What’s new in Calico Enterprise 3.17: Namespace isolation, WireGuard support for AKS and EKS, and more!

We are excited to introduce the early preview releases for Calico Enterprise 3.17. This release focuses on helping enterprises have a strong security posture for their containers and Kubernetes clusters. Let’s go through some of the highlights of this release.

Namespace isolation with automatic Security Policy Recommendations

Calico will now automatically generate security policies based on workload dependencies and incoming and outgoing traffic to isolate namespaces in your Kubernetes cluster.

WireGuard support for AKS and EKS with Calico CNI 

Users can now protect data-in-transit data in Microsoft AKS and Amazon EKS clusters by enabling WireGuard encryption with the Calico CNI.

Improved management of  Workload-based WAF 

Secure specific workload-to-workload communications at the application level with Calico’s workload-based web application firewall (WAF) by selecting and deselecting specific services.

Policy-based routing for egress gateways

Define policies on which egress gateway to use (or none at all) depending on the destination of egress traffic.

We hope you’ll enjoy these product upgrades and enhancements. We will continue to deliver new releases with innovative solutions to solve container and Kubernetes security challenges. Watch this space for future updates and details about how to leverage these features in your environment.

Check out our self-paced workshops for Continue reading

Japan bolsters its chip industry with buyout of equipment maker JSR

Japanese semiconductor equipment maker JSR has accepted a buyout offer of $6.4 billion (909.3 billion yen) from the Japanese government, in the country’s latest move to bolster its domestic chip industry.JSR is the world's leading maker of photoresists , the chemicals used for the process of printing circuit designs on chip wafers. It is also one of three Japanese companies that controls the world’s supply of fluorinated polyimide and hydrogen fluoride, compounds which are used to make the semiconductors found in supercomputers, AI-harnessing data centers and iPhones.Under the plan, Japan Investment Corp (JIC) – state-backed investment enterprise of Japan, specializing in private equity and venture capital investments primarily in Japan – would offer JSR $31.25 (4,350 yen) per share, a price that represents a 35% premium on the company’s share price when the markets closed on Friday. The resulting deal will see the company go private and provide Japan with a greater control over a technological process of which it is already a global leader.To read this article in full, please click here

Lost in transit: debugging dropped packets from negative header lengths

Lost in transit: debugging dropped packets from negative header lengths
Lost in transit: debugging dropped packets from negative header lengths

Previously, I wrote about building network load balancers with the maglev scheduler, which we use for ingress into our Kubernetes clusters. At the time of that post we were using Foo-over-UDP encapsulation with virtual interfaces, one for each Internet Protocol version for each worker node.

To reduce operational toil managing the traffic director nodes, we've recently switched to using IP Virtual Server's (IPVS) native support for encapsulation. Much to our surprise, instead of a smooth change, we instead observed significant drops in bandwidth and failing API requests. In this post I'll discuss the impact observed, the multi-week search for the root cause, and the ultimate fix.

Recap and the change

To support our requirements we've been creating virtual interfaces on our traffic directors configured to encapsulate traffic with Foo-Over-UDP (FOU). In this encapsulation new UDP and IP headers are added to the original packet. When the worker node receives this packet, the kernel removes the outer headers and injects the inner packet back into the network stack. Each virtual interface would be assigned a private IP, which would be configured to send traffic to these private IPs in "direct" mode.

Lost in transit: debugging dropped packets from negative header lengths

This configuration presents several problems for our operations teams.

Continue reading

Recapping Speed Week 2023

Recapping Speed Week 2023

This post is also available in Deutsch.

Recapping Speed Week 2023

Speed Week 2023 is officially a wrap.

In our Welcome to Speed Week 2023 blog post, we set a clear goal:

“This week we will help you measure what matters. We’ll help you gain insight into your performance, from Zero Trust and API’s to websites and applications. And finally we’ll help you get faster. Quickly.”.

This week we published five posts on how to measure performance, explaining which metrics and approaches make sense and why. We had a deep dive on the latest Core Web Vital, “Interaction to Next Paint”, what it means and how we can help. There was a post on Time To First Byte (TTFB) and why it isn't a good way to measure good web performance. We also wrote about how to measure Zero Trust performance, and announced the Internet Quality page of Cloudflare Radar - giving everyone the ability to compare Internet connection quality across Internet Service Providers, countries, and more.

