Automagical Deploys from Docker Hub

I want the speed and other advantages of a static site generator, but with the flexibility of a database-backed CMS.

I want performance, flexibility, and ease of maintenance.

From cars to computers, getting both flexibility and performance all too often requires a carefully weighed set of trade-offs. Generating content for your readers and fans on the web is no exception. On the one hand, techies have recently embraced static site generators such as Jekyll, and for good reason, as these systems provide a lot of advantages (e.g., deploying straight to Github pages, high performance, and ease of keeping your content in version control). However, they are not without their own challenges such as steep learning curves and slow, cumbersome workflows.

On the other hand, flexible, database-backed content management system such as WordPress can be a better choice in some situations. It’s very nice to have the flexibility to allow non-technical people to edit and update content, and for authors to edit online from anywhere without needing a special suite of software and skills. However, CMSs such as WordPress can also be slow, temperamental, and hard to optimize.

Lately, I’ve been trying to find a good balance for my website. Currently, it Continue reading

Building a router with Open vSwitch

As part of my work in OpenDaylight, we are looking at creating a router using Open vSwitch... Why? Well OpenStack requires some limited L3 capabilities and we think that we can handle those in a distributed router.

Building a router with Open vSwitch

As part of my work in OpenDaylight, we are looking at creating a router using Open vSwitch... Why? Well OpenStack requires some limited L3 capabilities and we think that we can handle those in a distributed router.

Test Topology

My test topology looks like this:

We have a host in an external network 172.16.1.0/24, one host in an internal network 10.10.10.0/24 and two hosts in another internal network 10.10.20.0/24.

As such, The hosts in the 10.x.x.x range should be able to speak to each other, but should not be able to speak to external hosts.

The host 10.10.10.2 has a floating IP of 172.16.1.10 and should be reachable on this address from the external 172.16.1.0/24 network. To do this, we'll use DNAT for traffic from 172.16.1.2 -> 172.16.1.10 and SNAT for traffic back from 10.10.10.2 -> 172.16.1.2

If you'd like to recreate this topology you can checkout the OpenDaylight OVSDB project source on GitHub and:

vagrant up mininet
vagrant ssh mininet
cd /vagrant/resources/mininet
sudo mn --custom  Continue reading

Bare Metal Networking, Then and Now…

What a difference a year makes.

Just last year, bare metal networking was viewed as an aspiration for only mega-scale operators. A simple solution to enable any bare metal switch to operate any networking operating system was unavailable.

Original design manufacturers (ODMs) and bare metal networking vendors were relatively unknown entities. Pricing and product availability was obscure or difficult to ascertain. The supply chain for bare metal networking was non-existent. (You can read more about The Modern Networking Supply Chain and the Death of the Multiplier Effect.) Consequently, mega-scale operators deployed solutions, procured directly from ODMs in lots of hundreds to thousands.

Today, bare metal networking is available to the mass market around the world.

The Open Network Install Environment, ONIE, is a fundamental enabler to bare metal networking. ONIE is an Open Compute Project (OCP, pioneered by Facebook) initiative facilitating any network operating system to be installed (or removed) on any ONIE-based switch. Bare metal networking vendors have adopted ONIE en masse, simplifying operations for distributors and resellers with a minimum number of hardware SKUs, in parallel, making the simplified supply chain available to a range of software suppliers. Today, there are approximately 20 ONIE-based platforms in flexible Continue reading

Multicast Rising

Multicast Rising

Multicast hasn’t been a hot topic in networking in recent years, but that may be changing with last week’s announcements by both AT&T and Verizon that they will launch LTE multicast in 2015. Verizon plans to start embedding the technology in phones in the fourth quarter of this year and commercially launch the service in 2015. AT&T will also begin to roll out multicast capabilities next year. 

According to Verizon CFO Fran Shammo, multicast is “…the pivotal point that starts to change the way content is delivered over a mobile handset which opens up content into the wireless world." 

