Archive

Category Archives for "Networking"

Technologies that Didn’t: Asynchronous Transfer Mode

One of the common myths of the networking world is there were no “real” networks before the early days of packet-based networks. As myths go, this is not even a very good myth; the world had very large-scale voice and data networks long before distributed routing, before packet-based switching, and before any of the packet protocols such as IP. I participated in replacing a large scale voice and data network, including hundreds of inverse multiplexers that tied a personnel system together in the middle of the 1980’s. I also installed hundreds of terminal emulation cards in Zenith Z100 and Z150 systems in the same time frame to allow these computers to connect to mainframes and newer minicomputers on the campus.

All of these systems were run through circuit-switched networks, which simply means the two end points would set up a circuit over which data would travel before the data actually traveled. Packet switched networks were seen as more efficient at the time because the complexity of setting these circuits up, along with the massive waste of bandwidth because the circuits were always over provisioned and underused.

The problem, at that time, with packet-based networks was the sheer overhead of switching Continue reading

Anchoring Trust: A Hardware Secure Boot Story

Anchoring Trust: A Hardware Secure Boot Story
Anchoring Trust: A Hardware Secure Boot Story

As a security company, we pride ourselves on finding innovative ways to protect our platform to, in turn, protect the data of our customers. Part of this approach is implementing progressive methods in protecting our hardware at scale. While we have blogged about how we address security threats from application to memory, the attacks on hardware, as well as firmware, have increased substantially. The data cataloged in the National Vulnerability Database (NVD) has shown the frequency of hardware and firmware-level vulnerabilities rising year after year.

Technologies like secure boot, common in desktops and laptops, have been ported over to the server industry as a method to combat firmware-level attacks and protect a device’s boot integrity. These technologies require that you create a trust ‘anchor’, an authoritative entity for which trust is assumed and not derived. A common trust anchor is the system Basic Input/Output System (BIOS) or the Unified Extensible Firmware Interface (UEFI) firmware.

While this ensures that the device boots only signed firmware and operating system bootloaders, does it protect the entire boot process? What protects the BIOS/UEFI firmware from attacks?

The Boot Process

Before we discuss how we secure our boot process, we will first Continue reading

SD-WAN needs a dose of AIOps to deliver automation

Software-defined WAN (SD-WAN) is getting a big boost from AIOps as vendors look to simplify operations, lower costs, and optimize WAN performance in the modern cloud era.SD-WAN decouples the control aspect of a network from the hardware to create a virtualized network overlay, while AIOps applies machine learning and data analytics to IT operations to automate processes. The convergence of the two – a.k.a. AI-driven WAN – promises to usher in a new era of WAN networking that enables IT to go beyond optimizing network and application experiences to delivering the best experiences to individual users. To read this article in full, please click here

How Fast Can We Detect a Network Failure?

In the introductory fast failover blog post I mentioned the challenge of fast link- and node failure detection, and how it makes little sense to waste your efforts on fast failover tricks if the routing protocol convergence time has the same order of magnitude as failure detection time.

Now let’s focus on realistic failure detection mechanisms and detection times. Imagine a system connecting a hardware switching platform (example: data center switch or a high-end router) with a software switching platform (midrange router):

How Fast Can We Detect a Network Failure?

In the introductory fast failover blog post I mentioned the challenge of fast link- and node failure detection, and how it makes little sense to waste your efforts on fast failover tricks if the routing protocol convergence time has the same order of magnitude as failure detection time.

Now let’s focus on realistic failure detection mechanisms and detection times. Imagine a system connecting a hardware switching platform (example: data center switch or a high-end router) with a software switching platform (midrange router):

World’s fastest supercomputers: Fugaku is still No. 1 at 3X the speed of No. 2

The latest semiannual TOP500 list of the world's fastest supercomputers is topped by Fugaku, the same machine that won in June. Built by Fujitsu, Fugaku is three times as fast as its nearest rival.TOP500 says that competition for its list seems to be lessening, with the full list of 500 systems having the fewest number of new entries since the organization started its tracking. The list is updated every June and November and has tracked the development of supercomputer performance and architecture since 1993. Nevertheless, two brand new systems managed to break into the top 10 list on their first try.To read this article in full, please click here

World’s fastest supercomputers: Fugaku is still No. 1 at 3X the speed of No. 2

The latest semiannual TOP500 list of the world's fastest supercomputers is topped by Fugaku, the same machine that won in June. Built by Fujitsu, Fugaku is three times as fast as its nearest rival.TOP500 says that competition for its list seems to be lessening, with the full list of 500 systems having the fewest number of new entries since the organization started its tracking. The list is updated every June and November and has tracked the development of supercomputer performance and architecture since 1993. Nevertheless, two brand new systems managed to break into the top 10 list on their first try.To read this article in full, please click here

