NetworkingNexus.net

So-Called Modern VPNs: Marketing and Reality

Someone left a “killer” comment¹ after reading the Should We Use LISP blog post. It start with…

I must sadly say that your view on what VPN is all about is pretty rusty and archaic :( Sorry! Modern VPNs are all pub-sub based and are already turning into NaaS.

Nothing new there. I’ve been called old-school guru from an ivory tower when claiming TRILL is the wrong direction and we should use good old layer-3-based design², but let’s unpack the “pub-sub” bit.

How 5G speeds compare across the globe—and why they differ

5G cellular networks are one of the most-hyped broadband technologies in the last decade. They’re designed to make cellular networks more efficient and reallocate more of the spectrum to data than to voice capabilities, increasing throughput. And 5G add-ons like mmWave promise superfast performance when you are very close to a cellular tower.But do they really make a difference on user devices that businesses use both for their own staff’s work purposes and for the services they sell to consumers? The answer, a new report from telecom consultancy Opensignal, says yes.To read this article in full, please click here

Burning Cash Like Rocket Fuel To Get Hashi Stack To The Next Stage

Creating a platform is a massive technical challenge. We have seen many technically elegant ones in recent years – Cloud Foundry, Engine Yard, the original OpenShift, Photon Platform, Mesos, OpenStack come immediately to mind – that didn’t quite make it, and importantly did not rise to the economic challenge of making enough money to sustain the continued development and support of that platform to have to reach tens of thousands, to hundreds of thousands, to millions of customers. …

Burning Cash Like Rocket Fuel To Get Hashi Stack To The Next Stage was written by Timothy Prickett Morgan at The Next Platform.

Cisco and NetApp upgrade their converged-infrastructure for hybrid cloud

Cisco and NetApp have upgraded their converged-infrastructure platform, FlexPod, to handle hybrid-cloud services.FlexPod--which Cisco and NetApp have been building since 2010 and has some 10,000 customers the vendors say--includes integrated Cisco UCS servers and networking gear and NetApp ONTAP storage components sold as an on-premises or edge converged-infrastructure package.How to build a hybrid-cloud strategy Customers are now in the midst of a major shift to modernize and unify their infrastructure and operations, Siva Sivakumar senior director for Computing System Platforms Group at Cisco said in a blog about the enhancements. “Customers are evaluating every tool available to augment their in-house resources and skillsets including automation, observability, and a variety of hybrid-cloud and SaaS services," he wrote. "The goal is simple: Use whatever is available to supercharge IT productivity and agility to drive better operational results while lowering operational costs.”To read this article in full, please click here

Cisco and NetApp upgrade their converged-infrastructure platform for hybrid cloud

Private 5G Networks Sector Surges with New Services, Investments, and User Trials

Enterprises face a fast-expanding array of 5G private network offerings as AWS, Cisco, HPE, and others have joined the fray since December.

Slurm HPC Job Scheduler Applies For Work In AI And Hybrid Cloud

The Slurm Workload Manager that has its origins at Lawrence Livermore National Laboratory as the Simple Linux Utility for Resource Management – and which is used on about two-thirds of the most powerful HPC systems in the world – is looking for new jobs to take on across hybrid cloud infrastructure and machine learning systems running at scale. …

Slurm HPC Job Scheduler Applies For Work In AI And Hybrid Cloud was written by Daniel Robinson at The Next Platform.

Hedge 122: The Internet Architecture Board

What is the Internet Architecture Board (IAB) of the IETF? What role does the IAB play in the larger ecosystem of building and deploying standard protocols? In this episode of the Hedge, Tom and Ethan “flip roles” with Russ to ask these questions.

download

Learning to script on Linux using bash

Scripting in Linux--putting commands into a file so you can run them as a group—is a lot easier than running them from the command line because you don't have to figure out the process over and over again. Aliases can also be used to repeat commands easily, but are really only used for individual commands that are complex or difficult to remember.As you will see in the examples below, the bash shell provides plenty of commands for testing, looping, creating functions, and annotating your scripts. [ Get regularly scheduled insights by signing up for Network World newsletters. ]To read this article in full, please click here

Learning to script on Linux using bash

Pluribus extends cloud fabric to Nvidia smartNICs

Pluribus Networks has extended its switch-fabric software to server-based data processing units (DPU)—aka smartNICs—that can lighten the workload for server CPUs.Pluribus has ported its Unified Cloud Fabric (previously Adaptive Cloud Fabric) software to the Nvidia BlueField-2 DPU, which offloads software-defined storage, networking, security, and management workloads from traditional servers.To read this article in full, please click here

