0

The benefits of serving stale DNS entries when using Consul

Introduction

We use Consul for service discovery, and we’ve deployed a cluster that spans several of our data centers. This cluster exposes HTTP and DNS interfaces so that clients can query the Consul catalog and search for a particular service and the majority of the clients use DNS. We were aware from the start that the DNS query latencies were not great from certain parts of the world that were furthest away from these data centers. This, together with the fact that we use DNS over TLS, results in some long latencies. The TTL of these names being low makes it even more impractical when resolving these names in the hot path.

The usual way to solve these issues is by caching values so that at least subsequent requests are resolved quickly, and this is exactly what our resolver of choice, Unbound, is configured to do. The problem remains when the cache expires. When it expires, the next client will have to wait while Unbound resolves the name using the network. To have a low recovery time in case some service needs to failover and clients need to use another address we use a small TTL (30 seconds) Continue reading

0

VoIP Packet Fight: Troubleshooting Phone Initialization Problems

Using a Profitap/ProfiShark tap to understand why VoIP phones got stuck on initializing, we could find a workaround to get things up and running.

0

Happy International Women’s Day!

Here at Cloudflare, we’re thrilled to celebrate International Women’s Day today! We have tons of events planned throughout the month of March, which is our way of honoring Women’s Empowerment Month. We’ll be making sure we acknowledge women’s achievements, raise awareness about women’s equality, and lobby for accelerated gender parity — Cloudflare style.

We take the International Women’s Day initiatives and its calls to action seriously. Then again, how could we not? The latest 2020 Global Gender Gap Report from the World Economic Forum indicates that it’ll take another 257 years to close the gender gap, if we continue at our current pace of progress. It’s going to take all of us to make a positive impact and accelerate the reality of a gender equal world.

Introducing Womenflare

Before we dive further into how we’re planning to celebrate International Women’s Day and Women’s Empowerment Month, we’d like to introduce ourselves. We’re Womenflare — Cloudflare’s Employee Resource Group (ERG) for all who identify as and advocate for women (Talea and Angela are the global Womenflare leads and John is the Womenflare executive advocate). We launched Womenflare on International Women’s Day in 2020, and it was one of the last things we Continue reading

0

Pure Storage, Equinix team for new bare-metal offerings

Flash-array vendor Pure Storage and data-center provider Equinix have teamed to deliver Pure Storage on Equinix Metal, a joint offering the companies claim can deliver physical infrastructure at software speed.The platform provides enterprises with embedded storage and on-demand availability of network and compute services, typical of the cloud. The solution is designed to support a range of storage use cases and is provided by both vendors under a single contract.To read this article in full, please click here

0

Pure Storage, Equinix team for new bare-metal offerings

Flash-array vendor Pure Storage and data-center provider Equinix have teamed to deliver Pure Storage on Equinix Metal, a joint offering the companies claim can deliver physical infrastructure at software speed.The platform provides enterprises with embedded storage and on-demand availability of network and compute services, typical of the cloud. The solution is designed to support a range of storage use cases and is provided by both vendors under a single contract.To read this article in full, please click here

0

WAN challenges steer auto-rental firm to SASE

Latency and reliability concerns set car rental company Sixt on a path to rearchitect its WAN. That led the global company, which has locations in more than 100 countries, to become an early adopter of the network-security architecture dubbed secure access service edge (SASE) by research firm Gartner. Tech Spotlight: Security 4 ways to keep the cybersecurity conversation going after the crisis (CSO) Mitigating the hidden risks of digital transformation (CIO) WFH security lessons from the pandemic (Computerworld) WAN challenges steer Sixt to cloud-native SASE deployment (Network World) 6 security risks in software development — and how to address them (InfoWorld) SASE, pronounced "sassy," blends SD-WAN's network optimization features with security capabilities such as zero-trust authentication, data loss prevention, threat detection, and encryption. Driven by demand for a more efficient, scalable network-security architecture, SASE can enable greater network reliability, more flexible deployment options, and pervasive security. The technology is in its infancy but projected to grow quickly. Gartner estimates at least 40% of enterprises will have explicit strategies to adopt SASE by 2024, up from less than 1% at the end of 2018.To read this article in full, please click here

0

Cybersecurity in 2021: Stopping the madness

The challenges are greater than ever. But security pros have learned a lot – and with luck, the right strategic defenses can help even the highest-value targets withstand severe attacks.

