Day Two Cloud 078: Cloud Economics Are Ridiculous
Corey Quinn stops by the Day Two Cloud podcast to explore the complicated world of understanding and managing cloud costs, CapEx vs OpEx, cloud lock-in, and other tricky issues. Corey is Chief Cloud Economist at Duckbill Group. He also publishes the Last Week In AWS newsletter.
The post Day Two Cloud 078: Cloud Economics Are Ridiculous appeared first on Packet Pushers.
Day Two Cloud 078: Cloud Economics Are Ridiculous
Corey Quinn stops by the Day Two Cloud podcast to explore the complicated world of understanding and managing cloud costs, CapEx vs OpEx, cloud lock-in, and other tricky issues. Corey is Chief Cloud Economist at Duckbill Group. He also publishes the Last Week In AWS newsletter.CentOS Project shifts focus to CentOS Stream – Blog.CentOS.org
Becomes beta test for RHEL.
Cloudflare’s privacy-first Web Analytics is now available for everyone
In September, we announced that we’re building a new, free Web Analytics product for the whole web. Today, I’m excited to announce that anyone can now sign up to use our new Web Analytics — even without changing your DNS settings. In other words, Cloudflare Web Analytics can now be deployed by adding an HTML snippet (in the same way many other popular web analytics tools are) making it easier than ever to use privacy-first tools to understand visitor behavior.
Why does the web need another analytics service?
Popular analytics vendors have business models driven by ad revenue. Using them implies a bargain: they track visitor behavior and create buyer profiles to retarget your visitors with ads; in exchange, you get free analytics.
At Cloudflare, our mission is to help build a better Internet, and part of that is to deliver essential web analytics to everyone with a website, without compromising user privacy. For free. We’ve never been interested in tracking users or selling advertising. We don’t want to know what you do on the Internet — it’s not our business.
Our customers have long relied on Cloudflare’s Analytics because we’re accurate, fast, and privacy-first. In September we released a Continue reading
Deprecating the __cfduid cookie
Cloudflare is deprecating the __cfduid cookie. Starting on 10 May 2021, we will stop adding a “Set-Cookie” header on all HTTP responses. The last __cfduid cookies will expire 30 days after that.
We never used the __cfduid cookie for any purpose other than providing critical performance and security services on behalf of our customers. Although, we must admit, calling it something with “uid” in it really made it sound like it was some sort of user ID. It wasn't. Cloudflare never tracks end users across sites or sells their personal data. However, we didn't want there to be any questions about our cookie use, and we don’t want any customer to think they need a cookie banner because of what we do.
So why did we use the __cfduid cookie before, and why can we remove it now?
The primary use of the cookie is for detecting bots on the web. Malicious bots may disrupt a service that has been explicitly requested by an end user (through DDoS attacks) or compromise the security of a user's account (e.g. through brute force password cracking or credential stuffing, among others). We use many signals to build machine learning models that can Continue reading
Implement Private VLAN Functionality with Linux Bridge and Libvirt
I wanted to test routing protocol behavior (IS-IS in particular) on partially meshed multi-access layer-2 networks like private VLANs or Carrier Ethernet E-Tree service. I recently spent plenty of time creating a Vagrant/libvirt lab environment on my Intel NUC running Ubuntu 20.04, and I wanted to use that environment in my tests.
Challenge-of-the-day: How do you implement private VLAN functionality with Vagrant using libvirt plugin?
There might be interesting KVM/libvirt options I’ve missed, but so far I figured two ways of connecting Vagrant-controlled virtual machines in libvirt environment:
Implement Private VLAN Functionality with Linux Bridge and Libvirt
I wanted to test routing protocol behavior (IS-IS in particular) on partially meshed multi-access layer-2 networks like private VLANs or Carrier Ethernet E-Tree service. I recently spent plenty of time creating a Vagrant/libvirt lab environment on my Intel NUC running Ubuntu 20.04, and I wanted to use that environment in my tests.
Challenge-of-the-day: How do you implement private VLAN functionality with Vagrant using libvirt plugin?
There might be interesting KVM/libvirt options I’ve missed, but so far I figured two ways of connecting Vagrant-controlled virtual machines in libvirt environment:
Industry Collaboration Key to Scaling Global Communications Infrastructure Beyond Human Cognition
As "big-picture" global collaborations become more visible and more necessary, the combined effects of photonic technologies and a new computing-communications infrastructure will ensure their success.Adapt Business Agility with Modern Load Balancing
It’s no secret that enterprises are rapidly automating the modern network across compute, storage, and network environments. What you may not know is that load balancing is being left behind. Traditional legacy architectures were conceived decades ago and were not designed with the needs of the modern enterprise in mind. They are simply not scalable, agile, or flexible enough. As a result, enterprises have had to overprovision their load balancers — whether physical or virtual — resulting in complexity and waste.
We all know that waste and complexity are the enemy of the modern enterprise, and, thankfully, the cloud offers a solution. Cloud-native load balancers provide automation and elasticity, but they do not come with a rich feature set or provide consistency between on-premises and cloud environments. It’s a tricky trade off that prevents enterprises from truly achieving their digital transformation goals.
