0

Heavy Networking 552: How Fortinet Enables Multi-Vendor Security Integration (Sponsored)

On today's Heavy Networking, sponsored by Fortinet, we dive into a variety of topics including a multiplicity of edges that require connectivity and security (WAN edge, LAN edge, cloud edge, remote edge, etc.), the convergence of infrastructure and security, the need for interoperability among security vendors, implementing Zero Trust Access (ZTA), and the current and future roles for machine learning and AI. Our guest is John Maddison, EVP of Products.

The post Heavy Networking 552: How Fortinet Enables Multi-Vendor Security Integration (Sponsored) appeared first on Packet Pushers.

0

Heavy Networking 552: How Fortinet Enables Multi-Vendor Security Integration (Sponsored)

On today's Heavy Networking, sponsored by Fortinet, we dive into a variety of topics including a multiplicity of edges that require connectivity and security (WAN edge, LAN edge, cloud edge, remote edge, etc.), the convergence of infrastructure and security, the need for interoperability among security vendors, implementing Zero Trust Access (ZTA), and the current and future roles for machine learning and AI. Our guest is John Maddison, EVP of Products.

0

ASICs at the Edge

At Cloudflare we pride ourselves in our global network that spans more than 200 cities in over 100 countries. To handle all the traffic passing through our network, there are multiple technologies at play. So let’s have a look at one of the cornerstones that makes all of this work… ASICs. No, not the running shoes.

What's an ASIC?

ASIC stands for Application Specific Integrated Circuit. The name already says it, it's a chip with a very narrow use case, geared towards a single application. This is in stark contrast to a CPU (Central Processing Unit), or even a GPU (Graphics Processing Unit). A CPU is designed and built for general purpose computation, and does a lot of things reasonably well. A GPU is more geared towards graphics (it's in the name), but in the last 15 years, there's been a drastic shift towards GPGPU (General Purpose GPU), in which technologies such as CUDA or OpenCL allow you to use the highly parallel nature of the GPU to do general purpose computing. A good example of GPU use is video encoding, or more recently, computer vision, used in applications such as self-driving cars.

Unlike CPUs or GPUs, ASICs are built Continue reading

0

A Byzantine failure in the real world

An analysis of the Cloudflare API availability incident on 2020-11-02

When we review design documents at Cloudflare, we are always on the lookout for Single Points of Failure (SPOFs). Eliminating these is a necessary step in architecting a system you can be confident in. Ironically, when you’re designing a system with built-in redundancy, you spend most of your time thinking about how well it functions when that redundancy is lost.

On November 2, 2020, Cloudflare had an incident that impacted the availability of the API and dashboard for six hours and 33 minutes. During this incident, the success rate for queries to our API periodically dipped as low as 75%, and the dashboard experience was as much as 80 times slower than normal. While Cloudflare’s edge is massively distributed across the world (and kept working without a hitch), Cloudflare’s control plane (API & dashboard) is made up of a large number of microservices that are redundant across two regions. For most services, the databases backing those microservices are only writable in one region at a time.

Each of Cloudflare’s control plane data centers has multiple racks of servers. Each of those racks has two switches that operate as a pair—both Continue reading

0

Kubernetes IDE Lens Adds an API for Cloud Native Extensions

Lens, the integrated development environment (IDE) for Kubernetes, has seen some rapid growth in the past year, ever since it made some changes to its deployment model and found the backing of Mirantis, that company that in 2019 acquired Docker. At this month’s launched an extensions API alongside several pre-built extensions from popular cloud native products, which

0

Reviving Old Content, Part 1

More than a decade ago I published tons of materials on a web site that eventually disappeared into digital nirvana, leaving heaps of broken links on my blog. I decided to clean up those links, and managed to save some of the vanished content from the Internet Archive:

• OSPF Flooding Filters in Hub-and-Spoke Environments
• Implicit and Explicit Null Label in MPLS networks
• Default Routes in BGP
• Filter Excessively Prepended BGP Paths

I also updated dozens of blog posts while pretending to be Indiana Jones, including:

0

Building Black Friday e-commerce experiences with JAMstack and Cloudflare Workers

The idea of serverless is to allow developers to focus on writing code rather than operations — the hardest of which is scaling applications. A predictably great deal of traffic that flows through Cloudflare's network every year is Black Friday. As John wrote at the end of last year, Black Friday is the Internet's biggest online shopping day. In a past case study, we talked about how Cordial, a marketing automation platform, used Cloudflare Workers to reduce their API server latency and handle the busiest shopping day of the year without breaking a sweat.

