4 Reasons The Next CEO Of AWS Doesn’t Really Matter
Andy Jassy, the top executive at AWS, will step into the role of CEO of Amazon some time in 2021. Who will take over at AWS? It doesn’t really matter. Here’s why: 1. The operating model and corporate culture are in place Amazon spent years developing an effective way to share infrastructure within the organization. […]
The post 4 Reasons The Next CEO Of AWS Doesn’t Really Matter appeared first on Packet Pushers.
Should App Code & IaC Be In Separate Repositories? – Video
In this Day Two Cloud podcast clip, we discuss whether the code we use to manage our infrastructure and the code we use for our applications should be stored in different repositories. To hear the entire episode, go to Day Two Cloud 085: Hosting Your Infrastructure Code In The Cloud. Hosts Ned Bellavance and Ethan […]
The post Should App Code & IaC Be In Separate Repositories? – Video appeared first on Packet Pushers.
2020: A Record Year for MANRS
Over the past year, COVID-19 underlined the importance of a secure and resilient Internet to ensure we stay connected online. For MANRS, this meant even more incentive to work with network operators, Internet exchange points (IXPs), and content delivery network (CDN) and cloud providers to ensure data went where it was supposed to go via secure paths.
It was, therefore, really encouraging to see a record number of participants joining MANRS last year: the number almost doubled from 317 participants at the beginning of the year to 588 participants as of 31 December 2020. MANRS participants now manage 651 autonomous systems from over 60 countries across all continents.
MANRS contributed to the decline in reported routing incidents from more than 5,000 in 2017 to below 4,000 in 2020, making the entire Internet more secure for everyone. While we cannot claim full credit, we can attribute the fewer routing incidents to the increasing number of network operators implementing best routing practices.
The year also saw us launching a new program for CDN and cloud providers in collaboration with eight founding participants: Akamai, Amazon Web Services, Azion, Cloudflare, Facebook, Google, Continue reading
Can Your Data Architecture Survive Modern Cybersecurity Threats?
Complex cloud architecture types do not need to be insecure. They just need to be built on the same level of oversight as the systems and architectures they are replacing.Minor Administrative Updates to Internet Society Privacy Policy
Today we have made some minor updates to the Privacy Policy for this site and most of our other affiliated websites. The changes from the previous privacy policy were:
- Clarified in the introduction that this privacy policy applies to sites from both the Internet Society and also the Internet Society Foundation. Previously, it said only “Internet Society”.
- References to “Chief Administrative Officer” were changed to “Legal Department”.
- The contact email address was changed from “[email protected]” to “[email protected]”.
- Under “Can I Choose not to Receive Commercial Email Communications?”, the mention of “the OTA member preference center” was removed as that functionality was merged into the Internet Society membership portal.
The previous policy from April 2018 is available for review. We are publishing this notice as part of our commitment to transparency around any updates to our privacy policy. If you have any questions about this privacy policy, please contact [email protected].
The post Minor Administrative Updates to Internet Society Privacy Policy appeared first on Internet Society.
Heavy Networking 563: Automating Documentation With Ansible, Genie, And Jinja2
On today’s Heavy Networking, we explore how to get network data you reference all the time and store it in a CSV using Ansible, the Genie parser, and Jinja2. Our guide for how to assemble these gears and get them cranking is John Capobianco, automation maven and Sr. IT Planner and Integrator for the House of Commons in the Canadian Parliament.
The post Heavy Networking 563: Automating Documentation With Ansible, Genie, And Jinja2 appeared first on Packet Pushers.
Heavy Networking 563: Automating Documentation With Ansible, Genie, And Jinja2
On today’s Heavy Networking, we explore how to get network data you reference all the time and store it in a CSV using Ansible, the Genie parser, and Jinja2. Our guide for how to assemble these gears and get them cranking is John Capobianco, automation maven and Sr. IT Planner and Integrator for the House of Commons in the Canadian Parliament.Tech Field Day Changed My Life
It’s amazing to me that it’s been ten years since I attended by first Tech Field Day event. I remember being excited to be invited to Tech Field Day 5 and then having to rush out of town a day early to beat a blizzard to be able to attend. Given that we just went through another blizzard here I thought the timing was appropriate.
