Archive

Category Archives for "Networking"

Internship Experience: Software Development Intern

Internship Experience: Software Development Intern

Before we dive into my experience interning at Cloudflare, let me quickly introduce myself. I am currently a master’s student at the National University of Singapore (NUS) studying Computer Science. I am passionate about building software that improves people’s lives and making the Internet a better place for everyone. Back in December 2021, I joined Cloudflare as a Software Development Intern on the Partnerships team to help improve the experience that Partners have when using the platform. I was extremely excited about this opportunity and jumped at the prospect of working on serverless technology to build viable tools for our partners and customers. In this blog post, I detail my experience working at Cloudflare and the many highlights of my internship.

Interview Experience

The process began for me back when I was taking a software engineering module at NUS where one of my classmates had shared a job post for an internship at Cloudflare. I had known about Cloudflare’s DNS service prior and was really excited to learn more about the internship opportunity because I really resonated with the company's mission to help build a better Internet.

I knew right away that this would be a great opportunity and submitted Continue reading

8 questions to ask vendors about Zero Trust Network Access (ZTNA)

The increased deployment of core business applications in the cloud and the shift to remote work brought on by the pandemic have obliterated any notion of the traditional “corporate moat” style of security.Today’s hybrid workplace, where employees are on the road, working from home and maybe visiting the office once or twice a week, has forced network and security teams to adopt a more flexible approach to managing the network, identities, and authentication.Zero Trust Network Access (ZTNA) has emerged as the preferred approach to address today’s security challenges. The concept is relatively simple: Instead of building a layered perimeter defense of firewalls, IDS/IPSes and anti-virus software, Zero Trust assumes that every user or device is untrusted until it becomes sufficiently verified.To read this article in full, please click here

8 questions to ask vendors about Zero Trust Network Access (ZTNA)

The increased deployment of core business applications in the cloud and the shift to remote work brought on by the pandemic have obliterated any notion of the traditional “corporate moat” style of security.Today’s hybrid workplace, where employees are on the road, working from home and maybe visiting the office once or twice a week, has forced network and security teams to adopt a more flexible approach to managing the network, identities, and authentication.Zero Trust Network Access (ZTNA) has emerged as the preferred approach to address today’s security challenges. The concept is relatively simple: Instead of building a layered perimeter defense of firewalls, IDS/IPSes and anti-virus software, Zero Trust assumes that every user or device is untrusted until it becomes sufficiently verified.To read this article in full, please click here

SDN Controller Taxonomy

Even though Gartner declared SDN obsolete before plateau in their 2021 Networking Hype Cycle, most vendor marketers never got the memo. Anything that interacts with network devices in any way1 is called an SDN controller. Let’s try to throw some minimal amount of taxonomy into that mess based on how these controllers interact with network elements (physical or virtual).

Read more …

SDN Controller Taxonomy

Even though Gartner declared SDN obsolete before plateau in their 2021 Networking Hype Cycle, most vendor marketers never got the memo. Anything that interacts with network devices in any way1 is called an SDN controller. Let’s try to throw some minimal amount of taxonomy into that mess based on how these controllers interact with network elements (physical or virtual).

Read more …

Google Cloud launches services to bolster open-source security, simplify zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.At its annual Google Cloud Security Summit, the company said it's building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies."Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up," wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. "This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers."To read this article in full, please click here

Google Cloud boosts open-source security, simplifies zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.At its annual Google Cloud Security Summit, the company said it's building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies."Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up," wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. "This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers."To read this article in full, please click here

Google Cloud boosts open-source security, simplifies zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.At its annual Google Cloud Security Summit, the company said it's building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies."Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up," wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. "This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers."To read this article in full, please click here

Google Cloud launches services to bolster open-source security, simplify zero-trust rollouts

Google Cloud is rolling out new security services designed to address enterprise challenges including securing open-source software and accelerating the adoption of zero-trust architectures.At its annual Google Cloud Security Summit, the company said it's building on its Invisible Security effort, which promises to bake security into tools and services that enterprises and other customers use most.One example is a new service called Assured Open Source Software (Assured OSS), which is aimed at making it easier for organizations to securely manage their open-source dependencies."Today patching security vulnerabilities in open source software often feels like a high-stakes game of whack-a-mole: fix one, and two more pop up," wrote Sunil Potti, vice president and general manager of Google Cloud Security, in a blog about the new services. "This helps explain research done by Sonatype software that shows that there’s a 650% year-over-year increase in cyberattacks aimed at open source software (OSS) suppliers."To read this article in full, please click here

BGP Graceful Restart on the Cisco FTD: Part 1 – Configuring

Enabling BGP Graceful Restart on the Cisco Firepower Threat Defense (FTD) just got so easy! I’m stoked! So the other day I needed to put together an environment with the FTD eBGP peering with graceful restart enabled and test it.... Read More ›

The post BGP Graceful Restart on the Cisco FTD: Part 1 – Configuring appeared first on Networking with FISH.