The ability to handle immense scale is well-trodden territory for us on the Cloudflare blog, but scale is not always the first thing developers think about when building an application — developer experience is likely to come first. And developer experience is something Workers does just as well; through Wrangler and APIs like Workers KV, Workers is an awesome place to hack on new projects.

Over the past few weeks, I've been working on a sample open-source e-commerce app for selling software, educational products, and bundles. Inspired by Humble Bundle, it's built entirely on Workers, and it integrates powerfully with all kinds of first-class modern Continue reading

0

IPv6 Buzz 065: Understanding Carrier-Grade NAT (CGN) And IPv6

In this week's IPv6 Buzz episode, Ed and Tom talk discuss the impact that service provider deployment of Carrier Grade NAT (CGN) has had on the overall adoption of IPv6. Our guests are Kevin Myers and Nick Russo. Kevin and Nick have both worked with CGN and IPv6, and Nick is designing an IPv6 training course on Pluralsight.

0

IPv6 Buzz 065: Understanding Carrier-Grade NAT (CGN) And IPv6

In this week's IPv6 Buzz episode, Ed and Tom talk discuss the impact that service provider deployment of Carrier Grade NAT (CGN) has had on the overall adoption of IPv6. Our guests are Kevin Myers and Nick Russo. Kevin and Nick have both worked with CGN and IPv6, and Nick is designing an IPv6 training course on Pluralsight.

The post IPv6 Buzz 065: Understanding Carrier-Grade NAT (CGN) And IPv6 appeared first on Packet Pushers.

0

Internet Society Foundation Awards over $1 Million in Digital Skills Development Grants

The Internet is for everyone – a critical lifeline that can uplift communities. But only if we go beyond Internet access and bridge the knowledge gap that continues to persist: the gap between those who have the knowledge and skills to use the Internet to empower themselves and their communities and those who don’t.

To address this divide, the Internet Society Foundation recently awarded over $1 million in digital skills development grants to eight innovative projects in Bangladesh, Colombia and Senegal. In its pilot year, the Strengthening Communities, Improving Lives and Livelihoods (SCILLS) grant programme aims to expand economic growth, improve health outcomes, and increase educational opportunities by supporting individuals and communities to more knowledgeably and skillfully use the Internet.   

Learn more about these projects!

---

The Internet Society Foundation was established in 2019 to support the positive difference the Internet can make to people everywhere. The Foundation awards grants to Internet Society Chapters/Special Interest Groups (SIGs) as well as nonprofit organizations and individuals dedicated to providing meaningful access to an open, globally-connected, secure, and trustworthy Internet for everyone.

The post Internet Society Foundation Awards over $1 Million in Digital Skills Development Grants appeared first on Internet Society.

0

Tools 2. How to learn your public IP? Programatically?

Hello my friend,

Just recently we have started discussion about the tools about the performance troubleshooting in networks. One of the questions we were asked afterwards was, how to programatically get your public IP? Well, that is interesting one.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Can automation help with performance troubleshooting?

Yes, and that was a question we’ve started this blogpost with is about that. How can we rely the automation tools by troubleshooting? How can we get our IP to make any diagnostics? You will see some things right in this blogpost

Our network automation training has two faces: either live or self-paced. So you can choose yourself, what works better for you. On our side, we guide you from the foundation of the automation for the small networks till advanced automation use cases in big data centres, service providers, and clouds. You will lean how to structure the data using YANG modules, how to serialise it using JSON, XML, Protocol Continue reading

0

Over 300 Hours of Subscription Content on ipSpace.net

It’s amazing how far you can get if you keep doing something for a long-enough time. In a bit over 10 years (the initial versions of the earliest still-active webinars were created in October 2010), we accumulated over 300 hours of online content available with ipSpace.net subscription, plus another 130 hours of online course content.

Obviously I couldn’t have done that myself. Thanks a million to Irena who took over most of the day-to-day business a few years ago, dozens of authors, and thousands of subscribers who enabled us to make it all happen.

