VPP – Monitoring

VPP

About this series

Ever since I first saw VPP - the Vector Packet Processor - I have been deeply impressed with its performance and versatility. For those of us who have used Cisco IOS/XR devices, like the classic ASR (aggregation service router), VPP will look and feel quite familiar as many of the approaches are shared between the two.

I’ve been working on the Linux Control Plane [ref], which you can read all about in my series on VPP back in 2021:

DENOG14

  • [Part 1]: Punting traffic through TUN/TAP interfaces into Linux
  • [Part 2]: Mirroring VPP interface configuration into Linux
  • [Part 3]: Automatically creating sub-interfaces in Linux
  • [Part 4]: Synchronize link state, MTU and addresses to Linux
  • [Part 5]: Netlink Listener, synchronizing state from Linux to VPP
  • [Part 6]: Observability with LibreNMS and VPP SNMP Agent
  • [Part 7]: Productionizing and reference Supermicro fleet at IPng

With this, I can make a regular server running Linux use VPP as kind of a software ASIC for super fast forwarding, filtering, NAT, and so on, while keeping control of the interface state (links, addresses and routes) itself. With Continue reading

Weekend Reads 040723


What it is about is how very few companies have access to the raw AI models that are transforming the world, the curated datasets that have been purged of bias (to one degree or another) that are fundamental to training AI systems using machine learning techniques, the model weights and checkpoints that are key to tuning a model, and the money to either build or rent the capacity to bring the neural network software and the data together to train an AI model.


Intel has announced a new processor with 144 cores designed for simple data-center tasks in a power-efficient manner.


Data center fires aren’t common, but they can be devastating. As use of lithium-ion batteries grows, enterprises need to be aware of the risks, Uptime Institute warns.


Russian intelligence services, together with a Moscow-based IT company, are planning worldwide hacking operations that will also enable attacks on critical infrastructure facilities.


Back in the old days, there was a CPU and chip designers crammed everything into that single CPU, which made sense for the greatest number of customers offset against the additional cost of adding extra functionality.


A picture is said to be worth a thousand words. A graph can Continue reading

Notes from IETF116

The IETF had its 116th meeting in Yokohama, Japan in the last week of March. Here’s some notes I made from some of the working group sessions I attended that I found to be of interest.

Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN

You know all those Apple and other IoT devices connected to your wireless network? Lots of them run apps that discover services on your network via multicast DNS (mDNS). All of that mDNS traffic can have a significant impact on your WLAN’s performance. On today's Heavy Networking we talk with guest Bryan Ward who has actually measured the impact of mDNS on a production wireless network to see what would happen if he let mDNS traffic run wild.

Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN

You know all those Apple and other IoT devices connected to your wireless network? Lots of them run apps that discover services on your network via multicast DNS (mDNS). All of that mDNS traffic can have a significant impact on your WLAN’s performance. On today's Heavy Networking we talk with guest Bryan Ward who has actually measured the impact of mDNS on a production wireless network to see what would happen if he let mDNS traffic run wild.

The post Heavy Networking 673: Multicast DNS Gone Wild On Your WLAN appeared first on Packet Pushers.

Technology Short Take 167

Welcome to Technology Short Take #167! This Technology Short Take is a tad shorter than the typical one; I’ve been busy recently and my intake volume of content has gone down, thus resulting in fewer links to share with all of you! I opted to go ahead and publish a shorter Technology Short Take instead of making everyone wait around for a longer one. In any case, here’s hoping that I’ve included something useful for you!

Networking

Servers/Hardware

Security

Cloud Computing/Cloud Management

Turning WiFi into a Thick Yellow Cable

The “beauty” (from an attacker perspective) of the original shared-media Ethernet was the ability to see all traffic sent to other hosts. While it’s trivial to steal someone else’s IPv4 address, the ability to see their traffic allowed you to hijack their TCP sessions without the victim being any wiser (apart from the obvious session timeout). Really smart attackers could go a step further, insert themselves into the forwarding path, and inject extra payload into unencrypted sessions.

A recently-discovered WiFi vulnerability brought us back to that wonderful world.

Read more …

Turning WiFi into a Thick Yellow Cable

The “beauty” (from an attacker perspective) of the original shared-media Ethernet was the ability to see all traffic sent to other hosts. While it’s trivial to steal someone else’s IPv4 address, the ability to see their traffic allowed you to hijack their TCP sessions without the victim being any wiser (apart from the obvious session timeout). Really smart attackers could go a step further, insert themselves into the forwarding path, and inject extra payload into unencrypted sessions.

A recently-discovered WiFi vulnerability brought us back to that wonderful world.

Read more …

Project Calico wants to hear from you! The 2023 Calico Open Source Adoption Survey

Project Calico is made possible thanks to you—thank you for your ongoing support of Project Calico, and for being an essential part of our growing open-source community. To improve Calico, we want to hear from you.

That’s why we’ve created the 2023 Calico Open Source Adoption Survey, a 16-question survey designed specifically to help us gather your feedback and insights.

Why take this survey?

Not only will this be a chance to share extensive feedback,  your input will actually help us prioritize future development efforts and ensure that we are addressing the most pressing needs of the community. We want to make sure that Project Calico continues to be the best possible solution for networking and security in Kubernetes and container environments.

We know that your time is valuable, but we believe that your feedback is essential to our success. We hope that you will take a few moments to complete the survey and share your thoughts with us.

Thank you again for your continued support, and we look forward to hearing from you soon.