We launched new products such as Observatory, Digital Experiencing Monitoring and Timing Insights. These products give an incredible window into how your applications and websites are performing through the eyes of website visitors Continue reading

How to deploy Red Hat Ansible Automation Platform on AWS to AWS GovCloud in the United States

This blog is co-authored by Zack Kayyali and Hicham (he-sham) Mourad

Deploying Red Hat Ansible Automation Platform Foundation

The steps below detail how to install Ansible Automation Platform on AWS United States GovCloud from the AWS Marketplace. The steps to deploy into AWS GovCloud and AWS Commercial cloud are nearly identical. Before starting your deployment process, please ensure the AWS account you are using to deploy has the following IAM roles. These IAM roles are required to deploy the AWS foundation stack offering. The foundation stack offering here refers to the base Ansible Automation Platform 2 deployment.

This blog details how to deploy Ansible Automation Platform on AWS and access the application. This deployment process will be configured to set up Ansible Automation Platform in its own Virtual Private Cloud (VPC) that it creates and manages. We also support deploying into an existing VPC.

To begin, first log into your Commercial AWS account. If you have a private offer, ensure that these are accepted for both the foundation and extension node offerings.

Note: 

  • The foundation offer refers to the “Red Hat Ansible Automation Platform 2 - Up to 100 Managed Nodes” marketplace item. 
  • The extension node offer refers to Continue reading

Welcome to the Ansible Lightspeed with IBM Watson Code Assistant Technical Preview

Screenshot 2023-06-05 at 3.31.19 PM

Welcome to the Ansible Lightspeed with IBM Watson Code Assistant Technical Preview

By Craig Brandt

At Red Hat Summit and AnsibleFest 2023, we announced Ansible Lightspeed with IBM Watson Code Assistant, a new generative AI service for Ansible automation. Today, we are thrilled to announce the Ansible Lightspeed technical preview launch.

In this blog, we’ll walk through the steps to access the Ansible Lightspeed with IBM Watson Code Assistant technical preview service and get it up and running in your Visual Studio Code environment. Then we’ll share more about what you can expect from the experience and how to generate your first Ansible tasks with generative AI.

This is exciting stuff, so let’s dive right in.

Technical Preview: Empowering Ansible Users with AI

Ansible Lightspeed with IBM Watson Code Assistant is a purpose-built generative AI tool that aims to streamline the creation of Ansible content. This capability is natively integrated into your VS Code editor via the Ansible VS Code extension. The AI capabilities are powered by Watson Code Assistant, a foundation model trained on Ansible Galaxy, GitHub, and other open sources of data.

The technical preview is open and available, free of charge, to all Ansible users. As more users engage with Continue reading

How IT pros can benefit from generative AI safely

The enterprise IT landscape is littered with supposedly paradigm-shifting technologies that failed to live up to the hype, and until now, one could argue that AI fell into that category. But generative AI, which has taken the world by storm in the form of OpenAI’s ChatGPT chatbot, just might be the real deal.Chris Bedi, chief digital information officer at ServiceNow, says the release of ChatGPT last November was “an iPhone moment,” an event that captured the public’s attention in a way that “changed everything forever.” He predicts that generative AI will become embedded into the fabric of every enterprise, and he recommends that CIOs and other IT leaders should begin now to develop their generative AI strategies.To read this article in full, please click here

How IT pros can benefit from generative AI safely

The enterprise IT landscape is littered with supposedly paradigm-shifting technologies that failed to live up to the hype, and intil now, one could argue that AI fell into that category. But generative AI, which has taken the world by storm in the form of OpenAI’s ChatGPT chatbot, just might be the real deal.Chris Bedi, chief digital information officer at ServiceNow, says the release of ChatGPT last November was “an iPhone moment,” an event that captured the public’s attention in a way that “changed everything forever.” He predicts that generative AI will become embedded into the fabric of every enterprise, and he recommends that CIOs and other IT leaders should begin now to develop their generative AI strategies.To read this article in full, please click here

Welcome to the Ansible Lightspeed with IBM Watson Code Assistant Technical Preview

Welcome to the Ansible Lightspeed with IBM Watson Code Assistant Technical Preview

At Red Hat Summit and AnsibleFest 2023, we announced Ansible Lightspeed with IBM Watson Code Assistant, a new generative AI service for Ansible automation. Today, we are thrilled to announce the Ansible Lightspeed technical preview launch.

