Archive

Category Archives for "Networking"

Getting Started with VMware Transit Connect Intra-Region Peering for VMware Cloud on AWS

VMware Transit Connect has proven itself as a valuable tool to enable high bandwidth and speed connectivity for VMware Cloud on AWS customers and their Software Defined Data Centers (SDDCs). There are hundreds of customers using this feature across the fleet in a myriad of combinations. Since the initial offering in 2020 we have worked with our partner, AWS, to expand the service’s capabilities to include SDDC Grouping across multiple regions in addition to support for Transit/Security VPC models.  These capabilities combine to provide a comprehensive networking solution to address some of the most challenging networking requirements. However, there has been one gap in the connectivity – the ability to peer the VMware Managed Transit Gateway (VTGW) with a native AWS Transit Gateway (TGW).

At AWS re:Invent 2021, the ability to peer VTGWs to AWS TGWs in the same region, also referred to as intra-region peering was announced. VMware and AWS have been working on this solution diligently and we are excited to announce VMware Cloud on AWS support for this new capability in this announcement blog. Equally exciting is that this feature will be available to VMware Cloud on AWS customers with SDDCs that are on any version. To Continue reading

The Grinch Bot is Stealing Christmas!

The Grinch Bot is Stealing Christmas!
The Grinch Bot is Stealing Christmas!

This week, a group of US lawmakers introduced the Stopping Grinch Bots Act — new legislation that could stop holiday hoarders on the Internet. This inspired us to put a spin on a Dr. Seuss classic:

Each person on the Internet liked Christmas a lot
But the Grinch Bot, built by the scalper did not!
The Grinch Bot hated Christmas! The whole Christmas season!
Now, please don’t ask why. No one quite knows the reason.

The Grinch Bot is Stealing Christmas!

Cloudflare stops billions of bad bots every day. As you might have guessed, we see all types of attacks, but none is more painful than a Grinch Bot attack. Join us as we take a closer look at this notorious holiday villain...

25 days seconds of Christmas

What is the Grinch Bot? Technically speaking, it’s just a program running on a computer, making automated requests that reach different websites. We’ve come to refer to these requests as “bots” on the Internet. Bots move quickly, leveraging the efficiency of computers to carry out tasks at scale. The Grinch Bot is a very special type that satisfies two conditions:

  1. It only pursues online inventory, attempting to purchase items before humans can complete their orders.
  2. It only operates Continue reading

You Down with IoT? You Better Be!

Did you see the big announcement from AWS re:Invent that Amazon has a preview of a Private 5G service? It probably got buried under the 200 other announcements that came out on so many other things so I’ll forgive you for missing it. Especially if you also managed to miss a few of the “hot takes” that mentioned how Amazon was trying to become a cellular provider. If I rolled my eyes any harder I might have caused permanent damage. Leave it to the professionals to screw up what seems to be the most cut-and-dried case of not reading the room.

Amazon doesn’t care about providing mobile service. How in the hell did we already forget about the Amazon (dumpster) Fire Phone? Amazon isn’t trying to supplant AT&T or Verizon. They are trying to provide additional connectivity for their IoT devices. It’s about as clear as it can get.

Remember all the flap about Amazon Sidewalk? How IoT devices were going to use 900 MHz to connect to each other if they had no other connectivity? Well, now it doesn’t matter because as long as one speaker or doorbell has a SIM slot for a private 5G or CBRS node Continue reading

Get notified when your site is under attack

Get notified when your site is under attack
Get notified when your site is under attack

Our core application security features such as the WAF, firewall rules and rate limiting help keep millions of Internet properties safe. They all do so quietly without generating any notifications when attack traffic is blocked, as our focus has always been to stop malicious requests first and foremost.

Today, we are happy to announce a big step in that direction. Business and Enterprise customers can now set up proactive alerts whenever we observe a spike in firewall related events indicating a likely ongoing attack.

Alerts can be configured via email, PagerDuty or webhooks, allowing for flexible integrations across many systems.

You can find and set up the new alert types under the notifications tab in your Cloudflare account.

What Notifications are available?

Two new notification types have been added to the platform.

Security Events Alert

This notification can be set up on Business and Enterprise zones, and will alert on any spike of firewall related events across all products and services. You will receive the alert within two hours of the attack being mitigated.

Advanced Security Events Alert

This notification can be set up on Enterprise zones only. It allows you to filter on the exact security service you are Continue reading

There’s a 3-6 month wait for WI-Fi 6

Wi-Fi 6 is the most sought-after wireless LAN technology by enterprises, but the global chip shortage is preventing it from getting into the hands of IT pros as quickly as desired, according to the Dell’Oro Group.The usual amount of lead time required for a purchase of new Wi-Fi equipment is two to four weeks, according to the report’s author, Tam Dell’Oro, the CEO and founder of the group. “Now, we’re looking at between three and six months,” she said.[Get regularly scheduled insights by signing up for Network World newsletters.] The worldwide dearth of silicon is to blame. According to Dell’Oro, the biggest enterprise Wi-Fi vendors were the first to feel the pinc eharlier this year. Cisco, Extreme, and HPE/Aruba reported in their second-quarter results that the shortage was affecting supply, and many more US and European sellers reported similar problems in the third quarter.To read this article in full, please click here

There’s a 3-6 month wait for Wi-Fi 6

Wi-Fi 6 is the most sought-after wireless LAN technology by enterprises, but the global chip shortage is preventing it from getting into the hands of IT pros as quickly as desired, according to the Dell’Oro Group.The usual amount of lead time required for a purchase of new Wi-Fi equipment is two to four weeks, according to the report’s author, Tam Dell’Oro, the CEO and founder of the group. “Now, we’re looking at between three and six months,” she said.[Get regularly scheduled insights by signing up for Network World newsletters.] The worldwide dearth of silicon is to blame. According to Dell’Oro, the biggest enterprise Wi-Fi vendors were the first to feel the pinc eharlier this year. Cisco, Extreme, and HPE/Aruba reported in their second-quarter results that the shortage was affecting supply, and many more US and European sellers reported similar problems in the third quarter.To read this article in full, please click here

