Archive

Category Archives for "Networking"

Watch Out: ISR Performance License

Bill Dagy sent me an annoying ISR gotcha. In his own words:

Since you have a large audience I thought I would throw this out here. Maybe it will help someone avoid spending 80 man hours troubleshooting network slowdowns.

Here’s the root cause of that behavior:

Cisco is now shipping routers that have some specified maximum throughput, but you have to buy a “boost license” to run them unthrottled. Maybe everyone already knew this but it sure took us by surprise.

Don’t believe it? Here’s a snapshot from Cisco 4000 Family Integrated Services Router Data Sheet:

Gigabyte and CoolIT partner for liquid cooled servers

Gigabyte Technology isn’t the first name that comes to mind in data-center hardware. It’s better known as a consumer player, but it is a significant server player none the less, making server motherboards on par with other top names like Supermicro.Now the company has teamed with CoolIT Systems to provide two high-density servers equipped with liquid-cooling technology.The servers, H262-ZL0 and H262-ZL2, are equipped with direct liquid cooling for CPUs designed to support the high-performing but super-hot 280 watt AMD EPYC 7003 (Milan) processors.The servers, based on the company's H262-Z6x family of air-cooled servers, are hyperconverged and very dense, targeting HPC, HCI, in-memory-computing, and scientific-research markets. They both pack four nodes with two sockets each and eight DIMM slots per node in a 2U form factor. To read this article in full, please click here

Gigabyte and CoolIT partner for liquid cooled servers

Gigabyte Technology isn’t the first name that comes to mind in data-center hardware. It’s better known as a consumer player, but it is a significant server player none the less, making server motherboards on par with other top names like Supermicro.Now the company has teamed with CoolIT Systems to provide two high-density servers equipped with liquid-cooling technology.The servers, H262-ZL0 and H262-ZL2, are equipped with direct liquid cooling for CPUs designed to support the high-performing but super-hot 280 watt AMD EPYC 7003 (Milan) processors.The servers, based on the company's H262-Z6x family of air-cooled servers, are hyperconverged and very dense, targeting HPC, HCI, in-memory-computing, and scientific-research markets. They both pack four nodes with two sockets each and eight DIMM slots per node in a 2U form factor. To read this article in full, please click here

The search for the optimum network: Don’t let IT vendors sell you on lock-in

How should an enterprise pick products to build its network? Do they look for the best of each product category, knowing this will increase both integration issues and finger-pointing? Do they select the best vendor overall, knowing that this will invite vendor lock-in and compromises in each product category?This issue is as old as networking, and we’ve still not resolved it. How do enterprises decide when to add a vendor in hopes of getting the best technology, and protect themselves from the consequences?SD-WAN buyers guide: Key questions to ask vendors Every network vendor wants to be your only vendor. No network vendor wants to accept responsibility for problems, and most don’t even want to work hard to find out who’s causing them. Big network-equipment vendors have not only fallen behind on innovation, they work to actively stifle it, fearing it could damage their incumbent position. These are the views of enterprises, whether they favor single-vendor networks or best-of-breed.To read this article in full, please click here

Is Network Security Relevant in the Cloud?

Vishal Jain Vishal Jain is the co-founder and CTO of Valtix. Vishal is a seasoned executive and has held engineering leadership roles across many successful startups and big companies in the networking and security space. Vishal was an early member of Andiamo Systems, Nuova Systems, and Insieme Networks, which were acquired by Cisco Systems. Vishal was also responsible for leading the security engineering team at Akamai and built their live streaming service in their early days. Is Network Security Relevant in the Cloud? Short answers: yes, and no. But the details matter. For the last 15 months, we’ve seen a previously unimaginable acceleration in the use of cloud and greater reliance on technology overall, all of which pushes more app efforts to cloud faster than originally planned. This acceleration brings several discussions to a head, but we’re here to talk about network security (netsec). Within netsec in the cloud, there are a few different ways of segmenting, but where this article will draw the line is between protecting users as they access the cloud and protecting apps deployed into the cloud. The former, protecting users, has seen plenty of investment and innovation and is a relatively well-understood problem. The latter Continue reading

Keith’s Law (1)

I sometimes reference Keith’s Law in my teaching, but I don’t think I’ve ever explained it. Keith’s Law runs something like this:

Any large external step in a system’s capability is the result of many incremental changes within the system.

The reason incremental changes within a system appear as a single large step to outside observers is the smaller changes are normally hidden by abstraction. This is, in fact, the purpose of abstraction—to hide small changes inside a system from external view. Keith’s law is closely related to Clarke’s third law that “Any sufficiently advanced technology is indistinguishable from magic.” What looks like magic from the outside is really just a bunch of smaller things—each easier to understand on its own—combined into one single “thing” through abstraction.
If you’ve read this far, you’re probably thinking—what does this have to do with network engineering?
Well, several things, really.

