Shields up: free Cloudflare services to improve your cyber readiness

Shields up: free Cloudflare services to improve your cyber readiness

Since our founding, Cloudflare's mission has been to "help build a better Internet," and we take it to heart. It used to be that the services required to adequately secure an online presence were only available to the largest of enterprises — organizations big enough to afford both the technology itself and the teams to manage it.

We've worked hard over the years to level the playing field. This has meant making more and more of the essential tools for protecting an online presence available to as many people as possible. Cloudflare offers unmetered DDoS protection — for free. We were the first to introduce SSL at scale — for free. And it’s not just protection for your external-facing infrastructure: we have a free Zero Trust plan that enables teams to protect their internal-facing infrastructure, too.

These types of tools have always been important for the billions of people on the Internet. But perhaps never as important as they've become this week.

Concurrent with the Russian invasion of Ukraine, we've seen increasing cyberattacks on the Internet, too. Governments around the world are encouraging organizations to go “shields up” — with warnings coming from the United States’ Cybersecurity & Infrastructure Security Continue reading

Internet traffic patterns in Ukraine since February 21, 2022

Internet traffic patterns in Ukraine since February 21, 2022

Cloudflare operates in more than 250 cities worldwide where we connect our equipment to the Internet to provide our broad range of services. We have data centers in Ukraine, Belarus and Russia and across the world. To operate our service we monitor traffic trends, performance and errors seen at each data center, aggregate data about DNS, and congestion and packet loss on Internet links.

Internet Traffic

For reference, here is a map of Ukraine showing its major cities. Note that whenever we talk about dates and times in this post, we are using UTC. Ukraine’s current time zone is UTC+2.

Internet traffic patterns in Ukraine since February 21, 2022
© OpenStreetMap contributors

Internet traffic in Ukraine generally follows a pretty predictable pattern based on day and night. Lowest in the hours after local midnight and picking up as people wake up. It’s not uncommon to see a dip around lunchtime and a peak when people go home in the evening. That pattern is clearly visible in this chart of overall Internet traffic seen by Cloudflare for Ukrainian networks on Monday, Tuesday, and Wednesday prior to the invasion.

Internet traffic patterns in Ukraine since February 21, 2022

Starting Thursday, traffic was significantly lower. On Thursday, we saw about 70% of our normal request volume and about 60% on Friday. Continue reading

Video: Comparing TCP/IP and CLNP

If you were building networks in early 1990s you probably remember at least a half-dozen different network protocols. Only one of them survived (IPv6 came later), with another one (CLNP) providing an interesting view into a totally different parallel universe that evolved using a different set of fundamental principles.

After introducing the network-layer addressing, I compared the two and pointed out where one or the other was clearly better.

You might think that it makes no sense to talk about protocols that were rarely used in old days, and that are almost non-existent today, but as always those who cannot remember the past are doomed to repeat it, this time reinventing CLNP principles in IPv6-based layer-3-only data center fabrics.

Watch the video
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.

Video: Comparing TCP/IP and CLNP

If you were building networks in early 1990s you probably remember at least a half-dozen different network protocols. Only one of them survived (IPv6 came later), with another one (CLNP) providing an interesting view into a totally different parallel universe that evolved using a different set of fundamental principles.

After introducing the network-layer addressing, I compared the two and pointed out where one or the other was clearly better.

You might think that it makes no sense to talk about protocols that were rarely used in old days, and that are almost non-existent today, but as always those who cannot remember the past are doomed to repeat it, this time reinventing CLNP principles in IPv6-based layer-3-only data center fabrics.

Watch the video
You need Free ipSpace.net Subscription to watch the video, and the Standard ipSpace.net Subscription to register for upcoming live sessions.

GraphCore Goes 3D With AI Chips, Architects 10 Exaflops Ultra-Intelligent Machine

The 3D stacking of chips has been the subject of much speculation and innovation in the past decade, and we will be the first to admit that we have been mostly thinking about this as a way to cram more capacity into a given compute engine while at the same time getting components closer together along the Z axis and not just working in 2D anymore down on the X and Y axes.

GraphCore Goes 3D With AI Chips, Architects 10 Exaflops Ultra-Intelligent Machine was written by Timothy Prickett Morgan at The Next Platform.

ICANN denies Ukraine request to shut down Russian internet domains

The president and CEO of the Internet Corporation for Assigned Names and Numbers (ICANN) has denied a Ukrainian request that would have effectively cut the rest of the world off from Russian websites, as Russia's ongoing invasion of its neighbor entered its seventh day.In an open letter sent on March 2 to Ukrainian Deputy Prime Minister Mykhailo Fedorov, ICANN's Göran Marby said that the internet regulator has "globally agreed policies" that do not permit it to perform the requested actions, which included revocation of Russia's top-level .ru domain and SSL certificates, and the shutdown of root servers keeping large portions of the Russian internet accessible to the outside world.To read this article in full, please click here

Cloud Engineering For The Network Pro: Part 4 – Virtual Subnets And Gateways (Video)

Part 4 of Michael Levan’s cloud networking series provides step-by-step instructions for setting up virtual subnets and Internet gateways in AWS and Azure. You can subscribe to the Packet Pushers’ YouTube channel for more videos as they are published. It’s a diverse a mix of content from Ethan and Greg, plus selected videos from our […]

The post Cloud Engineering For The Network Pro: Part 4 – Virtual Subnets And Gateways (Video) appeared first on Packet Pushers.

