Internet disruptions overview for Q2 2022

Internet disruptions overview for Q2 2022
Internet disruptions overview for Q2 2022

Cloudflare operates in more than 270 cities in over 100 countries, where we interconnect with over 10,000 network providers in order to provide a broad range of services to millions of customers. The breadth of both our network and our customer base provides us with a unique perspective on Internet resilience, enabling us to observe the impact of Internet disruptions. In many cases, these disruptions can be attributed to a physical event, while in other cases, they are due to an intentional government-directed shutdown. In this post, we review selected Internet disruptions observed by Cloudflare during the second quarter of 2022, supported by traffic graphs from Cloudflare Radar and other internal Cloudflare tools, and grouped by associated cause or common geography.

Optic outages

This quarter, we saw the usual complement of damage to both terrestrial and submarine fiber-optic cables, including one that impacted multiple countries across thousands of miles, and another more localized outage that was due to an errant rodent.

Comcast

On April 25, Comcast subscribers in nearly 20 southwestern Florida cities experienced an outage, reportedly due to a fiber cut. The traffic impact of this cut is clearly visible in the graph below, with Cloudflare traffic Continue reading

Making Page Shield malicious code alerts more actionable

Making Page Shield malicious code alerts more actionable
Making Page Shield malicious code alerts more actionable

Last year during CIO week, we announced Page Shield in general availability. Today, we talk about improvements we’ve made to help Page Shield users focus on the highest impact scripts and get more value out of the product. In this post we go over improvements to script status, metadata and categorization.

What is Page Shield?

Page Shield protects website owners and visitors against malicious 3rd party JavaScript. JavaScript can be leveraged in a number of malicious ways: browser-side crypto mining, data exfiltration and malware injection to mention a few.

For example a single hijacked JavaScript can expose millions of user’s credit card details across a range of websites to a malicious actor. The bad actor would scrape details by leveraging a compromised JavaScript library, skimming inputs to a form and exfiltrating this to a 3rd party endpoint under their control.

Today Page Shield partially relies on Content Security Policies (CSP), a browser native framework that can be used to control and gain visibility of which scripts are allowed to load on pages (while also reporting on any violations). We use these violation reports to provide detailed information in the Cloudflare dashboard regarding scripts being loaded by end-user browsers.

Page Shield Continue reading

Modifying Maximum Throughput of Catalyst8000v

The Catalyst8000v is Cisco’s virtual version of the Catalyst 8000 platform. It is the go to platform and a replacement of previous products such as CSR1000v, vEdge cloud, and ISRV. When installing a Catalyst8000v, it comes with a builtin shaper setting the maximum throughput to 10 Mbit/s as can be seen below:

R1#show platform hardware throughput level 
The current throughput level is 10000 kb/s

This is most likely enough to perform labbing but obviously not enough to run production workloads. You may be familiar with Smart Licensing on Cisco. Previously, licensing was enforced and it wasn’t possible to modify throughput without first applying a license to a device. In releases 17.3.2 and later, Cisco started implementing Smart Licensing Using Policy which essentially means that most of the licenses are trust-based and you only have to report your usage. There are exceptions, such as export-controlled licenses like HSEC which is for high speed crypto, anything above 250 Mbit/s of crypto. To modify the maximum throughput of Catalyst8000v, follow these steps:

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#platform hardware throughput level MB ?
  100    Mbps
  1000   Mbps
  10000  Mbps
  15     Mbps
  25     Mbps
  250    Mbps
  2500    Continue reading

Random. How to Choose Your Desktop Operating System for Network Automation Development

Hello my friend,

After writing quite long and complicated previous blogpost about CI/CD with GitHub, I need some therapy to write something light and chill. I decided to choose the setup of the working space for development and utilisation of the network automation and, in general, network design and operations. Though I don’t pretend to be absolutely objective and unbiased, as it is simply not possible, I intend to share some observations I did from my own experience and discussions with our network automation students, which I hope will be interesting for you.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Why Is It Important?

During our Zero-to-Hero Network Automation Trainings, and other trainings as well, we talk a lot about choice of tools to build automation solutions: they shall be fit for purpose and easy to use. However, in addition to that, you should also feel a fun, when you utilise them. It may sound odd, as we are Continue reading

Is Security A Feature Or A Product?

This post originally appeared on the Packet Pushers’ Ignition site on July 9, 2019. Premise: I would be cautious about a vendor who sells security as a product or a critical/primary feature. Security-as-a-product is coming to an end. We need to return to making the things we already have work efficiently. There is only so […]

The post Is Security A Feature Or A Product? appeared first on Packet Pushers.

