How “expensive” is crypto anyway?

I wouldn’t be surprised if the title of this post attracts some Bitcoin aficionados, but if you are such, I want to disappoint you. For me crypto means cryptography, not cybermoney, and the price we pay for it is measured in CPU cycles, not USD.

If you got to this second paragraph you probably heard that TLS today is very cheap to deploy. Considerable effort was put to optimize the cryptography stacks of OpenSSL and BoringSSL, as well as the hardware that runs them. However, aside for the occasional benchmark, that can tell us how many GB/s a given algorithm can encrypt, or how many signatures a certain elliptic curve can generate, I did not find much information about the cost of crypto in real world TLS deployments.

CC BY-SA 2.0 image by Michele M. F.

As Cloudflare is the largest provider of TLS on the planet, one would think we perform a lot of cryptography related tasks, and one would be absolutely correct. More than half of our external traffic is now TLS, as well as all of our internal traffic. Being in that position means that crypto performance is critical to our success, and as it Continue reading

How “expensive” is crypto anyway?

I wouldn’t be surprised if the title of this post attracts some Bitcoin aficionados, but if you are such, I want to disappoint you. For me crypto means cryptography, not cybermoney, and the price we pay for it is measured in CPU cycles, not USD.

If you got to this second paragraph you probably heard that TLS today is very cheap to deploy. Considerable effort was put to optimize the cryptography stacks of OpenSSL and BoringSSL, as well as the hardware that runs them. However, aside for the occasional benchmark, that can tell us how many GB/s a given algorithm can encrypt, or how many signatures a certain elliptic curve can generate, I did not find much information about the cost of crypto in real world TLS deployments.

CC BY-SA 2.0 image by Michele M. F.

As Cloudflare is the largest provider of TLS on the planet, one would think we perform a lot of cryptography related tasks, and one would be absolutely correct. More than half of our external traffic is now TLS, as well as all of our internal traffic. Being in that position means that crypto performance is critical to our success, and as it Continue reading

From Zero to One Hundred in the Arctic Slope

In November 2017, the Internet Society hosted the inaugural Indigenous Connectivity Summit in Santa Fe, New Mexico. The event brought together community network operators, Internet service providers, community members, researchers, policy makers, and Indigenous leadership. One of the participants shared her story.

“‘Mom, did you have YouTube?’” Patuk Glenn, recalls her six year old son asking. Glenn, who lives in Utqiaġvik – a city in Alaska north of the Arctic Circle – laughs as she remembers one of his first words: “loading,” thanks to the sluggish Internet speeds on the Arctic Slope. But things are changing, and soon. Fiber optic cable is going live in Glenn’s community and she has travelled to the Indigenous Connectivity Summit looking for lessons from other Indigenous communities. “We’re going from zero to one hundred overnight,” says Glenn. “How can we best prepare our people?”

It’s not just a question of digital literacy. Glenn’s looking for information on cybersecurity and entrepreneurship – as high-speed Internet opens avenues for economic development and for community members to share their own content with the rest of the world. Like many summit participants, Glenn sees connectivity as a pathway to enable education: not only unlocking online courses, but Continue reading

Top 5 blogs of 2017: Spring Boot Development with Docker

We’ve rounded up the top five most popular Docker blogs of 2017. Coming in at number four is, Spring Boot Development With Docker, part of a multi-part tutorial series.

The AtSea Shop is an example storefront application that can be deployed on different operating systems and can be customized to both your enterprise development and operational environments. In my last post, I discussed the architecture of the app. In this post, I will cover how to setup your development environment to debug the Java REST backend that runs in a container.

Building the REST Application

I used the Spring Boot framework to rapidly develop the REST backend that manages products, customers and orders tables used in the AtSea Shop. The application takes advantage of Spring Boot’s built-in application server, support for REST interfaces and ability to define multiple data sources. Because it was written in Java, it is agnostic to the base operating system and runs in either Windows or Linux containers. This allows developers to build against a heterogenous architecture.

Project setup

The AtSea project uses multi-stage builds, a new Docker feature, which allows me to use multiple images to build a single Docker image that includes all the components needed for Continue reading

Twinax – Cheap, Cheerful and Annoyingly Chubby

What’s not to love about twinax? Formerly the exclusive domain of IBM systems, twinax has seen itself reborn in the last few years in the form of the Direct Attach Cable (DAC) used to connect systems at speeds of 10Gbps and 40Gbps (by way of bundling four twinax pairs in a single cable).

