Traffic Control: Live Demo

CC BY 2.0 image by Brian Hefele

Cloudflare helps customers control their own traffic at the edge. One of two products that we introduced to empower customers to do so is Cloudflare Traffic Control.

Traffic Control allows a customer to rate limit, shape or block traffic based on the rate of requests per client IP address, cookie, authentication token, or other attributes of the request. Traffic can be controlled on a per-URI (with wildcards for greater flexibility) basis giving pinpoint control over a website, application, or API.

Cloudflare has been dogfooding Traffic Control to add more granular controls against Layer 7 DOS and brute-force attacks. For example, we've experienced attacks on cloudflare.com from more than 4,000 IP addresses sending 600,000+ requests in 5 minutes to the same URL but with random parameters. These types of attacks send large volumes of HTTP requests intended to bring down our site or to crack login passwords.

Traffic Control protects websites and APIs from similar types of bad traffic. By leveraging our massive network, we are able to process and enforce rate limiting near the client, shielding the customer's application from unnecessary load.

To make this more concrete, let's look at a Continue reading

Worth Reading: What is segment routing?

Do you remember source routing, used in token ring bridging networks? If you’re relatively new to networking, you may not know about it. In source routing, the hosts determine the path to take through the network and build a frame header that specifies the forwarding nodes that the frame should pass through as it goes from source to destination. The token ring implementation typically used special frames called explorer packets to discover the set of paths from source to destination. Too many explorer packets could cause overloading problems with the network nodes (source route bridges) and with the hosts that had to process them, much like a broadcast storm in Ethernet networks. —Netcraftsmen

The post Worth Reading: What is segment routing? appeared first on 'net work.

Android malware that can infiltrate corporate networks is spreading

An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks.DressCode, a family of Android malware, has been found circulating in at least 3,000 Trojanized apps, security firm Trend Micro said on Friday.DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app.To read this article in full or to leave a comment, please click here

Show 308: Moving To The Cloud (And Back)

Todays free-ranging episode discusses why organizations move to the cloud, what they gain & what they lose. They also look at how network management and monitoring is changing, and the relentless move to open networking. The post Show 308: Moving To The Cloud (And Back) appeared first on Packet Pushers.

Nutanix Shares Double in Value After IPO

IT officially has a new $2B company.

Softbank chief explains why Steve Jobs inspired the ARM purchase

By any measure, Softbank is one massive conglomerate. It owns all or a chunk of Sprint, Vodaphone, ARM Holdings and Alibaba Group, among its many investments. The ARM deal was perhaps the oddest, and most expensive at $32 billion. The claim at the time of the purchase was it would give Softbank a window into the Internet of Things (IoT). But according to Softbank’s CEO, the reasoning goes back much further.Founder and CEO Masayoshi Son told Nikkei Asian Review that he'd had his eye on ARM for more than a decade, and it was due to a meeting with the late Steve Jobs.To read this article in full or to leave a comment, please click here

Unix tips: Saving time by repeating history

Getting work done faster on the command line is one of the never changing goals of Unix sysadmins. And one way to do this is to find easy ways to reuse commands that you have entered previously – particularly if those commands are complex or tricky to remember. Some of the ways we do this include putting the commands in scripts and turning them into aliases. Another way is to reissue commands that you have entered recently by pulling them from your command history and reusing them with or without changes. The easiest and most intuitive way to reissue commands is by using the up and down arrows on your keyboard to scroll through previously entered commands. How far back you can scroll will depend on the size of your history buffer. Most people set their history buffers to hold something between 100 and 1,000 commands but some go way beyond that. Hitting the up arrow 732 times might try your patience, but there are are fortunately easy ways to get what you need without wearing out your finger tip! To make this post a little easier to follow, I'm using a modest HISTSIZE setting. You can view your Continue reading

Amazon Gets Serious About GPU Compute On Clouds

In the public cloud business, scale is everything – hyper, in fact – and having too many different kinds of compute, storage, or networking makes support more complex and investment in infrastructure more costly. So when a big public cloud like Amazon Web Services invests in a non-standard technology, that means something. In the case of Nvidia’s Tesla accelerators, it means that GPU compute has gone mainstream.

It may not be obvious, but AWS tends to hang back on some of the Intel Xeon compute on its cloud infrastructure, at least compared to the largest supercomputer centers and hyperscalers like …

Amazon Gets Serious About GPU Compute On Clouds was written by Timothy Prickett Morgan at The Next Platform.

SDxCentral Weekly News Roundup — September 30, 2016

EarthLink Holdings launched a SD-WAN service.

OpenDaylight Project Gets Its ‘Intel Inside’ Moment

Remember 2013, when so many of us doubted OpenDaylight?

You will be using mobile VR and AR in two years—even if you don’t believe it

Casual mobile virtual reality (VR) will eat the world when Google announces its Daydream VR platform with its six hardware partners in October. Within two years, millions of consumers will become accustomed to using augmented reality (AR) and VR, casually, like they use GPS and voice to text now because there will be a VR app for that—whatever that is. Extending VR into the mobile app ecosystem will produce VR use cases that haven’t dawned on the average consumer.+ Also on Network World: Google Daydream is a contrarian platform bet on mobile virtual reality +To read this article in full or to leave a comment, please click here

Grand Staircase

The post Grand Staircase appeared first on 'net work.

How Google Dealt with Pokémon GO Traffic 50 Times Beyond Expectations

Google Container Engine had to be upgraded on the fly.

