Archive

Category Archives for "Networking"

Making the WAF 40% faster

Making the WAF 40% faster

Cloudflare’s Web Application Firewall (WAF) protects against malicious attacks aiming to exploit vulnerabilities in web applications. It is continuously updated to provide comprehensive coverage against the most recent threats while ensuring a low false positive rate.

As with all Cloudflare security products, the WAF is designed to not sacrifice performance for security, but there is always room for improvement.

This blog post provides a brief overview of the latest performance improvements that were rolled out to our customers.

Transitioning from PCRE to RE2

Back in July of 2019, the WAF transitioned from using a regular expression engine based on PCRE to one inspired by RE2, which is based around using a deterministic finite automaton (DFA) instead of backtracking algorithms. This change came as a result of an outage where an update added a regular expression which backtracked enormously on certain HTTP requests, resulting in exponential execution time.

After the migration was finished, we saw no measurable difference in CPU consumption at the edge, but noticed execution time outliers in the 95th and 99th percentiles decreased, something we expected given RE2's guarantees of a linear time execution with the size of the input.

As the WAF engine uses a thread Continue reading

Day Two Cloud 055: Securing Cloud Infrastructure And Applications

Security is difficult and tricky, but we've got an amazing guest on today's Day Two Cloud podcast to help you improve your security posture and manage your cloud risk. Our guest is Tanya Janca, Founder, Security Trainer, and Coach at She Hacks Purple. We discuss key security areas including the network, identity, and applications; taking advantage of cloud visibility; securing SaaS apps; and more.

Day Two Cloud 055: Securing Cloud Infrastructure And Applications

Security is difficult and tricky, but we've got an amazing guest on today's Day Two Cloud podcast to help you improve your security posture and manage your cloud risk. Our guest is Tanya Janca, Founder, Security Trainer, and Coach at She Hacks Purple. We discuss key security areas including the network, identity, and applications; taking advantage of cloud visibility; securing SaaS apps; and more.

The post Day Two Cloud 055: Securing Cloud Infrastructure And Applications appeared first on Packet Pushers.

Modular networking in a volatile business environment

Organizational change, growth, and environmental diversity are all challenges for IT teams, and they’re going to be a part of everyday life for the foreseeable future. As the number of device models and network architectures increases, so, too, does management complexity. Coping with 2020’s ongoing gift of unpredictability requires technological agility, something Cumulus Networks, acquired by NVIDIA, can help you with.

It’s easy to worry about the consequences of our collective, rapidly changing economic circumstances as though the problems presented are somehow novel. They’re not.

2020 has increased uncertainty, leading to an increased velocity of change, but change is the only constant in life, and the need for agile networking has been obvious to many in the industry for some time. Even without problems like having to rapidly figure out how to cope with large chunks of the workforce working from home, change-responsive networking has been a challenge for organizations experiencing growth for decades, a problem many continue to struggle with today.

At a practical level, one of the biggest problems with rapid change is that it quickly leads to a dilemma: precisely meet the needs of the moment, resulting in a significant uptick in equipment diversity, or deploy Continue reading

Heavy Networking 526: Rethinking Your Global Enterprise WAN With Telia Carrier (Sponsored)

In today’s sponsored Heavy Networking podcast we talk to Telia Carrier. Telia runs its own global IP backbone, and as the public Internet becomes the de facto enterprise WAN, your choice of carrier becomes critical. Our guest is Mattias Fridström, Vice President & Chief Evangelist at Telia Carrier. We discuss why enterprises should consider Telia services including DCI, cloud connections, and SD-WAN.

Heavy Networking 526: Rethinking Your Global Enterprise WAN With Telia Carrier (Sponsored)

In today’s sponsored Heavy Networking podcast we talk to Telia Carrier. Telia runs its own global IP backbone, and as the public Internet becomes the de facto enterprise WAN, your choice of carrier becomes critical. Our guest is Mattias Fridström, Vice President & Chief Evangelist at Telia Carrier. We discuss why enterprises should consider Telia services including DCI, cloud connections, and SD-WAN.

The post Heavy Networking 526: Rethinking Your Global Enterprise WAN With Telia Carrier (Sponsored) appeared first on Packet Pushers.

Kuma, a New CNCF Project, Enhances the Control Plane for Mixed Infrastructure

“I’m pretty sure that you won’t hear anybody saying, ‘Oh, yeah, we implemented a service mesh, and it was easy to do.’ They were just extremely complicated systems,” said Marco Palladino. The first generation of service meshes, released around 2017, “came with lots of moving parts, lots of dependencies, and lots of assumptions that we did not necessarily agree with.” Those meshes were hyperfocused on Kubernetes, he said, while customers, though perhaps running K8s, also were still running virtual machines. They don’t scale and require a new cluster for each mesh.

How to test HTTP/3 and QUIC with Firefox Nightly

How to test HTTP/3 and QUIC with Firefox Nightly
How to test HTTP/3 and QUIC with Firefox Nightly

HTTP/3 is the third major version of the Hypertext Transfer Protocol, which takes the bold step of moving away from TCP to the new transport protocol QUIC in order to provide performance and security improvements.

