What’s inside net/http? Late binding in the Go standard library

It's well known that we're heavy users of the Go programming language at CloudFlare. Our work often involves delving into the standard library source code to understand internal code paths, error handling and performance characteristics.

Recently, I looked at how the standard library's built-in HTTP client handles connections to remote servers in order to provide minimal roundtrip latency.

Athletics track CC By 2.0 Image by Dean Hochman

Connection pooling

A common pattern that aims to avoid connection setup costs (such as the TCP handshake and TLS setup) and confer control over the number of concurrently established connections is to pool them. net/http maintains a pool of connections to each remote host which supports Connection: keep-alive. The default size of the pool is two idle connections per remote host.

More interestingly, when you make a request with net/http, a race happens. Races in code are often an unwanted side effect, but in this case it's intentional. Two goroutines operate in parallel: one that tries to dial a connection to the remote host, and another which tries to retrieve an idle connection from the connection pool. The fastest goroutine wins.

To illustrate, let's look at the code executed when transport.RoundTrip(req) is Continue reading

Merry Christmas!

merry-christmas

I’m taking a little break from the blog ’til the beginning of the year… See you on the front side of 2016.

The post Merry Christmas! appeared first on 'net work.

IT Pros Brace For Holiday Nightmares

While other employees are taking time off or partying it up during the holiday season, IT teams are busy fixing problems, according to an Ipswitch poll.

10 more Raspberry Pi projects primed for IT

The Raspberry Pi was created as an educational platform but has become one of the most popular embedded systems platforms on earth with a full copy of Linux and a rabid community of DIY-minded developers. That combination alone makes the Raspberry Pi a natural fit for hacking together enterprise IT applications and devices. Add in its low cost and the ready availability of open source solutions, and you can quickly see how previously expensive systems and devices are suddenly within reach of IT departments willing to experiment with Raspberry Pi, as my first foray into DIY IT Raspberry Pi projects showed.To read this article in full or to leave a comment, please click here

Essential data points for the tech year ahead

Ready, set, disrupt!If an overarching conclusion can be drawn from the results of Computerworld's Forecast survey of 182 IT professionals, it's that 2016 is shaping up to be the year of IT as a change agent.IT is poised to move fully to the center of the business in 2016, as digital transformation becomes a top strategic priority. CIOs and their tech organizations are well positioned to drive that change, thanks to IT budget growth, head count increases and a pronounced shift toward strategic spending.To read this article in full or to leave a comment, please click here

IT pros brace for lost devices, access problems, on-call holidays

More than half (56%) of IT pros will be on-call or working during the holidays to troubleshoot tech problems, according to network management vendor Ipswitch. Past experience shows it’s necessary: among 378 IT pros surveyed, 38% say they’ve experienced a major network outage during a holiday break.Here are some additional findings from Ipswitch’s third annual "Happy Holidays?" survey: Days expected to be on-call or working • Christmas Eve: cited by 29%• Christmas Day: 11%• New Year’s Eve: 11%• New Year’s Day: 5%To read this article in full or to leave a comment, please click here

Network World’s 20 Best Products of 2015

Tough to chooseWith so many great products on the market, it’s hard to pick the best ones. So we asked our experts, Network World’s independent product reviewers and bloggers to list their favorite products of 2015. What we got back was a list that covers the full spectrum of the networking world, with a little entertainment and gaming thrown in.To read this article in full or to leave a comment, please click here

New products of the week 12.21.2015

New products of the weekOur roundup of intriguing new products. Read how to submit an entry to Network World's products of the week slideshow.CloudBerry Backup for Mac OS and Linux OS FreewareKey features: CloudBerry Backup for Mac and Linux provides flexible scheduling options and retention policies, email notifications, as well as support for MS Azure, Amazon S3 including Standard-IA storage class. More info.To read this article in full or to leave a comment, please click here

Tim Cook says there isn’t a trade-off between security and privacy

In a strong defense of encryption, Apple's CEO Tim Cook said that there was no trade-off between privacy and national security when it comes to encryption."I think that's an overly simplistic view. We're America. We should have both," he told Charlie Rose on CBS' 60 Minutes program on Sunday, according to a transcript of the interview posted online.Cook said that people should be able to protect their personal data on their smartphones, such as health and financial information, intimate conversations with family and co-workers, and possibly business secrets.To read this article in full or to leave a comment, please click here

Juniper faces many questions after spying code planted in software

The discovery of spying code nestled deeply in Juniper's networking equipment, the latest example of a major IT vendor caught up in an damaging cyberattack, raises many questions.Juniper said Thursday that one of its firewall operating systems had been modified to allow secret access, posing a huge threat to companies and organizations using the equipment.Security experts wondered how the modifications could have been made years ago to some of Juniper's most sensitive source code without it knowing until recently. Companies try to vigorously protect their source code, which is an IT company's core intellectual property.But the fact that Juniper's Chief Information Officer, Bob Worrell, came forward with the findings has been met with praise, although there is hope the company will soon provide greater detail.To read this article in full or to leave a comment, please click here

OpenConfig, Data Models, and APIs

[Special thanks to Rob Shakir for taking the time to talk about OpenConfig and the related work he has going on. He definitely helped make the second half of this post happen- thank you, Rob. Note: all of the BGP code examples are borrowed from Rob and his original work can be found here.]

Introduction

As more devices continue to add support for APIs, and the industry migrates from CLI to API, the question often arises, “is there ever going to be a common multi-vendor network device API?”

Let me answer that for you, “No!” Why? Think about it. What’s in it for the vendors?

If you keep reading, you may see that there is in fact a reason for vendors to develop a common API.

