Using custom templates to test IP anycast with MPLS was fun, but as I got into interesting discussions focusing on convoluted details, I found myself going through the same set of steps too many times.
It started with the need to specify individual devices in netlab config command to create new loopback interfaces on anycast servers but not on any other device in the lab. Wouldn’t it be nice to have a group of devices (similar to Ansible groups) that one could use in the limit parameter of netlab config?
The post Noction releases the new feature-rich NFA 21.11 version appeared first on Noction.
It took more than seven years to publish an obvious fact as an RFC: IPv6 extension headers are a bad idea (RFC 9098 has a much more polite title or it would never get published).
This blog was published on November 20, 2021. As we continue to optimize our network we're publishing regular updates, which are available here.
A little over two months ago, we shared extensive benchmarking results of last mile networks all around the world. The results showed that on a range of tests (TCP connection time, time to first byte, time to last byte), and on a range of measurements (p95, mean), that Cloudflare was the fastest provider in 49% of networks around the world. Since then, we’ve worked to continuously improve performance until we’re the fastest everywhere. We set a goal to grow the number of networks where we’re the fastest by 10% every Innovation Week. We met that goal during Birthday Week (September 2021).
Today, we’re proud to report we blew the goal away for Full Stack Week (November 2021). Cloudflare measured our performance against the top 1,000 networks in the world (by number of IPv4 addresses advertised). Out of those, Cloudflare has become the fastest provider in 79 new networks, an increase of 14% of these 1,000 networks. Of course, we’re not done yet, but we wanted to share the latest results and explain how we did it.
However, Continue reading
Another must-read masterpiece by Julia Evans: how to get useful answers to your questions.
You may have seen something making the rounds on Twitter this week about a couple of proposed drafts designed to alleviate the problems with IPv4 exhaustion by repurposing some old IP spaces that aren’t available for use right now. Specifically:
Ultimately, this is probably going to fail for a variety of reasons and looks like it’s more of a suggestion than anything else but I wanted to take a moment to talk about why this isn’t an effective way of fixing address issues.
The first reason that the Schoen drafts are going to fail is because most of the operating systems in the world won’t allow you to use reserved spaces for a system address. Because we knew years ago that certain spaces were marked as non-usable the logic was configured into the system to disallow the use of those spaces. And even if the system isn’t configured to disallow that space there’s no guarantee the traffic is going to be transmitted.
Let’s take 127/8 as a good example. Was it a smart idea to mark 16 million addresses as loopback host-only space? Nope. But that ship has sailed and Continue reading
After months of in-depth testing by SE Labs across a vast spectrum of security products, VMware is honored to receive the 2021 Best Network Detection and Response award. This award comes on the heels of the announcement earlier this year that SE Labs awarded the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR).
According to the U.K. based independent testing lab, each of the award winners has demonstrated its excellence in its category. SE Labs bases their conclusions on a combination of continual public testing, private assessments and feedback from corporate clients who use SE Labs to help choose security products and services.
The efficacy of VMware NSX NDR is clear, proving 100 percent protection across multi-cloud environments from four major advanced and persistent threats (APT) groups—including FIN7&Carbanak, OilRig, APT3 and APT29—while returning zero false positives. This ability allows security operations teams to rapidly detect malicious activity and stop the lateral movement of threats inside the network.
A Sea Change in Independent Security Testing
This award and AAA rating from SE Labs is the first in the industry. It is well-known that today’s attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and Continue reading
In today's sponsored Heavy Networking show with VMware, we take a fresh look at VMware's SASE and Zero Trust Network Access (ZTNA) solution. VMware has a breadth of products that allow for a differentiated overall solution. Joining us today is Craig Connors, Vice President and Chief Technology Officer of Service Provider and Edge at VMware.
The post Heavy Networking 607: ZTNA Everywhere With VMware SASE (Sponsored) appeared first on Packet Pushers.
Here is the Table of Contents of my AWS Networking Fundamentals book. I have added the figures which illustrate the example scenarios in each chapter. The book is available at Leanpub.com. It is still in progress, and there will be additional chapters soon.
Continue reading
This post is also available in 日本語, 简体中文.
Handling payments inside your apps is crucial to building a business online. For many developers, the leading choice for handling payments is Stripe. Since my first encounter with Stripe about seven years ago, the service has evolved far beyond simple payment processing. In the e-commerce example application I shared last year, Stripe managed a complete seller marketplace, using the Connect product. Stripe's product suite is great for developers looking to go beyond accepting payments.
Earlier versions of Stripe's SDK had core Node.js dependencies, like many popular JavaScript packages. In Stripe’s case, it interacted directly with core Node.js libraries like net/http
, to handle HTTP interactions. For Cloudflare Workers, a V8-based runtime, this meant that the official Stripe JS library didn’t work; you had to fall back to using Stripe’s (very well-documented) REST API. By doing so, you’d lose the benefits of using Stripe’s native JS library — things like automatic type-checking in your editor, and the simplicity of function calls like stripe.customers.create()
, instead of manually constructed HTTP requests, to interact with Stripe’s various pieces of functionality.
In April, we wrote that we were focused on Continue reading