A while ago someone pointed me to an interesting talk explaining why 99th percentile represents a pretty good approximation of user-experienced latency on a typical web page (way longer version: Understanding Latency and Application Responsiveness, also How I Learned to Stop Worrying and Love Misery)
If you prefer reading instead of watching videos, there’s also everything you know about latency is wrong.
It takes money to make money, and if you want to break into the switch ASIC business in the datacenter, even if you are a low-cost designer of such chips, you had better have some rich friends to help the business take off. …
Switch ASIC Thoroughbred Sprouts Wings To Attain Unicorn Status was written by Timothy Prickett Morgan at The Next Platform.
To date, our blog series on securing physical servers with NSX Data Center has covered the use of bare metal agents installed in a physical server. In this scenario, NSX bare metal agents provide management and enforcement of security policy for the physical server. For a quick recap of how NSX Data Center secures physical server traffic, please review our first and second blogs in this multi-part series. In this article, we will discuss the use of one of the NSX-T Gateway services of an NSX Edge Node. Specifically, the NSX-T Gateway Firewall secures physical servers.
The NSX-T Edge is a feature-rich L3-L7 gateway. A brief review of some NSX-T Edge services:
Datacenters have evolved from physical servers, to virtualized systems, and now to composable infrastructure where resources such as storage and persistent memory are disaggregated from the server. …
Datacenter Is The New Unit Of Compute, Open Networking Is How To Automate It was written by Timothy Prickett Morgan at The Next Platform.
Subscribe to Kernel of Truth on iTunes, Google Play, Spotify, Cast Box and Sticher!
Click here for our previous episode.
In this episode, Kernel of Truth host Roopa Prabhu is joined by Barak Gafni. The two of them chat about the evolution of hardware telemetry and its software interfaces as well as catch up some of the work on IOAM Barak’s been involved with. We hope you enjoy this episode and don’t forget to also check out the links below with resources referenced in the podcast.
Guest Bios
Roopa Prabhu: Roopa is a Linux Architect at NVIDIA, formally Cumulus Networks. She and her team work on all things kernel networking and Linux system infrastructure areas. Her primary focus areas in the Linux kernel are Linux bridge, Netlink, VxLAN, Lightweight tunnels. She is currently focused on building Linux kernel dataplane for E-VPN. She loves working with the Linux kernel networking and debian communities. Her past experience includes Linux clusters, ethernet drivers and Linux KVM virtualization platforms. She has a BS and MS in Computer Science. You can find her on Twitter at @__roopa.
Barak Gafni: Barak is a Staff Architect at NVIDIA, formally Mellanox Technologies, focusing on enabling Continue reading
GRE was the first tunneling protocol ever designed and deployed—and although it largely been overtaken by VXLAN and other tunnel protocols, it is still in widespread use today. For this episode of the History of Networking, Stan Hanks, the inventor of GRE—and hence the inventor of the concept of tunneling in packet switched networks—joins us to describe how and why GRE tunneling was invented.
What are the challenges with applications supporting IPv6? What do people, particularly those working in enterprises, need to know about how servers and applications work with IPv6? What is the Internet Society’s Open Standards Everywhere project doing to help? How can people get more involved?
To answer all these questions and more, I recently joined Scott Hogg and Tom Coffeen on their IPv6 Buzz Podcast episode 53. You can listen here:
It was a very enjoyable conversation! Thanks to Scott and Tom for having me on their show. I also want to thank Ed Horley, who first contacted me about joining the show but with schedule conflicts was not able to join the recording. I would also encourage you to listen to other IPv6 Buzz episodes to learn more about IPv6.
If you would like to help in the work to get open standards deployed everywhere, please:
The post IPv6 Buzz Podcast Dives into Open Standards Everywhere appeared first on Internet Society.
Office Hours for mid-August.
The post Virtual Open Office Hours – Mid-August 2020 appeared first on EtherealMind.