Saying “Yes” the Right Way

If only I had known how hard it was to say “no” to someone. Based on the response that my post about declining things had gotten I’d say there are a lot of opinions on the subject. Some of them were positive and talked about how hard it is to decline things. Others told me I was stupid because you can’t say no to your boss. I did, however, get a direct message from Paul Lampron (@Networkified) that said I should have a follow up post about saying yes in a responsible manner.

Positively Perfect

The first thing you have to understand about the act of asking something is that we’re not all wired the same way when it comes to saying yes. I realize that article is over a decade old at this point but the ideas in it remain valid, as does this similar one from the Guardian. Depending on your personality or how you were raised you may not have the outcome you were expecting when you ask.

Let me give you a quick personal example. I was raised with a southern style mentality that involves not just coming out and asking for something. You Continue reading

A July 4 technical reading list

A July 4 technical reading list
A July 4 technical reading list

Here’s a short list of recent technical blog posts to give you something to read today.

Internet Explorer, we hardly knew ye

Microsoft has announced the end-of-life for the venerable Internet Explorer browser. Here we take a look at the demise of IE and the rise of the Edge browser. And we investigate how many bots on the Internet continue to impersonate Internet Explorer versions that have long since been replaced.

Live-patching security vulnerabilities inside the Linux kernel with eBPF Linux Security Module

Looking for something with a lot of technical detail? Look no further than this blog about live-patching the Linux kernel using eBPF. Code, Makefiles and more within!

Hertzbleed explained

Feeling mathematical? Or just need a dose of CPU-level antics? Look no further than this deep explainer about how CPU frequency scaling leads to a nasty side channel affecting cryptographic algorithms.

Early Hints update: How Cloudflare, Google, and Shopify are working together to build a faster Internet for everyone

The HTTP standard for Early Hints shows a lot of promise. How much? In this blog post, we dig into data about Early Hints in the real world and show how much faster the web is with it.

Private Continue reading

HPE announces Arm-based Ampere servers

HP Enterprise says it will deliver a series of servers powered by the Arm-based Altra and Altra Max by Ampere, the CPU startup run by former Intel executive Renee James.Ampere, not to be confused with the GPU processor of the same name from Nvidia, has scored some wins with cloud providers, notably Microsoft Azure and Oracle Cloud Infrastructure, but it had yet to land in OEM partner. Until now.Starting in Q3 2022, HPE says it will ship ProLiant RL300 Gen11 servers, available for both outright purchase and for leasing through HPE’s GreenLake consumption model. HPE says this will be the first in a series of HPE ProLiant RL Gen11 servers using 80-core Altra and 128-core Altra Max processors.To read this article in full, please click here

Why it makes sense for Broadcom to buy VMware

Why the heck would a hardware and chip company like Broadcom buy a software company like VMware?Wall Street and industry analysts haven't exactly jumped with joy over the pending deal, after all. Companies sometimes do stupid things; that seems to be the consensus. But with this deal, that may not be the case at all.  Broadcom may be responding to the fundamental shifts in the industry, both in computing and in networking. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

HPE announces Arm-based Ampere servers

HP Enterprise says it will deliver a series of servers powered by the Arm-based Altra and Altra Max by Ampere, the CPU startup run by former Intel executive Renee James.Ampere, not to be confused with the GPU processor of the same name from Nvidia, has scored some wins with cloud providers, notably Microsoft Azure and Oracle Cloud Infrastructure, but it had yet to land in OEM partner. Until now.Starting in Q3 2022, HPE says it will ship ProLiant RL300 Gen11 servers, available for both outright purchase and for leasing through HPE’s GreenLake consumption model. HPE says this will be the first in a series of HPE ProLiant RL Gen11 servers using 80-core Altra and 128-core Altra Max processors.To read this article in full, please click here

Why it makes sense for Broadcom to buy VMware

Why the heck would a hardware and chip company like Broadcom buy a software company like VMware?Wall Street and industry analysts haven't exactly jumped with joy over the pending deal, after all. Companies sometimes do stupid things; that seems to be the consensus. But with this deal, that may not be the case at all.  Broadcom may be responding to the fundamental shifts in the industry, both in computing and in networking. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

Modifying Administrative Distance of Specific BGP Route

In one of the Discords that I’m in there was a user with a complex network consisting of a mix of DMVPN, BGP over MPLS VPN circuits, and SD-WAN. For some prefixes, the path via the private MPLS is preferred, for others, the SD-WAN path. Now, if a prefix is available in two different protocols, BGP vs Overlay Management Protocol (OMP), there is nothing we can do in BGP or OMP to modify which one gets installed into the Routing Information Base (RIB). This is no different than if EIGRP and OSPF were competing to install a prefix into the RIB, the protocol with the lower Administrative Distance (AD) would have its route installed.

