0

Calico WireGuard support with Azure CNI

Last June, Tigera announced a first for Kubernetes: supporting open-source WireGuard for encrypting data in transit within your cluster. We never like to sit still, so we have been working hard on some exciting new features for this technology, the first of which is support for WireGuard on AKS using the Azure CNI.

First a short recap about what WireGuard is, and how we use it in Calico.

What is WireGuard?

WireGuard is a VPN technology available in the Linux kernel since version 5.6 and is positioned as an alternative to IPsec and OpenVPN. It aims to be faster, simpler, leaner and more useful. This is manifested in WireGuard taking an opinionated stance on the configurability of supported ciphers and algorithms to reduce the attack surface and auditability of the technology. It is simple to configure with standard Linux networking commands, and it is only approximately 4,000 lines of code, making it easy to read, understand, and audit.

While WireGuard is a VPN technology and is typically thought of as client/server, it can be configured and used equally effectively in a peer-to-peer mesh architecture, which is how we designed our solution at Tigera to work in Kubernetes. Using Calico, Continue reading

0

Hedge 110: Andrew Alston and SRv6 Security

SRv6, a form of source routing, is the new and interesting method being created by the IETF to allow traffic engineering and traffic steering. This is not the first time the networking world has tried source routing, however—and in the spirit of rule 11, we should ask some questions. How and why did source routing fail last time? Have we learned those lessons and changed the way we’re doing things to overcome those limitations? Security seems to be one area where problems arise in the source routing paradigm.

Andrew Alston joins Tom Ammon and Russ White to discuss security in SRv6.

download

0

IPv6 Buzz 90: IPv6 Unique Local Addresses (ULAs) And You

In this episode Ed, Scott, and Tom chat about Unique Local Addresses (ULAs), what they are, how they are used, when (or if) you should use them in your networks.

The post IPv6 Buzz 90: IPv6 Unique Local Addresses (ULAs) And You appeared first on Packet Pushers.

0

IPv6 Buzz 90: IPv6 Unique Local Addresses (ULAs) And You

In this episode Ed, Scott, and Tom chat about Unique Local Addresses (ULAs), what they are, how they are used, when (or if) you should use them in your networks.

0

Confluent Platform 7.0: Data Streaming Across Multiclouds

The challenge is clear: How to offer real- or near real-time access to data that is continually refreshed across a number of different distributed environments. With different types of data streaming from various sources such as multicloud and on-premises environments, the data, often in shared digital layers such as so-called digital information hubs (DIHs), must be updated asynchronously. This is necessary in order to maintain a consistent user experience. To that end, data streaming platform provider Apache Kafka, hundreds of different applications and data systems can use it to migrate to the cloud or share data between their data center and the public cloud, Confluent says. Traditionally, syncing data between multiple clouds or between on-premises and the cloud was “like a bad game of telephone,”

0

LoRa takes a trip to the moon and back, chirping all the way

LoRa is living up to its name, literally.A shortened version of “long range” (ironic!), LoRa is a wide-area wireless modulation technique that encodes information on radio waves. LoRa, which has been around since 2015, is derived from Chirp Spread Spectrum (CSS) technology and uses chirp pulses to transmit small bits of data. It also uses very little power. The proprietary technology is owned by semiconductor supplier Semtech Corp[Get regularly scheduled insights by signing up for Network World newsletters.] LoRa’s value is in transmitting data for sensors and other connected devices that require little power to operate. Not only can LoRa withstand disturbances, it can transmit data at longer ranges than better known wireless technologies such as Wi-Fi and Bluetooth. So long, in fact, that demonstrations of LoRa’s transmission capabilities now must extend into near space.To read this article in full, please click here

0

How to Configure an Edge Data Center to Meet Your Specific Needs

Are you planning to build an edge data center? Here's how to do the job right.

0

Optimal BGP Path Selection with BGP Additional Paths

A month ago I explained how using a BGP route reflector in a large-enough non-symmetrical network could result in suboptimal routing (or loss of path diversity or multipathing). I also promised to explain how Advertisement of Multiple Paths in BGP functionality¹ solves that problem. Here we go…

I extended the original lab with another router to get a scenario where one route reflector (RR) client should use equal-cost paths to an external destination while another RR client should select a best path that is different from what the route reflector would select.

0

Aviatrix’s Modest New Blocking Feature Hints At Greater Ambitions For Multi-Cloud Security

Aviatrix, which makes multi-cloud networking software for public clouds, has introduced a new security feature that can identify and then block customers’ cloud-based workloads from connecting to a malicious IP address or known-bad host on the Internet. The new capability is called ThreatIQ with ThreatGuard. It’s available to customers that already license the Aviatrix Co-Pilot […]

The post Aviatrix’s Modest New Blocking Feature Hints At Greater Ambitions For Multi-Cloud Security appeared first on Packet Pushers.

0

Some Notes from RIPE 83

The RIPE community held a meeting in November. Like most community meetings in these Covid-blighted times it was a virtual meeting. Here’s my notes from a few presentations that piqued my interest.

