Exploring AKS networking options

At Kubecon 2023 in Amsterdam, Azure made several exciting announcements and introduced a range of updates and new options to Azure-CNI (Azure Container Networking Interface). These changes will help Azure Kubernetes Services (AKS) users to solve some of the pain points that they used to face in previous iterations of Azure-CNI such as IP exhaustion and big cluster deployments with custom IP address management (IPAM). On top of that, with this announcement Microsoft officially added an additional dataplane to the Azure platform.

The big picture

Worker nodes in an AKS (Azure Kubernetes Service) cluster are Azure VMs pre-configured with a version of Kubernetes that has been tested and certified by Azure. These clusters communicate with other Azure resources and external sources (including the internet) via the Azure virtual network (VNet).

Now, let’s delve into the role of the dataplane within this context. The dataplane operations take place within each Kubernetes node. It is responsible for handling the communication between your workloads, and cluster resources. By default, an AKS cluster is configured to utilize the Azure dataplane, which Continue reading

NVIDIA DGX Cloud targets generative AI

NVIDIA DGX Cloud is an AI supercomputer in the cloud, designed for enterprise users with demanding needs and deep pockets. The offering comes as a complete software and hardware package for large-scale AI development, accessible via web browser.DGX Cloud gives enterprises the power to train modern AI workloads such as generative AI and large language models, says Charlie Boyle, NVIDIA's vice president of DGX Platforms. It combines an AI developer suite, workflow software, a high-performance infrastructure, direct access to NVIDIA AI experts, and 24/7 support.Market impact of generative AI Generative AI's arrival has sparked a rapid increase in demand for AI-based products and services. As a result, companies are racing to acquire the skills and infrastructure needed to leverage AI in their product development processes and business operations.To read this article in full, please click here

Tech Bytes: Modernizing Your Secure Web Gateway For A Distributed Workforce (Sponsored)

Today on the Tech Bytes podcast we explore Secure Web Gateways with sponsor Palo Alto Networks. Secure Web Gateways sit between users and Web traffic to enforce policies around Web and application access and inspect traffic for malware. We talk with Palo Alto Networks about customer challenges with secure Web gateways, innovations in Prisma Access Cloud Secure Web Gateways, and more.

Tech Bytes: Modernizing Your Secure Web Gateway For A Distributed Workforce (Sponsored)

Today on the Tech Bytes podcast we explore Secure Web Gateways with sponsor Palo Alto Networks. Secure Web Gateways sit between users and Web traffic to enforce policies around Web and application access and inspect traffic for malware. We talk with Palo Alto Networks about customer challenges with secure Web gateways, innovations in Prisma Access Cloud Secure Web Gateways, and more.

The post Tech Bytes: Modernizing Your Secure Web Gateway For A Distributed Workforce (Sponsored) appeared first on Packet Pushers.

Options For Connecting Your Private Cloud

The impulse to move absolute everything to the public cloud is coming to an end. Many companies are re-evaluating their strategies and adopting a hybrid model by bringing or migrating their workloads from the cloud to on-premises, mostly in the IaaS space. The main reasons companies are re-evaluating public cloud are cost, wanting total control […]

The post Options For Connecting Your Private Cloud appeared first on Packet Pushers.

Network Break 440: Broadcom Releases SONiC-Friendly Trident; Senator Requests Investigations Into Microsoft’s Shoddy Security

On this week's Network Break we discuss a new Broadcom ASIC, a request from US Senator Ron Wyden to three US agencies to investigate Microsoft for sloppy security practices, an Intel pledge to add AI to all its platforms, Juniper financial results, and more IT news.

The post Network Break 440: Broadcom Releases SONiC-Friendly Trident; Senator Requests Investigations Into Microsoft’s Shoddy Security appeared first on Packet Pushers.

Where To Park Your AI Cluster Is As Important As Procuring It

When we think about high performance computing, it is often in the context of liquid-cooled systems deployed in facilities specifically designed to accommodate their power and thermal requirements.

The post Where To Park Your AI Cluster Is As Important As Procuring It first appeared on The Next Platform.

Where To Park Your AI Cluster Is As Important As Procuring It was written by Tobias Mann at The Next Platform.

Amazon EC2 Credential Exfiltration: How It Happens and How to Mitigate It

An introduction to Amazon EC2 credentials

When you assign an Identity and Access Management (IAM) role to an Amazon Elastic Compute Cloud (EC2) instance, the short-term credentials for the role are made available via a web service known as the Instance Metadata Service (IMDS). The IMDS provides an HTTP endpoint for retrieving instance metadata such as the instance IP address, AWS Region the instance is running in, the Amazon Machine Image used to launch the instance, and the access key, secret access key, and session token associated with the instance's IAM role. The AWS documentation describes how to retrieve instance role credentials from IMDS. If you've seen or used the http://169.254.169.254 or http://fd00:ec2::254 endpoints, then you've seen/used IMDS.

Retrieval of instance role credentials from IMDS is the mechanism by which the AWS CLI and SDKs learn the credentials belonging to the instance's IAM role without you having to configure anything on the instance. Quoting the IAM documentation:

The AWS SDKs, AWS CLI, and Tools for Windows PowerShell automatically get the credentials from the EC2 Instance Metadata Service (IMDS) and use them.

This is great! It means you can start using the AWS CLI, SDKs, or Tools Continue reading

Weekend Reads 072823


Incredible as it may seem, US tax preparation companies using Google and Meta tracking technology have been sending sensitive information back to the megacorps, not to mention other tech firms, it is claimed.


