Transit VPC — AWS — Advanced Networking

What is Transit Gateway in AWS used for ?
a. Interconnect One or more VPC's eliminating need for full mesh 
b. customer gateway in only one region
c. Enhanced NAT gateway 
d. Can be used to Connect SD-Wan with VPC's Answer is at the end of the post, feel free to skip it, I just did not want to make a spoiler residing just below the question

The post from transitive routing in AWS had a few different solutions at the end, the one which is most efficient and future-proof would be transit-gateway implementation for inter-VPC communication without needing a full mesh.

https://raaki-88.medium.com/transitive-routing-aws-advanced-networking-984ca492d2d7

We will first explore an example and then come back to some of the concepts

Consider below VPCs, by default, there is no VPC peering and if we want to achieve connectivity we need to do n*(n-1)/2 number of peerings, this will quickly get out of hand as the VPCs increase.

The easiest way to achieve connectivity will be in 3 steps

  1. Create transit gateway
  2. Attach all the VPCs as attachments in the Transit gateway
  3. Most Importantly, create a route in the sub-net table for the destination sub-net via Transit gateway else connectivity will never work.

Continue reading

How the James Webb Telescope’s cosmic pictures impacted the Internet

How the James Webb Telescope's cosmic pictures impacted the Internet
The James Webb Telescope reveals emerging stellar nurseries and individual stars in the Carina Nebula that were previously obscured. Credits: NASA, ESA, CSA, and STScI. Full image here.
“Somewhere, something incredible is waiting to be known.” Carl Sagan
How the James Webb Telescope's cosmic pictures impacted the Internet

In the past few years, space technology and travel have been trending with increased  attention and endeavors (including private ones). In our 2021 Year in Review we showed how NASA and SpaceX flew higher, at least in terms of interest on the Internet.

This week, NASA in collaboration with the European Space Agency (ESA) and the Canadian Space Agency (CSA), released the first images from the James Webb Telescope (JWST) which conducts infrared astronomy to “reveal the unseen universe”.

How the James Webb Telescope's cosmic pictures impacted the Internet
Webb's First Deep Field is the first operational image taken by the James Webb Space Telescope, depicting a galaxy cluster with a distance of 5.12 billion light-years from Earth. Revealed to the public on 11 July 2022. Credits: NASA, ESA, CSA, and STScI. Full image here.

So, let’s dig into something we really like here at Cloudflare, checking how real life and human interest has an impact on the Internet. In terms of general Continue reading

Transitive Routing — AWS — Advanced Networking

Before understanding the way AWS does transitive routing, let us try to wrap our head on transitive property in mathematics

What is Transitive Property?A property is called transitive property, if x, y and z 
are the three quantities, and if x is related to y by some rule, 
and y is related to z by the same rule, then we can say x is related to z by the same rule.

Alright, now let’s look at the following scenario

So Connectivity from VPC3-VPC1 would work just fine, VPC2-VPC1 will also work just fine while VPC2-VPC3/VPC3-VPC2 via VPC1 will never work in AWS, this is the first thing that we should remember.

I see only downsides! — well not everything is lost in this case, there are security benefits as well, large part of it plays a role in IP Address spoofing. Imagine someone is trying to send a packet to your VPC, check to make sure that the instance won’t accept the packet as that is not locally configured and also instance cannot send any of the packets with any source IP as well, that is one of the preliminary reasons why Source and Destination checks are turned off.

Continue reading

Computer-Related Neck Pains? Try an Acupressure Pillow

Do you ever get neck pains after sitting in front of the computer for too long? If so, you’re not alone. According to a recent study, nearly two-thirds of Americans experience some form of neck pain each year. And with the average person spending over eight hours a day staring at a screen, it’s no wonder that so many of us are suffering.

But there is some good news. If you’re looking for a way to relieve your computer-related neck pain, you may want to try an acupressure pillow. Acupressure is an ancient Chinese healing practice that involves applying pressure to specific points on the body. And according to Traditional Chinese Medicine, there are certain points on the neck that can help relieve pain.

The best part about acupressure is that it’s completely safe and there are no side effects. So if you’re looking for a natural way to ease your neck pain, an acupressure pillow may be just what you need. 

Symptoms of Computer-Related Neck Pain

There are a few different symptoms that are associated with computer-related neck pain. If you’re experiencing any of the following, it may be time to try an acupressure pillow:

Neck stiffness

This Continue reading

Ansible For Network Automation Part 5: Ansible Variables And Folder Structures – Video

In this lesson on Ansible and network automation, Josh VanDeraa reviews a common folder structure for use in Ansible and discusses where to define variables in Ansible including: -all.yml -group_vars folder -host_vars folder -importing variables from another file -accessing variables from other devices Josh has created a GitHub repo to store additional material, including links […]

The post Ansible For Network Automation Part 5: Ansible Variables And Folder Structures – Video appeared first on Packet Pushers.

