Kubernetes with Cilium and Containerd using Kubeadm

Now, if that isn’t a title jam-packed with buzzwords, I don’t know what is! In seriousness, though, I wanted to share how to use kubeadm to turn up a Kubernetes cluster using containerd (instead of Docker) and Cilium as the CNI plugin. I’m posting this because I wasn’t able to find a reasonable article that combined all the different threads—some posts talked about using containerd, others talked about using Cilium, and the official Kubernetes docs have examples for using kubeadm. The purpose of this post is to try to pull those threads together.

For structure and context, I’ll build upon the official Kubernetes document outlining creating highly available clusters with kubeadm. You may find it helpful to pull up that article next to this one, as I won’t be duplicating that content here. Instead, I’ll just reference additions/changes to the process in order to accommodate containerd and Cilium.

Before getting started, make sure that your systems will meet the minimum requirements for Cilium. For my testing, I used Ubuntu 16.04 with the latest HWE kernel (4.15.0-33-generic). I used a private fork of Wardroom to build the AWS AMIs with containerd and all the Kubernetes 1.11.2 Continue reading

How to pin a pile of addresses onto a Google map

Turning a list of names, addresses and related information into a Google map is a lot easier than you might think. The effort required depends, as you might imagine, on the information that you starting with. But if the format is fairly consistent, it’s relatively easy to massage the information into a form that can be uploaded into a format that works.First, what you can expect Once you’ve loaded a list of names and addresses into a Google map, you will be able view the location of each person and set up your map such that clicking on any of the map markers displays the information collected for that address.To read this article in full, please click here

Last Month In Internet Intelligence: August 2018

During August 2018, the Oracle Internet Intelligence Map surfaced Internet disruptions around the world due to familiar causes including nationwide exams, elections, maintenance, and power outages. A more targeted disruption due to a DDoS attack was also evident, as were a number of issues that may have been related to submarine cable connectivity. In addition, in a bit of good news, the Internet Intelligence Map also provided evidence of two nationwide trials of mobile Internet services in Cuba.

Cuba

On August 15, the Oracle Internet Intelligence Twitter account highlighted that a surge in DNS queries observed the prior day was related to a nationwide test of mobile Internet service, marking the first time that Internet services were available nationwide in Cuba’s history. The figure below shows two marked peaks in DNS query rates from resolvers located in Cuba during the second half of the day (GMT) on the 14th. Paul Calvano, a Web performance architect at Akamai, also observed a roughly 25% increase in their HTTP traffic to Cuba during the trial period.

This testing was reported by ETECSA (the Cuban state telecommunications company) in a Facebook post in which they noted:

The Telecommunications company of Cuba S.A. Continue reading

Getting Started: Visit Us at AnsibleFest!

AF-Ansible-Get-Started-Blog

Hello, and welcome to another Getting Started blog post… though this one is a bit different. I’d like to tell you about AnsibleFest 2018 in Austin, TX, where for the first time there will be a dedicated Getting Started section at this annual event!

Participants who visit our area will be able to meet some members of the Getting Started team as well as attend presentations. The scheduled talks include Ansible Essentials (similar to the monthly webinars) and Writing Your First Playbook, based on our most popular blog post.

In addition to the two scheduled talks each day, there will also be a lounge area where attendees can ask questions and get answers from Ansible experts in person! Come stop by to learn about what makes Ansible different, how it works, and get a quick overview of Ansible Tower. No experience is required, which means this is going to be a great chance for you or perhaps a teammate who is new to Ansible to learn about it from the ground up.

Make sure to register soon so that we can see you in Austin this October!

Valley-Free Routing

Reading academic articles about Internet-wide routing challenges you might stumble upon valley-free routing – a pretty important concept with applications in WAN and data center routing design.

If you’re interested in the academic discussions, you’ll find a pretty exhaustive list of papers on this topic in the Informative References section of RFC 7908; here’s the over-simplified version.

Read more ...

BiB 053: Mode.net’s Cloud Private Network For Your SD-WAN

Mode briefed Ethan Banks about their cloud private network. Whoa! Thought Mode was an SD-WAN company? Not quite. Mode partners with several SD-WAN platforms so that it's easy to stand up a tunnel from your SD-WAN forwarders to Mode's private network. That makes Mode a network alternative to private MPLS that integrates with your SD-WAN fabric.

The post BiB 053: Mode.net’s Cloud Private Network For Your SD-WAN appeared first on Packet Pushers.

Episode 34 – MPLS Part 3 – Traffic Engineering

Traffic engineering is one of the most complex topics in network design and operation. Join us in this episode of the Network Collective as we discuss the concepts and tradeoffs in traffic engineering using MPLS.

 

Nick Russo
Guest
Jeff Tantsura
Guest

Eyvonne Sharp
Host
Russ White
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 34 – MPLS Part 3 – Traffic Engineering appeared first on Network Collective.

IDG Contributor Network: What’s wrong with Cisco running SD-WAN on your routers?