That said, this is the reason I initiated CPAL almost 2 years ago, which didn’t go anywhere for a number of reasons, and as an aside, we are re-visiting the idea beyond CPAL, and you should see something within a few weeks! And this is also the reason we have projects such as netmiko, ntc-ansible, NAPALM, and one that is the focus of this post, OpenConfig.

This Continue reading

Sentri wants to guard your home but isn’t very good at it yet

Home automation is now “A Serious Thing”™ with what seems to be a new technology company throwing its hat into the ring just about every day. Today I have yet another entrant to the market, the Sentri, a home monitoring device with a lot of potential but also a lot of problems. The Sentri is a touchscreen tablet computer that acts primarily as a video home surveillance and environmental monitoring system. It’s roughly tablet-size (9.842" by 9.842" square and 1.18" deep) with a 120-degree, wide-angle camera, night vision, and temperature, humidity, and air quality sensors. At any time and from anywhere you can view the Sentri’s video using the free iOS and Android apps. To read this article in full or to leave a comment, please click here

FBI, DHS investigating Juniper hack; secret backdoor dates back 3 years

Juniper Networks’ announcement of discovering “unauthorized code” in its software which could allow attackers to take over machines and decrypt VPN traffic has shaken up more than the security world; the Department of Homeland Security and the FBI are reportedly involved in investigating the backdoor.After Juniper warned that attackers could exploit the “unauthorized code” in order “to gain administrative access to NetScreen devices and to decrypt VPN connections,” and then wipe the logs to remove any trace of a compromise, an unnamed senior official told Reuters that the Department of Homeland Security is involved in Juniper’s investigation.To read this article in full or to leave a comment, please click here

FBI, DHS investigating Juniper hack, secret backdoor dates back 3 years

Why It’s Time to Build a Zero Trust Network

Network security, for a long time, has worked off of the old Russian maxim, “trust but verify.” Trust a user, but verify it’s them. However, today’s network landscape — where the Internet of Things, the Cloud, and more are introducing new vulnerabilities — makes the “verify” part of “trust but verify” difficult and inefficient. We need a simpler security model. That model: Zero Trust. Continue reading

Dog and Bone LockSmart: The padlock rethought

It’s amazing what manufacturers have turned into “connected” devices and many of them, for example Bluetooth-enabled toothbrushes, seem more like “me-too” attempts to attract attention rather than real product improvements. Not so today’s product which is a great enhancement of a device I’ve never thought needed to be connected: The good, ol’ fashioned padlock.Dog and Bone, an Australian company that started out making cellphone cases (and obviously enjoys Cockney rhyming slang; “dog and bone” equates to “phone”) have recently started selling LockSmart, a Bluetooth LE-enabled padlock and I’d suggest that it’s a really useful rethink of how to interact with a pretty old technology.To read this article in full or to leave a comment, please click here

VMware NSX Reference Design Guide Update

The VMware NSX reference design guide has been a trusted source for NSX implementers to ensure a smooth and successful deployment. The NSX design guide has been incorporated as a baseline in industry recognized and validated architectures such as VCE VxBlock, Federation Enterprise Hybrid Cloud and the VMware Validated Designs.

We are introducing a new updated version of the NSX design guide just in time for the holiday break to add to your yearend reading list. This design guide incorporates tons of feedback we have received from our readers and is based on the learnings of over 200+ production customer deployments of NSX.

The updated design guide provides a detailed overview of how NSX works, the components and core design principles.

The main updates include:

Routing Design

We are diving deeper into distributed routing and edge routing best practices. NSX connectivity options from the virtual to physical infrastructure are often left to interpretation which generates confusion with established best practice. While NSX offers multiple options for connectivity we are taking the position of offering more prescriptive guidance in this document. The reader will get a better understanding of the design principles and availability guidance.

Security Policy Design

We Continue reading

DNC – What does “dropped the firewall” even mean?

In a CNN article that discusses Sander’s access to the Clinton campaign information, I found the following statement–

The breach occurred when the vendor, NGP VAN, which supplies access to the database of voter information for both campaigns dropped the firewall, and at least one Sanders campaign staffer accessed Clinton campaign voter data. The accused staffer, Josh Uretsky, Sanders’ national data director, was fired from the campaign.

I have to ask, what does that even mean. So NGP VAN is using a firewall to isolate data between candidates? Are there no controls in the application? And what does it mean to drop a firewall?

I have to assume that this would indicate a “permit any” or maybe some other bypass. I’d love to know the technical details around this situation.

Firewalls aren’t magical boxes and this is a “dumbed down” if not inaccurate response.

I’d love to hear from you, so share your experiences by commenting below.
Continue reading

Bad actors race to exploit Juniper firewall vulnerability

Now that Juniper has created a patch for its vulnerable firewall/VPN appliances, bad actors are setting to work reverse engineering the flaw so they can exploit devices that users don’t patch, and also make a profit by selling their exploits to others.“That’s what they do,” says John Pironti, president of IP Architects, who says he spent Friday responding to concerns about the compromised Juniper firewalls with his clients.The pattern cyber criminals follow after vendors patch vulnerabilities is to compare the patched code to the unpatched code, figure out what the flawed code was and figure out how to use it to break into the device and the network it protects, Pironti says.To read this article in full or to leave a comment, please click here

Datacenter Vanity

I’ve been noticing a trend recently in enterprise networking where managers and engineers alike are more concerned (obsessed) with the physical appearance of their rack, wires, and network equipment than they are with the actual pragmatic design and stability of said network. Approx Reading Time: 3-5 Minutes A Little is Good Now a certain amount […]

The post Datacenter Vanity appeared first on Packet Pushers.

« Previous 1 … 3,146 3,147 3,148 3,149 3,150 … 3,780 Next »