Blue Light Special: Ensuring fast global configuration changes

CloudFlare operates a huge global network of servers that proxy our customers' web sites, operate as caches, inspect requests to ensure they are not malicious, deflect DDoS attacks and handle one of the largest authoritative DNS systems in the world. And where there's software there's configuration information.

CloudFlare is highly customisable. Each customer has a unique configuration consisting of DNS records, all manner of settings (such as minification, image recompression, IP-based blocking, which individual WAF rules to execute) and per-URL rules. And the configuration changes constantly.

Warp speed configuration

We offer almost instant configuration changes. If a user adds a DNS record it should be globally resolvable in seconds. If a user enables a CloudFlare WAF rule it should happen very, very fast to protect a site. This presents a challenge because those configuration changes need to be pushed across the globe very quickly.

We've written in the past about the underlying technology we use: Kyoto Tycoon and how we secured it from eavesdroppers. We also monitor its performance.

DNS records are currently changing at a rate of around 40 per second, 24 hours a day. All those changes need to be propagated in seconds.

So we take propagation times Continue reading

Check 10Gb Interfaces On An ASA

I recently had to deploy and ASA pair. One of the pre-requisites is to make sure there’s an optic in the interface we’re going to use. On a switch you have the following options:

#show int te5/4 transceiver
Transceiver monitoring is disabled for all interfaces.

ITU Channel not available (Wavelength not available),
Transceiver is internally calibrated.
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).

Optical Optical
Temperature Voltage Current Tx Power Rx Power
Port (Celsius) (Volts) (mA) (dBm) (dBm)
---------- ----------- ------- -------- -------- --------
Te5/4 27.0 0.00 7.6 -- -2.2 -2.7


Or

#show int tenGigabitEthernet 5/4 capabilities
TenGigabitEthernet5/4
Model: VS-S720-10G
Type: 10Gbase-SR
Speed: 10000
Duplex: full
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on),tx-(off,on)
Membership: static
Fast Start: yes
QOS scheduling: rx-(8q4t), tx-(1p7q4t)
QOS queueing mode: rx-(cos,dscp), tx-(cos,dscp)
CoS rewrite: yes
ToS rewrite: yes
Inline power: no
Inline power policing: no
SPAN: source/destination
UDLD yes
Link Debounce: yes
Link Debounce Time: yes
Ports-in-ASIC (Sub-port ASIC) Continue reading

Cisco leaves key to all its Unified CDM systems under doormat

Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote attackers.The Cisco Unified CDM is part of the Cisco Hosted Collaboration System and provides automation and administrative functions for the Cisco Unified Communications Manager, Cisco Unity Connection, Cisco Jabber applications, associated phones and software clients.The privileged account is created when Unified CDM is first installed and cannot be changed or removed without affecting the system’s functionality—although exactly how, Cisco didn’t say in its security advisory. The only solution, the company said, is to install the patches it released.To read this article in full or to leave a comment, please click here

Video: ISP IPv6 Transition Strategies

The responses of Internet Service Providers (ISPs) to lack of IPv4 address space range from outright denial (sometimes coupled with reassuringly-expensive large-scale carrier-grade NAT) to all-in IPv6-only designs using 464XLAT for residual IPv4 connectivity.

To understand the implications of these extremes and a few data points between them, watch the ISP IPv6 Transition Strategies video from Enterprise IPv6 – the First Steps webinar.