Cisco’s announcement earlier this month that it will add the Viptela SD-WAN technology to the IOS XE software running the ISR/ASR routers will be a mixed blessing for enterprises.On the one hand, it brings SD-WAN migration closer to Cisco customers. On the other hand, two preliminary indicators —  one-on-one conversations and Cisco’s refusal to participate in an SD-WAN test —  suggest enterprises should expect reduced throughput if they enable the SD-WAN capabilities on their routers.Cisco’s easy migration to SD-WAN By including the SD-WAN code with IOS XE, Cisco will provide a migration path for the more than one million ISR/ASR edge routers in the field. There’s been a lot of conversation as to whether or not SD-WAN is going to kill the router performance. Delivering SD-WAN code on the ISRs is Cisco’s answer: routers are here to stay but they’ll morph into SD-WAN appliances.To read this article in full, please click here

IDG Contributor Network: What’s wrong with Cisco running SD-WAN on your routers?

Cisco’s announcement earlier this month that it will add the Viptela SD-WAN technology to the IOS XE software running the ISR/ASR routers will be a mixed blessing for enterprises. On the one hand, it brings SD-WAN migration closer to Cisco customers. On the other hand, two preliminary indicators —  one-on-one conversations and Cisco’s refusal to participate in an SD-WAN test —  suggest enterprises should expect reduced throughput if they enable the SD-WAN capabilities on their routers.Cisco’s easy migration to SD-WAN By including the SD-WAN code with IOS XE, Cisco will provide a migration path for the more than one million ISR/ASR edge routers in the field. There’s been a lot of conversation as to whether or not SD-WAN is going to kill the router performance. Delivering SD-WAN code on the ISRs is Cisco’s answer: routers are here to stay but they’ll morph into SD-WAN appliances.To read this article in full, please click here

Research: DNSSEC in the Wild

The DNS system is, unfortunately, rife with holes like Swiss Cheese; man-in-the-middle attacks can easily negate the operation of TLS and web site security. To resolve these problems, the IETF and the DNS community standardized a set of cryptographic extensions to cryptographically sign all DNS records. These signatures rely on public/private key pairs that are transitively signed (forming a signature chain) from individual subdomains through the Top Level Domain (TLD). Now that these standards are in place, how heavily is DNSSEC being used in the wild? How much safer are we from man-in-the-middle attacks against TLS and other transport encryption mechanisms?

TL;DR
  • DNSSEC is enabled on most top level domains
  • However, DNSSEC is not widely used or deployed beyond these TLDs

 

Three researchers published an article in Winter ;login; describing their research into answering this question (membership and login required to read the original article). The result? While more than 90% of the TLDs in DNS are DNSEC enabled, DNSSEC is still not widely deployed or used. To make matter worse, where it is deployed, it isn’t well deployed. The article mentions two specific problems that appear to plague DNSSEC implementations.

First, on the server side, a number of Continue reading

Welcome, WP Engine!

Welcome, WP Engine!
Welcome, WP Engine!

We’ve had the tremendous pleasure of working with WP Engine for nearly 5 years, starting when both companies employed less than 100 people in total. From the beginning, we noticed striking similarities between our two companies—both were founded in 2010, both are incredibly passionate about their customers’ success, and both strive to make their technology as simple and accessible as possible. Fast forward to 2018: with WP Engine already leveraging Cloudflare for DNS, thousands of mutual WP Engine and Cloudflare customers, and millions of WordPress websites already protected behind Cloudflare, it was a no-brainer to formally partner together.

Today, we are thrilled to announce WP Engine as a Cloudflare partner! The joint offering, Global Edge Security powered by Cloudflare, integrates WP Engine’s platform with Cloudflare’s managed web application firewall (WAF), advanced distributed denial of service mitigation (DDoS), SSL/TLS encryption, and CDN across a global edge network to deliver the world’s most secure and scalable digital experience on WordPress today.

We couldn’t be more excited about our opportunity to collaborate with WP Engine to deploy business-critical security and CDN edge services to Enterprises and SMBs globally.

IDG Contributor Network: The rise of EVPN in the modern data center

Over the last few years, I have been sprawled in so many technologies that I have forgotten where my roots began in the world of data center. Therefore, I decided to delve deeper into what’s prevalent and headed straight to Ivan Pepelnjak's Ethernet VPN (EVPN) webinar hosted by Dinesh Dutt.I knew of the distinguished Dinesh since he was the chief scientist at Cumulus Networks, and for me, he is a leader in this field. Before reading his book on EVPN, I decided to give Dinesh a call to exchange our views about the beginning of EVPN. We talked about the practicalities and limitations of the data center. Here is an excerpt from our discussion.To read this article in full, please click here

IDG Contributor Network: The rise of EVPN in the modern data center

Over the last few years, I have been sprawled in so many technologies that I have forgotten where my roots began in the world of data center. Therefore, I decided to delve deeper into what’s prevalent and headed straight to Ivan Pepelnjak EVPN webinar hosted by Dinesh Dutt.I knew of the distinguished Dinesh since he was the chief scientist at Cumulus Networks and for me; he is a leader in this field. Before reading his book on EVPN, I decided to give Dinesh a call to exchange our views about the beginning of EVPN. We talked about the practicalities and limitations of the data center. Here is an excerpt from our discussion.To read this article in full, please click here

1 1,429 1,430 1,431 1,432 1,433 3,793