Today we’re excited to announce Cloudflare Network Interconnect (CNI). CNI allows our customers to interconnect branch and HQ locations directly with Cloudflare wherever they are, bringing Cloudflare’s full suite of network functions to their physical network edge. Using CNI to interconnect provides security, reliability, and performance benefits vs. using the public Internet to connect to Cloudflare. And because of Cloudflare’s global network reach, connecting to our network is straightforward no matter where on the planet your infrastructure and employees are.
At its most basic level, an interconnect is a link between two networks. Today, we’re offering customers the following options to interconnect with Cloudflare’s network:
To use a real world analogy: Cloudflare over the years has built a network of highways across the Internet to handle all our customers' traffic. We’re now providing dedicated on-ramps for our customers’ on-prem networks to get onto those highways.
CNI provides more reliable, faster, and more Continue reading
Today we’re excited to announce Cloudflare’s Network Interconnection Partner Program, in support of our new CNI product. As ever more enterprises turn to Cloudflare to secure and accelerate their branch and core networks, the ability to connect privately and securely becomes increasingly important. Today's announcement significantly increases the interconnection options for our customers, allowing them to connect with us in the location of their choice using the method or vendors they prefer.
In addition to our physical locations, our customers can now interconnect with us at any of 23 metro areas across five continents using software-defined layer 2 networking technology. Following the recent release of CNI (which includes PNI support for Magic Transit), customers can now order layer 3 DDoS protection in any of the markets below, without requiring physical cross connects, providing private and secure links, with simpler setup.
We’re very excited to announce that five of the world's premier interconnect platforms are available at launch. Console Connect by PCCW Global in 14 locations, Megaport in 14 locations, PacketFabric in 15 locations, Equinix ECX Fabric™ in 8 locations and Zayo Tranzact in 3 locations, spanning North America, Europe, Asia, Oceania and Africa.
 |
 |
|
 |
 |
Like much of the networking world, there are many terms in the interconnection space for the same thing: Cloud Exchange, Virtual Cross Connect Platform and Interconnection Platform are all synonyms. They are platforms that allow two networks to interconnect privately at layer 2, without requiring additional physical cabling. Instead the customer can order a port and a virtual connection on a dashboard, and the interconnection ‘fabric’ will establish the connection. Since many large customers are already connected to these fabrics for their connections to traditional Cloud providers, it is a very convenient method to establish private connectivity with Cloudflare.
Cloudflare has an extensive peering infrastructure and already has private links to thousands of other networks. Virtual private interconnection is particularly attractive to customers with strict security postures and demanding performance requirements, but without the added burden of ordering and managing additional physical cross connects and expanding their physical infrastructure.
Secure
Similar to physical PNI, traffic does not pass across the Internet. Rather, it flows from the customer router, to the Interconnection Platform’s network and ultimately to Cloudflare. So while there is still some element of shared infrastructure, it’s not over the public Internet.
Efficient
Modern PNIs are typically a minimum of 1Gbps, but if you have the security motivation without the sustained 1Gbps data transfer rates, then you will have idle capacity. Virtual connections provide for “sub-rate” speeds, which means less than 1Gbps, such as 100Mbps, meaning you only pay for what you use. Most providers also allow some level of “burstiness”, which is to say you can exceed that 100Mbps limit for short periods.
Performance
By avoiding the public Internet, virtual links avoid Internet congestion.
Price
The major cloud providers typically have different pricing for egressing data to the Internet compared to an Interconnect Platform. By connecting to your cloud via an Interconnect Partner, you can benefit from those reduced egress fees between your cloud and the Interconnection Platform. This builds on our Bandwidth Alliance to give customers more options to continue to drive down their network costs.
Less Overhead
By virtualizing, you reduce physical cable management to just one connection into the Interconnection Platform. From there, everything defined and managed in software. For example, ordering a 100Mbps link to Cloudflare can be a few clicks in a Dashboard, as would be a 100Mbps link into Salesforce.
Data Center Independence
Is your infrastructure in the same metro, but in a different facility to Cloudflare? An Interconnection Platform can bring us together without the need for additional physical links.