As Humberto Saabedra explains in an article for PhoneNews.com: “LTE Multicast allows the same content to be sent to a large number of subscribers at the same time, resulting in a more efficient use of network resources than each user requesting the same content and then having the content individually streamed to each user.” 

Currently, organizations use multicast for multimedia distribution, desktop imaging, market trading data distribution, broadcast video, online education, and other purposes where data must be delivered simultaneously to multiple receivers. Packet Continue reading

Do We Need To Redefine Open?

There’s a new term floating around that seems to be confusing people left and right.  It’s something that’s been used to describe a methodology as well as used in marketing left and right.  People are using it and don’t even really know what it means.  And this is the first time that’s happened.  Let’s look at the word “open” and why it has become so confusing.

Talking Beer

For those at home that are familiar with Linux, “open” wasn’t the first term to come to mind.  “Free” is another word that has been used in the past with a multitude of loaded meanings.  The original idea around “free” in relation to the Open Source movement is that the software is freely available.  There are no restrictions on use and the source is always available.  The source code for the Linux kernel can be searched and viewed at any time.

Free describes the fact that the Linux kernel is available for no cost.  That’s great for people that want to try it out.  It’s not so great for companies that want to try and build a business around it, yet Red Hat has managed to do just that.  How can they Continue reading

A History of Load Balancing

A visual representation of the company and, to a lesser extent, product history of the load balancing/application delivery field. My usual F5 bias is present but it seems justified considering their long-held market leading position. I’ve been itching to post this for a while but simply couldn’t stop changing the formatting. I can’t say I’m […]

Author information

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

TwitterLinkedIn

The post A History of Load Balancing appeared first on Packet Pushers Podcast and was written by Steven Iveson.

DIY Web Server: Raspberry Pi + CloudFlare

The Raspberry Pi was created with a simple mission in mind: change the way people interact with computers. This inexpensive, credit card-sized machine is encouraging people, especially kids, to start playing with computers, not on them.

When the first computers came out, basic programming skills were necessary. This was the age of the Amigas, BBC Micros, the Spectrum ZX, and Commodore 64s. The generation that grew up with these machines gained a fundamental understanding how how computers work.

Computers today are easy to use and require zero understanding of programming to operate. They’re also expensive, and wrapped in sleek cases. While aesthetically pleasing designs and user friendly interfaces make computers appealing and accessible to everyone, these advances create a barrier to understanding how computers work and what they are capable of doing. This isn’t necessarily a problem, but for those who really understand computers, it seems that our collective sense of the power of computing has been dulled.

Raspberry Pi marks the beginning of a conscious effort to return to computing fundamentals. Starting at about $25—case not included—it’s purposely designed to remove barriers to tinkering, reprograming, and, ultimately, to understanding how computers work. This return to fundamentals is rejuvenating the Continue reading

Revisited: Layer-2 DCI over VXLAN

I’m still getting questions about layer-2 data center interconnect; it seems this particular bad idea isn’t going away any time soon. In the face of that sad reality, let’s revisit what I wrote about layer-2 DCI over VXLAN.

VXLAN hasn’t changed much since the time I explained why it’s not the right technology for long-distance VLANs.

CloudFlare hiring Go programmers in London and San Francisco

Are you familiar with the Go programming language and looking for a job in San Francisco or London? Then think about applying to CloudFlare. We're looking for people with experience writing Go in both locations.

CC BY-SA 2.0 by Yuko Honda (cropped, resized)

CloudFlare uses Go extensively to build our service and we need to people to build and maintain those systems. We've written a complete DNS server in Go, our Railgun service is all Go and we're moving more and more systems to Go programs.

We've recently written about our open source Red October Go project for securing secrets, and open-sourced our CFSSL Go-based PKI package. Go is now making its way into our data pipeline and be used for processing huge amounts of data.

We even have a Go-specific section on our GitHub.

