NetworkingNexus.net

From IP packets to HTTP: the many faces of our Oxy framework

We have recently introduced Oxy, our Rust-based framework for proxies powering many Cloudflare services and products. Today, we will explain why and how it spans various layers of the OSI model, by handling directly raw IP packets, TCP connections and UDP payloads, all the way up to application protocols such as HTTP and SSH.

On-ramping IP packets

An application built on top of Oxy defines — in a configuration file — the on-ramps that will accept ingress traffic to be proxied to some off-ramp. One of the possibilities is to on-ramp raw IP packets. But why operate at that layer?

The answer is: to power Cloudflare One, our network offering for customers to extend their private networks — such as offices, data centers, cloud networks and roaming users — with the Cloudflare global network. Such private networks operate based on Zero Trust principles, which means every access is authenticated and authorized, contrasting with legacy approaches where you can reach every private service after authenticating once with the Virtual Private Network.

To effectively extend our customer’s private network into ours, we need to support arbitrary protocols that rely on the Internet Protocol (IP). Hence, we on-ramp Cloudflare Continue reading

Helping protect personal information in the cloud, all across the world

Cloudflare has achieved a new EU Cloud Code of Conduct privacy validation, demonstrating GDPR compliance to strengthen trust in cloud services

Internet privacy laws around the globe differ, and in recent years there’s been much written about cross-border data transfers. Many regulations require adequate protections to be in place before personal information flows around the world, as with the European General Data Protection Regulation (GDPR). The law rightly sets a high bar for how organizations must carefully handle personal information, and in drafting the regulation lawmakers anticipated personal data crossing-borders: Chapter V of the regulation covers those transfers specifically.

Whilst transparency on where personal information is stored is important, it’s also critically important how personal information is handled, and how it is kept safe and secure. At Cloudflare, we believe in protecting the privacy of personal information across the world, and we give our customers the tools and the choice on how and where to process their data. Put simply, we require that data is handled and protected in the same, secure, and careful way, whether our customers choose to transfer data across the world, or for it to remain in one country.

And today we are proud to announce Continue reading

Edge Computing in Networking

The post Edge Computing in Networking appeared first on Noction.

ChatGPT on BGP Routing Security

I wanted to include a few examples of BGP bugs causing widespread disruption in the Network Security Fallacies presentation. I tried to find what happened when someone announced beacon prefixes with unknown optional transitive attributes (which should have been passed without complaints but weren’t) without knowing when it happened or who did it.

Trying to find the answer on Google proved to be a Mission Impossible – regardless of how I structured my query, I got tons of results that seemed relevant to a subset of the search words but nowhere near what I was looking for. Maybe I would get luckier with a tool that’s supposed to have ingested all the world’s knowledge and seems to (according to overexcited claims) understand what it’s talking about.

ChatGPT on BGP Routing Security

Intel announces 144 core Xeon processor

Intel has announced a new processor with 144 cores designed for simple data-center tasks in a power-efficient manner.Called Sierra Forest, the Xeon processor is part of the Intel E-Core (Efficiency Core) lineup that that forgoes advanced features such as AVX-512 that require more powerful cores. AVX-512 is Intel Advanced Vector Extensions 512, “a set of new instructions that can accelerate performance for workloads and usages such as scientific simulations, financial analytics, artificial intelligence (AI)/deep learning, 3D modeling and analysis, image and audio/video processing, cryptography and data compression,” according to Intel.Sierra Forest signals a shift for Intel that splits its data-center product line into two branches, the E-Core and the P-Core (Performance Core), which is the traditional Xeon data-center design that uses high-performance cores.To read this article in full, please click here

Intel announces 144 core Xeon processor

Supermicro has a new liquid-cooled server for AI

With data center servers running hotter and hotter, the interest in liquid cooling is ramping up with vendors announcing servers that feature self-contained systems and businesses with expertise in related technologies jumping in.Liquid cooling is more efficient than traditional air cooling, and Supermicro is using it to cool the hottest processors in a new server designed as a platform to develop and run AI software.The SYS-751GE-TNRT-NV1 server runs hot. It features four NVIDIA A100 GPUs that draw 300W each and are liquid-cooled by a self-contained system.Some liquid cooling systems rely on water that is piped into the data center. The self-contained system doesn’t require that, so it makes the servers more widely deployable.The system is quiet, too; its running noise level is 30dB.To read this article in full, please click here

Supermicro has a new liquid-cooled server for AI

Hedge 172: Roundtable! SONiC, Open Source, and Complexity

It’s roundtable time at the Hedge! Eyvonne Sharp, Tom Ammon, and I start the conversation talking about the SONiC open source NOS, and then wander into using open source, build versus buy, and finally complexity in design and deployment.

