Turbocharging host workloads with Calico eBPF and XDP

In Linux, network-based applications rely on the kernel’s networking stack to establish communication with other systems. While this process is generally efficient and has been optimized over the years, in some cases it can create unnecessary overhead that can impact the overall performance of the system for network-intensive workloads such as web servers and databases.

XDP (eXpress Data Path) is an eBPF-based high-performance datapath inside the Linux kernel that allows you to bypass the kernel’s networking stack and directly handle packets at the network driver level. XDP can achieve this by executing a custom program to handle packets as they are received by the kernel. This can greatly reduce overhead, improve overall system performance, and improve network-based applications by shortcutting the normal networking path of ordinary traffic. However, using raw XDP can be challenging due to its programming complexity and the high learning curve involved. Solutions like Calico Open Source offer an easier way to tame these technologies.

Calico Open Source is a networking and security solution that seamlessly integrates with Kubernetes and other cloud orchestration platforms. While infamous for its policy engine and security capabilities, there are many other features that can be used in an environment by installing Continue reading

China seeks to improve reliability of its chip manufacturing sector

China’s Ministry for Industry and Information Technology has said it wants to improve the country’s manufacturing capabilities, singling out the production of advanced semiconductor materials and automotive chips as areas that are in need of improvement.In its recently released Opinions on Manufacturing Reliability Improvement report, the department said it was putting forward a plan that would make up for the shortcomings of basic product reliability and improve the quality of core components in three industries: machinery, electronics, and automotive.To read this article in full, please click here

Getting help on Linux

If you’re fairly new to Linux, you might need some help getting started on the command line. But you made it here, so let’s run through a number of ways that you can get comfortable and up to speed fairly quickly.Man pages Every Linux command should have a "man page" (i.e., manual page) – an explanation of what the command does, how it works and the options that you can use to specify what you want the command to show you. For example, if you wanted to see the options for formatting the output of the date command, you should look at the man page with the command “man date”. It should among other things, show you the format of the date command like this:To read this article in full, please click here

Getting help on Linux

If you’re fairly new to Linux, you might need some help getting started on the command line. But you made it here, so let’s run through a number of ways that you can get comfortable and up to speed fairly quickly.Man pages Every Linux command should have a "man page" (i.e., manual page) – an explanation of what the command does, how it works and the options that you can use to specify what you want the command to show you. For example, if you wanted to see the options for formatting the output of the date command, you should look at the man page with the command “man date”. It should among other things, show you the format of the date command like this:To read this article in full, please click here

5 ways to boost server efficiency

Servers can consume more than half of the energy in modern data centers, which makes server efficiency attractive to companies looking to hit carbon-neutral sustainability targets. Plus, reducing energy usage can save money.To help reach that goal, here are five ways to boost server efficiency, according to recent research from the Uptime Institute, which is focused on improving the performance, efficiency, and reliability of business-critical infrastructure. Upgrade to a newer server generation. For decades, server energy efficiency has consistently improved thanks to improved efficiency of processors that power them. Pick servers with high compute capacity as measured in number of transactions per second. Those are the most energy efficient. Go for high core count. In general, efficiency improves with the number of cores, although there is some tapering off at the highest end. Be aware that while a server can be more energy efficient, its actual overall power consumed (Watts) can increase even as its efficiency (transactions per second per Watt) increases. Embrace power-management features in two ways: by reducing core CPU voltage and frequency as utilization increases, and by moving unneeded cores to idle state. For its analysis, Uptime focused servers that use AMD EPYC or Intel Xeon Continue reading

5 ways to boost server efficiency

Servers can consume more than half of the energy in modern data centers, which makes server efficiency attractive to companies looking to hit carbon-neutral sustainability targets. Plus, reducing energy usage can save money.To help reach that goal, here are five ways to boost server efficiency, according to recent research from the Uptime Institute, which is focused on improving the performance, efficiency, and reliability of business-critical infrastructure. Upgrade to a newer server generation. For decades, server energy efficiency has consistently improved thanks to improved efficiency of processors that power them. Pick servers with high compute capacity as measured in number of transactions per second. Those are the most energy efficient. Go for high core count. In general, efficiency improves with the number of cores, although there is some tapering off at the highest end. Be aware that while a server can be more energy efficient, its actual overall power consumed (Watts) can increase even as its efficiency (transactions per second per Watt) increases. Embrace power-management features in two ways: by reducing core CPU voltage and frequency as utilization increases, and by moving unneeded cores to idle state. For its analysis, Uptime focused servers that use AMD EPYC or Intel Xeon Continue reading

AskJJX: How To Handle Rogue APs Without Getting Arrested

AskJJX: “What’s the best way to find and disable rogue APs on the network? We had an audit finding and got our hand slapped.” Ahhh, I love this question for so many reasons. First, because my answer to this today, in 2023, is very different than my answer would have been years ago. You may […]

The post AskJJX: How To Handle Rogue APs Without Getting Arrested appeared first on Packet Pushers.

How to deploy Red Hat Ansible Automation Platform on Google Cloud

This blog is co-authored by Zack Kayyali and Hicham (he-sham) Mourad

Deploying Red Hat Ansible Automation Platform

The steps below detail how to install Red Hat Ansible Automation Platform on Google Cloud from the marketplace. Before starting the deployment process, please ensure the Google Cloud account you are using to deploy has the following permissions. These IAM roles are required to deploy the Google Cloud foundation stack offering.  The foundation stack offering here refers to the base Ansible Automation Platform 2 deployment.

