Episode 26 – Networking War Stories Part Deux

To celebrate the first anniversary of Network Collective, we invite a stellar panel of guests to share their networking war stories.  We discuss challenging outages, difficult problems, and what we’ve learned along the way.

Terry Slattery
Guest
Ethan Banks
Guest

Jordan Martin
Host
Eyvonne Sharp
Host
Russ White
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Episode 26 – Networking War Stories Part Deux appeared first on Network Collective.

City & Guilds Group deploys SD-WAN to improve Office 365 performance

There are many reasons to deploy a software-defined WAN (SD-WAN), including saving a boatload of money, improving network agility, and increasing WAN resiliency. However, those all pale in comparison to the ROI that a business would see by making its employees more productive.One of the biggest drags on worker productivity is poor application response time. In 2016, ZK Research conducted a study that found on average, workers were 14 percent less productive than their optimal state because of poor application performance. (Note: I am an employee of ZK Research.) There’s nothing that frustrates a worker more than clicking on an icon and sitting around waiting for it to open or update, but that’s exactly what happens to global organizations that need to access resources over a long distance.To read this article in full, please click here

City & Guilds Group deploys SD-WAN to improve Office 365 performance

There are many reasons to deploy a software-defined WAN (SD-WAN), including saving a boatload of money, improving network agility, and increasing WAN resiliency. However, those all pale in comparison to the ROI that a business would see by making its employees more productive.One of the biggest drags on worker productivity is poor application response time. In 2016, ZK Research conducted a study that found on average, workers were 14 percent less productive than their optimal state because of poor application performance. (Note: I am an employee of ZK Research.) There’s nothing that frustrates a worker more than clicking on an icon and sitting around waiting for it to open or update, but that’s exactly what happens to global organizations that need to access resources over a long distance.To read this article in full, please click here

The Renaissance of Quechua Language in Cyberspace

Half of the world’s languages are expected to disappear by the end of the century. This is a huge cultural loss to humanity. When we think about endangered languages, we usually consider them as part of traditions that link us to the past. From a forward-looking perspective, they mean more than cultural heritage. When a language dies, a unique vision of the world is gone forever.

Does the language we speak online matter? Studies show that it deeply affects people’s experience of the Internet. It determines how much information we can access, who we choose to connect with and how we behave in our community. Keeping languages alive is essential to shape our future. The Internet offers the greatest chance to have a public voice in response to cultural globalization, a languages renaissance.

UNESCO is convinced that multilingualism on the Internet has a key role to play in fostering pluralistic, open and inclusive knowledge societies.

A project called Siminchikkunarayku, supported by The Internet Society Peru Chapter and the Beyond the Net Funding Programme, aims to build the linguistic corpus of the southern Quechua language by collecting and digitizing 10,000 hours of speeches. The Quechua is a family Continue reading

Containing the Complexity of the Long Tail

HPC software evolves continuously. Those now finding themselves on the frontlines of HPC support are having to invent and build new technologies just to keep up with deluge of layers and layers of software on top of software and software is only part of the bigger picture.

We have talked in the past about computational balance and the challenges of unplanned data, these are both real and tangible issues. However, now in addition to all of that, those in support roles living at the sharp end of having to support research are also faced by what is increasingly turning

Containing the Complexity of the Long Tail was written by James Cuff at The Next Platform.

Announcing Cumulus NetQ 1.3 — now with Kubernetes!

Today, we are thrilled to announce the availability of Cumulus NetQ 1.3. With this release, Cumulus extends its leadership in container networking insight by integrating NetQ with Kubernetes, along with our previously supported integration with Docker Swarm.

This announcement aligns perfectly with Cumulus’ mission of driving web-scale networks for the digital age with automation and agility by implementing networking with S.O.U.L. Simple. Open. Untethered. Linux. NetQ is woven deep into that S.O.U.L. strategy, which we’ll get to later in a separate blog post. For now, there is a lot to dig into here with this Kubernetes integration with NetQ, so let’s begin.

The growth & challenges with containers

Container technology is all the rage in the CD/DevOps world. Nearly 70% of the companies queried in a Portworx 2017 container adoption survey invested financially in containers at some level in 2017, leaping from 52% in 2016. 451 Research predicts containers will grow to become a $2.7BN market by 2020. That’s 3.5 times greater than the $762 million container market in 2016, with a CAGR of 40%.

The popularity of these Linux-based containers stems from their ability to dramatically improve flexibility when running Continue reading

List of Kubernetes Folks on Twitter

Earlier this morning, I asked on Twitter about good individuals to follow on Twitter for Kubernetes information. I received quite a few good responses (thank you!), and I though it might be useful to share the list of the folks that were recommended across all those responses.

The list I’ve compiled is clearly incomplete! If you think someone should be added to this list, feel free to hit me up on Twitter and let me know. Alternately, feel free to submit a pull request (PR) that adds them to this list. I’m not going to “vet” the list, so I’ll add any and all recommendations (unless they are clearly not related to Kubernetes, such as a news anchorman someone recommended to me—not sure about that one!).

