Build and secure multi-cluster CockroachDB using the Calico clustermesh: A step-by-step guide

This blog is written by Dhiraj Sehgal and Mike Bookham.

Dhiraj Sehgal is the Director of Technical Marketing at Tigera, where he helps customers learn more about Calico and provides best practices for securing cloud-native environments. He is passionate about everything cloud native, from Kubernetes to cloud security and observability.

Mike Bookham is a Channel Solutions Engineer at Cockroach Labs. As part of Mike’s role, he helps a range of different types of partner organizations get familiar with CockroachDB from a technical perspective. Mike has worked with cloud-native technologies for a number of years and specializes in Kubernetes and the surrounding ecosystem.

With the rapid adoption of Kubernetes in organizations and the push to standardize the orchestration of resources with this approach, databases are now also being deployed into Kubernetes. Historically, persistent workloads like databases were not recommended for their deployment into Kuberntes as it was complex to manage how data would be stored. This was a result of Kubertnes originally being designed for non persistent microservice architectures. However, in more recent times new database vendors are emerging with software built from the ground up to run in this environment.

Kubernetes mandates how the networking is deployed and configured in Continue reading

The power of >, >>, &, &&, and || on Linux

Some of the most convenient “tricks” on Linux depend on the use of a handful of special characters. This post takes a look at a number of them and shows how they work.Using > and >> Using the > and >> characters will have similar but different effects, and both depend on how you use them in a command. The > character can be used to direct output into a file. For example, these commands will put the specified text into a file. If the file exists, however, any former content will be overwritten. Notice how only one "hello" remains in the file.$ echo hello > world $ echo hello > world $ cat world hello Using >>, on the other hand, will add the text provided to the end of a file. If the file doesn’t exist, the command will create it.To read this article in full, please click here

The power of >, >>, &, &&, and || on Linux

Some of the most convenient “tricks” on Linux depend on the use of a handful of special characters. This post takes a look at a number of them and shows how they work.Using > and >> Using the > and >> characters will have similar but different effects, and both depend on how you use them in a command. The > character can be used to direct output into a file. For example, these commands will put the specified text into a file. If the file exists, however, any former content will be overwritten. Notice how only one "hello" remains in the file.$ echo hello > world $ echo hello > world $ cat world hello Using >>, on the other hand, will add the text provided to the end of a file. If the file doesn’t exist, the command will create it.To read this article in full, please click here

Are AI-powered networks already outperforming SD-WAN?

SD-WANs (software-defined wide area networks) have been in wide-scale use for several years now, and their adoption has accelerated in recent years. According to a report by IDC, the worldwide SD-WAN infrastructure market reached $4.5 billion in 2020, representing a dramatic 45.5% increase from the previous year.Today, SD-WAN is considered a mainstream technology, and companies like Microsoft, Vodafone, and Visa are using it to connect their branch offices, data centers, and cloud resources. As more organizations adopt cloud-based applications and services, the demand for SD-WAN is likely to continue to grow.But within SD-WAN solutions there are critical limitations–particularly for organizations that operate globally since SD-WAN lacks a global backbone.To read this article in full, please click here

BrandPost: Unlock the potential for NaaS in healthcare

By: Lilly Fleming, Healthcare Marketing, HPE Aruba Networking.Healthcare organizations have undergone substantial digital transformation over the last decade. There are more medical and personal IoT devices in the healthcare landscape than ever before, and this trend is not slowing down. The healthcare IT organization faces the difficult challenge of added complexities, including how they prioritize investments in digital tools, technology, and analytics. Channel Partners can help their healthcare customers meet the needs of their patients and stakeholders by enabling them to overcome these challenges.To read this article in full, please click here

BrandPost: Why SASE requires a flexible platform for integrated or unified choice

By: Scott Raynovich, Founder and Chief Analyst, FuturiomAs end users adopt software-defined technology that can help them more easily deploy and manage secure networks, they are increasingly looking to the technologies known as secure access service edge (SASE) and secure service edge (SSE).But digging deeper into these acronyms, it gets more complex. SASE and SSE products aren’t exactly product categories per se – but platforms for integrating a variety of network security functions. These wide-ranging features might include all the most popular features/acronyms, including Advanced Threat Protection (ATP), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP), Firewall-as-a-Service (FWaaS), Intrusion Detection System/Intrusion Prevention System (IDS/IPS), Next-Generation Firewall (NGFW), Software-Defined Wide-Area Networking (SD-WAN), Secure Web Gateway (SWG), Unified Threat Management (UTM), and Zero Trust Network Access (ZTNA). The integration of these functions is a key driving force behind the growth of the SASE market.To read this article in full, please click here

Bring your own CA for client certificate validation with API Shield

Bring your own CA for client certificate validation with API Shield
Bring your own CA for client certificate validation with API Shield

APIs account for more than half of the total traffic of the Internet. They are the building blocks of many modern web applications. As API usage grows, so does the number of API attacks. And so now, more than ever, it’s important to keep these API endpoints secure. Cloudflare’s API Shield solution offers a comprehensive suite of products to safeguard your API endpoints and now we’re excited to give our customers one more tool to keep their endpoints safe. We’re excited to announce that customers can now bring their own Certificate Authority (CA) to use for mutual TLS client authentication. This gives customers more security, while allowing them to maintain control around their Mutual TLS configuration.

