The Overlay Problem: Getting In and Out

I've been researching overlay network strategies recently. There are plenty of competing implementations available, employing various encapsulations and control plane designs. But every design I've encountered seems ultimately hampered by the same issue: scalability at the edge.

Why Build an Overlay?

Imagine a scenario where we've got 2,000 physical servers split across 50 racks. Each server functions as a hypervisor housing on average 100 virtual machines, resulting in a total of approximately 200,000 virtual hosts (~4,000 per rack).

In an ideal world, we could allocate a /20 of IPv4 space to each rack. The top-of-rack (ToR) L3 switches in each rack would advertise this /20 northbound toward the network core, resulting in a clean, efficient routing table in the core. This is, of course, how IP was intended to function.

Unfortunately, this approach isn't usually viable in the real world because we need to preserve the ability to move a virtual machine from one hypervisor to another (often residing in a different rack) without changing its assigned IP address. Establishing the L3 boundary at the ToR switch prevents us from doing this efficiently.

Continue reading · 22 comments

The Overlay Problem: Getting In and Out

I've been researching overlay network strategies recently. There are plenty of competing implementations available, employing various encapsulations and control plane designs. But every design I've encountered seems ultimately hampered by the same issue: scalability at the edge.

Why Build an Overlay?

Imagine a scenario where we've got 2,000 physical servers split across 50 racks. Each server functions as a hypervisor housing on average 100 virtual machines, resulting in a total of approximately 200,000 virtual hosts (~4,000 per rack).

In an ideal world, we could allocate a /20 of IPv4 space to each rack. The top-of-rack (ToR) L3 switches in each rack would advertise this /20 northbound toward the network core, resulting in a clean, efficient routing table in the core. This is, of course, how IP was intended to function.

Unfortunately, this approach isn't usually viable in the real world because we need to preserve the ability to move a virtual machine from one hypervisor to another (often residing in a different rack) without changing its assigned IP address. Establishing the L3 boundary at the ToR switch prevents us from doing this efficiently.

Continue reading · 23 comments

The Overlay Problem: Getting In and Out

I've been researching overlay network strategies recently. There are plenty of competing implementations available, employing various encapsulations and control plane designs. But every design I've encountered seems ultimately hampered by the same issue: scalability at the edge.

Why Build an Overlay?

Imagine a scenario where we've got 2,000 physical servers split across 50 racks. Each server functions as a hypervisor housing on average 100 virtual machines, resulting in a total of approximately 200,000 virtual hosts (~4,000 per rack).

In an ideal world, we could allocate a /20 of IPv4 space to each rack. The top-of-rack (ToR) L3 switches in each rack would advertise this /20 northbound toward the network core, resulting in a clean, efficient routing table in the core. This is, of course, how IP was intended to function.

Unfortunately, this approach isn't usually viable in the real world because we need to preserve the ability to move a virtual machine from one hypervisor to another (often residing in a different rack) without changing its assigned IP address. Establishing the L3 boundary at the ToR switch prevents us from doing this efficiently.

Continue reading · 4 comments

Ransomware spreads through weak remote desktop credentials

Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they've also become a common distribution method for file-encrypting ransomware.In March, researchers discovered a ransomware program dubbed Surprise that was being installed through stolen credentials for TeamViewer, a popular remote administration tool. But the trend had started long before that, with some ransomware variants being distributed through brute-force password guessing attacks against Remote Desktop Protocol (RDP) servers since 2015.While this method of infection was initially used by relatively obscure ransomware programs, recently it has been adopted by an increasing number of cybercriminals, including those behind widespread ransomware programs such as Crysis.To read this article in full or to leave a comment, please click here

Ransomware spreads through weak remote desktop credentials

Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they've also become a common distribution method for file-encrypting ransomware.In March, researchers discovered a ransomware program dubbed Surprise that was being installed through stolen credentials for TeamViewer, a popular remote administration tool. But the trend had started long before that, with some ransomware variants being distributed through brute-force password guessing attacks against Remote Desktop Protocol (RDP) servers since 2015.While this method of infection was initially used by relatively obscure ransomware programs, recently it has been adopted by an increasing number of cybercriminals, including those behind widespread ransomware programs such as Crysis.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Wi-Fi can be used to identify people in IoT locations

