Hedge 109: Edward Lewis and the DNS Core
What is the “core” of the DNS system, and how has it changed across the years? Edward Lewis joins Tom Ammon and Russ White to discuss his research into what the “core” of the domain name system is and how it has changed—including the rise of the large cloud players to the core of the default free zone.
What Is Near-Zero Downtime Migration for SAP Systems
With the right approach, it is possible to drastically minimize scheduled downtime and its impact to the business when conducting an SAP migration.IPv6 Buzz 089: An IPv6 Deployathon With AFRINIC
In this IPv6 Buzz episode, Tom and Ed chat with Mukom Tamon, AFRINIC's head of capacity building, about IPv6 Deployathon events and how Mukom and AFRINIC are helping move IPv6 deployment forward in Africa and beyond.
The post IPv6 Buzz 089: An IPv6 Deployathon With AFRINIC appeared first on Packet Pushers.
IPv6 Buzz 089: An IPv6 Deployathon With AFRINIC
In this IPv6 Buzz episode, Tom and Ed chat with Mukom Tamon, AFRINIC's head of capacity building, about IPv6 Deployathon events and how Mukom and AFRINIC are helping move IPv6 deployment forward in Africa and beyond.What’s New in Calico v3.21
It’s that time again; we’re really happy to announce Calico v3.21! As always, thank you to everyone who contributed to this release! For detailed release notes, please go here. Alongside the usual-but-essential bug fixes and other improvements, there are some big new improvements to be aware of:
BGP Improvements
Calico supports BGP, which is used within the cluster in some scenarios, and to allow you to integrate cluster routing with your upstream network devices. Now though, you can even view the status of your BGP sessions, including RIB / FIB contents, and agent health via the new CalicoNodeStatus API. See the API documentation for more details.
In addition, you get more granular control; you can control BGP advertisement of certain prefixes using the new disableBGPExport option on each IP pool.
Service-based network policy improvements
If you aren’t already familiar with them, the egress policy rules that can match on Kubernetes services, introduced in v3.20, are pretty transformative. However we have improved even further upon them in two ways:
- Now, you can use service matches in Calico NetworkPolicy and GlobalNetworkPolicy ingress rules.
- And, you can even now use service-based network policy rules on Windows nodes!
Option to run Calico Continue reading
HS013 SaaS Solutions – What Does the Customer Lose ?
SaaS is popular as a 'not my problem' solution and easy-on-pocket entrè. So lets examine adversarial question "What does the customer lose?". Johna and Greg discuss many issues on both in the search for critical analysis on SaaS and the longer term impacts.
The post HS013 SaaS Solutions – What Does the Customer Lose ? appeared first on Packet Pushers.
HS013 SaaS Solutions – What Does the Customer Lose ?
SaaS is popular as a 'not my problem' solution and easy-on-pocket entrè. So lets examine adversarial question "What does the customer lose?". Johna and Greg discuss many issues on both in the search for critical analysis on SaaS and the longer term impacts.
Workers, Now Even More Unbound: 15 Minutes, 100 Scripts, and No Egress
Our mission is to enable developers to build their applications, end to end, on our platform, and ruthlessly eliminate limitations that may get in the way. Today, we're excited to announce you can build large, data-intensive applications on our network, all without breaking the bank; starting today, we're dropping egress fees to zero.
More Affordable: No Egress Fees
Building more on any platform historically comes with a caveat — high data transfer cost. These costs often come in the form of egress fees. Especially in the case of data intensive workloads, egress data transfer costs can come at a high premium, depending on the provider.
What exactly are data egress fees? They are the costs of retrieving data from a cloud provider. Cloud infrastructure providers generally pay for bandwidth based on capacity, but often bill customers based on the amount of data transferred. Curious to learn more about what this means for end users? We recently wrote an analysis of AWS’ Egregious Egress — a good read if you would like to learn more about the ‘Hotel California’ model AWS has spun up. Effectively, data egress fees lock you into their platform, making you choose your provider based not on Continue reading
Cloudflare Images introduces AVIF, Blur and Bundle with Stream
Two months ago we launched Cloudflare Images for everyone, and we are amazed about the adoption and the feedback we received.