10 Reasons to Implement Network Automation – Low Effort, High Impact

In 2022, nearly 77% of technology professionals see the need for improvement in their data center network automation strategies. Despite years of predictions about applications and data migrating to the public cloud, a consensus has been that data centers remain the indispensable core of any digital infrastructure. While the public cloud has a vital role to play and it continues to grow, enterprises and service providers continue to rely on data centers to power their operations. To remain relevant in a cloud-centric world, data centers must modernize – needing scalable, efficient, and agile operations. Highly manual processes do not scale gracefully, therefore calling for organizations and their data centers to adopt network automation or be left behind.

VMware is proud to have an opportunity to sponsor Enterprise Management Associates (EMA) in producing The Future of Data Center Network Automation research report. This report analyzes cutting-edge technology of data center automation – drawing on quantitative and qualitative research done by EMA analysts – focusing on how tech orgs are planning, implementing, and using data center network automation solutions, the specific technologies they’re using, and the benefits and challenges associated with data center network automation. Using real-time VMware customers Continue reading

Containerlab DDoS testbed

Real-time telemetry from a 5 stage Clos fabric describes lightweight emulation of realistic data center switch topologies using Containerlab. This article extends the testbed to experiment with distributed denial of service (DDoS) detection and mitigation techniques described in Real-time DDoS mitigation using BGP RTBH and FlowSpec.

docker run --rm -it --privileged --network host --pid="host" \
  -v /var/run/docker.sock:/var/run/docker.sock -v /run/netns:/run/netns \
  -v ~/clab:/home/clab -w /home/clab \
  ghcr.io/srl-labs/clab bash

Start Containerlab.

curl -O https://raw.githubusercontent.com/sflow-rt/containerlab/master/ddos.yml

Download the Containerlab topology file.

containerlab deploy -t ddos.yml

Finally, deploy the topology.

Connect to the web interface, http://localhost:8008. The sFlow-RT dashboard verifies that telemetry is being received from 1 agent (the Customer Network, ce-router, in the diagram above). See the sFlow-RT Quickstart guide for more information.

Now access the DDoS Protect application at http://localhost:8008/app/ddos-protect/html/. The BGP chart at the bottom right verifies that BGP connection has been established so that controls can be sent to the Customer Router, ce-router.

docker exec -it clab-ddos-attacker hping3 --flood --udp -k -s 53 192.0.2.129

Start a simulated DNS amplification attack using hping3.

The udp_amplification chart shows that traffic matching the attack signature has crossed the threshold. The Controls chart shows Continue reading

Simple Load Testing with GitHub Actions

Michael Kalantar Michael is a senior software engineer who has contributed to the design and development of a number of scalable distributed and cloud-based enterprise systems. He is a co-founder of the Iter8 project. In this article, we show how to use GitHub Actions to load-test, benchmark and validate HTTP and gRPC services with service-level objectives (SLOs). When developing a new version of an HTTP or gRPC service, it is desirable to benchmark its performance and to validate that it satisfies desired service-level objectives (SLOs) before upgrading the current version. We describe a no-code approach based on GitHub Actions that can be used to automate such testing at any point in a continuous integration/continuous delivery (CI/CD) pipeline. For example, at build time it can be used to validate the new version as soon as possible. Alternatively, at deployment time it can be used to validate SLOs in the production environment. HTTP Load Testing with the Iter8 GitHub Action The Iter8 GitHub Action, iter8-tools/iter8-action@v1, enables automated Iter8 experiments in a GitHub workflow. To use the action, specify an experiment chart and its configuration via a Helm valuesFile. No programming is necessary — all configuration is declarative. Typical use is to Continue reading

Day Two Cloud 138: Rethinking Logs And Analysis With vRealize Log Insight Cloud (Sponsored)

VMware is our sponsor today for a Day Two Cloud episode about logging. Specifically, we're talking about vRealize Log Insight Cloud. It’s not just about collecting logs and events, and it's not just for VMware products. What do you get out of the data being logged? That’s what’s interesting. This is much more than a pile of syslogs with a search engine dropped on top.

Announcing the Cloudflare API Gateway

Over the past decade, the Internet has experienced a tectonic shift. It used to be composed of static websites: with text, images, and the occasional embedded movie. But the Internet has grown enormously. We now rely on API-driven applications to help with almost every aspect of life. Rather than just download files, we are able to engage with apps by exchanging rich data. We track workouts and send the results to the cloud. We use smart locks and all kinds of IoT devices. And we interact with our friends online.

