What’s new in Calico Enterprise 3.16: Egress gateway on AKS, Service Graph optimizations, and more!

We are excited to announce the early preview of Calico Enterprise 3.16. This latest release extends the active security platform’s support for egress access controls, improves the usability of network-based threat defense features, and scales visualization of Kubernetes workloads to 100s of namespaces. Let’s go through some of the highlights of this release.

Egress gateways for Microsoft Azure and AKS

Egress gateways allow you to identify the source of traffic at the namespace or pod level when it leaves a Kubernetes cluster to communicate to external resources. This makes it highly beneficial for security teams to apply access controls to specific traffic instead of opening up a larger set of IP addresses. Calico Enterprise 3.16 has added egress gateway support for Microsoft Azure and AKS in addition to our support for AWS and EKS. Check out our documentation, Configure egress gateways, Azure, to learn more.

Operator-managed deployments of egress gateways

Calico Enterprise now includes operator-managed deployments of egress gateways. This reduces operational overhead and eliminates additional steps required during software upgrades. With the Tigera Operator, egress gateways will always be automatically upgraded.

UI for workload-based web application firewalls (WAF)

Calico Enterprise’s unique workload-centric web application Continue reading

How Rust and Wasm power Cloudflare’s 1.1.1.1

How Rust and Wasm power Cloudflare's 1.1.1.1
How Rust and Wasm power Cloudflare's 1.1.1.1

On April 1, 2018, Cloudflare announced the 1.1.1.1 public DNS resolver. Over the years, we added the debug page for troubleshooting, global cache purge, 0 TTL for zones on Cloudflare, Upstream TLS, and 1.1.1.1 for families to the platform. In this post, we would like to share some behind the scenes details and changes.

When the project started, Knot Resolver was chosen as the DNS resolver. We started building a whole system on top of it, so that it could fit Cloudflare's use case. Having a battle tested DNS recursive resolver, as well as a DNSSEC validator, was fantastic because we could spend our energy elsewhere, instead of worrying about the DNS protocol implementation.

Knot Resolver is quite flexible in terms of its Lua-based plugin system. It allowed us to quickly extend the core functionality to support various product features, like DoH/DoT, logging, BPF-based attack mitigation, cache sharing, and iteration logic override. As the traffic grew, we reached certain limitations.

Lessons we learned

Before going any deeper, let’s first have a bird’s-eye view of a simplified Cloudflare data center setup, which could help us understand what we are going to talk Continue reading

How Secure Is Your API Gateway?

Quick, how many APIs does your organization use? We’re talking for internal products, for external services and even for infrastructure management such as Amazon’s S3 object storage or Kubernetes. If you don’t know the answer, you are hardly alone. In survey after survey, CIOs and CISOs admit they don’t have an accurate catalog of all their APIs. Yet statistics shared by Mark O’Neill, chief of research for software engineering at Gartner, in 2022: 98% of organizations use or are planning to use internal APIs, up from 88% in 2019 94% of organizations use or are planning to use public APIs provided by third parties, up from 52% in 2019 90% of organizations use or are planning to use private APIs provided by partners, up from 68% in 2019 80% of organizations provide or are planning to provide publicly exposed APIs, up from 46% in 2019 API Gateways Remain Critical Infrastructure Components To deal with this rapid growth and the management and security challenges it creates, CIOs,

Alternatives to IBGP within Multihomed Sites

Two weeks ago I explained why you might want to run IBGP between CE-routers on a multihomed site. One of the blog readers didn’t like my ideas:

In such a small deployment I assume that both ISPs offer transit, so that both CEs would get a default route from their upstream.

In this case I would not iBGP the CEs together but have HSRP running on the two CEs and track the uplink (interface and/of BGP session) to determine the active gateway.

Let’s see what could possibly go wrong with that design.

Read more …

Alternatives to IBGP within Multihomed Sites

Two weeks ago I explained why you might want to run IBGP between CE-routers on a multihomed site. One of the blog readers didn’t like my ideas:

In such a small deployment I assume that both ISPs offer transit, so that both CEs would get a default route from their upstream.

In this case I would not iBGP the CEs together but have HSRP running on the two CEs and track the uplink (interface and/of BGP session) to determine the active gateway.

Let’s see what could possibly go wrong with that design.

Read more …

Tech Bytes: ThousandEyes Enhances Data Correlation With OpenTelemetry (Sponsored)

Today on the Tech Bytes podcast we’re talking about OpenTelemetry with sponsor Cisco ThousandEyes. OpenTelemetry is an open collection of tools, APIs, and SDKs to help share telemetry data among different monitoring and analysis platforms to improve data correlation and visibility. ThousandEyes, the first network visibility platform to support OpenTelemetry, joins the podcast to discuss how it works, use cases, and more.

Tech Bytes: ThousandEyes Enhances Data Correlation With OpenTelemetry (Sponsored)

Today on the Tech Bytes podcast we’re talking about OpenTelemetry with sponsor Cisco ThousandEyes. OpenTelemetry is an open collection of tools, APIs, and SDKs to help share telemetry data among different monitoring and analysis platforms to improve data correlation and visibility. ThousandEyes, the first network visibility platform to support OpenTelemetry, joins the podcast to discuss how it works, use cases, and more.