Let’s start with some numbers:
More than 70 million images delivered per day on average in the week of November 5 to 12.
More than 1.5 million images have been uploaded so far, growing faster every day.
But we are just getting started and are happy to announce the release of the most requested features, first we talk about the AVIF support for Images, converting as many images as possible with AVIF results in highly compressed, fast delivered images without compromising on the quality.
Secondly we introduce blur. By blurring an image, in combination with the already supported protection of private images via signed URL, we make Cloudflare Images a great solution for previews for paid content.
For many of our customers it is important to be able to serve Images from their own domain and not only via imagedelivery.net. Here we show an easy solution for this using a custom Worker or a special URL.
Last but not least we announce the launch of new attractively priced bundles for both Cloudflare Images and Stream.
Images Continue reading
Developer Spotlight: Automating Workflows with Airtable and Cloudflare Workers
Next up on the Developer Spotlight is another favourite of mine. Today’s post is by Jacob Hands. Jacob operates TriTails Premium Beef, which is an online store for meat, a very perishable good. So he has a lot of unique challenges when it comes to shipping. To deal with their growth, Jacob, a developer by trade, turned to Airtable and Cloudflare Workers to automate a lot of their workflow.
One of Jacob’s quotes is one of my favourites:
“Sure, Cloudflare Workers allows you to scale to billions of requests per day, but it is also awesome for a few hundred requests a day.”
Here is Jacob talking about how it only took him a few days to put together a fully customised workflow tool by integrating Airtable and Workers. And how it saves them multiple hours every single day.
Shipping Requirements
Working at a new e-commerce business shipping perishable goods has several challenges as operations scale up. One of our biggest challenges is that daily shipping throughput is limited. Partly because of a small workspace, limiting how many employees can simultaneously pack orders, and also because despite having a requested pickup time with UPS, they often show up Continue reading
Modifying HTTP response headers with Transform Rules
HTTP headers are central to how the web works. They are used for passing additional information between the client and server, such as which security permissions to apply and information about the client, allowing the correct content to be served.
Today we are announcing the immediate availability of the third action within Transform Rules, “HTTP Response Header Modification”, available for all Cloudflare plans. This new functionality provides Cloudflare users the ability to set or remove HTTP response headers as traffic returns through Cloudflare back to the client. This allows customers to enrich responses with information about how their request was handled, debugging information and even recruitment messages.
Previously, HTTP response header modification was done using a Cloudflare Worker. Today we’re introducing an easier way to do this without writing a single line of code.
Luggage tags of the World Wide Web
Think of HTTP headers as the “luggage tag” attached to your bags when you check in at the airport.
Generally, you don't need to know what those numbers and words mean. You just know they are important in getting your suitcase from the boarding desk, to the correct airplane, and back to the correct luggage carousel at your destination.
The Cloudflare Developer Expert Program: apply today!
Today we’re launching the Cloudflare Developer Expert Program: an initiative to support and recognize our VIP users who build with Workers, Pages, and the entire Cloudflare developer ecosystem.
A Cloudflare Developer Expert is an early adopter of new releases, a frequent participant in feedback sessions, and an evangelist for Cloudflare products made for the larger developer community.
But first, what are the benefits of becoming a Cloudflare Developer Expert?
- Early access to features (e.g., private betas)
- Admission to a private community of power users
- Routine calls with product managers, engineers, and developer advocates
- Sponsorships for OSS work
- Our best swag, of course
We have already sent invites to our first batch of power users, but if you’d like to join or want to nominate a developer, please fill out this form.
Why We Made This Program
We ship very quickly at Cloudflare.