Twinax

Direct Attach Cables

Before diving into the pros and cons of DAC, it’s important to understand the different varieties that are available. A DAC is a cable which has SFP+ format connectors hard-wired on each end; plug each end into an SFP+ socket and, vendor support notwithstanding, the link should come up. A direct attach cable is frequently and erroneously referred to as a “DAC cable”, so if the words “PIN number” give you the jitters, working anywhere with DACs is likely to drive you to drink.

Passive Copper DAC (Twinax)

The most common kind of DAC is the passive DAC. The SFP+ connector on a passive DAC, give or take some electrical protection circuitry, is pretty much a direct connection from the copper in the twinax to the copper contacts which connect to the host device:

Passive Copper DAC

Sending a 10G signal over a single copper pair requires Continue reading

IDG Contributor Network: 4 advantages of using a Bluetooth mesh network

Companies everywhere are waking up and starting to realize that implementing a mesh network is the best choice for them if they want to remain relevant well into the future. While various technologies are being employed across the nation to achieve this goal, it remains inarguable that Bluetooth is the best option for most companies aiming to leverage a mesh network for success in the marketplace.So why should you choose to employ a Bluetooth-based strategy, and what specific advantages will you gain from it that others who shun it will miss out on? Check out these boons that you’ll soon be enjoying if you rely on a Bluetooth mesh network, and your company will be clamoring to adopt it in no time.To read this article in full, please click here

IDG Contributor Network: 4 advantages of using a Bluetooth mesh network

Companies everywhere are waking up and starting to realize that implementing a mesh network is the best choice for them if they want to remain relevant well into the future. While various technologies are being employed across the nation to achieve this goal, it remains inarguable that Bluetooth is the best option for most companies aiming to leverage a mesh network for success in the marketplace.So why should you choose to employ a Bluetooth-based strategy, and what specific advantages will you gain from it that others who shun it will miss out on? Check out these boons that you’ll soon be enjoying if you rely on a Bluetooth mesh network, and your company will be clamoring to adopt it in no time.To read this article in full, please click here

Tech predictions for 2018: Data center trends to watch for

Yes, it's that time of the year again. Another year gone by, which means another batch of predictions for the future.As is always the case, I own up to my misfires by leading off with the predictions I made last year and admitting what came true and what didn't. So, let's get that out of the way.My 2017 predictions: some hits, some misses Apple continues to lose its cool. — I think I got this one right. iPhone 8/X sales are not what they were expected to be, the list of complaints is growing and more and more people say the company has fallen behind. Hell, even I switched to a Galaxy after frustration with the poor quality of iOS 11. Cloud adoption will slow. — Oh, boy, did I blow that one. Some tech manufacturing will return to the U.S. — I don’t know about tech, although I did see Microsoft has moved Surface manufacturing to China. But overall, manufacturing has gained 138,000 jobs in 2017 vs. a loss of 34,000 in 2016. And we all know who will take credit for that. China will lose its luster as a manufacturing hub. — Clearly that has Continue reading

Tech predictions for 2018: Data center trends to watch for

Yes, it's that time of the year again. Another year gone by, which means another batch of predictions for the future.As is always the case, I own up to my misfires by leading off with the predictions I made last year and admitting what came true and what didn't. So, let's get that out of the way.My 2017 predictions: some hits, some misses Apple continues to lose its cool. — I think I got this one right. iPhone 8/X sales are not what they were expected to be, the list of complaints is growing and more and more people say the company has fallen behind. Hell, even I switched to a Galaxy after frustration with the poor quality of iOS 11. Cloud adoption will slow. — Oh, boy, did I blow that one. Some tech manufacturing will return to the U.S. — I don’t know about tech, although I did see Microsoft has moved Surface manufacturing to China. But overall, manufacturing has gained 138,000 jobs in 2017 vs. a loss of 34,000 in 2016. And we all know who will take credit for that. China will lose its luster as a manufacturing hub. — Clearly that has Continue reading

(Micro)benchmarking Linux kernel functions

Usually, the performance of a Linux subsystem is measured through an external (local or remote) process stressing it. Depending on the input point used, a large portion of code may be involved. To benchmark a single function, one solution is to write a kernel module.

Minimal kernel module

Let’s suppose we want to benchmark the IPv4 route lookup function, fib_lookup(). The following kernel function executes 1,000 lookups for 8.8.8.8 and returns the average value.1 It uses the get_cycles() function to compute the execution “time.”