0

Day Two Cloud 126: Azure Arc And Building A Hybrid Cloud

On today's Day Two Cloud, we dig into Azure Arc and the construction of hybrid clouds with guest Ben Weissman, a consultant, author, and Pluralsight creator.

0

Day Two Cloud 126: Azure Arc And Building A Hybrid Cloud

On today's Day Two Cloud, we dig into Azure Arc and the construction of hybrid clouds with guest Ben Weissman, a consultant, author, and Pluralsight creator.

The post Day Two Cloud 126: Azure Arc And Building A Hybrid Cloud appeared first on Packet Pushers.

0

Noction Flow Analyzer – Initial Setup in Home Lab

The goal of this guide is to create a minimalistic and virtualized laboratory infrastructure in a home environment so that everyone can become familiar with all the features that the Noction Flow Analyzer (NFA) provides before actually deploying the NFA in the enterprise network. Our home network consists of two key components - nProbe Pro […]
Continue reading...

0

SD-WAN At Home? The Obstacles And Issues

As remote work becomes the norm, SD-WAN might seem like a good fit to support remote employees, but current offerings all have their drawbacks.

The post SD-WAN At Home? The Obstacles And Issues appeared first on Packet Pushers.

0

Scalable Policy Routing

More than a decade ago (before SD-WAN was even a thing) I wrote an article describing how easy it is to route different applications onto different links (MPLS/VPN versus IPsec tunnels) using a distance vector routing protocol (preferably BGP, although even RIP would work).

You might find it interesting that it’s possible to solve tough problems with good network design instead of proprietary unicorn dust, so I salvaged the article from some dusty archive, cleaned it up, polished it, and published it on ipSpace.net.

0

AWS wants to get your mainframe apps into the cloud – fast

AWS is now offering a mainframe service that promises to help Big Iron customers interested in moving apps to the cloud cut that migration time by two-thirds.The goal of AWS Migration Acceleration Program for Mainframe is to get those customers off of the Big Iron “as fast as they possibly can” in order to take better advantage of the cloud, according to Adam Selipsky, CEO of AWS, speaking at Amazon’s AWS re:Invent conference. [Get regularly scheduled insights by signing up for Network World newsletters.] “It can be a messy business and involves a lot of moving pieces, and it isn’t something that people really want to do on their own,” Selipsky said.  “And while AWS partners can help with the transition, it can still take a long time.”To read this article in full, please click here

0

AWS targets IPv6 migration for serverless, container workloads

Amazon Web Services has launched new support for IPv6-only subnets that can meet the needs of workloads that require more IP addresses than IPv4 can readily provide.The service is available through Amazon Virtual Private Cloud (VPC) and suitable for workloads such as serverless and container applications, according to a blog by Rohit Aswani, a senior specialist solutions architect and Aditya Santhanam, a senior product manager, both with AWS. “Workloads that are constrained by the limited size of the IPv4 address space can now migrate to an IPv6-only environment on AWS to scale up,” they wrote.To read this article in full, please click here

0

Thanksgiving’s biggest online shopping day was Cyber Monday, but other days were close behind

November comes, the temperatures start to get colder for most of the planet's population (87% live in the Northern Hemisphere) and many are also starting to prepare for the festive season. That also brings significant changes in Internet traffic, most notably the online shopping kind of traffic.

So, what were the November days that e-commerce websites had the most traffic in the US and what about worldwide? Is humanity using more mobile Internet at this time? And what are the most popular days online — is Black Friday the winner?

We’ll dig into those questions using Cloudflare Radar. E-commerce is expanding and at an all-time high, especially after the pandemic accelerated the digital transformation process (e-commerce had a 32.4% increase in sales in the US in 2020 and is expected to grow this year).

Cyber Monday, a ‘last minute’ winner

Let’s start with e-commerce — we added a chart to Radar that shows trends for e-commerce by country. The worldwide trend is pretty evident: Cyber Monday, the day for supposedly last-minute discounts, was the clear winner.

Worldwide most popular days for e-commerce

#1. Cyber Monday, November 29.

#2. Monday, November 23.

#3. Black Friday, November 26 — November Continue reading

0

Dynamic Negotiation of BGP Capabilities

I wanted to write a blog post explaining the intricacies of Advertisement of Multiple Paths in BGP, got into a yak-shaving exercise when discussing the need to exchange BGP capabilities to enable this feature, and decided to turn it into a separate prerequisite blog post. The optimal path selection with BGP AddPath post is coming in a few days.

The Problem

Whenever you want to use BGP for something else than simple IPv4 unicast routing the BGP neighbors must agree on what they are willing to do – be it multiprotocol extensions and individual additional address families, graceful restart, route refresh… (IANA has the complete BGP Capability Codes registry).

0

Move Over Customer Experience; User Experience is Now King

With hybrid work here to stay, organizations need to boost the employee user experience by ensuring performance, connectivity, security, and usability.