Cloudflare Peering Portal – Beta

Cloudflare Peering Portal - Beta
Cloudflare Peering Portal - Beta

It can be a big deal for Internet users when Cloudflare rolls into town. After our recent Mongolia launch, we received lots of feedback from happy customers that all of a sudden, Internet performance noticeably improved.

As a result, it's not a surprising that we regularly receive requests from all over the world to either peer with our network, or to host a node. However, potential partners are always keen to know just how much traffic will be served over that link. What performance benefits can end-users expect? How much upstream traffic will the ISP save? What new bandwidth will they have available for traffic management?

Starting today, ISPs and hosting providers can request a login to the Cloudflare Peering Portal to find the answers to these questions. After validating ownership of your ASN, the Cloudflare network team will provide a login to the newly launched Peering Portal - Beta. You can find more information at: cloudflare.com/partners/peering-portal/

What problem does peering solve?

If you're new to the core infrastructure of the Internet, the best way to understand peering is to frame the problems it solves:

  1. Bandwidth costs money
  2. Internet users don't like slow websites
  3. Network operators have limited Continue reading

Red Hat underpins the growing importance of Linux and open source

While you may not spend a lot of time thinking about this, the role Linux plays in the technology that we all use everyday is growing quite significantly. In an effort to more fully appreciate this, I had an opportunity to speak with the new vice resident and general manager of Red Hat's RHEL Business Unit — Dr. Stefanie Chiras — and ask about her vision for RHEL and Linux in general. She was very enthusiastic — not just for Red Hat, but for the open source movement overall and the rising importance of Linux.Chiras started with Red Hat in July — not quite four months ago — and already describes herself as a “true Red Hatter.” She explained that she has had a serious focus on Linux for the last six years or more. As she points out, we all do development differently these days because of the open source movement. The changes in just the last five years have moved us to very different ways of doing things whether we're working on public or private clouds, containers, or bare metal.To read this article in full, please click here

Automation Win: Configure Cisco ACI with an Ansible Playbook

This blog post was initially sent to subscribers of my mailing list. Subscribe here.

Following on his previous work with Cisco ACI Dirk Feldhaus decided to create an Ansible playbook that would create and configure a new tenant and provision a vSRX firewall for the tenant when working on the Create Network Services hands-on exercise in the Building Network Automation Solutions online course.

Read more ...

LegoOS: a disseminated, distributed OS for hardware resource disaggregation

LegoOS: a disseminated, distributed OS for hardware resource disaggregation Shan et al., OSDI’18

One of the interesting trends in hardware is the proliferation and importance of dedicated accelerators as general purposes CPUs stopped benefitting from Moore’s law. At the same time we’ve seen networking getting faster and faster, causing us to rethink some of the trade-offs between local I/O and network access. The monolithic server as the unit of packaging for collections of such devices is starting to look less attractive:

  • It leads to inefficient resource utilisation, since CPU and memory for a job have to be allocated from the same machine. This can lead to eviction even when utilisation is overall low (e.g. 50%).

  • It is difficult to add, move, remove, or reconfigure hardware components after they have been installed in a server, leading to long up-front planning cycles for hardware rollouts at odds with the fast-moving rate of change in requirements.
  • It creates a coarse failure domain – when any hardware component within a server fails, the whole server is often unusable.
  • It doesn’t work well with heterogeneous devices and their rollout: e.g. GPGPUs, TPUs, DPUs, FGPAs, NVM, and NVMe-based SSDs.

