MPLS/LDP Creation Myths

Hannes Gredler wrote an interesting comment to my Segment Routing vs LDP in Hub-and-Spoke Networks blog post:

In 2014 when I did the first prototype implementation of MPLS-SR node labels, I was stunned that just with an incremental add of 500 lines of code to the vanilla IPv4/IPv6 IS-IS codebase I got full any-to-any connectivity, no sync issues, no targeted sessions for R-LFA …. essentially labeled transport comes for free.

Based on that, one has to wonder “why did we take the LDP detour and all the complexity it brings?”. Here’s what Hannes found out:

Read more …

MPLS/LDP Creation Myths

Hannes Gredler wrote an interesting comment to my Segment Routing vs LDP in Hub-and-Spoke Networks blog post:

In 2014 when I did the first prototype implementation of MPLS-SR node labels, I was stunned that just with an incremental add of 500 lines of code to the vanilla IPv4/IPv6 IS-IS codebase I got full any-to-any connectivity, no sync issues, no targeted sessions for R-LFA …. essentially labeled transport comes for free.

Based on that, one has to wonder “why did we take the LDP detour and all the complexity it brings?”. Here’s what Hannes found out:

Read more …

AMD’s new EPYC chips are out, with bigger cache for intense workloads

AMD is adding four new processor SKUs to its EPYC (formerly codenamed Milan-X) lineup of high-end chips, building additional L3 cache capability onto the existing EPYC series.The key new feature of the new 7773X, 7573X, 7473X, and 7373X chips, which were initially announced in a roadmap made public late last year, is in their physical construction — AMD refers to the new technique as 3D V-Cache. Where most processors are constructed with a single piece of silicon inside, the new AMD chips mount a second microprocessor die atop the first one, which allows for a larger L3 cache.IDC's research vice president for computing semiconductors, Shane Rau, said that this is an important feature for the very high-end applications that AMD is targeting with the EPYC series, which AMD groups under the rubric of "technical computing" — highly demanding enterprise workloads like modeling and visualization, as well as academic and scientific applications.To read this article in full, please click here

AMD’s new EPYC chips are out, with bigger cache for intense workloads

AMD is adding four new processor SKUs to its EPYC (formerly codenamed Milan-X) lineup of high-end chips, building additional L3 cache capability onto the existing EPYC series.The key new feature of the new 7773X, 7573X, 7473X, and 7373X chips, which were initially announced in a roadmap made public late last year, is in their physical construction — AMD refers to the new technique as 3D V-Cache. Where most processors are constructed with a single piece of silicon inside, the new AMD chips mount a second microprocessor die atop the first one, which allows for a larger L3 cache.IDC's research vice president for computing semiconductors, Shane Rau, said that this is an important feature for the very high-end applications that AMD is targeting with the EPYC series, which AMD groups under the rubric of "technical computing" — highly demanding enterprise workloads like modeling and visualization, as well as academic and scientific applications.To read this article in full, please click here

How to enable Recurring Cloudwatch Alarms?

If you do not deal with AWS/CloudWatch you don’t have to read this post.

What: The issue was simple, we had a cloud watch alarm for Lambda Function invocation, now the way I wanted was to send us recurring email notifications if the alarm was not addressed, apparently this is not a cloud-watch native feature and there is a work-around for this.

Short Story: Implementing this will have a new step function which will start alarming based on an alert-timer, this won’t by default apply to all the alarms that you configure, you need to specifically tag it with a keyword, more of those options detailed in the article, so based on the timer you set, Cloud-watch say send SNS notification or any action of your choice to get implemented.

Link:https://aws.amazon.com/blogs/mt/how-to-enable-amazon-cloudwatch-alarms-to-send-repeated-notifications/

Why Article if you have a Link that explains ?: To start with not everything that I encountered was straightforward, the install process requires you to have a docker environment, and a proper node install and then a CDK install, I never did that and it did waste some time so I wanted to document and also this might help anyone to implement the same.

Spoilers:

Continue reading

Tech Bytes: Apstra Extends Intent-Based Data Center Networking To The Edge (Sponsored)

Today on the Tech Bytes podcast we’re talking about a new release of Juniper’s Apstra intent-based networking platform for data centers. Apstra is introducing new features including a collapsed fabric to extend intent-based networking to edge locations and a new capability that enables group-based policies for more fine-grained policy enforcement.

The post Tech Bytes: Apstra Extends Intent-Based Data Center Networking To The Edge (Sponsored) appeared first on Packet Pushers.

Revocation

A compromised private key should not be accepted. An attacker might use a compromised private key to impersonate a site, and this vulnerability needs to be prevented to ensure that users can use services over the network with trust in their integrity and security. The way to stop a compromised key from being accepted is to disseminate the information that the key is no longer trustable, and this is achieved by revoking the public key certificate. But we are having some problems in taking this theory and creating practical implementations of certificate revocation.