Take the survey

The post Project Calico wants to hear from you! The 2023 Calico Open Source Adoption Survey appeared first on Tigera.

Introducing Calico Runtime Threat Defense—The most extensive security coverage for containers and Kubernetes

Containerized applications are complex, which is why an effective container security strategy is difficult to design and execute. As digitalization continues to push applications and services to the cloud, bad actors’ attack techniques have also become more sophisticated, which further challenges container security solutions available on the market.

Despite the discussion around agent vs agentless in the cloud security landscape and which type of solution is better, the most valuable solution is one that provides a wide breadth of coverage. Calico is unique as it is already installed as part of the underlying platform and provides the dataplane for a Kubernetes cluster. When Calico Cloud or Calico Enterprise is deployed, security and observability capabilities can be enabled on top of these core components. We provide a simple plug-and-play active security solution that focuses on securing workloads and the Kubernetes platform with the least amount of complexity and configuration.

Runtime attack vectors

Cloud-native applications are susceptible to many attack vectors. We have broken them down to eight, as seen in the following illustration:

Fig 1: Cloud-native attack vectors

In previous blogs, we have explained how the use of vulnerability management, zero-trust workload security, and microsegmentation can help reduce the Continue reading

Hedge 173: If Multicast is the answer, what was the question?

Multicast hasn’t ever really “gone viral” (In modern terms!) throughout the Internet—in fact, it’s not widely used even in networks supporting enterprises. why not? Join Dirk Trossen, Russ White, and Tom Ammon as we discuss the many facets of multicast, and what the future holds.

Dirk’s paper on multicast can be found here.

download

Japan to hike subsidies to 2nm chip maker Rapidus, an IBM partner

Japan will increase the financial support it's giving to semiconductor maker Rapidus — established with the aim of making cutting-edge, 2-nanometer chips — in order to further support domestic production, according to Japanese trade and industry minister Yasutoshi Nishimura.“The government is ready to continue and beef up financial support to the company,” Nishimura said in an interview with Bloomberg. He added that the plan will require the government to invest trillions of yen in the project.The Tokyo-based manufacturer was established in 2022 with the aim of making 2nm chips in Japan by 2025. To date, it has received ¥70 billion (US$532 million) from the Japanese government, in addition to investments from Toyota, Sony, and telecom giant NT&T.To read this article in full, please click here

Japan to hike subsidies to 2nm chip maker Rapidus, an IBM partner

Japan will increase the financial support it's giving to semiconductor maker Rapidus — established with the aim of making cutting-edge, 2-nanometer chips — in order to further support domestic production, according to Japanese trade and industry minister Yasutoshi Nishimura.“The government is ready to continue and beef up financial support to the company,” Nishimura said in an interview with Bloomberg. He added that the plan will require the government to invest trillions of yen in the project.The Tokyo-based manufacturer was established in 2022 with the aim of making 2nm chips in Japan by 2025. To date, it has received ¥70 billion (US$532 million) from the Japanese government, in addition to investments from Toyota, Sony, and telecom giant NT&T.To read this article in full, please click here

Verifying bash script arguments

Many bash scripts use arguments to control the commands that they will run and the information that will be provided to the people running them. This post examines a number of ways that you can verify arguments when you prepare a script and want to make sure that it will do just what you intend it to do – even when someone running it makes a mistake.Displaying the script name, etc. To display the name of a script when it’s run, use a command like echo $0. While anyone running a script will undoubtedly know what script they just invoked, using the script name in a usage command can help remind them what command and arguments they should be providing.To read this article in full, please click here

Verifying bash script arguments

Many bash scripts use arguments to control the commands that they will run and the information that will be provided to the people running them. This post examines a number of ways that you can verify arguments when you prepare a script and want to make sure that it will do just what you intend it to do – even when someone running it makes a mistake.Displaying the script name, etc. To display the name of a script when it’s run, use a command like echo $0. While anyone running a script will undoubtedly know what script they just invoked, using the script name in a usage command can help remind them what command and arguments they should be providing.To read this article in full, please click here

Protect your domain with Zone Holds

Protect your domain with Zone Holds
Protect your domain with Zone Holds

Today, we are announcing Zone Holds, a new capability for enterprise customers that gives them control of if and when someone else can add the same zone to another Cloudflare account. When multiple teams at a company want to use Cloudflare, one team might accidentally step on another’s toes and try to manage the same zone in two accounts. Zone Holds ensure that this cannot happen by enforcing that only one account can contain a given domain, optionally inclusive of subdomains or custom hostnames, unless explicit permission is granted by the account owner of the zone.

What can go wrong today

Cloudflare already requires zones to be authenticated via DNS before traffic is proxied through our global network. This ensures that only domain owners can authorize traffic to be sent through and controlled with Cloudflare. However, many of our customers are large organizations with many teams all trying to protect and accelerate their web properties. In these cases, one team may not realize that a given domain is already being protected with Cloudflare. If they activate a second instance of the same domain in Cloudflare, they end up replacing the original zone that another team was already managing with Cloudflare. Continue reading

IPv6 Buzz 123: Why You Need An IPv6 Security Plan

Today's IPv6 Buzz podcast explores why you need a plan for IPv6 security. Even if you haven't actively deployed IPv6, you've got v6-enabled hosts on your LAN and remote workers connecting to you over v6 networks. We discuss key elements to consider in your plan, evaluating IPv6 support in security products and services, and more.
1 285 286 287 288 289 3,808