Episode 38 – DDoS Mitigation

In this Community Roundtable episode of Network Collective, Roland Dobbins and Nick Buraglio join us to talk about the current state of DDoS on the Internet and some strategies you can use to mitigate these risks on your network.

 

We would like to thank VIAVI Solutions for sponsoring this episode of Network Collective. VIAVI Solutions is an application and network management industry leader focusing on end-user experience by providing products that optimize performance and speed problem resolution. Helping to ensure delivery of critical applications for businesses worldwide, Viavi offers an integrated line of precision-engineered software and hardware systems for effective network monitoring and analysis. Learn more at www.viavisolutions.com/networkcollective.

 

Roland Dobbins
Guest
Nick Buraglio
Guest
Jordan Martin
Host
Eyvonne Sharp
Host
Russ White
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 38 – DDoS Mitigation appeared first on Network Collective.

Digital Development Is the Way Forward: The Suusamyr Community Network Launches at CNX

Asylbek Sanarbekov, a social worker in the village of Suusamyr, Kyrgyzstan, can often be seen standing outside of his office building, phone in hand. He goes there to connect to the new Suusamyr Community Network, which has antennas on a nearby water tower. The Suusamyr Community Network officially launches today at the Community Network Xchange (CNX) in New Delhi. It’s a big improvement over Sanarbekov‘s connection at home, where he uses expensive and sometimes unreliable mobile data.

The village of Suusamyr is located in the Suusamyr Valley, a remote region in the Tian Shan Mountains. It’s a popular tourist destination thanks to its breathtaking landscape and its sparse population, with just over 3,000 residents. During the warmer months, they’re employed in agriculture, but by winter, thanks to heavy snowfall and subfreezing temperatures, many are unemployed.

“We are a small, landlocked mountainous country, so the traditional economic models do not necessarily work for us,” says Talant Sultanov, chair of the Internet Society‘s Kyrgyz Chapter. “We decided that digital development is the way forward.”

There’s a mobile connection in the village of Suusamyr, but according to Mairambek Ismailov, deputy head of the local self-government body, it’s not necessarily fast, reliable, or Continue reading

Improving RubyDocs with Cloudflare Workers and Workers KV

Improving RubyDocs with Cloudflare Workers and Workers KV
Improving RubyDocs with Cloudflare Workers and Workers KV

The following is a guest post from Manuel Meurer, Berlin based web developer, entrepreneur, and Ruby on Rails enthusiast. In 2010, he founded Kraut Computing as a one-man web dev shop and launched Uplink, a network for IT experts in Germany, in 2015.

RubyDocs is an open-source service that generates and hosts “fancy docs for any Ruby project”, most notably for the Ruby language itself and for Rails, the most popular Ruby framework. The nifty thing about it is that the docs can be generated for any version of a project — so let’s say you’re working on an old Rails app that still uses version 3.2.22 (released June 16, 2015), then you can really benefit from having access to the docs of that specific version, since a lot of the methods, classes, and concepts of the current Rails version (5.2.1 at the time of writing) don’t exist in that old version.

Scratching an itch

I built RubyDocs back in 2013 to scratch my own itch — a few similar services that I had used over the years had disappeared or hadn’t been regularly updated. After the initial work to get RubyDocs up and running, I continued Continue reading

Docker Achieves FIPS 140-2 Validation

 

We are excited to share that we have achieved formal FIPS 140-2 validation (Certificate #3304) from the National Institute of Standards and Technology (NIST) for our Docker Enterprise Edition Crypto Library. With this validation and industry-recognized seal of approval for cryptographic modules, we are able to further deliver on the fundamental confidentiality, integrity and availability objectives of information security and provide our commercial customers with a validated and secure platform for their applications. As required by the Federal Information Security Management Act (FISMA) and other regulatory technology frameworks like HIPAA and PCI, FIPS 140-2 is an important validation mechanism for protecting the sensitivity and privacy of information in mission-critical systems.

