BoringTun, a userspace WireGuard implementation in Rust

Today we are happy to release the source code of a project we’ve been working on for the past few months. It is called BoringTun, and is a userspace implementation of the WireGuard® protocol written in Rust.

boring-tun-logo

A Bit About WireGuard

WireGuard is relatively new project that attempts to replace old VPN protocols, with a simple, fast, and safe protocol. Unlike legacy VPNs, WireGuard is built around the Noise Protocol Framework and relies only on a select few, modern, cryptographic primitives: X25519 for public key operations, ChaCha20-Poly1305 for authenticated encryption, and Blake2s for message authentication.

Like QUIC, WireGuard works over UDP, but its only goal is to securely encapsulate IP packets. As a result, it does not guarantee the delivery of packets, or that packets are delivered in the order they are sent.

The simplicity of the protocol means it is more robust than old, unmaintainable codebases, and can also be implemented relatively quickly. Despite its relatively young age, WireGuard is quickly gaining in popularity.

Starting From Scratch

While evaluating the potential value WireGuard could provide us, we first considered the existing implementations. Currently, there are three usable implementations

Stateful Firewalls: When You Get to a Fork in the Road, Take It

If you’ve been in networking long enough you’d probably noticed an interesting pattern:

  • Some topic is hotly debated;
  • No agreement is ever reached even though the issue is an important one;
  • The debate dies after participants diverge enough to stop caring about the other group.

I was reminded of this pattern when I was explaining the traffic filtering measures available in private and public clouds during the Designing Infrastructure for Private Clouds workshop.

Read more ...

Amazon Aurora: on avoiding distributed consensus for I/Os, commits, and membership changes

Amazon Aurora: on avoiding distributed consensus for I/Os, commits, and membership changes, Verbitski et al., SIGMOD’18

This is a follow-up to the paper we looked at earlier this week on the design of Amazon Aurora. I’m going to assume a level of background knowledge from that work and skip over the parts of this paper that recap those key points. What is new and interesting here are the details of how quorum membership changes are dealt with, the notion of heterogeneous quorum set members, and more detail on the use of consistency points and the redo log.

Changing quorum membership

Managing quorum failures is complex. Traditional mechanisms cause I/O stalls while membership is being changed.

As you may recall though, Aurora is designed for a world with a constant background level of failure. So once a quorum member is suspected faulty we don’t want to have to wait to see if it comes back, but nor do we want throw away the benefits of all the state already present on a node that might in fact come back quite quickly. Aurora’s membership change protocol is designed to support continued processing during the change, to tolerate additional failures while Continue reading

A First Peek At Cascade Lake Xeons Ahead Of Launch

It is no secret that Intel has been working to get its “Cascade Lake” processors, the second generation of its Xeon SP family to market as early as possible this year and to ramp sales at the same time that X86 server rival AMD is expected to get its second generation “Rome” Epyc processors in the field. “A First Peek At Cascade Lake Xeons Ahead Of Launch”

A First Peek At Cascade Lake Xeons Ahead Of Launch was written by Timothy Prickett Morgan at .

The Importance of sFlow and NetFlow in Data Center Networks

As networks get more complex, and higher-speed interconnects are required, in-depth information about the switches serving these networks becomes crucial to maintain quality-of-service, perform billing, and manage traffic in a shared environment.

Some of you reading this blog post may already be familiar with “sFlow,” an industry-standard technology for monitoring high-speed switched networks and obtaining insights about the data traversing them. This blog post will focus on the importance of sFlow and the similar technology, “NetFlow,” in large – and getting larger – data centers.

Comparing sFlow and NetFlow

sFlow and NetFlow are technologies that, by sampling traffic flows between ports on a switch or interfaces on a router, can provide data about network activity, such as uplink load, total bandwidth used, graphs of history, and so on. To take this data and put it into a form that’s easily digestable, there is NfSen, a web-based front-end for these tools.

While sFlow and NetFlow may – at least on the surface – sound the same, they have underlying protocol differences that may be relevant, depending on your use case. sFlow is, as previously stated, an industry-standard technology. This dramatically increases the chances the sFlow agent (the piece of Continue reading

BiB 073: HammerSpace Data-as-a-Microservice For Kubernetes

HammerSpace announced the ability to provide a global namespace for persistent storage in Kubernetes environments. HammerSpace has tackled this issue with what they are calling data-as-a-microservice. This is not a new type of K8s specific storage, which HammerSpace thinks is about the last thing the Kubernetes world needs. More importantly, HammerSpace is trying to answer the question, “How do we get storage to evolving workloads?”

The post BiB 073: HammerSpace Data-as-a-Microservice For Kubernetes appeared first on Packet Pushers.

