The Network Does Too Much

I’m at Networking Field Day this week and it’s good to be back in person around other brilliant engineers and companies. One of the other fun things that happens at Networking Field Day is that I get to chat with folks that help me think about things in new ways and come up with awesome ideas for networking blog posts.

One of the ones that was discussed quickly this week really got me thinking again about fragility and complexity. Thanks to Carl Fugate for reminding me about it. Essentially, networks are inherently unstable because they are doing far too much heavy lifting.

Swiss Army Design

Have you heard about the AxeSaw Reddit? It’s a page dedicated to finding silly tools that attempt to combine too many things together into one package that make the overall tool less useful. Like making a combination shovel and axe that isn’t easy to operate because you have to hold on to the shovel scoop as the handle for the axe and so on. It’s a goofy take on a trend of trying to make things too compact at the sake of usability.

Networking has this issue as well. I’ve talked about it before here Continue reading

MSPs And SASE: How Enterprises Can Get The Right Fit

MSPs can help enterprises get their SASE projects online faster, from initial design to deployment to full-time operation.

The post MSPs And SASE: How Enterprises Can Get The Right Fit appeared first on Packet Pushers.

Weekend Reads 012822

DigiTimes reports that processor prices are set to increase “substantially” in 2022 due to a boost in foundry costs. Specifically, processors based on the sub-7nm process nodes are expected to be more expensive moving forward.

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

Although the advisory discussed above is specific to Russian threat actors, the lessons learned and approaches to preparedness, detection, and prevention are generically applicable to a wide range of threats for both IT and OT.

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.

HTTPS serves as a critical infrastructure for web security, protecting the privacy and integrity of communications between networks. An important aspect of the extension is the authentication process, which is powered by Web PKI via digital certificates that are issued by Certificate Authorities (CAs).

Their intention is to expand Continue reading

Why Haven’t I Tried ZeroTier Before?

I have a confession to make: I am not currently using ZeroTier. It turns out that in this respect I am in a minority among my peers at Networking Field Day 27 and after listening to a great introduction to ZeroTier by company founder and original software author Adam Ierymenko, I now know that I need to change this.

ZeroTier

ZeroTier facilitates the creation of an arbitrarily distributed virtual ethernet switch through which devices can communicate. Since it’s not immediately obvious what that means, here are a few scenarios where ZeroTier can provide a solution:

Home User

Imagine that you want to access your home network when you’re out on the road. ZeroTier can hook you up.

Multi-cloud Connectivity

What if you would like compute instances in multiple cloud providers to be able to communicate directly with one another as if they were on the same VLAN? What if you could also allow your developers to connect to that VLAN and seamlessly access the compute instances without any knowledge or care about which cloud provider is hosting the instance? Or maybe you’d like the cloud instances to appear as if they were on the data center VLAN? ZeroTier can do Continue reading

Happy Data Privacy Day!

Happy Data Privacy Day 2022! Of course, every day is privacy day at Cloudflare, but today gives us a great excuse to talk about one of our favorite topics.

In honor of Privacy Day, we’re highlighting some key topics in data privacy and data protection that helped shape the landscape in 2021, as well as the issues we’ll be thinking about in 2022. The first category that gets our attention is the intersection of data security and data privacy. At Cloudflare, we’ve invested in privacy-focused technologies and security measures that enhance data privacy to help build the third phase of the Internet, the Privacy phase, and we expect to double down on these developments in 2022.

The second category is data localization. While we don’t think you need localization to achieve privacy, the two are inextricably linked in the EU regulatory landscape and elsewhere.

Third, recent regulatory enforcement actions in the EU against websites’ use of cookies have us thinking about how we can help websites run third-party tools, such as analytics, in a faster, more secure, and more privacy-protective way.

Lastly, we’ll continue to focus on the introduction of new or updated data protection regulations around the world, Continue reading

Video: Kubernetes Architecture

Yesterday I mentioned the giant glob of complexity called Kubernetes. If you want to slowly unravel it, Kubernetes Architecture video from the excellent Kubernetes Networking Deep Dive webinar by Stuart Charlton is a pretty good starting point.

Video: Kubernetes Architecture

Yesterday I mentioned the giant glob of complexity called Kubernetes (see also more nuanced take on the topic). If you want to slowly unravel it, Kubernetes Architecture video from the excellent Kubernetes Networking Deep Dive webinar by Stuart Charlton is a pretty good starting point.

SSH over bluetooth

Yesterday I set up a simple serial console over bluetooth as a backup console.

Today I’m running SSH over bluetooth. Raw SSH, no IP. I only use IP on the two ends to talk to the SSH client and server. It doesn’t actually go over the bluetooth.

This fixes the security aspects with the previous solution. As long as you make sure to check the host key signature it’ll be perfectly secure.

No need for one-time passwords. You can even use SSH pubkey auth.

