A Look at the New Calico eBPF Dataplane
Calico was designed from the ground up with a pluggable dataplane architecture. The Calico 3.13 release introduced an exciting new eBPF (extended Berkeley Packet Filter) dataplane targeted at those ready to adopt newer kernel versions and wanting to push the Linux kernel’s latest networking capabilities to the limit. In addition to improved throughput and latency performance compared to the standard Linux networking data plane, Calico’s eBPF data plane also includes native support for Kubernetes services without the need to run kube-proxy. One of the ways Calico’s eBPF dataplane realizes these improvements is through source IP preservation and Direct Server Return (DSR)
Kube-proxy and Source IP
The application of Network Address Translation (NAT) by kube-proxy to incoming network connections to Kubernetes services (e.g. via a service node port) is a frequently encountered friction point with Kubernetes networking. NAT has the unfortunate side effect of removing the original client source IP address from incoming traffic. When this occurs, Kubernetes network policies can’t restrict incoming traffic from specific external clients. By the time the traffic reaches the pod it no longer has the original client IP address. For some applications, knowing the source IP address is desirable or required. For example, Continue reading
Dictionary: TANSTAAFL: There Ain’t No Such Thing As A Free Lunch
Obvious really
The post Dictionary: TANSTAAFL: There Ain’t No Such Thing As A Free Lunch appeared first on EtherealMind.
The Hedge Podcast 44: Pete Lumbis and Open Source
Open source software is everywhere, it seems—and yet it’s nowhere at the same time. Everyone is talking about it, but how many people and organizations are actually using it? Pete Lumbis at NVIDIA joins Tom Ammon and Russ White to discuss the many uses and meanings of open source software in the networking world.
Are Your Virtual Meetings Accessible for People with Disabilities? Start with This Checklist
The COVID-19 pandemic has changed the way humans interact with one another. With an emphasis on less physical interaction and more social distancing, institutions and organizations are moving their work and meetings online.
People with disabilities form about 15 percent of world population, so it is all the more important these online meetings are made accessible.
The Internet Society Accessibility Special Interest Group (Accessibility SIG) aims to make the Internet and its attendant technologies accessible to the largest audience possible, regardless of disabilities. The digital divide is not just about having the access to digital technology, it could also be about having the access to technology and not being able to use it. Our digital products must be usable by all. Many laws and the Internet Society’s vision – the Internet is for everyone – demand that we provide everyone with an equal experience.
The Accessibility SIG is planning a series of seven webinars discussing this very topic. Our first one was titled When Rhetoric Meets Reality: Digital Accessibility, Persons With Disabilities and COVID-19 and was held on May 28.
The way we design and build can make it hard – and sometimes impossible – for people with disabilities to access Continue reading
Cumulus content roundup: June 2020
June seems like a lifetime ago but there was so much content we wanted to make sure was on your radar. We know you may be thinking but wait, didn’t something big happen to Cumulus Networks in June? You would be right! We’re excited to share that we are now officially NVIDIA®. Along with the news, we kept very busy with fresh podcast episodes, informative blog posts and much more so take a minute to dive on in and catch up on it all here.
From Cumulus Networks, now NVIDIA
Cumulus Networks’ President and Chief Product Officer, Partho Mishra, on the NVIDIA-Cumulus acquisition.: Partho Mishra answers your questions regarding the strategic focus of the new networking business unit at NVIDIA & the future of open networking.
Open source — the great equalizer.: Technology is a great equalizer and the open source movement has played a huge role in making this true and accelerating the process.
Remote work makes network visibility more critical than ever: We’re living through a major shift in the way employees work, extending the boundaries of what was once a tightly controlled environment.
Kernel of Truth season 3 episode 8: Cumulus Linux in action Continue reading
Cloudflare Network expands to more than 100 Countries
2020 has been a historic year that will forever be associated with the COVID-19 pandemic. Over the past six months, we have seen societies, businesses, and entire industries unsettled. The situation at Cloudflare has been no different. And while this pandemic has affected each and every one of us, we here at Cloudflare have not forgotten what our mission is: to help build a better Internet.
