Flow-Based Packet Forwarding
In the Cache-Based Packet Forwarding blog post I described what happens when someone tries to bypass the complexities of IP routing table lookup with a forwarding cache.
Now imagine you want to implement full-featured fast packet forwarding including ingress- and egress ACL, NAT, QoS… but find the required hardware (TCAM) too expensive. Wouldn’t it be nice if we could send the first packet of every flow to a CPU to figure out what to do with it, and download the results into a high-speed flow cache where they could be used to switch the subsequent packets of the same flow. Welcome to flow-based packet forwarding.
Flow-Based Packet Forwarding
In the Cache-Based Packet Forwarding blog post I described what happens when someone tries to bypass the complexities of IP routing table lookup with a forwarding cache.
Now imagine you want to implement full-featured fast packet forwarding including ingress- and egress ACL, NAT, QoS… but find the required hardware (TCAM) too expensive. Wouldn’t it be nice if we could send the first packet of every flow to a CPU to figure out what to do with it, and download the results into a high-speed flow cache where they could be used to switch the subsequent packets of the same flow. Welcome to flow-based packet forwarding.
How To Create A Python Function You Can Call From Other Scripts
Python gives you the ability to write a bit of code and the call that code as a function. You can call the function from within the same script where the function is defined, or you can save the function in a separate script and then import the function inside of other scripts.
Writing and calling functions is a key component of the Don’t Repeat Yourself (DRY) principle of software development. Creating a function in a single script and calling that function from other scripts is preferable to performing copypasta of the same bit of code throughout several scripts. When a function lives in a single script, it only needs to be updated in that one place when it inevitably needs updating.
While Python functions can perform isolated tasks, my typical use cases send values into the function and receive a value returned from the function. In this example, I’ll import a Python function used to refresh an access token required to authenticate to a remote API endpoint. I’ll pass other tokens required to refresh the access token into the function, and the function will return the refreshed access token back to the calling script.
The Function
The names of Continue reading
With Excelero Storage, Nvidia Owns A Nearly Complete HPC/AI Stack
In case it is not immediately obvious, over the past decade Nvidia has been transforming itself from a component supplier into a complete platform provider. …
With Excelero Storage, Nvidia Owns A Nearly Complete HPC/AI Stack was written by Timothy Prickett Morgan at The Next Platform.
Tech Bytes: Credit Union Taps Aruba ESP For SD-WAN, Branch Networking (Sponsored)
Today on the Tech Bytes podcast we dive into a real-world SD-WAN deployment. Our sponsor is Aruba and we’re talking with Aruba ESP customer Alabama ONE, a credit union. Our guest is Bobby Umfress II, Director of IT and Operations at Alabama ONE.Tech Bytes: Credit Union Taps Aruba ESP For SD-WAN, Branch Networking (Sponsored)
Today on the Tech Bytes podcast we dive into a real-world SD-WAN deployment. Our sponsor is Aruba and we’re talking with Aruba ESP customer Alabama ONE, a credit union. Our guest is Bobby Umfress II, Director of IT and Operations at Alabama ONE.
The post Tech Bytes: Credit Union Taps Aruba ESP For SD-WAN, Branch Networking (Sponsored) appeared first on Packet Pushers.
Breaking Data Silos Open With An Apache Arrow Platform
Voltron Data officially launched last month with a mission to make Apache Arrow easier to use for big data analytics projects, and in particular to focus on improving interoperability with other systems. …
Breaking Data Silos Open With An Apache Arrow Platform was written by Daniel Robinson at The Next Platform.
Network Break 372: VMware Enhances Container Security; Google Summons Workers Back To The Office
This week on Network Break we discuss VMware enhancing its Carbon Black software with container runtime security, Google telling employees to return to the office starting April 4, and Broadcom taking in $7.7 billion in revenue in Q1 2022. We also discuss security attacks affected hit Toyota and Viasat and more IT news.BGP Policies (part 1)
At the most basic level, there are only three BGP policies: pushing traffic through a specific exit point; pulling traffic through a specific entry point; preventing a remote AS (more than one AS hop away) from transiting your AS to reach a specific destination. In this series I’m going to discuss different reasons for these kinds of policies, and different ways to implement them in interdomain BGP.