Connect to the system SSH

Server:

rfcomm watch hci0 2 socat TCP:127.0.0.1:22 file:/proc/self/fd/6,b115200,raw,echo=0

Client:

sudo rfcomm bind rfcomm2 AA:BB:CC:XX:YY:ZZ 2
ssh -oProxyCommand="socat - file:/dev/rfcomm2,b115200,raw,echo=0" dummy-hostname

A backup SSH

If you’re messing around with an OpenSSH config then it may be a good idea to set up a minimal config on another port. Maybe port 23. Not like that port is used for anything else anymore.

Is ARM architecture the future of cloud computing?

Central processing units (CPUs) can be compared to the human brain in that their unique architecture allows them to solve mathematical equations in different ways. x86 is the dominant architecture used in cloud computing at the time of this writing; however, it is worth noting that this architecture is not efficient for every scenario, and its proprietary nature is causing an industry shift toward ARM.

ARM (Advanced RISC Machines) is a type of CPU architecture that powers most tablets and smartphones, as well as the fastest supercomputer in the world (supercomputer Fugaku). ARM’s low power consumption and high computational performance make it a worthy rival for x86 in cloud computing.

In this article, I will talk about a few popular ARM projects, the main difference between x86 and ARM architectures, and explore how we can prepare developers for the future by providing them with an ARM-based container environment.

ARM versus x86

Companies are increasing their pursuit to leverage ARM in order to reduce both cost and energy consumption. While x86 remains a proprietary CPU architecture, ARM provides licenses to other companies allowing them to design their own custom-built processors using ARM’s patented technology.

Amazon’s custom-designed Graviton processor is a great Continue reading

Creating a Modern, Zero Trust Infrastructure: It’s a Journey

Will Nvidia give up on the Arm deal?

Nvidia may be about to do something it never does: give up.The chip giant is finally ready to throw in the towel on its proposed acquisition of Arm Holdings after vociferous opposition by UK regulators, according to a report from Bloomberg (paywalled).[Get regularly scheduled insights by signing up for Network World newsletters.] First announced in September 2020, the deal has dragged on due to almost immediate opposition from UK entities. Arm Holdings is a British company but owned by Japanese tech giant Softbank. Laden with debt, Softbank wanted to unload Arm to someone better suited to manage the company, and Nvidia stepped forward.To read this article in full, please click here

Will Nvidia give up on the Arm deal?

Nvidia may be about to do something it never does: give up.The chip giant is finally ready to throw in the towel on its proposed acquisition of Arm Holdings after vociferous opposition by UK regulators, according to a report from Bloomberg (paywalled).[Get regularly scheduled insights by signing up for Network World newsletters.] First announced in September 2020, the deal has dragged on due to almost immediate opposition from UK entities. Arm Holdings is a British company but owned by Japanese tech giant Softbank. Laden with debt, Softbank wanted to unload Arm to someone better suited to manage the company, and Nvidia stepped forward.To read this article in full, please click here

Hedge 116: Schofield’s Laws of Computing

Jack Schofield, a prolific journalist covering computers and computing, developed three “laws” across his thirty years of reporting that have come to be known as Schofield’s Laws of Computing. What are these laws, and how do they apply to the modern computing landscape—especially for the network engineer? Join Tom Ammon and Russ White as they discuss Schofield’s Laws of Computing.

download

Protecting Holocaust educational websites

Today is the International Holocaust Remembrance Day. On this day, we commemorate the victims that were murdered by the Nazis and their accomplices.

During the Holocaust, and in the events that led to it, the Nazis exterminated one third of the European Jewish population. Six million Jews, along with countless other members of minority and disability groups, were murdered because the Nazis believed they were inferior.

Cloudflare’s Project Galileo provides free protection to at-risk groups across the world including Holocaust educational and remembrance websites. During the past year alone, Cloudflare mitigated over a quarter of a million cyber threats launched against Holocaust-related websites.

Antisemitism and the Final Solution

In the Second World War and the years leading up to it, antisemitism served as the foundation of racist laws and fueled violent Pogroms against Jews. The tipping point was a night of violence known as the Kristallnacht ("Night of Broken Glass"). Jews and other minority groups were outlawed, dehumanized, persecuted and killed. Jewish businesses were boycotted, Jewish books burned and synagogues destroyed. Jews, Roma and other “enemies of the Reich'' were forced into closed ghettos and concentration camps. Finally, as part of the Final Solution for the Jewish Question, Continue reading

IPv6 Buzz 093: Dissecting DHCPv6

In this latest episode of IPv6 Buzz, Ed, Scott, and Tom do their first episode-long dive into DHCPv6, how it works, how it differs from IPv4 DHCP, and some aspects of dealing with its deployment.

The post IPv6 Buzz 093: Dissecting DHCPv6 appeared first on Packet Pushers.

IPv6 Buzz 093: Dissecting DHCPv6

Migrating to Cloudflare Email Routing

A few days ago Google announced that the users from the "G Suite legacy free edition" would need to switch to the paid edition before May 1, 2022, to maintain their services and accounts working. Because of this, many people are now considering alternatives.