But don’t fret. There is a viable solution. VMware NSX Advanced Load Balancer (ALB) gives enterprises the best of both worlds — an adaptable, flexible, and scalable load balancer that combines the simplicity of the public cloud with the rich features inherent in an enterprise-grade solution. Check out Ashish Shah’s VMworld breakout session on the need for a Continue reading
Docker CLI Cheat Sheet
Docker is a fantastic tool. In this post I am documenting common/useful commands for working with the Docker CLI. Containers Show all local running containers. Show all local containers. Stop all local running containers. Stop all local stopped containers. Images Show all local...Bookmarked Articles
Interesting articles that I have read on random topics.Operationalizing Advanced East-West Security at Scale in the Datacenter
East-west security is the new battleground for keeping enterprises safe from malicious actors. As we all know, perimeters will be breached. That’s a given. The massive scale of data center infrastructure makes it too easy for bad actors to find a vulnerable, unpatched server, penetrate it, and hide out — often for months and years — stealing your information, monitoring your communications, and causing disruptions.
According to Ambika Kapur, vice president of product marketing for VMware’s networking and security business unit, it’s imperative that enterprises come to the realization that bad actors will get into the network — and focus more on blocking their lateral movement once they make that initial breach. She spent years in the firewalling space at Cisco and learned how vulnerable perimeter security can be. Now, at VMware, Kapur is helping to lead the effort to make east-west security a viable option through a software-based approach that is scalable and cost-efficient.
Check out Kapur’s VMworld breakout session on operationalizing east-west security at scale to learn exactly how we are able to stop the lateral spread of threats and ultimately harden enterprise security:
Rather than hairpinning traffic to a dedicated physical appliance, VMware breaks up the firewall Continue reading
Looking Glass of Cloud Networking
Since the 2000 era, the network has changed dramatically, becoming more and more mission-critical. There are so many drivers powering today’s digital network transformation. Think about the Internet of Things or the cloud native applications or OT, operational technology. All of these are connected via cognitive cloud networking with its agile software stack, programmability and a leaf-spine network for all traffic types. This cloud network, pioneered by Arista is hungry for more innovation when it comes to secure visibility. It is a hard problem after all—network data is orders of magnitude more voluminous then typical data sources of ingestion.
Looking Glass of Cloud Networking
Since the 2000 era, the network has changed dramatically, becoming more and more mission-critical. There are so many drivers powering today’s digital network transformation. Think about the Internet of Things or the cloud native applications or OT, operational technology. All of these are connected via cognitive cloud networking with its agile software stack, programmability and a leaf-spine network for all traffic types. This cloud network, pioneered by Arista is hungry for more innovation when it comes to secure visibility. It is a hard problem after all—network data is orders of magnitude more voluminous then typical data sources of ingestion.
Using NetBox for Ansible Source of Truth
Here you will learn about NetBox at a high level, how it works to become a Source of Truth (SoT), and look into the use of the Ansible Content Collection, which is available on Ansible Galaxy. The goal is to show some of the capabilities that make NetBox a terrific tool and why you will want to use NetBox as your network Source of Truth for automation!
Source of Truth
Why a Source of Truth? The Source of Truth is where you go to get the intended state of the device. There does not need to be a single Source of Truth, but you should have a single Source of Truth per data domain, often referred to as the System of Record (SoR). For example, if you have a database that maintains your physical sites that is used by teams outside of the IT domain, that should be the Source of Truth on physical sites. You can aggregate the data from the physical site Source of Truth into other data sources for automation. Just be aware that when it comes time to collect data, then it should come from that other tool.
The first step in creating a network automation Continue reading
Introducing the 2021 Action Plan: Our Commitment to the Internet
About a year ago we launched our 2020 Action Plan with great anticipation. We had a nice neat list of the most urgent Internet issues to tackle, and we would work as a whole community, coming together as people from all over to press for our vision: The Internet is for Everyone.
Then 2020 came and we learned how quickly plans can be upended.
Yet it has underscored that the Internet is not only a global technical infrastructure, but also a resource that enriches people’s lives. Our world – our ability to work, keep in touch, and share information – would be radically different without it. This gives our work a renewed sense of urgency.
The Internet needs a voice.
Today, nearly half the people of the world still have no access and far too many people live in places where the Internet is expensive, slow, and congested.
Today, too few Internet policy discussions are based on facts and measurements, while too many start from a mistaken understanding of how the Internet works. Far too many companies and politicians would rather their customers and voters be passive consumers than the active, powerful contributors they can be.
Today, too many governments Continue reading
Tier 1 Carriers Performance Report: November, 2020
The post Tier 1 Carriers Performance Report: November, 2020 appeared first on Noction.
BiB099: Isovalent Brings You Cilium Enterprise
Isovalent is essentially a commercially supported flavor of Cilium, although it’s more than that. Isovalent is offering Cilium Enterprise, which adds more capability to the Cilium Community project. Is there enough “more” to make you want to invest in Cilium Enterprise? That will depend on your organizational needs, of course, but the differences are substantial enough to warrant investigation.
The post BiB099: Isovalent Brings You Cilium Enterprise appeared first on Packet Pushers.