0

Implementing Layer-2 Networks in a Public Cloud

A few weeks ago I got an excited tweet from someone working at Oracle Cloud Infrastructure: they launched full-blown layer-2 virtual networks in their public cloud to support customers migrating existing enterprise spaghetti mess into the cloud.

Let’s skip the usual does everyone using the applications now have to pay for Oracle licenses and I wonder what the lock in might be when I migrate my workloads into an Oracle cloud jokes and focus on the technical aspects of what they claim they implemented. Here’s my immediate reaction (limited to the usual 280 characters, because that’s the absolute upper limit of consumable content these days):

0

Implementing Layer-2 Networks in a Public Cloud

A few weeks ago I got an excited tweet from someone working at Oracle Cloud Infrastructure: they launched full-blown layer-2 virtual networks in their public cloud to support customers migrating existing enterprise spaghetti mess into the cloud.

Let’s skip the usual does everyone using the applications now have to pay for Oracle licenses and I wonder what the lock in might be when I migrate my workloads into an Oracle cloud jokes and focus on the technical aspects of what they claim they implemented. Here’s my immediate reaction (limited to the usual 280 characters, because that’s the absolute upper limit of consumable content these days):

0

Getting Started with eBPF and Go

eBPF has a thriving ecosystem with a plethora of educational resources both on the subject of eBPF itself and its various application, including XDP. Where it becomes confusing is when it comes to the choice of libraries and tools to interact with and orchestrate eBPF. Here you have to select between a Python-based BCC framework, C-based libbpf and a range of Go-based libraries from Dropbox, Cilium, Aqua and Calico. Another important area that is often overlooked is the “productionisation” of the eBPF code, i.e. going from manually instrumented examples towards production-grade applications like Cilium. In this post, I’ll document some of my findings in this space, specifically in the context of writing a network (XDP) application with a userspace controller written in Go.

Choosing an eBPF library

In most cases, an eBPF library is there to help you achieve two things:

• Load eBPF programs and maps into the kernel and perform relocations, associating an eBPF program with the correct map via its file descriptor.
• Interact with eBPF maps, allowing all the standard CRUD operations on the key/value pairs stored in those maps.

Some libraries may also help you attach your eBPF program to a specific Continue reading

0

Developing NetBox Plugin – Part 5 – Permissions and API

0

MUST READ: Systems Design Explains the World

The one and only Avery Pennarun (of the world in which IPv6 was a good design fame) is back with another absolutely-must-read article explaining how various archetypes apply to real-world challenges, including:

• Hierarchies and decentralization (and why decentralization is a myth)
• Chicken-and-egg problem (and why some good things fail)
• Second-system effect (or why it’s better to refactor than to rewrite)
• Innovator’s dilemma (or why large corporations become obsolete)

If you think none of these applies to networking, you’re probably wrong… but of course please write a comment if you still feel that way after reading Avery’s article.

0

MUST READ: Systems Design Explains the World

The one and only Avery Pennarun (of the world in which IPv6 was a good design fame) is back with another absolutely-must-read article explaining how various archetypes apply to real-world challenges, including:

• Hierarchies and decentralization (and why decentralization is a myth)
• Chicken-and-egg problem (and why some good things fail)
• Second-system effect (or why it’s better to refactor than to rewrite)
• Innovator’s dilemma (or why large corporations become obsolete)

If you think none of these applies to networking, you’re probably wrong… but of course please write a comment if you still feel that way after reading Avery’s article.

0

Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Enabling the Cloudflare WAF and Cloudflare Specials ruleset protects against exploitation of unpatched CVEs: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. Web Application Firewall customers with the Cloudflare Specials ruleset enabled are automatically protected against CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

If you are running Exchange Server 2013, 2016, or 2019, and do not have the Cloudflare Specials ruleset enabled, we strongly recommend that you do so. You should also follow Microsoft’s urgent recommendation to patch your on-premise systems immediately. These vulnerabilities are actively being exploited in the wild by attackers to exfiltrate email inbox content and move laterally within organizations’ IT systems.

Edge Mitigation

If you are running the Cloudflare WAF and have enabled the Cloudflare Specials ruleset, there is nothing else you need to do. We have taken the unusual step of immediately deploying these rules in “Block” mode given active attempted exploitation.

