0

Building fast interpreters in Rust

In the previous post we described the Firewall Rules architecture and how the different components are integrated together. We also mentioned that we created a configurable Rust library for writing and executing Wireshark®-like filters in different parts of our stack written in Go, Lua, C, C++ and JavaScript Workers.

With a mixed set of requirements of performance, memory safety, low memory use, and the capability to be part of other products that we’re working on like Spectrum, Rust stood out as the strongest option.

We have now open-sourced this library under our Github account: https://github.com/cloudflare/wirefilter. This post will dive into its design, explain why we didn’t use a parser generator and how our execution engine balances security, runtime performance and compilation cost for the generated filters.

Parsing Wireshark syntax

When building a custom Domain Specific Language (DSL), the first thing we need to be able to do is parse it. This should result in an intermediate representation (usually called an Abstract Syntax Tree) that can be inspected, traversed, analysed and, potentially, serialised.

There are different ways to perform such conversion, such as:

1. Manual char-by-char parsing using state machines, regular expression and/or native string APIs.
2. Parser combinators, which use Continue reading

0

Microsoft Azure Sentinel Moves SIEM to the Cloud

The vendor claims it’s the first cloud native security information and event management (SIEM)...

Read More »

0

Short Take – Navigating Technology Change

The post Short Take – Navigating Technology Change appeared first on Network Collective.

0

Improve Productivity. Shut Off Notifications. (YouTube)

Here’s a short car video where I recommend shutting off notifications as a way to increase productivity. Spoiler alert. That’s pretty much the summary of the entire video, so you can save yourself the four minutes. Or…watch it to get the nuance. I’ll be okay either way. I’m not making money on YouTube ads.

0

An Introduction to SmartNICs

Mellanox has become a leading provider of networking hardware, particularly at the high performance end of the market where the company accounts for more than 70 per cent of ports shipped with speeds above 10GbE according to Crehan Research. …

An Introduction to SmartNICs was written by Nicole Hemsoth at .

0

Summit Supercomputer Clears Path to Seismic Discoveries

“The goal is to image the earth’s interior on a 3D scale,” says Jeroen Tromp, Blair Professor of Geology at Princeton University, leader of a team carrying out seismic research at the Oak Ridge Oak Ridge National Laboratory (ORNL) in Tennessee. …

Summit Supercomputer Clears Path to Seismic Discoveries was written by Nicole Hemsoth at .

0

7 building blocks of the modern data center

Learn the key aspects of today's data center, from hyperconvergence to flash storage to hybrid connections.

0

The Week in Internet News: Many Ugandans Quit Internet Services After Tax on Social Media

Taxing the Internet: A social media tax in Uganda has prompted many users to quit those same sites, The Guardian reports. The tax, intended to raise government revenues and discourage “idle talk,” amounts to 200 Ugandan shillings, or about U.S. 5 cents, per day. More than one million people have quit taxed mobile apps, the story says.

Tough measures: A large majority of Europeans support a proposal to require social media companies to direct all users who have seen take news toward fact-checks, Time.com says. A recent poll suggest that more than 86 percent of European residents surveyed support the Correct the Record proposal from advocacy group Avaaz.

Blockchain goes to pot: Blockchain technology can help marijuana dispensaries enforce daily legal limits on individual purchases, Forbes reports. Blockchain could help dispensaries keep track of attempts at smurfing, the practice of purchasing more than the daily legal limit by going to different dispensaries, and looping, purchasing more than the limit by returning later to the same seller, the story says.

Blockchain vs. censorship: A follow-up to a trend we noted earlier this year: China’s residents are turning to blockchain technologies to fight government censorship, The Conversation reports. Some users Continue reading

0

How we made Firewall Rules

Recently we launched Firewall Rules, a new feature that allows you to construct expressions that perform complex matching against HTTP requests and then choose how that traffic is handled. As a Firewall feature you can, of course, block traffic. The expressions we support within Firewall Rules along with powerful control over the order in which they are applied allows complex new behaviour.

In this blog post I tell the story of Cloudflare’s Page Rules mechanism and how Firewall Rules came to be. Along the way I’ll look at the technical choices that led to us building the new matching engine in Rust.

The evolution of the Cloudflare Firewall

Cloudflare offers two types of firewall for web applications, a managed firewall in the form of a WAF where we write and maintain the rules for you, and a configurable firewall where you write and maintain rules. In this article, we will focus on the configurable firewall.

One of the earliest Cloudflare firewall features was the IP Access Rule. It dates backs to the earliest versions of the Cloudflare Firewall and simply allows you to block traffic from specific IP addresses:

if request IP equals 203.0.113.1 then block  Continue reading

0

Is Cisco’s CCIE certificate relevant anymore?

WAVE Life Sciences was barreling toward its commercial launch when it hit a critical speedbump. The company’s network, a key part of the launch, received a negative assessment and would need to be re-architected. Anthony Murabito, vice president of IT at the Cambridge, Mass. biotechnology company, only wanted one thing from the IT pros that would be helping him fix the issue fast – to be Cisco Certified Internetwork Experts (CCIE).To read this article in full, please click here(Insider Story)

0

Is Cisco’s CCIE certificate relevant any more?

WAVE Life Sciences was barreling toward its commercial launch when it hit a critical speedbump. The company’s network, a key part of the launch, received a negative assessment and would need to be re-architected. Anthony Murabito, vice president of IT at the Cambridge, Mass. biotechnology company, only wanted one thing from the IT pros that would be helping him fix the issue fast – to be Cisco Certified Internetwork Experts (CCIE).To read this article in full, please click here(Insider Story)

0

BrandPost: Can SD-WAN Help Overcome IT Skill Shortages?