Was Trump bitten by Twitter time-stamp bug that stung Alec Baldwin’s wife?

The answer is almost certainly no, but …If you’ve been following the political news today, one joyously mocked aspect of Donald Trump’s latest Twitter rant early this morning has been that one of the tweets was apparently sent at 3:20 a.m. I say apparently – despite the clearly visible 3:20 a.m. time-stamp – because Twitter time-stamps have been known to go haywire in the past, sometimes causing problems, such as when the bug made it appear that Alec Baldwin’s wife Hilaria had tweeted idle pleasantries during the June 2013 funeral of Sopranos star James Gandolfini. Hilaria had done no such thing, but erroneous reports to the contrary sparked by the bug caused her husband to blow a gasket.To read this article in full or to leave a comment, please click here

Splunk intent on extending cybersecurity leadership

I attended the Splunk user conference earlier this week (.Conf2016) and came away pretty impressed. Since I started watching Splunk years ago, the company climbed from a freemium log management and query tool for IT and security nerds to one of the leading security analytics and operations platform. Not surprisingly then, security now represents around 40 percent of Splunk’s revenue. Given the state of the cybersecurity market, Splunk wants to work with existing customers and get new ones to join in to build on this financial and market success.To that end, Splunk really highlighted three enhancements for its enterprise security product:1. An ecosystem and architecture for incident response. Splunk often acts as a security nexus for its customers, integrating disparate data into a common platform. It now wants to extend this position from analytics to incident response by building IR capabilities into its own software and extending this architecture to partners through APIs, workflows and automation. Splunk calls this adaptive response. For now, Splunk doesn’t see itself as an IR automation and orchestration platform for complex enterprise environments (in fact Phantom and ServiceNow were both exhibiting at the event), but it does want to use its Continue reading

Splunk intent on extending cybersecurity leadership

I attended the Splunk user conference earlier this week (.Conf2016) and came away pretty impressed. Since I started watching Splunk years ago, the company climbed from a freemium log management and query tool for IT and security nerds to one of the leading security analytics and operations platform. Not surprisingly then, security now represents around 40% of Splunk’s revenue.  Given the state of the cybersecurity market, Splunk wants to work with existing customers and get new ones to join in to build on this financial and market success.To that end, Splunk really highlighted three enhancements for its enterprise security product:1.      An ecosystem and architecture for incident response.  Splunk often acts as a security nexus for its customers, integrating disparate data into a common platform.  It now wants to extend this position from analytics to incident response by building IR capabilities into its own software and extending this architecture to partners through APIs, workflows, and automation.  Splunk calls this adaptive response.  For now, Splunk doesn’t see itself as an IR automation and orchestration platform for complex enterprise environments (in fact Phantom and ServiceNow were both exhibiting at the event) but it does Continue reading

White House asks: Do you need more data portability?

It’s a question of who controls your data – all of it. Think of all the data that say Apple, Google or Facebook or even your health care provider has collected on you and you wanted to remove it or move it elsewhere. It wouldn’t be easy.The White House Office of Science and Technology Policy (OSTP) has issued a request for information about how much is too much or too little data portability and what are the implications?+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+To read this article in full or to leave a comment, please click here

White House asks: Do you need more data portability?

It’s a question of who controls your data – all of it. Think of all the data that say Apple, Google or Facebook or even your health care provider has collected on you and you wanted to remove it or move it elsewhere. It wouldn’t be easy.The White House Office of Science and Technology Policy (OSTP) has issued a request for information about how much is too much or too little data portability and what are the implications?+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2016 (so far!)+To read this article in full or to leave a comment, please click here

Fun in the Lab: IWAN, LiveAction, Prime, UDP Director

Okay… so just some major geeky fun in the lab.  I had lots of fun doing it… so why not share it with you and let you in on some geeky fun? Thirty-eight minute YouTube with a PDF guide book.   Little bit of this… little bit of that.

• Lancope UDP Director,
• LiveAction,
• Spirent TestCenter,
• IWAN
• Prime.

Pdf of slides

Breakdown of YouTube sections and corresponding approximate timestamps:

• Overview – start til ~6 minutes in
• IWAN Policy & Status – 6:10 til 14:20
  • Check IWAN MC Policy & Status
  • At Store1 check IWAN status
  • Check traffic – EF & CS1
• Monitoring Traffic Flows: 14:20 til 20:20
  • In LiveAction see the traffic flows
  • In Prime’s new IWAN PfR monitoring look for traffic flows
• Lancope UDP Director & Troubleshooting: 20:20 – 27:20
  • Troubleshoot in Lancope UDP Director
  • Find missing forwarding rules
  • Fix missing forwarding rules
  • Sniffer Capture
• Monitoring Traffic Flows : 27:20 – 28:20
  • In Prime see the traffic flows
• Impairment & Traffic Flows: 28:20 – 38:00
  • Cause delay on MPLS at Store 1
  • Verify LiveAction, Prime and CLI all see the same

Why automation doubles IT outsourcing cost savings

Outsourcing consultancy and research firm Information Services Group (ISG) this week unveiled a new research report to quantify the cost savings and productivity gains from automating IT services.The inaugural Automation Index shows improvements in productivity fueled by automation can more than double the cost savings typically derived from outsourcing IT. Total cost reduction ranged from 26 percent to 66 percent, depending on the service tower, with 14 to 28 percentage points of these savings directly attributable to automation, according to ISG. (The typical cost savings from labor arbitrage and process improvements alone range from 20 percent to 30 percent).To read this article in full or to leave a comment, please click here