The default AD values used on a Cisco device for these protocols are:

  • eBGP – 20
  • iBGP – 200
  • OMP – 251

Based on the AD, OMP will always lose out. It is of course possible to change the AD of BGP, but that would have an effect of all prefixes and we lose the ability to have some prefixes preferred via BGP and others via OMP. I had never changed the AD of a specific BGP prefix before, so I turned to Twitter to see Continue reading

DS620slim tiny home server

In this blogpost, I describe the Synology DS620slim. Mostly these are notes for myself, so when I need to replace something in the future, I can remember how I built the system. It's a "NAS" (network attached storage) server that has six hot-swappable bays for 2.5 inch laptop drives.

That's right, laptop 2.5 inch drives. It makes this a tiny server that you can hold in your hand.

The purpose of a NAS is reliable storage. All disk drives eventually fail. If you stick a USB external drive on your desktop for backups, it'll eventually crash, losing any data on it. A failure is unlikely tomorrow, but a spinning disk will almost certainly fail some time in the next 10 years. If you want to keep things, like photos, for the rest of your life, you need to do something different.

The solution is RAID, an array of redundant disks such that when one fails (or even two), you don't lose any data. You simply buy a new disk to replace the failed one and keep going. With occasional replacements (as failures happen) it can last decades. My older NAS is 10 years old and I've replaced all Continue reading

Weekend Reads 070122


For decades, hopeful techies have been promising a world where absolutely every object you encounter—bandages, bottles, bananas—will have some kind of smarts thanks to supercheap programmable plastic processors.


To be clear, current artificial intelligence systems are decades away from being able to experience feelings and, in fact, may never do so.


The fact that LaMDA in particular has been the center of attention is, frankly, a little quaint. LaMDA is a dialogue agent. The purpose of dialogue agents is to convince you that you are talking with a person.


While it has always seemed absurd that this matter wasn’t addressed before the government extorted huge sums of money from operators for the right to do so, it’s also reasonable to assume the matter is not restricted to the US.


The number of tech layoffs in May alone skyrocketed 780% over the first four months of the year combined, according to outplacement services firm Challenger, Gray & Christmas.


Just before last Christmas, in a first-of-a-kind case, JPMorgan was fined $200M for employees using non-sanctioned applications for communicating about financial strategy.


At the same time, I’ve also noticed what might be called a zero-trust backlash, as it becomes apparent that you can’t Continue reading

Worth Reading: On the Dangers of Cryptocurrencies…

Bruce Schneier wrote an article on the dangers of cryptocurrencies and the uselessness of blockchain, including this gem:

From its inception, this technology has been a solution in search of a problem and has now latched onto concepts such as financial inclusion and data transparency to justify its existence, despite far better solutions to these issues already in use.

Please feel free to tell me how he’s just another individual full of misguided opinions… after all, what does he know about crypto?

Worth Reading: On the Dangers of Cryptocurrencies…

Bruce Schneier wrote an article on the dangers of cryptocurrencies and the uselessness of blockchain, including this gem:

From its inception, this technology has been a solution in search of a problem and has now latched onto concepts such as financial inclusion and data transparency to justify its existence, despite far better solutions to these issues already in use.

Please feel free to tell me how he’s just another individual full of misguided opinions… after all, what does he know about crypto?

Possible Impacts Of Covid-19 On Data Networking

This post originally appeared on the Packet Pushers’ Ignition site on April 22, 2020.   In this post I review what might happen to networking when we return to work. We won’t return to normal, but we will be back at work. To start, here are nine ideas about the pandemic’s impact, divided into two […]

The post Possible Impacts Of Covid-19 On Data Networking appeared first on Packet Pushers.

Micron ships high density SATA-based SSDs for data centers

Micron Technology is bucking the trend of moving to PCI Express-based storage and releasing a new SATA III-based SSD with ultradense memory storage and read optimized for faster data access.The SATA interface has been around since the beginning of the century, but it has progressed much slower than the PCIe interface and with nowhere near the leaps in performance. Among gamers, who are as obsessed with performance as someone doing AI models, PCIe drives are standard issue, and SATA drives are at best used for storage.That’s because SATA III has a throughput of about 550MB/s, while PCIe 4.0 has more than 10 times the throughput.To read this article in full, please click here

Micron ships high density SATA-based SSDs for data centers

Micron Technology is bucking the trend of moving to PCI Express-based storage and releasing a new SATA III-based SSD with ultradense memory storage and read optimized for faster data access.The SATA interface has been around since the beginning of the century, but it has progressed much slower than the PCIe interface and with nowhere near the leaps in performance. Among gamers, who are as obsessed with performance as someone doing AI models, PCIe drives are standard issue, and SATA drives are at best used for storage.That’s because SATA III has a throughput of about 550MB/s, while PCIe 4.0 has more than 10 times the throughput.To read this article in full, please click here

1 454 455 456 457 458 3,819