The power of Mutual TLS (mTLS)

Traditionally, when we refer to TLS certificates, we talk about the publicly trusted certificates that are presented by servers to prove their identity to the connecting client. With Mutual TLS, both the client and the server present a certificate to establish a two-way channel of trust. Doing this allows the server to check who the connecting client is and whether or not they’re allowed to make a request. The certificate presented by the client - the client certificate Continue reading

The day my ping took countermeasures

The day my ping took countermeasures
The day my ping took countermeasures
The day my ping took countermeasures

Once my holidays had passed, I found myself reluctantly reemerging into the world of the living. I powered on a corporate laptop, scared to check on my email inbox. However, before turning on the browser, obviously, I had to run a ping. Debugging the network is a mandatory first step after a boot, right? As expected, the network was perfectly healthy but what caught me off guard was this message:

The day my ping took countermeasures

I was not expecting ping to take countermeasures that early on in a day. Gosh, I wasn't expecting any countermeasures that Monday!

Once I got over the initial confusion, I took a deep breath and collected my thoughts. You don't have to be Sherlock Holmes to figure out what has happened. I'm really fast - I started ping before the system NTP daemon synchronized the time. In my case, the computer clock was rolled backward, confusing ping.

While this doesn't happen too often, a computer clock can be freely adjusted either forward or backward. However, it's pretty rare for a regular network utility, like ping, to try to manage a situation like this. It's even less common to call it "taking countermeasures". I would totally expect ping to just print Continue reading

Catalyst SD-WAN – Introduction to Configuration Groups

One of the challenges with Catalyst SD-WAN is managing templates. Depending on how successful you are in standardizing your deployment, you risk ending up with many device templates. This can also be amplified if you have several platforms as each platform requires its own set of device templates. Feature templates, while reusable, offers no concept of grouping feature templates which means that there is a lot of work involved in building a new device template. To overcome some of these challenges, Cisco has introduced Configuration Groups starting with 20.8 and going forward where 20.11 currently has the most features implemented. This is also often referred to as UX 2.0 in some presentations. Let’s take a look at Configuration Groups by looking at the building blocks.

  • Configuration Group – Logical grouping of features or configuration that is applied to devices. Similar to a device template but it can be applied to different models.
  • Feature Profile – Building block of configurations that can be reused across different Configuration Groups. Example feature profiles are Transport Profile, System Profile, Service Profile.
  • Feature – The Feature Profile consists of features. The individual capability to be shared across Configuration Groups such as service Continue reading

Configuring Linux Traffic Control in a Sane Way

Smart engineers were forever using Linux (in particular, its traffic control/queue discipline functionality) to simulate WAN link impairment. Unfortunately, there’s a tiny hurdle you have to jump across: the tc CLI is even worse than iptables.

A long while ago someone published a tc wrapper that simulates shitty network connections and (for whatever reason) decided to call it Comcast. It probably does the job, but I would prefer to have something in Python. Daniel Dib found just that – tcconfig – and used it to simulate WAN link behavior on VMware vSphere.

Configuring Linux Traffic Control in a Sane Way

Smart engineers were forever using Linux (in particular, its traffic control/queue discipline functionality) to simulate WAN link impairment. Unfortunately, there’s a tiny hurdle you have to jump across: the tc CLI is even worse than iptables.

A long while ago someone published a tc wrapper that simulates shitty network connections and (for whatever reason) decided to call it Comcast. It probably does the job, but I would prefer to have something in Python. Daniel Dib found just that – tcconfig – and used it to simulate WAN link behavior on VMware vSphere.

Multiple SD-WAN vendors can complicate move to SASE

Enterprises over the past several years have embraced SD-WAN for many reasons, including the flexibility of cloud architecture, enhanced security, centralized management of distributed locations, and improved application availability and performance. In turn, the popularity of SD-WAN has helped propel interest in secure access service edge (SASE), a network architecture that converges connectivity and security services.To read this article in full, please click here

Multiple SD-WAN vendors can complicate move to SASE

Enterprises over the past several years have embraced SD-WAN for many reasons, including the flexibility of cloud architecture, enhanced security, centralized management of distributed locations, and improved application availability and performance. In turn, the popularity of SD-WAN has helped propel interest in secure access service edge (SASE), a network architecture that converges connectivity and security services.To read this article in full, please click here

Connection errors in Asia Pacific region on July 9, 2023

Connection errors in Asia Pacific region on July 9, 2023
Connection errors in Asia Pacific region on July 9, 2023

On Sunday, July 9, 2023, early morning UTC time, we observed a high number of DNS resolution failures — up to 7% of all DNS queries across the Asia Pacific region — caused by invalid DNSSEC signatures from Verisign .com and .net Top Level Domain (TLD) nameservers. This resulted in connection errors for visitors of Internet properties on Cloudflare in the region.

The local instances of Verisign’s nameservers started to respond with expired DNSSEC signatures in the Asia Pacific region. In order to remediate the impact, we have rerouted upstream DNS queries towards Verisign to locations on the US west coast which are returning valid signatures.

We have already reached out to Verisign to get more information on the root cause. Until their issues have been resolved, we will keep our DNS traffic to .com and .net TLD nameservers rerouted, which might cause slightly increased latency for the first visitor to domains under .com and .net in the region.

Background

In order to proxy a domain’s traffic through Cloudflare’s network, there are two components involved with respect to the Domain Name System (DNS) from the perspective of a Cloudflare data center: external DNS resolution, and upstream or origin DNS resolution.

Continue reading

Network Break 437: Ethernet Turns 50; TSMC Imports Workers For Arizona Fab; BT, HPE Partner On Managed LAN

On today's Network Break, Greg Ferro wishes Ethernet an unhappy birthday, HPE and BT want to manage your LAN, TSMC brings in Taiwanese workers to build new fabs in Arizona, Nokia touts new Fixed Wireless Access milestones, and more IT news.

The post Network Break 437: Ethernet Turns 50; TSMC Imports Workers For Arizona Fab; BT, HPE Partner On Managed LAN appeared first on Packet Pushers.

1 219 220 221 222 223 3,794