We have expanded our global network to 206 cities across more than 100 countries. This is in addition to completing 40+ datacenter expansion projects and adding over 1Tbps in dedicated “backbone” (transport) capacity connecting our major data centers so far this year.
Pandemic times means new processes
There was zero chance that 2020 would mean business as usual within the Infrastructure department. We were thrown a curve-ball as the pandemic began affecting our supply chains and operations. By April, the vast majority of the world’s passenger flights were grounded. The majority of bulk air freight ships within the lower deck (“belly”) of these flights, which saw an imbalance between supply and demand with the sudden 74% decrease in passenger belly cargo capacity relative to the same period last year.
We were fortunate to have Continue reading
Day Two Cloud 057: See Your Data With Grafana
Day Two Cloud gets into data visualization with the open-source Grafana project. Grafana helps you visualize, alert on, and query all kinds of data and metrics. We look at how Grafana works, how it manipulates and stores data, and common use cases. Our guest is Ryan McKinley, VP of Applications at Grafana.Day Two Cloud 057: See Your Data With Grafana
Day Two Cloud gets into data visualization with the open-source Grafana project. Grafana helps you visualize, alert on, and query all kinds of data and metrics. We look at how Grafana works, how it manipulates and stores data, and common use cases. Our guest is Ryan McKinley, VP of Applications at Grafana.
The post Day Two Cloud 057: See Your Data With Grafana appeared first on Packet Pushers.
Introduction to Segment Routing
Jeff Tantsura and Nick Buraglio bring a wealth of knowledge to this Network Collective Introduction to Segment Routing webinar. In this webinar we cover the fundamental SR technologies and how they work, as well as some of the practical implementation details that can only be learned by working with the technology directly.
Jeff Tantsura
Host
Nick Buraglio
Host
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post Introduction to Segment Routing appeared first on Network Collective.
BGP EVPN Underlay Network with BGP (Multi-AS)
Introduction
The focus of this chapter is to explain the BGP Multi-AS Underlay Network design in BGP EVPN/VXLAN Fabric. It starts by explaining the BGP configuration because this way explanation can be done by using show and debug command as well as taking packet captures. The next section discusses of BGP adjacency process and its related states (Idle, Connect/Active, OpenSent, Open Confirm and Established). After that, this chapter explains the BGP routing discussing how connected routes are sent from RIB to Loc-RIB and from there to Adj-RIB-Out (Pre/Post). This section also introduces how NLRIs received within BGP Update eventually ends up into the RIB of receiving BGP speaker. In addition, this chapter shortly introduces the MRAI timer as well as a non-disruptive device maintenance solution. The last section tries to give an answer which protocol best fits in the Underlay Network of BGP EVPN fabric.
Infrastructure AS Numbering and IP Addressing Scheme
The AS-numbering scheme used in this chapter is the same as what was used in chapter 1 but instead of using unnumbered interfaces, each inter-switch interface now has an IP address assigned to it. It is possible to use the Unnumbered interface also with BGP using IPv6 Link-Local addressing [RFC 5549]. However, this solution is not supported by all vendors.
Figure 2-1: IP addressing Scheme.
Continue reading
Worth Reading: Working with TC on Linux systems
Here’s one of the weirdest ideas I’ve found recently: patch together two dangling ends of virtual Ethernet cables with PBR.
To be fair, Jon Langemak used that example to demonstrate how powerful tc could be. It’s always fun to see a totally-unexpected aspect of Linux networking… even though it looks like the creators of those tools believed in Perl mentality of creating a gazillion variants of line noise to get the job done.
Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored)
Today's Heavy Networking explores a partnership between Juniper Networks and Anuta Networks to bring low-code network automation to service providers and enterprises. In this sponsored show, we'll dive into how Anuta's ATOM platform integrates with Juniper's NorthStar SDN controller and HealthBot diagnostic software to automate and orchestrate common networking tasks. Our guests are Peter Weinberger, Principal Product Manager at Juniper Networks; and Kiran Sirupa, Head of Marketing at Anuta Networks.