One use case for G Suite legacy was handling email for custom domains.

In September, during Birthday Week, we announced Cloudflare Email Routing. This service allows you to create any number of custom email addresses you want on top of the domains you already have with Cloudflare and automatically forward the incoming traffic to any destination inboxes you wish.

Email Routing was designed to be privacy-first, secure, powerful, and very simple to use. Also, importantly, it’s available to all our customers for free.

The closed beta allowed us to keep improving the service and make it even more robust, compliant with all the technical nuances of email, and scalable. Today we're pleased to report that we have over two hundred thousand zones testing Email Routing in production, and we started the countdown to open beta and global availability.

With Email Routing, you can effectively start receiving Emails in any of your domains for any number of Continue reading

Confluent’s Q1 Updates: ‘Data Mesh vs. Data Mess’

Confluent says it will release a series of updates to its data streaming platform every quarter. In this quarter, the updates consist of a number of new features built from the Apache Kafka open source distributed event streaming platform. They include schema linking, new controls to shrink capacity for clusters on-demand and new fully managed Kafka connectors. The new capabilities “can make a huge difference in creating a data mesh versus a data mess,” Schema Linking gives organizations the freedom to develop without the risk of damaging production, Rosanova told The New Stack. “Dev and prod generally don’t talk to one another — because production environments are so sensitive, you don’t want to give everyone access,” Rosanova said. With Schema Linking, built on top of Cluster Linking, schemas can be shared that sync in real-time across teams, organizations and environments, such with hybrid and multicloud environments. “This is far more scalable and efficient compared to workarounds I’ve seen where people are literally sharing schemas through spreadsheets,” Rosanova said. Much verbiage is devoted to scaling, but how to dynamically adjust network resources for resource savings when needed to avoid redundancy is often not addressed. As Rosanova noted, organizations maintain high availability by beefing up their capacity to handle spikes in traffic and avoid downtime. “We added a simple, self-service way to scale back capacity so customers no longer have to worry about wasting resources on capacity they don’t use. These clusters also automatically rebalance your data every time you scale up or down,” Rosanova said. “This solves the really hard challenge of rebalancing workloads while they are running. It’s like changing the tires on a moving car. Now you can optimize data placement without disrupting the real-time flow of information.” New Connectors Confluent’s new release now features over 50 managed connectors for Confluent Cloud. The idea behind Confluent’s Apache Kafka connectors is to facilitate network connections for data streaming with data sources and sinks that organizations select. In the last six months, Confluent more than doubled the number of managed connectors it offers, Rosanova said. “Once one system is connected, two more need to be added, and so on,” he said. “We are bringing real-time data to traditional, non-real-time places to quickly modernize companies’ applications. This is a significant need that continues to grow.” Kafka has emerged as a leading data streaming platform and Confluent continues to evolve with it, Rosanova said. “We are improving what businesses can accomplish with Kafka through these new capabilities. Real-time data streaming continues to play an important role in the services and experiences that set organizations apart,” Rosanova said. “We want to make real-time data streaming within reach for any organization and are continuing to build a platform that is cloud native, complete, and available everywhere.” Confluent’s connector list now includes: Data warehouse connectors: Snowflake, Google BigQuery, Azure Synapse Analytics, Amazon Redshift. Database connectors: MongoDB Atlas, PostgreSQL, MySQL, Microsoft SQL Server, Azure. Cosmos DB, Amazon DynamoDB, Oracle Database, Redis, Google BigTable. Data lake connectors: Amazon S3, Google Cloud Storage, Azure Blob Storage, Azure Data. Lake Storage Gen 2, Databricks Delta Lake. Additionally, Confluent has improved access to popular tools for network monitoring. The platform now offers integrations with Datadog and Prometheus. “With a few clicks, operators have deeper, end-to-end visibility into Confluent Cloud within the monitoring tools they already use,”blog post. The post Confluent’s Q1 Updates: ‘Data Mesh vs. Data Mess’ appeared first on The New Stack.

The Next Frontier in AI Networking

The rapid arrival of real-time gaming, virtual reality and metaverse applications is changing the way network, compute memory and interconnect I/O interact for the next decade. As the future of metaverse applications evolve, the network needs to adapt for 10 times the growth in traffic connecting 100s of processors with trillions of transactions and gigabits of throughput. AI is becoming more meaningful as distributed applications push the envelope of predictable scale and performance of the network. A common characteristic of these AI workloads is that they are both data and compute-intensive. A typical AI workload involves a large sparse matrix computation, distributed across 10s or 100s of processors (CPU, GPU, TPU, etc.) with intense computations for a period of time. Once the data from all peers is received, it can be reduced or merged with the local data and then another cycle of processing begins.

Access broker found exploiting Log4j vulnerability in VMware

The Prophet Spider gang uses the Log4Shell vulnerability to target the Tomcat service in unpatched VMware Horizon systems.