Wi-Fi signals can be used to unobtrusively identify different people at a location, such as home. It promises to replace other forms of identification in those domestic environments, Chinese scientists say.The system works by identifying body shapes along with the unique way that individuals move in a room. Those characteristics influence Wi-Fi propagation, researchers from Northwestern Polytechnical University in Xi’an claim. The Wi-Fi is affected by the people in the room, and that impact on the wireless access point can be detected and interpreted, they say.INSIDER: 5 ways to prepare for Internet of Things security threats “Each person has specific influence patterns to the surrounding Wi-Fi signal while moving indoors, regarding their body shape characteristics and motion patterns,” the team writes in an abstract to their paper, published in August.To read this article in full or to leave a comment, please click here

Researchers make progress toward computer video recognition

Computers can already recognize you in an image, but can they see a video or real-world objects and tell exactly what's going on? Researchers are trying to make computer video recognition a reality, and they are using some image recognition techniques to make that happen. Researchers in and outside of Google are making progress in video recognition, but there are also challenges to overcome, Rajat Monga, engineering director of TensorFlow for Google's Brain team, said during a question-and-answer session on Quora this week. The benefits of video recognition are enormous. For example, a computer will be able to identify a person's activities, an event, or a location. Video recognition will also make self-driving cars more viable.To read this article in full or to leave a comment, please click here

How businesses are turning tech into robot toil

See how businesses are using robots to advance their trades Image by Martyn Williams The RoboBusiness conference in San Jose is all about creating business advantages through the use of robotic helpers. Case in point: the Navii shopping assistant from Fellow Robotics, that can greet customers, ask them if they need help, and then guide them to the item they need. Navii will be working in 11 Lowe’s stores around the San Francisco Bay area beginning this fall.To read this article in full or to leave a comment, please click here

Four state AGs sue to block US decision to cede key internet role

A judge in Texas has fixed for Friday the hearing in a suit filed by four state attorneys general against a decision by the U.S. to transfer by month end oversight of some key internet technical functions to a multistakeholder body.The attorneys general of Arizona, Oklahoma, Nevada and Texas filed late Wednesday a suit asking the federal court for a temporary restraining order and preliminary injunction on the proposed transfer of the Internet Assigned Numbers Authority (IANA) functions to the Internet Corporation for Assigned Names and Numbers.ICANN, under contract with the Department of Commerce, administers the IANA functions, which include responsibility for the coordination of the DNS (Domain Name System) root, IP addressing, and other internet protocol resources. The National Telecommunications and Information Administration (NTIA), an agency within the Commerce Department, said last month it will go ahead with its plan to transfer supervision of the IANA functions to a multistakeholder body on Oct. 1, in line with a plan first announced in March 2014.To read this article in full or to leave a comment, please click here

Four state AGs sue to block US decision to cede key internet role

A judge in Texas has fixed for Friday the hearing in a suit filed by four state attorneys general against a decision by the U.S. to transfer by month end oversight of some key internet technical functions to a multistakeholder body.The attorneys general of Arizona, Oklahoma, Nevada and Texas filed late Wednesday a suit asking the federal court for a temporary restraining order and preliminary injunction on the proposed transfer of the Internet Assigned Numbers Authority (IANA) functions to the Internet Corporation for Assigned Names and Numbers.ICANN, under contract with the Department of Commerce, administers the IANA functions, which include responsibility for the coordination of the DNS (Domain Name System) root, IP addressing, and other internet protocol resources. The National Telecommunications and Information Administration (NTIA), an agency within the Commerce Department, said last month it will go ahead with its plan to transfer supervision of the IANA functions to a multistakeholder body on Oct. 1, in line with a plan first announced in March 2014.To read this article in full or to leave a comment, please click here

16 useful Windows 10 tools that help you get more done

Getting more doneImage by Adam Patrick MurrayNone of us like wasting time when we’re trying to get stuff done. Every second spent shuffling around open windows or navigating menus is precious time not spent achieving your goals. Fortunately, Microsoft stuffed Windows with all sorts of secretly powerful tools, as we’ve covered in-depth in both 17 obscure Windows tools and tricks too powerful to overlook and 15 simple, secret Windows tips and tricks designed to save you time.To read this article in full or to leave a comment, please click here