During Cloudflare's Birthday Week 2019, we were delighted to announce that we had enabled QUIC and HTTP/3 support on the Cloudflare edge network. This was joined by support from Google Chrome and Mozilla Firefox, two of the leading browser vendors and partners in our effort to make the web faster and more reliable for all. A big part of developing new standards is interoperability, which typically means different people analysing, implementing and testing a written specification in order to prove that it is precise, unambiguous, and actually implementable.

At the time of our announcement, Chrome Canary had experimental HTTP/3 support and we were eagerly awaiting a release of Firefox Nightly. Now that Firefox supports HTTP/3 we thought we'd share some instructions to help you enable and test it yourselves.

How do I enable HTTP/3 for my domain?

Simply go to the Cloudflare dashboard and flip the switch from the "Network" tab manually:

How to test HTTP/3 and QUIC with Firefox Nightly

Using Firefox Nightly as an HTTP/3 client

Firefox Nightly has experimental support for Continue reading

Nimble tech startups find ways to navigate the pandemic

The economic devastation of the global COVID-19 pandemic has many businesses fighting for survival, but dealing with chaos and uncertainty comes with the territory for a certain category of business: Startups.They thrive on disruption (or at least that’s the message they pitch to investors), but is the lean, move-fast-and-break-things model one that can survive global disruptions?Unlike retail, travel, and tourism that have been hammered by the downturn, data-center and networking businesses have fared better, with some such as teleconferencing seeing spikes in demand.To read this article in full, please click here

Beyond the Usual: Challenges, Opportunities, and Insights in Asia-Pacific

Last month, we held our inaugural APAC Insights. The idea behind this is to bring together thought leaders and subject matter experts to discuss issues related to the Internet and its use in the Asia-Pacific.

However, the intention is not to make this another run-of-the-mill talk shop – rather, we want this to be a forum that shares and contrasts experiences, explores challenges and opportunities in a pragmatic way, and provides attendees insights into the issues beyond the usual.

With the global pandemic causing major disruptions to our professional and personal lives, the topic for the first APAC Insights zoomed in on the role the Internet has played in helping communities deal with the coronavirus pandemic.

Speakers from across the region – representing the world’s largest Internet shutdown to the world’s strictest – discussed initiatives that worked well and those that didn’t work so well, and the critical role of the Internet in rolling out these initiatives. During a Q&A segment, attendees had the opportunity to ask the speakers questions.

One of the key points made was that even though the Asia-Pacific is regarded as a mobile-first region, the shutdowns demonstrated (in some countries in particular) how fragile connectivity can Continue reading

The Network is not Free: The Case of the Connected Toaster

Latency is a big deal for many modern applications, particularly in the realm of machine learning applied to problems like determining if someone standing at your door is a delivery person or a … robber out to grab all your smart toasters and big screen television. The problem is networks, particularly in the last mile don’t deal with latency very well. In fact, most of the network speeds and feeds available in anything outside urban areas kindof stinks. The example given by Bagchi et al. is this—

A fixed video sensor may generate 6Mbps of video 24/7, thus producing nearly 2TB of data per month—an amount unsustainable according to business practices for consumer connections, for example, Comcast’s data cap is at 1TB/month and Verizon Wireless throttles traffic over 26GB/month. For example, with DOCSIS 3.0, a widely deployed cable Internet technology, most U.S.-based cable systems deployed today support a maximum of 81Mbps aggregated over 500 home—just 0.16Mbps per home.

Bagchi, Saurabh, Muhammad-Bilal Siddiqui, Paul Wood, and Heng Zhang. “Dependability in Edge Computing.” Communications of the ACM 63, no. 1 (December 2019): 58–66. https://doi.org/10.1145/3362068.

The authors claim a lot of the problem here is just Continue reading

Network Break 290: HPE Unveils Edge-To-Cloud Strategy; Anuta, Juniper Partner On Automation

Take a Network Break! We cover HPE's virtual Discover event, including news on Greenlake and Ezmeral. LiveAction extends its portfolio with cloud monitoring, Anuta and Juniper partner around network automation, VMware releases a private beta of VMC on Oracle Cloud, and more tech news.

The post Network Break 290: HPE Unveils Edge-To-Cloud Strategy; Anuta, Juniper Partner On Automation appeared first on Packet Pushers.

The Week in Internet News: Google to Pay Some News Publishers

News isn’t free: Google has announced it will pay some news publishers in a “new news experience” it is rolling out later this year, TechCrunch reports. News outlets in Germany, Australia, and Brazil are among the first group of publishers that have signed on. The goal is to “help participating publishers monetize their content through an enhanced storytelling experience that lets people go deeper into more complex stories, stay informed and be exposed to a world of different issues and interests,” Google says.

AI in HR: Japanese companies are turning to artificial intelligence to help hire employees, Japan Times says. SoftBank says it has cut labor time by 75 percent by using AI to sift through tens of thousands of resumes. Still, some companies are concerned about AI giving them inappropriate or discriminatory decisions.

Attacking encryption: Three U.S. Senators have introduced legislation that would require tech companies to help law enforcement agencies defeat end-to-end encryption, PC Mag reports. The Republican bill would allow courts to order companies to bypass encryption when police agencies request it.

More broadband for all: In the meantime, a group of U.S. representatives has introduced legislation to spend $100 billion to deploy fiber-based broadband Continue reading