The post Tech Bytes: ThousandEyes Enhances Data Correlation With OpenTelemetry (Sponsored) appeared first on Packet Pushers.

Why Do YOU Have To Do It?

One of the things that I’ve seen as a common thread among people in the industry as of late is the subject of burnout. Sure, burnout is a common topic no matter what year we’re in but a lot more of what I’m starting to hear about is self-inflicted burnout. Taking on too many projects, doing more than one job, and even having too many things going on outside of your specific role are all contributors to burnout. How can we keep that from happening?

Atlas and His Burden

For me, one of the biggest reasons why I find myself swimming in frustration is because I am very quick to volunteer to do things. In part it’s because I want to make sure the job is done correctly. In another part it’s because I want to be seen as someone that is always willing to get things done. Add in a dash of people pleasing and you can see how this spirals out of control. I’m sure you’ve even heard that as a career advice at some point. I’ve even railed against it many times on this blog.

How can you overcome the impulse to want to volunteer to do Continue reading

Wi-Fi HaLow: Wireless for the internet of things

Wi-Fi HaLow, the marketing term the Wi-Fi Alliance has chosen for the IEEE 802.11ah standard, is a long- range, low-power, low-speed version of traditional Wi-Fi. It shows promise with deployment of Internet of Things (IoT) devices such as sensors, wearables, machine-to-machine (M2M) applications, smart buildings, and smart cities.With the ability to connect low-bandwidth devices to IP networks including the internet, it supports enough bandwidth to handle HD-quality video and can even be used for rural communications and offloading cell phone tower traffic.To read this article in full, please click here

Japan Buys Supercomputer Just To Predict Torrential Downpours

You know that climate change is a problem when a supercomputer to do short-term prediction of the formation of linear rainbands and the torrential downpours that they cause is 3.4X as powerful as the machines that do the day-to-day weather forecasting in a country.

Japan Buys Supercomputer Just To Predict Torrential Downpours was written by Timothy Prickett Morgan at The Next Platform.

Cisco, Intel collaborate to build private 5G services

Cisco and Intel have teamed up on private 5G for enterprise and IOT use cases.During the Mobile World Conference (MWC) this week, Cisco also made other 5G announcements including its Meraki 5G cellular gateways for fixed-wireless access and linking up with NTT, NEC, and Qualcomm to offer 5G services.Many enterprises are still kicking the tires on private 5G service, and many will continue to use 4G LTE for a long time, but 5G  is definitely drawing interest, according to Patrick Filkins, research manager, with the IoT and Telecom Network Infrastructure group at IDC. “We expect that by 2026, roughly 80% to 90% of enterprises will have incorporated private 5G as part of their network. Some will benefit from the enhanced mobile-broadband aspect, but many will dig into the advanced features yet to come.”To read this article in full, please click here

Network Break 419: HPE Buys Athonet For Private 5G; Exit Public Cloud, Save Millions?

Is the private 5G market big enough to justify HPE's acquisition of Athonet? Is saving money worth retreating from public cloud? Why are organizations still getting bit by basic cloud misconfigurations? Will an appetite for AI deliver results for Nvidia? We explore these and other questions in the latest Network Break podcast.

The post Network Break 419: HPE Buys Athonet For Private 5G; Exit Public Cloud, Save Millions? appeared first on Packet Pushers.

Maximize your hybrid cloud mastery with the Ansible validated content

Image Source

Image Source

In today's environment, mastering the hybrid cloud has become a key factor in IT transformation and business innovation. In this context, network complexity can be a nightmare, especially as organizations expand their infrastructure and embrace hybrid cloud and multi-cloud strategies. Without automation, monitoring and controlling network routing, infrastructure, and security in a hybrid and multi-cloud environment are difficult to manage. Furthermore, identifying and resolving network performance issues in these infrastructures are quite challenging.

In one of the previous blogs, titled  “Crank up your automation with Ansible validated content”, Nuno Martins highlighted the Ansible validated content included in Red Hat Ansible Automation Platform 2.3.

In this blog post, we will show you how to leverage the amazon.aws_troubleshooting Collection for hybrid cloud to troubleshoot network performance issues and maximize your hybrid cloud mastery. In particular, we’ll use the aws_troubleshooting.connectivity_troubleshooter role.

First, let’s take a look at  the amazon.aws_troubleshooting Collection.

 

Deep dive on cloud.aws_troubleshooting

Let’s take a deep look at  the amazon.aws_troubleshooting Collection. This Collection includes a variety of Ansible Roles to help troubleshoot AWS resources. The Collection includes the following roles:

  • cloud.aws_troubleshooting.troubleshoot_rds_connectivity - A role to troubleshoot RDS Continue reading

3 things network pros need to tell developers about why the network matters

Of the 47 enterprises I chatted with in December, guess how many were NOT users of hybrid cloud. Zero. Guess how many ever used another cloud model. Zero. Guess how many believe they will "move everything to the cloud". Zero. OK, I realize that you may not have read this sort of thing very often or at all, but I think it demonstrates just how important hybrid cloud is and how little we really know about it. That’s bad in that it’s always a bad thing when something critical is hardly understood, but it could be a good thing for network professionals looking to engage again with their company IT planning process.To read this article in full, please click here

1 342 343 344 345 346 3,841