A Survey on Securing Inter-Domain Routing: Part 1 – BGP: Design, Threats and Security Requirements

The Border Gateway Protocol (BGP) is the Internet’s inter-domain routing protocol, and after some thirty years of operation BGP is now one of the more venerable of the Internet’s core” protocols. One of the major ongoing concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet continues to be vulnerable to various forms of attack. In Part 1 of this study, we will look at the design of BGP, the threat model and the requirements from a security framework for BGP.

Solo.io Adds Legacy SOAP Integration for Gloo Edge 1.8 Release

Service mesh integration software provider Solo.io has released into general availability (GA) version 1.8 of its Gloo Edge Kubernetes-native ingress controller and API gateway. Version 1.8 offers integration for legacy SOAP (Simple Object Access Protocol) web services and other features, as Solo seeks to improve API-centric support for scaling needs across cloud native environments. Based on the Gloo Edge now helps DevOps teams integrate decades-old SOAP through a single API. Gloo Edge 1.8’s support for SOAP is “the biggest breakout feature” of the release, blog post, Guan described how SOAP, an XML messaging protocol from the turn of the century, “remains prevalent today for enterprise web services across a number of industries, including financial services and healthcare.” Yet, “Unfortunately, SOAP (and associated legacy middleware applications) hold back large-scale modernization efforts because there hasn’t been a viable migration approach in the market,” Guan wrote. “Organizations haven’t been able to tackle incremental deprecation of SOAP web services over time without great difficulty.” Gloo Edge Enterprise 1.8, with the addition of

Network Break 340: Marvell Challenges NVIDIA With 5nm DPU; Startup WiteSand Tackles Multi-Vendor Campus Network Management

This week's podcast asks how many Data Processing Units (DPUs) the market can support, discusses a startup that wants to manage your multi-vendor campus network from the cloud, explores new security capabilities in Forward Networks' network verification software, and more tech news.

The post Network Break 340: Marvell Challenges NVIDIA With 5nm DPU; Startup WiteSand Tackles Multi-Vendor Campus Network Management appeared first on Packet Pushers.

Calico Enterprise: Leverage Multiple Benefits from the New eBPF Data plane

Calico was designed from the ground up with a pluggable data plane architecture. The Enterprise 3.6 release introduces an exciting new eBPF (extended Berkeley Packet Filter) data plane that provides multiple benefits to users.

Great Performance, Lower Latency for Load-balanced Traffic

When compared with the standard Linux data plane (based on iptables), the eBPF data plane:

  • Scales to higher throughput, using less CPU per GBit
  • Natively supports Kubernetes services (without kube-proxy) in a way that:
    • Reduces latency
    • Preserves external client source IP addresses
    • Supports direct server return (DSR) for reduced latency and CPU usage
    • Uses less CPU than kube-proxy to keep the data plane in sync

The Impact of NAT on Source IP

The application of network address translation (NAT) by kube-proxy to incoming network connections to Kubernetes services (e.g. via a service node port) is a frequently encountered friction point with Kubernetes networking. NAT has the unfortunate side effect of removing the original client source IP address from incoming traffic. When this occurs, Kubernetes network policies can’t restrict incoming traffic from specific external clients. By the time the traffic reaches the pod it no longer has the original client IP address. For some applications, knowing the Continue reading

4 Advancements That Led to Decentralized Cloud Storage

The evolution of cloud storage as we know it is a fascinating journey filled with projects that built on one another to bring us to where we are today. Interestingly enough, most of the technology used to build a decentralized cloud storage network today has been available for decades. The fact that decentralized cloud storage is viable is mostly because of the growth of storage capacity available at the edge and the incredible increases we’ve made across the globe in bandwidth. Here are four key advancements throughout the years that have paved the way for decentralized cloud storage. Advancement #1: Network Bandwidth Increased JT Olio JT is the CTO at Storj. He oversees product development and led the re-architecture of Storj’s distributed cloud storage platform. He was previously director of engineering at Space Monkey, which was acquired by Vivint in 2014. JT has an MS in computer science from the University of Utah and a BS in computer science and mathematics from the University of Minnesota. There is a great paper by Charles Blake and Rodrigo Rodrigues entitled “

