0

SD-WAN in 2019: The Conundrum for Service Providers

To succeed in SD-WAN, service providers will need to transform their organization and improve their selling skills. Can they do it?

0

Opening Up The Aperture On The World With Summit

We have spent the past several years speculating about what the “Summit” supercomputer built by IBM, Nvidia, and Mellanox Technologies for the US Department of Energy and installed at Oak Ridge National Laboratory might be. …

Opening Up The Aperture On The World With Summit was written by Timothy Prickett Morgan at .

0

Supercharging my CLI

I spent a lot of time in the terminal. I can’t really explain why; for many things it just feels faster and more comfortable to do them via the command line interface (CLI) instead of via a graphical point-and-click interface. (I’m not totally against GUIs, for some tasks they’re far easier.) As a result, when I find tools that make my CLI experience faster/easier/more powerful, that’s a big boon. Over the last few months, I’ve added some tools to my Fedora laptop that have really added some power and flexibility to my CLI environment. In this post, I want to share some details on these tools and how I’m using them.

The tools I’ve adopted and that I’ll discuss in this post are:

• powerline-go for an informative CLI prompt
• rg for faster content searches
• fd for faster filename searches
• fzf for fuzzy command history access and faster directory navigation

Let’s take a closer look at each of these.

A More Informative Shell Prompt

There’s been quite a few articles written about powerline, a Python-based utility that provides a much more informative shell prompt. Instead of going down the traditional powerline route, I found powerline-go—a small, statically linked Continue reading

0

Interview: Active-Active Data Centers with VXLAN and EVPN

Christoph Jaggi asked me a few questions about using VXLAN with EVPN to build data center fabrics and data center interconnects (including active/active data centers). The German version was published on Inside-IT, here’s the English version.

He started with an obvious one:

What is an active-active data center and why would I want to use an active-active data center?

Numerous organizations have multiple data centers for load sharing or disaster recovery purposes. They could use one of their data centers and have the other(s) as warm or cold standby (active/backup setup) or use all data centers at the same time (active/active).

Read more ...

0

Preparing for 5G’s Biggest Security Challenges

0

Best Practices: How to buy technology expense-management services

Technology expense-management (TEM) is a service that is of ever-increasing importance to enterprise buyers because it touches on virtually all aspects of the technology lifecycle.To read this article in full, please click here(Insider Story)

0

Best Practices: How to buy technology expense-management services

Technology expense-management (TEM) is a service that is of ever-increasing importance to enterprise buyers because it touches on virtually all aspects of the technology lifecycle.To read this article in full, please click here(Insider Story)

0

Know your SCM_RIGHTS

As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously.

It is no secret that Cloudflare uses nginx to handle user traffic. A little less known fact, is that we have several instances of nginx running. I won’t go into detail, but there is one instance whose job is to accept connections on port 443, and proxy them to another instance of nginx that actually handles the requests. It has pretty limited functionality otherwise. We fondly call it nginx-ssl.

Back then we were using OpenSSL for TLS and Crypto in nginx, but OpenSSL (and BoringSSL) had yet to announce a timeline for TLS 1.3 support, therefore we had to implement our own TLS 1.3 stack. Obviously we wanted an implementation that would not affect any customer or client that would not enable TLS 1.3. We also needed something that we could iterate on quickly, because the spec was very fluid back then, and also something Continue reading

0

Knowledge of the “Truths in Your Network” is KEY

I am a huge believer in “knowledge is key”.  Yeah… I know… just reading that statement you are probably saying “well yeah… duh”.

Of course knowledge is key… duh, Fish!  We know that!  We love knowledge.  We are knowledge seekers and we love to learn!  I mean… if we didn’t love learning and knowledge why would we be reading this?   Okay… got it.  You love knowledge.  You want to grow your knowledge.   I hear you.  You are basically saying… bring on the knowledge… max the setting!   Got it.

So you most likely extend that desire for knowledge to most of the areas in your life.

For example….

• Buying a House:  When buying a house you want the knowledge you can get by hiring a subject matter expert to walk thru the entirety of the house and inspect it.  You want knowledge of the truths of that house.
• Hiring a Financial Advisor: When hiring a financial advisor you just go and “bare all” in reference to your financial situation so they can review every nuance of it.   You want knowledge of the truths of your finances.

