It’s crowded in here!

It's crowded in here!

We recently gave a presentation on Programming socket lookup with BPF at the Linux Plumbers Conference 2019 in Lisbon, Portugal. This blog post is a recap of the problem statement and proposed solution we presented.

It's crowded in here!
CC0 Public Domain, PxHere

Our edge servers are crowded. We run more than a dozen public facing services, leaving aside the all internal ones that do the work behind the scenes.

Quick Quiz #1: How many can you name? We blogged about them! Jump to answer.

These services are exposed on more than a million Anycast public IPv4 addresses partitioned into 100+ network prefixes.

To keep things uniform every Cloudflare edge server runs all services and responds to every Anycast address. This allows us to make efficient use of the hardware by load-balancing traffic between all machines. We have shared the details of Cloudflare edge architecture on the blog before.

It's crowded in here!

Granted not all services work on all the addresses but rather on a subset of them, covering one or several network prefixes.

So how do you set up your network services to listen on hundreds of IP addresses without driving the network stack over the edge?

Cloudflare engineers have had to ask themselves this question Continue reading

What’s it like to come out as LGBTQIA+ at work?

What's it like to come out as LGBTQIA+ at work?

Today is the 31st Anniversary of National Coming Out Day. I wanted to highlight the importance of this day, share coming out resources, and publish some stories of what it's like to come out in the workplace.

About National Coming Out Day

Thirty-one years ago, on the anniversary of the National March on Washington for Lesbian and Gay Rights, we first observed National Coming Out Day as a reminder that one of our most basic tools is the power of coming out. One out of every two Americans has someone close to them who is gay or lesbian. For transgender people, that number is only one in 10.

Coming out - whether it is as lesbian, gay, bisexual, transgender or queer - STILL MATTERS. When people know someone who is LGBTQ, they are far more likely to support equality under the law. Beyond that, our stories can be powerful to each other.

Each year on October 11th, National Coming Out Day continues to promote a safe world for LGBTQ individuals to live truthfully and openly. Every person who speaks up changes more hearts and minds, and creates new advocates for equality.

For more on coming out, visit HRC's Coming Out Continue reading

How the oil and gas industry exploits IoT

Like many traditional industries that have long-standing, tried-and-true methods of operation, the oil-and-gas sector hasn’t been the quickest to embrace IoT technology – despite having had instrumentation on drilling rigs, pipelines and refining facilities for decades, the extraction industry has only recently begun to work with modern IoT.To read this article in full, please click here(Insider Story)

Tarek Kamel: A Loss to the Internet Community

It was indeed very sad news yesterday that Tarek Kamel passed away. Despite his suffering and illness, no one expected death could be that close. Just last week I was chatting with friends in common about his persistence in planning to attend the upcoming ICANN meeting in Montreal, with permission from his doctors. That was Tarek Kamel: always forward looking and a real fighter for what he believed in.

Tarek’s death moved not only his family and friends, but a wider group, especially in the Internet community. Let me share why.

Who is He in a Nutshell?

Tarek Kamel had a Ph.D. in electrical engineering and information technology from the Technical University of Munich. From 1992 to 1999, he was the manager of Egypt’s Communications and Networking Department at the Cabinet Information and Decision Support Centre (IDSC/RITSEC). During this period, he established Egypt’s first connection to the Internet, steered the introduction of commercial Internet services in Egypt, and co-founded the Internet Society of Egypt (the Egyptian Chapter).

Kamel joined the Ministry of Communications and Information Technology at its formation in October 1999, where he was appointed senior advisor to the minister. Then he served as the minister of communications and information Continue reading

Women in Tech Week Profile: Clara McKenzie

We’re continuing our celebration of Women in Tech Week with another profile of one of many of the amazing women who make a tremendous impact at Docker – this week, and every week – helping developers build modern apps.

Clara McKenzie (center) is a Support Escalation Engineer.

What is your job?

SEG Engineer (Support Escalation Engineer).

How long have you worked at Docker?

4 months.

Is your current role one that you always intended on your career path? 

The SEG role is a combination that probably doesn’t exist as a general rule. I’ve always liked to support other engineers and work cross-functionally, as well as unravel hard problems, so it’s a great fit for me.

What is your advice for someone entering the field?

The only thing constant about a career in tech is change. When in doubt, keep moving. By that, I mean keep learning, keep weighing new ideas, keep trying new things.  

Tell us about a favorite moment or memory at Docker or from your career? 

In my first month at Docker, we hosted a summer cohort of students from Historical Black Colleges who were participating in a summer internship. As part of their visit Continue reading

Heavy Networking 477: Segment Routing Boot Camp With Juniper Networks (Sponsored)

Today on Heavy Networking we go deep on segment routing, a way to encode into a packet the path it should take through the network. Guest Ron Bonica, Distinguished Engineer at Juniper Networks, offers a detailed look at how segment routing works; discusses use cases; explores the differences among SR-MPLS, SRv6, and SRv6+; and more. Juniper is our sponsor for today's show.

The post Heavy Networking 477: Segment Routing Boot Camp With Juniper Networks (Sponsored) appeared first on Packet Pushers.

Stuff The Internet Says On Scalability For October 11th, 2019

 Wake up! It's HighScalability time:

 

Light is fast—or is it?

Do you like this sort of Stuff? I'd greatly appreciate your support on Patreon. And I wrote Explain the Cloud Like I'm 10 for all who want to understand the cloud. On Amazon it has 57 mostly 5 star reviews (135 on Goodreads). Please consider recommending it. You'll be a cloud hero.