Cloudflare customers can now use Microsoft Azure Data Transfer Routing Preference to enjoy lower data transfer costs

Cloudflare customers can now use Microsoft Azure Data Transfer Routing Preference to enjoy lower data transfer costs
Cloudflare customers can now use Microsoft Azure Data Transfer Routing Preference to enjoy lower data transfer costs

Today, we are excited to announce that Cloudflare customers can choose Microsoft Azure with a lower cost data transfer solution via the Microsoft Routing Preference service. Mutual customers can benefit from lower cost and predictable performance across our interconnected networks. Microsoft Azure has developed a seamless process to allow customers to choose this cost optimized routing solution.  We have customers using this new integration today and are excited to make this generally available to all our customers and prospects.

The power of interconnected networks

So how are we able to enable this great solution for our customers? The answer lies in our globally interconnected network.

Cloudflare is one of the most interconnected networks in the world, peering with over 9,500 networks globally, including major ISPs, cloud providers, and enterprises. We currently interconnect with Azure through private or public peering across all major regions — including private interconnections at key locations (see below).

Private Network Interconnects typically occur within the same facility through a fiber optic cable between routers for the two networks; peered connections occur at Internet exchanges offering high performance and availability. We are actively working on expanding on this interconnectivity between Azure and Cloudflare for our customers.

In Continue reading

The chip shortage is real, but driven by more than COVID

By now you’ve undoubtedly heard the complaining about computing parts shortages, particularly from gamers who can’t get modern GPU cards and from car makers, since new cars these days are a rolling data center.The problem is also affecting business IT but in a different way, and there are steps you can take to address the problem. The first step, though, is patience. This shortage isn’t due to staffing or fabs being out of commission, it’s that demand is so high that it’s leading to very long lead times.Chip shortage will hit hardware buyers for months to years That delay can mean 36 weeks, according to Mario Morales, program vice president for the semiconductor and enabling technologies team at IDC, with the demand for components “seeing untempered demand.”To read this article in full, please click here

The chip shortage is real, but driven by more than COVID

By now you’ve undoubtedly heard the complaining about computing parts shortages, particularly from gamers who can’t get modern GPU cards and from car makers, since new cars these days are a rolling data center.The problem is also affecting business IT but in a different way, and there are steps you can take to address the problem. The first step, though, is patience. This shortage isn’t due to staffing or fabs being out of commission, it’s that demand is so high that it’s leading to very long lead times.Chip shortage will hit hardware buyers for months to years That delay can mean 36 weeks, according to Mario Morales, program vice president for the semiconductor and enabling technologies team at IDC, with the demand for components “seeing untempered demand.”To read this article in full, please click here

Some quick notes on SDR

I'm trying to create perfect screen captures of SDR to explain the world of radio around us. In this blogpost, I'm going to discuss some of the imperfect captures I'm getting, specifically, some notes about WiFi and Bluetooth.

An SDR is a "software defined radio" which digitally samples radio waves and uses number crunching to decode the signal into data. Among the simplest thing an SDR can do is look at a chunk of spectrum and see signal strength. This is shown below, where I'm monitoring part of the famous 2.4 GHz pectrum used by WiFi/Bluetooth/microwave-ovens:


There are two panes. The top shows the current signal strength as graph. The bottom pane is the "waterfall" graph showing signal strength over time, display strength as colors: black means almost no signal, blue means some, and yellow means a strong signal.

The signal strength graph is a bowl shape, because we are actually sampling at a specific frequency of 2.42 GHz, and the further away from this "center", the less accurate the analysis. Thus, the algorithms think there is more signal the further away from the center we are.

