Worth Reading: Resilience Engineering
Starting with my faking disaster recovery tests blog post Terry Slattery wrote a great article delving into the intricacies of DR testing, types of expected disasters, and resilience engineering. As always, a fantastic read from Terry.
Fast Friday- Perry Mason Moments
It’s the Thanksgiving holiday weekend in the US which means lots of people discussing things with their relatives. And, as is often the case, lots of arguments. It’s the nature of people to have a point of view and then to want to defend it. And it’s not just politics or other divisive topics. We see it all the time in networking too.
EIGRP vs OSPF. Cisco vs Juniper. ACI vs NSX. You name it and we’ve argued about it. Every viewpoint has a corresponding counterpart. Yes, there are good points for using one versus the other. But there are also times when every piece of factual information doesn’t matter because we “know” the right answer.
It’s those times when we run into what I call the “Perry Mason Problem”. It’s a reminder of the old Perry Mason TV show when the lawyer in the title would win a case with a carefully crafted statement that just ends any arguments. It’s often called a Wham Line or an Armor-Piercing Question. Basically, Mr. Mason would ask a question or make a statement that let all the air out of the argument. And often it would result in him winning the case Continue reading
Getting traffic into GKE Cluster
In this blog, I will talk about different options for getting traffic from external world into GKE cluster. The options described are: Network load balancer(NLB) Http load balancer with ingress Http load balancer with Network endpoint groups(NEG) nginx Ingress controller Istio ingress gateway For each of the above options, I will deploy a simple helloworld … Continue reading Getting traffic into GKE Cluster[4/4] Composition & Service Function Chaining in Network Service Meshes
Following the Path
Welcome to part four of this series. This this final part, we will explore our options for networking a composed application, from a de-composed monolith or set of microservices.
Here is a logical set of options:
-
Proxy: Having a network kernel, ADC or proxy for every component to handle implementation of the service chain. Sidecars quickly solve an issue, but double component count within a mesh. Proxies work well in public and private clouds, but for commercial applications may incur license costs as well as higher resource utilisation to cover the sidecar container.
-
Language specific libraries: which wrap your application packets in a NSH handling outer encapsulation. No sidecar required, no modification of a host. This adds complexity to software development in terms of modified socket libraries, but a well designed and implemented library does not expose the complexity. All your code has to do, is accept connections through a modified socket library. This works in the cloud providing security policies and routing domains allow it.
-
Overlay: Add flow data to forwarding entities. Let’s face it, this isn’t going to happen in a cloud environment unless you’ve implemented a full overlay. An OpenVSwitch (OVS) overlay network would Continue reading
[3/4] Composition & Service Function Chaining in Network Service Meshes
Application De-Composition
Applications are ever evolving and so are the architecture patterns:
MONOLITH -> MICROSERVICES -> FUNCTIONS + FLOWS
Monoliths were easy. Route to them and send the returned packets back to their source.
Microservices (MS) sees a monolith or new application being reduced to smaller self-contained parts, which may talk east-west or north-south. It’s quite common to see a proxy deal with inbound connections and internal communication between components hidden from external interactions. Internal communication typically is either point-to-point (also could be through a load balancer/proxy) or via a message bus of some description.
Functions & Flows makes life even more interesting. We further break down the components of microservices to individual functions that deliver pages, computation and web application components etc. More flow information exists on the whole and the number of points involved in an interaction with an application increase with every de-aggregated component deployed.
For brevity, I’m going to call Functions & Flows, F2. I’ve never seen it shortened to this, so if you see it elsewhere, let me know!
To add to this, MS and F2 components may reside on different infrastructure, separated by the internet and differing policies. Thus, deduced, different IP underlying capabilities.
[2/4] Composition & Service Function Chaining in Network Service Meshes
Not Storing State in the Network
OpenFlow (OF) adoption failed due to scalability of forwarding tables on ASICS, not so great controllers, lack of applications and a non-existent community. OpenFlow however is still useful today for overriding forwarding decision making on a hop-by-hop basis and handling exceptions from what would otherwise be a normal steady state forwarding decision. Exceptions like bypassing limited throughput devices like DPI nodes for large known file transfers are a classic use case. We don’t care beyond simple authentication (maybe) who the client is, so take our file and don’t consume resources doing it.
OpenFlow presents flow state to an ASIC, state that can be granular. If we use it for forwarding equivalency classes (FECs) then it’s no different to normal routing and frame forwarding. That wasn’t the goal and thus, it added to the list of failure reasons. A controller programs flows via an OpenFlow interface on a network element, flows which could time out automatically or be long-lived, requiring the controller to remove them. Also, flows can be programmed proactively from a network design, or reactively from the controller receiving a header packet and deciding what to do with it. Vendors naturally added to Continue reading
[1/4] Composition & Service Function Chaining in Network Service Meshes
This is part one of a series of posts on Application Composition within Network Service Meshes, otherwise known as Service Function Chaining, but at L7 ad not L3/L4.