0

The Hedge Podcast #61: Pascal Thubert and the RAW Working Group

RAW is a new working group recently chartered by the IETF to work on:

…high reliability and availability for IP connectivity over a wireless medium. RAW extends the DetNet Working Group concepts to provide for high reliability and availability for an IP network utilizing scheduled wireless segments and other media, e.g., frequency/time-sharing physical media resources with stochastic traffic: IEEE Std. 802.15.4 timeslotted channel hopping (TSCH), 3GPP 5G ultra-reliable low latency communications (URLLC), IEEE 802.11ax/be, and L-band Digital Aeronautical Communications System (LDACS), etc. Similar to DetNet, RAW will stay abstract to the radio layers underneath, addressing the Layer 3 aspects in support of applications requiring high reliability and availability.

download

0

Day Two Cloud 076: A Curated KubeCon And CloudNativeCon Roundup

On today's Day Two Cloud we review announcements and make our observations of the KubeCon and CloudNativeCon North America 2020 virtual event. That includes a new Kubernetes certification, the results of a Cloud Native survey, the quality of technical sessions, and new product releases.

The post Day Two Cloud 076: A Curated KubeCon And CloudNativeCon Roundup appeared first on Packet Pushers.

0

Day Two Cloud 076: A Curated KubeCon And CloudNativeCon Roundup

On today's Day Two Cloud we review announcements and make our observations of the KubeCon and CloudNativeCon North America 2020 virtual event. That includes a new Kubernetes certification, the results of a Cloud Native survey, the quality of technical sessions, and new product releases.

0

VMware is Not New to Enterprise Security

By: Keith Luck

None of us can stop thinking about how 2020 has changed the way we go about our daily tasks. Going to school, going to the store, going out to eat — going anywhere at all. But now, for the first time, we are not even going to work! Everyone has been pushed to work from home. This change has a wide-ranging set of variables that need to be addressed, from the business limits on resources for connectivity to the employee’s limits on remote resources of space, privacy, and uninterrupted concentration. 

The overnight reliance on remote, personal, shared services for connectivity from the worker to the corporation has forever put an end to the idea of a security perimeter. Zero Trust Architecture (ZTA) has moved from being an academic discussion to a persistent customer requests for solutions. This shift is furthered by the timely release of the US National Institute of Standards and Technology’s NIST Special Publication 800-207 ZTA Guide. At the same time, we now see numerous security industry vendors claiming their products will provide Zero Trust. 

Naturally, many VMware customers want Continue reading

0

War Stories – The Trilogy

From working in unbelievable environments to dealing with unexpected bugs, the longer that you do networking for a career the more likely it is that you have a story or two from the trenches to share. Listening to other’s adventures can serve both as a cathartic release and as a warning for roads to leave untraveled. In today’s episode we talk with some experienced engineers about their stories. If nothing else, you as the listener can have some laughs at our expense. Enjoy!

 

Thank you to Bluecat Networks for sponsoring today’s episode. Bluecat is putting together some great content and a great community surrounding the topics of DNS, DHCP, and IPAM. You can join the Network VIP community and register for the next roundtable by going to bluecatnetworks.com/certainty.

Thank you to Unimus for sponsoring today’s episode. Unimus is a fast to deploy and easy to use Network Automation and Configuration Management solution. You can learn more about how you can start automating your network in under 15 minutes at unimus.net/nc.

---

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3. Continue reading

0

Tech Bytes: Automating Troubleshooting With Riverbed (Sponsored)

Today's Day Two Cloud Tech Byte, sponsored by Riverbed, looks at how Riverbed is using ML and AI to enable more automated troubleshooting. Our guest is Chris Eckert, Technical Solutions Architect at Riverbed.

0

Tech Bytes: Automating Troubleshooting With Riverbed (Sponsored)

Today's Day Two Cloud Tech Byte, sponsored by Riverbed, looks at how Riverbed is using ML and AI to enable more automated troubleshooting. Our guest is Chris Eckert, Technical Solutions Architect at Riverbed.

The post Tech Bytes: Automating Troubleshooting With Riverbed (Sponsored) appeared first on Packet Pushers.

0

Moving Quicksilver into production

One of the great arts of software engineering is making updates and improvements to working systems without taking them offline. For some systems this can be rather easy, spin up a new web server or load balancer, redirect traffic and you’re done. For other systems, such as the core distributed data store which keeps millions of websites online, it’s a bit more of a challenge.

Quicksilver is the data store responsible for storing and distributing the billions of KV pairs used to configure the millions of sites and Internet services which use Cloudflare. In a previous post, we discussed why it was built and what it was replacing. Building it, however, was only a small part of the challenge. We needed to deploy it to production into a network which was designed to be fault tolerant and in which downtime was unacceptable.

We needed a way to deploy our new service seamlessly, and to roll back that deploy should something go wrong. Ultimately many, many, things did go wrong, and every bit of failure tolerance put into the system proved to be worth its weight in gold because none of this was visible to customers.

The Bridge

Our goal Continue reading