Join VMware Networking and Security at Mobile World Congress
VMware NSX Powers Service Acceleration and Energy Efficiency for VMware Telco Cloud Platform
Mobile World Congress 2023 is upon us and that means new features and cool innovations to help telcos manage their increasingly complicated 5G networks. This year, we are focused on building smarter networks and increasing telco efficiency. These networks are expanding the concept of network functions virtualization (NFV), introduced over 10 years ago, to build a virtualized software-defined architecture with virtual network functions (VNF) and cloud-native network functions (CNF).
Modern telco networks depend on flexibility, scalability and security. The network demands constantly change requiring an integrated orchestration and automation strategy across different services and technologies. All of this needs to be done with an eye on efficiency, optimizing the human resources along with the energy and infrastructure requirements. VMware NSX platform is a key technology to enable these benefits.
The VMware Telco Cloud Platform is designed to address these challenges that Communications Service Providers (CSPs) face. The Telco Cloud Platform is a solution that integrates key VMware components (vSphere, vSAN, and NSX) to create a cloud and virtualization architecture for 5G core networks and their VNF/CNF environment. VMware NSX powers the Telco Cloud Platform to provide telco-grade Continue reading
ROFL with a LOL: rewriting an NGINX module in Rust
At Cloudflare, engineers spend a great deal of time refactoring or rewriting existing functionality. When your company doubles the amount of traffic it handles every year, what was once an elegant solution to a problem can quickly become outdated as the engineering constraints change. Not only that, but when you're averaging 40 million requests a second, issues that might affect 0.001% of requests flowing through our network are big incidents which may impact millions of users, and one-in-a-trillion events happen several times a day.
Recently, we've been working on a replacement to one of our oldest and least-well-known components called cf-html, which lives inside the core reverse web proxy of Cloudflare known as FL (Front Line). Cf-html is the framework in charge of parsing and rewriting HTML as it streams back through from the website origin to the website visitor. Since the early days of Cloudflare, we’ve offered features which will rewrite the response body of web requests for you on the fly. The first ever feature we wrote in this way was to replace email addresses with chunks of JavaScript, which would then load the email address when viewed in a web browser. Since bots are often unable Continue reading
Secret Sauce – vSphere Distributed Services Engine – Packet Pushers Livestream w/ Dell Technologies – Video
The vSphere Distributed Services Engine, part of vSphere 8.0, aims to help accelerate infrastructure network functions on the DPU. It enables modern distributed workloads to run with lower network latency and improved data throughput and provides more CPU resources to workloads and reduces operational overhead of DPU lifecycle management with integrated vSPhere workflows. In this […]
The post Secret Sauce – vSphere Distributed Services Engine – Packet Pushers Livestream w/ Dell Technologies – Video appeared first on Packet Pushers.
Video: Packet Buffers in Data Center ASICs
A few years ago, we were fortunate enough to have Pete Lumbis talking about ASICs for Networking Engineers as part of the Data Center Fabric Architectures webinar.
One of the topics he couldn’t possibly skip was the question of how many packet buffers one needs in a data center switch.
Video: Packet Buffers in Data Center ASICs
A few years ago, we were fortunate enough to have Pete Lumbis talking about ASICs for Networking Engineers as part of the Data Center Fabric Architectures webinar.
One of the topics he couldn’t possible skip was the question of how many packet buffers one needs in a data center switch.
- If you want even more details, watch the Networks, Buffers, and Drops webinar.
- You’ll need Free ipSpace.net Subscription to watch the video.
Case Study: VPP at Coloclue, part 2
- Author: Pim van Pelt, Rogier Krieger
- Reviewers: Coloclue Network Committee
- Status: Draft - Review - Published
Almost precisely two years ago, in February of 2021, I created a loadtesting environment at [Coloclue] to prove that a provider of L2 connectivity between two datacenters in Amsterdam was not incurring jitter or loss on its services – I wrote up my findings in [an article], which demonstrated that the service provider indeed provides a perfect service. One month later, in March 2021, I briefly ran [VPP] on one of the routers at Coloclue, but due to lack of time and a few technical hurdles along the way, I had to roll back [ref].
The Problem
Over the years, Coloclue AS8283 continues to suffer from packet loss in its network. Taking a look
at a simple traceroute, in this case from IPng AS8298, shows very high variance and packetlo
when entering the network (at hop 5 in a router called eunetworks-2.router.nl.coloclue.net):
My traceroute [v0.94]
squanchy.ipng.ch (194.1.193.90) -> 185.52.227.1 2023-02-24T09:03:36+0100
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Continue readingOARC 40
OARC held a 2-day meeting in February, with a set of presentations on various DNS topics. Here’s some observations that I picked up from the presentations in that meeting.Navigating the security challenges of multi-tenancy in a cloud environment
Multi-tenancy can maximize the number of resources that are utilized in a cluster by sharing these resources between different groups, teams, or customers. However, boundaries must be placed to avoid problems associated with resource-sharing. On top of that, in a multi-tenant cluster, the number of security policies might gradually grow to the point where a slight misconfiguration could cause major security problems, performance issues, and service disruptions.