The post Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored) appeared first on Packet Pushers.
Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored)
Today's Heavy Networking explores a partnership between Juniper Networks and Anuta Networks to bring low-code network automation to service providers and enterprises. In this sponsored show, we'll dive into how Anuta's ATOM platform integrates with Juniper's NorthStar SDN controller and HealthBot diagnostic software to automate and orchestrate common networking tasks. Our guests are Peter Weinberger, Principal Product Manager at Juniper Networks; and Kiran Sirupa, Head of Marketing at Anuta Networks.MANRS Welcomes Three New CDN and Cloud Participants
The MANRS Content Delivery Network (CDN) and Cloud Program continues to grow in numbers and in strength with three new participants.
Hostmein, Verisign, and Vultr have deepened their commitment to strengthening the security and resilience of the Internet’s global routing system. Participants of this program, which launched in March 2020, implement important practices for mitigating common routing security threats.
Joining means committing to taking five mandatory, and one optional, security-strengthening actions. These include preventing propagation of incorrect routing information and traffic with illegitimate source IP addresses, and facilitating global operational communication and coordination. Read the full list of actions.
“MANRS is more an idea than a framework, and it is a tremendous idea,” said Hostmein CTO Alexander Stamatis. “It raises awareness, it raises new checks to be implemented in the industry, and it keeps us more in line with the primary mission: keeping the network clean, keeping it safe.
“[MANRS] is better because it was built by engineers for engineers. We discovered issues no other initiatives could detect.”
“MANRS is the best implementation that we have done to date. We have found it to be more effective than other specialised IT certifications. And it is better because it Continue reading
flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking
Magic Transit is Cloudflare’s L3 DDoS Scrubbing service for protecting network infrastructure. As part of our ongoing investment in Magic Transit and our DDoS protection capabilities, we’re excited to talk about a new piece of software helping to protect Magic Transit customers: flowtrackd. flowrackd is a software-defined DDoS protection system that significantly improves our ability to automatically detect and mitigate even the most complex TCP-based DDoS attacks. If you are a Magic Transit customer, this feature will be enabled by default at no additional cost on July 29, 2020.
TCP-Based DDoS Attacks
In the first quarter of 2020, one out of every two L3/4 DDoS attacks Cloudflare mitigated was an ACK Flood, and over 66% of all L3/4 attacks were TCP based. Most types of DDoS attacks can be mitigated by finding unique characteristics that are present in all attack packets and using that to distinguish ‘good’ packets from the ‘bad’ ones. This is called "stateless" mitigation, because any packet that has these unique characteristics can simply be dropped without remembering any information (or "state") about the other packets that came before it. However, when attack packets have no unique characteristics, then "stateful" mitigation is required, because whether a Continue reading
Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN
On today's Network Break we discuss Nokia's new network OS, examine a Cisco/AT&T partnership on SD-WAN, and analyze Google's pullback from a cloud venture in China. We also cover a new video codec and an image format that will save bandwidth, the rise of online learning, and what Uber's Postmates acquisition can tell us about IT startups.Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN
On today's Network Break we discuss Nokia's new network OS, examine a Cisco/AT&T partnership on SD-WAN, and analyze Google's pullback from a cloud venture in China. We also cover a new video codec and an image format that will save bandwidth, the rise of online learning, and what Uber's Postmates acquisition can tell us about IT startups.
The post Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN appeared first on Packet Pushers.
Tech Bytes: Intent-Based Networking And The Evolution Of Automation (Sponsored)
Today's Tech Bytes dives into Intent-Based Networking (IBN) as an evolution of network automation. Apstra is our sponsor for this episode and our guest is Mansour Karam, fouder and President. We discuss how IBN advances traditional automation, Apstra's support for open networking, customer use cases, and more.
The post Tech Bytes: Intent-Based Networking And The Evolution Of Automation (Sponsored) appeared first on Packet Pushers.