Archive

Category Archives for "Networking"

Docker Swarm Services behind the Scenes

Remember the claim that networking is becoming obsolete and that everyone else will simply bypass the networking teams (source)?

Good news for you – there are many fast growing overlay solutions that are adopted by apps and security teams and bypass the networking teams altogether.

That sounds awesome in a VC pitch deck. Let’s see how well that concept works out in reality using Docker Swarm as an example (Kubernetes is probably even worse).

Technologies that Didn’t: The Fiber Distributed Data Interface

Token Ring, in its original form, was—on paper—a very capable physical transport. For instance, because of the token passing capabilities, it could make use of more than 90% of the available bandwidth. In contrast, Ethernet systems, particularly early Ethernet systems using a true “single wire” broadcast domain, cannot achieve nearly that kind of utilization—hence “every device on its own switch port.” The Fiber Distributed Data Interface, or FDDI, is like Token Ring in many ways. For instance, FDDI uses a token to determine when a station connected to the ring can transmit, enabling efficient use of bandwidth.

And yet, Ethernet is the common carrier of almost all wired networks today, and even wireless standards mimic Ethernet’s characteristics. What happened to FDDI?

FDDI is a 100Mbit/second optical standard based on token bus, which used an improved timed token version of the token passing scheme developed for token ring networks. This physical layer protocol standard had a number of fairly unique features. It was a 100Mbit/second standard at a time when Ethernet offered a top speed of 10Mbits/second. Since FDDI could operate over a single mode fiber, it could support distances of 200 kilometers, or around 120 miles. Because it was Continue reading

The State of Routing Security at DNS Registries

The Domain Name System (DNS) is an important component of the Internet, but it was not designed with security in mind. In the last 20 years or so, much attention has been directed at improving its inherently insecure aspects.

This includes the deployment of DNS Security Extensions (DNSSEC) that enables cryptographic validation of DNS records, and more recently DNS-over-TLS and DNS-over-HTTPS, which encrypts DNS transactions between hosts and resolvers.

The DNS, though, is also dependent on the global routing system for sending DNS queries from resolvers to servers, and then returning the responses. The integrity of the routing system is, therefore, extremely important for ensuring DNS transactions are delivered efficiently to the correct destination. Yet, at present, few DNS registries are implementing Routing Public Key Infrastructure (RPKI), a public key infrastructure framework designed to secure the Internet’s routing infrastructure, specifically the Border Gateway Protocol (BGP).

A survey of 4,138 zones – that included 1,201 generic top-level domains (gTLDs), 308 country code top-level domains (ccTLDs), 271 reverse map zones, and 1,780 sub-ccTLD zones – showed a total of 6,910 route origins for the name servers that are serving these zones.

Yet, just 22% of these had valid Route Origin Authorisations (ROA), Continue reading

Improving the Wrangler Startup Experience

Improving the Wrangler Startup Experience
Improving the Wrangler Startup Experience

Today I’m excited to announce wrangler login, an easy way to get started with Wrangler! This summer for my internship on the Workers Developer Productivity team I was tasked with helping improve the Wrangler user experience. For those who don’t know, Workers is Cloudflare’s serverless platform which allows users to deploy their software directly to Cloudflare’s edge network.

This means you can write any behaviour on requests heading to your site or even run fully fledged applications directly on the edge. Wrangler is the open-source CLI tool used to manage your Workers and has a big focus on enabling a smooth developer experience.

When I first heard I was working on Wrangler, I was excited that I would be working on such a cool product but also a little nervous. This was the first time I would be writing Rust in a professional environment, the first time making meaningful open-source contributions, and on top of that the first time doing all of this remotely. But thanks to lots of guidance and support from my mentor and team, I was able to help make the Wrangler and Workers developer experience just a little bit better.

The Problem

The main improvement Continue reading

What’s the Big Deal About Multi-Cloud Networking – Part 2

If you were experiencing issues with Zoom calls today, you were not alone. But if you take a close look at today’s outage, it is clear that it was correlated with an AWS outage today. In fact, most of Zoom runs on AWS, according to AWS. This is despite Oracle’s claim that millions of users … Continue reading What’s the Big Deal About Multi-Cloud Networking – Part 2

11 ways to list and sort files on Linux

There are many ways to list files and display information about them on Linux systems. This post reviews a number of commands that provide details on files and provides options for customizing your file listings to meet your needs.Most of the commands list files within individual directories while others reach as deeply into a file system as you care to look.The primary command for listing files is, of course, ls. This command, however, has an extensive number of options for finding and listing just the files you want to see. Plus, there's always find for helping with very specific file searches.Listing files by name The easiest way to list files by name is simply to list them using the ls command. Listing files by name (alphanumeric order) is, after all, the default. You can choose the ls (no details) or ls -l (lots of details) to determine your view.To read this article in full, please click here

The White Board and the Simulation

In the argument between OSPF and BGP in the data center fabric over at Justin’s blog, I am decidedly in the camp of IS-IS. Rather than lay my reasons out here, however (a topic for another blog post?), I want to focus on something else Justin said that I think is incredibly important for network engineers to understand.

