Mike Twumasi Reveals DDI Use Cases
Learn about the benefits and competitive advantages gained when enterprises move to DDI (DNS, DHCP, and IP Address Management).Calico monthly roundup: January 2024
Welcome to the Calico monthly roundup: January edition! From open source news to live events, we have exciting updates to share—let’s get into it!
Join us at CalicoCon 2024 in Paris
We are thrilled to announce that CalicoCon 2024 will be held on March 19 in Paris as a KubeCon + CloudNativeCon Europe 2024 co-located event. Join us for an immersive event focused on the latest trends, strategies, and technologies in Kubernetes networking, security, and observability. Limited spots are available, so register now to secure your spot. |
Customer case study: NuraLogix
AI-driven healthtech company, NuraLogix, improves security and compliance on Amazon EKS using Calico Cloud. |
Tigera has achieved AWS Security Competency status!
Tigera has gained a new AWS Security Competency, which we’re proud to add to our already existing AWS Containers Software Competency. Read about the addition of our newest security competency. |
Securely connect EKS workloads to approved SaaS with Calico Egress Gateway Learn how Calico Egress Gateway for AWS Elastic IP provides a valuable tool to bolster an organization’s defenses and ensure secure and dependable connections to trusted SaaS platforms. |
Open source news
*NEW* GitHub Discussion forum – Looking for Continue reading
connect() – why are you so slow?
It is no secret that Cloudflare is encouraging companies to deprecate their use of IPv4 addresses and move to IPv6 addresses. We have a couple articles on the subject from this year:
- Amazon’s $2bn IPv4 tax – and how you can avoid paying it
- Using DNS to estimate worldwide state of IPv6 adoption
And many more in our catalog. To help with this, we spent time this last year investigating and implementing infrastructure to reduce our internal and egress use of IPv4 addresses. We prefer to re-allocate our addresses than to purchase more due to increasing costs. And in this effort we discovered that our cache service is one of our bigger consumers of IPv4 addresses. Before we remove IPv4 addresses for our cache services, we first need to understand how cache works at Cloudflare.
How does cache work at Cloudflare?
Describing the full scope of the architecture is out of scope of this article, however, we can provide a basic outline:
- Internet User makes a request to pull an asset
- Cloudflare infrastructure routes that request to a handler
- Handler machine returns cached asset, or if miss
- Handler machine reaches to origin server (owned by a customer) to pull the Continue reading
IPB144: AWS Adds New Charge for IPv4, Governments Push toward IPv6
A round-up of IP address news to start the new year: Eric Vyncke of the IETF has created an RFC 6724 website that is an excellent time-saving tool for figuring out source destination address selection processes. AWS announces more IPv6 features and support, and adds a new charge for public IPv4 use. State actors, including... Read more »D2C232: Chaos Engineering: Breaking Things on Purpose
Chaos engineering is all about resilience and reliability… it just takes the harder path to get there. By injecting random and unpredictable behavior to the point of failure, chaos engineers observe systems’ weak points, apply preventative maintenance, and develop a failover plan. Matt Schillerstrom from Harness introduces Ned and Ethan to this wild corner of... Read more »Join us at CalicoCon 2024, co-located with KubeCon + CloudNativeCon Europe 2024
We are excited to announce CalicoCon 2024, an in-person learning event for Project Calico, taking place March 19th, 2024 as a co-located event with KubeCon + CloudNativeCon Europe 2024.
As Kubernetes continues to expand its presence in both enterprises and small-to-medium businesses, understanding container networking and security in managed or self-managed Kubernetes environments becomes crucial. Organizations are now presented with choices for dataplanes, such as eBPF, Windows HNS, and Linux IP tables, multi-cloud and Kubernetes distributions as they scale their applications and make them more performance-efficient. Additionally, the process of creating new cloud-native applications or modernizing legacy applications also presents Kubernetes users with a selection of cutting-edge and mature container networking and security technologies.
To make these decisions to leverage their existing investments and future-proofing, users require guidance on developing and implementing scalable network security policies, selecting dataplanes, achieving low latency, optimizing resources, and integrating with bare metal and VM workloads.
What can you expect?
At CalicoCon, we will provide KubeCon Paris 2024 attendees with an opportunity to actively participate in a full-day event where they will:
- Discuss how to incorporate the latest Calico eBPF container networking and security innovations into their applications
- Discover best practices for securing Continue reading
Rethinking the Impossible: How AI Makes Edge Computing Even More Powerful
Edge computing has evolved from its legacy foundations to its modern format where servers are closer to the end user. Now, the addition of AI allows real-time, automated analysis and insights at the edge, providing benefits for a wide variety of industries.Fulfilling the promise of single-vendor SASE through network modernization
As more organizations collectively progress toward adopting a SASE architecture, it has become clear that the traditional SASE market definition (SSE + SD-WAN) is not enough. It forces some teams to work with multiple vendors to address their specific needs, introducing performance and security tradeoffs. More worrisome, it draws focus more to a checklist of services than a vendor’s underlying architecture. Even the most advanced individual security services or traffic on-ramps don’t matter if organizations ultimately send their traffic through a fragmented, flawed network.
Single-vendor SASE is a critical trend to converge disparate security and networking technologies, yet enterprise "any-to-any connectivity" needs true network modernization for SASE to work for all teams. Over the past few years, Cloudflare has launched capabilities to help organizations modernize their networks as they navigate their short- and long-term roadmaps of SASE use cases. We’ve helped simplify SASE implementation, regardless of the team leading the initiative.