Thanks for listening–if you have an idea for a Hedge episode, would like to be a guest, or know someone you think would be a good guest, let one us know!

download

Outburst: Bombs Made From USB Sticks Target Journalists

Show topic from Network Break Episode 423

Outburst: SASE Revenues Reach $6 Billion

Show topic from Network Break Episode 423

Day Two Cloud 188: Out-Of-Band Management And Infrastructure Automation With ZPE Systems (Sponsored)

On today's Day Two Cloud podcast we talk through out-of-band management network design with sponsor ZPE Systems. If your idea of OOB management is a jump box and some terminal servers, there’s a lot more to the story when you bring automation tooling into the picture. We'll learn how ZPE gear works and talk with customer Vapor IO about using ZPE gear in its edge compute sites.

Day Two Cloud 188: Out-Of-Band Management And Infrastructure Automation With ZPE Systems (Sponsored)

The post Day Two Cloud 188: Out-Of-Band Management And Infrastructure Automation With ZPE Systems (Sponsored) appeared first on Packet Pushers.

Cerebras Smashes AI Wide Open, Countering Hypocrites

We could have a long, thoughtful, and important conversation about the way AI is transforming the world. …

Cerebras Smashes AI Wide Open, Countering Hypocrites was written by Timothy Prickett Morgan at The Next Platform.

NVIDIA Struts Its Telco Transformation Stuff at GTC, Announces AT&T Adoption of AI

The use of artificial intelligence (AI), and especially GPU-powered AI, can help telcos solve some of their biggest challenges.

Killnet and AnonymousSudan DDoS attack Australian university websites, and threaten more attacks — here’s what to do about it

Over the past 24 hours, Cloudflare has observed HTTP DDoS attacks targeting university websites in Australia. Universities were the first of several groups publicly targeted by the pro-Russian hacker group Killnet and their affiliate AnonymousSudan, as revealed in a recent Telegram post. The threat actors called for additional attacks against 8 universities, 10 airports, and 8 hospital websites in Australia beginning on Tuesday, March 28.

Killnet is a loosely formed group of individuals who collaborate via Telegram. Their Telegram channels provide a space for pro-Russian sympathizers to volunteer their expertise by participating in cyberattacks against western interests.

This is not the first time Cloudflare has reported on Killnet activity. On February 2, 2023 we noted in a blog that a pro-Russian hacktivist group — claiming to be part of Killnet — was targeting multiple healthcare organizations in the US. In October 2022, Killnet called to attack US airport websites, and attacked the US Treasury the following month.

As seen with past attacks from this group, these most recent attacks do not seem to be originating from a single botnet, and the attack methods and sources seem to vary, suggesting Continue reading

DDoS DNS attacks are old-school, unsophisticated … and they’re back

SPONSORED: Ransomware may currently be the biggest bogeyman for cybersecurity pros, law enforcement, and governments, but it shouldn’t divert us from more traditional, but still very disruptive threats. …

DDoS DNS attacks are old-school, unsophisticated … and they’re back was written by Martin Courtney at The Next Platform.

Studying EVPN to Prepare for a Job Interview

An ipSpace.net subscriber sent me this question:

I am on job hunting. I have secured an interview and they will probably ask me about VxLAN BGP EVPN fabrics. If you have some time, it would be a great help for me if you could tell me 1 or 2 questions that you would ask in such interviews.

TL&DR: He got the job. Congratulations!

Studying EVPN to Prepare for a Job Interview

An ipSpace.net subscriber sent me this question:

I am on job hunting. I have secured an interview and they will probably ask me about VxLAN BGP EVPN fabrics. If you have some time, it would be a great help for me if you could tell me 1 or 2 questions that you would ask in such interviews.

TL&DR: He got the job. Congratulations!

« Previous 1 … 286 287 288 289 290 … 3,804 Next »