Self-promotion Disguised as Research Paper
From AI is wrestling with a replication crisis (HT: Drew Conry-Murray)
Last month Nature published a damning response written by 31 scientists to a study from Google Health that had appeared in the journal earlier this year. Google was describing successful trials of an AI that looked for signs of breast cancer in medical images. But according to its critics, the Google team provided so little information about its code and how it was tested that the study amounted to nothing more than a promotion of proprietary tech (emphasis mine).
No surprise there, we’ve seen it before (not to mention the “look how awesome we are, but we can’t tell you the details” Jupiter Rising article).
sFlow Monitoring for AI
A Proposal towards sFlow Monitoring Dashboards for AI-controlled NRENs is a recent talk by Mariam Kiran (Esnet) presented at the recent GÉANT Telemetry and Big Data Workshop.
In the talk, Miram describes the set open source tools (Netdata, Prometheus, Zabbix, Ntopng, and PerfSONAR) that they attempted to synthesize a complete picture of the network.
A number of tools were combined since each tool provides a different subset of the measurements needed to drive the AI controller.
Integrating the data from the different sources was a challenge, but they were able to pull the data together into a single Grafana dashboard. Unfortunately, there was a lot of noise in legacy measurement schemes, making the data set unsuitable for training the AI controller.
For background, the talk, Real-time network telemetry for automation, describes why sFlow is uniquely suited to automation, providing the comprehensive, real-time, system-wide, visibility needed to make networked systems observable.
SAD DNS Explained
This week, at the ACM CCS 2020 conference, researchers from UC Riverside and Tsinghua University announced a new attack against the Domain Name System (DNS) called SAD DNS (Side channel AttackeD DNS). This attack leverages recent features of the networking stack in modern operating systems (like Linux) to allow attackers to revive a classic attack category: DNS cache poisoning. As part of a coordinated disclosure effort earlier this year, the researchers contacted Cloudflare and other major DNS providers and we are happy to announce that 1.1.1.1 Public Resolver is no longer vulnerable to this attack.
In this post, we’ll explain what the vulnerability was, how it relates to previous attacks of this sort, what mitigation measures we have taken to protect our users, and future directions the industry should consider to prevent this class of attacks from being a problem in the future.
DNS Basics
The Domain Name System (DNS) is what allows users of the Internet to get around without memorizing long sequences of numbers. What’s often called the “phonebook of the Internet” is more like a helpful system of translators that take natural language domain names (like blog.cloudflare.com or gov.uk) and Continue reading
Heavy Networking 550: Automation Readiness Isn’t About Your Routers (Sponsored)
Today's Heavy Networking podcast examines cross-domain automation. Our sponsor is Cisco and our guest is Omar Sultan, Leader, Product Management for Cisco's Network Services Orchestrator (NSO) product. While the discussion starts with NSO, the conversation also covers dealing with automation complexity, the need for tool choice, and the critical roles that organizational structure and teams play in a successful automation/orchestration effort.Heavy Networking 550: Automation Readiness Isn’t About Your Routers (Sponsored)
Today's Heavy Networking podcast examines cross-domain automation. Our sponsor is Cisco and our guest is Omar Sultan, Leader, Product Management for Cisco's Network Services Orchestrator (NSO) product. While the discussion starts with NSO, the conversation also covers dealing with automation complexity, the need for tool choice, and the critical roles that organizational structure and teams play in a successful automation/orchestration effort.
The post Heavy Networking 550: Automation Readiness Isn’t About Your Routers (Sponsored) appeared first on Packet Pushers.
Looking For a Mentor? Don’t Forget This Important Step!
With the insanity of the pandemic and the knowledge drain that we’re seeing across IT in general, there’s never been a more important time than right now to help out those that are getting started on this rise. The calls for mentors across the community is heartwarming. I’ve been excited personally to see many recognizable names and faces in the Security, Networking, and Wireless communities reaching out to let people know they are available to mentor others or connect them with potential mentors. It’s a way to give back and provide servant leadership to those that need it.