In this blog post, we will focus on multi-tenancy issues such as bandwidth shortage, security policy scaling, privacy impacts, and suggest a few solutions that you can deploy to solve them in your environment. We will also look at how an eBPF-based security design can offer better performance and help you navigate the complex multi-tenant environment with ease.
What is multi-tenancy?
Technologies such as virtualization, containerization, or any other technologies that allow a range of different workloads to share the underlying hardware resources, all have a common goal—allocate resources as efficiently as possible and make the most of the available hardware. However, it is common for workloads that are running in such an environment to not fully utilize all the potential power that the hardware can offer, and in many cases, leave a Continue reading
Bringing It All Together – VMware Project Monterey – Packet Pushers Livestream w/ Dell Technologies – Video
VMware’s Project Monterey creates a virtual environment to run applications and services on Data Processing Units (DPUs). VMware is partnering with multiple server OEMs and DPU vendors to bring Project Monterey to distributed infrastructure. In this video, Drew Conry-Murray from the Packet Pushers is joined by VMware’s Paul Turner, Vice President Product Management vSphere. We […]
The post Bringing It All Together – VMware Project Monterey – Packet Pushers Livestream w/ Dell Technologies – Video appeared first on Packet Pushers.
One year of war in Ukraine: Internet trends, attacks, and resilience
The Internet has become a significant factor in geopolitical conflicts, such as the ongoing war in Ukraine. Tomorrow marks one year since the Russian invasion of that country. This post reports on Internet insights and discusses how Ukraine's Internet remained resilient in spite of dozens of disruptions in three different stages of the conflict.
Key takeaways:
- Internet traffic shifts in Ukraine are clearly visible from east to west as Ukrainians fled the war, with country-wide traffic dropping as much as 33% after February 24, 2022.
- Air strikes on energy infrastructure starting in October led to widespread Internet disruptions that continue in 2023.
- Application-layer cyber attacks in Ukraine rose 1,300% in early March 2022 compared to pre-war levels.
- Government administration, financial services, and the media saw the most attacks targeting Ukraine.
- Traffic from a number of networks in Kherson was re-routed through Russia between June and October, subjecting traffic to Russia’s restrictions and limitations, including content filtering. Even after traffic ceased to reroute through Russia, those Ukrainian networks saw major outages through at least the end of the year, while two networks remain offline.
- Through efforts on the ground to repair damaged fiber optics and restore electrical power, Ukraine’s networks have Continue reading
Azure Networking Fundamentals: Virtual WAN Part 2 – VNet Segmentation
VNets and VPN/ExpressRoute connections are associated with vHub’s Default Route Table, which allows both VNet-to-VNet and VNet-to-Remote Site IP connectivity. This chapter explains how we can isolate vnet-swe3 from vnet-swe1 and vnet-swe2 using VNet-specific vHub Route Tables (RT), still allowing VNet-to-VPN Site connection. As a first step, we create a Route Table rt-swe12 to which we associate VNets vnet-swe1 and vnet-swe2. Next, we deploy a Route Table rt-swe3 for vnet-swe3. Then we propagate routes from these RTs to Default RT but not from rt-swe12 to rt-swe3 and vice versa. Our VPN Gateway is associated with the Default RT, and the route to remote site subnet 10.11.11.0/24 is installed into the Default RT. To achieve bi-directional IP connectivity, we also propagate routes from the Default RT to rt-swe-12 and rt-swe3. As the last step, we verify both Control Plane operation and Data Plane connections.
Figure 12-1: Virtual Network Segmentation.
IPv6 Buzz 120: Revisiting IPv6 Address Allocation – What’s The Right Size For Your Organization?
Today's podcast episode revisits the subject of IPv6 address allocation along with how changes in network planning and Regional Internet Registry (RIR) policy are influencing allocation size requests. We also look at how network trends around IoT, cloud, and SD-WAN might affect allocation size and how to overcome "IPv4 thinking."IPv6 Buzz 120: Revisiting IPv6 Address Allocation – What’s The Right Size For Your Organization?
Today's podcast episode revisits the subject of IPv6 address allocation along with how changes in network planning and Regional Internet Registry (RIR) policy are influencing allocation size requests. We also look at how network trends around IoT, cloud, and SD-WAN might affect allocation size and how to overcome "IPv4 thinking."
The post IPv6 Buzz 120: Revisiting IPv6 Address Allocation – What’s The Right Size For Your Organization? appeared first on Packet Pushers.