I’ll be talking about Internet routing security at the Deep conference in a few days, and just in case you won’t be able to make it1 ;) here’s the first bit of my talk: a very brief history of BGP route leaks2.
Note: you’ll find more Network Security Fallacies videos in the How Networks Really Work webinar.
I’ll be talking about Internet routing security at the Deep conference in a few days, and just in case you won’t be able to make it1 ;) here’s the first bit of my talk: a very brief history of BGP route leaks2.
Note: you’ll find more Network Security Fallacies videos in the How Networks Really Work webinar.
Ever since I first saw VPP - the Vector Packet Processor - I have been deeply impressed with its performance and versatility. For those of us who have used Cisco IOS/XR devices, like the classic ASR (aggregation service router), VPP will look and feel quite familiar as many of the approaches are shared between the two.
There’s some really fantastic features in VPP, some of which are lesser well known, and not always very well documented. In this article, I will describe a unique usecase in which I think VPP will excel, notably acting as a gateway for Internet Exchange Points.
In this first article, I’ll take a closer look at three things that would make such a gateway possible: bridge domains, MAC address filtering and traffic shaping.
Internet Exchanges are typically L2 (ethernet) switch platforms that allow their connected members to exchange traffic amongst themselves. Not all members share physical locations with the Internet Exchange itself, for example the IXP may be at NTT Zurich, but the member may be present in Interxion Zurich. For smaller clubs, like IPng Networks, it’s not always financially feasible (or desirable) to order a dark fiber between two adjacent Continue reading
On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta – threat actors were able to leverage an authentication token compromised at Okta to pivot into Cloudflare’s Okta instance. While this was a troubling security incident, our Security Incident Response Team’s (SIRT) real-time detection and prompt response enabled containment and minimized the impact to Cloudflare systems and data. We have verified that no Cloudflare customer information or systems were impacted by this event because of our rapid response. Okta has now released a public statement about this incident.
This is the second time Cloudflare has been impacted by a breach of Okta’s systems. In March 2022, we blogged about our investigation on how a breach of Okta affected Cloudflare. In that incident, we concluded that there was no access from the threat actor to any of our systems or data – Cloudflare’s use of hard keys for multi-factor authentication stopped this attack.
The key to mitigating this week’s incident was our team’s early detection and immediate response. In fact, we contacted Okta about the breach of their systems before they had notified us. The attacker used an open Continue reading
Today’s Heavy Networking is about collaborative automation via GitNops, which applies DevOps principles to networking. That means things like version control, working with sources of truth, operating infrastructure as code, and collaborating on network on changes and updates. GitNops benefits include automation, repeatability, and scalability. We'll dive into GitNops with guest Tom McGonagle.
The post Heavy Networking 706: The GitNops Approach To Collaborative Network Automation appeared first on Packet Pushers.
Itching to get started? Apply to the Self Serve Partner Beta or Enterprise partner programs now.
Cloudflare has always worked closely with partners to help build a better Internet. From our earliest Hosting Partners, to our latest Cloudflare One program and Authorized Service Delivery partners, we are dedicated to supporting our peers across the networking and cybersecurity ecosystem to secure Enterprise networks, mission-critical applications, and remote employees. As part of that commitment, we are proud to announce the general availability of our first dashboard for our Tenant Platform, providing an intuitive user interface for agencies and partners to manage their client accounts.
The first version of the Tenant Platform was created in 2018 to support one of our large integration partners, IBM Cloud. They needed a secure way to independently provision accounts for their clients, spin up custom subscriptions, invite service users within each new account, and begin to configure the service. This platform, although API only, worked extremely well with our OEM and integration partners that were including our solution within their current platform to support their customers.
As Cloudflare has expanded the type of partners and customers it works Continue reading
Automation is a big topic–folks had a lot of feedback on our first couple of Hedge episodes on the topic. We return to automation in this episode of the Hedge with Carl Buchmann to discuss one effort at unifying automation with humble beginnings.
SiFive today launched a pair of RISC-V CPU cores aimed at high-performance and AI/ML applications.
An investigation from the Wall Street Journal identified a company called Near Intelligence that purchased data about individuals and their devices from brokers who usually sell to advertisers. The company Continue reading
Welcome to the second part of our Debunking Datacenter Compute Myths series. …
The post Debunking Datacenter Compute Myths, Part Two first appeared on The Next Platform.
Debunking Datacenter Compute Myths, Part Two was written by Timothy Prickett Morgan at The Next Platform.
On today's Kubernetes Unpacked podcast, Michael and Kristina catch up with Arsh Sharma, Developer Experience Engineer at Okteto. Arsh dives into the key aspects to consider for incorporating a proper developer experience for Kubernetes and the overall cloud-native ecosystem.
The post Kubernetes Unpacked 038: The Kubernetes Dev Experience In 2023 appeared first on Packet Pushers.
On today's IPv6 Buzz, we talk with Jason Gintert of the Ohio Internet Exchange about what's involved with running an IX and where IPv6 fits in to the picture. We also discuss Jason's work with the US Networking User Association, a group that brings together network engineers to share knowledge and learn from one another.
The post IPv6 Buzz 137: Running IPv6 At An Internet Exchange appeared first on Packet Pushers.