How to get started with widgets in iOS 10

iOS 10 has turned your iPhone’s screen into a new hub for widgets—just swipe left on the lock page or home screen to check it out. But what even are widgets? Just think of them as app extensions or glances that offer you quick, digestible information without you having to actually open a single app. You can even see your widgets without unlocking your iPhone, making it either really convenient or potentially invasive.Widgets are perfect for checking the weather, your calendar, and the battery percentages on your connected devices. But widgets are also great for performing common tasks with as few taps as possible, like calling your best friend or Shazaming a song at a coffeeshop. The level of information and functionality varies, so you really have to try them out and see what works best for you. Here’s a few tips on how to get started with widgets in iOS 10.To read this article in full or to leave a comment, please click here

IDG Contributor Network: The Emergency Alert System test: Lesson learned, catastrophe averted

If you were watching TV at 2:20 p.m. EDT, Wednesday, Sept. 28, you would have heard and seen a test of the Emergency Alert System. You might not have thought much about it, as similar tests have been done in the past.What made this test different was that it was a retest of a failed EAS test conducted five years ago. A live code was used to activate a national Emergency Action Notification (EAN) message that was broadcast. Five years ago, the test failed—some heard audio but saw no text, while some saw text but heard no audio. On Wednesday, the test was a success—the audio and text were successfully transmitted.To read this article in full or to leave a comment, please click here

Distributed On-Demand Network Testing (ToDD) with Matt Oswalt

In March 2016 my friend Matt Oswalt announced a distributed network testing framework that he used for validation in his network automation / continuous integration projects. Initial tests included ping and DNS probes, and he added HTTP testing in May 2016.

The project continues to grow (and already got its own Github and documentation page) and Matt was kind enough to share the news and future plans in Episode 63 of Software Gone Wild.

To ask questions about the project, join the Todd channel on networktocode Slack team (self-registration at slack.networktocode.com)

Listen to the podcast

Introducing Dedicated SSL Certificates

When we launched Universal SSL in September 2014 we eliminated the costly and confusing process of securing a website or application with SSL, and replaced it with one free step: sign up for Cloudflare.

CC BY 2.0 image by JD Hancock

When you complete the sign-up process, we batch your domain together with a few dozen other recently signed-up domains, and fire off a request to one of our Certificate Authority (CA) partners. The CA then sends us back a shared certificate covering the root (e.g. example.com) and top-level wildcard (e.g. *.example.com) of your domain, along with the hostnames of the other customers in the request. We then package this shared certificate with its encrypted private key and distribute it to our datacenters around the world, ensuring that your visitors’ HTTPS sessions are speedy no matter where they originate.

Since that process was created, we have used it to secure millions of domains with free Universal SSL certificates and helped make the Internet a faster and more secure place.

More control and personalization

But along the way we heard from customers who wanted more control over the certificates used for their domains. They want Continue reading

LXLE: A Linux distro to give new life to old hardware

I’ll bet that somewhere, perhaps at home and most likely at work, you’ve got some old hardware lying around. What to do with it? It still works but what’s it running? Windows XP? Vista? Windows 7 Starter or Home Basic?Yep, you’re stuck on some old version of Windows but moving that machine up to a newer version of Windows could be tricky ‘cause one or more of those old graphics cards and printer drivers have probably have fallen out of the update cycle. Even if those subsystems are still available, you’ll still have a problem as the newer OSs' are pretty much guaranteed to suck the life out of old processors with the result that performance and therefore usability will be marginal at best. To read this article in full or to leave a comment, please click here

iPhone 8 to feature glass casing and stainless steel frame

Aside from a completely new form factor, Apple’s 2017 iPhone -- a device that will reportedly be called the iPhone 8 – will also employ some interesting new materials. According to a new research report from reputed analyst Ming-Chi Kuo, Apple is planning to use a glass casing on its next-gen iPhone model.Kuo’s report, per MacRumors, adds that the iPhone 8’s glass casing will be strengthened by a stainless steel frame, at least on the higher-end models. Metal frame can be stainless steel or aluminum, with former more likely for high-end models. As all-glass casing is not possible at present given technological bottlenecks, a metal frame surrounding the edge is necessary for reinforced structure design. As stainless steel has a better look than aluminum and costs more, we expect only high-end new iPhone models to come with a stainless steel frame next year.To read this article in full or to leave a comment, please click here

1 2,610 2,611 2,612 2,613 2,614 3,819