How We Extended CloudFlare’s Performance and Security Into Mainland China

CloudFlare launched five years ago. Within a year of our launch, the biggest surprise was the strong global demand for our service. From nearly the beginning, China was the second largest source of traffic by country to our network, behind only the United States.

In retrospect, that shouldn't have been a surprise. In 2010, the year we launched, 34% of China's population, or 450 million people, were online. Today, nearly half the country is online. To put it another way, with 700 million people online, China represents a quarter of all Internet users. If your mission is to help build a better Internet, like CloudFlare's is, then China is a country you cannot ignore.

Consequently, starting in 2011, we began to investigate how CloudFlare could bring our service to the Chinese Internet. Four years later, we're excited to announce the extension of CloudFlare's performance and security platform across mainland China. This is the story of how we did it.

The Challenges

There are three major challenges to extending a service like CloudFlare's across mainland China: technical, economic, and regulatory.

Technical

From a technical perspective, the Chinese Internet, despite its many similarities, is different than the rest of the world. Unlike Continue reading

IPv6-based Wi-Fi Hotspots

Apple’s 2015 WWDC event included a great session on IPv6 & TCP changes coming with iOS 9. There is a related post to the IETF v6ops mailing list here. The new IPv6 hotspot is very interesting to me. These are my notes on how hotspot functionality can work with IPv6, and no NAT.

Disclaimer: These are my own notes, written to help my understanding. There will be mistakes. Corrections welcome.

IPv4 Hotspot – (aka the simplicity of NAT?)

The current IPv4 hotspots use simple NAT, similar to most home network setups. The mobile network assigns a public IPv4 /32 address to the handset, H. The handset picks a local RFC1918 address space for its connectivity to local clients, and hands that out via DHCP. Hide NAT is used to provide outbound internet connectivity for those clients.

IPv4 Hotspot

What about IPv6? Isn’t NAT verboten?

NAT is evil, right? We can’t use NAT to hide the local clients behind the handset. So how do we provide IPv6 hotspot functionality? One way would be to use DHCPv6 PD. When the hotspot is enabled, the mobile device could request a prefix via DHCPv6 PD. That could then be used for local devices.

Unfortunately the Continue reading

Researcher reveals remotely exploitable flaw in world’s most widely-used real-time OS

A security researcher discovered a serious yet simple flaw in VxWorks, a real-time operating system for the Internet of Things, which an attacker could remotely exploit without needing any interaction with a user. The OS is used in everyday things like network routers to critical infrastructure as well in NASA’s Curiosity Rover on Mars and Boeing 787 Dreamliners.Searching for VxWorks via Shodan reveals about 100,000 internet-connected devices running the OS, but VxWorks supposedly powers “billions of intelligent devices.” The researcher warned that the vulnerability “allows remote code execution on most VxWorks-based devices.”To read this article in full or to leave a comment, please click here

Wireshark Mac OS X v1.99.1 Waitpid() error quick fix

I had 1.99.1 beta running in Mavericks quite well, problems arose with upgrade to 10.10. Yosemite. I saw [crayon-563410ebcce3a627922708-i/]  every time wireshark started and did not see any interfaces to start capture on. Thanks I was not alone with this one, go to the link provided to see the details, or do not give a sh*t and apply this one

Intel’s latest IoT move heats up the race for low-power networks

While mobile operators often claim bragging rights to the fastest smartphone connections, another rivalry is heating up around networks that aren't fast at all: Their claim to fame is that they don't suck up power. On Friday, Intel said it would work with cellular heavyweights Ericsson and Nokia to commercialize NB-LTE (Narrow-Band LTE), a variant of the latest cellular technology that uses a small amount of radio spectrum to efficiently carry small amounts of data. Also this week, low-power network specialist Ingenu said it would build a network across the U.S. within two years. Those are just two of the systems being promoted as the perfect glue to connect the burgeoning Internet of Things. They're vying to become the network of choice for electric meters, street lamps, pipelines and other infrastructure. By 2020, nearly 1.5 million devices will be connected to LPWA (low-power wide area) networks, Machina Research estimates. LPWA will cut the cost of IoT and make it useful for more things, Machina analyst Godfrey Chua said.To read this article in full or to leave a comment, please click here

RouterJockey is launching a clothing line?!?!???

Ok maybe that title is a bit grandiose… But due to the great response I received Friday morning from the launch of the original PCAP shirt, and the IPv6 follow-up, I decided to create a few new designs and put everything into a store front. If the demand continues I will continue to publish new shirts, and keep up with relaunching original designs into their own campaigns. Not that I expect the demand for these shirts to continue long term, but you never know. Nevertheless I appreciate everyone’s support thus far.