Mantis – the most powerful botnet to date

Mantis - the most powerful botnet to date
Mantis - the most powerful botnet to date

In June 2022, we reported on the largest HTTPS DDoS attack that we’ve ever mitigated — a 26 million request per second attack - the largest attack on record. Our systems automatically detected and mitigated this attack and many more. Since then, we have been tracking this botnet, which we’ve called “Mantis”, and the attacks it has launched against almost a thousand Cloudflare customers.

Cloudflare WAF/CDN customers are protected against HTTP DDoS attacks including Mantis attacks. Please refer to the bottom of this blog for additional guidance on how to best protect your Internet properties against DDoS attacks.

Have you met Mantis?

We named the botnet that launched the 26M rps (requests per second) DDoS attack "Mantis" as it is also like the Mantis shrimp, small but very powerful. Mantis shrimps, also known as “thumb-splitters”, are very small; less than 10 cm in length, but their claws are so powerful that they can generate a shock wave with a force of 1,500 Newtons at speeds of 83 km/h from a standing start. Similarly, the Mantis botnet operates a small fleet of approximately 5,000 bots, but with them can generate a massive force — responsible for the largest Continue reading

8 enterprise storage trends to watch

The data storage industry is experiencing a major transformation driven by multiple factors, including the need for security, speed, efficiency, and lower costs. IT research firm Gartner recently predicted 23-times growth in shipped petabytes through 2030, a trajectory that promises to radically reshape and redefine current data center and IT operations. To stay on top of the storage game, keep a close eye on these eight trends.1. DNA storage DNA, when used as a data storage medium, promises a far higher capacity and more resilient storage environment than traditional storage architecture. DNA storage allows molecular-level data storage, archiving information directly into DNA molecules.To read this article in full, please click here

8 enterprise storage trends to watch

The data storage industry is experiencing a major transformation driven by multiple factors, including the need for security, speed, efficiency, and lower costs. IT research firm Gartner recently predicted 23-times growth in shipped petabytes through 2030, a trajectory that promises to radically reshape and redefine current data center and IT operations. To stay on top of the storage game, keep a close eye on these eight trends.1. DNA storage DNA, when used as a data storage medium, promises a far higher capacity and more resilient storage environment than traditional storage architecture. DNA storage allows molecular-level data storage, archiving information directly into DNA molecules.To read this article in full, please click here

Kubernetes For Network Engineers – Lesson 4: Kubernetes Networking Under The Hood – Video

In this video, host Michael Levan shows the basics of using Weave to enable simple networking within Kubernetes. He also shares how to find instructions to use Cisco ACI and Flannel. Michael Levan brings his background in system administration, software development, and DevOps to this video series. He has Kubernetes experience as both a developer […]

The post Kubernetes For Network Engineers – Lesson 4: Kubernetes Networking Under The Hood – Video appeared first on Packet Pushers.

Hedge 138: The Robustness Principle

Most network engineers take it as a “given” that the robustness principle is the “right way” to build protocols and networks—”be conservative in what you send, and liberal in what you receive.” The idea behind the robustness principle is that implementations should implement specifications as accurately as possible, but they should also accept malformed and otherwise erroneous data, process the best they can, and drop the bits they cannot process. This should allow the network to operate correctly in the face of defects and other failures. A recent draft, draft-iab-protocol-maintenance/, challenges the assumptions behind the robustness principle. Join Tom and Russ as they discuss the robustness principle and its potential problems.

download

Enabling Continuous Compliance for a Global Financial Gluware Customer: Livestream 28 June 2022 1/7 – Video

Regulated industries such as financials often feel the pain of a current audit or upcoming audit. Implementing network automation with a product like Gluware can enable continuous compliance. Julie Wehling, Solutions Architect, Gluware; and Greg Ferro, Co-Founder, Packet Pushers discuss a real-world customer use case in which a global financial services company used Gluware to […]

The post Enabling Continuous Compliance for a Global Financial Gluware Customer: Livestream 28 June 2022 1/7 – Video appeared first on Packet Pushers.

OpenSSL Heap Memory Corruption Vulnerability Fixed

Ever since CVE-2022-2274, didn’t reach Heartbleed levels of ick, but it was more than bad enough. What happened was that the OpenSSL 3.0.4 release introduced a serious RSA bug in X86-64 CPUs supporting the AVX512 IFMA instructions. This set of CPU single instruction, multiple data (SIMD) instructions for floating-point operations per second (FLOPS) was introduced in 2018. You’ll find it in pretty much every serious Intel processor, from Skylake to AMD’s forthcoming Zen 4. In other words, it’s probably in every server you’re currently running. Is that great news or what? Memory Corruption The problem is that RSA 2048-bit private key implementations fail on this chip architecture. Adding insult to injury, memory corruption results during the computation. The last straw? An attacker can use this memory corruption to trigger a remote code execution (RCE) on the machine. Exploiting it might not be easy, but it is doable. And, even if an attack isn’t that reliable, if it’s used to hit a server that constantly respawns, say a web server, it Continue reading

1 487 488 489 490 491 3,858