Technology Short Take 174

Welcome to Technology Short Take #174! For your reading pleasure, I’ve collected links on topics ranging from Kubernetes Gateway API to recent AWS attack techniques to some geeky Linux and Git topics. There’s something here for most everyone, I’d say! But enough of my rambling, let’s get on to the good stuff. Enjoy!

Networking

  • I want to be Ivan Pepelnjak when I grow up. Why? Read this article on his response to someone wanting to use NSX to create availability zones.
  • Nico Vibert has a tutorial that takes readers through using Cilium’s Gateway API functionality to do L7 traffic management (HTTP redirects, HTTP rewrites, and HTTP mirroring).

Security

Repetition Without Repetition

I just finished spending a wonderful week at Cisco Live EMEA and getting to catch up with some of the best people in the industry. I got to chat with trainers like Orhan Ergun and David Bombal and see how they’re continuing to embrace the need for people in the networking community to gain knowledge and training. It also made me think about a concept I recently heard about that turns out to be a perfect analogy to my training philosophy even though it’s almost 70 years old.

Practice Makes Perfect

Repetition without repetition. The idea seems like a tautology at first. How can I repeat something without repeating it. I’m sure that the people in 1967 that picked up the book by Soviet neurophysiologist Nikolai Aleksandrovitsch Bernstein were just as confused. Why should you do things over and over again if not to get good at performing the task or learning the skill?

The key in this research from Bernstein lay in how the practice happens. In this particular case he looked at blacksmiths to see how they used hammers to strike the pieces they were working on. The most accurate of his test subjects didn’t just perform the Continue reading

Get to Know Mike Twumasi and Why You Should be Ready for DDI

Principal Consultant Mike Twumasi walks us through his background in tech, explains how the core concepts of DNS, DHCP, and IP address services can be combined into one platform solution that can transform network management, and previews his keynote presentation from our “Why DDI? How to Integrate DNS, DHCP, and IP Address Management in Your Network,” live webinar. This excerpt launched on Wednesday, January 31.

Calico monthly roundup: January 2024

Welcome to the Calico monthly roundup: January edition! From open source news to live events, we have exciting updates to share—let’s get into it!

Join us at CalicoCon 2024 in Paris

We are thrilled to announce that CalicoCon 2024 will be held on March 19 in Paris as a KubeCon + CloudNativeCon Europe 2024 co-located event. Join us for an immersive event focused on the latest trends, strategies, and technologies in Kubernetes networking, security, and observability. Limited spots are available, so register now to secure your spot.

Register.
Customer case study: NuraLogix

AI-driven healthtech company, NuraLogix, improves security and compliance on Amazon EKS using Calico Cloud.

Read case study.
Tigera has achieved AWS Security Competency status!

Tigera has gained a new AWS Security Competency, which we’re proud to add to our already existing AWS Containers Software Competency. Read about the addition of our newest security competency.

Read more.

Securely connect EKS workloads to approved SaaS with Calico Egress Gateway

Learn how Calico Egress Gateway for AWS Elastic IP provides a valuable tool to bolster an organization’s defenses and ensure secure and dependable connections to trusted SaaS platforms.

Read blog post.

Open source news

*NEW* GitHub Discussion forum – Looking for Continue reading

connect() – why are you so slow?

It is no secret that Cloudflare is encouraging companies to deprecate their use of IPv4 addresses and move to IPv6 addresses. We have a couple articles on the subject from this year:

And many more in our catalog. To help with this, we spent time this last year investigating and implementing infrastructure to reduce our internal and egress use of IPv4 addresses. We prefer to re-allocate our addresses than to purchase more due to increasing costs. And in this effort we discovered that our cache service is one of our bigger consumers of IPv4 addresses. Before we remove IPv4 addresses for our cache services, we first need to understand how cache works at Cloudflare.

How does cache work at Cloudflare?

Describing the full scope of the architecture is out of scope of this article, however, we can provide a basic outline:

  1. Internet User makes a request to pull an asset
  2. Cloudflare infrastructure routes that request to a handler
  3. Handler machine returns cached asset, or if miss
  4. Handler machine reaches to origin server (owned by a customer) to pull the Continue reading

Join us at CalicoCon 2024, co-located with KubeCon + CloudNativeCon Europe 2024

We are excited to announce CalicoCon 2024, an in-person learning event for Project Calico, taking place March 19th, 2024 as ‌a co-located event with KubeCon + CloudNativeCon Europe 2024.

