Video: Migrating into a Cloud
Matthias Luft concluded his part of Introduction to Cloud Computing webinar with a case study: how can you migrate an existing workload into a cloud environment?
Video: Migrating into a Cloud
Matthias Luft concluded his part of Introduction to Cloud Computing webinar with a case study: how can you migrate an existing workload into a cloud environment?
Lost and Hating Your Job in Tech? 9 Key Steps Before Jumping Ship
While I am not the most active user on Reddit, I still enjoy the community for the most part, even as a passive reader. Last week, Curiousguy1993 asked the IT Career Community some questions. As much as I wanted to jump in and type away my response, I eventually decided to structure my thoughts better […]
The post Lost and Hating Your Job in Tech? 9 Key Steps Before Jumping Ship appeared first on Packet Pushers.
AWS Subnet Plan Example
https://codingpackets.com/blog/aws-subnet-plan-example
AWS Subnet Plan Example
https://codingpackets.com/blog/aws-subnet-plan-example
Kubernetes Unpacked 018: Grappling With Kubernetes Complexity
In today's Kubernetes Unpacked episode, host Michael Levan and guest Michael Chenetz examine the complexity that comes with Kubernetes and its broader ecosystem, what engineers should expect when diving into it, and why organizations should invest in people not just tech.Kubernetes Unpacked 018: Grappling With Kubernetes Complexity
In today's Kubernetes Unpacked episode, host Michael Levan and guest Michael Chenetz examine the complexity that comes with Kubernetes and its broader ecosystem, what engineers should expect when diving into it, and why organizations should invest in people not just tech.
The post Kubernetes Unpacked 018: Grappling With Kubernetes Complexity appeared first on Packet Pushers.
The First RISC-V Shot Across The Datacenter Bow
When it comes to operating systems and now CPU instruction sets, there is proprietary, there is licensable and modifiable with a standard base of functionality with room for some originality, and there is true open source. …
The First RISC-V Shot Across The Datacenter Bow was written by Timothy Prickett Morgan at The Next Platform.
Azure Networking Fundamentals: VNET Peering
Comment: Here is a part of the introduction section of the eight chapter of my Azure Networking Fundamentals book. I will also publish other chapters' introduction sections soon so you can see if the book is for you. The book is available at Leanpub and Amazon (links on the right pane).
This chapter introduces an Azure VNet Peering solution. VNet peering creates bidirectional IP connections between peered VNets. VNet peering links can be established within and across Azure regions and between VNets under the different Azure subscriptions or tenants. The unencrypted data path over peer links stays within Azure's private infrastructure. Consider a software-level solution (or use VGW) if your security policy requires data path encryption. There is no bandwidth limitation in VNet Peering like in VGW, where BW is based on SKU. From the VM perspective, VNet peering gives seamless network performance (bandwidth, latency, delay, and jitter) for Inter-VNet and Intra-VNet traffic. Unlike the VGW solution, VNet peering is a non-transitive solution, the routing information learned from one VNet peer is not advertised to another VNet peer. However, we can permit peered VNets (Spokes) to use local VGW (Hub) and route Spoke-to-Spoke data by using a subnet-specific route table Continue reading
Ansible Automation Platform Moving Towards Smarter Inventory
TL;DR What is this?
It has been a long term ask and our desire to make Smart Inventory, well, smarter. We’ve listened to feedback, and are now addressing not only direct customer asks but also presenting solutions to make it better overall.
The current Red Hat Ansible Automation Platform Smart Inventory
The current Smart Inventory has a number of shortcomings:
- The smart inventory host_filter cannot express that a variable EQUALS a value, or do basic logic like NOT.
- Host/group/inventory variables cannot be filtered as a combined unit, as these are separate fields.
- Resultant smart inventories do not contain groups.
- The smart inventory host_filter has its own custom syntax, which isn’t the most friendly.
All of these issues stem from the original design of Smart Inventory, and the fact that Inventory Django models (Inventory, Group, and Host) save their “variables” in text form as YAML/JSON, as they appear in the UI. We then have to parse these into a dictionary form so they are in some way usable. This introduces new challenges and constraints.
A better solution: “constructed inventory”
So rather than continuing down a sub-optimal route, we’ve taken stock of the options (there were many and they got Continue reading
Cloudflare’s handling of a bug in interpreting IPv4-mapped IPv6 addresses
In November 2022, our bug bounty program received a critical and very interesting report. The report stated that certain types of DNS records could be used to bypass some of our network policies and connect to ports on the loopback address (e.g. 127.0.0.1) of our servers. This post will explain how we dealt with the report, how we fixed the bug, and the outcome of our internal investigation to see if the vulnerability had been previously exploited.
RFC 4291 defines ways to embed an IPv4 address into IPv6 addresses. One of the methods defined in the RFC is to use IPv4-mapped IPv6 addresses, that have the following format:
| 80 bits | 16 | 32 bits |
+--------------------------------------+--------------------------+
|0000..............................0000|FFFF| IPv4 address |
+--------------------------------------+----+---------------------+
In IPv6 notation, the corresponding mapping for 127.0.0.1 is ::ffff:127.0.0.1 (RFC 4038)
The researcher was able to use DNS entries based on mapped addresses to bypass some of our controls and access ports on the loopback address or non-routable IPs.
This vulnerability was reported on November 27 to our bug bounty program. Our Security Incident Response Team (SIRT) was contacted, and incident response activities Continue reading