Magic Transit makes your network smarter, better, stronger, and cheaper to operate

Magic Transit makes your network smarter, better, stronger, and cheaper to operate

Today we’re excited to announce Cloudflare Magic Transit. Magic Transit provides secure, performant, and reliable IP connectivity to the Internet. Out-of-the-box, Magic Transit deployed in front of your on-premise network protects it from DDoS attack and enables provisioning of a full suite of virtual network functions, including advanced packet filtering, load balancing, and traffic management tools.

Magic Transit makes your network smarter, better, stronger, and cheaper to operate

Magic Transit is built on the standards and networking primitives you are familiar with, but delivered from Cloudflare’s global edge network as a service. Traffic is ingested by the Cloudflare Network with anycast and BGP, announcing your company’s IP address space and extending your network presence globally. Today, our anycast edge network spans 193 cities in more than 90 countries around the world.

Once packets hit our network, traffic is inspected for attacks, filtered, steered, accelerated, and sent onward to the origin. Magic Transit will connect back to your origin infrastructure over Generic Routing Encapsulation (GRE) tunnels, private network interconnects (PNI), or other forms of peering.

Enterprises are often forced to pick between performance and security when deploying IP network services. Magic Transit is designed from the ground up to minimize these trade-offs: performance and security are better together. Magic Transit deploys IP security Continue reading

Magic Transit: Network functions at Cloudflare scale

Magic Transit: Network functions at Cloudflare scale

Today we announced Cloudflare Magic Transit, which makes Cloudflare’s network available to any IP traffic on the Internet. Up until now, Cloudflare has primarily operated proxy services: our servers terminate HTTP, TCP, and UDP sessions with Internet users and pass that data through new sessions they create with origin servers. With Magic Transit, we are now also operating at the IP layer: in addition to terminating sessions, our servers are applying a suite of network functions (DoS mitigation, firewalling, routing, and so on) on a packet-by-packet basis.

Over the past nine years, we’ve built a robust, scalable global network that currently spans 193 cities in over 90 countries and is ever growing. All Cloudflare customers benefit from this scale thanks to two important techniques. The first is anycast networking. Cloudflare was an early adopter of anycast, using this routing technique to distribute Internet traffic across our data centers. It means that any data center can handle any customer’s traffic, and we can spin up new data centers without needing to acquire and provision new IP addresses. The second technique is homogeneous server architecture. Every server in each of our edge data centers is capable of running every task. We Continue reading

BrandPost: Integrations are Essential to Secure SD-WAN

Improved network security is a top business driver of SD-WAN adoption, as a previous blog in this series revealed. However, SD-WAN isn’t necessarily an off-the-shelf panacea for all your network security challenges. While the typical SD-WAN products include some native security capabilities, an enterprise must take an approach that combines native SD-WAN security with integrated, on-premises, and cloud-based security solutions.Some early adopters of SD-WAN have failed to take this comprehensive approach. For instance, EMA’s WAN Transformation research found that enterprises that have completed a production deployment of an SD-WAN solution are 1.3 times more likely than the average enterprise to have experienced a security breach in a remote site over the last year. EMA suspects that these particular enterprises have been oversold on the native security capabilities of their chosen vendors.To read this article in full, please click here

Network Break 247: Data Centers Are Not Quite Dead, AI is a Feature Not A Product

Not everything is broken this week although some things definitely are looking grim. We consider how really dead data centers are according to Gartner, Cisco gobbles some more AI for Webex while HPE gets more AI-ish for Bluedata. GTT Communications is in trouble while ATT Bribery case highlights that big companies are dumb. Snark and virtual donuts all round this week.

The post Network Break 247: Data Centers Are Not Quite Dead, AI is a Feature Not A Product appeared first on Packet Pushers.

What is instant recovery? A way to quickly restore lost files and test backup systems

The concept of instant recovery is relatively simple – the ability to run a virtual machine directly from a backup of that VM – but the possibilities offered by such a simple concept are virtually limitless, which explains why it’s considered one of the most important advances in backup and recovery for many years.Before the advent of instant recovery all restores were basically the same, starting with how backups were stored – in some type of container or image. Prior to commercial backup-and-recovery software, backups were stored in formats such as tar, cpio, or dump. More about backup and recovery:To read this article in full, please click here

GTT’s Stock Plummets in Wake of Q2 Loss

GTT Communications' stock price plunged to its lowest level in more than five years in the...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Microsoft Scores Cloud Deal With India’s Reliance Jio

Jio will set up a pair of new data centers in the country that will include compute, storage, and...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Vendors Push 5G for Enterprise Services First

5G is being led by and positioned for enterprise services, and multiple factors are driving this...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

How SD-Branch addresses today’s network security concerns

Secure software-defined WAN (SD-WAN) has become one of the hottest new technologies, with some reports claiming that 85% of companies are actively considering SD-WAN to improve cloud-based application performance, replace expensive and inflexible fixed WAN connections, and increase security.But now the industry is shifting to software-defined branch (SD-Branch), which is broader than SD-WAN but introduced several new things for organizations to consider, including better security for new digital technologies. To understand what's required in this new solution set, I recently sat down with John Maddison, Fortinet’s executive vice president of products and solutions.To read this article in full, please click here

