Archive

Category Archives for "Networking"

Linkerd’s Little Secret: a Lightning Fast, Service Mesh Focused Rust Network Proxy

KubeCon + CloudNativeCon sponsored this post, in anticipation of Linkerd can deliver critical features such as transparent mutual TLS, gRPC load balancing, blue-green deploys, and golden metrics. But like all abstractions, these features come at a cost. Some of this cost is human in nature: the more complex the service mesh, the more effort required to operate it successfully. Some of the cost is system cost: a service mesh consumes CPU and memory, and introduces latency to the application. Linkerd’s goal is to minimize this cost by being the smallest, fastest service mesh for Kubernetes (a claim which

The Hedge Podcast Episode 42: Andrei Robachevsky and MANRS

The security of the global routing table is foundational to the security of the overall Internet as an ecosystem—if routing cannot be trusted, then everything that relies on routing is suspect, as well. Mutually Agreed Norms for Routing Security (MANRS) is a project of the Internet Society designed to draw network operators of all kinds into thinking about, and doing something about, the security of the global routing table by using common-sense filtering and observation. Andrei Robachevsky joins Russ White and Tom Ammon to talk about MANRS.

More information about MANRS can be found on the project web site, including how to join and how to support global routing security.

download

Working with TC on Linux systems

Hi folks! Long time no talk : ) Life has been incredibly busy for me over the last few months so I’ll apologize in advance for the lack of posts. However – I’m aiming to get back on the horse so please stay tuned!

With that out of the way – I wanted to spend some time in this post talking about the command line tool found on Linux systems called tc. We’ve talked about tc before when we discussed creating some network/traffic simulated topologies and it worked awesome for that use case. If you recall from that earlier post tc is short for Traffic Control and allows users to configure qdiscs. A qdisc is short for Queuing Discipline. I like to think of it as manipulating the Linux kernels packet scheduler.

Note: tc is traditionally part of the iproute2 toolset which Im pretty sure (but not positive) is included in most base Linux distros these days.

When tc comes up – it’s easy to immediately start thinking about QOS, queuing, and packet(traffic) control. And while some of the actions available to you when using tc seem obvious, or at least fit within the mindset of queue disciplines (the drop Continue reading

Open Standards Everywhere: How the Kolkata Chapter Got a Perfect Score

In early May 2020, the Open Standards Everywhere (OSE) project held a series of virtual training sessions for Internet Society Chapters. Over 70 Chapter representatives from around the world learned, in English, French, or Spanish, how to improve the overall security and availability of their Chapter’s websites and web servers by enabling IPv6, HTTP/2, TLS, and DNSSEC.

To assess everyone’s progress we tested each Chapter’s website before and after the training sessions using internet.nl and http2.pro. As a result of the OSE training sessions, many Chapters were able to significantly increase their website’s compliance. But one Chapter in particular, ISOC Kolkata, was able to take its website from 32% compliance to a whopping 100%. We caught up with ISOC Kolkata member Rittika Ratawa, who was nominated by the Chapter to attend the training, to find out more.

The Internet Society: What changes did you make to isockolkata.in as a direct result of the OSE virtual training session?

Rittika: After the training session, the Chapter made several changes. Firstly, we changed our DNS service provider as the one we had been using did not offer DNSSEC services or IPv6. Then we enabled DNSSEC by providing Continue reading

Urban Terror Server on Cisco CSR1000v

We have discussed the configuration of Guest Shell on Cisco CSR 1000v platform in a previous tutorial. The guest shell is a built-in Linux container with CentOS 7 installed, which can be activated on the fly when Linux applications are needed. Our lives are currently affected by SARS-CoV-2 and long-standing quarantine, so why not do […]
Continue reading...

DevAsc – Python Script To Collect Show Commands Output

A colleague needed to connect to several Cisco devices, run some show commands, and save the output. I decided it would be good to practice my Python skills so I coded something together.

Why didn’t do you do this in Ansible, Nornir, or other tool of choice? Because the goal was to learn Python, not minimize amount of work to solve the task.

This work was highly inspired by others such as Debi, John, and wouldn’t be possible without the work from Kirk. Also thanks to Patrick, and Nick for giving me pointers on the code.

From a high level, the script will perform the following tasks:

  • Read commands from a text file “commands.txt”
  • Read devices from a text file “devices.txt”
  • Ask the user for credentials
  • Log in to the devices
  • Perform show commands
  • Save the output to a text file per device

In order to perform the tasks, the script relies on several modules:

Colorama – Used to color code terminal output
Netmiko – Used to setup SSH connection to device and parse the output
Datetime – Used to create a timestamp
Getpass – To get password from user without displaying it to the Continue reading

Wave Glider Robots

This video opened my mind to the ideas of robotic surveillance and data capture of the ocean. Wide range of civilian applications of course. But also police applications for customs and policing for monitoring the seaways around a country. And the military applications for defense and detection. Potentially even delivering a torpedo style payload.

The post Wave Glider Robots appeared first on EtherealMind.

Making the WAF 40% faster

Making the WAF 40% faster

Cloudflare’s Web Application Firewall (WAF) protects against malicious attacks aiming to exploit vulnerabilities in web applications. It is continuously updated to provide comprehensive coverage against the most recent threats while ensuring a low false positive rate.

As with all Cloudflare security products, the WAF is designed to not sacrifice performance for security, but there is always room for improvement.

This blog post provides a brief overview of the latest performance improvements that were rolled out to our customers.

Transitioning from PCRE to RE2

Back in July of 2019, the WAF transitioned from using a regular expression engine based on PCRE to one inspired by RE2, which is based around using a deterministic finite automaton (DFA) instead of backtracking algorithms. This change came as a result of an outage where an update added a regular expression which backtracked enormously on certain HTTP requests, resulting in exponential execution time.