This blog details how to deploy Ansible Automation Platform on Google Cloud, and then access the application. This deployment process will be configured to set up Ansible Automation Platform on its own Virtual Private Cloud (VPC) that it creates and manages. We also support deploying into an existing VPC.

To begin, first log into your Google Cloud account. If you have a private offer, ensure that these are accepted for both the foundation and extension node offerings. 

Note: 

  • The foundation offer refers to the “Red Hat Ansible Automation Platform 2 - Up to 100 Managed Nodes” marketplace item. 
  • The extension node offer refers to the “Extension Node - Ansible Automation Platform 2 - 100 Managed Continue reading

Building a WAN Impairment Device in Linux on VMware vSphere

In some scenarios it is really useful to be able to simulate a WAN in regards to latency, jitter, and packet loss. Especially for those of us that work with SD-WAN and want to test or policies in a controlled environment. In this post I will describe how I build a WAN impairment device in Linux for a VMware vSphere environment and how I can simulate different conditions.

My SD-WAN lab is built on VMware vSphere using Catalyst SD-WAN with Catalyst8000v as virtual routers and on-premises controllers. The goal with the WAN impairment device is to be able to manipulate each internet connection to a router individually. That way I can simulate that a particular connection or router is having issues while other connections/routers are not. I don’t want to impose the same conditions on all connections/devices simultaneously. To do this, I have built a physical topology that looks like this:

All devices are connected to a management network that I can access via a VPN. This way I have “out of band” access to all devices and can use SSH to configure my routers with a bootstrap configuration. To avoid having to create many unique VLANs in the vSwitch, Continue reading

Multichannel fast file transfers over AX.25

Lately I’ve been thinking about a better data protocol for amateur radio.

“Better” is, of course, relative. And the space is so big. Are we talking HF or VHF/UHF? Should it work with existing radios (just working the audio spectrum), or be its own radio? Should it be just RF improvements, or higher networking layers?

File transfers on the application layer

In my previous post I started off trying ZMODEM, but was fairly disappointed. The Linux AX.25 implementation sucks, and ZMODEM is too chatty. Every roundtrip is expensive. But even tuning the parameters, there are better ways to avoid needless retransmits and roundtrips.

I’ve started a tool called hamtransfer. The implementation is currently only point-to-point, but the protocol will work for more “bittorrent” style too.

It uses Raptor codes, but I’ll save you some time: It encodes the file (it calls a “block”) into smaller chunks (it calls “symbols”). It then sends the symbols to the receiver, which will be able to reassemble the original block.

The trick is that the set of symbols is infinite, and the block can be assembled by almost any subset of symbols. If the block is 10kB, then with more than Continue reading

Calico monthly roundup: June 2023

Welcome to the Calico monthly roundup: June edition! From open source news to live events, we have exciting updates to share—let’s get into it!

 

 

Customer case study: Box

Using Calico, Box achieved zero-trust security and policy automation at scale in a multi-cluster environment. Read our new case study to find out how.

Read case study.

Is your container environment compliant with NIST guidelines?

This assessment helps you compare your current security posture against the NIST Cybersecurity Framework and assess your readiness to detect and protect against cyberattacks.

Read the guide.

Open source news

  • Calico Live – Join the Calico community every Wednesday at 2:00 pm ET for a live discussion about learning how to leverage Calico and Kubernetes for networking and security. We will explore Kubernetes security and policy design, network flow logs and more. Join us live on Linkedin or YouTube.
  • Calico Wall of Fame – As a valued member of our Calico users community, we would like to feature you on our NEW Project Calico Wall of Fame. To participate, fill out the form here.

Connect

Worth Reading: Another BGP Session Reset Bug

Emile Aben is describing an interesting behavior observed in the Wild West of the global Internet: someone started announcing BGP paths with an unknown attribute, which (regardless of RFC 7606) triggered some BGP session resets.

One would have hoped we learned something from the August 2010 incident (supposedly caused by a friend of mine 😜), but it looks like some things never change. For more details, watch the Network Security Fallacies and Internet Routing Security webinar.

Worth Reading: Another BGP Session Reset Bug

Emile Aben is describing an interesting behavior observed in the Wild West of the global Internet: someone started announcing BGP paths with an unknown attribute, which (regardless of RFC 7606) triggered some BGP session resets.

One would have hoped we learned something from the August 2010 incident (supposedly caused by a friend of mine 😜), but it looks like some things never change. For more details, watch the Network Security Fallacies and Internet Routing Security webinar.

Worth Reading: AI Does Not Help Programmers

On the Communications of the ACM web site, Bertrand Meyer argues that (contrary to the exploding hype) AI Does Not Help Programmers:

As a programmer, I know where to go to solve a problem. But I am fallible; I would love to have an assistant who keeps me in check, alerting me to pitfalls and correcting me when I err. A effective pair-programmer. But that is not what I get. Instead, I have the equivalent of a cocky graduate student, smart and widely read, also polite and quick to apologize, but thoroughly, invariably, sloppy and unreliable. I have little use for such supposed help.

Not surprisingly, my experience is pretty close to what he’s describing. AI is the way to go if you want something that looks reasonable (at a first glance), but not if you want to get something right. Unfortunately, there’s a bit of a difference between marketing and engineering: networks that are configured 90% correctly sometimes fail to do what you expect them to do.

1 263 264 265 266 267 3,837