The Federal Trade Commission (F.T.C.) sent a letter to OpenAI, the San Fransisco company responsible for creating ChatGPT, the Large Language Model that captured the world’s imagination in November of 2022.


Steganography is the art of hiding secret data in plain sight. It sounds kind of counter-intuitive, but you’d be surprised how effective it is.


On Wednesday, Microsoft announced that Chinese hackers had managed to secretly access email accounts belonging to 25 different organizations across the country, including government agencies.


But for a human to interact with this hardware, they must really know and understand how it works. The person must also know the order in which to give the computer various tasks to produce a meaningful result.


The UK’s Competition Market Authority (CMA) has provisionally cleared Broadcom’s proposed acquisition of VMWare, paving the way for the $61 billion deal to go ahead.


In 2021, we discussed a potential future shift from established public-key algorithms to so-called “post-quantum” algorithms, which may help protect sensitive Continue reading

Create a Samba Share and Use from in a Docker Container

Overview This article provides a step-by-step guide on how to create a Samba share from within a Docker container using Ubuntu Server as the host operating system. The tutorial covers two main topics: Installing and configuring Samba on an Ubuntu server Install Samba with sudo apt-get install samba -y Start and enable the Samba service Set a password for users who will access the share Creating a persistent Docker volume mapped to the Samba share: Create a new group and add users to it, setting permissions accordingly Create a persistent Docker volume with docker volume create –opt type=none –opt o=bind –opt device=/data public Deploying an NGINX container using the Docker volume: Mount the Docker volume to the /usr/share/nginx/html directory in the NGINX container Run a new NGINX instance with docker run -d –name nginx-samba -p 8090:80 -v public:/usr/share/nginx/html nginx Testing the setup: Verify that the index.html file is served correctly from the Samba share The article concludes by noting that this setup may not be suitable for production environments, but it can be useful for development or internal services/apps. Key takeaways: Install and configure Samba on an Ubuntu server Create a persistent Docker volume mapped to a shared directory Continue reading

Striking a Balance: Exploring Fairness in Buffer Allocation and Packet Scheduling

Recently, I’ve been contemplating the concept of fairness, and I see interesting parallels between being a parent and being a network professional. As human beings, we have an inherent, intuitive sense of fairness that manifests itself in various everyday situations. Let me illustrate this idea with a couple of hypothetical scenarios:

Scenario 1: Imagine I’m a parent with four young children, and I’ve ordered a pizza for them to share. If I want to divide the pizza fairly among the children, fairness would mean that each child receives an equal portion - in this case, one-quarter of the pizza.

Scenario 2: Now let’s say I’ve ordered another pizza for the same four children, but one of the kids only cares for pizza a little and will only eat one-tenth of his share. In this situation, it wouldn’t be fair for me to give that child who doesn’t like pizza more than one-tenth of the piece because the excess would go to waste. The fair way to divide the pizza would be to give the child who doesn’t like pizza a one-tenth portion and split the remaining nine-tenths evenly among the other three kids.

The approach mentioned in the second scenario Continue reading

Hedge 188: Sidewalk, Who’s Responsible?, and Data Breaches

It’s the last show of the month, which means it is time for a roundtable! Today we are discussing three news stories, including Amazon’s Sidewalk Labs, a court case in California involving Cisco and the Great Firewall of China, and yet another data breach.

In case you didn’t see it I’m uploading the rough *machine generated) transcript of each episode about a week after the episode airs. It takes a little time for the transcription to be created, and then for me to log back in and upload the file.

download

Bookkeeping Helps Intel Recover From Server Recession A Little

Accounting is something of an art, and companies always save some accounting tricks – perfectly legitimate items that meet the discerning eye of financial standards – to goose their numbers when they really need it.

The post Bookkeeping Helps Intel Recover From Server Recession A Little first appeared on The Next Platform.

Bookkeeping Helps Intel Recover From Server Recession A Little was written by Timothy Prickett Morgan at The Next Platform.

Heavy Networking 692: Implementing Practical Network Automation – With Tony Bourke

If you’ve been staring down the barrel of network automation and wonder what the proper approach might be, today’s episode is for you. The Packet Pushers chat with Tony Bourke about what network automation tools and techniques have become the default standard, how to prepare your network and team for automation, and how to get started.

The post Heavy Networking 692: Implementing Practical Network Automation – With Tony Bourke appeared first on Packet Pushers.

Cloudflare Radar’s new BGP origin hijack detection system

Cloudflare Radar's new BGP origin hijack detection system
Cloudflare Radar's new BGP origin hijack detection system

Border Gateway Protocol (BGP) is the de facto inter-domain routing protocol used on the Internet. It enables networks and organizations to exchange reachability information for blocks of IP addresses (IP prefixes) among each other, thus allowing routers across the Internet to forward traffic to its destination. BGP was designed with the assumption that networks do not intentionally propagate falsified information, but unfortunately that’s not a valid assumption on today’s Internet.

Malicious actors on the Internet who control BGP routers can perform BGP hijacks by falsely announcing ownership of groups of IP addresses that they do not own, control, or route to. By doing so, an attacker is able to redirect traffic destined for the victim network to itself, and monitor and intercept its traffic. A BGP hijack is much like if someone were to change out all the signs on a stretch of freeway and reroute automobile traffic onto incorrect exits.

Cloudflare Radar's new BGP origin hijack detection system

You can learn more about BGP and BGP hijacking and its consequences in our learning center.

At Cloudflare, we have long been monitoring suspicious BGP anomalies internally. With our recent efforts, we are bringing BGP origin hijack detection to the Cloudflare Radar platform, sharing our detection results with the Continue reading

1 250 251 252 253 254 3,837