One of the most exciting announcements from the last AWS re:Invent was the Elastic Network Adapter (ENA) Express functionality that uses the Scalable Reliable Datagram (SRD) protocol as the transport protocol for the overlay virtual networks. AWS claims ENA Express can push 25 Gbps over a single TCP flow and that SRD improves the tail latency (99.9 percentile) for high-throughput workloads by 85%.
Ignoring the “DPUs could change the network forever” blogosphere reactions (hint: they won’t), let’s see what could be happening behind the scenes and why SRD improves TCP throughput and tail latency.
One of the most exciting announcements from the last AWS re:Invent was the Elastic Network Adapter (ENA) Express functionality that uses the Scalable Reliable Datagram (SRD) protocol as the transport protocol for the overlay virtual networks. AWS claims ENA Express can push 25 Gbps over a single TCP flow and that SRD improves the tail latency (99.9 percentile) for high-throughput workloads by 85%.
Ignoring the “DPUs could change the network forever” blogosphere reactions (hint: they won’t), let’s see what could be happening behind the scenes and why SRD improves TCP throughput and tail latency.
When choosing an underlay for an EVPN/VXAN network, the prevailing wisdom is that BGP is the best choice for the underlay routing protocol. And overall, I think that’s true. But OSPF can make a compelling underlay too, as it has a few logistical advantages over BGP in certain cases.
When building out EVPN/VXLAN networks, I like to break the build into four components. They are layers that are built one-by-one on top of each other.
Topology (typically leaf/spine)
Underlay (provides IP connecitivity for loopbacks)
Overlay (exchanges EVPN routes)
EVPN services (these are the Layer 2 and Layer 3 networks internal hosts and external networks connect to)
This article is exclusively about the underlay portion. It’s a very simple routed network that has one job, and job only:
Provide routes to enable IP connectivity from any loopbacks on a device to any loopback on any other device.
That’s it.
In normal operation the routing table will be incredibly static. The only time the routing table would change is when a switch is added or removed, or a link goes down, or a switch is upgraded, etc. In regular operation it won’t change.
The underlay is important, but the underlay isn’t Continue reading
A joint effort by immersion cooling firm Iceotope and Meta, the parent company of Facebook, found cooling hard drives with a dielectric liquid is safe and a more effective means of cooling than using fans.Hyperscalers like Meta deploy thousands of HDDs in their data centers, and while the heat given off on an individual basis is tiny, it adds up, especially since the drives are in constant use and are close together. The drives are stored in server racks that hold nothing but dozens of hard drives and are referred to as a JBOD (Just a Bunch Of Disks).A JBOD can overheat without cooling, which up to now has been done with fans, but some drives were further away from fans than others, causing uneven cooling.To read this article in full, please click here
A joint effort by immersion cooling firm Iceotope and Meta, the parent company of Facebook, found cooling hard drives with a dielectric liquid is safe and a more effective means of cooling than using fans.Hyperscalers like Meta deploy thousands of HDDs in their data centers, and while the heat given off on an individual basis is tiny, it adds up, especially since the drives are in constant use and are close together. The drives are stored in server racks that hold nothing but dozens of hard drives and are referred to as a JBOD (Just a Bunch Of Disks).A JBOD can overheat without cooling, which up to now has been done with fans, but some drives were further away from fans than others, causing uneven cooling.To read this article in full, please click here
Any outages, security issues, or performance degradations can impact an entire business. As such, careful planning must occur throughout day 0, 1, and 2 phases.
Backup and recovery systems are at risk for two types of ransomware attacks: encryption and exfiltration – and most on-premises backup servers are wide open to both. This makes backup systems themselves the primary target of some ransomware groups, and warrants special attention.Hackers understand that backup servers are often under-protected and administered by junior personnel that are less well versed in information security. And it seems no one wants to do something about it lest they become the new backup expert responsible for the server. This is an age-old problem that can allow backup systems to pass under the radar of sound processes that protect most servers.To read this article in full, please click here
Backup and recovery systems are at risk for two types of ransomware attacks: encryption and exfiltration – and most on-premises backup servers are wide open to both. This makes backup systems themselves the primary target of some ransomware groups, and warrants special attention.Hackers understand that backup servers are often under-protected and administered by junior personnel that are less well versed in information security. And it seems no one wants to do something about it lest they become the new backup expert responsible for the server. This is an age-old problem that can allow backup systems to pass under the radar of sound processes that protect most servers.To read this article in full, please click here
What can we learn from a Microsoft study of switch failures in its data centers? Hardware failures are more common that software failures, the law of large numbers can overwhelm your resiliency and redundancy planning, and open-source software can be admirably robust.
With the NSX 4.0.1.1 release, Migration Coordinator adds two game-changing features that help simplify workload migration in the case of lift and shift migration mode. These features build on top of the User Defined Topology mode of migration and add one more config mode. Folks familiar with the User Defined Topology will find the workflow very similar with the added benefit of simplified workload migration, leveraging HCX.
In this blog post, we will look at this new feature and how to take advantage of it. Please check out the resource links for more information on Migration Coordinator. We will start with a high-level overview before digging into the details.