In Network Service Meshes (NSM), it is a complex affair steering L7 requests and responses through the correct network of components. The current approach at the time of writing (November 27th 2019) is to accept requests on a proxy entity and couple that proxy to an application component through a data-plane. Ideally the model works in both private on-premises and cloud deployment models.
For the sake of building a mental image, this is a graph network that has both control-plane and data-plane attributes on nodes and vertexes.
In IP networking, IP packets are routed to their destination and return to their source, based on their destination IP header field and when policy requires it, we can use other fields like source IP, protocol and port numbers etc. In large networks (like the internet), it’s the destination field in the IP header. In both IPv4 and IPv6 there exists a means to steer packets through a network based on additional fields being present at the point of ingress to a network edge and Continue reading
Software I Use – Black Friday 2019
These are productivity and work apps that I use personally and recommend to people.
The post Software I Use – Black Friday 2019 appeared first on EtherealMind.
Passion and Dedication at the 4th Summit on Community Networks in Africa
The 4th Summit on Community Networks in Africa took place in Dodoma, Tanzania from 28 October to 2 November 2019 in partnership with the Association for Progressive Communications (APC) and hosted by the University of Dodoma. The format consisted of two days of valuable training sessions on defining the community network (CN) movement in Africa, the importance of exclusivity and communications in building CNs, and strategies for sustainability cooperative models among others. The next two days were dedicated to plenary sessions, which focused on discussions to promote the creation and growth of community networks, increase collaboration between CN operators in the region, and improve their business skills. The Summit concluded with a two-day site visit to the Kondoa Community Network for more hands-on technical learning and sharing of best practices.
This year, the Summit received 134 participants from 18 countries globally: Argentina, Cameroon, Canada, Democratic Republic of the Congo, France, Germany, Ethiopia, Kenya, Liberia, Malawi, Namibia, Nigeria, South Africa, Spain, Tanzania, Uganda, the U.K., and the U.S. Of these 36 participants were women and 77 participants were from Tanzania. The participation of women was notable – and important in addressing gender gaps related to access in particular.
Community Networks provide Continue reading
KubeCon Showed Kubernetes Is Big, but Is It a Unicorn?
People like to see horses, but people want to see a unicorn.
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Heavy Networking 490: Lessons Learned From A Large SD-WAN Deployment
With more than 2,800 branch deployments in North America alone, our guest Snehal Patel is running one of the largest SD-WAN deployments on the globe. He stops by the Heavy Networking podcast to share his experiences, both good and bad, on deployment and operations, management, training, security, working with carriers, and more. Snehal is a global network architect for a brand-name retailer.
The post Heavy Networking 490: Lessons Learned From A Large SD-WAN Deployment appeared first on Packet Pushers.
A History of HTML Parsing at Cloudflare: Part 2
The second blog post in the series on HTML rewriters picks up the story in 2017 after the launch of the Cloudflare edge compute platform Cloudflare Workers. It became clear that the developers using workers wanted the same HTML rewriting capabilities that we used internally, but accessible via a JavaScript API.
This blog post describes the building of a streaming HTML rewriter/parser with a CSS-selector based API in Rust. It is used as the back-end for the Cloudflare Workers HTMLRewriter. We have open-sourced the library (LOL HTML) as it can also be used as a stand-alone HTML rewriting/parsing library.
The major change compared to LazyHTML, the previous rewriter, is the dual-parser architecture required to overcome the additional performance overhead of wrapping/unwrapping each token when propagating tokens to the workers runtime. The remainder of the post describes a CSS selector matching engine inspired by a Virtual Machine approach to regular expression matching.
v2 : Give it to everyone and make it faster
In 2017, Cloudflare introduced an edge compute platform - Cloudflare Workers. It was no surprise that customers quickly required the same HTML rewriting capabilities that we were using internally. Our team was impressed with the platform Continue reading
IP Fabric with Gian-Paolo Boarina on Software Gone Wild
No, we were not talking about IP fabrics in general - IP Fabric is a network management software (oops, network assurance platform) Gian Paolo discovered a while ago and thoroughly tested in the meantime.
He was kind enough to share what he found in Episode 107 of Software Gone Wild, and as Chris Young succinctly summarized: “it’s really sad what we still get excited about something 30 years after it was first promised”… but maybe this time it really works ;)
Member News: Innovative Projects to Help Close the Digital Divide
Vote of Confidence: Voting is open for Chapterthon 2019, the global Internet Society Chapters marathon, where Chapters can develop projects within a timeline and budget to achieve a common goal for the development of the Internet. This year’s theme is Connecting the Unconnected. Twenty-eight Chapters – from Argentina to Zimbabwe – have submitted projects.
