Weekend Reads 100722


Meta Platforms Inc. Chief Executive Officer Mark Zuckerberg outlined sweeping plans to reorganize teams and reduce headcount for the first time ever, calling an end to an era of rapid growth at the social media giant.


A food delivery drone operated by Alphabet subsidiary Wing landed on overhead power lines in Brisbane, Australia, and caught fire. As a result, the network was shut down by energy firm Energex to respond to the incident, leaving thousands without power.


If you know about DNS, you’ve probably heard of the Time-to-Live (TTL) field. But mistakes with TTL are more common than you might think. Here we look at the quirks of DNS record sets, parent/child domains and how to avoid TTL problems.


While some have given up on Moore’s Law, Intel CEO Pat Gelsinger clearly hasn’t. “For decades now, I’ve been in the debate: is Moore’s Law dead? And the answer is no,” he said, during his keynote at the Intel Innovation event this week.


In this post, we will demonstrate how malicious actors can force UDP DNS answers to fragment so they can inject forged DNS data into DNS resolver caches and highlight what percentage of servers are at risk.


We identify Continue reading

Worth Reading: VXLAN Drops Large Packets

Ian Nightingale published an interesting story of connectivity problems he had in a VXLAN-based campus network. TL&DR: it’s always the MTU (unless it’s DNS or BGP).

The really fun part: even though large L2 segments might have magical properties (according to vendor fluff), there’s no host-to-network communication in transparent bridging, so there’s absolutely no way that the ingress VTEP could tell the host that the packet is too big. In a layer-3 network you have at least a fighting chance…

For more details, watch the Switching, Routing and Bridging part of How Networks Really Work webinar (most of it available with Free Subscription).

Worth Reading: VXLAN Drops Large Packets

Ian Nightingale published an interesting story of connectivity problems he had in a VXLAN-based campus network. TL&DR: it’s always the MTU (unless it’s DNS or BGP).

The really fun part: even though large L2 segments might have magical properties (according to vendor fluff), there’s no host-to-network communication in transparent bridging, so there’s absolutely no way that the ingress VTEP could tell the host that the packet is too big. In a layer-3 network you have at least a fighting chance…

For more details, watch the Switching, Routing and Bridging part of How Networks Really Work webinar (most of it available with Free Subscription).

Heavy Networking 650: Whether And How To Adopt Whitebox Switches

On today’s Heavy Networking podcast, Kevin Myers joins us for a whitebox conversation. Kevin helps Internet Service Providers build their networks, and has noticed increased adoption of whitebox switches. Why? Are the problems whitebox solves for these ISPs the same you might have at your company? Should you consider whitebox instead of Cisco, Juniper, or Arista? Maybe…and maybe not.

Heavy Networking 650: Whether And How To Adopt Whitebox Switches

On today’s Heavy Networking podcast, Kevin Myers joins us for a whitebox conversation. Kevin helps Internet Service Providers build their networks, and has noticed increased adoption of whitebox switches. Why? Are the problems whitebox solves for these ISPs the same you might have at your company? Should you consider whitebox instead of Cisco, Juniper, or Arista? Maybe…and maybe not.

The post Heavy Networking 650: Whether And How To Adopt Whitebox Switches appeared first on Packet Pushers.

Intel details FPGA roadmap

Seven years after its $16.7 billion acquisition of FPGA maker Altera, Intel is expanding the technology it gained into new areas.While the primary use for an FPGA processor has been for smartNICs that offload tasks from server CPUs, Intel is now looking to broaden its application from the data center to remote, edge computing, and embedded systems.It’s not as if the Altera processors languished over the last several years, however. One major change is manufacturing. When Intel purchased Altera, its chips were made by TSMC. Now they are made by Intel, so hopefully that’s one less supply-chain headache to worry about.To read this article in full, please click here

Intel details FPGA roadmap

Seven years after its $16.7 billion acquisition of FPGA maker Altera, Intel is expanding the technology it gained into new areas.While the primary use for an FPGA processor has been for smartNICs that offload tasks from server CPUs, Intel is now looking to broaden its application from the data center to remote, edge computing, and embedded systems.It’s not as if the Altera processors languished over the last several years, however. One major change is manufacturing. When Intel purchased Altera, its chips were made by TSMC. Now they are made by Intel, so hopefully that’s one less supply-chain headache to worry about.To read this article in full, please click here

Announcing: A Completely New and Updated Version of Explain the Cloud Like I’m 10

I've been working hard on a completely updated version of Explain the Cloud Like I'm 10 and I'm happy to announce it's ready!

You can buy version 2.0 at: https://www.amazon.com/Explain-Cloud-Like-Im-10-ebook/dp/B0765C4SNR.

 

If you've already bought, Explain the Cloud Like I'm 10, then you should just be able to update to the new version for free.

What's new? This version has about 2x the material. I go in-depth on:

  • The major cloud providers and all the different platforms for deploying workloads.
  • How to decide between cloud providers.
  • How to switch to the cloud.
  • How to decide if you should switch to the cloud.
  • Cloud economics and how to save money in the cloud.
  • How you can learn more and take your cloud adventure to the next step.
  • And lots more. So much more. 

In version 1 of the book, I didn't cover cloud providers in any detail. Almost all the new content is platform related, so that's fixed. And I say platform rather than cloud provider on purpose.