I think whiteboards are the most important tool for network design currently available, which makes me sad. I wish that wasn’t true, I want much better tools. I can’t even tell you the number of disasters averted by 2-3 great network engineers arguing over a whiteboard.

I remember—way back—when I was working on the problems around making a link-state protocol work well in a Mobile Ad Hoc Network (MANET), we had two competing solutions presented to the IETF. The first solution was primarily based on whiteboarding through various options and coming up with one that should reduce flooding to an acceptable level. The second was less optimal on the whiteboard but supported by simulations showing it should reduce flooding more effectively.

Which solution “won?” I don’t know what “winning” might mean here, but the solution designed on the whiteboard has Continue reading

Network Break 298: Arista Launches CloudVision As A Service; Cisco, Megaport Partner On SD-WAN

Take a Network Break! Pass around the virtual pickles as we delve into Arista's new SaaS version of CloudVision, Cisco and Megaport's SD-WAN partnership, new Intent-Based Networking features from Apstra, and more tech news.

The post Network Break 298: Arista Launches CloudVision As A Service; Cisco, Megaport Partner On SD-WAN appeared first on Packet Pushers.

The Week in Internet News: Facebook Bans Conspiracy Accounts

Ban hammer: Facebook has banned banned about 900 pages and groups and 1,500 ads tied to the conspiracy theory QAnon, NBC News reports. QAnon followers believe an anonymous, supposed government insider has warned them about a massive group of satanic cannibals and pedophiles inside the U.S. government. QAnon, militia movements, and violent movements tied to protests will no longer be allowed to buy ads on Facebook, the social media giant said.

That’s really fast: Researchers from University College London have been able to transmit data at 178 terabits per second, The Independent says. That speed is double the speed of any current system being used, and about 20 percent faster than the previous record. With that speed, an Internet user could download the entire Netflix library in just one second.

Cracks in the ‘Net: U.S. President Donald Trump’s campaign against Chinese services TikTok and WeChat could further fracture the Internet, the New York Times reports. “China and the United States once acted like opposites when it came to governing the internet … When President Donald Trump issued executive orders that could lead to a U.S. ban next month on two of the world’s most popular Chinese-made apps, TikTok Continue reading

KubeCon EU: Envoy Looks to WebAssembly to Extend Microservices Monitoring

The whole agile move towards autonomous development is great to embrace the individual team and even engineer preference. However, there’s no doubt it makes it difficult for governance. It’s hard to monitor, observe and learn from disparate tooling. Tetrate.io, KubeCon + CloudNativeCon Europe, virtual edition, a new Envoy extension as a single interpretation for these many languages. He started by saying how: “One fundamental purpose of Envoy is its ability to see into every single request received or made by your application.” Skopets says the next step is to extend Envoy as a way to learn from actual traffic in an efficient, flexible and simple manner. This usually involves natively developing Envoy in C++ and statically linking into the Envoy binary. He says this involves a lot of custom builds of Envoy which leads to “a lot of investment and commitment upfront.” Skopets suggests instead using AssemblyScript, which is a subset of the Fork the code for this instance on Github. KubeCon + CloudNativeCon is a sponsor of The New Stack. Feature image by Pixabay. The post KubeCon EU: Envoy Looks to WebAssembly to Extend Microservices Monitoring appeared first on The New Stack.

Delivering HTTP/2 upload speed improvements

Delivering HTTP/2 upload speed improvements
Delivering HTTP/2 upload speed improvements

Cloudflare recently shipped improved upload speeds across our network for clients using HTTP/2. This post describes our journey from troubleshooting an issue to fixing it and delivering faster upload speeds to the global Internet.

We launched speed.cloudflare.com in May 2020 to give our users insight into how well their networks perform. The test provides download, upload and latency tests. Soon after release, we received reports from a small number of users that sometimes upload speeds were underreported. Our investigation determined that it seemed to happen with end users that had high upload bandwidth available (several hundreds Mbps class cable modem or fiber service). Our speed tests are performed via browser JavaScript, and most browsers use HTTP/2 by default. We found that HTTP/2 upload speeds were sometimes much slower than HTTP/1.1 (assuming all TLS) when the user had high available upload bandwidth.

Upload speed is more important than ever, especially for people using home broadband connections. As many people have been forced to work from home they’re using their broadband connections differently than before. Prior to the pandemic broadband traffic was very asymmetric (you downloaded way more than you uploaded… think listening to music, or streaming a movie), Continue reading

5G spectrum auctions expected in 2021 after Pentagon gives up frequencies

The U.S. Department of Defense will turn over some of its 5G frequency spectrum in a bid to help U.S. carriers bring commercial 5G services to market faster. 5G resources What is 5G? Fast wireless technology for enterprises and phones Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises The DoD controls large portions of the mid-band 5G spectrum in the 3 GHz to 6 GHz range, which is used for military radar. Earlier this year, the White House and DoD formed "America's Mid-Band Initiative Team," or AMBIT, with the goal of making a contiguous, 100 MHz segment of mid-band spectrum available for use in 5G development by the end of the summer.To read this article in full, please click here