Network performance update: Security Week

Network performance update: Security Week
Network performance update: Security Week

Almost a year ago, we shared extensive benchmarking results of last mile networks all around the world. The results showed that on a range of tests (TCP connection time, time to first byte, time to last byte), and on different measures (p95, mean), Cloudflare was the fastest provider in 49% of networks around the world. Since then, we’ve worked to continuously improve performance towards the ultimate goal of being the fastest everywhere. We set a goal to grow the number of networks where we’re the fastest by 10% every Innovation Week. We met that goal last year, and we’re carrying the work over to 2022.

Today, we’re proud to report we are the fastest provider in 71% of the top 1,000 most reported networks around the world. Of course, we’re not done yet, but we wanted to share the latest results and explain how we did it.

Measuring what matters

To quantify network performance, we have to get enough data from around the world, across all manner of different networks, comparing ourselves with other providers. We used Real User Measurements (RUM) to fetch a 100kb file from several different providers. Users around the world report the performance of different providers. Continue reading

A New One-Stop Shop for Network Security Topics

Your trusty NSX blog is going through a big change.

We’re uniting our VMware security content in the newly designed VMware Security blog.  

Don’t worry, you’ll still be able to find the latest on network automation, application mobility, and load balancing. All the networking content you count on, that’s staying right here.  

However, if you’re looking for current and future articles on network security and threat research, those will now be found in a new home—a blog that centralizes security content across VMware into a single channel.    

You no longer need to switch (blog) channels for security news, insights, and resources. The newly designed VMware Security Blog will become your new one-stop-shop for key perspectives from experts, specialists, and leaders across VMware NSX, Threat Analysis Unit, and Carbon Black.  

On the new blog, you can expect to find all the network security content you know and love — including:  

  • Important insights and announcements regarding threat research, endpoint security, and network security
  • Key analysis of recent ransomware attacks, insights on techniques deployed, and how threats can be detected and mitigated
  • Infographics, data points, and award recognition illustrating the strength of VMware security solutions
  • Invites Continue reading

Use Multi-Availability Zone Kubernetes for Disaster Recovery

Nicolas Vermandé Nicolas is the principal developer advocate at Ondat. He is an experienced hands-on technologist, evangelist and product owner who has been working in the fields of cloud native technologies, open source software, virtualization and data center networking for the past 17 years. Passionate about enabling users and building cool tech solving real-life problems, you'll often see him speaking at global tech conferences and online events. Outages and degraded performance are inevitable. Operators make mistakes; new protocols introduce errors, natural disasters damage equipment and more. That’s why rather than trust Amazon’s ability to design a hurricane-proof data center, most platform managers opt to spread their application’s infrastructure across multiple availability zones (AZs). AZ outages aren’t terribly common, but

“Milan-X” 3D Vertical Cache Yields Epyc HPC Bang For The Buck Boost

Last fall ahead of the SC21 supercomputing conference, AMD said it was going to be the first of the major compute engine makers to add 3D vertical L3 cache to its chips, in this case to variants of  the “Milan” Epyc 7003 series of processors that debuted in March 2021 called the “Milan-X” chips.

“Milan-X” 3D Vertical Cache Yields Epyc HPC Bang For The Buck Boost was written by Timothy Prickett Morgan at The Next Platform.

What’s New in the Ansible Content Collection for Kubernetes 2.3

With increased adoption of container automation, IT organizations continue to expand their requirements when it comes to deploying and managing their Kubernetes clusters. As such, we at Red Hat continue to add new features and capabilities to meet those demands by announcing the availability of kubernetes.core version 2.3, our Red Hat Ansible Certified Content Collection for Kubernetes and Helm.

In this blog post, we’ll go over what’s new and what’s different in this release of our Kubernetes Collection. 

 

New Module - k8s_taint

With the release of kubernetes.core 2.3, we introduce the k8s_taint module. This module provides the ability for a Kuberentes node to repel a pod or set of pods from being scheduled unless they have a matching toleration. This establishes that with taints and tolerations in place, pods are not scheduled onto inappropriate nodes.

This feature is quite useful when you are trying to ensure exclusivity of a particular set of nodes (only allow a particular group of users access) or you want to provide particular nodes with special hardware (such as GPUs) to only run pods that require the use of the specialized hardware and keep out the pods that don’t require Continue reading

Application security: Cloudflare’s view

Application security: Cloudflare’s view
Application security: Cloudflare’s view

Developers, bloggers, business owners, and large corporations all rely on Cloudflare to keep their applications secure, available, and performant.

To meet these goals, over the last twelve years we have built a smart network capable of protecting many millions of Internet properties. As of March 2022, W3Techs reports that:

“Cloudflare is used by 80.6% of all the websites whose reverse proxy service we know. This is 19.7% of all websites”

Netcraft, another provider who crawls the web and monitors adoption puts this figure at more than 20M active sites in their latest Web Server Survey (February 2022):

“Cloudflare continues to make strong gains amongst the million busiest websites, where it saw the only notable increases, with an additional 3,200 sites helping to bring its market share up to 19.4%”

The breadth and diversity of the sites we protect, and the billions of browsers and devices that interact with them, gives us unique insight into the ever-changing application security trends on the Internet. In this post, we share some of those insights we’ve gathered from the 32 million HTTP requests/second that pass through our network.

Definitions

Before we examine the data, it is useful to define Continue reading

1 538 539 540 541 542 3,833