Cloudflare Radar’s new BGP origin hijack detection system
Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet. It enables networks and organizations to exchange reachability information for blocks of IP addresses (IP prefixes) among each other, thus allowing routers across the Internet to forward traffic to its destination. BGP was designed with the assumption that networks do not intentionally propagate falsified information, but unfortunately that’s not a valid assumption on today’s Internet.
Malicious actors on the Internet who control BGP routers can perform BGP hijacks by falsely announcing ownership of groups of IP addresses that they do not own, control, or route to. By doing so, an attacker is able to redirect traffic destined for the victim network to itself, and monitor and intercept its traffic. A BGP hijack is much like if someone were to change out all the signs on a stretch of freeway and reroute automobile traffic onto incorrect exits.
You can learn more about BGP and BGP hijacking and its consequences in our learning center.
At Cloudflare, we have long been monitoring suspicious BGP anomalies internally. With our recent efforts, we are bringing BGP origin hijack detection to the Cloudflare Radar platform, sharing our detection results with the Continue reading
The Machines Behind the FinOps Curtain: Operationalizing Your Strategy with AI
FinOps is incredibly complex in multi-cloud environments. Increasingly, enterprises are turning to artificial intelligence (AI) for help.Migration Coordinator – Lift and Shift Migration Modes
In the first part of this blog series, takes a high-level view of all the modes that are available with Migration Coordinator, a fully supported tool built into NSX that enables migrating from NSX from vSphere to NSX (NSX-T). The second blog in this series, takes a closer look at the available options for in-place migrations. This third blog in this series, will take the options available for lift and shift type of migration.
Distributed Firewall
Distributed Firewall mode is one of the first lift and shift modes that was introduced with NSX 3.1 release. This mode allows migrating only the firewall configuration over to NSX running on its own dedicated HW.
Locating the mode: This mode is part of the three advanced migration modes and is found by expanding the “Advanced Migration Modes” highlighted in red below:
NSX Prep:
- Installation: NSX manager and Edges. Optionally bridges.
- Configuration:
- Configure the N/S network connectivity
- Create and configure T0s all the way down to the Segments
- Segment ID must match the VNI of the NSX for vSphere logical switches
- Optionally configure bridges if the migration is expected to take long time and network connectivity between the workloads on NSX for vSphere Continue reading
IPv6 Buzz 131: Why Bother With IPv6 When Everyone’s Using NAT?
Today's IPv6 Buzz podcast riffs on a question raised in a Reddit thread that asks why you should use IPv6 when NAT exists. Tom, Ed, and Scott provide answers, and also discuss the complicated role of NAT in both IPv6 and IPv4 networks in the past, present, and future.IPv6 Buzz 131: Why Bother With IPv6 When Everyone’s Using NAT?
Today's IPv6 Buzz podcast riffs on a question raised in a Reddit thread that asks why you should use IPv6 when NAT exists. Tom, Ed, and Scott provide answers, and also discuss the complicated role of NAT in both IPv6 and IPv4 networks in the past, present, and future.
The post IPv6 Buzz 131: Why Bother With IPv6 When Everyone’s Using NAT? appeared first on Packet Pushers.
H100 GPU Instance Pricing On AWS: Grin And Bear It
It is funny what courses were the most fun and most useful when we look back at college. …
The post H100 GPU Instance Pricing On AWS: Grin And Bear It first appeared on The Next Platform.
H100 GPU Instance Pricing On AWS: Grin And Bear It was written by Timothy Prickett Morgan at The Next Platform.
Cybernews Expert Interview with Tigera President and CEO, Ratan Tipirneni
The challenges companies face regarding private and professional data protection are more important today than ever. In the modern enterprise, cloud computing and the use of cloud-native architectures enable unmatched performance, flexibility, velocity, and innovation. However, as digitalization pushes applications and services to the cloud, cyber criminals’ intrusion techniques have become increasingly sophisticated. To stay current with advancing technologies, doubling or tripling security measures is a must.
To understand the critical need for advanced cybersecurity measures, we turned to an expert in the industry, Ratan Tipirneni, President and CEO of Tigera – a company providing active, zero-trust-based security for cloud-native applications running on containers and Kubernetes.