The primary driver cited is an aging worker pool and the overwhelming male makeup of this sector.Other factors contributing to skill shortages include a lack of: Hybrid IT skills New skills like managing SLAs for off-premise workloads Software skills with adoption of software-defined technologies Fewer young men and women entering the field How is this affecting branch office networks? The data center IT skill set shortage is spilling over from the data center to the management and administration of branch office infrastructure. The two go hand in hand as most skills are leveraged across both areas; branch office networks are merely a “miniature architecture” of the data center network. Branch office networks typically include switches, routers, WAN optimization appliances, firewalls, and other networking gear that all require similar IT knowledge and skills as the data center.To read this article in full, please click here

0

CCIE relevancy: Is Cisco’s venerable network certification on top of programmability, automation trends?

WAVE Life Sciences was barreling toward its commercial launch when it hit a critical speedbump. The company’s network, a key part of the launch, received a negative assessment and would need to be re-architected. Anthony Murabito, vice president of IT at the Cambridge, Mass. biotechnology company, only wanted one thing from the IT pros that would be helping him fix the issue fast – to be Cisco Certified Internetwork Experts (CCIE).“We needed to do a major refresh and replacement on our network and, when I looked around, I had no network skills available in the organization,” Murabito says. Cisco’s top-tier certification would serve for Murabito and his hiring team as an indicator of a candidate’s expertise.To read this article in full, please click here

0

Upcoming ipSpace.net Events and Webinars (March 2019)

We’re starting the Spring 2019 workshop season in March with open-enrollment workshops in Zurich (Switzerland). It was always hard to decide which workshop to do (there are so many interesting topics), so we’ll do two of them in the same week:

• Network and Security Automation with Ansible on March 12^th and
• Designing Infrastructure for Private Clouds on March 13^th.

Rachel Traylor will continue her Graph Theory webinar on March 7^th with a topic most relevant to networking engineers: trees, spanning trees and shortest-path trees, and I’ll continue with two topics I started earlier this year:

Read more ...

0

Efficient large-scale fleet management via multi-agent deep reinforcement learning

Efficient large-scale fleet management via multi-agent deep reinforcement learning Lin et al., KDD’18

A couple of weeks ago we looked at a survey paper covering approaches to dynamic, stochastic, vehicle routing problems (DSVRPs). At the end of the write-up I mentioned that I couldn’t help wondering about an end-to-end deep learning based approach to learning policy as an alternative to the hand-crafted algorithms. Lenz Belzner popped up on Twitter to point me at today’s paper choice, which investigates exactly that.

The particular variation of DSVRP studied here is grounded in a ride-sharing platform with real data provided by Didi Chuxing covering four weeks of vehicle locations and trajectories, and customer orders, in the city of Chengdu. With the area covered by 504 hexagonal grid cells, the centres of which are 1.2km apart, we’re looking at around 475 square kilometers. The goal is to reposition vehicles in the fleet at each time step (10 minute intervals) so as to maximise the GMV (total value of all orders) on the platform. We’re not given information on the number of drivers, passengers, and orders in the data set (nor on the actual GMV, all results are relative), but Chengdu has a Continue reading

0

A quick look at QUIC

Quick UDP Internet Connection (QUIC) is a network protocol initially developed and deployed by Google, and now being standardized in the Internet Engineering Task Force. In this article we’ll take a quick tour of QUIC, looking at what goals influenced its design, and what implications QUIC might have on the overall architecture of the Internet Protocol.

0

Bringing IoT to old-school industries without disruption is challenging

In the enterprise half of the IoT world, heavy industries like energy, manufacturing, and automotive are the biggest success stories for the new technology, but the prospect of integrating their existing computerized-orchestration and management technology with modern industrial IOT gear can be daunting.To read this article in full, please click here(Insider Story)

0

Replacement Strips for Screen Privacy Filter

I use a Privacy Filter on my laptop screen when traveling. I’m doing a bit of time on planes these days, and it makes a big difference. Most of my code is Open Source, but other content is proprietary. High chance of competitors being on the same plane as me, so better to make it harder for others to see.

The only problem with these screens is that if you frequently take it off like I do, the adhesive strips collect dust, and stop sticking after a while. Recently someone asked me how to get them replaced.

3M does not sell replacement strips…but they do something even better: they give them away for free. Pretty cool ah?

Just go here, fill in the details, and they’ll send you some more. How good is that?

0

Replacement Strips for Screen Privacy Filter

I use a Privacy Filter on my laptop screen when traveling. I’m doing a bit of time on planes these days, and it makes a big difference. Most of my code is Open Source, but other content is proprietary. High chance of competitors being on the same plane as me, so better to make it harder for others to see.

The only problem with these screens is that if you frequently take it off like I do, the adhesive strips collect dust, and stop sticking after a while. Recently someone asked me how to get them replaced.

3M does not sell replacement strips…but they do something even better: they give them away for free. Pretty cool ah?

Just go here, fill in the details, and they’ll send you some more. How good is that?

0

Replacement Strips for Screen Privacy Filter

I use a Privacy Filter on my laptop screen when traveling. I’m doing a bit of time on planes these days, and it makes a big difference. Most of my code is Open Source, but other content is proprietary. High chance of competitors being on the same plane as me, so better to make it harder for others to see.

The only problem with these screens is that if you frequently take it off like I do, the adhesive strips collect dust, and stop sticking after a while. Recently someone asked me how to get them replaced.

3M does not sell replacement strips…but they do something even better: they give them away for free. Pretty cool ah?

Just go here, fill in the details, and they’ll send you some more. How good is that?