The biggest change in the book is it is now oriented around the "cloud model" as the ultimate goal for software development, deployment, and use, not just the Continue reading

Cloudflare Pages gets even faster with Early Hints

Cloudflare Pages gets even faster with Early Hints
Cloudflare Pages gets even faster with Early Hints

Last year, we demonstrated what we meant by “lightning fast”, showing Pages' first-class performance in all parts of the world, and today, we’re thrilled to announce an integration that takes this commitment to speed even further – introducing Pages support for Early Hints! Early Hints allow you to unblock the loading of page critical resources, ahead of any slow-to-deliver HTML pages. Early Hints can be used to improve the loading experience for your visitors by significantly reducing key performance metrics such as the largest contentful paint (LCP).

What is Early Hints?

Early Hints is a new feature of the Internet which is supported in Chrome since version 103, and that Cloudflare made generally available for websites using our network. Early Hints supersedes Server Push as a mechanism to "hint" to a browser about critical resources on your page (e.g. fonts, CSS, and above-the-fold images). The browser can immediately start loading these resources before waiting for a full HTML response. This uses time that was otherwise previously wasted! Before Early Hints, no work could be started until the browser received the first byte of the response. Now, the browser can fill this time usefully when it was previously sat Continue reading

Parsing Text using TTP

Parsing Text using TTP

Before we dive into TTP (Template Text Parser), let us first address why we need a text scraping tool in the modern world of APIs and structured data. Here is my opinion:

  1. Many organisations still use legacy devices that do not have APIs or structured data formats embedded in their CLI.
  2. Network devices are still evolving and not all devices have APIs that are easy to work with.
  3. There is more information in the output of a command than what is available through the API.
  4. Network Engineers are used to working with CLI and screen scraping is a natural extension of this workflow.
  5. Sometimes you just need to get some data quickly and writing a full-fledged API client is not worth the effort.

You would be surprised to know that many commercial tools that do network observability use screen scraping under the hood. So, it is not a bad idea to learn how to do it yourself.

What are our options?

From a network engineer's perspective, there are two popular tools that can be used for screen scraping:

  1. TextFSM - TextFSM is a mature tool that has been around for a long time with huge community support and a large Continue reading

Walking the Policy Tightrope

In policy work nothing is ever truly simply black and white. The means to achieve one outcome may well act to impair the work to achieve different outcomes, and the resultant effort often requires some difficult decisions to balance what appears to be some fundamental tensions between various policy objectives. Even a topic like online safety, which should be very straightforward, has some challenges.

Streamlining the User Experience for Accessing AKS Clusters

Lately I’ve been spending a little bit of time building Pulumi programs to assist with standing up Azure Kubernetes Service (AKS) clusters. I’ve learned a pretty fair amount about Azure and AKS along the way, as expected, but I was taken aback by the poor user experience (in my opinion) when it came to accessing the AKS clusters once they’d been established. In this post, I’ll share a small tweak you can make that will, in most cases, make accessing your AKS clusters a great deal smoother.

What do I mean by “poor user experience”? In the same vein as comparable offerings from AWS (EKS) and Google Cloud (GKE), AKS leverages Azure’s identity and access management (IAM) functionality, so that users have a single place to manage user and group entities. This makes perfect sense! What doesn’t make sense to me, though, is the requirement that users must perform a separate login process to gain access to the cluster, even if the user is already authenticated via the Azure CLI. This is very counter to both EKS and GKE, where—if you are already authenticated via their CLI tools—no additional steps are necessary to access appropriately-configured managed Kubernetes clusters on their Continue reading

Kyndryl, Microsoft tie mainframe to Azure cloud resources

Kyndryl and Microsoft have extended their existing partnership to include mainframe connectivity to cloud applications and workloads.The extension ties together Kyndryl’s zCloud mainframe service with Microsoft’s Power Platform, a low-code application and workflow-automation package that brings access to cloud services including  Microsoft Azure, Office 365 and Teams.The aim is making it easier for organizations to access and integrate mainframe-based data with cloud-based resources and combine that data with other information to build new applications.Available now, the service is a way to access decades of data sitting on  mainframes, said Harish Grama, Kyndryl’s global practice leader for cloud. “The idea is to unleash data sitting on the mainframe, mine it, modernize it, and write new business applications on it," he said. "That data shouldn’t be trapped in legacy backends.”To read this article in full, please click here

Total TLS: one-click TLS for every hostname you have

Total TLS: one-click TLS for every hostname you have
Total TLS: one-click TLS for every hostname you have

Today, we’re excited to announce Total TLS — a one-click feature that will issue individual TLS certificates for every subdomain in our customer’s domains.

By default, all Cloudflare customers get a free, TLS certificate that covers the apex and wildcard (example.com, *.example.com) of their domain. Now, with Total TLS, customers can get additional coverage for all of their subdomains with just one-click! Once enabled, customers will no longer have to worry about insecure connection errors to subdomains not covered by their default TLS certificate because Total TLS will keep all the traffic bound to the subdomains encrypted.

A primer on Cloudflare’s TLS certificate offerings

Universal SSL — the “easy” option

In 2014, we announced Universal SSL — a free TLS certificate for every Cloudflare customer. Universal SSL was built to be a simple “one-size-fits-all” solution. For customers that use Cloudflare as their authoritative DNS provider, this certificate covers the apex and a wildcard e.g. example.com and *.example.com. While a Universal SSL certificate provides sufficient coverage for most, some customers have deeper subdomains like a.b.example.com for which they’d like TLS coverage. For those customers, we built Advanced Certificate Manager — a Continue reading

1 387 388 389 390 391 3,805