Deploying Secure Kubernetes Containers in Production: Thwarting the Threats
Once you have containers in production certain security measures must be put in place to cover network filtering, container inspection, and host security.
Berkeley Lab First In Line for Cray “Shasta” Supercomputers
For the past five years, supercomputer maker Cray has been diligently at work not only creating a new system architecture that allows for a mix of different interconnects and compute for its future “Shasta” systems, but has also brought long-time Cray chief technology officer, Steve Scott, back into the company after two stints spent at Nvidia and Google to create a new interconnect, called “Slingshot,” that is the beating heart of the Shasta system and that signals a return of the Cray that we know and love. …
Berkeley Lab First In Line for Cray “Shasta” Supercomputers was written by Timothy Prickett Morgan at .
Oracle Cloud Tech Seems Solid. But Is It Too Late?
The company’s got about a year to turn around its Oracle cloud business if it’s going to meet its lofty goals.
The Benefits of Flexible Multi-Cloud and Multi-Region Networking
A report recently published by 451 Research shows that almost 70% of all enterprises will be using a multi-cloud or hybrid IT infrastructure in a year’s time. As more and more enterprises are swayed into the cloud, companies who have already adopted the cloud are now choosing to go with multi-cloud infrastructure or hybrid architecture for their IT requirements.
The report also showcased that about 60% of all workloads are expected to run using a form of hosted cloud service by 2019. This is an increase of about 45% from 2017. This marks an impressive change from DIY owned and operated services to a cloud or third-party hosted IT services. Therefore, the future of IT services is clearly hybrid and multi-cloud.
Here we explore some of the reasons multi-cloud is a fantastic idea for enterprises when they consider security, flexibility, reliability, and cost-effectiveness.
Reduce Security Risks Like a DDoS Attack
A Distributed Denial of Service or DDoS attack is when a number of different computer systems attack a server, website, network resource or a cloud hosting unit. A DDoS attack can be executed by an individual as well as a federal government.
In a scenario that your company’s website is Continue reading
Interview with Juniper Networks Ambassador Pierre-Yves Maunier
In our next Juniper Ambassador interview, I spend time with fellow Juniper Ambassador and French compatriot Pierre-Yves Maunier at the Juniper NXTWORK 2018 conference in Las Vegas. We discuss his life as an Ambassador, his architecture role at Dailymotion, his thoughts on the conference around DevOps and automation, and his family life back home. Pierre’s …Continue reading "Interview with Juniper Networks Ambassador Pierre-Yves Maunier"
AWS ABCs – Network Building Blocks
Given that my technical background is largely in the networking space (exhibit A, exhibit B, exhibit C(CIE)), one of the first things I tried to wrap my head around when being introduced to AWS is how networking works in the AWS cloud.
What I attempted to do was build a mental model by relating cloud networking constructs such as Virtual Private Cloud (VPC), subnets, and routing tables to on-prem, physical networking constructs. This worked pretty well but I did get tripped up at times because some of these constructs don’t map exactly one-for-one.
This post will explain the mental model I used while also calling attention to the elements or behaviors that don’t map exactly between on-prem and AWS.
The basis for building the model will be a single VM on-prem and a single compute instance in AWS. I’m going to build all the networking constructs around both of these elements, starting from the outer-most layers and working closer and closer to the VM/instance.
A Note on Layer 2
On the AWS platform there is no explicit building blocks for Layer 2 connectivity. There’s no “elastic virtual Continue reading
Practical OTV
Practical OTV
————-
This post is all about OTV (Overlay Transport Virtualization) on the CSR1000v.
I wanted to create the post because there are alot of acronyms and terminology involved.
A secondary objective was to have a “real” multicast network in the middle, as the examples I have seen around the web, have used a direct P2P network for the DCI.
Instead, I wanted to have full multicast running in the SP core in order to gain a full understanding of the packet forwarding and encapsulation.
First off, lets talk about the topology I will be using:
Datacenters:
————
We have 2 Datacenters, one represented by Site 1 and the other by Site 2.
In the middle, we have what is in all respects a SP provider network. In your environment, this may or may not be your own transport network.
In site 1, CSR-1 is our “server”, basically all thats configured on it is an IP address (192.168.100.1/24) on its G1 interface.
SW-9 is our L2 switch, which is configured with 2 VLAN’s (Vlan 100 (SERVER-VLAN) and Vlan 900 (SITE-VLAN)). The port (e0/0) going to CSR-1 is configured as an access-port in Vlan 100.
The ports Continue reading
Application Security – A Shared Responsibility in the Cloud?
The bulk of attacks today are moving up the stack. They may be moving up the stack because app owners aren’t paying attention to their share of security in the cloud.
