0

Turbocharging AKS networking with Calico eBPF

A single Kubernetes cluster expends a small percentage of its total available assigned resources on delivering in-cluster networking. We don’t have to be satisfied with this, though—achieving the lowest possible overhead can provide significant cost savings and performance improvements if you are running network-intensive workloads. This article explores and explains the improvements that can be achieved in Microsoft Azure using Calico eBPF in AKS, including reducing CPU usage, decreasing complexity, enabling easier compliance and troubleshooting, and more.

Before going into details about how exactly Calico takes advantage of eBPF, it is important to note that in the context of this article, Calico is viewed as an additional networking layer on top of Azure CNI, providing functionality that turbocharges its performance. In particular, the standard instructions for installing Calico’s network policy engine with AKS use a version of Calico that pre-dates eBPF mode.

Accelerating network performance

Test methodology

To show how Calico accelerates AKS network performance using eBPF, the Calico team ran a series of network performance benchmarks based on the k8s-bench-suite. These performance benchmarks compared the latest Calico eBPF data plane (using the iptables data plane) with a vanilla AKS cluster.

Tests were run using Standard_D2s_v3 nodes, which are a Continue reading

0

Network Modeling: Segmented Lab access with Containerlab and ZeroTier

Introduction

When building out network labs, often multiple people will need access to the lab. The main way right now is to use something like EVE-NG or GNS3 to provide access.

There are 2 downsides to this method. The first is that your server is exposed to the internet and if your usernames/passwords aren’t strong enough, your server can become compromised. The second is that sometimes you may not want everyone to be able to add or edit to the lab topology.

The solution to this is using Containerlab and ZeroTier. This setup is great for things like testing new hires, training classes, or for providing lab access to others on a limited basis.

What is Containerlab?

Containerlab is a container orchestrating tool for managing container-based networking labs. It doesn’t just support Container based Network Operating Systems though. Through vrnetlab, there is support for a wide variety of commonly used NOSes: Mikrotik RouterOS, Nokia SROS, Juniper vMX and vQFX, and many more.

Configs are text based making it easy to add/update links between nodes. The lab does need to be destroyed and redeployed when adding/removing links. With some tools to generate configs, it’s easy to spin up a 500+ node Continue reading

0

Image/Data set collection – ML Hobby Post 2

Why is this required?

• While Deep Learning is in many different categories ( like Vision, Text (NLP), Audio, Recommendation system), My interest is always in Vision or anything which involves images, I somehow to find it closer to embed into a hobby than other aspects
• Any Part of Image-based Learning, involves a set of Images that are needed to train the model on what is our intention to recognize parameters, for example, consider the below image set called CIFAR-10.
  • https://www.cs.toronto.edu/~kriz/cifar.html — This is the URL, this has a predefined collection of 10 different categories of Images that can be used for training the classifier of an image if the Image is among any of the 10 categories.
• Ordinarily, Let us say you wanted to categorize a Dog in a given picture or you had a scenario where you had months collected time-lapse photos and wanted to categorize Dog and filter out the images which involved Dog in it, you don’t have to collect so many images to train, test and build the model, Data is readily available
• Other Popular datasets — https://docs.fast.ai/data.external.html has lot of pre-collected Datasets at our disposal and https://www. Continue reading

0

What Rescale’s $105M Funding Round Says About HPC Cloud

Patience in a slow-growing market is tough, but supercomputing cloud startup, Rescale, is reaping rewards for its persistence. …

What Rescale’s $105M Funding Round Says About HPC Cloud was written by Nicole Hemsoth at The Next Platform.

0

Governing a Growing API Portfolio

To achieve API governance requires putting the right tools, frameworks, and guardrails in place. That will enable organizations to securely embrace the growing digital economy.

0

Announcing Argo for Spectrum

Today we're excited to announce the general availability of Argo for Spectrum, a way to turbo-charge any TCP based application. With Argo for Spectrum, you can reduce latency, packet loss and improve connectivity for any TCP application, including common protocols like Minecraft, Remote Desktop Protocol and SFTP.

The Internet — more than just a browser

When people think of the Internet, many of us think about using a browser to view websites. Of course, it’s so much more! We often use other ways to connect to each other and to the resources we need for work. For example, you may interact with servers for work using SSH File Transfer Protocol (SFTP), git or Remote Desktop software. At home, you might play a video game on the Internet with friends.

To help people that protect these services against DDoS attacks, Spectrum launched in 2018 and extends Cloudflare’s DDoS protection to any TCP or UDP based protocol. Customers use it for a wide variety of use cases, including to protect video streaming (RTMP), gaming and internal IT systems. Spectrum also supports common VoIP protocols such as SIP and RTP, which have recently seen an increase in DDoS ransomware attacks. A lot of Continue reading

0

Using the script command on Linux to record command line activity

The Linux script command has been around for ages and provides a simple but useful service. It lets you record command line activity – both input and output. This can be very helpful in troubleshooting problems or verifying what was done later by reviewing the commands that were run along with their output.Even if you've used the script command time to time, it offers more options than many of us realize. In this post, we will look at the simplest use of script and some of the options that can make it even more useful.The easiest way to use the script command is simply to type "script" in the terminal window and press ^d when you want to stop the recording. The output, by default, will be saved in a file called "typescript". You will see the file name that is used in the first line of output.To read this article in full, please click here

