eBPF can’t count?!

eBPF can't count?!
Grant mechanical calculating machine, public domain image
eBPF can't count?!

It is unlikely we can tell you anything new about the extended Berkeley Packet Filter, eBPF for short, if you've read all the great man pages, docs, guides, and some of our blogs out there.

But we can tell you a war story, and who doesn't like those? This one is about how eBPF lost its ability to count for a while1.

They say in our Austin, Texas office that all good stories start with "y'all ain't gonna believe this… tale." This one though, starts with a post to Linux netdev mailing list from Marek Majkowski after what I heard was a long night:

eBPF can't count?!

Marek's findings were quite shocking - if you subtract two 64-bit timestamps in eBPF, the result is garbage. But only when running as an unprivileged user. From root all works fine. Huh.

If you've seen Marek's presentation from the Netdev 0x13 conference, you know that we are using BPF socket filters as one of the defenses against simple, volumetric DoS attacks. So potentially getting your packet count wrong could be a Bad Thing™, and affect legitimate traffic.

Let's try to reproduce this bug with Continue reading

Technology Short Take 113

Welcome to Technology Short Take #113! I hope the collection of links and articles I’ve gathered for you contains something useful for you. I think I have a pretty balanced collection this time around; there’s a little bit of something for almost everyone. Who says you can’t please everyone all the time?

Networking

  • Via the Kubernetes blog, Box announced it has open sourced a project called kube-iptables-tailer, which turns packet drops from iptables into Kubernetes events that can be logged for easier troubleshooting. The GitHub repository for the project is here.
  • Via BlueCat Networks, John Capobianco shares his network automation journey. In part 1, John discusses the frameworks/tooling and the goals for his network automation efforts; in part 2, John digs into getting started with Ansible and the initial impact of his efforts.
  • Diógenes Rettori has a comparison of Istio and Linkerd as solutions for service mesh. Personally, I could’ve done without the little product advertisement at the end, but that’s just me.
  • Here’s a good article on packets-per-second limits in EC2.

Servers/Hardware

Security

10 Hot IoT security startups to watch

The internet of things is growing at breakneck pace and may end up representing a bigger economic shift in networking than the internet itself did, making security threats associated with the IoT a major concern.This worry is reflected by investments being made in startups that focus on stopping threats to the IoT, the industrial IoT (IIoT) and the operational technology (OT) surrounding them.To read this article in full, please click here(Insider Story)

5 top Linux server distros: How to choose the right one

More and more networking pros need to familiarize themselves with Linux because the operating system underpins so many enterprise tools and platforms including software-defined networking and SD-WANs, cloud networking, network automation, and configuration management.And in the decades since it was first introduced, the number of distributions of Linux has blossomed as developers create versions that meet the needs of specific interest groups. While all the versions share a common core, they each have distinguishing characteristic suited to designated purposes.[ Also see Invaluable tips and tricks for troubleshooting Linux. ] This article takes a look at five of them – Debian, Fedora, CentOS, RHEL, and Ubuntu - how to acquire and install them, and an assessment of what they might best be suited for.To read this article in full, please click here

10 Hot IoT security startups to watch

The internet of things is growing at breakneck pace and may end up representing a bigger economic shift in networking than the internet itself did, making security threats associated with the IoT a major concern.To read this article in full, please click here(Insider Story)

Cumulus content roundup: April

You know we like to stay busy here at Cumulus Networks, and April was no exception! We’ve rounded up some of our favorite podcasts, blog posts, and articles in case you missed them. So settle in and get ready for all things open networking!

From Cumulus Networks:

RIP up your dynamic routing with OSPF: Let’s RIP right into the ins and outs of Routing Information Protocol and Open Shortest Path First in this blog post by Keith Ward. Here we’ll discuss all things IGPs, history of RIPS and what you need to know about OSPFs.

Kernel of Truth season 2 episode 5: The power of community: Grab a pair of headphones and tune into Season 2 Episode 5 of our podcast, Kernel of Truth. In this episode, Brian O’ Sullivan talks with Angelo Luciani from Nutanix and our own Pete Lumbis about the power of community and self-service. Learn about the resources available surrounding building community and the importance of it all.