How SD-Branch addresses today’s network security concerns

Secure software-defined WAN (SD-WAN) has become one of the hottest new technologies, with some reports claiming that 85% of companies are actively considering SD-WAN to improve cloud-based application performance, replace expensive and inflexible fixed WAN connections, and increase security.But now the industry is shifting to software-defined branch (SD-Branch), which is broader than SD-WAN but introduced several new things for organizations to consider, including better security for new digital technologies. To understand what's required in this new solution set, I recently sat down with John Maddison, Fortinet’s executive vice president of products and solutions.To read this article in full, please click here

Xilinx launches new FPGA cards that can match GPU performance

Xilinx has launched a new FPGA card, the Alveo U50, that it claims can match the performance of a GPU in areas of artificial intelligence (AI) and machine learning.The company claims the card is the industry’s first low-profile adaptable accelerator with PCIe Gen 4 support, which offers double the throughput over PCIe Gen3. It was finalized in 2017, but cards and motherboards to support it have been slow to come to market.The Alveo U50 provides customers with a programmable low-profile and low-power accelerator platform built for scale-out architectures and domain-specific acceleration of any server deployment, on premises, in the cloud, and at the edge.To read this article in full, please click here

Xilinx launches new FPGA cards that can match GPU performance

Xilinx has launched a new FPGA card, the Alveo U50, that it claims can match the performance of a GPU in areas of artificial intelligence (AI) and machine learning.The company claims the card is the industry’s first low-profile adaptable accelerator with PCIe Gen 4 support, which offers double the throughput over PCIe Gen3. It was finalized in 2017, but cards and motherboards to support it have been slow to come to market.The Alveo U50 provides customers with a programmable low-profile and low-power accelerator platform built for scale-out architectures and domain-specific acceleration of any server deployment, on premises, in the cloud, and at the edge.To read this article in full, please click here

When should enterprises move to 5G?

Maybe not today and maybe not tomorrow, but eventually everyone will be on 5G. However, before rushing to implement it in your business be sure to know what the available benefits are and which types of users will notice a real improvement in their mobile experience.

The Week in Internet News: Testing 1, 2, 3

This is a test: Amazon has asked the U.S. Federal Communications Commission for permission to test a new wireless Internet service using the 3.5 MHz spectrum band, Cord Cutters News reports. The test, in Sunnyvale, California, would run from mid-August to mid-February. The test is in addition to Amazon’s plans to launch 3,236 satellites for a new home Internet service.

Billions for broadband: U.S. presidential candidate Elizabeth Warren, a Democratic senator from Massachusetts, wants to spend $85 billion to expand rural broadband in the country, CNet reports. She also wants to override states trying to prevent local municipalities from building their own broadband networks.

Russian hackers vs. the IoT: Microsoft has accused a Russian hacking group of targeting Internet of Things devices, including a voice over IP phone and office printer, Security Today reports. The Russian group known as Fancy Bear was allegedly involved in the hack of the Democratic National Committee before the 2016 U.S. elections.

Lawsuit recognition: Facebook users can sue the social networking site for its facial recognition photo tagging service, a U.S. court has ruled. Illinois users have claimed the tagging service violates a state privacy law, NPR reports. “Once a Continue reading

Why You Can’t Fix a System from the Inside

Stumbled upon an interesting article describing numerous examples of how it's impossible to fix a system from the inside because the good guys always lose to the more aggressive (and less scrupulous) individuals.

It's amazing how well the same ideas apply to TCP-versus-UDP, P2P traffic versus everything else (this one has been fixed after a lot of pressure from the outside), latency- versus drop-based TCP congestion management and $vendor marketing.

Converting Kubernetes to an HA Control Plane

While hanging out in the Kubernetes Slack community, one question I’ve seen asked multiple times involves switching a Kubernetes cluster from a non-HA control plane (single control plane node) to an HA control plane (multiple control plane nodes). As far as I am aware, this isn’t documented upstream, so I thought I’d walk readers through what this process looks like.

I’m making the following assumptions:

  • The existing single control plane node was bootstrapped using kubeadm. (This means we’ll use kubeadm to add the additional control plane nodes.)
  • The existing single control plane node is using a “stacked configuration,” in which both etcd and the Kubernetes control plane components are running on the same nodes.

I’d also like to point out that there are a lot of different configurations and variables that come into play with a process like this. It’s (nearly) impossible to cover them all in a single blog post, so this post attempts to address what I believe to be the most common situations.

With those assumptions and that caveat in mind, the high-level overview of the process looks like this:

  1. Create a load balancer for the control plane.
  2. Update the API server’s certificate.
  3. Update the kubelet Continue reading
1 1,174 1,175 1,176 1,177 1,178 3,841