In this blog, we'll walk through the steps to access the Ansible Lightspeed with IBM Watson Code Assistant technical preview service and get it up and running in your Visual Studio Code environment. Then we'll share more about what you can expect from the experience and how to generate your first Ansible tasks with generative AI.

This is exciting stuff, so let's dive right in.

Technical Preview: Empowering Ansible Users with AI

Ansible Lightspeed with IBM Watson Code Assistant is a purpose-built generative AI tool that aims to streamline the creation of Ansible content. This capability is natively integrated into your VS Code editor via the Ansible VS Code extension. The AI capabilities are powered by Watson Code Assistant, a foundation model trained on Ansible Galaxy, GitHub, and other open sources of data.

The technical preview is open and available, free of charge, to all Ansible users. As more users engage with Ansible Lightspeed, the Continue reading

Weekend Reads 062323


The US Federal Communications Commission (FCC)’s proposal to offer shared access to the 42 GHz band could open the door to a raft of new service providers and business models.


Artificial intelligence (AI) might be all fun and games now, but the coming effects will be devastating, one top investment bank says.


For a long time, arguments about the meaning of “DNS Abuse” prevented fruitful discussions within the ICANN community on when and how it is appropriate to act at the level of the DNS to address abuses online.


Despite slow progress, NetSecOpen — a group of network-security companies and hardware testing organizations — aims to have its testing and benchmark standards in place by later this year.


In this post, we’d like to share our learnings and statistics about the latest Linux kernel exploit submissions, how effective our mitigations are against them, what we do to protect our users, and, finally, how we are changing our program to align incentives to the areas we are most interested in.


Yet more sophisticated attacks are happening over Teams and Slack. People just don’t realize it because they view these apps as internal tools and aren’t taking the necessary steps to secure Continue reading

Worth Reading: Always the Same Warning Signs

Found an interesting article describing the shenanigans of a biotech startup. Admittedly, it has nothing to do with networking apart from the closing paragraph…

But people will find all sorts of ways to believe what they want to believe, to avoid hearing things that they don’t want to hear, and to avoid thinking about things that are too worrisome to contemplate.

… which is a perfect description of why people believe in centralized control planes, flow-based forwarding, or long-distance vMotion.

Worth Reading: Always the Same Warning Signs

Found an interesting article describing the shenanigans of a biotech startup. Admittedly, it has nothing to do with networking apart from the closing paragraph…

But people will find all sorts of ways to believe what they want to believe, to avoid hearing things that they don’t want to hear, and to avoid thinking about things that are too worrisome to contemplate.

… which is a perfect description of why people believe in centralized control planes, flow-based forwarding, or long-distance vMotion.

Hedge 183: Mike Bushong on Operational Excellence

What’s next for network engineering? While we normally think of answers to this question in terms of technology, Mike Bushong joins this episode of the Hedge to argue the future is in operations—and operational excellence. Join Mike, Tom, and Russ as we discuss how the importance of operating a network is impacting the design of hardware, software, and networks.

download

How we scaled and protected Eurovision 2023 voting with Pages and Turnstile

How we scaled and protected Eurovision 2023 voting with Pages and Turnstile
How we scaled and protected Eurovision 2023 voting with Pages and Turnstile

2023 was the first year that non-participating countries could vote for their favorites during the Eurovision Song Contest, adding millions of additional viewers and voters to an already impressive 162 million tuning in from the participating countries. It became a truly global event with a potential for disruption from multiple sources. To prepare for anything, Cloudflare helped scale and protect the voting application, used by millions of dedicated fans around the world to choose the winner.

In this blog we will cover how once.net built their platform based.io to monitor, manage and scale the Eurovision voting application to handle all traffic using many Cloudflare services. The speed with which DNS changes made through the Cloudflare API propagate globally allowed them to scale their backend within seconds. At the same time, Cloudflare Pages was ready to serve any amount of traffic to the voting landing page so fans didn’t miss a beat. And to cap it off, by combining Cloudflare CDN, DDoS protection, WAF, and Turnstile, they made sure that attackers didn’t steal any of the limelight.

The unsung heroes

Based.io is a resilient live data platform built by the once.net team, with the capability to scale Continue reading

1 227 228 229 230 231 3,795