As Kubernetes continues to expand its presence in both enterprises and small-to-medium businesses, understanding container networking and security in managed or self-managed Kubernetes environments becomes crucial. Organizations are now presented with choices for dataplanes, such as eBPF, Windows HNS, and Linux IP tables, multi-cloud and Kubernetes distributions as they scale their applications and make them more performance-efficient. Additionally, the process of creating new cloud-native applications or modernizing legacy applications also presents Kubernetes users with a selection of cutting-edge and mature container networking and security technologies.

To make these decisions to leverage their existing investments and future-proofing, users require guidance on developing and implementing scalable network security policies, selecting dataplanes, achieving low latency, optimizing resources, and integrating with bare metal and VM workloads.

What can you expect?

At CalicoCon, we will provide KubeCon Paris 2024 attendees with an opportunity to actively participate in a full-day event where they will:

Fulfilling the promise of single-vendor SASE through network modernization

As more organizations collectively progress toward adopting a SASE architecture, it has become clear that the traditional SASE market definition (SSE + SD-WAN) is not enough. It forces some teams to work with multiple vendors to address their specific needs, introducing performance and security tradeoffs. More worrisome, it draws focus more to a checklist of services than a vendor’s underlying architecture. Even the most advanced individual security services or traffic on-ramps don’t matter if organizations ultimately send their traffic through a fragmented, flawed network.

Single-vendor SASE is a critical trend to converge disparate security and networking technologies, yet enterprise "any-to-any connectivity" needs true network modernization for SASE to work for all teams. Over the past few years, Cloudflare has launched capabilities to help organizations modernize their networks as they navigate their short- and long-term roadmaps of SASE use cases. We’ve helped simplify SASE implementation, regardless of the team leading the initiative.

Announcing (even more!) flexible on-ramps for single-vendor SASE

Today, we are announcing a series of updates to our SASE platform, Cloudflare One, that further the promise of a single-vendor SASE architecture. Through these new capabilities, Cloudflare makes SASE networking more flexible and accessible for Continue reading

Removing FRRouting Configuration Is Not Idempotent

One of the few beauties of most “industry standard CLI” implementations1 is that they’re idempotent: nothing changes (apart from ACLs) if you configure the same stuff a dozen times. Most of these implementations allow you to deconfigure the same stuff multiple times; FRRouting is one of the unfortunate exceptions.

I’m not saying what FRRouting does is wrong. It’s just different and a bit unexpected once you get into the mindset of “Wow, it looks almost like Cisco IOS.”

What Am I Talking About?

Imagine you have a bunch of IP prefixes you want to advertise with BGP. You could use network statements within the router bgp configuration to get that done:

Read more …

Removing FRRouting Configuration Is Not Idempotent

One of the few beauties of most “industry standard CLI” implementations1 is that they’re idempotent: nothing changes (apart from ACLs) if you configure the same stuff a dozen times. Most of these implementations allow you to deconfigure the same stuff multiple times; FRRouting is one of the unfortunate exceptions.

I’m not saying what FRRouting does is wrong. It’s just different and a bit unexpected once you get into the mindset of “Wow, it looks almost like Cisco IOS.”

What Am I Talking About?

Imagine you have a bunch of IP prefixes you want to advertise with BGP. You could use network statements within the router bgp configuration to get that done:

Read more …

DNS and the DELEG Proposal

The DNS is a large-scale distributed database, where the internal structure of the databaase mirrors the hierarchical nature of the name space itself. In the database the points of delegation from one node to another are de noted by DNS Nameserver records. This structure has served the DNS adequately for many decades, so why change it?

DNS and the DELEG Proposal

The DNS is a large-scale distributed database, where the internal structure of the databaase mirrors the hierarchical nature of the name space itself. In the database the points of delegation from one node to another are de noted by DNS Nameserver records. This structure has served the DNS adequately for many decades, so why change it?
1 173 174 175 176 177 3,844