In today's Kubernetes Unpacked podcast, we explore the concept of a service mesh and why you might want to run one in a Kubernetes cluster. While there are many service meshes to choose from we focus on Linkerd. Linkerd is available under an Apache 2.0 license and hosted by the Cloud Native Computing Foundation (CNCF).
The post Kubernetes Unpacked 019: Understanding Service Meshes And Linkerd appeared first on Packet Pushers.
Today's Day Two Cloud assembles a panel to discuss the challenges of multicloud networking. We're sponsored by Prosimo, and the recording took place live at AWS re:Invent 2022. We discuss how and why an org goes multicloud, cloud networking issues, integrating ZTNA, and more.
The post Day Two Cloud 182: Assembling The Multicloud Networking Puzzle To Operate At Cloud Speed (Sponsored) appeared first on Packet Pushers.
The default pod provisioning mechanism in Kubernetes has a substantial attack surface, making it susceptible to malevolent exploits and container breakouts. To achieve effective runtime security, your containerized workloads in Kubernetes require multi-layer process monitoring within the container.
In this article, I will introduce you to process monitoring and guide you through a Kubernetes-native approach that will help you enforce runtime security controls and detect unauthorized access of host resources.
When you run a containerized workload in Kubernetes, several layers should be taken into account when you begin monitoring the process within a container. This includes container process logs and artifacts, Kubernetes and cloud infrastructure artifacts, filesystem access, network connections, system calls required, and kernel permissions (specialized workloads). Your security posture depends on how effectively your solutions can correlate disparate log sources and metadata from these various layers. Without effective workload runtime security in place, your Kubernetes workloads, which have a large attack surface, can easily be exploited by adversaries and face container breakouts.
Before I dive into the details on how to monitor your processes and detect malicious activities within your container platform, let us first take a look at some of Continue reading
In the Designing Active-Active and Disaster Recovery Data Centers I tried to give networking engineers a high-level overview of challenges one might face when designing a highly-available application stack, and used that information to show why the common “solutions” like stretched VLANs make little sense if one cares about application availability (as opposed to auditor report). Some (customer) engineers like that approach; here’s the feedback I received not long ago:
As ever, Ivan cuts to the quick and provides not just the logical basis for a given design, but a wealth of advice, pointers, gotchas stemming from his extensive real-world experience. What is most valuable to me are those “gotchas” and what NOT to do, again, logically explained. You won’t find better material IMHO.
Please note that I’m talking about generic multi-site scenarios. From the high-level connectivity and application architecture perspective there’s not much difference between a multi-site on-premises (or collocation) deployment, a hybrid cloud, or a multicloud deployment.
In the Designing Active-Active and Disaster Recovery Data Centers I tried to give networking engineers a high-level overview of challenges one might face when designing a highly-available application stack, and used that information to show why the common “solutions” like stretched VLANs make little sense if one cares about application availability (as opposed to auditor report). Some (customer) engineers like that approach; here’s the feedback I received not long ago:
As ever, Ivan cuts to the quick and provides not just the logical basis for a given design, but a wealth of advice, pointers, gotchas stemming from his extensive real-world experience. What is most valuable to me are those “gotchas” and what NOT to do, again, logically explained. You won’t find better material IMHO.
Please note that I’m talking about generic multi-site scenarios. From the high-level connectivity and application architecture perspective there’s not much difference between a multi-site on-premises (or collocation) deployment, a hybrid cloud, or a multicloud deployment.
The hyperscalers and cloud builders are the toughest customers in the IT sector, demanding the highest performance at the lowest price and an ever-improving ratio between the two. …
Meta Platforms Spent Over $1 Billion On Arista Networking In 2022 was written by Timothy Prickett Morgan at The Next Platform.
The topic of AI in the networking space has quickly moved from “what if” to “how soon”. Every major networking vendor is leveraging some aspect of...
The post Selector is evolving the way we operate networks appeared first on /overlaid.
One of my readers sent me a question along these lines:
Do I have to have an IBGP session between Customer Edge (CE) routers in a multihomed site if they run EBGP with the upstream provider(s)?
Let’s start with a simple diagram and a refactoring of the question:
One of my readers sent me a question along these lines:
Do I have to have an IBGP session between Customer Edge (CE) routers in a multihomed site if they run EBGP with the upstream provider(s)?
Let’s start with a simple diagram and a refactoring of the question:
Anuta Networks has added an active assurance capability to ATOM, its network automation and orchestration software. Active assurance lets engineers run synthetic tests on demand using software agents. For example, if a service provider wants to test the performance of a link or network segment to see if it’s meeting SLAs, it can run a […]
The post Anuta Networks Adds Synthetic Tests For On-Demand Network Performance Monitoring appeared first on Packet Pushers.