Migration Coordinator
Migration Coordinator was introduced with NSX-T 2.4 to enable customers to migrate from NSX for vSphere to NSX-T Data Center. It’s a free, fully supported tool that’s built into NSX-T Data Center. Migration Coordinator is flexible with multiple options enabling multiple ways to migrate based on customer requirements. The first release provided a way to migrate everything, including config, workloads, and hosts in place using the same hardware if the deployed topology matched the supported topologies. Starting with the NSX-T 3. Continue reading
Whether you’re managing a network at work or just watching out for your home systems, it’s important to understand your network connections--how you communicate with public systems and those on the local network. This article covers some of the most important commands available on Linux to help you get a clear understanding of your local network and how it reaches outside.While the links provided include important tips on using network commands, some include commands that have been deprecated in favor of newer commands. Some of the most important commands to know today include ip a, ip neigh, ping, tracepath, dig, tcpdump and whois.To read this article in full, please click here
Whether you’re managing a network at work or just watching out for your home systems, it’s important to understand your network connections--how you communicate with public systems and those on the local network. This article covers some of the most important commands available on Linux to help you get a clear understanding of your local network and how it reaches outside.While the links provided include important tips on using network commands, some include commands that have been deprecated in favor of newer commands. Some of the most important commands to know today include ip a, ip neigh, ping, tracepath, dig, tcpdump and whois.To read this article in full, please click here
What good is a floating point operation embodied in a vector or matrix unit if you can’t get data into fast enough to actually use the compute engine to process it in some fashion in a clock cycle? …
Today's Full Stack Journey podcast welcomes software engineer Kat Morgan to discuss finding and following passion projects---which for Kat include KubeVirt and UOR Framework. Scott and Kat have a technical and entertaining conversation about how pursuing passion projects can inform, shape, and create career opportunities.
Today's Full Stack Journey podcast welcomes software engineer Kat Morgan to discuss finding and following passion projects---which for Kat include KubeVirt and UOR Framework. Scott and Kat have a technical and entertaining conversation about how pursuing passion projects can inform, shape, and create career opportunities.
Sometimes, budget pressures mean you just have to cut costs. Sometimes, cutting costs in one area can give you some financial elbow room to fund something in another. A fifth of all CIOs tell me that they have a mandate to cut network costs in 2023, and another third say they’d be open to doing that if they could fund something else with the savings. Most admit that they don’t have a really good idea of how to accomplish their goal without creating a risk that would potentially overwhelm benefits.Cutting CAPEX is popular in theory. Of 87 enterprises with cost-cutting interest, 55 said they thought their capital budgets would be an attractive place to start. That’s not changed much over the last five years, but what has changed is how enterprises think they could cut CAPEX. It used to be that they believed cost reductions could be achieved with new technologies like hosted router software or white-box devices, but this year they reported concerns that integration costs and risks were too high.To read this article in full, please click here
Large-scale cyber attacks on enterprises and governments make the headlines, but the impacts of cyberattacks can be felt acutely by small businesses that struggle to keep the lights on during normal times. In this blog, we’ll share new research on how small businesses, including those using our free services, have leveraged Cloudflare services to make their businesses more secure and resistant to disruption, along with a real story about how Cloudflare makes a tangible impact for small business customers.
Your local florist, fitness studio, café, or pet shop is likely using a wide variety of cloud-based SaaS apps to stay open for customers, including online accounting software, booking systems, point-of-sale credit card readers, inventory management systems, content management Continue reading
Under-resourced organizations that are vital to the basic functioning of our global communities face relentless cyber attacks, threatening basic needs for health, safety and security.
Cloudflare’s mission is to help make a better Internet. Starting December 13, 2022, we will help support these vulnerable infrastructure by providing our enterprise-level Zero Trust cybersecurity solution to them at no cost, with no time limit.
It is our pleasure to introduce our newest Impact initiative: Project Safekeeping.
Small targets, devastating impacts
Critical infrastructure is an obvious target for cyber attack: by its very definition, these are the organizations and systems that are crucial for the functioning of our society and economy. As such, these organizations cannot have prolonged interruptions in service, or risk having sensitive data exposed.
Our conversations over the past few months with government officials in Australia, Germany, Japan, Portugal, and the United Kingdom show that they are focused on the threat to critical infrastructure, but resource constraints mean that their attention is on protecting large organizations – immense financial institutions, hospital networks, oil pipelines, and airports. Yet, the small critical infrastructure organizations that Continue reading
Recently, the United States Department of Commerce announced that all 50 states and every eligible territory had signed on to the “Internet for All'' initiative. Internet for All is the US government’s $65 billion initiative to close the Digital Divide once and for all through new broadband deployment and digital equity programs. Cloudflare is on a mission to help build a better Internet, and we support initiatives like this because we want more people using the Internet on high-throughput, low-latency, resilient and affordable Internet connections. It’s been written often since the start of the pandemic because it’s true: it isn’t acceptable that students need to go to a Taco Bell parking lot to do their homework, and a good Internet connection is increasingly important for doing adult jobs as well.
The Internet for All initiative is the result of $65 billion in broadband-related funding appropriated by the US Congress as part of the Infrastructure Investment and Jobs Act (IIJA). It’s been called a “once in a generation” funding opportunity, and compared with the Rural Electrification Act which brought power lines to rural America in the 1930s. The components of the broadband portion of the Infrastructure bill are:
In July 2021, Cloudflare announced Project Pangea to help underserved community networks get access to the Internet for free. Today, as part of Impact Week, we’re excited to expand this program to support even more communities by relaxing the technical requirements to participate.
Previously, in order to be eligible for Project Pangea, participants would need to bring at least a /24 block of IP space for Cloudflare to advertise on their behalf (referred to as “Bring Your Own IP”). But everyone should have secure, fast, and reliable access to the Internet, without being gated by costly network resources like IPv4 space. Starting now, participants no longer need to bring a /24 in order to access Pangea services: Internet connectivity, DDoS protection, network firewalling, traffic acceleration, and more, are available for free for eligible networks.
How is Project Pangea helping community networks?
The Internet Society, or ISOC, describes community networks as “when people come together to build and maintain the necessary infrastructure for Internet connection.” Most often, community networks emerge from need, and in response to the lack or absence of available Internet connectivity.
Cloudflare’s global network, which spans more than 275 cities across the world, provides Continue reading
