We’re excited to announce Calico v3.20! Thank you to everyone who contributed to this release! For detailed release notes, please go here. Below are some highlights from the release.
Calico NetworkPolicy and GlobalNetworkPolicy now support egress rules that match on Kubernetes service names. Service matches in egress rules can be used to allow or deny access to in-cluster services, as well as services typically not backed by pods (for example, the Kubernetes API). Address and port information is learned from the individual endpoints within the service, making it easier to keep your network policy in sync with your workloads.
Check out the docs for more!
In Calico v3.19, we introduced a tech-preview API server that allows management of Calico resources directly with kubectl. In v3.20, we’re building upon that with a new Golang API for Calico!
Install the API server and import the Golang API to manage Calico network policies and more, in your own applications! See the projectcalico/api repository, which includes an example, and the Go documentation page.
If you’re using BGP in your cluster, the graceful restart timer is used during rolling updates to ensure Continue reading
If you’re like me, you’ve heard a lot of hype about quantum—but you’ve never really been able to understand what quantum networking might be useful for. On this episode of the Hedge, Josh Slater, who works in the field of quantum networking, Ethan Banks, and Russ White discuss the current state of quantum networking and potential use cases for the technology. Things are farther along than you might think.
Today's sponsored Day Two Cloud episode talks WAN networking with PacketFabric. PacketFabric lets you provision point-to-point and hybrid cloud connectivity as a service. Built on a private fiber network, the company's goal is to let you set up networking as if it was software. Our guest is Anna Claiborne, Co-Founder, CTO and CPO.
The post Day Two Cloud 109: PacketFabric Wants To Make Networking As Easy As Cloud (Sponsored) appeared first on Packet Pushers.
Postgres is a ubiquitous open-source database technology. It contains a vast number of features and offers rock-solid reliability. It's also one of the most popular SQL database tools in the industry. As the industry builds “modern” developer experience tools—real-time and highly interactive—Postgres has also served as a great foundation. Projects like Hasura, which offers a real-time GraphQL engine, and Supabase, an open-source Firebase alternative, use Postgres under the hood. This makes Postgres a technology that every developer should know, and consider using in their applications.
For many developers, REST APIs serve as the primary way we interact with our data. Language-specific libraries like pg
allow developers to connect with Postgres in their code, and directly interact with their databases. Yet in almost every case, developers reinvent the wheel, building the same connection logic on an app-by-app basis.
Many developers building applications with Cloudflare Workers, our serverless functions platform, have asked how they can use Postgres in Workers functions. Today, we're releasing a new tutorial for Workers that shows how to connect to Postgres inside Workers functions. Built on PostgREST, you'll write a REST API that communicates directly with your database, on the edge.
This means that Continue reading
We have seen in previous chapters how the IP address 172.16.100.10 assigned to EP1 is advertised within the LISP domain and advertised as an aggregate route all the way down to Leaf-11 in the BGP EVPN domain. This chapter first explains how the EP3 ‘s IP address 172.16.30.3 is first advertised by Leaf-11 as BGP EVPN MAC Advertisement Route (Route-Type 2) via Spine-1 to Border-Leaf-13. Next, you will learn how Border-Leaf-13 advertises the aggregate route 172.16.30.0/24 to SD-WAN edge device vEdge-2. The last section briefly shows how the routing information is propagated over the SD-WAN. The BGP EVPN NLRI MAC Advertisement Route carries to MPLS Labels which identifies L2VN (10000) and L3VN (10077). In our example, VLAN 10 is part of the VRF NWKT and it is attached to L2VN 10000. L3VNI for VRF NWKT is 10077.
Figure 4-1:Overall Control-Plane Operation: BGP EVPN to OMP to LISP.
Structs have a similiar syntax to a Class and are used to hold data. Considerations Structs are created on the stack and are passed by value. Structs are best suited for small amounts of immutible data. Structs can be mutible, since values are copied, the behaviour is different from a...continue reading
In a throwback to the problems I dealt with using AirPlay across VLANs, I recently jumped through similar hoops for Sonos speakers. There are many forum and blog posts out there that describe (or attempt to describe) how to make this work, however all of the ones I read suffered from one or both of these problems:
This post will dive deep on what's happening on the wire when a Sonos controller (eg, your mobile phone running the Sonos app) tries to talk with the players (the speakers) on the network. The focus will be how to make this process work when those two devices are in different VLANs.
What you read below works successfully with Sonos Beam, Sonos Sub, and Sonos Move using the Sonos S1 app.
Storage in distributed systems is surprisingly hard to get right. Distributed databases and consensus are well-known to be extremely hard to build. But, application code isn't necessarily easy either. There are many ways in which apps that use databases can have subtle timing bugs that could result in inconsistent results, or even data loss. Worse, these problems can be very hard to test for, as they'll often manifest only under heavy load, or only after a sudden machine failure.
Up until recently, Durable Objects were no exception. A Durable Object is a special kind of Cloudflare Worker that has access to persistent storage and processes requests in one of Cloudflare’s points of presence. Each Object has its own private storage, accessible through a classical key/value storage API. Like any classical database API, this storage API had to be used carefully to avoid possible race conditions and data loss, especially when performance mattered. And like any classical database API, many apps got it wrong.
However, rather than fix the apps, we decided to fix the model. Last month, we rolled out deep changes to the Durable Objects runtime such that many applications which previously contained subtle race conditions are now correct Continue reading
Hi all!
Today I’m going to talk about Segment Routing, especially SR-MPLS. Exactly the best source of theoretical information is RFC. But Segment Routing is a huge topic and it's difficult to sort things out. I will provide basic concepts of SR-MPLS and we will go through basic control plane and data plane tasks of SR.
A good network engineer always tries to optimize network, operation tools and workflow. And I’m sure, engineers who develop Segment Routing concepts follow the same idea.
Why do I think so? Look SR-MPLS short facts:
SR is an alternative of main label distribution protocols - LDP and RSVP.
SR decreases control plane entities because it’s a part of IGP protocols (IS-IS or OSPF)
SR uses stateless paradigm unlike RSVP (It helps to reduce CPU consumption)
Let’s investigate basic SR concepts.
Segment and routing. Take the first definition. What is a "segment"? What types of segments do we have?
Segments are instructions. Head-end encodes these instructions into MPLS headers. It's an interesting concept. We can steer traffic flow by data plane units that contain a stack of MPLS labels - stack of instructions. It helps to eliminate states for every MPLS LSP on Continue reading
Zoom buys its way into the contact center biz with the $14.7 billion purchase of Five9, Extreme announces Wi-Fi 6E APs, Cloudflare debuts Green Compute for scheduled workloads, and IT vendors report strong quarterly financial results. We analyze these stories and more IT news on today's Network Break podcast.
The post Network Break 344: Zoom Expands Into Contact Center Biz; Will Devs Choose Cloudflare’s Green Compute? appeared first on Packet Pushers.