Without further ado, here is the list I compiled from the responses to my tweet, in no particular order (I’ve included full name and employer, where that information is available):

  • Kelsey Hightower (Google) - @kelseyhightower
  • Jessie Frazelle (Microsoft) - @jessfraz
  • Alex Ellis (VMware) - @alexellisuk
  • Michael Hausenblas (Red Hat) - @mhausenblas
  • Ahmet Alp Balkan (Google) - @ahmetb
  • AdNaN Abdulhussein (Bitnami) - @prydonius
  • Tim Hockin (Google) - @thockin
  • Joe Beda (Heptio) - @jbeda
  • Continue reading

Pragmatic Data Center Fabrics

I always love to read the practical advice by Andrew Lerner. Here’s another gem that matches what Brad Hedlund, Dinesh Dutt and myself (plus numerous others) have been saying for ages:

One specific recommendation we make in the research is to “Build a rightsized physical infrastructure by using a leaf/spine design with fixed-form factor switches and 25/100G capable interfaces (that are reverse-compatible with 10G).”

There’s a slight gotcha in that advice: it trades implicit complexity of chassis switches with explicit complexity of fixed-form switches.

Read more ...

Google workloads for consumer devices: mitigating data movement bottlenecks

Google workloads for consumer devices: mitigating data movement bottlenecks Boroumand et al., ASPLOS’18

What if your mobile device could be twice as fast on common tasks, greatly improving the user experience, while at the same time significantly extending your battery life? This is the feat that the authors of today’s paper pull-off, using a technique known as processing-in-memory (PIM). PIM moves some processing into the memory itself, avoiding the need to transfer data from memory to the CPU for those operations. It turns out that such data movement is a major contributor to the total system energy usage, so eliminating it can lead to big gains.

Our evaluation shows that offloading simple functions from these consumer workloads to PIM logic, consisting of either simple cores or specialized accelerators, reduces system energy consumption by 55.4% and execution time by 54.2%, on average across all of our workloads.

Energy as a limiting factor

While the performance requirements of consumer devices increase year on year, and devices pack in power-hungry CPUs, GPUs, special-purpose accelerators, sensors and high-resolution screens to keep pace, lithium ion battery capacity has only doubled in the last 20 years. Moreover, the thermal power dissipation in consumer Continue reading

mmproxy – Creative Linux routing to preserve client IP addresses in L7 proxies

mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies

In previous blog post we discussed how we use the TPROXY iptables module to power Cloudflare Spectrum. With TPROXY we solved a major technical issue on the server side, and we thought we might find another use for it on the client side of our product.

mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies
This is Addressograph. Source Wikipedia

When building an application level proxy, the first consideration is always about retaining real client source IP addresses. Some protocols make it easy, e.g. HTTP has a defined X-Forwarded-For header[1], but there isn't a similar thing for generic TCP tunnels.

Others have faced this problem before us, and have devised three general solutions:

(1) Ignore the client IP

mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies

For certain applications it may be okay to ignore the real client IP address. For example, sometimes the client needs to identify itself with a username and password anyway, so the source IP doesn't really matter. In general, it's not a good practice because...

(2) Nonstandard TCP header

A second method was developed by Akamai: the client IP is saved inside a custom option in the TCP header in the SYN packet. Early implementations of this method weren't conforming to any standards, e.g. using option field 28 Continue reading

Two-Factor Authentication with VMware NSX-T

In a previous post, I covered how to integrate NSX-T with VMware Identity Manager (vIDM) to achieve remote user authentication and role-based access control (RBAC) for users registered with a corporate Active Directory (AD) http://blogs.vmware.com/networkvirtualization/2017/11/remote-user-auth…-rbac-with-nsx-t.html/

 

On this post, I’m showing how add two-factor authentication (2FA) for NSX-T administrators/operators on top of that existing integration. Two-factor authentication is a mechanism that checks username and password as usual, but adds an additional security control before users are authenticated. It is a particular deployment of a more generic approach known as Multi-Factor Authentication (MFA).

Throughout this post, I’m providing step-by-step guidance on how to use VMware Verify as that second authentication. I will also highlight what would be different if using third party mechanisms. At the end of the post, you will find a demo showing how to do the configuration and how users authenticate once 2FA is enabled.

 

What is VMware Verify? Let me quote what my colleague Vikas Jain wrote on this post: “VMware Verify uses modern mobile push tokens, where users get a push notification on their mobile device that they can simply accept or deny. When the user’s device does not have cellular reception, Continue reading

Cisco boosts IoT access control, management

Cisco has rolled out software tools for helping customers control access and more easily manage the burgeoning amount of enterprise IoT devices in their networks. The company has also begun filling out its Catalyst 9000 line of intent-based networking (IBN) switches with new boxes aimed at customers wanting 100G/sec and 25G/sec network migration options.[ For more on IoT see tips for securing IoT on your network, our list of the most powerful internet of things companies and learn about the industrial internet of things. | Get regularly scheduled insights by signing up for Network World newsletters. ] IoT access control, security, management The need for much better enterprise IoT access control is obvious, Cisco says: According to its Midyear Cybersecurity Report for 2017 most companies are not aware of what IoT devices are connected to their network.To read this article in full, please click here

Cisco boosts IoT access control, management

Cisco has rolled out software tools for helping customers control access and more easily manage the burgeoning amount of enterprise IoT devices in their networks. The company has also begun filling out its Catalyst 9000 line of intent-based networking (IBN) switches with new boxes aimed at customers wanting 100G/sec and 25G/sec network migration options.[ For more on IoT see tips for securing IoT on your network, our list of the most powerful internet of things companies and learn about the industrial internet of things. | Get regularly scheduled insights by signing up for Network World newsletters. ] IoT access control, security, management The need for much better enterprise IoT access control is obvious, Cisco says: According to its Midyear Cybersecurity Report for 2017 most companies are not aware of what IoT devices are connected to their network.To read this article in full, please click here

1 1,642 1,643 1,644 1,645 1,646 3,841