VPP MPLS – Part 4

VPP

About this series

Special Thanks: Adrian vifino Pistol for writing this code and for the wonderful collaboration!

Ever since I first saw VPP - the Vector Packet Processor - I have been deeply impressed with its performance and versatility. For those of us who have used Cisco IOS/XR devices, like the classic ASR (aggregation service router), VPP will look and feel quite familiar as many of the approaches are shared between the two.

In the last three articles, I thought I had described “all we need to know” to perform MPLS using the Linux Controlplane in VPP:

  1. In the [first article] of this series, I took a look at MPLS in general.
  2. In the [second article] of the series, I demonstrated a few special case labels (such as Explicit Null and Implicit Null which enables the fabled Penultimate Hop Popping behavior of MPLS.
  3. Then, in the [third article], I worked with @vifino to implement the plumbing for MPLS in the Linux Control Plane plugin for VPP. He did most of the work, I just watched :)

As if in a state of premonition, I mentioned:

Caveat empor, outside of a modest functional and Continue reading

Worth Reading: Cargo Cult AI

Before we managed to recover from the automation cargo cults, a tsunami wave of cargo cult AI washed over us as Edlyn V. Levine explained in an ACM Queue article. Enjoy ;)

Also, a bit of a historical perspective is never a bad thing:

Impressive progress in AI, including the recent sensation of ChatGPT, has been dominated by the success of a single, decades-old machine-learning approach called a multilayer (or deep) neural network. This approach was invented in the 1940s, and essentially all of the foundational concepts of neural networks and associated methods—including convolutional neural networks and backpropagation—were in place by the 1980s.

Worth Reading: Cargo Cult AI

Before we managed to recover from the automation cargo cults, a tsunami wave of cargo cult AI washed over us as Edlyn V. Levine explained in an ACM Queue article. Enjoy ;)

Also, a bit of a historical perspective is never a bad thing:

Impressive progress in AI, including the recent sensation of ChatGPT, has been dominated by the success of a single, decades-old machine-learning approach called a multilayer (or deep) neural network. This approach was invented in the 1940s, and essentially all of the foundational concepts of neural networks and associated methods—including convolutional neural networks and backpropagation—were in place by the 1980s.

Controversial Reads 052723


The net’s long decline into “five giant websites, each filled with screenshots of the other four” isn’t a mystery. Nor was it by any means a forgone conclusion. Instead, we got here through a series of conscious actions by big businesses and lawmakers that put antitrust law into a 40-year coma.


The federal government should not have warrantless, backdoor access to private communication systems like Twitter.


My experiences in the War on Terror provided me with a glimpse of the AI revolution that is now remaking America’s political system and culture in ways that have already proved incompatible with our system of democracy and self-government and may soon become irreversible.


America has a monopoly problem. Most industries in the United States have consolidated in recent decades,1 and markups and profits have dramatically increased since around 1980.


If the fabric is error-free, and can send and receive between hosts at interface speed with no buffering or delay, a case can be made for a different kind of stream protocol, which implies perhaps less overhead per host to manage that stream of data.


The real problem Altman is trying to solve—and everyone knows this—is how to use the power of the federal Continue reading

Weekend Reads 052623


Communities installing WiFi that spans an entire property. From tennis courts to pools, from fields to lakes, Hotwire says the new hybrid work-from-home lifestyle means homeowners are working from everywhere within a community.


BGP is the Internet’s de facto routing protocol – but relatively few have a deep understanding of its vulnerabilities.


Since its invention by Bob Metcalf and David Boggs back in 1973, Ethernet has continuously been expanded and adapted to become the go-to Layer 2 protocol in computer networking across industries.


However, it is important to acknowledge that passwords have long been identified as one of the weakest elements in the security chain.


Ready to live on the edge? In my last network design post we talked about remote access VPN but in this instalment, we will take a detailed look at designs for the network edge.


Intel has launched a field-programmable gate array—Agilex 7 with R-Tile—that features PCIe 5.0 and CXL capabilities for processing networking workloads.


Speaking of the existential threat of AI is science fiction, and bad science fiction for that matter because it is not based on anything we know about science, logic, and nothing we even know about ourselves.


In a recent workshop Continue reading

Heavy Networking 681: Under The Hood Of Formula 1 Networking

Modern F1 racing is bathed in data. Real-time vehicle telemetry. In-car video feeds. More video from camera crews and drones. Live streaming. All of this and more needs a network. On today's Heavy Networking we speak with Formula 1's David Ramsden, Senior Network Engineer; and Lee Wright, Head of IT Operations, to get the inside track on building the networks that support F1 races.

Heavy Networking 681: Under The Hood Of Formula 1 Networking

Modern F1 racing is bathed in data. Real-time vehicle telemetry. In-car video feeds. More video from camera crews and drones. Live streaming. All of this and more needs a network. On today's Heavy Networking we speak with Formula 1's David Ramsden, Senior Network Engineer; and Lee Wright, Head of IT Operations, to get the inside track on building the networks that support F1 races.

