Community Spotlight series: Calico Open Source user insights from Saurabh Mishra

In this issue of the Calico Community Spotlight series, I’ve asked Saurabh Mishra from Vodafone to share his experience with Kubernetes and Calico Open Source. Let’s take a look at how Saurabh started his Kubernetes journey and the insights he gained from Calico Open Source.

Q: Please tell us a little bit about yourself, including where you currently work and what you do there. 

I am working as a DevOps Manager with Vodafone Group. I am responsible for managing Kubernetes and cloud-based environments. I’m particularly interested in all things related to cloud, automation, machine learning, and DevOps.

Q: What orchestrator(s) have you been using?

Kubernetes.

Q: What cloud infrastructure(s) has been a part of your projects?

Amazon Elastic Kubernetes Service (EKS) and Google Kubernetes Engine (GKE).

Q: There are many people who are just getting started with Kubernetes and might have a lot of questions. Could you please talk a little bit about your own journey?

Kubernetes is a fully open-source project. It’s purposely designed this way so it can work with other open-source tools to create continuous improvements and innovations.  In our team, we are using Kubernetes in non-production and production environments to run and manage critical Continue reading

Take Ansible validated content to the next level with Event-Driven Ansible

Validated content with event-driven ansible twitter (1)

Cloud computing has become an essential factor in IT transformation and business innovation. The highly dynamic nature of cloud environments, where new resources are constantly being added and removed, poses new challenges. One of the main challenges organizations face is the lack of visibility into the cloud environment. As cloud computing continues to grow in complexity, it can be challenging to keep track of all the different resources and applications that make up the infrastructure. This lack of visibility can make it difficult to maintain security policies and configurations, making the infrastructure vulnerable to attacks.

In this context, another challenge is the need to maintain compliance with industry regulations and standards. Depending on the industry and location, there may be specific regulations that organizations must comply with when storing and processing sensitive data in the cloud. Ensuring compliance can be a time-consuming and costly process.

Without automation and proactive monitoring, cloud environments are difficult and complex to manage. In this context, Ansible offers a plethora of tools, such as Ansible validated content and Event-Driven Ansible, that can help you to successfully mitigate security threats while also streamlining your operations and reducing costs.

In this blog post, we will show you Continue reading

AWS secures access to cloud apps without using VPNs

Amazon Web Services has launched a service that secures user access to its cloud applications without requiring a VPN.AWS Verified Access, which the company previewed last November, validates every application request using Zero Trust principles before granting access to applications. Since AWS previewed the networking service, it has added two new features: AWS Web Application Firewall (WAF) and the ability to pass signed identity context to customers’ application endpoints.To read this article in full, please click here

AWS secures access to cloud apps without using VPNs

Amazon Web Services has launched a service that secures user access to its cloud applications without requiring a VPN.AWS Verified Access, which the company previewed last November, validates every application request using Zero Trust principles before granting access to applications. Since AWS previewed the networking service, it has added two new features: AWS Web Application Firewall (WAF) and the ability to pass signed identity context to customers’ application endpoints.To read this article in full, please click here

Cloudflare is faster than Netskope and Zscaler across LATAM

Cloudflare is faster than Netskope and Zscaler across LATAM

This post is also available in Español and Português.

Cloudflare is faster than Netskope and Zscaler across LATAM

Last CIO Week, we showed you how our network stacks up against competitors across several countries. We demonstrated with our tests that Cloudflare Access is 38% faster than ZScaler (ZPA) worldwide.

Today we wanted to focus on LATAM and show how our network performed against Zscaler and Netskope in Argentina, Brazil, Chile, Colombia, Costa Rica, Ecuador, Mexico, Peru, Uruguay and Venezuela.

With 47 data centers across Latin America and Caribbean, Cloudflare has the largest number of SASE Points of Presence across all vendors, meaning we can offer our Zero Trust services closer to the end user and reduce unwanted latency.

Cloudflare is faster than Netskope and Zscaler across LATAM

We’ve run a series of tests comparing our Zero Trust Network Access product against Zscaler and Netskope’s comparable products.

For each of these tests, we used 95th percentile Time to First Byte and Response tests, which measure the time it takes for a user to make a request, and get the start of the response (Time to First Byte), and the end of the response (Response). These tests were designed with the goal of trying to measure performance from an end-user perspective.