How to maximize K3s resource efficiency using Calico’s eBPF data plane

Amazon’s custom-built Graviton processor allows users to create ARM instances in the AWS public cloud, and Rancher K3s is an excellent way to run Kubernetes in these instances. By allowing a lightweight implementation of Kubernetes optimized for ARM with a single binary, K3s simplifies the cluster initialization process down to executing a simple command.

In an earlier article, I discussed how ARM architecture is becoming a rival to x86 in cloud computing, and steps that can be taken to leverage this situation and be prepared for this new era. Following the same narrative, in this article I’ll look at an example of the Calico eBPF data plane running on AWS, using Terraform to bootstrap our install to AWS, and Rancher K3s to deploy the cluster.

A few changes to Calico are needed for ARM compatibility, including updating parts, enabling eBPF, and compiling operators for the ARM64 environment:.

  • Tigera Operator Tigera Operator is the recommended way to install Calico.
  • go-build go-build is a container environment packed with all the utilities that Calico requires in its compilation process.
  • Calico-node Calico-node is the pod that hosts Felix (i.e. it is the brain that carries control plane decisions fto Continue reading

BrandPost: Improving National Cybersecurity with SASE

By: Dolan Sullivan, Vice President of Federal at Aruba, a Hewlett Packard Enterprise company.With sophisticated cyberattacks, such as ransomware and denial of service (DOS) persistently aimed at the public and private sectors being perpetrated by nation-state and rogue criminal actors, Federal IT teams are consistently dealing with a growing cybersecurity challenge: They must combat many forms of fraud and impersonation while protecting a vast amount of connected assets and sensitive data.Federal government agencies are increasingly impacted by contemporary digital trends, namely mobility and the decentralization of assets. This includes adopting multi-cloud services to support and secure business applications while using an appropriate mix of traditional on-premises compute and communication resources.To read this article in full, please click here

Syslog to Telegram

Introduction

From time to time, I wish I could be made aware of failures earlier. There are two events, in particular, that I am interested to know about very quickly, as they may impact service at AS8298:

  1. Open Shortest Path First (OSPF) adjacency removals. OSPF is a link-state protocol and it knows when a physical link goes down, that the peer (neighbor) is no longer reachable. It can then recompute paths to other routers fairly quickly. But if the link stays up but connectivity is interrupted, for example because there is a switch in the path, it can take a relatively long time to detect.
  2. Bidirectional Forwarding Detection (BFD) session timeouts. BFD sets up a rapid (for example every 50ms or 20Hz) of a unidirectional UDP stream between two hosts. If a number of packets (for example 40 packets or 2 seconds) are not received, a link can be assumed to be dead.

Notably, BIRD, as many other vendors do, can combine the two. At IPng, each OSPF adjacency is protected by BFD. What happens is that once an OSPF enabled link comes up, OSPF Hello packets will be periodically transmitted (with a period called called a Hello Timer Continue reading

Hedge 120: Information Centric Networking with Dirk Kutscher

In today’s Internet, packets are at the core of information flows. Routers only know (very minimally) about what is in the packets they’re carrying around. Caching and content distribution networks (CDNs) are used to place information at various locations throughout the ‘net for users to access, making the distribution of this information more efficient. Information Centric Networking “flips the script,” making named information, rather than packets, the core construct of networks.

Join Dirk Kutscher, Alvaro Retana, and Russ White, as they discuss this interesting research area at the future edge of networking. You can find out more about ICN here.

download

Australia’s NCI Adds Ceph Object Storage To Lustre File Systems

Object storage has been drawing an increasing level of interest from organizations over the past several years as a convenient way to store and manage the growing quantities of data they are accumulating, especially when that may be a mix of structured and unstructured data and a lot of machine-generated telemetry.

Australia’s NCI Adds Ceph Object Storage To Lustre File Systems was written by Daniel Robinson at The Next Platform.

Dell upgrades entry-level block-storage array

Dell’s newest entry-level block-storage array is the PowerVault ME5 series, aimed at price-sensitive customers with a focus on ease of deployment and affordability.The array’s predecessor, the PowerVault ME4, was released in 2018. So it was overdue for an upgrade—and Dell delivered.The ME5 features significant performance and capacity improvements compared to the ME4. Between the hardware and software upgrades, Dell says the PowerVault ME5 offers twice the performance, throughput, capacity and memory of the ME4. The ME5 has newer Xeon processors with twice as many cores as the ME4, and controller memory has been increased to 16GB per controller.To read this article in full, please click here

What is MU-MIMO, and why is it essential for Wi-Fi 6 and 6E?

The only thing techies love more than creating acronyms is the chance to create even longer ones. Such is the case with wireless acronym MIMO (multiple input, multiple output), which got some additional letters with the release of MU-MIMO a few years ago.As wireless standards evolved from 802.11ac (Wi-Fi 5) to 802.11ax (Wi-Fi 6), new features were added to MU-MIMO as well to improve speeds and efficiency, specifically in the number of streams it can support, as well as bidirectional functionality (uplink and downlink).How to buy Wi-Fi 6 access points What is MU-MIMO?  MU-MIMO stands for multi-user, multiple input, multiple output, and represents a significant advance over single-user MIMO (SU-MIMO), which is generally referred to as MIMO. MIMO technology was created to help increase the number of simultaneous users a single access point can support. This was initially achieved by increasing the number of antennas on a wireless router.To read this article in full, please click here

1 554 555 556 557 558 3,836