What we do see here is two peaks, at 2.402 Continue reading

Install Calico to Enhance Kubernetes’ Built-in Networking Capability

Calico, from network software provider Tigera, is a third-party plugin for Kubernetes geared to make full network connectivity more flexible and easier. Out of the box, Kubernetes provides the NetworkPolicy API for managing network policies within the cluster. The problem many Kubernetes admins find (especially those new to the technology) is that network can quickly become a rather complicated mess of YAML configurations, where you must configure traffic ingress and egress properly, or communication between Kubernetes objects (such as pods and containers) can be difficult. That’s where the likes of Flannel, which cannot configure network policies. With Calico, you can significantly enhance the Kubernetes networking configuration. Take, for instance, the feature limitations found in the default NetworkPolicy, which are: Policies are limited to a single environment and are applied only to pods marked with labels. You can only apply rules to pods, environments, or subnets. Rules can only contain protocols, numerical ports, or named ports. When you add the Calico plugin, the Continue reading

Intel stumbles in supercomputer rankings, delays next-gen CPU

This week the TOP500 list of the world’s fastest supercomuters found that, once again, Fugaku is number one, benchmarking at 442 Pflop/sec, making it three times faster than the second place machine. Impressive, but also indicative that it might also be the first to break the exaflop barrier if it’s working on the right kind of problem.TOP500 pointed out that Fugaku’s score (and everyone else’s) is based on double-precision benchmarks, the most accurate floating point math calculation you can do. But much of AI and machine learning is single-precision, which can be less than half the compute power of double precision.To read this article in full, please click here

Intel stumbles in supercomputer rankings, delays next-gen CPU

This week the TOP500 list of the world’s fastest supercomuters found that, once again, Fugaku is number one, benchmarking at 442 Pflop/sec, making it three times faster than the second place machine. Impressive, but also indicative that it might also be the first to break the exaflop barrier if it’s working on the right kind of problem.TOP500 pointed out that Fugaku’s score (and everyone else’s) is based on double-precision benchmarks, the most accurate floating point math calculation you can do. But much of AI and machine learning is single-precision, which can be less than half the compute power of double precision.To read this article in full, please click here

The Week in Internet News: U.K. Government says ‘No Encryption for Kids’

"In the news" text on yellow background

Less protection for kids: The U.K.’s Department of Digital, Media, Culture and Sport has recommended that children’s accounts on social media platforms and messaging services should not use end-to-end encryption, TechCrunch reports. In the effort to protect kids against online predators, cyber bullying and other bad stuff, the agency says children shouldn’t be protected against cybercrime, […]

The post The Week in Internet News: U.K. Government says ‘No Encryption for Kids’ appeared first on Internet Society.

Public Cloud Security Considerations

Who is responsible for infrastructure security in the public cloud? What instruments do users have to control the cloud service provider? How do you know whether you can trust a provider? Let us try to figure out the answers.

Mirror, Mirror on the Wall: What’s the Most Secure Network of Them All?

You’re standing in front of three doors. Door number one is big, tall, and sturdy. Nothing fancy, but seemingly safe. Door number two has more bells and whistles, fancy engravings, and twice the number of locks. Elevated security for sure, but you suspect more form over function, so you’re not entirely sold. Door number three features a winning combination of practicality and advanced locks. This one has to be the best choice, right?

You can’t see behind any door, so your choice is limited to inference. That’s frustrating. Today, choosing the right security solution for your business is no different. Bells and whistles can distract us from our core objective of ultimate, unwavering security. And old reliable doesn’t seem capable of repelling an onslaught of modern threats and distributed exposures.

Organizations need to make the right choice to successfully secure their networks in a highly dynamic, distributed world where it’s not a matter of if intruders will get in, but when. Turns out, the right approach is as much about philosophy as it is about technology: trust no one. But, before we get into the relationship between trust and better security, let’s begin with a review of how we got Continue reading

Friday Thoughts on Going Back To the Office

EmptyOffice

We’re halfway through 2021 and it’s been going better than last year. Technology seems to be rebounding and we’re seeing companies trying to find ways to get employees to come back into the office. Of course, that is being met head on by the desire to not go back at all and continue to do the job from home that has been done over the past year. Something is going to have to give and I don’t know what that might be.

  • Working from home is comfortable for sure. And the lack of schedule means that people are unknowingly putting in hours beyond what they normally would at the office. At least in the office you can walk away from your desk at the end of the day.
  • Unlimited PTO and flexible work schedules sound great in theory. Except not tracking your PTO hours also means you don’t accrue them. You don’t get paid for time you don’t take off. And a flexible work schedule sounds great in theory but reality says that you’re not likely to get much support if you suddenly decide you want to work noon to 10pm Hawaiian time. Flexible really means “work longer than normal”.
  • Continue reading