First—the network is just an abstraction that moves packets to its users. Moving packets seems so … simple … to network users. You put data in here, and data comes out over there. All the little stuff that goes into making a network work are lost in the abstraction of the virtual Continue reading

Lightning-fast Kubernetes networking with Calico & VPP

Public cloud infrastructures and microservices are pushing the limits of resources and service delivery beyond what was imaginable until very recently. In order to keep up with the demand, network infrastructures and network technologies had to evolve as well. Software-defined networking (SDN) is the pinnacle of advancement in cloud networking; by using SDN, developers can now deliver an optimized, flexible networking experience that can adapt to the growing demands of their clients.

This article will discuss how Tigera’s new Vector Packet Processing (VPP) data plane fits into this landscape and share some benchmark details about its performance. Then it will demonstrate how to run a VPP-equipped cluster using AWS public cloud and secure it with Internet Protocol Security (IPsec).

 

Introduction to Vector Packet Processing

Project Calico is an open-source networking and security solution. Although it focuses on securing Kubernetes networking, Calico can also be used with OpenStack and other workloads. Calico uses a modular data plane that allows a flexible approach to networking, providing a solution for both current and future networking needs.

VPP is an easily extensible, kernel-independent, highly optimised, and blazing-fast open-source data plane project that operates between layer 2 and layer 4 of the OSI Continue reading

Simplification through Unification: One Network Across the Entire Multi-Cloud

Two major pillars of VMworld 2021 focus on enhancing productivity and consistency. More than ever, businesses are demanding consistent, secure, and reliable communication between apps and users. What Networking professionals at VMworld want to reinforce is that multi-cloud ops shouldn’t have to slow down due to poor app distribution among workspaces. The network should be durable and secure everywhere. While  threats are inevitable, businesses can be prepared by learning how to converge networking, security, and threat detection within the cloud. And that’s exactly what we’re going to teach you at this year’s virtual event. 

Valued customers of all different industries have chosen to allow VMware’s multi-cloud ops solutions to guide them through their digital transformation. Susan Wu, Senior Product Marketing Manager, and Aamer Aakhter, Product Manager, are two seasoned VMware leaders who will take you through how customers achieved multi-cloud excellence, and how you can say “Goodbye Compromises Everywhere. Hello Productivity Anywhere,” with this VMworld session. 

While simplicity may look different depending upon an organization’s goals, there is one thing that remains constant: performance shouldn’t have to be sacrificed for safety. Your enterprise should be able to streamline the entire multi-cloud to remain agile, productive, and increasingly adaptive against any threat or operational hiccup.  

IT portfolios are becoming increasingly Continue reading

IBM and Atos partner to help financial businesses migrate to the cloud

IBM has partnered with Atos, the closest thing it has to an equal in Europe, to help boost the digital transformation and cloud migration initiatives for banks and insurance companies in a project called Atos Cloud Centre of Excellence.Finance is one of the most regulated industries and, therefore, one of the most reluctant to move to the cloud. The center’s goal is to increase security and regulatory compliance for financial services companies around the world that wish to move their workloads to the cloud.Atos and IBM said the center will provide technology and financial services expertise for clients, backed by dedicated Atos professionals who are trained on IBM Cloud for Financial Services, IBM Cloud Paks and Red Hat OpenShift.To read this article in full, please click here

BrandPost: Huawei OceanProtect: A Pioneer in All-Scenario Data Protection

Huawei OceanProtect Data Protection provides a series of comprehensive data protection solutions that cover disaster recovery (DR), data backups, and data archiving for the rapid growth of diversified service data and the entire data lifecycle. Based on the concept of "full DR of hot data, quick backup and restore of warm data, and warm archiving of cold data," OceanProtect Data Protection can provide zero service interruption, data integrity, and long-term data retention.Full DR of Hot Data: Integrated DR for Storage Access Networks (SAN) and Network-Attached Storage (NAS) and Stress-Free Upgrade for Maximum ROI  As our businesses and lives become digitalized, our expectations for uninterrupted productivity are absolute, making the continuity of data services and networks increasingly important. Today, if a data center breaks down, it can have a significant impact on people's lives, more so for the vast majority of businesses that don't have effective DR systems. Many critical financial and telecom enterprises whose services national economies and citizen's livelihoods depend on, have not yet built intra-city or remote DR facilities. Furthermore, in healthcare and manufacturing, where service continuity is key to saving lives, many enterprises lack sufficient DR facilities. Even those that are constructing DR facilities frequently Continue reading

Announcing Cloudflare R2 Storage: Rapid and Reliable Object Storage, minus the egress fees

Announcing Cloudflare R2 Storage: Rapid and Reliable Object Storage, minus the egress fees
Announcing Cloudflare R2 Storage: Rapid and Reliable Object Storage, minus the egress fees

We’re excited to announce Cloudflare R2 Storage! By giving developers the ability to store large amounts of unstructured data, we’re expanding what’s possible with Cloudflare while slashing the egress bandwidth fees associated with typical cloud storage services to zero.

Cloudflare R2 Storage includes full S3 API compatibility, working with existing tools and applications as built.

Let’s get into the R2 details.

R2 means “Really Requestable”

Object Storage, sometimes referred to as blob storage, stores arbitrarily large, unstructured files. Object storage is well suited to storing everything from media files or log files to application-specific metadata, all retrievable with consistent latency, high durability, and limitless capacity.