If you're interested in working in Go on a high-performance global network like CloudFlare, send us an email.

Not into Go? We're hiring for all sorts of other positions and technologies.

Building a router with Open vSwitch

As part of my work in OpenDaylight, we are looking at creating a router using Open vSwitch... Why? Well OpenStack requires some limited L3 capabilities and we think that we can handle those in a distributed router.

The Khan Academy of Hyperscale Open Infrastructure

Blame the System For Resisting Change – Not The People

I often hear vendors and pundits proclaim that Enterprise is resisting change. In particular, they say that individuals in Enterprises can't see the change or won't discuss buying new technology. I see these objections as failure of the current system and much less due to the people.

The post Blame the System For Resisting Change – Not The People appeared first on EtherealMind.

Tinfoil Security vulnerability scanning now easy in CloudFlare Apps

We’re pleased to introduce a new CloudFlare App: Tinfoil Security. Tinfoil Security is a service designed to find possible web application vulnerabilities.

Security is central to CloudFlare's service. Our security features operate at the network level to identify and block malicious traffic from ever reaching your website or application. However, even with that protection in place, it’s still worth fixing problems at the application layer as well.

Tinfoil Security helps website owners learn about possible vulnerabilities in their applications by scanning for vulnerabilities, tests all access points, and providing step-by-step introductions on eliminating threats if found.

Their developer-focused reports can be tied into continuous integration lifecycle with API hooks for kicking off new scans after changes are made.

Tinfoil offers several price points, including a free plan that checks for XSS (Cross-Site Scripting) concerns. The Tinfoil app is a quick and easy addition to your CloudFlare service. Take a look!

Common Network Design Concepts Part-1

There are design tools which we should consider for every design. LAN, WAN and the data center where these common design tolls and attributes should be considered. Many of the principles in this article series might be fit not only for the network part of the design  but also compute, virtualization and storage technologies also […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Common Network Design Concepts Part-1 appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

Do you really need to see all 512K Internet routes?

Last week the global routing table (as seen from some perspectives) supposedly exceeded 512K routes, and weird things started to happen to some people that are using old platforms that by default support 512K IPv4 routes in the switching hardware.

I’m still wondering whether the BGP table size was the root cause of the observed outages. Cisco’s documentation (at least this document) is pretty sloppy when it comes to the fact that usually 1K = 1024, not 1000 – I’d expect the hard limit to be @ 524.288 routes … but then maybe Cisco’s hardware works with decimal arithmetic.

Show 201 – Internet Dies at 512K, Long Live the Internet

The Internet has Died at 512K routes. Ethan & Greg discuss some news and events of the last few weeks and nod nerdishly while noodling about nothing. Yeah, it's a nerd chat show this week.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Show 201 – Internet Dies at 512K, Long Live the Internet appeared first on Packet Pushers Podcast and was written by Greg Ferro.

FC vs FCoE

Using the OSPF Forwarding Address for traffic-steering

In this fairly short post, id like to address a topic that came up on IRC (#cciestudy @ freenode.net). Its about how you select a route thats being redistributed into an OSPF NSSA area and comes into the OSPF backbone area 0.

For my post i will be using the very simple topology below. Nothing else is necessary to illustrate what is going on.

First off, id like to clarify a few things about what takes place when redistributing routes into an NSSA area.

What happens is that you have an external network, 4.4.4.4/32 in our example. This is _not_ part of the current area 1. When this network is being redistributed into area 1, its forwarding address will be set to the highest active interface of the redistributing router in the area (R4 in our case). The highest interface in the area local to the router is Loopback100 with an address of 44.44.44.44/32.

*A reader noted that a loopback address will beat a physical interface even if it has a lower address. This is true and goes for OSPF in general. Thanks!

Lets verify the configuration on R4 and the result of Continue reading

Optimized Roaming, RSSI Low Check, RX-SOP, Oh My!

Optimized Roaming