VMware Transit Connect has proven itself as a valuable tool to enable high bandwidth and speed connectivity for VMware Cloud on AWS customers and their Software Defined Data Centers (SDDCs). There are hundreds of customers using this feature across the fleet in a myriad of combinations. Since the initial offering in 2020 we have worked with our partner, AWS, to expand the service’s capabilities to include SDDC Grouping across multiple regions in addition to support for Transit/Security VPC models. These capabilities combine to provide a comprehensive networking solution to address some of the most challenging networking requirements. However, there has been one gap in the connectivity – the ability to peer the VMware Managed Transit Gateway (VTGW) with a native AWS Transit Gateway (TGW).
At AWS re:Invent 2021, the ability to peer VTGWs to AWS TGWs in the same region, also referred to as intra-region peering was announced. VMware and AWS have been working on this solution diligently and we are excited to announce VMware Cloud on AWS support for this new capability in this announcement blog. Equally exciting is that this feature will be available to VMware Cloud on AWS customers with SDDCs that are on any version. To Continue reading
This week, a group of US lawmakers introduced the Stopping Grinch Bots Act — new legislation that could stop holiday hoarders on the Internet. This inspired us to put a spin on a Dr. Seuss classic:
Each person on the Internet liked Christmas a lot
But the Grinch Bot, built by the scalper did not!
The Grinch Bot hated Christmas! The whole Christmas season!
Now, please don’t ask why. No one quite knows the reason.
Cloudflare stops billions of bad bots every day. As you might have guessed, we see all types of attacks, but none is more painful than a Grinch Bot attack. Join us as we take a closer look at this notorious holiday villain...
What is the Grinch Bot? Technically speaking, it’s just a program running on a computer, making automated requests that reach different websites. We’ve come to refer to these requests as “bots” on the Internet. Bots move quickly, leveraging the efficiency of computers to carry out tasks at scale. The Grinch Bot is a very special type that satisfies two conditions:
Did you see the big announcement from AWS re:Invent that Amazon has a preview of a Private 5G service? It probably got buried under the 200 other announcements that came out on so many other things so I’ll forgive you for missing it. Especially if you also managed to miss a few of the “hot takes” that mentioned how Amazon was trying to become a cellular provider. If I rolled my eyes any harder I might have caused permanent damage. Leave it to the professionals to screw up what seems to be the most cut-and-dried case of not reading the room.
Amazon doesn’t care about providing mobile service. How in the hell did we already forget about the Amazon (dumpster) Fire Phone? Amazon isn’t trying to supplant AT&T or Verizon. They are trying to provide additional connectivity for their IoT devices. It’s about as clear as it can get.
Remember all the flap about Amazon Sidewalk? How IoT devices were going to use 900 MHz to connect to each other if they had no other connectivity? Well, now it doesn’t matter because as long as one speaker or doorbell has a SIM slot for a private 5G or CBRS node Continue reading
Our core application security features such as the WAF, firewall rules and rate limiting help keep millions of Internet properties safe. They all do so quietly without generating any notifications when attack traffic is blocked, as our focus has always been to stop malicious requests first and foremost.
Today, we are happy to announce a big step in that direction. Business and Enterprise customers can now set up proactive alerts whenever we observe a spike in firewall related events indicating a likely ongoing attack.
Alerts can be configured via email, PagerDuty or webhooks, allowing for flexible integrations across many systems.
You can find and set up the new alert types under the notifications tab in your Cloudflare account.
Two new notification types have been added to the platform.
This notification can be set up on Business and Enterprise zones, and will alert on any spike of firewall related events across all products and services. You will receive the alert within two hours of the attack being mitigated.
This notification can be set up on Enterprise zones only. It allows you to filter on the exact security service you are Continue reading
After a brief overview of the AI/ML hype, Javier Antich continued the AI and ML in Networking webinar with the basics of underlying technologies, starting with the machine learning fundamentals.
After a brief overview of the AI/ML hype, Javier Antich continued the AI and ML in Networking webinar with the basics of underlying technologies, starting with the machine learning fundamentals.
Last June, Tigera announced a first for Kubernetes: supporting open-source WireGuard for encrypting data in transit within your cluster. We never like to sit still, so we have been working hard on some exciting new features for this technology, the first of which is support for WireGuard on AKS using the Azure CNI.
First a short recap about what WireGuard is, and how we use it in Calico.
WireGuard is a VPN technology available in the Linux kernel since version 5.6 and is positioned as an alternative to IPsec and OpenVPN. It aims to be faster, simpler, leaner and more useful. This is manifested in WireGuard taking an opinionated stance on the configurability of supported ciphers and algorithms to reduce the attack surface and auditability of the technology. It is simple to configure with standard Linux networking commands, and it is only approximately 4,000 lines of code, making it easy to read, understand, and audit.
While WireGuard is a VPN technology and is typically thought of as client/server, it can be configured and used equally effectively in a peer-to-peer mesh architecture, which is how we designed our solution at Tigera to work in Kubernetes. Using Calico, Continue reading
SRv6, a form of source routing, is the new and interesting method being created by the IETF to allow traffic engineering and traffic steering. This is not the first time the networking world has tried source routing, however—and in the spirit of rule 11, we should ask some questions. How and why did source routing fail last time? Have we learned those lessons and changed the way we’re doing things to overcome those limitations? Security seems to be one area where problems arise in the source routing paradigm.
Andrew Alston joins Tom Ammon and Russ White to discuss security in SRv6.
In this episode Ed, Scott, and Tom chat about Unique Local Addresses (ULAs), what they are, how they are used, when (or if) you should use them in your networks.
The post IPv6 Buzz 90: IPv6 Unique Local Addresses (ULAs) And You appeared first on Packet Pushers.
A month ago I explained how using a BGP route reflector in a large-enough non-symmetrical network could result in suboptimal routing (or loss of path diversity or multipathing). I also promised to explain how Advertisement of Multiple Paths in BGP functionality1 solves that problem. Here we go…
I extended the original lab with another router to get a scenario where one route reflector (RR) client should use equal-cost paths to an external destination while another RR client should select a best path that is different from what the route reflector would select.
A month ago I explained how using a BGP route reflector in a large-enough non-symmetrical network could result in suboptimal routing (or loss of path diversity or multipathing). I also promised to explain how Advertisement of Multiple Paths in BGP functionality1 solves that problem. Here we go…
I extended the original lab with another router to get a scenario where one route reflector (RR) client should use equal-cost paths to an external destination while another RR client should select a best path that is different from what the route reflector would select.
Aviatrix, which makes multi-cloud networking software for public clouds, has introduced a new security feature that can identify and then block customers’ cloud-based workloads from connecting to a malicious IP address or known-bad host on the Internet. The new capability is called ThreatIQ with ThreatGuard. It’s available to customers that already license the Aviatrix Co-Pilot […]
The post Aviatrix’s Modest New Blocking Feature Hints At Greater Ambitions For Multi-Cloud Security appeared first on Packet Pushers.