Announcing (even more!) flexible on-ramps for single-vendor SASE
Today, we are announcing a series of updates to our SASE platform, Cloudflare One, that further the promise of a single-vendor SASE architecture. Through these new capabilities, Cloudflare makes SASE networking more flexible and accessible for Continue reading
With Hybrid Work Still Rising, Verizon Partners with Microsoft to Help Mobilize Teams
Verizon Mobile for Microsoft Teams eliminates the most troublesome limitations of past unified communications solutions, such as blending the mobile, in-office, and remote experiences.Removing FRRouting Configuration Is Not Idempotent
One of the few beauties of most “industry standard CLI” implementations1 is that they’re idempotent: nothing changes (apart from ACLs) if you configure the same stuff a dozen times. Most of these implementations allow you to deconfigure the same stuff multiple times; FRRouting is one of the unfortunate exceptions.
I’m not saying what FRRouting does is wrong. It’s just different and a bit unexpected once you get into the mindset of “Wow, it looks almost like Cisco IOS.”
What Am I Talking About?
Imagine you have a bunch of IP prefixes you want to advertise with BGP. You could use network statements within the router bgp configuration to get that done:
Removing FRRouting Configuration Is Not Idempotent
One of the few beauties of most “industry standard CLI” implementations1 is that they’re idempotent: nothing changes (apart from ACLs) if you configure the same stuff a dozen times. Most of these implementations allow you to deconfigure the same stuff multiple times; FRRouting is one of the unfortunate exceptions.
I’m not saying what FRRouting does is wrong. It’s just different and a bit unexpected once you get into the mindset of “Wow, it looks almost like Cisco IOS.”
What Am I Talking About?
Imagine you have a bunch of IP prefixes you want to advertise with BGP. You could use network statements within the router bgp configuration to get that done:
DNS and the DELEG Proposal
The DNS is a large-scale distributed database, where the internal structure of the databaase mirrors the hierarchical nature of the name space itself. In the database the points of delegation from one node to another are de noted by DNS Nameserver records. This structure has served the DNS adequately for many decades, so why change it?DNS and the DELEG Proposal
The DNS is a large-scale distributed database, where the internal structure of the databaase mirrors the hierarchical nature of the name space itself. In the database the points of delegation from one node to another are de noted by DNS Nameserver records. This structure has served the DNS adequately for many decades, so why change it?Adding new LLMs, text classification and code generation models to the Workers AI catalog
Over the last few months, the Workers AI team has been hard at work making improvements to our AI platform. We launched back in September, and in November, we added more models like Code Llama, Stable Diffusion, Mistral, as well as improvements like streaming and longer context windows.
Today, we’re excited to announce the release of eight new models.
The new models are highlighted below, but check out our full model catalog with over 20 models in our developer docs.
Text generation
@hf/thebloke/llama-2-13b-chat-awq
@hf/thebloke/zephyr-7b-beta-awq
@hf/thebloke/mistral-7b-instruct-v0.1-awq
@hf/thebloke/openhermes-2.5-mistral-7b-awq
@hf/thebloke/neural-chat-7b-v3-1-awq
@hf/thebloke/llamaguard-7b-awq
Code generation
@hf/thebloke/deepseek-coder-6.7b-base-awq
@hf/thebloke/deepseek-coder-6.7b-instruct-awq
Bringing you the best of open source
Our mission is to support a wide array of open source models and tasks. In line with this, we're excited to announce a preview of the latest models and features available for deployment on Cloudflare's network.
One of the standout models is deep-seek-coder-6.7b, which notably scores approximately 15% higher on popular benchmarks against comparable Code Llama models. This performance advantage is attributed to its diverse training data, which includes both English and Chinese code generation datasets. In addition, the openhermes-2.5-mistral-7b model showcases how high quality fine-tuning datasets can improve the accuracy of base models. Continue reading
HS064: Mastering the Art of Strategy and Architecture with Pocket Change
Welcome, trailblazers and visionaries! Today, I’m thrilled to unpack a treasure trove of wisdom that zooms into the exhilarating realm of strategy architecture and the craft of sculpting strategy roadmaps on a shoestring budget. The Thrill of Resourcefulness In this episode, my esteemed co-host Johna and I dove headfirst into a challenge that plagues countless... Read more »
Organizations Left Grappling for Solutions Amid Alarming Cloud Security Gaps
The convergence of a Zero Trust framework with enhanced collaboration between security and development teams is foundational to a robust cloud security posture.HW020: How We Got to Wi-Fi 7 and Where We Go From Here
To understand the newest standard, Wi-Fi 7, it helps to look back at Wi-Fi 5 and 6, and even forward to Wi-Fi 8. What’s the reasoning behind the updates? How have they been experienced at the ground level? Who should make the change and when? Host Keith Parsons and Wi-Fi expert Srikanth Subramanian touch on... Read more »BGP Labs: Use Multiple AS Numbers on the Same Router
Can you use BGP to connect to the global Internet without having a public BGP AS number? Of course, assuming your Internet Service Provider is willing to run BGP with a network using a private AS number. But what happens if you want to connect to two ISPs? It’s ridiculous to expect you’ll be able to persuade them to use the same private AS number.
That’s one of the many use cases for the local-as functionality available in most BGP implementations. You can practice it in the Use Multiple AS Numbers on the Same Router lab exercise.
BGP Labs: Use Multiple AS Numbers on the Same Router
Can you use BGP to connect to the global Internet without having a public BGP AS number? Of course, assuming your Internet Service Provider is willing to run BGP with a network using a private AS number. But what happens if you want to connect to two ISPs? It’s ridiculous to expect you’ll be able to persuade them to use the same private AS number.
That’s one of the many use cases for the local-as functionality available in most BGP implementations. You can practice it in the Use Multiple AS Numbers on the Same Router lab exercise.