In the following network—
There are many reasons an operator might want to select which neighboring AS through which to send traffic towards a given reachable destination (for instance, 100::/64). Each of these examples assumes the AS in question has learned multiple paths towards 100::/64, one from each peer, and must choose one of the two available paths to forward along.
Examining this from AS65006’s Perspective …
Assuming AS65006 is an edge operator (commonly called enterprise, but generally just originating and terminating traffic, and never transiting traffic), there are several reasons the operator may prefer one exit point (through an upstream provider), including:
- An automated system may determine AS65004 has some sort of brownout; in this case, the operator at 65006 has configured the system to prefer the exit through AS65005
- The traffic Continue reading
How to Migrate your Ansible Playbooks to Support AWS boto3
Red Hat Ansible Automation Platform is known for automating Linux, Windows and networking infrastructure. While both the community version of Ansible and our enterprise offering, Red Hat Ansible Automation Platform, are prominently known for configuration management, this is just a small piece of what you can really achieve with Ansible’s automation. There are many other use-cases that Ansible Automation Platform is great at automating, such as your AWS, Azure or Google public cloud.
Ansible Automation Platform can automate deployments, migrations and operational tasks for your public cloud. This is extremely powerful because you can orchestrate your entire infrastructure workflow, from cloud deployment, to instance configuration, to retirement, rather than requiring a point tool for each separate use-case. This also allows IT administrators to concentrate on automating business outcomes rather than individual technology silos.
Specifically for this blog, I wanted to cover converting your Ansible Playbooks for provisioning an instance on AWS from the unsupported ec2 module to the fully supported ec2_instance module. Amazon has deprecated their Software Development Kit (SDK) Boto in favor of the newer fully supported SDK Boto3. Alina Buzachis announced What's New: The Ansible AWS Collection 2.0 Release back in October 2021, which includes Continue reading
Who monitors the monitoring systems?
This article offers a response, describing how to introduce an uncorrelated monitor-of-monitors into the data center to provide real-time visibility that survives when the primary monitoring systems fail.
Summary of the AWS Service Event in the Northern Virginia (US-EAST-1) Region, This congestion immediately impacted the availability of real-time monitoring data for our internal operations teams, which impaired their ability to find the source of congestion and resolve it. December 10th, 2021
Standardizing on a small set of communication primitives (gRPC, Thrift, Kafka, etc.) simplifies the creation of large scale distributed services. The communication primitives abstract the physical network to provide reliable communication to support distributed services running on compute nodes. Monitoring is typically regarded as a distributed service that is part of the compute infrastructure, relying on agents on compute nodes to transmit measurements to scale out analysis, storage, automation, and Continue reading
Cloudflare, CrowdStrike, and Ping Identity launch the Critical Infrastructure Defense Project
Today, in partnership with CrowdStrike and Ping Identity, Cloudflare is launching the Critical Infrastructure Defense Project (CriticalInfrastructureDefense.org). The Project was born out of conversations with cybersecurity and government experts concerned about potential retaliation to the sanctions that resulted from the Russian invasion of Ukraine.
In particular, there is a fear that critical United States infrastructure will be targeted with cyber attacks. While these attacks may target any industry, the experts we consulted with were particularly concerned about three areas that were often underprepared and could cause significant disruption: hospitals, energy, and water.
To help address that need, Cloudflare, CrowdStrike, and Ping Identity have committed under the Critical Infrastructure Defense Project to offer a broad suite of our products for free for at least the next four months to any United States-based hospital, or energy or water utility. You can learn more at: www.CriticalInfrastructureDefense.org.
We are not powerless against hackers. Organizations that have adopted a Zero Trust approach to security have been successful at mitigating even determined attacks. There are three core components to any Zero Trust security approach: 1) Network Security, 2) Endpoint Security; and 3) Identity.
Cloudflare, CrowdStrike, and Ping Identity are three of Continue reading
Dictionary : Face Mute
What is face muting ?