Archive

Category Archives for "Networking"

Introducing IP Lists

Introducing IP Lists

Authentication on the web has been steadily moving to the application layer using services such as Cloudflare Access to establish and enforce software-controlled, zero trust perimeters. However, there are still several important use cases for restricting access at the network-level by source IP address, autonomous system number (ASN), or country. For example, some businesses are prohibited from doing business with customers in certain countries, while others maintain a blocklist of problematic IPs that have previously attacked them.

Introducing IP Lists

Enforcing these network restrictions at centralized chokepoints using appliances—hardware or virtualized—adds unacceptable latency and complexity, but doing so performantly for individual IPs at the Cloudflare edge is easy. Today we’re making it just as easy to manage tens of thousands of IPs across all of your zones by grouping them in data structures known as IP Lists. Lists can be stored with metadata at the Cloudflare edge, replicated within seconds to our data centers in 200+ cities, and used as part of our powerful, expressive Firewall Rules engine to take action on incoming requests.

Introducing IP Lists
Creating and using an IP List

Previously, these sort of network-based security controls have been configured using IP Access or Zone Lockdown rules. Both tools have a number of Continue reading

Rust Traits: Defining Behavior

Before jumping into any programming language, you often hear about its “heavy hitters” - the features that usually make the highlight reel when someone “in the know” is trying to summarize the strong points of the language. In 2015, as I was learning Go, I would often hear things like concurrency support, channels, concurrency support, and Interfaces. Also concurrency support. With Rust, thus far the highlights have included things like strong support for generics, lower-level control, and an emphasis on memory safety manifested in the unavoidable ownership model.

NVM Install and Usage Ubuntu 2004

Node version manager (NVM) allows you to run different version of Node on your system which is very helpful for testing and ensuring that the Node version you test on is the same as the Node version you run in production. This is just a quick post on how to install and use (NVM) on Ubuntu...

CEX (Code EXpress) 12. Using Python modules.

Hello my friend,

In the previous blogpost we have shared how some thoughts how you can parse the CSV file and how in general to work with external files. But the beauty of the programming languages including Python, is that there are always more than one way of doing things. And with learning it more, you are opening new ways.

Automate all the things

Raise of the 5G in the Service Provider world, micro services in Data Centres and mobility in Enterprise networks significantly changes the expectations about the way the network operate and the pace the changes are implemented. It is impossible to meet those expectation without automation.

At our network automation training, either self-paced or instructor lead, you will learn the leading technologies, protocols, and tools used to manage the networks in the busiest networks worldwide, such as Google data centres. However, once you master all the skills, you will be able to automate the network of any scale. You will see the opportunities and you will exploit them.

Secret words: NETCONF, REST API, gRPC, JSON , XML, Protocol buffers, SSH, OpenConfig, Python, Ansible, Linux, Docker; and many other wonderful tools and techniques are waiting for you Continue reading

History of Networking: Scott Bradner and the Early Internet at Harvard

Scott Bradner was given his first email address in the 1970’s, and his workstation was the gateway for all Internet connectivity at Harvard for some time. Join Donald Sharp and Russ White as Scott recounts the early days of networking at Harvard, including the installation of the first Cisco router, the origins of comparative performance testing and Interop, and the origins of the SHOULD, MUST, and MAY as they are used in IETF standards today.

download

Publish-Subscribe: Introduction to Scalable Messaging

Matthew O’Riordan A serial entrepreneur and seasoned developer with over 15 years of hands-on development experience. Matthew is the CEO of Ably, an Infrastructure-as-a-Service (IaaS) provider. He was co-founder and technical director of Aqueduct, a leading digital agency in London and Founder of easyBacklog, a SaaS agile backlog management tool. Matthew co-founded Econsultancy, a global digital marketing publishing, training and research business, with Ashley Friedlein and exited via a £25m trade sale to Centaur Media plc in 2012. The publish-subscribe (or pub/sub) messaging pattern is a design pattern that provides a framework for exchanging messages that allows for loose coupling and scaling between the sender of messages (publishers) and receivers (subscribers) on topics they subscribe to. Messages are sent (pushed) from a publisher to subscribers as they become available. The host (publisher) publishes messages (events) to channels (topics). Subscribers can sign up for the topics they are interested in. This is different from the standard request/response (pull) models in which publishers check if new data has become available. This makes the pub/sub method the most suitable framework for streaming data in real-time. It also means that dynamic networks can be built at internet scale. However, building a messaging infrastructure at Continue reading

U.S. Tribes Have until August 3rd to Apply to Help Bring Internet to Their Communities

See how the Makah Tribe launched an emergency network on EBS spectrum during COVID-19

The Makah Tribe has lived around Neah Bay at the northwest tip of what is now Washington State since time immemorial. It is a breathtaking landscape of dense rainforest and steep hills, far removed from any major urban center.

But for all its beauty, the hills, forests, and remoteness have made it difficult for the community to access quality high-speed Internet – and even cell and radio service.