Review of two Cradlepoint mobile routers

At the transportation organization where I work, we employ two Cradlepoint mobile-router models in our vehicles: the industrial IBR-1700 vehicular routers in our 97 buses and eight smaller IBR-900 vehicular routers in maintenance trucks, operations vans, and other multipurpose vans.The reason for these cellular routers in the buses is to provide a WAN connection to systems on the buses including GPS, electronic signage, passenger counters, and fareboxes.How they are networked These information-gathering systems connect to the primary processing device on the vehicles called the medius box, which is part of our computer-aided dispatch/automatic vehicle location (CAD/AVL) setup. The medius boxes are connected to the Cradlepoint routers, which link over 4G LTE to a server that collects and manages all of the vehicle’s location and onboard media data.To read this article in full, please click here

Calico WireGuard support with Azure CNI

Last June, Tigera announced a first for Kubernetes: supporting open-source WireGuard for encrypting data in transit within your cluster. We never like to sit still, so we have been working hard on some exciting new features for this technology, the first of which is support for WireGuard on AKS using the Azure CNI.

First a short recap about what WireGuard is, and how we use it in Calico.

What is WireGuard?

WireGuard is a VPN technology available in the Linux kernel since version 5.6 and is positioned as an alternative to IPsec and OpenVPN. It aims to be faster, simpler, leaner and more useful. This is manifested in WireGuard taking an opinionated stance on the configurability of supported ciphers and algorithms to reduce the attack surface and auditability of the technology. It is simple to configure with standard Linux networking commands, and it is only approximately 4,000 lines of code, making it easy to read, understand, and audit.

While WireGuard is a VPN technology and is typically thought of as client/server, it can be configured and used equally effectively in a peer-to-peer mesh architecture, which is how we designed our solution at Tigera to work in Kubernetes. Using Calico, Continue reading

Hedge 110: Andrew Alston and SRv6 Security

SRv6, a form of source routing, is the new and interesting method being created by the IETF to allow traffic engineering and traffic steering. This is not the first time the networking world has tried source routing, however—and in the spirit of rule 11, we should ask some questions. How and why did source routing fail last time? Have we learned those lessons and changed the way we’re doing things to overcome those limitations? Security seems to be one area where problems arise in the source routing paradigm.

Andrew Alston joins Tom Ammon and Russ White to discuss security in SRv6.

download

Confluent Platform 7.0: Data Streaming Across Multiclouds

The challenge is clear: How to offer real- or near real-time access to data that is continually refreshed across a number of different distributed environments. With different types of data streaming from various sources such as multicloud and on-premises environments, the data, often in shared digital layers such as so-called digital information hubs (DIHs), must be updated asynchronously. This is necessary in order to maintain a consistent user experience. To that end, data streaming platform provider Apache Kafka, hundreds of different applications and data systems can use it to migrate to the cloud or share data between their data center and the public cloud, Confluent says. Traditionally, syncing data between multiple clouds or between on-premises and the cloud was “like a bad game of telephone,”

LoRa takes a trip to the moon and back, chirping all the way

LoRa is living up to its name, literally.A shortened version of “long range” (ironic!), LoRa is a wide-area wireless modulation technique that encodes information on radio waves. LoRa, which has been around since 2015, is derived from Chirp Spread Spectrum (CSS) technology and uses chirp pulses to transmit small bits of data. It also uses very little power. The proprietary technology is owned by semiconductor supplier Semtech Corp[Get regularly scheduled insights by signing up for Network World newsletters.] LoRa’s value is in transmitting data for sensors and other connected devices that require little power to operate. Not only can LoRa withstand disturbances, it can transmit data at longer ranges than better known wireless technologies such as Wi-Fi and Bluetooth. So long, in fact, that demonstrations of LoRa’s transmission capabilities now must extend into near space.To read this article in full, please click here

Optimal BGP Path Selection with BGP Additional Paths

A month ago I explained how using a BGP route reflector in a large-enough non-symmetrical network could result in suboptimal routing (or loss of path diversity or multipathing). I also promised to explain how Advertisement of Multiple Paths in BGP functionality1 solves that problem. Here we go…

I extended the original lab with another router to get a scenario where one route reflector (RR) client should use equal-cost paths to an external destination while another RR client should select a best path that is different from what the route reflector would select.

Optimal BGP Path Selection with BGP Additional Paths

A month ago I explained how using a BGP route reflector in a large-enough non-symmetrical network could result in suboptimal routing (or loss of path diversity or multipathing). I also promised to explain how Advertisement of Multiple Paths in BGP functionality1 solves that problem. Here we go…

I extended the original lab with another router to get a scenario where one route reflector (RR) client should use equal-cost paths to an external destination while another RR client should select a best path that is different from what the route reflector would select.

Aviatrix’s Modest New Blocking Feature Hints At Greater Ambitions For Multi-Cloud Security

Aviatrix, which makes multi-cloud networking software for public clouds, has introduced a new security feature that can identify and then block customers’ cloud-based workloads from connecting to a malicious IP address or known-bad host on the Internet. The new capability is called ThreatIQ with ThreatGuard. It’s available to customers that already license the Aviatrix Co-Pilot […]

The post Aviatrix’s Modest New Blocking Feature Hints At Greater Ambitions For Multi-Cloud Security appeared first on Packet Pushers.