The most familiar API for Object Storage, and the API R2 implements, is Amazon’s Simple Storage Service (S3). When S3 launched in 2006, cloud storage services were a godsend for developers. It didn’t happen overnight, but over the last fifteen years, developers have embraced cloud storage and its promise of infinite storage space.

As transformative as cloud storage has been, a downside emerged: actually getting your data back. Over time, companies have amassed massive amounts of data on cloud provider networks. When they go to retrieve that data, they’re hit with massive egress fees that Continue reading

Registrar for Everyone

Registrar for Everyone
Registrar for Everyone

Today, we are excited to announce that all Cloudflare customers now have full Registrar access, including the ability to register new domains.

Second, starting today — and over the course of the next few weeks — we will be introducing over 40 new top-level domains (TLDs). We’re starting with .uk, our most requested country code extension. Initially, customers will only be able to transfer in existing .uk domains from other registrars, but support for new registrations will become available within the next few weeks. In keeping with our at-cost model, .uk domains will be priced at the wholesale registry fee.

A short registrar primer

In the domain name world, there are two key players: registrars and registries. Understandably, the two are often confused. One way to look at it is that registries are the wholesalers and registrars are the retailers. Registries host the centralized database of registered domains within a TLD. They are responsible for establishing the policies and business rules for the TLD. They also set the wholesale price. Registrars sell domains to end users and manage those registrations on an ongoing basis. They set the retail fee, collect payment, provide customer support, and ensure registrations are renewed Continue reading

A Better Internet with UN Global Compact

A Better Internet with UN Global Compact
A Better Internet with UN Global Compact

Every year during Birthday Week, we talk about what we mean by our mission to help build a better Internet. We release support for new standards and products that help the global Internet community and give things like unmitigated DDoS Protection away for free. We also think about our role as an active participant in the global community of individuals, companies and governments that make the Internet what it is.

In 2020, we decided to formalize our commitment to being an active partner in the global community by joining the UN Global Compact (UNGC) as a signatory. We share the view that achievement of the Sustainable Development Goals set out in the UN Global Compact are the blueprint for a better and more sustainable future. Today, we are proud to release our first Communication on Progress, which describes how we are integrating UNGC principles across our company and as part of helping build a better Internet.

Shared values, economy, and Internet

In 1999, then UN Secretary General Kofi Annan shared a sober message with business leaders gathered at the World Economic Forum in Davos. He argued that basic protections like human rights, environmental sustainability, and fair labor practices are Continue reading

Gartner: SD-WAN, SASE biggest drivers of WAN edge infrastructure

The past several years have seen a large-scale shift from traditional MPLS-based customer edge routers to SD-WAN technology, according to Gartner’s 2021 Magic Quadrant for WAN Edge Infrastructure.  Overall spending on WAN edge will grow by 2.6% per year through 2025, according to the report. The increased sales of WAN edge technology in general is driven by SD-WAN equipment designed to support work-from-home and in-office environments are slightly dampened by the fact that sales of traditional branch office routers are sharply down as a consequence, Gartner says. As the world shifts from working from home to working from anywhere, companies have begun to shift away from the VPN as the main tool for keeping remote workers secure, and towards more-fully featured SD-WAN technologies, with the idea of eventually implementing zero-trust network access for maximal security, Gartner’s report noted.To read this article in full, please click here

How and why automation can improve network-device security

The recent T-Mobile data breach, reportedly facilitated by attackers gaining access to an unprotected router and from there into the network, could have been prevented through the use of network automation.IDS, IPS, SASE, and other newer technologies get a lot more attention, but automation is critical to modern network security. Here’s a look at how automation should be used to enhance network security.To read this article in full, please click here

How and why automation can improve network-device security

The recent T-Mobile data breach, reportedly facilitated by attackers gaining access to an unprotected router and from there into the network, could have been prevented through the use of network automation.IDS, IPS, SASE, and other newer technologies get a lot more attention, but automation is critical to modern network security. Here’s a look at how automation should be used to enhance network security.To read this article in full, please click here

Graceful Restart 101

In the Non-Stop Forwarding (NSF) article, I mentioned that the routers adjacent to the device using NSF have to play along to make the idea work. That capability is called Graceful Restart. Today we’ll explore its intricate details, be diplomatic, and leave the shortcomings and tradeoffs for the next blog post.

The Problem

Imagine an access (provider edge) router providing connectivity services to its clients and running a routing protocol with one or more upstream devices.

Graceful Restart (GR) 101

In the Non-Stop Forwarding (NSF) article, I mentioned that the routers adjacent to the device using NSF have to play along to make the idea work. That capability is called Graceful Restart. Today we’ll explore its intricate details, be diplomatic, and leave the shortcomings and tradeoffs for the next blog post.

The Problem

Imagine an access (provider edge) router providing connectivity services to its clients and running a routing protocol with one or more upstream devices.

Nornir – The Basics

If you have an understanding of Python and have been working with Ansible it is likely at some point you will get to the stage where you ask yourself ‘there has to be something better’. For network automation that better could well be Nornir.