How did attending an industry event change my life? How could something with only a dozen people over a couple of days change the way I looked at my career? I know I’ve mentioned parts of this to people in the past but I feel like it’s important to talk about how each piece of the puzzle built on the rest to get me to where I am today.
Voices Carry
The first thing Tech Field Day did to change my life was to show me that I mattered. I grew up in a very small town and spent most of my formative school years being bored. The Internet didn’t exist in a usable form for me. I devoured information wherever I could find it. And I languished as I realized that I needed more Continue reading
Using HPKE to Encrypt Request Payloads
The Managed Rules team was recently given the task of allowing Enterprise users to debug Firewall Rules by viewing the part of a request that matched the rule. This makes it easier to determine what specific attacks a rule is stopping or why a request was a false positive, and what possible refinements of a rule could improve it.
The fundamental problem, though, was how to securely store this debugging data as it may contain sensitive data such as personally identifiable information from submissions, cookies, and other parts of the request. We needed to store this data in such a way that only the user who is allowed to access it can do so. Even Cloudflare shouldn't be able to see the data, following our philosophy that any personally identifiable information that passes through our network is a toxic asset.
This means we needed to encrypt the data in such a way that we can allow the user to decrypt it, but not Cloudflare. This means public key encryption.
Now we needed to decide on which encryption algorithm to use. We came up with some questions to help us evaluate which one to use:
- What requirements do we have for Continue reading
How Software Defined Packet Brokers Can Improve Network Observability
Network Packet Brokers (NPBs) can be valuable in improving network visibility and observability for both network operations (NetOps) and security...
The post How Software Defined Packet Brokers Can Improve Network Observability appeared first on Pluribus Networks.
Podcast: State of Networking (Early 2021)
In January, Jason Edelman kindly invited me for a chat about the state of (software defined) networking and network automation in particular. The recording was recently published on Network Collective.
Podcast: State of Networking (Early 2021)
In January, Jason Edelman kindly invited me for a chat about the state of (software defined) networking and network automation in particular. The recording was recently published on Network Collective.
Introducing: Smarter Tiered Cache Topology Generation
Caching is a magic trick. Instead of a customer’s origin responding to every request, Cloudflare’s 200+ data centers around the world respond with content that is cached geographically close to visitors. This dramatically improves the load performance for web pages while decreasing the bandwidth costs by having Cloudflare respond to a request with cached content.
However, if content is not in cache, Cloudflare data centers must contact the origin server to receive the content. This isn’t as fast as delivering content from cache. It also places load on an origin server, and is more costly compared to serving directly from cache. These issues can be amplified depending on the geographic distribution of a website’s visitors, the number of data centers contacting the origin, and the available origin resources for responding to requests.
To decrease the number of times our network of data centers communicate with an origin, we organize data centers into tiers so that only upper-tier data centers can request content from an origin and then they spread content to lower tiers. This means content that loads faster for visitors, is cheaper to serve, and reduces origin resource consumption.
Today, I’m thrilled to announce a fundamental improvement to Argo Continue reading
Tiered Cache Smart Topology
A few years ago, we released Argo to help make the Internet faster and more efficient. Argo observes network conditions and finds the optimal route across the Internet for origin server requests, avoiding congestion along the way.
Tiered Cache is an Argo feature that reduces the number of data centers responsible for requesting assets from the origin. With Tiered Cache active, a request in South Africa won’t go directly to an origin in North America, but, instead, look in a large, nearby data center to see if the data requested is cached there first. The number and location of the data centers used by Tiered Cache is controlled by a piece of configuration called the topology. By default, we use a generic topology for every customer that strikes a balance between cache hit ratios and latency that is suitable for most users.
Today we’re introducing Smart Topology, which maximizes cache hit ratios by building on Argo’s internal infrastructure to identify the single best data center for making requests to the origin.
Standard Cache
The standard method for caching assets is to let each data center be a reverse proxy for the origin server. In this scheme, a miss in any Continue reading