Full Stack Journey 066: Five IT Skills To Learn In 2022

Drew Conry-Murray and Du’An Lightfoot discuss essential skills for IT professionals in 2022. They include learning to code, learning Linux, and sharing your journey. This topic was inspired by a Tweet thread Du'An recently posted. We also talk about the role of content creation such as blogging and videos to enhance your own learning and advance your career. Du'An is a Sr. Cloud Networking Developer Advocate at AWS Cloud. You may know Du’An from his work as the creator behind LabEveryday, where he posts blogs and videos on technical topics and professional development. You can follow him on Twitter at @labeveryday.

The post Full Stack Journey 066: Five IT Skills To Learn In 2022 appeared first on Packet Pushers.

Full Stack Journey 066: Five IT Skills To Learn In 2022

Drew Conry-Murray and Du’An Lightfoot discuss essential skills for IT professionals in 2022. They include learning to code, learning Linux, and sharing your journey. This topic was inspired by a Tweet thread Du'An recently posted. We also talk about the role of content creation such as blogging and videos to enhance your own learning and advance your career. Du'An is a Sr. Cloud Networking Developer Advocate at AWS Cloud. You may know Du’An from his work as the creator behind LabEveryday, where he posts blogs and videos on technical topics and professional development. You can follow him on Twitter at @labeveryday.

Integrating Network Analytics Logs with your SIEM dashboard

Integrating Network Analytics Logs with your SIEM dashboard
Integrating Network Analytics Logs with your SIEM dashboard

We’re excited to announce the availability of Network Analytics Logs. Magic Transit, Magic Firewall, Magic WAN, and Spectrum customers on the Enterprise plan can feed packet samples directly into storage services, network monitoring tools such as Kentik, or their Security Information Event Management (SIEM) systems such as Splunk to gain near real-time visibility into network traffic and DDoS attacks.

What’s included in the logs

By creating a Network Analytics Logs job, Cloudflare will continuously push logs of packet samples directly to the HTTP endpoint of your choice, including Websockets. The logs arrive in JSON format which makes them easy to parse, transform, and aggregate. The logs include packet samples of traffic dropped and passed by the following systems:

  1. Network-layer DDoS Protection Ruleset
  2. Advanced TCP Protection
  3. Magic Firewall

Note that not all mitigation systems are applicable to all Cloudflare services. Below is a table describing which mitigation service is applicable to which Cloudflare service:


Mitigation System		 Cloudflare Service
Magic Transit Magic WAN Spectrum
Network-layer DDoS Protection Ruleset
Advanced TCP Protection
Magic Firewall Continue reading

Debugging Hardware Performance on Gen X Servers

Debugging Hardware Performance on Gen X Servers
Debugging Hardware Performance on Gen X Servers

In Cloudflare’s global network, every server runs the whole software stack. Therefore, it's critical that every server performs to its maximum potential capacity. In order to provide us better flexibility from a supply chain perspective, we buy server hardware from multiple vendors with the exact same configuration. However, after the deployment of our Gen X AMD EPYC Zen 2 (Rome) servers, we noticed that servers from one vendor (which we’ll call SKU-B) were consistently performing 5-10% worse than servers from second vendor (which we'll call SKU-A).

The graph below shows the performance discrepancy between the two SKUs in terms of percentage difference. The performance is gauged on the metric of requests per second, and this data is an average of observations captured over 24 hours.

Debugging Hardware Performance on Gen X Servers
Machines before implementing performance improvements. The average RPS for SKU-B is approximately 10% below SKU-A.

Compute performance via DGEMM

The initial debugging efforts centered around the compute performance. We ran AMD’s DGEMM high performance computing tool to determine if CPU performance was the cause. DGEMM is designed to measure the sustained floating-point computation rate of a single server. Specifically, the code measures the floating point rate of execution of a real matrix–matrix multiplication with double Continue reading

1 441 442 443 444 445 3,480