As we highlighted in a previous blog post, Docker Engine – Enterprise version 18.03 and above includes this now-validated crypto module. This module has been validated at FIPS 140-2 Level 1. The formal Docker Enterprise Edition Crypto Library’s Security Policy calls out the specific security functions in Docker Engine – Enterprise supported by this module and includes the following:

  • ID hashes
  • Swarm Mode distributed state store and Raft log (securely stores Docker Secrets and Docker Configs)
  • Swarm Mode overlay networks (control plane only)
  • Swarm Mode mutual TLS implementation
  • Docker daemon socket Continue reading

Moment-based quantile sketches for efficient high cardinality aggregation queries

Moment-based quantile sketches for efficient high cardinality aggregation queries Gan et al., VLDB’18

Today we’re temporarily pausing our tour through some of the OSDI’18 papers in order to look at a great sketch-based data structure for quantile queries over high-cardinality aggregates.

That’s a bit of a mouthful so let’s jump straight into an example of the problem at hand. Say you have telemetry data from millions of heterogenous mobile devices running your app. Each device tracks multiple metrics such as request latency and memory usage, and is associated with dimensional metadata (categorical variables) such as application version and hardware model.

In applications such as A/B testing, exploratory data analysis, and operations monitoring, analysts perform aggregation queries to understand how specific user cohorts, device types, and feature flags are behaving.

We want to be able to ask questions like “what’s the 99%-ile latency over the last two weeks for v8.2 of the app?

SELECT percentile(latency, 99) FROM requests
WHERE time > date_sub(curdate(), 2 WEEK)
AND app_version = "v8.2"

As well as threshold queries such as “what combinations of app version and hardware platform have a 99th percentile latency exceeding 100ms?

SELECT app_version, hw_model, PERCENTILE(latency,  Continue reading

Rough Guide to IETF 103: IPv6

In this post for the Internet Society Rough Guide to IETF 103, I’m reviewing what’ll be happening at the IETF in Bangkok next week.

IPv6 deployment hit another milestone recently, reaching 25% adoption globally. The almost total depletion of the pool of unallocated IPv4 addresses has seen the cost of an IPv4 address on the transfer market rise from USD 15 to 18 in just a few months, which has encouraged network operators to further step-up their deployment efforts.

There was some good news from the UK with the largest mobile operator EE and the incumbent provider of broadband Internet BT, increasing to nearly 30% and 46% respectively. Other mobile operators deploying IPv6 also saw a boost this month with the release of Apple’s iOS 12 update that adds IPv6 support for cellular data.

Belgium still leads the way, but Germany is rapidly catching up, followed by Greece, the US and India. France, Malaysia, Finland and Australia also seem to have seen a surge in deployment recently.

IPv6 is always an important focus for the IETF, and this meeting will see a lot of work with respect to deployment-related improvements and the Internet-of-Things.

The IPv6 Operations (v6ops) Working Group is Continue reading

Analyzing the KSK Roll

It's been more than two weeks since the roll of the Key Signing Key (KSK) of the root zone on October 11 2018, and it's time to look at the data to see what we can learn from the first roll of the root zone's KSK.

Terraform Install Ubuntu 1804

Terraform is an infrastructure as code tool from the wonderful people at Hashicorp. Terraform makes it really enjoyable to manage infrastructure on platforms such as AWS, Azure, VMware vSphere and OpenStack among many others. This short post will run through installing Terraform on Ubuntu...

Users tell what you need to know about SD-WAN

Harrison Lewis wasn’t looking for SD-WAN, but he’s glad he found it.Northgate Gonzalez, which operates 40 specialty grocery stores throughout Southern California, had distributed its compute power for years. Each store individually supported applications with servers and other key infrastructure and relied on batch processing to deal with nightly backups and storage, according to Lewis, the privately held company’s CIO. More about enterprise SD-WAN: 10 hot SD-WAN startups to watch How SD-WAN saves $1.2M over 5 years for a radiology firm SD-WAN deployment options: DIY vs. cloud managed SD-WAN: What is it and why you’ll use it one day How to choose the right SD-WAN transport and why it matters Over time, the company’s needs changed, and it began centralizing more services, including HR and buying systems, as well as Microsoft Office, in the cloud or at the company’s two data centers. With this shift came a heavier burden on the single T-1 lines running MPLS into each store and the 3G wireless backup. Complicating matters, Lewis says, rainy weather in the region would flood the wiring, taking down terrestrial-network connectivity.To read this article in full, please click here