0

WAN challenges steer auto-rental firm to SASE

Latency and reliability concerns set car rental company Sixt on a path to rearchitect its WAN. That led the global company, which has locations in more than 100 countries, to become an early adopter of the network-security architecture dubbed secure access service edge (SASE) by research firm Gartner. Tech Spotlight: Security 4 ways to keep the cybersecurity conversation going after the crisis (CSO) Mitigating the hidden risks of digital transformation (CIO) WFH security lessons from the pandemic (Computerworld) WAN challenges steer Sixt to cloud-native SASE deployment (Network World) 6 security risks in software development — and how to address them (InfoWorld) SASE, pronounced "sassy," blends SD-WAN's network optimization features with security capabilities such as zero-trust authentication, data loss prevention, threat detection, and encryption. Driven by demand for a more efficient, scalable network-security architecture, SASE can enable greater network reliability, more flexible deployment options, and pervasive security. The technology is in its infancy but projected to grow quickly. Gartner estimates at least 40% of enterprises will have explicit strategies to adopt SASE by 2024, up from less than 1% at the end of 2018.To read this article in full, please click here

0

Cybersecurity in 2021: Stopping the madness

The challenges are greater than ever. But security pros have learned a lot – and with luck, the right strategic defenses can help even the highest-value targets withstand severe attacks.

0

Aruba chief: Enterprises must adjust to new normal of remote working

When HPE bought Aruba in 2015, Aruba’s then-president and CEO Dominic Orr said that his company had effectively acquired HP Networking. Aruba’s performance since then has largely borne out Orr’s bullish prediction, as the company has become the driving force behind HPE’s enterprise networking efforts and dramatically grown its market share, expanding beyond its roots as a primarily mid-sized campus networking provider to become a leading competitor to the market’s 800-pound gorilla, Cisco.With HPE’s most recent earnings reports showing the Aruba division having posted $806 million in revenues for the first fiscal quarter of 2021, up 12% year-over-year, Keerti Melkote, president and founder of Aruba, sat down with Network World to talk about network architecture, competing technologies and more.To read this article in full, please click here

0

Implementing Layer-2 Networks in a Public Cloud

A few weeks ago I got an excited tweet from someone working at Oracle Cloud Infrastructure: they launched full-blown layer-2 virtual networks in their public cloud to support customers migrating existing enterprise spaghetti mess into the cloud.

Let’s skip the usual does everyone using the applications now have to pay for Oracle licenses and I wonder what the lock in might be when I migrate my workloads into an Oracle cloud jokes and focus on the technical aspects of what they claim they implemented. Here’s my immediate reaction (limited to the usual 280 characters, because that’s the absolute upper limit of consumable content these days):

0

Getting Started with eBPF and Go

eBPF has a thriving ecosystem with a plethora of educational resources both on the subject of eBPF itself and its various application, including XDP. Where it becomes confusing is when it comes to the choice of libraries and tools to interact with and orchestrate eBPF. Here you have to select between a Python-based BCC framework, C-based libbpf and a range of Go-based libraries from Dropbox, Cilium, Aqua and Calico. Another important area that is often overlooked is the “productionisation” of the eBPF code, i.e. going from manually instrumented examples towards production-grade applications like Cilium. In this post, I’ll document some of my findings in this space, specifically in the context of writing a network (XDP) application with a userspace controller written in Go.

Choosing an eBPF library

In most cases, an eBPF library is there to help you achieve two things:

• Load eBPF programs and maps into the kernel and perform relocations, associating an eBPF program with the correct map via its file descriptor.
• Interact with eBPF maps, allowing all the standard CRUD operations on the key/value pairs stored in those maps.

Some libraries may also help you attach your eBPF program to a specific Continue reading

0

Developing NetBox Plugin – Part 5 – Permissions and API

0

MUST READ: Systems Design Explains the World

The one and only Avery Pennarun (of the world in which IPv6 was a good design fame) is back with another absolutely-must-read article explaining how various archetypes apply to real-world challenges, including:

• Hierarchies and decentralization (and why decentralization is a myth)
• Chicken-and-egg problem (and why some good things fail)
• Second-system effect (or why it’s better to refactor than to rewrite)
• Innovator’s dilemma (or why large corporations become obsolete)

If you think none of these applies to networking, you’re probably wrong… but of course please write a comment if you still feel that way after reading Avery’s article.