The metro areas below have currently active connections. New providers and locations can be turned up on request.
Our customers have been asking for direct on-ramps to our global network for a long time and we’re excited to deliver that today with both physical and virtual connectivity of the world’s leading interconnection Platforms.
Already a Cloudflare customer and connected with one of our Interconnection partners? Then contact your account team today to get connected and benefit from improved reliability, security and privacy of Cloudflare Network Interconnect via our interconnection partners.
Are you an Interconnection Platform with customers demanding direct connectivity to Cloudflare? Head to our partner program page and click “Become a partner”. We’ll continue to add platforms and partners according to customer demand.
"Equinix and Cloudflare share the vision of software-defined, virtualized and API-driven network connections. The availability of Cloudflare on the Equinix Cloud Exchange Fabric demonstrates that shared vision and we’re excited to offer it to our joint customers today."
– Joseph Harding, Equinix, Vice President, Global Product & Platform MarketingSoftware Developer
"Cloudflare and Megaport are driven to offer greater flexibility to our customers. In addition to accessing Cloudflare’s platform on Megaport’s global internet exchange service, customers can now provision on-demand, secure connections through our Software Defined Network directly to Cloudflare Network Interconnect on-ramps globally. With over 700 enabled data centres in 23 countries, Megaport extends the reach of CNI onramps to the locations where enterprises house their critical IT infrastructure. Because Cloudflare is interconnected with our SDN, customers can point, click, and connect in real time. We’re delighted to grow our partnership with Cloudflare and bring CNI to our services ecosystem — allowing customers to build multi-service, securely-connected IT architectures in a matter of minutes."
– Matt Simpson, Megaport, VP of Cloud Services
“The ability to self-provision direct connections to Cloudflare’s network from Console Connect is a powerful tool for enterprises as they come to terms with new demands on their networks. We are really excited to bring together Cloudflare’s industry-leading solutions with PCCW Global’s high-performance network on the Console Connect platform, which will deliver much higher levels of network security and performance to businesses worldwide.”
– Michael Glynn, PCCW Global, VP of Digital Automated Innovation
"Our customers can now connect to Cloudflare via a private, secure, and dedicated connection via the PacketFabric Marketplace. PacketFabric is proud to be the launch partner for Cloudflare's Interconnection program. Our large U.S. footprint provides the reach and density that Cloudflare customers need."
– Dave Ward, PacketFabric CEO
Many IT environments grow more and more complex. It is more important than ever that an automation solution always has the most up to date information about what nodes are present and need to be automated. To answer this challenge, the Red Hat Ansible Automation Platform uses inventories: lists of managed nodes.
In its simplest form, inventories can be static files. This is ideal when getting started with Ansible, but as the automation is scaled, a static inventory file is not enough anymore:
The answer to both of these questions is to use a dynamic inventory: a script or a plugin that will go to a source of truth and discover the nodes that need to be managed. It will also automatically classify the nodes by putting them into groups, which can be used to more selectively target devices when automating with Ansible.
Inventory plugins allow Ansible users to use external platforms to Continue reading
Smart use of available resources.
The post Mirai Botnet Exploit Weaponized to Attack IoT Devices via F5 Appliances appeared first on EtherealMind.
