The tale of a single register value
“Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth.” — Sherlock Holmes
Intro
It’s not every day that you get to debug what may well be a packet of death. It was certainly the first time for me.
What do I mean by “a packet of death”? A software bug where the network stack crashes in reaction to a single received network packet, taking down the whole operating system with it. Like in the well known case of Windows ping of death.
Challenge accepted.
It starts with an oops
Around a year ago we started seeing kernel crashes in the Linux ipv4 stack. Servers were crashing sporadically, but we learned the hard way to never ignore cases like that — when possible we always trace crashes. We also couldn’t tie it to a particular kernel version, which could indicate a regression which hopefully could be tracked down to a single faulty change in the Linux kernel.
The crashed servers were leaving behind only a crash report, affectionately known as a “kernel oops”. Let’s take a look at it and go over what information we have there.
Parts of the oops, like offsets into Continue reading
The Circular Data Center: Deploy a Cloud Operating Model While Lowering Cost and Climate Impacts
ITRenew has announced that Pluribus Netvisor ONE OS and the Adaptive Cloud Fabric controllerless SDN software are now available as part of Sesame by ITRenew rack-scale cloud solutions.
The post The Circular Data Center: Deploy a Cloud Operating Model While Lowering Cost and Climate Impacts appeared first on Pluribus Networks.
The Circular Data Center: Deploy a Cloud Operating Model While Lowering Cost and Climate Impacts
ITRenew has announced that Pluribus Netvisor ONE OS and the Adaptive Cloud Fabric controllerless SDN software are now available as part of Sesame by ITRenew rack-scale cloud solutions. Pluribus is very pleased to take part in this new circular approach to building data centers; one where we can deliver a cloud operating model with on-prem performance, while also helping our customers achieve their sustainability goals.
The timing of this partnership is apropos given the global attention to COP26, the United Nations Climate Change Conference and ongoing efforts worldwide to scale back emissions. While all industries have a responsibility on this front, the data center industry has specific, well-documented sustainability challenges that are only just starting to be properly addressed.
Most efforts to build the “green data center” have largely focused on increasing energy efficiency and using renewable energy sources, even though power used during the operational phase is only part of the problem. The bigger environmental culprit is that the industry continues to manufacture and deploy brand-new IT infrastructure equipment at a rapid pace.
In its report, “The Financial & Sustainability Case for Circularity,” ITRenew used a lifecycle model, assuming a typical 3-year operational lifetime for the equipment, Continue reading
La découverte des peers BGP LLDP
The post La découverte des peers BGP LLDP appeared first on Noction.
Even Simple Data Models Are a Huge Win
Dan Augustine sent me a wonderful example illustrating how even a very simple data model together with some automation templates can simplify a large-scale deployment.
We have a 100 router installation coming up for our schools and both of our installation vendors do not use open source templating tools and they are not willing to share.
Having taken the Data Models in Network Automation part of your Network Automation Concepts webinar, I decided to install GitLab, make an Ansible project and invite our installation partners to the project.
Even Simple Data Models Are a Huge Win
Dan Augustine sent me a wonderful example illustrating how even a very simple data model together with some automation templates can simplify a large-scale deployment.
We have a 100 router installation coming up for our schools and both of our installation vendors do not use open source templating tools and they are not willing to share.
Having taken the Data Models in Network Automation part of your Network Automation Concepts webinar, I decided to install GitLab, make an Ansible project and invite our installation partners to the project.
Label standard and best practices for Kubernetes security
In this blog post, I will be talking about label standard and best practices for Kubernetes security. This is a common area where I see organizations struggle to define the set of labels required to meet their security requirements. My advice is to always start with a hierarchical security design that is capable of achieving your enterprise security and compliance requirements, then define your label standard in alignment with your design. This is not meant to be a comprehensive guide for all your label requirements, but rather a framework that guides you through developing your own label standard to meet your specific security requirements.
Kubernetes labels for network policies
Labels are key/value pairs that are attached to Kubernetes objects to identify attributes that are intuitive for users and that are required for specific purposes, such as inventory reporting or the enforcement of an intent.
Label classification
Kubernetes network policies represent the intent of enforcing security controls to pods using labels to match intended endpoints. Label prefixes can be used to identify label classification. The following short-list is a high-level classification of endpoints required for developing a Kubernetes network policies design:
- Multi-tenancy
- Application microsegmentation
- External endpoints
- Host endpoints
Label scope
Labels Continue reading
Best Practices for Managing Your Hardening Project
A successful server hardening project requires the right techniques and tools. A critical factor that impacts ROI is how deep are you going to go with automation.How we build software at Cloudflare
Cloudflare provides a broad range of products — ranging from security, to performance and serverless compute — which are used by millions of Internet properties worldwide. Often, these products are built by multiple teams in close collaboration and delivering them can be a complex task. So ever wondered how we do so consistently and safely at scale?
Software delivery consists of all the activities to get working software into the hands of customers. It’s usual to talk about software delivery with reference to a model, or framework. These provide the scaffolding for most modern software delivery models, although in order to minimise operational friction it’s usual for a company to tailor their approach to suit their business context and culture.
For example, a company that designs the autopilot systems for passenger aircraft will require very strict tolerances, as a failure could cost hundreds of lives. They would want a different process to a cutting edge tech startup, who may value time to market over system uptime or stability.
Before outlining the approach we use at Cloudflare it’s worth quickly running through a couple of commonly used delivery models.
The Waterfall Approach
Waterfall has its foundations (pun intended) in construction and Continue reading
Arista’s Evolution to Data-Driven Networking
Arista’s EOS (Extensible Operating System) has been nurtured over the past decade, taking the best principles of extensible, open and scalable networks. While SDN evangelists insisted that the right way to build networks started with the decoupling of hardware and software in the network, manipulated by a centralized, shared controller, many companies failed to provide the core customer requisite in a clean software architecture and implementation coupled with key technical differentiation. This has been the essence of Arista EOS.
Collect hashes from remote computers
I was recently asked to create a script that should calculate the hash values of all files on remote computers. The collection must be done in parallel on all computers. My choice fell on Bash because it allows to quickly collect hashes using a combination of SSH, sshpass, find and hash (coreutils package). The collect_hashes.sh script […]Continue reading...
Where Would You Need DNS Anycast?
One of the publicly observable artifacts of the October 2021 Facebook outage was an intricate interaction between BGP routing and their DNS servers needed to support optimal anycast configuration. Not surprisingly, it was all networking engineers' fault according to some opinions1
There’s no need for anycast2/BGP advertisement for DNS servers. DNS is already highly available by design. Only network people never understand that, which leads to overengineering.
It’s not that hard to find a counter-argument3: while it looks like there are only 13 root name servers4, each one of them is a large set of instances advertising the same IP prefix5 to the Internet.
Where Would You Need DNS Anycast?
One of the publicly observable artifacts of the October 2021 Facebook outage was an intricate interaction between BGP routing and their DNS servers needed to support optimal anycast configuration. Not surprisingly, it was all networking engineers’ fault according to some opinions1
There’s no need for anycast2/BGP advertisement for DNS servers. DNS is already highly available by design. Only network people never understand that, which leads to overengineering.
It’s not that hard to find a counter-argument3: while it looks like there are only 13 root name servers4, each one of them is a large set of instances advertising the same IP prefix5 to the Internet.