The post Heavy Networking 681: Under The Hood Of Formula 1 Networking appeared first on Packet Pushers.

Case study: Calico on AWS enables turnkey networking and security for Rafay’s enterprise-grade Kubernetes Operations Platform

Organizations are adopting Kubernetes on Amazon Web Services (AWS) to modernize their applications. But Kubernetes clusters and application lifecycles demand a considerable investment of cost and resources, especially for edge applications.

Rafay’s SaaS-based Kubernetes operations platform (KOP) helps platform teams deploy, scale, and manage their fleet without requiring anyone on the platform team to be a Kubernetes expert. Hosted on AWS Elastic Kubernetes Services (EKS), Rafay’s unified, enterprise-grade KOP supports Kubernetes and application lifecycle management through automation and self-service with the right standardization, control, and governance level. Rafay empowers organizations to accelerate their digital transformation while limiting operating costs.

In partnership with AWS and Tigera, Rafay shares the story of how it leveraged Calico on AWS to secure its turnkey offering in an exclusive case study. Here are the highlights.

Challenges

To secure its KOP and enable customers with little to no Kubernetes experience, Rafay required a scalable, Kubernetes-native security solution that could:

  1. Provide and enforce networking and security policy for multi-tenant environments through workload isolation with identify-aware microsegmentation
  2. Eliminate IP address exhaustion issues and deliver automated flexible IP address management (IPAM) to allow for agile scaling without increasing operational overhead
  3. Seamlessly integrate with Amazon EKS, where Rafay’s KOP is Continue reading

How Oxy uses hooks for maximum extensibility

How Oxy uses hooks for maximum extensibility
How Oxy uses hooks for maximum extensibility

We recently introduced Oxy, our Rust framework for building proxies. Through a YAML file, Oxy allows applications to easily configure listeners (e.g. IP, MASQUE, HTTP/1), telemetry, and much more. However, when it comes to application logic, a programming language is often a better tool for the job. That’s why in this post we’re introducing Oxy’s rich dependency injection capabilities for programmatically modifying all aspects of a proxy.

The idea of extending proxies with scripting is well established: we've had great past success with Lua in our OpenResty/NGINX deployments and there are numerous web frameworks (e.g. Express) with middleware patterns. While Oxy is geared towards the development of forward proxies, they all share the model of a pre-existing request pipeline with a mechanism for integrating custom application logic. However, the use of Rust greatly helps developer productivity when compared to embedded scripting languages. Having confidence in the types and mutability of objects being passed to and returned from callbacks is wonderful.

Oxy exports a series of hook traits that “hook” into the lifecycle of a connection, not just a request. Oxy applications need to control almost every layer of the OSI model: how Continue reading

Network Security Vulnerabilities: the Root Causes

Sometime last autumn, I was asked to create a short “network security challenges” presentation. Eventually, I turned it into a webinar, resulting in almost four hours of content describing the interesting gotchas I encountered in the past (plus a few recent vulnerabilities like turning WiFi into a thick yellow cable).

Each webinar section started with a short “This is why we have to deal with these stupidities” introduction. You’ll find all of them collected in the Root Causes video starting the Network Security Fallacies part of the How Networks Really Work webinar.

Watch the video
You need Free ipSpace.net Subscription to watch the video.

Network Security Vulnerabilities: the Root Causes

Sometime last autumn, I was asked to create a short “network security challenges” presentation. Eventually, I turned it into a webinar, resulting in almost four hours of content describing the interesting gotchas I encountered in the past (plus a few recent vulnerabilities like turning WiFi into a thick yellow cable).

Each webinar section started with a short “This is why we have to deal with these stupidities” introduction. You’ll find all of them collected in the Root Causes video starting the Network Security Fallacies part of the How Networks Really Work webinar.

Watch the video
You need Free ipSpace.net Subscription to watch the video.

Resizing images on the Linux command line

The convert command from the ImageMagick suite of tools provides ways to make all sorts of changes to image files. Among these is an option to change the resolution of images. The syntax is simple, and the command runs extremely quickly. It can also convert a image from one format to another (e.g., jpg to png) as well as blur, crop, despeckle, dither, flip and join images and more.Although the commands and scripts in this post mostly focus on jpg files, the convert command also works with a large variety of other image files, including png, bmp, svg, tiff, gif and such.Basic resizing To resize an image using the convert, you would use a command like this:To read this article in full, please click here

Resizing images on the Linux command line

The convert command from the ImageMagick suite of tools provides ways to make all sorts of changes to image files. Among these is an option to change the resolution of images. The syntax is simple, and the command runs extremely quickly. It can also convert a image from one format to another (e.g., jpg to png) as well as blur, crop, despeckle, dither, flip and join images and more.Although the commands and scripts in this post mostly focus on jpg files, the convert command also works with a large variety of other image files, including png, bmp, svg, tiff, gif and such.Basic resizing To resize an image using the convert, you would use a command like this:To read this article in full, please click here

1 213 214 215 216 217 3,765