But I need you! Yes… You! I need your ideas, and most importantly I need your feedback. So please, contact me on twitter and let me know what you think. If you like what you see, please share the url for the store.

Without further ado…

2015-09-11 at 1.47 PM-1
Click to visit the RouterJockey shop

The post RouterJockey is launching a clothing line?!?!??? appeared first on Router Jockey.

How to run Juniper vMX in UNetLab

Juniper offers its brilliant MX routers for virtual environments – namely vMX. And we cant name ourselves engineers if we wouldn’t try to run one in the Unetlab. Running vMX in the unetlab is a simple task, yet I see many complaints about vMX not working. With this being said I invite you to a journey called “running vMX

iPexpert’s Newest “CCIE Wall of Fame” Additions 9/11/2015

Please join us in congratulating the following iPexpert students who have passed their CCIE lab!

This Week’s CCIE Success Stories

  • Hesham Abdelkereem, CCIE #40790 (Dual, Wireless & Collaboration)
  • Nadeem Akbar, CCIE #11610 (Wireless)
  • Hugo Dantas, CCIE #49174 (Collaboration)

This Week’s Testimonial

Hesham Abdelkereem CCIE #40790 (Wireless & Collaboration)
The product that helped me was Video on Demand.

Nadeem Akbar CCIE #411610 (Wireless)
The CCIE Wireless Bootcamp helped me pass the exam.

We Want to Hear From You!

Have you passed your CCIE lab exam and used any of iPexpert’s self-study products, or attended a CCIE Bootcamp? If so, we’d like to add you to our CCIE Wall of Fame!

CCIE Benefits – What are they?

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
Now that I have passed the CCIE Lab exam people are asking me “What are the CCIE benefits?” As for tangible benefits to me personally they are in no particular order: I can now go to the CCIE Apparel store and purchase my CCIE Leather Jacket and other clothing with my CCIE digits on them […]

Post taken from CCIE Blog

Original post CCIE Benefits – What are they?

Docker Global Hack Day #3 Starts Next Week!

Docker Global Hack Day is on Wednesday, September 16th through Monday, September 21st! Submit Your Hack Ideas! or check out already submitted hack ideas! Three Docker Global Hack Day hackers – Nicolas De Loof, Willy Kuo, and Chia-Chi Chang – share their thoughts on participating in … Continued

Grab your new credit card and get ready to dip your chip

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  If you live in the United States and you have a credit card, chances are high your bank recently sent you a new card with an embedded smart chip. Banks and other card issuers are scurrying to put chip-enabled credit cards in their customers' hands. Debits cards, too. These cards are critical for a new security system for card-based payments that will go into effect in the U.S. soon.In the lingo of the payments industry, the new cards are called EMV cards. EMV is an open set of specifications for smart cards and other acceptance devices such as smart phones and fobs. EMV stands for Europay, MasterCard and Visa, which are the three companies that developed the standard in 1994. Today the EMV standard is managed by EMVCo LLC, which has six member organizations – American Express, Discover, JCB, MasterCard, UnionPay and Visa – and dozens of EMVCo associates. EMVCo makes decisions on a consensus basis to assure card infrastructure uniformity throughout the world.To read this article in full or to leave a comment, please click here

Even the FBI is worried about Internet of Things security

Dave Newman Amidst all the excitement about the possible benefits of the Internet of Things, a slew of warnings have been sounded by IT pros, vendors and analysts about looming security threats. Now you can add the FBI to that list of those cautioning enthusiasts.The Bureau this week issued a public service announcement regarding cybercrime opportunities posed by the connecting of all sorts of data-enabled devices, from medical gear to entertainment gadgets, to the Internet.To read this article in full or to leave a comment, please click here

PlexxiPulse—Reflections on VMworld

VMworld was buzzing last week. I was impressed by the focus on delivering solutions that help accelerate the deployment of workloads this year—a definite shift from years past. It was great to see demonstrations of solutions in action and the impact they have on their customers. There were a few things that made an impression on me at the show that I included in a blog post earlier this week. Were you at the show in San Francisco last week? What were your key takeaways?

Below please find a few of our top picks for our favorite news articles of the week. Enjoy!

Business 2 Community: The Future of Networking Will Be Written By the Leaders
By Jim Rapoza
One of my favorite bands of all time is The Clash, and a famous quote attributed to their late band leader Joe Strummer is that “the future is unwritten.” And in most cases that is very true. For example, few people in 2005 could have successfully predicted many of the trends and realities of today, whether in the everyday world or in the realm of technology. But while the future may be unwritten, sometimes we do have a pretty good Continue reading

1 3,247 3,248 3,249 3,250 3,251 3,764