Upcoming Safari Books Webinars

I have two webinars on Safari that might be of interest to folks who read here.

Network Troubleshooting Theory and Process

In this course I related by formal training in electronics into the networking world. The primary topic is the half-split method of troubleshooting, which tends to be much faster than the “hunch, hunt, and peck” method most folks seem to intuitively use. This is a course I give on a regular basis, though I suspect I am moving to giving this course twice a year in the future.

How Networks Really Work

This is a course I just started developing. Essentially, this will be split into two pieces. The first part will be walking through packets traversing a network; the second will be walking through various routing protocols converging on some common topologies. The aim here is to connect some of the theory I talk about to the “real world,” so this is not about covering the material, but also about covering the mindset.

I also have two more LiveLessons in production, one with Dinesh Dutt on disaggregation, and another on various forms of abstraction and the tradeoffs around abstraction (such as summarization and aggregation). I hope to have Continue reading

BrandPost: Changes in SD-WAN Purchase Drivers Show Maturity of the Technology

SD-WANs have been available now for the past five years, but adoption has been light compared to that of the overall WAN market. This should be no surprise, as the technology was immature, and customers were dipping their toes in the water first as a test. Recently, however, there are signs that the market is maturing, which also happens to coincide with an acceleration of the market.Evidence of the maturation of SD-WANs can be seen in the most recent IHS Markit Campus LAN and WAN SDN Strategies and Leadership North American Enterprise Survey. Exhibit 1 shows that the top drivers of SD-WAN deployments are the simplification of WAN provisioning, automation capabilities. and direct cloud connectivity—all of which require an architectural change.To read this article in full, please click here

BrandPost: Today’s Retailer is Turning to the Edge for CX

Despite the increasing popularity and convenience of ecommerce, 92% of purchases continue to be made off-line, according to the U.S. Census. That’s putting enormous pressure on retailers to meet new consumer expectations around real-time access to merchandise and order information. In fact, 85.3% of shoppers expect retailers to provide associates with handheld or fixed devices to check inventory and price within a store, a nearly 51% increase over 2017, according to a survey from SOTI.To read this article in full, please click here

An inside look at an IIoT-powered smart factory

As someone who’s spent his whole career working in offices, not factories, I had very little idea what a modern “smart factory” powered by the industrial Internet of Things (IIoT) might look like. That’s why I was so interested in Tempo Automation’s new 42,000-square-foot facility in San Francisco’s trendy Design District.Frankly, I pictured the company’s facility, which uses IIoT to automatically configure, operate, and monitor the prototyping and low-volume production of printed circuit board assemblies (PCBAs), as a cacophony of robots and conveyor belts attended to by a grizzled band of grease-stained technicians. You know, a 21stcentury update of Charlie Chaplin’s 1936 classic Modern Times making equipment for customers in the aerospace, medtech, industrial automation, consumer electronics, and automotive industries. (The company just inked a new contract with Lockheed Martin.)To read this article in full, please click here

An inside look at Tempo Automation’s IIoT-powered ‘smart factory’

As someone who’s spent his whole career working in offices, not factories, I had very little idea what a modern “smart factory” powered by the industrial Internet of Things (IIoT) might look like. That’s why I was so interested in Tempo Automation’s new 42,000-square-foot facility in San Francisco’s trendy Design District.Frankly, I pictured the company’s facility, which uses IIoT to automatically configure, operate, and monitor the prototyping and low-volume production of printed circuit board assemblies (PCBAs), as a cacophony of robots and conveyor belts attended to by a grizzled band of grease-stained technicians. You know, a 21stcentury update of Charlie Chaplin’s 1936 classic Modern Times making equipment for customers in the aerospace, medtech, industrial automation, consumer electronics, and automotive industries. (The company just inked a new contract with Lockheed Martin.)To read this article in full, please click here

Juniper Lightboard Series – Intro to Juniper Routing – Part 1

Very excited to share with you my very first official lightboard video, and what better way to kick things off than to dive into one of my favorite topics — an Intro to Juniper Routing. In this first part, I cover the separation between the Control Plane and the Forwarding Plane, and introduce concepts such …

Continue reading "Juniper Lightboard Series – Intro to Juniper Routing – Part 1"

This free team collaboration app is changing how teams work together

Efficiency is the name of the game in today’s fast-paced digital world; and whether you’re leading a team—or an entire company—you should always be looking for new and creative ways to get more done in less time. That’s the goal, right? While there are plenty of pricey tools like Slack and Skype that promise to fine-tune your productivity, few are as quick and impactful as Glip, and it won’t cost you a dime.To read this article in full, please click here

1 1,290 1,291 1,292 1,293 1,294 3,856