We are happy to announce that the latest release of Calico Enterprise delivers unprecedented levels of Kubernetes observability! Calico Enterprise 3.5 provides full-stack observability across the entire Kubernetes environment, from application layer to networking layer.
With this new release, developers, DevOps, SREs, and platform owners get:
For more information, see our official press release.
Are you a Calico Cloud user? Not to worry—these same features are now available in Calico Cloud, too.
To learn more about new cloud-native approaches for establishing security and observability with Kubernetes, check Continue reading
The Internet Society Elections Committee is pleased to announce the final results of the 2021 elections and the IETF selections for the Internet Society Board of Trustees. Voting concluded on 23 April. The results were announced to the voting communities and the challenge period was opened on 26 April. The deadline to file challenges was […]
The post Final Results of the 2021 Internet Society Board of Trustees Elections and IETF Selections appeared first on Internet Society.
In one of my introductory Segment Routing videos, I made claims along the lines of “Segment Routing totally simplifies the MPLS control plane, replacing LDP and local labels allocated to various prefixes with globally managed labels advertised in IGP”
It took two years for someone to realize the stupidity over-simplification of what I described. Matjaž Strauss sent me this kind summary of my errors:
You’re effectively claiming that SRGB has to be the same across all devices in the network. That’s not true; routers advertise SIDs and must configure label swap operations in case SRGBs don’t match.
Wait, what? What is SRGB and why could it be different across devices in the same network? Also, trust IETF to take a simple idea and complicate it to support vendor whims.
In one of my introductory Segment Routing videos, I made claims along the lines of “Segment Routing totally simplifies the MPLS control plane, replacing LDP and local labels allocated to various prefixes with globally managed labels advertised in IGP”
It took two years for someone to realize the stupidity over-simplification of what I described. Matjaž Strauss sent me this kind summary of my errors:
You’re effectively claiming that SRGB has to be the same across all devices in the network. That’s not true; routers advertise SIDs and must configure label swap operations in case SRGBs don’t match.
Wait, what? What is SRGB and why could it be different across devices in the same network? Also, trust IETF to take a simple idea and complicate it to support vendor whims.
Recent research into the text of RFCs versus the security of the protocols described came to this conclusion—
This should come as no surprise to network engineers—after all, complexity is the enemy of security. Beyond the novel ways the authors use to understand the shape of the world of RFCs (you should really read the paper; it’s really interesting), this desire to increase security by decreasing the ambiguity of specifications is fascinating. We often think that writing better specifications requires having better requirements, but down this path only lies despair.
Better requirements are the one thing a network engineer can never really hope for.
It’s not just that networks are often used as a sort of “complexity sink,” the place where every hard problem goes to be solved. It’s also the uncertainty of the environment in which the network must operate. What new application will be stuffed on top of the network this week? Will anyone tell the network folks about this new application, or just open a ticket when it doesn’t work right? What about all Continue reading
Note: The Cisco 8000 Series routers also support Cisco Netflow. Rapidly detecting large flows, sFlow vs. NetFlow/IPFIX describes why you should choose sFlow if you are interested in real-time monitoring and control applications.
flow exporter-map SF-EXP-MAP-1
version sflow v5
!
packet-length 1468
transport udp 6343
source GigabitEthernet0/0/0/1
destination 192.127.0.1
dfbit set
!
Configure the sFlow analyzer address in an exporter-map.
flow monitor-map SF-MON-MAP
record sflow
sflow options
extended-router
extended-gateway
if-counters polling-interval 300
input ifindex physical
output ifindex physical
!
exporter SF-EXP-MAP-1
!
Configure sFlow options in a monitor-map.
sampler-map SF-SAMP-MAP
random 1 out-of 20000
!
Define the sampling rate in a sampler-map.
interface GigabitEthernet0/0/0/3
flow datalinkframesection monitor-map SF-MON-MAP sampler SF-SAMP-MAP ingress
Enable sFlow on each interface for complete visibilty into network traffic.
The above configuration instructions are for IOS-XR. Continue reading
Guest analyst Johna Till Johnson, CEO and Founder of Nemertes Research, joins the Network Break to discuss a variety of IT news including the rising price of copper, Proofpoint going private in a $12.3 billion deal, why the US Defense Department suddenly began advertising a huge block of IPv4 addresses, and space networking.
The post Network Break 331: Proofpoint Goes Private In $12 Billion Deal; Defense Dept. Unveils IPv4 Address Cache appeared first on Packet Pushers.
Shut your mouth: The government in India has tried to silence critics of its response to the COVID-19 pandemic there as cases spike in the country, BuzzFeed News reports. India’s IT ministry recently ordered Twitter to block more than 50 tweets from being seen in the country, and Facebook, Instagram, and YouTube also had content critical […]
The post The Week in Internet News: India Tries to Censor Online Critics appeared first on Internet Society.