Cumulus NetQ Reinvented
Did you hear the news? We are pleased to announce the launch of our newest product, Cumulus NetQ! Cumulus NetQ is a highly-scalable, modern network operations toolset that provides visibility into and troubleshooting Continue reading

Enterprise Solution Offerings: Ensuring Success Across Your Entire Application Portfolio

This week at DockerCon 2019, we shared our strategy for helping companies realize the benefits of digital transformation through new enterprise solution offerings that address the most common application profile in their portfolio. Our new enterprise solution offerings include the Docker platform, new tooling and services needed to migrate your applications. Building on the success and the experience from the Modernize Traditional Applications (MTA) program and Docker Enterprise 3.0, we are excited to expand our solutions and play an even greater role in our customers’ innovation strategy by offering a complete and comprehensive path to application containerization.

Application Profiles

When you hear about different application profiles, you may think about different languages or frameworks or even different application architectures like microservices and monoliths. But one of the benefits of containerization is that all application dependencies are abstracted away and what you have is a container that can be deployed consistently across different infrastructure.

In our work with many enterprise organizations, we’ve validated that the successful adoption of a container strategy is just as much about the people and processes as it is about the technology. There are 3 behavioral patterns that matter and that is dependent on what Continue reading

Allied Telesis turns its networking focus to the U.S. market

I recently had the opportunity to talk to Mark Wutzke, chief solution architect with Allied Telesis, to learn about the company’s smart networking offerings. Perhaps you, like me, don’t know much about this networking company, though it’s been in business since 1987. That might be because the global company, until recently, has focused its efforts outside the U.S. However, that focus is beginning to change, so I wanted to learn what the company brings to the table that enterprises would be interested in.First, a little background on the company. Allied Telesis is headquartered in both Japan and the U.S. The company has global R&D centers and manufactures its own products. Among the products are intelligent switches and stackable chassis, industrial switches, wireless solutions, firewalls and routers, optics, NICs and media converters—basically end-to-end solutions from edge to core for LAN, WLAN and WAN. In addition, Allied Telesis writes its own operating system software for its equipment, as well as the network management software that provides many of the smart networking features the company is touting today.To read this article in full, please click here

IPv6 Buzz 025: Teaching IPv6 With Instructor And Author Rick Graziani

College instructor and author Rick Graziani stops by the IPv6 Buzz podcast to talk about teaching IPv6, including the differences between teaching college students and training IT professionals, how networking and IT are taught in universities and community colleges, and more.

The post IPv6 Buzz 025: Teaching IPv6 With Instructor And Author Rick Graziani appeared first on Packet Pushers.

Register for AfPIF 2019

Join us in Balaclava, Mauritius for the 10th Africa Peering and Interconnection Forum (AfPIF) from 20-22 August 2019.

AfPIF attracts ISPs, content providers, governments, and IXP’s for three days of learning, sharing, and building business in Africa.

Why should you attend AfPIF-2019? Have a look through the AfPIF 2018 Summary Report, which contains briefs of presentations, emerging discussions, speakers, and sponsors.

Sponsorship opportunities are available to promote your business to these key audiences. Find out more about these opportunities here: https://www.afpif.org/afpif-10/sponsorship-brochure/

Register now to secure your place – and remember to check your visa requirements for travel to Mauritius.

Don’t miss Africa’s premier peering event – celebrating its 10-year anniversary this year!

The post Register for AfPIF 2019 appeared first on Internet Society.

Unit Testing Workers, in Cloudflare Workers

Unit Testing Workers, in Cloudflare Workers
Unit Testing Workers, in Cloudflare Workers

We recently wrote about unit testing Cloudflare Workers within a mock environment using CloudWorker (a Node.js based mock Cloudflare Worker environment created by Dollar Shave Club's engineering team). See Unit Testing Worker Functions.

Even though Cloudflare Workers deploy globally within seconds, software developers often choose to use local mock environments to have the fastest possible feedback loop while developing on their local machines. CloudWorker is perfect for this use case but as it is still a mock environment it does not guarantee an identical runtime or environment with all Cloudflare Worker APIs and features. This gap can make developers uneasy as they do not have 100% certainty that their tests will succeed in the production environment.

In this post, we're going to demonstrate how to generate a Cloudflare Worker compatible test harness which can execute mocha unit tests directly in the production Cloudflare environment.

Directory Setup

Create a new folder for your project, change it to your working directory and run npm init to initialise the package.json file.

Run mkdir -p src && mkdir -p test/lib && mkdir dist to create folders used by the next steps. Your folder should look like this:

.
./dist
./src/worker.js
./test
./test/lib
. Continue reading
1 1,211 1,212 1,213 1,214 1,215 3,809