Watch the video

Samsung faces lawsuit in China over bloatware on phones

A consumer protection group in China is suing Samsung Electronics and a Chinese vendor for placing too many preinstalled apps on phones, and is demanding that the whole smartphone industry eschew bloatware.On Thursday, the Shanghai Consumer Council said it filed public interest lawsuits against Samsung and Oppo for not only placing so much bloatware on their phones, but also making it impossible for the user to easily remove the apps.The consumer protection group has been receiving a growing number of complaints, and found that these preinstalled apps can take up a phone’s storage or download data without the user’s knowledge. In response, the group has filed the lawsuits in a Shanghai court, as a way to discourage smartphone vendors from weighing their products down with pre-installed software.To read this article in full or to leave a comment, please click here

Reddit sections go dark after exit of staffer

The exit of a key Reddit staffer, who apparently played an important role in the bustling AMA (Ask Me Anything) question-and-answer section, has created an uproar on the online discussion website.Many large communities, or subreddits in the parlance of the site, have been set to private, allowing only moderators or approved submitters to view the contents.Anger over the exit of Victoria Taylor, Reddit’s communications director, who assisted in AMAs with a variety of celebrities and other top personalities, appears to have mushroomed into a controversy over a lack of consultation between Reddit administrators and its volunteer moderators.To read this article in full or to leave a comment, please click here

Microsoft buries hatchet with Kyocera, ending litigation

Microsoft and Kyocera have put an end to a patent spat that began earlier this year by expanding a patent cross-licensing deal between them.In a tersely worded, four-sentence press release Thursday, the companies said the licensing deal would enable them to use “a broader range of each other’s technologies in their respective products.” Beyond that, the terms were not disclosed.It’s another win for Microsoft’s ongoing practice of seeking patent licenses from Android manufacturers. Earlier this year, the company sued Kyocera because of components that are part of Android that Microsoft says infringe on its patents. Licensing patents related to Android is a big business for the company, which revealed last year that Samsung paid more than $1 billion from July 2012 to June 2013 as part of a patent licensing deal.To read this article in full or to leave a comment, please click here

Plex hacker demands Bitcoin ransom for return of data

Video streaming service Plex has reset user passwords after it was breached by a hacker who threatened to release stolen data unless he’s paid a ransom.The company found out on Wednesday that a server hosting its forum and blog had been compromised, Chris Curtis, a Plex support engineer, said in a blog post.Information including IP addresses, email addresses, private forum messages and encrypted passwords were exposed.Someone going by the nickname “Savata” claimed responsibility for the breach and threatened to release the data on torrent networks if a ransom wasn’t paid in bitcoins.To read this article in full or to leave a comment, please click here

Supreme Court justices hold stock in tech vendors, other firms

Two U.S. Supreme Court justices owned stock in tech vendors or other companies that filed briefs in cases under review by the high court in the past year, a watchdog group said Thursday.The justices’ ownership of stock in three companies that filed amicus, or friend of the court, briefs in Supreme Court cases during the past year represent a “minefield of potential conflicts of interest and ethical problems” that could damage the court’s reputation, said Fix the Court, a group advocating for more transparency at the court.Chief Justice John Roberts owned up to US $750,000 in shares of Time Warner and its subsidiaries at the time the media giant filed a brief in ABC v. Aereo, which broadcasters won 6-3 last June, with Roberts in the majority. Aereo was a start-up offering TV service to subscribers through specialized antenna farms.To read this article in full or to leave a comment, please click here

PlexxiPulse—Happy 4th of July!

Wishing you a safe and happy Fourth of July from the entire team here at Plexxi. Enjoy the celebrations this weekend!

FlagImage

Below please find a few of our top picks for our favorite news articles of the week.

Network Computing: Why Hardware Still Counts In Networking
By Ethan Banks
As a host of the networking podcast Packet Pushers, I receive lots of interesting e-mail. Listeners tell us how we’re doing, share their knowledge, and voice opinions. One opinion that’s come up lately I will describe as an aversion to hardware. In the minds of some, software is king; code is a networking cure-all that will take us into the future. Chris Wahl, a fellow writer and engineer, told me he’s also heard this anti-hardware sentiment. “Did the bad ASIC hurt you?” he joked, as we tried to understand the software bias.