In some areas, cell service was so poor that only certain spots worked: one community member had to go outside and stand beside a rhododendron bush to make a call or send a text. While Facebook is the main way people stay connected, many couldn’t access it. The local clinic struggled to use electronic records – it sometimes took upwards of 40 minutes just to get into the system. Even emergency responders, such as police and the fire department, couldn’t rely on the dispatch system that required Internet connectivity to operate.

And then the coronavirus began to sweep the world. The Makah closed the reservation to outsiders to protect the community. And its connectivity challenges became even more problematic. Continue reading

Jinja2 Tutorial – Part 4 – Template filters

This is part 4 of Jinja2 tutorial where we continue looking at the language features, specifically we'll be discussing template filters. We'll see what filters are and how we can use them in our templates. I'll also show you how you can write your own custom filters.

Jinja2 Tutorial series

Contents

Overview of Jinja2 filters

Let's jump straight in. Jinja2 filter is something we use to transform data held in variables. We apply filters by placing pipe symbol | Continue reading

Data-center survey: IT seeks faster switches, intelligent computing

The growth in data use and consumption means the needs of IT managers are changing, and a survey from Omdia (formerly IHS Markit) found data-center operators are looking for intelligence of all sorts, not just the artificial kind.Omdia analysts recently surveyed IT leaders from 140 North American enterprises with at least 101 employees working in North American offices and data centers and asked them what features they wanted the most in their networking technology.The results say respondents expect to more than double their average number of data-center sites between 2019 and 2021, and the average number of servers deployed in data centers is expected to double over the same timeline.To read this article in full, please click here

Tradeoffs Come in Threes

On a Spring 2019 walk in Beijing I saw two street sweepers at a sunny corner. They were beat-up looking and grizzled but probably younger than me. They’d paused work to smoke and talk. One told a story; the other’s eyes widened and then he laughed so hard he had to bend over, leaning on his broom. I suspect their jobs and pay were lousy and their lives constrained in ways I can’t imagine. But they had time to smoke a cigarette and crack a joke. You know what that’s called? Waste, inefficiency, a suboptimal outcome. Some of the brightest minds in our economy are earnestly engaged in stamping it out. They’re winning, but everyone’s losing. —Tim Bray

This, in a nutshell, is what is often wrong with our design thinking in the networking world today. We want things to be efficient, wringing the last little dollar, and the last little bit of bandwidth, out of everything.

This is also, however, a perfect example of the problem of triads and tradeoffs. In the case of the street sweeper, we might thing, “well, we could replace those folks sitting around smoking a cigarette and cracking jokes with a robot, making things Continue reading

The Week in Internet News: Hackers Target COVID-19 Research

Hacking the research: Intelligence agencies from the U.S., U.K., and Canada have accused a Russian hacking group of targeting organizations conducting COVID-19 research, the Washington Post reports. The so-called Cozy Bear hacking group is trying to steal vaccine research specifically, the intelligence groups say.

Hacking the tweets: Meanwhile, 130 of Twitter’s most high-profile accounts were targeted by hackers recently, with a few of them compromised, in an apparent bitcoin scam, the New York Post writes. Among the accounts targeted were Kanye West, Elon Musk, Barack Obama, and Warren Buffett. The hackers reportedly paid a Twitter employee to help them with the attack.

No data collection, please: The government of China is cracking down on apps that collect what it considers too much personal data, the South China Morning Post says. The government has ordered several tech companies, including Alibaba Group and Tencent, to remove non-compliant apps as soon as possible.

Broadband is fundamental: Microsoft CEO Satya Nadella has called broadband a “fundamental right” in an interview with CNN. Many rural areas in the U.S. still lack broadband, and that needs to change, he said. “If you think about the rural community today, they are going to Continue reading

Network Break 293: HPE Acquires Silver Peak; Dell Teases VMware Sale

Today's Network Break scrutinizes HPE's big payout for Silver Peak and Dell's plans for a possible sale of VMware. We also discuss new capabilities in VMware Cloud on AWS, a new synthetic monitoring service from Kentik, how NIST thinks "giga" is pronounced, and more.

The post Network Break 293: HPE Acquires Silver Peak; Dell Teases VMware Sale appeared first on Packet Pushers.

Phased Approach to Securing a Data Center

In the fight against relentless cyberattacks, organizations have long relied on traditional perimeter firewalls to protect sensitive workloads and information in the data center. But today, in the era of distributed applications and hybrid cloud environments, we know that perimeter defenses are not enough to stop cybercriminals.  

To improve security postures inside corporate networks — which means protecting against both bad actors who penetrate perimeter defenses and malicious insiders — organizations must monitor, detect, and block hostile east-west (internal) traffic using internal firewalls.  

To datenetwork and security professionals have generally viewed securing east-west traffic as too complex, expensive, and time-consuming for their brownfield, and even greenfield, data centers. At VMware, we agree with that perception: itcertainly true for organizations trying to detect and prevent the lateral movement of attackers by employing traditional, appliance-based perimeter firewalls as internal firewalls.  

There’s a Better Way to Secure the Data Center 

Instead of awkwardly forcing appliance-based firewalls to serve as internal firewallsorganizations should emploa distributed, scale-out internal firewall specifically Continue reading

1 669 670 671 672 673 3,346