/* Execute a benchmark on fib_lookup() and put
   result into the provided buffer `buf`. */
static int do_bench(char *buf)
{
    unsigned long long t1, t2;
    unsigned long long total = 0;
    unsigned long i;
    unsigned count = 1000;
    int err = 0;
    struct fib_result res;
    struct flowi4 fl4;

    memset(&fl4, 0, sizeof(fl4));
    fl4.daddr = in_aton("8.8.8.8");

    for (i = 0; i < count; i++) {
        t1 = get_cycles();
        err |=  Continue reading

Our commitment to open networking

On Monday we released our latest version of Cumulus Linux, 3.5. It includes symmetric VxLAN routing, Voice VLAN and 10 new hardware platforms. This includes General Availability (GA) of our two supported chassis, the four slot Backpack and eight slot OMP800. We announced Early Access (EA) support for both chassis in our previous release, Cumulus Linux 3.4.

At Cumulus, moving fast to fix problems and get features in the hands of our customers is core to our culture. In today’s webscale networks, it’s hard for even the largest of organizations to operate on classic 18+ month buying cycles. Some folks want the ability to use new technology as soon as possible.

The EA process gives customers the ability to use working software or hardware and provide direct feedback on the final product. That feedback improves all aspects of the product, from purchasing, delivery, default configurations or operations.

When we announced EA for our chassis systems, we had many Fortune 500 customers express interest. For some, the EA process allowed them to start the purchasing process knowing that it would take months until a final purchase order was ready. For others, they were able to put working, stable Continue reading

Programming Unbound

I’m doing some research on Facebook’s Open/R routing platform for a future blog post. I’m starting to understand the nuances a bit compared to OSPF or IS-IS, but during my reading I got stopped cold by one particular passage:

Many traditional routing protocols were designed in the past, with a strong focus on optimizing for hardware-limited embedded systems such as CPUs and RAM. In addition, protocols were designed as purpose-built solutions to solve the particular problem of routing for connectivity, rather than as a flexible software platform to build new applications in the network.

Uh oh. I’ve seen language like this before related to other software projects. And quite frankly, it worries me to death. Because it means that people aren’t learning their lessons.

New and Improved

Any time I see an article about how a project was rewritten from the ground up to “take advantage of new changes in protocols and resources”, it usually signals to me that some grad student decided to rewrite the whole thing in Java because they didn’t understand C. It sounds a bit cynical, but it’s not often wrong.

Want proof? Check out Linus Torvalds and his opinion about rewriting the Linux kernel in Continue reading

Reflections on the Internet’s Past

Earlier this year, as part of the Internet Society’s 25th anniversary celebration, we asked you to share your memories of the early Internet. As we look forward to the new year, it’s fun to read through the stories and look back at where we started.

One of the earliest memories was from Stanford University.

I got my first Arpanet email account in 1978.

[By 1985] All the graduate students and professors had accounts, and there was a campus Ethernet, Macs were being integrated into the network via AppleTalk (print and file sharing services)… Also, beyond email we had ftp servers that served shareware and USENET to help with sysadmin problems. Much of the networking software and hardware was developed on campus, including the AppleTalk gateways (Kinetics) and routers (early Cisco protoypes).

There was also this dose of funny reality from nearly ten thousand kilometers away, in Moscow:

I had remote data connection more than 26 years ago, in 1991. We had so called dial up modem connection via telephone PSTN pre-analogue PBX- the step-by-step switch.

It was toooooo extremely long.

Another member shared this memory from INET ’93 San Francisco:

…among the papers and presentations one which drew the largest crowd was Continue reading

Episode 18 – Whitebox Networking

In Episode 18 of Network Collective, Pete Lumbis of Cumulus Networks and Kevin Myers of IP Architechs join us to talk about the pros and cons of running whitebox or commodity hardware in your network. There’s no denying that the price point on commodity hardware is attractive but we discuss all you should consider when you’re looking to transition away from a major network hardware vendor.

 

Show Notes

What is whitebox networking?

  • Has a variety of definitions depending on the person answering
  • Associated with ONIE and Oss like Cumulus Linux, BigSwitch, IPI
  • Commodity hardware not mainstream vendor with OS that may or may not be from the same vendor
  • To some, hardware has more to do with hardware
  • Commodity hardware has to do with using chipset, board, or even layout that someone else created
  • Component of disaggregation to consider
  • Britebox is the larger vendors offering disaggregation options
  • Whietbox equipment isn’t about homemade devices soldered together in our garages

 

Why whitebox networking?

  • The original impetus for whitebox was often around cost, and sometimes it still is
  • Current reasons are to have more options like customized operating systems
  • Whitebox utilizes the equipment to move to an x86 model that compute Continue reading
1 1,772 1,773 1,774 1,775 1,776 3,836