In this blog we’re going to talk about Continue reading

How to handle IT vendors’ worst bad habits

Most enterprises have what they describe as a cordial relationship with their network vendors, but roughly a third say their relationship is guarded, and more than a few say it’s suspicious. That’s a pretty broad range of views, but every enterprise I’ve chatted with says there are things they don’t want their vendors to do, and don’t like it if the vendors do them. Most also say they take steps to prevent these things, and the steps they recommend are really interesting.Vendors shouldn’t finger-point The top don’t-do for vendors by far is finger-pointing, meaning trying to deflect responsibility for an issue by blaming someone else. I remember well a meeting where the CIO of a healthcare company sprained his shoulder when he threw a ten-pound, bound listing of problem proofs at a network vendor VP who didn’t want to admit responsibility. (He him square in the chest, by the way.)  This is surely an extreme reaction, but every single enterprise in the over-200 I’ve talked to about this in the last year said that their network vendors had evaded a problem or obstructed problem determination at least once.To read this article in full, please click here

Certifications that can land you a job as a network-automation engineer

Modern networks require more dynamic changes than traditional networks, and the solution to building these dynamic capabilities is network automation, which means the job of network engineers is changing.Historically, network reconfigurations required manual work that might require network downtime while changes were made. Network automation has the potential to mitigate this downtime by re-routing network traffic or scheduling the downtime for off-peak hours.To meet the challenges of this change, traditionally trained network engineers may benefit from certifications in automation. Engineers need ways to minimize the time-consuming, error-prone manual changes that ever-changing workloads demand.To read this article in full, please click here

Small Site EBGP-Only Design

One of my subscribers found an unusual BGP specimen in the wild:

  • It was a small site with two core switches and a WAN edge router
  • The site had VPN concentrators running in virtual machines
  • The WAN edge router was running BGP across WAN IPsec tunnels
  • The VPN concentrators were running BGP with core switches.

So far so good, and kudos to whoever realized BGP is the only sane protocol to run between virtual machines and network core. However, the routing in the network core was implemented with EBGP sessions between the three core devices, and my subscriber thought the correct way to do it would be to use IBGP and OSPF.

Read more …

Small Site EBGP-Only Design

One of my subscribers found an unusual BGP specimen in the wild:

  • It was a small site with two core switches and a WAN edge router
  • The site had VPN concentrators running in virtual machines
  • The WAN edge router was running BGP across WAN IPsec tunnels
  • The VPN concentrators were running BGP with core switches.

So far so good, and kudos to whoever realized BGP is the only sane protocol to run between virtual machines and network core. However, the routing in the network core was implemented with EBGP sessions between the three core devices, and my subscriber thought the correct way to do it would be to use IBGP and OSPF.

Read more …

The Skills Gap For Fortran Looms Large In HPC

Back in the dawn of time, which is four decades ago in computer science and which was before technical computing went mainstream with the advent of Unix workstations and their beefy server cousins, the computer science students we knew at college had taught themselves BASIC on either TRS-80s or Commodore VICs and they went to college to learn something useful like COBOL and maybe got a smattering of C and Pascal, or occasionally even RPG, for variety.

The Skills Gap For Fortran Looms Large In HPC was written by Timothy Prickett Morgan at The Next Platform.

RSAC 2023 interview: Tigera talks cloud-native security on theCUBE

During RSA Conference 2023, Utpal Bhatt sat down with SiliconANGLE & theCUBE host, John Furrier, to talk cloud-native security. Watch the full interview below.

 

Here’s a sneak peak of what’s inside…

“Cloud-native applications have fundamentally changed how security gets done. There are a lot of challenges that cloud-native applications bring to the table, given their large attack surface. You have attack vectors in your coding, CI/CD pipeline, deployment, and runtime. And I think that’s what organizations are realizing, that hey, this is fundamentally a different kind of architecture and we need to look at it differently.” —Utpal Bhatt, CMO at Tigera

“Cloud-native applications have fundamentally changed how security gets done. And there are a lot of challenges that cloud-native applications bring to the table, which is what organizations are realizing. If you think about organizations moving into the cloud, the majority have traditionally done a lift and shift. But now they’re recognizing that in order to get the economics right, they need to start developing cloud-native technologies, which are highly distributed, ephemeral, and transient. So all your standard security tools just really don’t work in that environment because you have a really large Continue reading