Cisco gains container security with Banzai Cloud buy

In its second cloud-native technology acquisition in as many months, Cisco is buying container security firm Banzai Cloud for an undisclosed amount.Founded in 2017, Banzai is known for developing Kubernetes-based cloud application development and security technologies. It will become part of Cisco's Emerging Technologies and Incubation group, where the company brews new projects for cloud-native networking, security and edge computing environments. READ MORE: Gartner's top 9 strategic technology trends for 2021To read this article in full, please click here

Cisco gains container security with Banzai Cloud buy

In its second cloud-native technology acquisition in as many months, Cisco is buying container security firm Banzai Cloud for an undisclosed amount.Founded in 2017, Banzai is known for developing Kubernetes-based cloud application development and security technologies. It will become part of Cisco's Emerging Technologies and Incubation group, where the company brews new projects for cloud-native networking, security and edge computing environments. READ MORE: Gartner's top 9 strategic technology trends for 2021To read this article in full, please click here

Workers KV – free to try, with increased limits!

Workers KV - free to try, with increased limits!
Workers KV - free to try, with increased limits!

In May 2019, we launched Workers KV, letting developers store key-value data and make that data globally accessible from Workers running in Cloudflare’s over 200 data centers.

Today, we’re announcing a Free Tier for Workers KV that opens up global, low-latency data storage to every developer on the Workers platform. Additionally, to expand Workers KV’s use cases even further, we’re also raising the maximum value size from 10 MB to 25 MB. You can now write an application that serves larger static files directly or JSON blobs directly from KV.

Together with our announcement of the Durable Objects limited beta last month, the Workers platform continues to move toward providing storage solutions for applications that are globally deployed as easily as an application running in a single data center today.

What are the new free tier limits?

The free tier includes 100,000 read operations and 1,000 each of write, list and delete operations per day, resetting daily at UTC 00:00, with a maximum total storage size of 1 GB. Operations that exceed these limits will fail with an error.

Additional KV usage costs $0.50 per million read operations, $5.00 per million list, write and delete operations Continue reading

VMware preps network software to support distributed work, faster application delivery

VMware is extending its core virtual networking product family in an effort to help companies build infrastructure that can stand up to today's challenges, including the shift to remote work and the need to securely move applications across the distributed enterprise.The enhancements span VMware's Tanzu, NSX and SD-WAN products, which fall under the company's Virtual Cloud Network (VCN) architecture. VCN defines how customers can built and control network connectivity and security from the data center across the WAN to multi-cloud environments. The company's core networking software, VMware NSX, underpins the VCN architecture, which also includes analytics capabilities.To read this article in full, please click here

VMware preps network software to support distributed work, faster application delivery

VMware is extending its core virtual networking product family in an effort to help companies build infrastructure that can stand up to today's challenges, including the shift to remote work and the need to securely move applications across the distributed enterprise.The enhancements span VMware's Tanzu, NSX and SD-WAN products, which fall under the company's Virtual Cloud Network (VCN) architecture. VCN defines how customers can built and control network connectivity and security from the data center across the WAN to multi-cloud environments. The company's core networking software, VMware NSX, underpins the VCN architecture, which also includes analytics capabilities.To read this article in full, please click here

Tech Bytes: Protecting Remote Workers From VPN Risks With Zscaler (Sponsored)

Many companies use VPNs to protect their distributed workforce. But VPNs present their own security challenges, from compromised clients to insecure VPN servers. Sponsor Zscaler explains how its cloud-based security service can provide safe, high-performance remote access. Our guest is Lisa Lorenzin, Director, Transformation Strategy at Zscaler.

The post Tech Bytes: Protecting Remote Workers From VPN Risks With Zscaler (Sponsored) appeared first on Packet Pushers.

Upcoming Webinar: Network Troubleshooting

I’m teaching a webinar on troubleshooting theory on the 20th; register here. From the course description:

This training focuses on the half-split system of troubleshooting, which is widely used in the electronic and civil engineering domains. The importance of tracing the path of the signal, using models to put the system in context, and the use of a simple troubleshooting “loop” to focus on asking how, what, and why are added to the half-split method to create a complete theory of troubleshooting. Other concepts covered in this course are the difference between permanent and temporary fixes and a review of measuring reliability. The final third of the course contains several practical examples of working through problems to help in applying the theory covered in the first two sections to the real world.

Casual Dress Considered Harmful?

I remember a time long ago—but then again, everything seems like it was “long ago” to me—when I was flying out to see an operator in a financial district. Someone working with the account asked me what I normally wear… which is some sort of button down and black or grey pants in pretty much any situation. Well, I will put on a sport jacket if I’m teaching in some contexts, but still, the black/grey pants and some sort of button down are pretty much a “uniform” for me. The person working on the account asked me if I could please switch to ragged shorts, a t-shirt, and grow a pony tail because … the folks at the operator would never believe I was an engineer if I dressed to “formal.”

Now I’ve never thought of what I wear as “formal…” it’s just … what I wear. Context, however, is king.

In other situation, I saw a sales engineer go to a store and buy an entirely new outfit because he came to the company’s building wearing a suit and tie … The company in question deals in outdoor gear, and the location was in a small midwestern town, Continue reading