If you’re someone that’s reading this blog right now and looking for a mentor you’re in luck. There are dozens of people out there that are willing to help you out. The kindness of the community is without bounds and there are those that know what it was like to wander through the wilderness for a while before getting on the right track. They are the ones that will be of the most help to you. However, before you slide into someone’s DMs looking for help, you need to keep a few things in mind.
Make Me One With Everything
The single Continue reading
NTC – A Conversation With Daren Fulwell
In this podcast, we sit down with Daren Fulwell. Daren is a long-time network engineer, CCIE and CCDE, and is now a network automation evangelist. Tune in to hear about not only Daren’s journey, but a great discussion dissecting the intersection of SDN, intent-based networking, and how we need more focus on understanding operational processes and workflows to really make a dent within a network automation journey.
Reference Links:
Daren Fulwell
Guest
Jason Edelman
Host
Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/
The post NTC – A Conversation With Daren Fulwell appeared first on Network Collective.
Automated Origin CA for Kubernetes
In 2016, we launched the Cloudflare Origin CA, a certificate authority optimized for making it easy to secure the connection between Cloudflare and an origin server. Running our own CA has allowed us to support fast issuance and renewal, simple and effective revocation, and wildcard certificates for our users.
Out of the box, managing TLS certificates and keys within Kubernetes can be challenging and error prone. The secret resources have to be constructed correctly, as components expect secrets with specific fields. Some forms of domain verification require manually rotating secrets to pass. Once you're successful, don't forget to renew before the certificate expires!
cert-manager is a project to fill this operational gap, providing Kubernetes resources that manage the lifecycle of a certificate. Today we're releasing origin-ca-issuer, an extension to cert-manager integrating with Cloudflare Origin CA to easily create and renew certificates for your account's domains.
Origin CA Integration
Creating an Issuer
After installing cert-manager and origin-ca-issuer, you can create an OriginIssuer resource. This resource creates a binding between cert-manager and the Cloudflare API for an account. Different issuers may be connected to different Cloudflare accounts in the same Kubernetes cluster.
apiVersion: cert-manager.k8s.cloudflare.com/v1
kind: OriginIssuer
metadata:
Continue readingVideo: Getting a Packet Across a Network
After (hopefully) agreeing on what routing, bridging, and switching are, let’s focus on the first important topic in this area: how do we get a packet across the network? Yet again, there are three fundamentally different technologies:
- Source node knows the full path (source routing)
- Source node opened a path (virtual circuit) to the destination node and uses that path to send traffic
- The network performs hop-by-hop destination-address-based packet forwarding.
More details in the Getting Packets Across the Network video.
The video is part of How Networks Really Work webinar and available with Free ipSpace.net Subscription.
Video: Getting a Packet Across a Network
After (hopefully) agreeing on what routing, bridging, and switching are, let’s focus on the first important topic in this area: how do we get a packet across the network? Yet again, there are three fundamentally different technologies:
- Source node knows the full path (source routing)
- Source node opens a path (virtual circuit) to the destination node and uses that path to send traffic
- The network performs hop-by-hop destination-address-based packet forwarding.
More details in the Getting Packets Across the Network video.
The video is part of How Networks Really Work webinar and available with Free ipSpace.net Subscription.
How Better Network Visibility Can Reduce Customer Churn
By instrumenting the network and using additional data sources, IT can maintain high-quality access to critical applications and create a positive end-user experience.IPv6 Buzz 064: The Ghosts Of IPv6
Today's IPv6 Buzz explores some of the RFCs and vendor technologies that didn't quite make it as IPv6 evolved.IPv6 Buzz 064: The Ghosts Of IPv6
Today's IPv6 Buzz explores some of the RFCs and vendor technologies that didn't quite make it as IPv6 evolved.
The post IPv6 Buzz 064: The Ghosts Of IPv6 appeared first on Packet Pushers.
Real-time network telemetry for automation
The video discusses telemetry and requirements for network automation, providing an overview of sFlow measurement architecture and a discussion of recently added packet drop monitoring functionality, and ending with a live demonstration of GPU compute cluster analytics. The slides from the video are available here.
The video is part of recent talk Using Advanced Telemetry to Correlate GPU and Network Performance Issues [A21870] presented at the NVIDIA GTC conference.