To fully support the Continue reading

Test Driving Inter Regional VPC peering in AWS

Connect AWS VPCs hosted in different regions. AWS Virtual Private Cloud(VPC) provides a way to isolate a tenant’s cloud infrastructure. To a tenant a VPCs provide a view of his own virtual infrastructure in the cloud that is completely isolated, has its own compute, storage, network connectivity, security settings etc. In the physical world, Amazon’s … Continue reading Test Driving Inter Regional VPC peering in AWS

Custom VPC and Internet Access in AWS

Create your VPC, launch EC2 instances and get internet access with Public IP. With a Virtual Private Cloud(VPC), tenants can create his own cloud based infrastructure in AWS. While AWS provides a default VPC for a new tenant, there are always use cases that need creation of custom VPC. While exploring custom VPC, I found … Continue reading Custom VPC and Internet Access in AWS

TCP/IP, Sockets, and SIGPIPE

There is a spectre haunting the Internet -- the spectre of SIGPIPE errors. It's a bug in the original design of Unix networking from 1981 that is perpetuated by college textbooks, which teach students to ignore it. As a consequence, sometimes software unexpectedly crashes. This is particularly acute on industrial and medical networks, where security professionals can't run port/security scans for fear of crashing critical devices.

An example of why this bug persists is the well-known college textbook "Unix Network Programming" by Richard Stevens. In section 5.13, he correctly describes the problem.
When a process writes to a socket that has received an RST, the SIGPIPE signal is sent to the process. The default action of this signal is to terminate the process, so the process must catch the signal to avoid being involuntarily terminated.
This description is accurate. The "Sockets" network APIs was based on the "pipes" interprocess communication when TCP/IP was first added to the Unix operating system back in 1981. This made it straightforward and comprehensible to the programmers at the time. This SIGPIPE behavior made sense when piping the output of one program to another program on the command-line, as is typical under Unix: Continue reading

BGP LLGR: robust and reactive BGP sessions

On a BGP-routed network with multiple redundant paths, we seek to achieve two goals concerning reliability:

  1. A failure on a path should quickly bring down the related BGP sessions. A common expectation is to recover in less than a second by diverting the traffic to the remaining paths.

  2. As long as a path is operational, the related BGP sessions should stay up, even under duress.

Detecting failures fast: BFD⚓︎

To quickly detect a failure, BGP can be associated with BFD, a protocol to detect faults in bidirectional paths,1 defined in RFC 5880 and RFC 5882. BFD can use very low timers, like 100 ms.

However, when BFD runs in a process on top of a generic kernel,2 notably when running BGP on the host, it is not unexpected to loose a few BFD packets on adverse conditions: the daemon handling the BFD sessions may not get enough CPU to answer in a timely manner. In this scenario, it is not unlikely for all the BGP sessions to go down at the same time, creating an outage, as depicted in the last case in the diagram below.

BGP and failed sessions
Examples of failures on a network using BGP Continue reading

Validating RAML Files Using Docker

Back in July of this year I introduced Polyglot, a project whose only purpose is to provide a means for me to learn more about software development and programming (areas where am I sorely lacking real knowledge). In the limited spare time I’ve had to work on Polyglot in the ensuing months, I’ve been building out an API specification using RAML, and in this post I’ll share how I use Docker and a Docker image to validate my RAML files.

Since I was (am) using Visual Studio Code as my primary text editor/development environment these days, I started out by looking for a RAML extension that would provide some sort of linting/validation functionality. I found an extension to do RAML syntax highlighting, which seemed like a reasonable first step.

After a bit more research, I found that there was a raml-cli NPM package that one could use to validate RAML files from the command line. I was a bit leery of installing an NPM package on my system, so I thought, “Why not use a Docker container for this?” It will keep my system clean of excess/unnecessary packages and dependencies, and it will provide some practice with Continue reading

Election interference from Uber and Lyft

Almost nothing can escape the taint of election interference. A good example is the announcements by Uber and Lyft that they'll provide free rides to the polls on election day. This well-meaning gesture nonetheless calls into question how this might influence the election.

"Free rides" to the polls is a common thing. Taxi companies have long offered such services for people in general. Political groups have long offered such services for their constituencies in particular. Political groups target retirement communities to get them to the polls, black churches have long had their "Souls to the Polls" program across the 37 states that allow early voting on Sundays.

But with Uber and Lyft getting into this we now have concerns about "big data", "algorithms", and "hacking".