I was going through Nick Russo’s course Getting Started with Software Development Using Cisco DevNet at Pluralsight and one thing he went through was interacting with the DNA Center API. Using a call to /intent/api/v1/network-device, DNA-C will return a JSON object consisting of an array of objects, or in Python speak, a list of dictionaries. This looks something like below, snipped for brevity:
{
"response": [
{
"memorySize": "3735220224",
"family": "Wireless Controller",
"type": "Cisco 3504 Wireless LAN Controller",
"macAddress": "50:61:bf:57:2f:00",
"softwareType": "Cisco Controller",
"softwareVersion": "8.8.111.0",
"deviceSupportLevel": "Supported",
"platformId": "AIR-CT3504-K9",
"reachabilityFailureReason": "",
"series": "Cisco 3500 Series Wireless LAN Controller",
"serialNumber": "FCW2218M0B1",
"inventoryStatusDetail": "<status><general code=\"SUCCESS\"/></status>",
"hostname": "3504_WLC",
"lastUpdateTime": 1596457941780,
"errorDescription": null,
"interfaceCount": "0",
"lastUpdated": "2020-08-03 12:32:21",
"lineCardCount": "0",
"lineCardId": "",
"locationName": null,
"managementIpAddress": "10.10.20.51",
"reachabilityStatus": "Reachable",
"snmpContact": "",
"snmpLocation": "",
"tagCount": "0",
"tunnelUdpPort": "16666",
"waasDeviceMode": null,
"apManagerInterfaceIp": "",
"associatedWlcIp": "",
"bootDateTime": "2020-03-12 16:08:21",
"collectionStatus": "Managed",
"errorCode": null,
"roleSource": "AUTO",
"upTime": "143 days, 20:24:58.00",
"location": null,
"role": "ACCESS",
"collectionInterval": "Global Default",
"instanceTenantId": "5e5a432575161200cc4ac95c",
"instanceUuid": "72dc1f0a-e4da-4ec3-a055-822416894dd5",
"id": "72dc1f0a-e4da-4ec3-a055-822416894dd5"
},
{
"memorySize": "NA",
"family": "Switches and Hubs",
"type": "Cisco Catalyst 9300 Switch",
"macAddress": "00:72:78:54:d1:00",
"softwareType": "IOS-XE",
"softwareVersion": "16.6.4a",
"deviceSupportLevel": "Supported",
"platformId": "C9300-48U",
"reachabilityFailureReason": "",
Continue reading
Secure Access Service Edge (SASE) is an emerging market category. On today's Tech Bytes episode, we examine SASE with sponsor Fortinet, including how Fortinet's flexible consumption model differentiates its SASE offering. Our guest is John Maddison, Executive VP of Products at Fortinet.
The post Tech Bytes: Fortinet’s SASE Is More Than Just The Cloud (Sponsored) appeared first on Packet Pushers.
This was an internship unlike any other. With a backdrop of a pandemic, protests, and a puppy that interrupted just about every Zoom meeting, it was also an internship that demonstrated Cloudflare’s leadership in giving students meaningful opportunities to explore their interests and contribute to the company’s mission: to help build a better Internet.
For the past twelve weeks, I’ve had the pleasure of working as a Legal Intern at Cloudflare. A few key things set this internship apart from even those in which I’ve been able to connect with people in-person:
Ever since I formally accepted my internship, the Cloudflare team has been in frequent and thorough communication about what to expect and how to make the most of my experience. This approach to communication was in stark contrast to the approach taken by several other companies and law firms. The moment COVID-19 hit, Cloudflare not only reassured me that I’d still have a job, the company also doubled down on bringing on more interns. Comparatively, a bunch of my fellow law school students were left in limbo: unsure of if they had a job, the extent to which they’d be able to do it Continue reading
I think we can all agree networks have become too complex—and this complexity is a result of the network often becoming the “final dumping ground” of every problem that seems like it might impact more than one system, or everything no-one else can figure out how to solve. It’s rather humorous, in fact, to see a lot of server and application folks sitting around saying “this networking stuff is so complex—let’s design something better and simpler in our bespoke overlay…” and then falling into the same complexity traps as they start facing the real problems of policy and scale.
This complexity cannot be “automated away.” It can be smeared over with intent, but we’re going to find—soon enough—that smearing intent on top of complexity just makes for a dirty kitchen and a sub-standard meal.
While this is always “top of mind” in my world, what brings it to mind this particular week is a paper by Jen Rexford et al. (I know Jen isn’t on the lead position in the author list, but still…) called A Clean Slate 4D Approach to Network Control and Management. Of course, I can appreciate the paper in part because I agree with a Continue reading