Q: How did the idea of Tigera originate? What has your journey been like so far?
It was over six years ago that Tigera created Project Calico, an open-source container networking and security project.
As containers and Kubernetes adoption grew and organizations started using Kubernetes at scale, Tigera recognized the industry’s need for more advanced security and observability. Tigera has since grown from the Project Calico open-source project to a container security innovator that now supports many Fortune 100 companies across the globe.
Tigera’s continued success comes from listening to customers’ needs, understanding Continue reading
Kubernetes Unpacked 031: Is Kubernetes Getting Boring?
In today's Kubernetes Unpacked, Kristina and Michael talk about whether Kubernetes is getting boring, and how elements such as service mesh, security-centric CNIs, and movements such as GitOps, can keep Kubernetes moving forward.Kubernetes Unpacked 031: Is Kubernetes Getting Boring?
In today's Kubernetes Unpacked, Kristina and Michael talk about whether Kubernetes is getting boring, and how elements such as service mesh, security-centric CNIs, and movements such as GitOps, can keep Kubernetes moving forward.
The post Kubernetes Unpacked 031: Is Kubernetes Getting Boring? appeared first on Packet Pushers.
Routing information now on Cloudflare Radar
Routing is one of the most critical operations of the Internet. Routing decides how and where the Internet traffic should flow from the source to the destination, and can be categorized into two major types: intra-domain routing and inter-domain routing. Intra-domain routing handles making decisions on how individual packets should be routed among the servers and routers within an organization/network. When traffic reaches the edge of a network, the inter-domain routing kicks in to decide what the next hop is and forward the traffic along to the corresponding networks. Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet.
Today, we are introducing another section on Cloudflare Radar: the Routing page, which focuses on monitoring the BGP messages exchanged to extract and present insights on the IP prefixes, individual networks, countries, and the Internet overall. The new routing data allows users to quickly examine routing status of the Internet, examine secure routing protocol deployment for a country, identify routing anomalies, validate IP block reachability and much more from globally distributed vantage points.
It’s a detailed view of how the Internet itself holds together.
Collecting routing statistics
The Internet consists of tens of thousands of interconnected Continue reading
Q2 2023 Internet disruption summary
This post is also available in Deutsch, Français, 日本語, 简体中文, 繁體中文 and 한국어.
Cloudflare operates in more than 300 cities in over 100 countries, where we interconnect with over 12,000 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions.
The second quarter of 2023 was a particularly busy one for Internet disruptions, and especially for government-directed Internet shutdowns. During the quarter, we observed many brief disruptions, but also quite a few long-lived ones. In addition to the government-directed Internet shutdowns, we also observed partial or complete outages due to severe weather, cable damage, power outages, general or unspecified technical problems, cyberattacks, military action, and infrastructure maintenance.
As we have noted in the past, this post is intended as a summary overview of observed disruptions, and is not an exhaustive or complete list of issues that have occurred during the quarter.
Government directed
Late spring often marks the start of a so-called “exam season” in several Continue reading
Unleashing the Potential of Multi-Cloud Automation with Ansible and Terraform
In today's rapidly evolving digital landscape, businesses are dependent on streamlined processes and efficient systems more than ever. One such revolutionary pathway towards a more efficient and flexible IT infrastructure is multi-cloud automation. In this blog, we will look at how to employ Ansible, a powerful automation tool, to tap into the immense potential of multi-cloud environments. We take you on a journey behind the scenes of our interactive labs, where our customers and prospects acquire hands-on experience with Ansible while exploring its newest features. In our labs, public clouds such as Google Cloud, AWS, and Microsoft Azure are showcased. Using Ansible we can orchestrate a symphony of seamless provisioning and optimal multi-cloud management. So, buckle up for a deep dive into the realm of multi-cloud automation, where complexity is simplified, and potential is unleashed.
The Ansible Technical Marketing team uses a variety of tools to create training labs and technical sales workshops for our field teams and customers. One of our training platforms includes Instruqt, an as-a-service learning platform, to help us create sandbox environments that can be run in your browser window. For technical tools behind the scenes, we use a combination of Ansible and Packer to build Continue reading