VMware NSX Unplugged: Networking Field Day (#NFD15)
Being a product of the 90’s, one of my favorite past times was MTV’s “Unplugged” series. Whether it was Pearl Jam, or 10,000 Maniacs, or Eric Clapton, there was something about the acoustic, raw, uncut nature of the show that drew me in and made me look at my favorite bands in a new way.
This is much the same experience we had recently here at VMware, as the folks from Gestalt IT brought Networking Field Day’s traveling band of IT enthusiasts to our Palo Alto campus. What ensued was 4+ hours of insight, illumination, witty banter, and from time to time, downright theoretical disagreements about things as simple as semantics and nomenclature.
But out of it all came a great show – which just like with MTV Unplugged – was ultimately all that mattered. So grab your favorite beverage and snack, put on your stereophonic headgear, and listen to the VMware Team as they walk through VMware’s networking strategy, demos and product direction.
VMware NSX Vision and Product Overview with Milin Desai
VMware NSX Technology Overview with Ray Budavari
VMware NSX Automation with Ray Budavari
VMware Security with NSX Micro-Segmentation with Wade Holmes
VMware Day 2 Operations with vRealize Network Insight Continue reading
Network Analysis: Large Packet Capture
In this video, Tony Fortunato shows how to avoid pitfalls when analyzing huge packets.
Automate Everything: ipSpace.net Is Coming Back to US
After the last US-based ipSpace.net workshop a lot of people asked me about the next one. It took a long time, but here it is: I’m running an on-site automation workshop together with several friends with outstanding hands-on experience in Colorado in late May.
Read more ...Budapest (Hungary): Cloudflare Data Center #111
Hot on the heels of several recent data center additions in Yerevan, Quito, Rome, Kansas City, Belgrade, Curacao, Djibouti and Munich, we are delighted to announce our newest deployment in Budapest, making six million websites even faster and safer across Hungary.
Until today, Hungarian visitors to these Internet properties were principally served out of our Frankfurt data center 1,000 km away, or from Vienna. We are happy to further reduce their latency to over 8 million Internet users.
CC BY 2.0 image by Moyann Brenn
Beautiful Budapest
Budapest is one of the most beautiful cities in the world, with must-see sites such as Halászbástya (Fisherman's Bastion), Az Országház (House of the Nation - The Hungarian Parliament), and the Széchenyi Chain Bridge by the Danube. We love this aerial video with breathtaking views of the city created by Milan Heal (Drone Travel Guides).
We have new facilities in the works across five continents. Watch out for even more additions to our growing network.
-The Cloudflare Team
The Cloudflare network today
Simulating latency and packet loss on a Linux host
Every once and a great while there is a need to simulate bad network behavior. Simulating things like packet loss and high latency are often harder to do than you’d expect. However – if you’re dealing with a Linux host – there’s a simple solution. The ‘tc’ command which comes along with the ‘iproute2’ toolset can help you simulate symptoms of a bad network quite easily.
The tc command offers a lot of functionality but in this post we’re just going to walk through a couple of quick examples of using it in conjunction with the netem (network emulator) included in the Linux kernal . To do this, we’ll use just use two hosts…
To start with – let’s make sure that ‘tc’ is installed and that it’s working…
user@ubuntu-1:~$ sudo tc qdisc show dev ens32 qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 user@ubuntu-1:~$
So what did we just do here? Well we used the tc command to return the current qdisc configuration for our servers physical network interface named ‘ens32’. So what’s a qdisc? Qdisc is shorthand for ‘Queue discipline’ and defines the queuing Continue reading
Mirai, Bitcoin, and numeracy
Newsweek (the magazine famous for outing the real Satoshi Nakamoto) has a story about how a variant of the Mirai botnet is mining bitcoin. They fail to run the numbers.
- total Mirai hash-rate = 2.5 million bots times 0.185 megahash/sec = 0.468 terahashes/second
- Continue reading
Liveblog: Creating Effective Images
This is a liveblog for the DockerCon 2017 session titled “Creating Effective Images.” The speaker is Abby Fuller, a Senior Technical Evangelist with Amazon Web Services. Abby is a former operations engineer who was an early consumer of Amazon’s Elastic Container Service (ECS), and some of her learnings came about the “hard way.” This session is from the “Using Docker” track.
Fuller starts with reviewing the agenda, and shares that she’s intent on providing some practical tips that attendees can put to work immediately.
The first topic that Fuller tackles is the topic of container layers. A Docker container is made up of the read-only layers from the image itself, and a read/write layer at “the top” of the layers. Why do we care? Fewer layers means a smaller image, and smaller images means faster builds and faster deploys. (You may also see a reduced attack surface.)
The differences in making smaller images is important, Fuller explains, because the frequency of deployments is increasing (more deployments happening more quickly), and more containers are being deployed (sometimes at the behest of a CI/CD pipeline). This can result in significant amounts of disk space being consumed unnecessarily.
Some high-level Continue reading
DockerCon 2017 Black Belt Session: Cilium for Network and Application Security
This is a liveblog of the DockerCon 2017 Black Belt session led by Thomas Graf on Cilium, a new startup that focuses on using eBPF and XDP for network and application security.
Graf starts by talking about how BPF (specifically, extended BPF or eBPF) can be used to rethink how the Linux kernel handles network traffic. Graf points out that there is another session by Brendan Gregg on using BPF to do analysis performance and profiling.
Why is it necessary to rethink how networking and security is handled? A lot of it has not evolved as application deployments have evolved from low complexity/low deployment frequency to high complexity/high deployment frequency. Further, the age of unique protocol ports (like SMTP on port 25 or SSH on port 22) is coming to a close, as now many different applications or services simply run over HTTP. This leads to “overloading” the HTTP port and a loss of visibility into which applications are talking over that port. Opening TCP port 80 in a situation like this means potentially exposing more privileges than desired (the example to use other HTTP verbs, like PUT or POST instead of just GET).
Graf quickly moves into a Continue reading
DockerCon 2017 Day 1 Keynote
This is a liveblog of the day 1 keynote (general session) of DockerCon 2017 in Austin, TX.
At 9:05am, Ben Golub, CEO of Docker, Inc., takes the stage to kick off the general session and the conference. Golub starts the presentation by reviewing Docker’s four-year history and all the things that have changed over the last three years since the very first DockerCon—from the size of Gordon (Docker’s tortoise mascot) to the amount of growth in Docker usage (via statistics in the number of Docker hosts, the number of Docker-ized apps, the number of image pulls from Docker Hub, and so forth).
Golub continues by mentioning some of the various use cases for Docker. One use case mentioned is Intuit’s use of Docker, and Golub points out that the person responsible for running Intuit’s systems is confident enough in their systems that they’re attending DockerCon on Tax Day (when as many as 25 million tax returns are expected to be processed).
Shifting gears a bit, Golub talks a bit more about the changes over the last 3 years in regards to Docker (the open source project) itself. Stakeholders have changed, and the nature of the project (now projects) has Continue reading
Intel Shuts Down its 20-Year-Old Developer Forum
The company is determined to re-invent itself.
Worth Reading: A new YANG module catalogue
The post Worth Reading: A new YANG module catalogue appeared first on rule 11 reader.