This is all wonderful, but it comes with an explosion of complexity on the back end. Why? Developers need to manage APIs in order to support this functionality. They need to monitor and authenticate every single request. And because these tasks are so difficult, they’re usually outsourced to an API gateway provider.

Unfortunately, today’s gateways leave a lot to be desired. First: they’re not cheap. Then there’s the performance impact. And finally, there’s a data and privacy risk, since more than 50% of traffic reaches APIs (and is presumably sent through a third party gateway). What a mess.

Today we’re announcing the Cloudflare API Gateway. We’re going to completely replace Continue reading

Envoy Media: using Cloudflare’s Bot Management & ML

This is a guest post by Ryan Marlow, CTO, and Michael Taggart, Co-founder of Envoy Media Group.

My name is Ryan Marlow, and I’m the CTO of Envoy Media Group. I’m excited to share a story with you about Envoy, Cloudflare, and how we use Bot Management to monitor automated traffic.

Background

Envoy Media Group is a digital marketing and lead generation company. The aim of our work is simple: we use marketing to connect customers with financial services. For people who are experiencing a particular financial challenge, Envoy provides informative videos, money management tools, and other resources. Along the way, we bring customers through an online experience, so we can better understand their needs and educate them on their options. With that information, we check our database of highly vetted partners to see which programs may be useful, and then match them up with the best company to serve them.

As you can imagine, it’s important for us to responsibly match engaged customers to the right financial services. Envoy develops its own brands that guide customers throughout the process. We spend our own advertising dollars, work purely on a performance basis, and choose partners we know will do right Continue reading

Announcing Friendly Bots

When someone mentions bots on the Internet, what’s your first reaction?

It’s probably negative. Most of us conjure up memories of CAPTCHAs, stolen passwords, or some other pain caused by bad bots.

But the truth is, there are plenty of well-behaved bots on the Internet. These include Google’s search crawler and Stripe’s payment bot. At Cloudflare, we manually “verify” good bots, so they don’t get blocked. Our customers can choose to allowlist any bot that is verified. Unfortunately, new bots are popping up faster than we can verify them. So today we’re announcing a solution: Friendly Bots.

Let’s begin with some background.

How does a bot get verified?

We often find good bots via our public form. Anyone can submit a bot, but we prefer that bot operators complete the form to provide us with the information we need. We ask for some standard bits of information: your bot’s name, its public documentation, and its user agent (or regex). Then, we ask for information that will help us validate your bot. There are four common methods:

IP list
Send us a list of IP addresses used by your bot. This doesn’t have to be a static list — you can Continue reading

Introducing Advanced Rate Limiting

Still relying solely on IP firewalling? It’s time to change that.

While the IP address might still be one of the core technologies allowing networks to function, its value for security is long gone. IPs are rarely static; nowadays, mobile operators use carrier-grade network address translation (CGNAT) to share the same IP amongst thousands of individual devices or users. Bots then carry out distributed attacks with low request volume from different IPs to elude throttling. Furthermore, many countries consider IP addresses to be personal data, and it would be a great advancement for privacy if a replacement could be found for elements of security that currently rely on IP addresses to function. A product that is affected by this trend is rate limiting.

Rate limiting is designed to stop requests from overloading a server. It relies on rules. A rate limiting rule is defined by a filter (which typically is a path, like /login) and the maximum number of requests allowed from each user over a period of time. When this threshold is exceeded, an action is triggered (usually a block) for subsequent requests from the same user for a period of time (known as a timeout). Traditional throttling Continue reading

What is hyperconvergence?

Hyperconvergence is an IT framework that combines storage, computing and networking into a single system in an effort to reduce data center complexity and increase scalability.Hyperconverged platforms include a hypervisor for virtualized computing, software-defined storage, and virtualized networking. They typically run on standard, off-the-shelf servers and multiple nodes can be clustered to create pools of shared compute and storage resources, designed for convenient consumption.The use of commodity hardware, supported by a single vendor, yields an infrastructure that's designed to be more flexible and simpler to manage than traditional enterprise storage infrastructure. For IT leaders who are embarking on data center modernization projects, hyperconvergence can provide the agility of public cloud infrastructure without relinquishing control of hardware on their own premises.To read this article in full, please click here

« Previous 1 … 545 546 547 548 549 … 3,836 Next »