Archive

Category Archives for "Networking"

Heavy Networking 437: Melding Policy And Technology With The Internet Governance Project

On today's Heavy Networking we explore the intersection of policy, politics, and technology with the Internet Governance Project (IGP), which connects tech and policy experts to help bridge gaps in understanding between these two communities, with the goal of influencing outcomes on issues such as free expression, privacy, and security.

The post Heavy Networking 437: Melding Policy And Technology With The Internet Governance Project appeared first on Packet Pushers.

A Full CI/CD Pipeline for Workers with Travis CI

A Full CI/CD Pipeline for Workers with Travis CI
A Full CI/CD Pipeline for Workers with Travis CI

In today’s post we’re going to talk about building a CI/CD pipeline for Cloudflare Worker’s using Travis CI. If you aren’t yet aware, Cloudflare Workers allow you to run Javascript in all 165 of our data centers, and they deploy globally in about 30 seconds. Learn more here.

There are a few steps before we get started. We need to have a Worker script we want to deploy, some optional unit tests for the script, a serverless.yml  file to deploy via the Serverless Framework, a .gitignore file to ignore the node_modules folder, and finally, a .travis.yml configuration file. All of these files will live in the same GitHub repository, which should have a final layout like:

----- worker.js
----- serverless.yml
----- test
      . worker-test.js
----- node_modules
----- package.json
----- package-lock.json
----- .travis.yml
----- .gitignore

The Worker Script

In a recent post we discussed a method for testing Workers. We’ll reuse this method here to test a really simple Worker script below which simply returns Hello World! in the body of the response. We will name our Worker worker.js.

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})
async function handleRequest(request) {
  return new  Continue reading

Weekend Reads 032219

The pursuit of monopoly has led Silicon Valley astray. —Tim O’Reilly

There is no better way to protect legacy revenues than by legally barring those entities that might decide to compete by building better broadband. —Doug Dawson

The ongoing debate around the controversial Article 13 of the EU’s Copyright Directive has exposed what looks like a sizable gap between what regulators think is covered by copyright and what is actually covered by copyright. —Stan Adams

However, under some circumstances, BGP communities can be used to drop and redirect traffic. In principle, the same effect can be achieved via BGP hijacks, but community-based attacks are way harder to spot and almost impossible to attribute. —Florian Streibelt

Phone numbers stink for security and authentication —Krebs on Security

Register an abandoned DNS server domain, and you can redirect querying clients to any destination of your choosing. —Kaan Onarlioglu

The Optical Transport Network (OTN) architecture is now almost two decades old, and some pundits are proclaiming that its role as a distinct transport layer will soon give way to an IP-over-DWDM architecture. —Jonathan Homa

Transnational data is sometimes, but not always, associated with a transaction or exchange. Much of the data, as personal data, Continue reading

BrandPost: 6 Reasons Why 802.11ax (Wi-Fi 6) Access Points are the Preferred IoT Platform

Walking into Amazon Go store is stepping into the future. You scan your Amazon Go app and the gates open before you. You can pick up a healthy salad for lunch, a quick snack, or dinner. You just drop the items in your bag and walk out. Seconds later, you get a receipt for your purchase. It’s truly frictionless retail. Beyond the magic, there is technology: a foundation of digital signage, cameras, smart shelves, wayfinding, point-of-sale, CRM, connectivity, and much more.Amazon Go is not alone: Numerous companies are trying to stay competitive by bringing these new experiences to their clients.Why Use 802.11ax as an IoT PlatformAt Aruba, we’ve been providing high-performance secure Wi-Fi connectivity to mobile devices for many years. With the addition of Bluetooth Low Energy (BLE) radios into our access points, we opened up new opportunities that include wayfinding, geofencing, and asset tracking.To read this article in full, please click here

Triton and the new wave of IIoT security threats

As IIoT grows in prominence, so too does its status as a target for malicious hackers – particularly given its increased impact on the physical world; the latest and potentially most dangerous is called Triton.Triton first reared its ugly head near the end of 2017, according to security company Fireeye. It targets an industrial safety system made by Schneider Electric that monitors and secures valves, turbines and the like and shuts them down if it determines they are about to fail and cause explosions or other consequences that could damage the facility or cause harm to people. (It’s named Triton because it targets the widely used Schneider Electric Triconex industrial safety system.)To read this article in full, please click here(Insider Story)

Internet Resilience Discussions at IETF 104

Let’s look at what’s happening in the Internet Engineering Task Force (IETF) and the upcoming IETF 104 meeting in the area of Internet infrastructure resilience. As usual, my focus here is primarily on the routing and forwarding planes, and specifically routing security and unwanted traffic of Distributed Denial of Service Attacks (DDoS) attacks. There’s interesting and important work underway at the IETF that can help addressing problems in both areas.

This time there are a lot of new ideas, especially of an operational nature, that people bring to the IETF in the form of Internet Drafts that aim to improve the security and resilience of the Internet infrastructure. So I’d like to introduce some of them to you, but keep in mind that an Internet Draft (I-D) does not necessarily indicate IETF endorsement. It also does not constitute a standard and may even not result in any work at the IETF.

So let’s look at what’s happening in BGP land.

Can BGP Communities be harmful? 

In the recent paper “BGP Communities: Even more Worms in the Routing Can“, the authors demonstrated that Border Gateway Protocol (BGP) communities can be exploited by remote parties to influence routing in Continue reading

Slim: OS kernel support for a low-overhead container overlay network

Slim: OS kernel support for a low-overhead container overlay network Zhuo et al., NSDI’19

Container overlay networks rely on packet transformations, with each packet traversing the networking stack twice on its way from the sending container to the receiving container.

There are CPU, throughput, and latency overheads associated with those traversals.

In this paper, we ask whether we can design and implement a container overlay network, where packets go through the OS kernel’s network stack only once. This requires us to remove packet transformation from the overlay network’s data-plane. Instead, we implement network virtualization by manipulating connection-level metadata at connection setup time, saving CPU cycles and reducing packet latency.

Slim comes with some caveats: it requires a kernel module for secure deployment, has longer connection establishment times, doesn’t fit with packet-based network policies, and only handles TCP traffic. For UDP, ICMP, and for its own service discovery, it also relies on an existing container overlay network (Weave Net). But for longer lasting connections managed using connection-based network policies it delivers some impressive results:

  • memcached throughput up by 71%, with latency reduced by 42%, and CPU utilisation reduced by 56%.
  • Nginx CPU utilisation reduced by 22-24%
  • PostgreSQL Continue reading
1 975 976 977 978 979 3,345