The third quarter of 2021 was a busy quarter for DDoS attackers. Cloudflare observed and mitigated record-setting HTTP DDoS attacks, terabit-strong network-layer attacks, one of the largest botnets ever deployed (Meris), and more recently, ransom DDoS attacks on voice over IP (VoIP) service providers and their network infrastructure around the world.
Here’s a summary of the trends observed in Q3 ‘21:
Application-layer (L7) DDoS attack trends:
Network-layer (L3/4) DDoS attack trends:
A rarely covered topic in technology is professional development. Other careers have extensive programs to ensure practitioners develop and maintain a wide range of skills but this principle is rare in IT.
The post Heavy Strategy 012: Professional Development in Infrastructure Technology appeared first on Packet Pushers.
James Miles sent me a long list of really good questions along the lines of “why do we see so many Internet-related outages lately and is it due to BGP and DNS creaking of old age”. He started with:
Over the last few years there are more “high profile” incidents relating to Internet connectivity. I raise the question, why?
The most obvious reason: Internet became mission-critical infrastructure and well-publicized incidents attract eyeballs.
Ignoring the click baits, the underlying root cause is in many cases the race to the bottom. Large service providers brought that onto themselves when they thought they could undersell the early ISPs and compensate their losses with voice calls (only to discover that voice-over-Internet works too well).
Javascript is a dynamically type language. The types of variables are evaluated at runtime based on the contents of the variable. Typescript is a superset of Javascript which adds static typing to the language (amongst other things). There are two kinds of types in Javascript;...continue reading
How best to return from a cliffhanger ending – in a previous post we used Django’s Model class .save() to write network state—that is CLI standard output transformed to JSON using pyATS—into a PostgreSQL database table. Django also helped us convert, or migrate, a Pythonic class-based model into this SQL table in the first place. […]
The post Triggering Network Automation From The Web appeared first on Packet Pushers.
With the Calico 3.10 release, Dynamic Packet Capture is available in Dynamic Service Graph.
This means users who require self-service, live troubleshooting for microservices and Kubernetes workloads can capture and evaluate traffic packets on endpoints without writing a single line of code or using any 3rd-party troubleshooting tools. Users don’t need to learn about or have knowledge of kubectl or YAML to troubleshoot their microservices and Kubernetes cluster. Calico helps enforce organizational security policies by only allowing users to access their assigned namespaces and endpoints for troubleshooting.
In most situations when you need to do a packet capture, the problem doesn’t last long and usually happens randomly. But once you narrow down the issue to a particular time or activity, you will need to set the right action plan to tackle the problem. Packet capture is now much easier, simpler, and faster than before.
Dynamic Packet Capture facilitates fast troubleshooting and easy debugging of microservice connectivity issues and performance hotspots in Kubernetes clusters. It is a Kubernetes-native custom resource that runs as part of user code against specific workloads in the cluster, without the need to execute any programs inside the cluster. Dynamic Packet Capture Continue reading
Ready to get started? The following resources and tutorials will enhance your understanding of container network security and help you get started.
Get an independent analyst’s view on the state of container security:
Many container network security experts are blogging about lessons learned and sharing their knowledge on how to secure mod- ern applications. Follow their conversations:
Developers and platform operators alike need to learn how to secure applications and platforms. Why not take a class to enrich your understanding? There are many free and low-cost options, including the following:
Ethan Banks and Ned Bellavance hosted a panel discussion at VMworld 2021 with two VMware customers using VMware Cloud---the University of Miami and Sterling National Bank. This discussion looks at what works, where the customers ran into issues, and how their cloud journeys are progressing.
The post Day Two Cloud 122: Two Customer Journeys To VMware Cloud (Sponsored) appeared first on Packet Pushers.
“Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth.” — Sherlock Holmes
It’s not every day that you get to debug what may well be a packet of death. It was certainly the first time for me.
What do I mean by “a packet of death”? A software bug where the network stack crashes in reaction to a single received network packet, taking down the whole operating system with it. Like in the well known case of Windows ping of death.
Challenge accepted.
Around a year ago we started seeing kernel crashes in the Linux ipv4 stack. Servers were crashing sporadically, but we learned the hard way to never ignore cases like that — when possible we always trace crashes. We also couldn’t tie it to a particular kernel version, which could indicate a regression which hopefully could be tracked down to a single faulty change in the Linux kernel.
The crashed servers were leaving behind only a crash report, affectionately known as a “kernel oops”. Let’s take a look at it and go over what information we have there.
Parts of the oops, like offsets into Continue reading
ITRenew has announced that Pluribus Netvisor ONE OS and the Adaptive Cloud Fabric controllerless SDN software are now available as part of Sesame by ITRenew rack-scale cloud solutions.
The post The Circular Data Center: Deploy a Cloud Operating Model While Lowering Cost and Climate Impacts appeared first on Pluribus Networks.
ITRenew has announced that Pluribus Netvisor ONE OS and the Adaptive Cloud Fabric controllerless SDN software are now available as part of Sesame by ITRenew rack-scale cloud solutions. Pluribus is very pleased to take part in this new circular approach to building data centers; one where we can deliver a cloud operating model with on-prem performance, while also helping our customers achieve their sustainability goals.
The timing of this partnership is apropos given the global attention to COP26, the United Nations Climate Change Conference and ongoing efforts worldwide to scale back emissions. While all industries have a responsibility on this front, the data center industry has specific, well-documented sustainability challenges that are only just starting to be properly addressed.
Most efforts to build the “green data center” have largely focused on increasing energy efficiency and using renewable energy sources, even though power used during the operational phase is only part of the problem. The bigger environmental culprit is that the industry continues to manufacture and deploy brand-new IT infrastructure equipment at a rapid pace.
In its report, “The Financial & Sustainability Case for Circularity,” ITRenew used a lifecycle model, assuming a typical 3-year operational lifetime for the equipment, Continue reading