As the various Facebook controversies have taught us, these companies have a lot of data on us that can reliably predict how we are going to vote. If their leaders wanted to, these companies could use this information in order to get those on one side of an issue to the polls. On hotly contested elections, it wouldn't take much to swing the result to one side.

Even if they don't do this consciously, their Continue reading

Tech calendar 2018-19: Upcoming events of interest to IT pros

Tech Events Event Description Starts Ends Location AWS re:Invent AWS Re:invent is Amazon's opportunity to update IT and business leaders on the latest features of its cloud service.The event features keynote announcements, training and certification opportunities, access to more than 2,000 technical sessions, a partner expo, and more. 2018-11-26 2018-11-30 Las Vegas, NV IT Roadmap This one-day event focused on powering the agile enterprise looks at the latest approaches to make IT more responsive, nimble, and robust. 2018-12-06 2018-12-06 Washington, D.C. SXSW Covering everything from entertainment to entrepreneurship, this sprawling conference has tracks dedicated to Tech Industry & Enterprise, Coding & Development, Blockchain & Cryptocurrency, Health & Medtech, and VR/AR/MR. 2019-03-08 2019-03-17 Austin, TX Enterprise Connect Aimed at companies looking to upgrade or replace legacy systems or deploy and integrate next-gen communications and collaboration systems, services, apps and networks. 2019-03-18 2019-03-21 Orlando, FL Google Cloud Next Google Cloud Next is where the company announces all the latest updates to the Google Cloud Platform. The conference also offers educational, networking and hands-on opportunities for its more than 10,000 attendees. 2019-04-09 2019-04-11 San Francisco, CA Computex Taipei Based in Asia, this massive technology trade show and expo focuses on information Continue reading

Tech calendar 2018-19: Upcoming events of interest to IT pros

Tech Events Event Description Starts Ends Location AWS re:Invent AWS Re:invent is Amazon's opportunity to update IT and business leaders on the latest features of its cloud service.The event features keynote announcements, training and certification opportunities, access to more than 2,000 technical sessions, a partner expo, and more. 2018-11-26 2018-11-30 Las Vegas, NV IT Roadmap This one-day event focused on powering the agile enterprise looks at the latest approaches to make IT more responsive, nimble, and robust. 2018-12-06 2018-12-06 Washington, D.C. SXSW Covering everything from entertainment to entrepreneurship, this sprawling conference has tracks dedicated to Tech Industry & Enterprise, Coding & Development, Blockchain & Cryptocurrency, Health & Medtech, and VR/AR/MR. 2019-03-08 2019-03-17 Austin, TX Enterprise Connect Aimed at companies looking to upgrade or replace legacy systems or deploy and integrate next-gen communications and collaboration systems, services, apps and networks. 2019-03-18 2019-03-21 Orlando, FL Google Cloud Next Google Cloud Next is where the company announces all the latest updates to the Google Cloud Platform. The conference also offers educational, networking and hands-on opportunities for its more than 10,000 attendees. 2019-04-09 2019-04-11 San Francisco, CA Computex Taipei Based in Asia, this massive technology trade show and expo focuses on information Continue reading

App Micro-segmentation How To’s: Informatica, Oracle and SAP

consolidated posts from the VMware on VMware blog

Are you someone that prefers a blank sheet of paper or an empty text pad screen?  Do you get the time to have that thought process to create the words, images or code to fill that empty space?  Yes to both — I’m impressed!  Creating something from scratch is an absolutely magical feeling especially once it gets to a point of sharing or usefulness.  However, many of us spend a bit more of our time editing, building upon or debugging.  Fortunately, that can be pretty interesting as well.

In the case of setting up mico-segmentation with VMware NSX Data Center, you have a couple options on quickly getting started:

Those resources and more are great jumping off points especially since you likely have more than just Informatica, Oracle and SAP apps in your environments.

Now, should you have those Informatica, Oracle and SAP apps, then here’s the next level of details.  I’m Continue reading

1 1,434 1,435 1,436 1,437 1,438 3,849