US, EU pressure Malaysia to bar Huawei hardware from 5G network

The US and the EU have put heavy diplomatic pressure on the government of Malaysia, urging it to bar Chinese networking equipment vendor Huawei from its state-owned 5G network, according to the Financial Times.Letters from the US ambassador to the country, Brian McFeeters, and from the head of the EU delegation to Malaysia, Michalis Rokas, warned of potential legal problems and national security issues, if the country succumbs to what the Financial Times described as heavy lobbying by Huawei.“Senior officials in Washington agree with my view that upending the existing model would undermine the competitiveness of new industries, stall 5G growth in Malaysia, and harm Malaysia’s business-friendly image internationally,” wrote McFeeters, according to the Financial Times. “Allowing untrusted suppliers in any part of the network also subjects Malaysia’s infrastructure to national security risks.”To read this article in full, please click here

What you can’t do with Kubernetes network policies (unless you use Calico)

Kubernetes documentation clearly defines what use cases you can achieve using Kubernetes network policies and what you can’t. You are probably familiar with the scope of network policies and how to use them to secure your workload from undesirable connections. Although it is possible to cover the basics with Kubernetes native network policies, there is a list of use cases that you cannot implement by just using these policies.

You can refer to the Kubernetes documentation to review the list of “What you can’t do with network policies (at least, not yet)”.

Here are some of the use cases that you cannot implement using only the native network policy API (transcribed from the Kubernetes documentation):

  • Forcing internal cluster traffic to go through a common gateway.
  • Anything TLS related.
  • Node specific policies.
  • Creation or management of “Policy requests” that are fulfilled by a third party.
  • Default policies which are applied to all namespaces or pods.
  • Advanced policy querying and reachability tooling.
  • The ability to log network security events.
  • The ability to explicitly deny policies.
  • The ability to prevent loopback or incoming host traffic (Pods cannot currently block localhost access, nor do they have the ability to block access from Continue reading

How we built Network Analytics v2

How we built Network Analytics v2
How we built Network Analytics v2

Network Analytics v2 is a fundamental redesign of the backend systems that provide real-time visibility into network layer traffic patterns for Magic Transit and Spectrum customers. In this blog post, we'll dive into the technical details behind this redesign and discuss some of the more interesting aspects of the new system.

To protect Cloudflare and our customers against Distributed Denial of Service (DDoS) attacks, we operate a sophisticated in-house DDoS detection and mitigation system called dosd. It takes samples of incoming packets, analyzes them for attacks, and then deploys mitigation rules to our global network which drop any packets matching specific attack fingerprints. For example, a simple network layer mitigation rule might say “drop UDP/53 packets containing responses to DNS ANY queries”.

In order to give our Magic Transit and Spectrum customers insight into the mitigation rules that we apply to their traffic, we introduced a new reporting system called "Network Analytics" back in 2020. Network Analytics is a data pipeline that analyzes raw packet samples from the Cloudflare global network. At a high level, the analysis process involves trying to match each packet sample against the list of mitigation rules that dosd has deployed, so that it can Continue reading

Heavy Networking 677: US Networking User Association – Meetups For Network Engineers

You ever want a group of fellow networking nerds to hang with once in a while? The US Networking User Association might be exactly what you’re looking for. With local networking user groups popping up in various places all over the US and soon other countries, the USNUA is fostering community and knowledge sharing for networkers everywhere. On today's Heavy Networking we speak with Jason Gintert and Chris Kane, two of the folks behind the USNUA organization, to discuss what the USNUA is, and how you can work with them to get a NUG started in your area.

Heavy Networking 677: US Networking User Association – Meetups For Network Engineers

You ever want a group of fellow networking nerds to hang with once in a while? The US Networking User Association might be exactly what you’re looking for. With local networking user groups popping up in various places all over the US and soon other countries, the USNUA is fostering community and knowledge sharing for networkers everywhere. On today's Heavy Networking we speak with Jason Gintert and Chris Kane, two of the folks behind the USNUA organization, to discuss what the USNUA is, and how you can work with them to get a NUG started in your area.

The post Heavy Networking 677: US Networking User Association – Meetups For Network Engineers appeared first on Packet Pushers.

1 229 230 231 232 233 3,765