0

Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Enabling the Cloudflare WAF and Cloudflare Specials ruleset protects against exploitation of unpatched CVEs: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. Web Application Firewall customers with the Cloudflare Specials ruleset enabled are automatically protected against CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

If you are running Exchange Server 2013, 2016, or 2019, and do not have the Cloudflare Specials ruleset enabled, we strongly recommend that you do so. You should also follow Microsoft’s urgent recommendation to patch your on-premise systems immediately. These vulnerabilities are actively being exploited in the wild by attackers to exfiltrate email inbox content and move laterally within organizations’ IT systems.

Edge Mitigation

If you are running the Cloudflare WAF and have enabled the Cloudflare Specials ruleset, there is nothing else you need to do. We have taken the unusual step of immediately deploying these rules in “Block” mode given active attempted exploitation.

If you wish to disable the rules for any reason, e.g., you are experiencing a false positive mitigation, you can do so by following these instructions:

1. Login to the Cloudflare Dashboard Continue reading

0

Controversial Reads 030621

The worldwide plans for EV domination of the vehicle population are like having the plans to build a large house without sufficient materials being available to ever finish the house.

This is how the squeeze worked: A few large hedge funds had “shorted” GameStop. That means that they had borrowed the stock, with the intention of returning it when the share price moved lower, as they expected it would, leaving them with a profit.

The worldwide plans for EV domination of the vehicle population are like having the plans to build a large house without sufficient materials being available to ever finish the house.

A new canvassing of experts in technology, communications and social change by Pew Research Center and Elon University’s Imagining the Internet Center finds that many expect similar impacts to emerge from the COVID-19 outbreak.

A famed Silicon Valley dictum is to ask for forgiveness, not permission. Breaking the law has had no consequences, and policymakers have not been too exercised to create new laws for Big Tech to follow.

Today, the Supreme Court of the United Kingdom ruled on an important question as to whether certain drivers who work with Uber are entitled to certain protections Continue reading

0

Worth Reading: Career Advice for Young Engineers

David Bombal invited me for another short chat – this time on what I recommend young networking engineers just starting their career. As I did a bit of a research I stumbled upon some great recommendations on Quora:

• How to identify a good electrical engineer
• What advice would you give young engineers early in their career?
• What are the most important things of working as an engineer that nobody mentioned in college?

I couldn’t save the pages to Internet Archive (looks like it’s not friendly with Quora), so I can only hope they won’t disappear ;)

0

Xilinx announces new line of adaptable SmartNIC cards

One thing is clear about Xilinx: It isn't waiting around for is acquisition by AMD to close. The latest initiatives from the company are a new SmartNIC card and an FPGA platform app store that features ready-to-deploy solutions aimed at key markets, such as data analytics, video and image processing, machine learning, and security.The new Alveo SN1000 line features integrated "composability" features that allow for customization. Enterprise users can add their own custom networking functions, as needed, to supplement the SmartNIC's core networking capabilities.To read this article in full, please click here

0

Weekend Reads 030521

Between preparing letters for tenure and promotion cases, and serving on committees at my home institutions, I have read a lot of materials about teaching, research, and service. I evaluate teaching records differently than most of my colleagues. There is a method to what I’m doing, and I’m sharing it here.

Cybercriminals are increasingly targeting Personally Identifiable Information (PII). The reason being “data is the new gold” in this digital world, and the more sensitive some data is, the more value it has.

OpenVault just released its Broadband Insights Report for the 4th quarter of 2020. The report shows continued staggeringly fast growth of broadband usage in the country. The growth has been so fast that OpenVault applies the word ‘exploded’ to describe the giant increase in customer usage.

Nearly two months after news surfaced about software updates from SolarWinds being used to distribute a backdoor Trojan called Sunburst/Solorigate to some 18,000 organizations worldwide, troubling questions remain about the scope and impact of the breach.

For ages now, every annual report on desktop operating system market share has had the same top two contenders: Microsoft’s Windows in a commanding lead at number one and Apple’s macOS in distant second place. Continue reading

0

Heavy Networking 565: In Defense Of EIGRP

Does EIGRP need defending? Can this protocol even be defended? Ethan Banks and Zig Zsiga debate the case for EIGRP and discuss major use cases, design considerations, scaling tips, and more.

The post Heavy Networking 565: In Defense Of EIGRP appeared first on Packet Pushers.