Number Stuff:

Don't miss all that the Internet has to say on Scalability, click below and become eventually consistent with all scalability knowledge (which means this post has many more items to read so please keep on reading)...

Colt Rolls ADVA Ensemble Into Latest uCPE Line

Colt launched a new line of uCPE appliances powered by ADVA's Ensemble software platform in a bid...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Ericsson Eyes $700B 5G Growth Opportunity for Service Providers

The vendor warns that revenues from currently available services, namely mobile broadband services,...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

SAP CEO Bill McDermott Clocks Out

In a statement, SAP explained that McDermott “decided not to renew his contract.” The company...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

Weekly Wrap: AT&T Abandons Puerto Rico and US Virgin Islands

SDxCentral Weekly Wrap for Oct. 11, 2019: One analyst cites climate change for AT&T's $2...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

BGP-LU and MPLS VPNs

In my last post I showed you how you can use plain old BGP to distribute labels and create LSPs. While sort of interesting to see – it wasn’t super handy all by itself. In this post, we’re going to try and layer on MPLS VPNs to the same setup and show you how that might work. So let’s dig right in. I’m assuming that you’ve read the last post and that we’re picking up where things left off there.

Note: There are no pretty diagrams here so if you’re looking for some context on the lab we’re using go back and checkout the last post.

The first thing we want to do is put our client subnets into VRFs or routing-instances in Juniper parlance. Let’s do that on each tail router….

vMX1

set routing-instances customer1 instance-type vrf
set routing-instances customer1 interface ge-0/0/0.0
set routing-instances customer1 route-distinguisher 1:1
set routing-instances customer1 vrf-target target:1:1
set routing-instances customer1 vrf-table-label 

vMX7

set routing-instances customer1 instance-type vrf
set routing-instances customer1 interface ge-0/0/1.0
set routing-instances customer1 route-distinguisher 1:1
set routing-instances customer1 vrf-target target:1:1
set routing-instances customer1 vrf-table-label 

So nothing fancy here – we’re just creating a routing instance, assigning an RT/RD, Continue reading

Looking the GIFCT in the Mouth

The recent meeting of the United Nations General Assembly (UNGA) was notable because of the attention it paid to the climate of the planet Earth. A different set of meetings around the UNGA was about another climate: the one of fear, anger, and violence swirling about the Internet.

It was only last March that a man (there is only one accused) shot dozens of people in a pair of attacks on Muslims at prayer. The shooter streamed the first 17 minutes of his attacks using Facebook Live. The use of an Internet service in this event, combined with general concern about how Internet services are being used for terrorism and violent extremism, resulted in the Christchurch Call.

There is some reason to be optimistic about the Christchurch Call. Rarely have governments worked so decisively or quickly, together, to take on a global social issue. At a side meeting in New York at UNGA, some 30-odd additional countries signed the Call; more than 50 countries have signed on. New Zealand has led this while insisting that governments cannot tackle the issue alone, and has tried to involve everyone – through an Advisory Network – in decisions that are bound to affect Continue reading

Video: Retransmissions and Flow Control in Computer Networks

Grouping the features needed in a networking stack in bunch of layered modules is a great idea, but unfortunately it turns out that you could place a number of important features like error recovery, retransmission and flow control in a number of different layers, from data link layer dealing with individual network segments to transport layer dealing with reliable end-to-end transmissions.

So where should we put those modules? As always, the correct answer is it depends, in this particular case on transmission reliability, latency, and cost of bandwidth. You’ll find more details in the Retransmissions and Flow Control part of How Networks Really Work webinar.

You need free ipSpace.net subscription to watch the video, or a paid ipSpace.net subscriptions to watch the whole webinar.

Learning a unified embedding for visual search at Pinterest

Learning a unified embedding for visual search at Pinterest Zhai et al., KDD’19

Last time out we looked at some great lessons from Airbnb as they introduced deep learning into their search system. Today’s paper choice highlights an organisation that has been deploying multiple deep learning models in search (visual search) for a while: Pinterest.

With over 600 million visual searches per month and growing, visual search is one of the fastest growing products at Pinterest and of increasing importance.

Visual search is pretty fundamental to the Pinterest experience. The paper focuses on three search-based products: Flashlight, Lens, and Shop-the-Look.

In Flashlight search the search query is a source image either from Pinterest or the web, and the search results are relevant pins. In Lens the search query is a photograph taken by the user with their camera, and the search results are relevant pins. In Shop-the-Look the search query is a source image from Pinterest or the web, and the results are products which match items in the image.

Models are like microservices in one sense: it seems that they have a tendency to proliferate within organisations once they start to take hold! (Aside, I wonder if there’s Continue reading

Can microsegmentation help IoT security?

The Internet of Things (IoT) promises some big benefits for organizations, such as greater insights about the performance of corporate assets and finished products, improved manufacturing processes, and better customer services. The nagging security issues related to IoT, unfortunately, remain a huge concern for companies and in some cases might be keeping them from moving forward with initiatives. One possible solution to at least some of the security risks of IoT is microsegmentation, a  concept in networking that experts say could help keep IoT environments under control.To read this article in full, please click here(Insider Story)

Can microsegmentation help IoT security?

The Internet of Things (IoT) promises some big benefits for organizations, such as greater insights about the performance of corporate assets and finished products, improved manufacturing processes, and better customer services. The nagging security issues related to IoT, unfortunately, remain a huge concern for companies and in some cases might be keeping them from moving forward with initiatives. One possible solution to at least some of the security risks of IoT is microsegmentation, a  concept in networking that experts say could help keep IoT environments under control.To read this article in full, please click here(Insider Story)