Keep the connections: The Venezuela Chapter is among several groups calling for large technology companies to maintain the availability of their services to Venezuelans. While an executive order from U.S. President Donald Trump seeks to block support for the government of Nicolás Maduro, the order does not ban the Internet and other technology services from serving the nation, the chapter notes. Access to the Internet and online services is “critical” because it brings access to independent news and allows citizens to express their opinions, the chapter said.
Trading chips: The Washington, D.C., Chapter recently hosted a conference on digital trade, including the impact of some nations’ policies that require data to be stored locally. “Data has become the most traded good and/or service across borders,” the Chapter said. “Meanwhile, many countries have adopted policies that inhibit digital trade, including requirements that Continue reading
IPv6 Buzz 040: What We’re Thankful For With IPv6
From the virtually limitless supply of IPv6 addressing to good vendor support to IPv6-only efforts and beyond, Ed, Scott, and Tom discuss what they’re most thankful for when it comes to IPv6 in this holiday episode of IPv6 Buzz.
The post IPv6 Buzz 040: What We’re Thankful For With IPv6 appeared first on Packet Pushers.
IPv6 Buzz 040: What We’re Thankful For With IPv6
From the virtually limitless supply of IPv6 addressing to good vendor support to IPv6-only efforts and beyond, Ed, Scott, and Tom discuss what they’re most thankful for when it comes to IPv6 in this holiday episode of IPv6 Buzz.Top 5 SD-WAN Takeaways for 2019
SD-WAN has reached an inflection point as enterprises — driven by cost savings, equipment...
© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.
Upcoming Events and Webinars (December 2019)
The registration is still open for the Using VXLAN to Build Active-Active Data Centers workshop on December 3rd, but if you can’t make it to Zurich you might enjoy these live sessions we’ll run in December 2019:
- In the last session of autumn 2019 network automation course (December 5th) we’ll have Jeremy Schulman talking about ChatOps and Slack integration;
- On December 10th Matthias Luft will continue the Cloud Security series with a session focused on identity and access management (IAM);
- Remember the Business Aspects of Networking Technologies idea I started in April? Finally I found time for the second session (on December 12th), this time focused on addressing the business challenges instead of getting excited about technology;
- We’ll conclude the Autumn 2019 webinar season with another session in the EVPN Deep Dive saga on December 17th. This time we’ll have Krzysztof Szarkowicz, the author of MPLS in the SDN Era talk about MPLS-based EVPN.
All webinars I mentioned above are accessible with Standard ipSpace.net Subscription, and you’ll need Expert Subscription to enjoy the automation course contents.
A History of HTML Parsing at Cloudflare: Part 1
To coincide with the launch of streaming HTML rewriting functionality for Cloudflare Workers we are open sourcing the Rust HTML rewriter (LOL HTML) used to back the Workers HTMLRewriter API. We also thought it was about time to review the history of HTML rewriting at Cloudflare.
The first blog post will explain the basics of a streaming HTML rewriter and our particular requirements. We start around 8 years ago by describing the group of ‘ad-hoc’ parsers that were created with specific functionality such as to rewrite e-mail addresses or minify HTML. By 2016 the state machine defined in the HTML5 specification could be used to build a single spec-compliant HTML pluggable rewriter, to replace the existing collection of parsers. The source code for this rewriter is now public and available here: https://github.com/cloudflare/lazyhtml.
The second blog post will describe the next iteration of rewriter. With the launch of the edge compute platform Cloudflare Workers we came to realise that developers wanted the same HTML rewriting capabilities with a JavaScript API. The post describes the thoughts behind a low latency streaming HTML rewriter with a CSS-selector based API. We open-sourced the Rust library as it can also be used Continue reading
Introducing the HTMLRewriter API to Cloudflare Workers
We are excited to announce that the HTMLRewriter API for Cloudflare Workers is now GA! You can get started today by checking out our documentation, or trying out our tutorial for localizing your site with the HTMLRewriter.
Want to know how it works under the hood? We are excited to tell you everything you wanted to know but were afraid to ask, about building a streaming HTML parser on the edge; read about it in part 1 (and stay tuned for part two coming tomorrow!).
Faster, more scalable applications at the edge
The HTMLRewriter can help solve two big problems web developers face today: making changes to the HTML, when they are hard to make at the server level, and making it possible for HTML to live on the edge, closer to the user — without sacrificing dynamic functionality.
Since the introduction of Workers, Workers have helped customers regain control where control either wasn’t provided, or very hard to obtain at the origin level. Just like Workers can help you set CORS headers at the middleware layer, between your users and the origin, the HTMLRewriter can assist with things like URL rewrites (see the example below!).
Back Continue reading