If you wish to disable the rules for any reason, e.g., you are experiencing a false positive mitigation, you can do so by following these instructions:

1. Login to the Cloudflare Dashboard Continue reading

0

Controversial Reads 030621

The worldwide plans for EV domination of the vehicle population are like having the plans to build a large house without sufficient materials being available to ever finish the house.

This is how the squeeze worked: A few large hedge funds had “shorted” GameStop. That means that they had borrowed the stock, with the intention of returning it when the share price moved lower, as they expected it would, leaving them with a profit.

The worldwide plans for EV domination of the vehicle population are like having the plans to build a large house without sufficient materials being available to ever finish the house.

A new canvassing of experts in technology, communications and social change by Pew Research Center and Elon University’s Imagining the Internet Center finds that many expect similar impacts to emerge from the COVID-19 outbreak.

A famed Silicon Valley dictum is to ask for forgiveness, not permission. Breaking the law has had no consequences, and policymakers have not been too exercised to create new laws for Big Tech to follow.

Today, the Supreme Court of the United Kingdom ruled on an important question as to whether certain drivers who work with Uber are entitled to certain protections Continue reading

0

Worth Reading: Career Advice for Young Engineers

David Bombal invited me for another short chat – this time on what I recommend young networking engineers just starting their career. As I did a bit of a research I stumbled upon some great recommendations on Quora:

• How to identify a good electrical engineer
• What advice would you give young engineers early in their career?
• What are the most important things of working as an engineer that nobody mentioned in college?

I couldn’t save the pages to Internet Archive (looks like it’s not friendly with Quora), so I can only hope they won’t disappear ;)

0

Worth Reading: Career Advice for Young Engineers

David Bombal invited me for another short chat – this time on what I recommend young networking engineers just starting their career. As I did a bit of a research I stumbled upon some great recommendations on Quora:

• How to identify a good electrical engineer
• What advice would you give young engineers early in their career?
• What are the most important things of working as an engineer that nobody mentioned in college?

I couldn’t save the pages to Internet Archive (looks like it’s not friendly with Quora), so I can only hope they won’t disappear ;)

0

Xilinx announces new line of adaptable SmartNIC cards

One thing is clear about Xilinx: It isn't waiting around for is acquisition by AMD to close. The latest initiatives from the company are a new SmartNIC card and an FPGA platform app store that features ready-to-deploy solutions aimed at key markets, such as data analytics, video and image processing, machine learning, and security.The new Alveo SN1000 line features integrated "composability" features that allow for customization. Enterprise users can add their own custom networking functions, as needed, to supplement the SmartNIC's core networking capabilities.To read this article in full, please click here

0

Weekend Reads 030521

Between preparing letters for tenure and promotion cases, and serving on committees at my home institutions, I have read a lot of materials about teaching, research, and service. I evaluate teaching records differently than most of my colleagues. There is a method to what I’m doing, and I’m sharing it here.

Cybercriminals are increasingly targeting Personally Identifiable Information (PII). The reason being “data is the new gold” in this digital world, and the more sensitive some data is, the more value it has.

OpenVault just released its Broadband Insights Report for the 4th quarter of 2020. The report shows continued staggeringly fast growth of broadband usage in the country. The growth has been so fast that OpenVault applies the word ‘exploded’ to describe the giant increase in customer usage.

Nearly two months after news surfaced about software updates from SolarWinds being used to distribute a backdoor Trojan called Sunburst/Solorigate to some 18,000 organizations worldwide, troubling questions remain about the scope and impact of the breach.

For ages now, every annual report on desktop operating system market share has had the same top two contenders: Microsoft’s Windows in a commanding lead at number one and Apple’s macOS in distant second place. Continue reading

0

Heavy Networking 565: In Defense Of EIGRP

Does EIGRP need defending? Can this protocol even be defended? Ethan Banks and Zig Zsiga debate the case for EIGRP and discuss major use cases, design considerations, scaling tips, and more.

0

Heavy Networking 565: In Defense Of EIGRP

Does EIGRP need defending? Can this protocol even be defended? Ethan Banks and Zig Zsiga debate the case for EIGRP and discuss major use cases, design considerations, scaling tips, and more.

