumes detailing every little thing that went on but no one really wants to read that kind of discussion. I’ll just summarize some the stuff that I liked, some of it that I didn’t, and some bigger things that everyone needs to think about.
What Worked for Me
I was happy to once more be a part of the CCIE Advisory Council. We have been meeting via Webex for the entire pandemic but there’s just something about being in a room together that fosters conversation and sharing. The ideas that we discussed are going to have a positive impact on the program as we look at what the future of certifications will be. There’s a Continue reading
Put In The Work
Would you like to stand out from your peers? Would you like to impress the people you work for, or perhaps the people you’d like to work for? Put in the work. Putting in the work to achieve a goal is a form of self-sacrifice. To get the thing you want, you need to give up something else.
The post Put In The Work appeared first on Packet Pushers.
Cloudflare One vs Zscaler Zero Trust Exchange: who is most feature complete? It’s not who you might expect
Zscaler has been building out its security offerings for 15 years. Cloudflare is 13 years old, and we have been delivering Zero Trust for the last four. This sounds like we are a late starter — but in this post, we’re going to show that on total Zero Trust, SSE, SASE and beyond, Cloudflare One functionality surpasses that of Zscaler Zero Trust Exchange.
| Functional Criteria Group | Cloudflare | Zscaler |
|---|---|---|
| Internet-native network platform | 100% (5 of 5) | 20% (1 of 5) |
| Cloud-native service platform | 100% (4 of 4) | 25% (1 of 4) |
| Services to adopt SASE | 83% (5 of 6) | 66% (4 of 6) |
| Services to extend ZT, SSE, SASE and beyond | 66% (8 of 12) | 58% (7 of 12) |
| Network on-ramps | 90% (9 of 10) | 50% (5 of 10) |
This may come as a surprise to many folks. When we’ve shared this with customers, the question we’ve often received is: How? How has Cloudflare been able to build out a competitive offering so quickly?
Having built out Continue reading
Why OT:ICEFALL is a Big Concern for Industry 4.0 Networks
OT:ICEFALL bugs in SCADA and PLC systems remind us about the dangers of OT/IT convergence and weak network security. Here's what to know and what to do.How Cloudflare Security does Zero Trust
Throughout Cloudflare One week, we provided playbooks on how to replace your legacy appliances with Zero Trust services. Using our own products is part of our team’s culture, and we want to share our experiences when we implemented Zero Trust.
Our journey was similar to many of our customers. Not only did we want better security solutions, but the tools we were using made our work more difficult than it needed to be. This started with just a search for an alternative to remotely connecting on a clunky VPN, but soon we were deploying Zero Trust solutions to protect our employees’ web browsing and email. Next, we are looking forward to upgrading our SaaS security with our new CASB product.
We know that getting started with Zero Trust can seem daunting, so we hope that you can learn from our own journey and see how it benefited us.
Replacing a VPN: launching Cloudflare Access
Back in 2015, all of Cloudflare’s internally-hosted applications were reached via a hardware-based VPN. On-call engineers would fire up a client on their laptop, connect to the VPN, and log on to Grafana. This process was frustrating and slow.
Many of the products we build are Continue reading
Kubectl with Cloudflare Zero Trust
Cloudflare is a heavy user of Kubernetes for engineering workloads: it's used to power the backend of our APIs, to handle batch-processing such as analytics aggregation and bot detection, and engineering tools such as our CI/CD pipelines. But between load balancers, API servers, etcd, ingresses, and pods, the surface area exposed by Kubernetes can be rather large.
In this post, we share a little bit about how our engineering team dogfoods Cloudflare Zero Trust to secure Kubernetes — and enables kubectl without proxies.
Our General Approach to Kubernetes Security
As part of our security measures, we heavily limit what can access our clusters over the network. Where a network service is exposed, we add additional protections, such as requiring Cloudflare Access authentication or Mutual TLS (or both) to access ingress resources.
These network restrictions include access to the cluster's API server. Without access to this, engineers at Cloudflare would not be able to use tools like kubectl to introspect their team's resources. While we believe Continuous Deployments and GitOps are best practices, allowing developers to use the Kubernetes API aids in troubleshooting and increasing developer velocity. Not having access would have been a deal breaker.
To satisfy our security requirements, Continue reading
Decommissioning your VDI
This blog offers Cloudflare’s perspective on how remote browser isolation can help organizations offload internal web application use cases currently secured by virtual desktop infrastructure (VDI). VDI has historically been useful to secure remote work, particularly when users relied on desktop applications. However, as web-based apps have become more popular than desktop apps, the drawbacks of VDI – high costs, unresponsive user experience, and complexity – have become harder to ignore. In response, we offer practical recommendations and a phased approach to transition away from VDI, so that organizations can lower cost and unlock productivity by improving employee experiences and simplifying administrative overhead.
Modern Virtual Desktop usage
Background on Virtual Desktop Infrastructure (VDI)
Virtual Desktop Infrastructure describes running desktop environments on virtual computers hosted in a data center. When users access resources within VDI, video streams from those virtual desktops are delivered securely to endpoint devices over a network. Today, VDI is predominantly hosted on-premise in data centers and either managed directly by organizations themselves or by third-party Desktop-as-a-Service (DaaS) providers. In spite of web application usage growing in favor of desktop applications, DaaS is growing, with Gartner® recently projecting DaaS spending to double by 2024.
Both flavors of VDI Continue reading