Users tell what you need to know about SD-WAN

Harrison Lewis wasn’t looking for SD-WAN, but he’s glad he found it.Northgate Gonzalez, which operates 40 specialty grocery stores throughout Southern California, had distributed its compute power for years. Each store individually supported applications with servers and other key infrastructure and relied on batch processing to deal with nightly backups and storage, according to Lewis, the privately held company’s CIO. More about enterprise SD-WAN: 10 hot SD-WAN startups to watch How SD-WAN saves $1.2M over 5 years for a radiology firm SD-WAN deployment options: DIY vs. cloud managed SD-WAN: What is it and why you’ll use it one day How to choose the right SD-WAN transport and why it matters Over time, the company’s needs changed, and it began centralizing more services, including HR and buying systems, as well as Microsoft Office, in the cloud or at the company’s two data centers. With this shift came a heavier burden on the single T-1 lines running MPLS into each store and the 3G wireless backup. Complicating matters, Lewis says, rainy weather in the region would flood the wiring, taking down terrestrial-network connectivity.To read this article in full, please click here

Cray Slingshots Back Into HPC Interconnects With Shasta Systems

While processors and now GPUs tend to get all of the glory when it comes to high performance computing, for the past three decades as distributed computing architectures became the norm in supercomputing, it has been the interconnects that made all the difference in how well – or poorly – these systems perform.

Cray Slingshots Back Into HPC Interconnects With Shasta Systems was written by Timothy Prickett Morgan at .

Sponsored Post: Twitch, InMemory.Net, Triplebyte, Etleap, Stream, Scalyr, MemSQL

Who's Hiring? 


  • Twitch's commerce team in San Francisco is looking to hire senior developers to keep up with rapidly increasing demand for our Subscriptions and Payment platform. Engineers will be tasked with building new products and features to solve business and ecommerce challenges as we're dealing with engaging problems at a massive scale and will create solutions that impact millions of people around the world. Apply here

  • Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.

  • Need excellent people? Advertise your job here! 

Fun and Informative Events

  • Advertise your event here!

Cool Products and Services


  • InMemory.Net provides a Dot Net native in memory database for analysing large amounts of data. It runs natively on .Net, and provides a native .Net, COM & ODBC apis for integration. It also has an easy to use language for importing data, and supports standard SQL for querying data. http://InMemory.Net

Flexible deployment options for NSX-T Data Center Edge VM

Each datacenter is unique and is designed to serve the specific business needs. To serve these business needs, you could have a small or a large ESXi/KVM footprint. NSX-T Data Center can be leveraged to provide networking and security benefits regardless of the size of your datacenter. This blog focusses on a critical infrastructure component of the NSX-T Data Center i.e. NSX-T Edge node. Refer to my previous blogs, where I have discussed how the centralized components of a logical router are hosted on Edge nodes and also, provide centralized services like N-S routing, NAT, DHCP, Load balancing, VPN etc. To consume these services, traffic from compute nodes must go to the Edge node.  

These NSX-T Edge nodes could be hosted in a dedicated Edge cluster or a collapsed Management and Edge cluster as discussed in the NSX-T Reference design guide. NSX-T Edge nodes could also be hosted in Compute Cluster in small Datacenter topologies, making it a Collapsed Compute and Edge Cluster design. Please refer to NSX-T Reference design guide to understand the pros/cons of using a dedicated cluster vs a shared cluster. 

In this blog, I will cover various deployment options of NSX-T VM form factor Continue reading

1 1,449 1,450 1,451 1,452 1,453 3,876