The post Heavy Networking 565: In Defense Of EIGRP appeared first on Packet Pushers.

0

Enterprise networking trends in 2021: Preparing for the new normal

A year into the coronavirus pandemic, IT continues to support remote employees. As organizations begin planning to bring workers back into the office, IT must now consider upgrading their networks to best support employees in a post-COVID world. IDC Senior Research Analyst for enterprise networking, Brandon Butler, joins Juliet to discuss what permanent changes IT should implement as workers prepare to return to the office, and how these changes differ from the temporary solutions put into place last year. From upgrading to Wi-Fi 6, to implementing SD-WAN, to shifting network management to the cloud, Brandon explains what steps IT teams can take to make the transition back to the office seamless for in-person and remote employees alike.To read this article in full, please click here

0

Tom’s Virtual Corner at Cisco Live Global 2021 – Anniversary

We made it through the year that was March 2020. Here were are on the other side trying to find out whatever this normal is supposed to look like. We’re not out of the woods yet but we do know that things aren’t going to be back to the way they were any time soon. That includes the events that we enjoyed traveling to and hanging out at.

Cisco Live has made the decision to go virtual again this year. One can’t blame them to be honest. Travel uncertainty and the potential liability of having a huge event just didn’t make sense. If you thought the old Conference Crud was bad you really don’t want this new-and-improved version! Cisco has also decided that one global event makes more sense than several events scattered across the calendar. That means that Cisco Live Europe and Cisco Live US are now global and happening at the end of March instead of January or June.

With the announcement that everything will be virtual again this year it also means that the social aspect of the event is going to be virtual as well. As much as we would have liked to hang out at Continue reading

0

Member News: Celebrating a Safer Internet

Safe learning: The Nigeria Chapter of the Internet Society celebrated Safer Internet Day with workshops about online safety at schools across the country. Chapter representatives talked to students about several topics, including fake news, online scams, phishing, and clickbait. The two-day workshops included in-person events that complied with COVID-19 social distancing rules, and an online discussion.

Internet to the village: The Kyrgyzstan Chapter has been working to bring Internet access to the village of Zardaly, in a remote and mountainous region of the southwest region of the country. The project has begun with a detailed study of the area, after which radio translators will be ordered and installed. The chapter has also posted an update about its Ilimbox project, an Internet-in-a-box device that, contains basic educational materials available without an Internet connection. The device has now been installed in 20 schools.

No registration required: The Hong Kong Chapter is among a coalition of groups opposing a proposal from the Chinese government that would require users of smartphones to register using their real names. Real-time registration won’t be effective in fighting crime and could hinder scientific research, the chapter said. “The real-name system cannot prevent crimes committed by using overseas calls Continue reading

0

The Teams Dashboard: Finding a Product Voice

My name is Alice Bracchi, and I’m the technical and UX writer for Cloudflare for Teams, Cloudflare's Zero Trust and Secure Web Gateway solution.

Today I want to talk about product voice — what it is, why it matters, and how I set out to find a product voice for Cloudflare for Teams.

On the Cloudflare for Teams Dashboard (or as we informally call it, “the Teams Dash”), our customers have full control over the security of their network. Administrators can replace their VPN with a solution that runs on Zero Trust rules, turning Cloudflare's network into their secure corporate network. Customers can secure all traffic by configuring L7 firewall rules and DNS filtering policies, and organizations have the ability to isolate web browsing to suspicious sites.

All in one place.

As you can see, a lot of action takes place on the Teams Dash. As an interface, it grows and changes at a rapid pace. This poses a lot of interesting challenges from a design point of view — in our early days, because we were focused on solving problems fast, many of our experiences ended up feeling a bit disjointed. Sure, users were able to Continue reading

0

Video: Path Discovery in Transparent Bridging and Routing

In the previous video in this series, I described how path discovery works in source routing and virtual circuit environments. I couldn’t squeeze the discussion of hop-by-hop forwarding into the same video (it would make the video way too long); you’ll find it in the next video in the same section.

0

Video: Path Discovery in Transparent Bridging and Routing

In the previous video in this series, I described how path discovery works in source routing and virtual circuit environments. I couldn’t squeeze the discussion of hop-by-hop forwarding into the same video (it would make the video way too long); you’ll find it in the next video in the same section.