Network World: Can Converged Infrastructure Help IT Get Its Mojo Back?
By Colm Keegan
In “Star Wars Episode V, The Empire Strikes Back,” Yoda implores an impetuous Luke Skywalker to “unlearn what you have learned.” IT administrators who wish to stay relevant in a shadow IT universe, may want to heed the words of the legendary Jedi Continue reading

Sprint drops 600 Kbps video-streaming limit after outcry

Sprint this week quickly reversed plans to impose a 600 Kbps limit on streaming video as part of a promotion called "All-In" that charges $80 a month for unlimited talk, text and high-speed data.The All-In plan, announced Tuesday, ironically was intended to "end consumer confusion & frustration," according to a press release.But the 600 Kbps video stream cap, originally contained in a footnote about the plan, incited widespread frustration and anger on social media sites and elsewhere.MORE: 10 mobile startups to watch The 600 Kbps limitation was interpreted by Roger Entner, an analyst at Recon Analytics, as a violation of Title II net neutrality rules, which Sprint had supported before the Federal Communications Commission. "To throttle video is such a clearcut violation of Title II," he said.To read this article in full or to leave a comment, please click here

Sprint drops 600 Kbps video-streaming limit after outcry

Sprint this week quickly reversed plans to impose a 600 Kbps limit on streaming video as part of a promotion called "All-In" that charges $80 a month for unlimited talk, text and high-speed data.The All-In plan, announced Tuesday, ironically was intended to "end consumer confusion & frustration," according to a press release.But the 600 Kbps video stream cap, originally contained in a footnote about the plan, incited widespread frustration and anger on social media sites and elsewhere.MORE: 10 mobile startups to watch The 600 Kbps limitation was interpreted by Roger Entner, an analyst at Recon Analytics, as a violation of Title II net neutrality rules, which Sprint had supported before the Federal Communications Commission. "To throttle video is such a clearcut violation of Title II," he said.To read this article in full or to leave a comment, please click here

Some notes when ordering Google’s Project Fi

I just ordered my "Project Fi" phone. You probably should, too. Here are some notes (especially near the bottom on getting a new phone number).

Project Fi is Google's MVNO. An "MVNO" is a virtual mobile phone company -- they don't have any of their own network backbone or cell towers, but just rent them from the real mobile phone companies (like AT&T or T-Mobile). Most mobile phone companies are actually MVNOs, because building a physical network is expensive.

What makes Google's MVNO interesting:
  • Straightforward pricing. It's $20 a month for unlimited calling/texting, plus $10 per gigabyte of data used during the month. It includes tethering.
  • No roaming charges, in 120 countries. I can fly to Japan, Australia, and France, and still use email, Google maps, texting -- for no extra charge.
The pricing is similar to other phone companies, a little less or a little more depending on exactly what you want. For around 3 gigs a month, Project Fi is cheaper than AT&T, but for 30 gigs, it's more expensive.

There are more and more MVNOs providing easy international roaming (like Ultra.me), and your own phone company is increasingly solving the problem. T-Mobile, for example, Continue reading

VLAN Trunking with Mikrotik RouterOS

In this post, I’m going to show you how to configure VLAN trunking with Mikrotik RouterOS, and along the way provide a brief introduction to this software and some of the functionality it offers. While it is Linux-based, RouterOS operates quite a bit differently than a lot of the other network operating systems with which I’ve worked, and so I hope that this post will help ease the learning curve a bit for others who decide to take the same path.

Background

First, let me provide a quick bit of background. I found myself in need of a switch that was both Layer 2/3 capable with both 10/100/1000Mbps ports as well as 10Gbps SFP+ ports. Of course, this was for my home lab, so budget is a concern. I cast out a quick call on Twitter, asking for some recommendations, and a few folks recommended I have a look at RouterBoard/Mikrotik; specifically, the CRS-24G-2S+IN (see here for more details). The specs looked good, the price was reasonable, and several folks expressed their satisfaction with the product, so I bought one.

Upon receiving it, I found myself trying to unravel RouterOS (their Linux-based operating system). Their wiki is fairly helpful, but Continue reading

1 3,419 3,420 3,421 3,422 3,423 3,850