Rough Guide to IETF 103: Internet of Things
Not surprisingly it has been a busy 4 months in IoT, and IoT-related work in IETF has been buzzing right along. This post is intended to highlight some of these activities, and to provide a guide to relevant sessions scheduled during the upcoming IETF 103 meeting in Bangkok. Also check out the IETF Journal IoT Category, the IETF IoT page, the IETF IoT Directorate, the Internet Society’s IoT page, or the Online Trust Alliance IoT page for more details about many of these topics.
The IETF Hackathon, held on the weekend preceding the main IETF meeting (November 3-4, 2018), includes several projects directly related to IoT, with the possibility of more being added. Remote participation is available. More information is on the Hackathon wiki. Projects of interest (at the time of this writing) include those relating to:
- LPWAN CoAP/UDP/IPv6 SCHC compression and fragmentation
- ST-COAPS (ACE WG) + ANIMA BRSK
- WISHI (Work on IoT Semantic / Hypermedia Interoperability
- Trusted Execution Environment Provisioning (TEEP)
The Thing-to-Thing Research Group (T2TRG), under the Internet Research Task Force (IRTF), investigates open research issues towards turning the promise of IoT into reality. The research group will be meeting on Tuesday afternoon Continue reading
Nokia WaveSuite Taps SDN to Boost Optical Network Control
The platform uses the MEF 63 Optical Transport Services specification focused on Layer 1 orchestration but is not intended as an end-to-end orchestrator.
It’s All About Business…
A few years ago I got cornered by an enthusiastic academic praising the beauties of his cryptography-based system that would (after replacing the whole Internet) solve all the supposed woes we’re facing with BGP today.
His ideas were technically sound, but probably won’t ever see widespread adoption – it doesn’t matter if you have great ideas if there’s not enough motivation to implementing them (The Myths of Innovation is a mandatory reading if you’re interested in these topics).
Read more ...Accelerated Data Plane Performance Using Enhanced Data Path in NUMA Architecture
Authors: Jambi Ganbar (Sr. Technical Solutions Manager, NFV), Jubin Thomas (NSX Information Experience team)
Overview
Some workloads demand accelerated and predictable networking performance. Our Network Functions Virtualization (NFV) customers and some of our financial, media, and high-performance computing (HPC) customers deploy these workloads. These workloads process a lot of network traffic. Network traffic in the virtual domain relies heavily on CPU cycles and the number of CPU cores available on the host. These CPU resources are used by the workload to perform its task and by the hypervisor layer to deliver network traffic to and from the application.
In this blog, we discuss the configuration required to achieve accelerated data plane performance in modern multiple NUMA architecture hosts. This blog accompanies a new white paper we just released on the subject. The white paper can be found here.
With the introduction of NSX-T version 2.2, we added a new mode of operations in the NSX-controlled virtual distributed switch. We refer to this switch as N-VDS. This new mode is called Enhanced Data Path and is often indicated as N-VDS (E). N-VDS (E) is one of the core building blocks in achieving accelerated data plane Continue reading
Lagos, Nigeria – Cloudflare’s 155th city
At just shy of 200 million, Nigeria is the most populous country in Africa (Ethiopia is second and Egypt is third). That’s a lot of people to communicate with the world - and communicate they all do!
According to a published report earlier this year, 84% of the Nigerian population own a mobile device (193 million population and 162 million mobile subscriptions). Again, that’s #1 for any country in Africa. But why so connected? Maybe because Nigeria (and Lagos specifically) is always on the move!
Lagos, as those that know the city say, never sleeps, it’s filled with color from the food to fashion to even the diverse people going about their business. The vibrancy of the city is like a hard slap to the face, no matter what you have been told, your first time here will still knock you out. In Lagos, anything is possible, from the sadness of poverty to the clearly visible upper class, the city sucks you in like a surfers dream wave. Visitor come into Lagos and leave feeling like they’ve been through a unique experience. The traffic is mind blowing and the same goes for the work pace.
Lagos, a city always on Continue reading
AWS ABCs — Network Building Blocks
Given that my technical background is largely in the networking space (exhibit A, exhibit B, exhibit C (CIE)), one of the first things I tried to wrap my head around when being introduced to AWS is how networking works in the AWS cloud.
What I attempted to do was build a mental model by relating cloud networking constructs such as Virtual Private Cloud (VPC), subnets, and routing tables to on-prem, physical networking constructs. This worked pretty well but I did get tripped up at times because some of these constructs don't map exactly one-for-one.
This post will explain the mental model I used while also calling attention to the elements or behaviors that don't map exactly between on-prem and AWS.