Let’s Continue reading

0

4 Things to Consider When Virtualizing Networking and Security

In order to plan the transition to virtualizing their business, enterprises must consider the required functionality, as well as complexity, cost, and performance.

0

AWS Beefs Up Its Database Portfolio to Escape ‘Abusive’ Relationships

Part of its database build-out includes a new blockchain managed service.

0

L4Drop: XDP DDoS Mitigations

Efficient packet dropping is a key part of Cloudflare’s distributed denial of service (DDoS) attack mitigations. In this post, we introduce a new tool in our packet dropping arsenal: L4Drop.

We've written about our DDoS mitigation pipeline extensively in the past, covering:

• Gatebot: analyzes traffic hitting our edge and deploys DDoS mitigations matching suspect traffic.
• bpftools: generates Berkeley Packet Filter (BPF) bytecode that matches packets based on DNS queries, p0F signatures, or tcpdump filters.
• Iptables: matches traffic against the BPF generated by bpftools using the xt_bpf module, and drops it.
• Floodgate: offloads work from iptables during big attacks that could otherwise overwhelm the kernel networking stack. Incoming traffic bypasses the kernel to go directly to a BPF interpreter in userspace, which efficiently drops packets matching the BPF rules produced by bpftools.

Both iptables and Floodgate send samples of received traffic to Gatebot for analysis, and filter incoming packets using rules generated by bpftools. This ends up looking something like this:

This pipeline has served us well, but a lot has changed since we implemented Floodgate. Our new Gen9 and ARM servers use different network Continue reading

0

Datanauts 152: No More Stretched Clusters!

Today on the Datanauts we examine why people stretch clusters, the problems this can cause, and alternative design strategies. Our guest is Erik Ableson, owner of the consultancy Infrageeks.

The post Datanauts 152: No More Stretched Clusters! appeared first on Packet Pushers.

0

IoT and Network Security: Here’s How Network Slicing and Segmentation Can Help

According to Ericsson, “Around 29 billion connected devices1 are forecast by 2022, of which around 18 billion will be related to...

0

ABI Research: Network Slicing May Create $66B in Business by 2026

Mobile service providers stand to benefit from the growing promise of network slicing, but many are not taking full advantage of the opportunity.

0

Farewell SDxCentral Readers

I'm about to embark on a new adventure.

0

Envoy Joins Kubernetes, Prometheus With a CNCF Diploma

The service mesh proxy was initially developed by Lyft and breezed through the CNCF incubation process a year faster than its fellow graduates.

0

Nutanix Challenges VMware to PoC Battle, Launches Xi Cloud Services

“Our dominance in the core is why VMware avoids doing PoCs in accounts when we are in a head-to-head fight,” said CEO Dheeraj Pandey.

0

Nokia’s Software Biz Is Firmly Rooted in Silicon Valley

The company is building a corporate campus in Sunnyvale, California, to provide a home for its more than 1,000 employees in the Valley.

0

New Report: Major Online Retailers Increase Email Marketing Trustworthiness and Follow Unsubscribe Best Practices

Today, the Internet Society’s Online Trust Alliance released its fifth annual Email Marketing & Unsubscribe Audit. OTA researchers analyzed the email marketing practices of 200 of North America’s top online retailers and, based on this analysis, offer prescriptive advice to help marketers provide consumers with choice and control over when and what messages they receive. The Audit assesses the end-to-end user experience from signing up for emails, to receiving emails, to the unsubscribe process and its results.

In the 2018 Audit, seventy-four percent of the top online retailers received “Best of Class” designation, meaning they scored eighty percent or higher in OTA’s analysis of their email marketing. In addition, ten retailers received perfect scores, meaning they adopted all twelve of OTA’s best practices. They are: Dick’s Sporting Goods, Home Depot, Lands’ End, Musician’s Friend, Office Depot, OpticsPlanet, Sierra Trading Post, Staples, Talbots, and Walgreens.

In the subscribe process there were several positive findings. The percentage of sites that had subscribe forms that were easy for the user to find was 94% in 2018, up from 85% in 2017. In addition, one-quarter of sites offered incentives such as free shipping to entice users to subscribe, down slightly from 28% in 2018.

Continue reading