After the migration was finished, we saw no measurable difference in CPU consumption at the edge, but noticed execution time outliers in the 95th and 99th percentiles decreased, something we expected given RE2's guarantees of a linear time execution with the size of the input.

As the WAF engine uses a thread Continue reading

Day Two Cloud 055: Securing Cloud Infrastructure And Applications

Security is difficult and tricky, but we've got an amazing guest on today's Day Two Cloud podcast to help you improve your security posture and manage your cloud risk. Our guest is Tanya Janca, Founder, Security Trainer, and Coach at She Hacks Purple. We discuss key security areas including the network, identity, and applications; taking advantage of cloud visibility; securing SaaS apps; and more.

Day Two Cloud 055: Securing Cloud Infrastructure And Applications

Security is difficult and tricky, but we've got an amazing guest on today's Day Two Cloud podcast to help you improve your security posture and manage your cloud risk. Our guest is Tanya Janca, Founder, Security Trainer, and Coach at She Hacks Purple. We discuss key security areas including the network, identity, and applications; taking advantage of cloud visibility; securing SaaS apps; and more.

The post Day Two Cloud 055: Securing Cloud Infrastructure And Applications appeared first on Packet Pushers.

Modular networking in a volatile business environment

Organizational change, growth, and environmental diversity are all challenges for IT teams, and they’re going to be a part of everyday life for the foreseeable future. As the number of device models and network architectures increases, so, too, does management complexity. Coping with 2020’s ongoing gift of unpredictability requires technological agility, something Cumulus Networks, acquired by NVIDIA, can help you with.

It’s easy to worry about the consequences of our collective, rapidly changing economic circumstances as though the problems presented are somehow novel. They’re not.

2020 has increased uncertainty, leading to an increased velocity of change, but change is the only constant in life, and the need for agile networking has been obvious to many in the industry for some time. Even without problems like having to rapidly figure out how to cope with large chunks of the workforce working from home, change-responsive networking has been a challenge for organizations experiencing growth for decades, a problem many continue to struggle with today.

At a practical level, one of the biggest problems with rapid change is that it quickly leads to a dilemma: precisely meet the needs of the moment, resulting in a significant uptick in equipment diversity, or deploy Continue reading

Heavy Networking 526: Rethinking Your Global Enterprise WAN With Telia Carrier (Sponsored)

In today’s sponsored Heavy Networking podcast we talk to Telia Carrier. Telia runs its own global IP backbone, and as the public Internet becomes the de facto enterprise WAN, your choice of carrier becomes critical. Our guest is Mattias Fridström, Vice President & Chief Evangelist at Telia Carrier. We discuss why enterprises should consider Telia services including DCI, cloud connections, and SD-WAN.

Heavy Networking 526: Rethinking Your Global Enterprise WAN With Telia Carrier (Sponsored)

In today’s sponsored Heavy Networking podcast we talk to Telia Carrier. Telia runs its own global IP backbone, and as the public Internet becomes the de facto enterprise WAN, your choice of carrier becomes critical. Our guest is Mattias Fridström, Vice President & Chief Evangelist at Telia Carrier. We discuss why enterprises should consider Telia services including DCI, cloud connections, and SD-WAN.

The post Heavy Networking 526: Rethinking Your Global Enterprise WAN With Telia Carrier (Sponsored) appeared first on Packet Pushers.

Kuma, a New CNCF Project, Enhances the Control Plane for Mixed Infrastructure

“I’m pretty sure that you won’t hear anybody saying, ‘Oh, yeah, we implemented a service mesh, and it was easy to do.’ They were just extremely complicated systems,” said Marco Palladino. The first generation of service meshes, released around 2017, “came with lots of moving parts, lots of dependencies, and lots of assumptions that we did not necessarily agree with.” Those meshes were hyperfocused on Kubernetes, he said, while customers, though perhaps running K8s, also were still running virtual machines. They don’t scale and require a new cluster for each mesh.

How to test HTTP/3 and QUIC with Firefox Nightly

How to test HTTP/3 and QUIC with Firefox Nightly
How to test HTTP/3 and QUIC with Firefox Nightly

HTTP/3 is the third major version of the Hypertext Transfer Protocol, which takes the bold step of moving away from TCP to the new transport protocol QUIC in order to provide performance and security improvements.

During Cloudflare's Birthday Week 2019, we were delighted to announce that we had enabled QUIC and HTTP/3 support on the Cloudflare edge network. This was joined by support from Google Chrome and Mozilla Firefox, two of the leading browser vendors and partners in our effort to make the web faster and more reliable for all. A big part of developing new standards is interoperability, which typically means different people analysing, implementing and testing a written specification in order to prove that it is precise, unambiguous, and actually implementable.

At the time of our announcement, Chrome Canary had experimental HTTP/3 support and we were eagerly awaiting a release of Firefox Nightly. Now that Firefox supports HTTP/3 we thought we'd share some instructions to help you enable and test it yourselves.

How do I enable HTTP/3 for my domain?

Simply go to the Cloudflare dashboard and flip the switch from the "Network" tab manually:

How to test HTTP/3 and QUIC with Firefox Nightly

Using Firefox Nightly as an HTTP/3 client

Firefox Nightly has experimental support for Continue reading

Nimble tech startups find ways to navigate the pandemic

The economic devastation of the global COVID-19 pandemic has many businesses fighting for survival, but dealing with chaos and uncertainty comes with the territory for a certain category of business: Startups.They thrive on disruption (or at least that’s the message they pitch to investors), but is the lean, move-fast-and-break-things model one that can survive global disruptions?Unlike retail, travel, and tourism that have been hammered by the downturn, data-center and networking businesses have fared better, with some such as teleconferencing seeing spikes in demand.To read this article in full, please click here