This is because we want feedback early in development, allowing users to challenge our assumptions and validate what we’re building. In the Workers team, this strategy has been very successful.
For example, we began beta testing custom builds for Wrangler (our CLI tool) that allow you to run any JavaScript bundler you want. This was Continue reading
Hardware Differences between Routers and Switches
One of my readers sent me this age-old question:
Is there a real difference in the underlying hardware of switches and routers in terms of the traffic processing chips and their capabilities in terms of routing and switching (or should I say only switching)?
Let’s get the terminology straight. Router is a technical term for a device that forwards packets based on network layer information. Switch is a marketing term for a device that does something with packets.
Rephrasing the question: is there a hardware difference between a box marketed as a router and another box marketed as a layer-3 switch?
TL&DR: Yes.
Doing packet forwarding at high speeds is expensive, and simpler forwarding pipeline results in cheaper (or faster) silicon.
If you don’t need complex high-speed functionality (like a thousand interface output queues with per-flow classifier), you create a simpler ASIC and call the device a switch. If you thrive on overpriced products, you create as complex an ASIC as you can make it and call the device using it a router. EX9200 is an obvious counterexample, but then Juniper always looked like DEC of networking to me.
There’s even a difference in capabilities between spine- and leaf data Continue reading
Hardware Differences between Routers and Switches
One of my readers sent me this age-old question:
Is there a real difference in the underlying hardware of switches and routers in terms of the traffic processing chips and their capabilities in terms of routing and switching (or should I say only switching)?
Let’s get the terminology straight. Router is a technical term for a device that forwards packets based on network layer information. Switch is a marketing term for a device that does something with packets.
Rephrasing the question: is there a hardware difference between a box marketed as a router and another box marketed as a layer-3 switch?
TL&DR: Yes.
Day Two Cloud 124: New Cloud Security Thinking
Today on Day Two Cloud, we talk about new ways of thinking about security for cloud. As organizations adopt cloud services, they're applying on-prem security designs. Our guest Adeel Ahmad is here to argue that this doesn't work, and that you need a different approach.
The post Day Two Cloud 124: New Cloud Security Thinking appeared first on Packet Pushers.
Day Two Cloud 124: New Cloud Security Thinking
Today on Day Two Cloud, we talk about new ways of thinking about security for cloud. As organizations adopt cloud services, they're applying on-prem security designs. Our guest Adeel Ahmad is here to argue that this doesn't work, and that you need a different approach.Top Issues in Evaluating UC Reporting and Analysis Packages
Advanced capabilities and analytics take center stage as enterprises consider third-party offerings to span the premises, cloud, and hybrid communications scenarios.How William Hill Achieved Success in their Journey to Multi-Cloud
A commonly used term in the sports betting world is handicapper. A handicapper is a person who analyzes sports events to predict the winning team or player. This person (or team) focuses on all the moving pieces in a chaotic or high-stakes environment to make business-critical decisions. Similarly, in managing a multi-cloud environment, organizations have a lot at stake, and they must make crucial operational choices for the sake of security and the end-user experience. Having the ability to spot challenges in advance when moving through a multi-cloud journey will make the difference between success and failure. We’re going to look at three of the key multi-cloud challenges organizations face, as well as a real-life customer success story, William Hill, and how they overcame some of their biggest obstacles in their quest for multi-cloud success.
3 Roadblocks to Multi-Cloud
Regardless of where your organization started, there are three primary challenges you will likely face in moving to multi-cloud. To begin, every cloud is different in the way that it operates. This creates issues when it comes to connecting services across different cloud environments. Second, each cloud has its own methods and APIs when it comes to securing workloads. Thus, the process can lose consistency when different clouds are trying to communicate with one another. Lastly, providing a winning end-user experience requires strong observability within a multi-cloud environment. If that doesn’t exist, the bread and butter of your enterprise is at stake.
So, how do you move past these roadblocks?
There are three must-haves to keep in mind — and to keep you calm, cool, and collected when facing Continue reading