0

Using the script command on Linux to record command line activity

The Linux script command has been around for ages and provides a simple but useful service. It lets you record command line activity – both input and output. This can be very helpful in troubleshooting problems or verifying what was done later by reviewing the commands that were run along with their output.Even if you've used the script command time to time, it offers more options than many of us realize. In this post, we will look at the simplest use of script and some of the options that can make it even more useful.The easiest way to use the script command is simply to type "script" in the terminal window and press ^d when you want to stop the recording. The output, by default, will be saved in a file called "typescript". You will see the file name that is used in the first line of output.To read this article in full, please click here

0

Cisco CCIE certification explained

Cisco Certified Internetwork Expert is Cisco’s most prestigious and most difficult certification to achieve, typically requiring years of industry experience and a deep understanding of networking technologies. The lab portion of the exam alone is eight hours long and costs $1,600, and candidates typically spend much more than that on preparatory courses. But professionals with the expert-level CCIE networking certification are in demand, and the value is reflected in significantly higher salaries. "It is a preeminent certification in the industry," says Nick Marentic, senior manager for IT infrastructure and security at cybersecurity training firm Cybrary. "It requires years in the industry to understand the concepts contained."To read this article in full, please click here

0

Multi-Threaded Routing Daemons

When I wrote the Why Does Internet Keep Breaking? blog post a few weeks ago, I claimed that FRR still uses single-threaded routing daemons (after a too-cursory read of their documentation).

Donald Sharp and Quentin Young politely told me I was an idiot I should get my facts straight, I removed the offending part of the blog post, promised to write another one going into the details, and Quentin improved the documentation in the meantime, so here we are…

0

Multi-Threaded Routing Daemons

When I wrote the Why Does Internet Keep Breaking? blog post a few weeks ago, I claimed that FRR still uses single-threaded routing daemons (after a too-cursory read of their documentation).

Donald Sharp and Quentin Young politely told me I was an idiot I should get my facts straight, I removed the offending part of the blog post, promised to write another one going into the details, and Quentin improved the documentation in the meantime, so here we are…

0

ScaleFlux Takes Computational Storage Up A Notch With Homegrown Chip, Software Tools

A key trend in the ever-changing IT world is bringing whatever is needed – processing, storage, analytics, networking – closer to where the data is. …

ScaleFlux Takes Computational Storage Up A Notch With Homegrown Chip, Software Tools was written by Jeffrey Burt at The Next Platform.

0

Why 2022 will be the year for edge automation

Seamlessly, every single day, we wake up and check our health statistics in smart watches, scan QR codes to validate information, pay using credit cards in different locations, use surveillance cameras to record our neighborhoods, and connect our smartphones to distributed WiFi access points in our restaurants or coffee shops. According to the Statista, in the Forecast number of mobile users worldwide 2020-2025^[1] report, the number of mobile users worldwide reached 7.1 billion in 2021, and this number is projected to grow. This initiates a new set of use cases for edge devices due to the explosive growth of network-connected entry points.

Edge computing and networking is not specific to any industry; all of these scenarios span many different types of organizations. However, all edge scenarios have one common factor: creating and consuming data resources that are geographically distributed. As a final objective we want to analyze, consume or react to data to fulfill our customer and business needs.

Edge challenges here, and now 

12 years ago, I was the network administrator for a bank. We had a branch office connected through a satellite link, which was easily impacted by the constant heavy rains. In the Continue reading

0

Tech Bytes: Why Customers Should Care About SASE Architecture (Sponsored)

Today on the Tech Bytes podcast we’re diving into SASE, which provides firewalling, Web filtering, and more as a cloud-delivered service. Sponsor Palo Alto Networks is here to make that case that how the service is architected matters, and how Palo Alto integrates SD-WAN and digital experience management into the service.

0

Tech Bytes: Why Customers Should Care About SASE Architecture (Sponsored)

Today on the Tech Bytes podcast we’re diving into SASE, which provides firewalling, Web filtering, and more as a cloud-delivered service. Sponsor Palo Alto Networks is here to make that case that how the service is architected matters, and how Palo Alto integrates SD-WAN and digital experience management into the service.

The post Tech Bytes: Why Customers Should Care About SASE Architecture (Sponsored) appeared first on Packet Pushers.

0

Network Break 360: Facebook Chooses Cisco ASIC For OCP; Apple To Allow Limited Self-Service Repair

This week's Network Break podcast examines why Facebook has chosen Cisco and Broadcom ASICS for new Open Compute Project switch designs, Apple will allow self-service repair of two iPhone models, Fortinet partners with Azure on SD-WAN and firewalls, Cisco and NVIDIA announce quarterly earnings, and more tech news.

0

Network Break 360: Facebook Chooses Cisco ASIC For OCP; Apple To Allow Limited Self-Service Repair

This week's Network Break podcast examines why Facebook has chosen Cisco and Broadcom ASICS for new Open Compute Project switch designs, Apple will allow self-service repair of two iPhone models, Fortinet partners with Azure on SD-WAN and firewalls, Cisco and NVIDIA announce quarterly earnings, and more tech news.

The post Network Break 360: Facebook Chooses Cisco ASIC For OCP; Apple To Allow Limited Self-Service Repair appeared first on Packet Pushers.

0

Learn the 4 Security Requirements for Modern Apps

Flying cars will be available by 2024 — or so they say. Imagine cars being able to run their errands faster, be safer off the ground, and allow for higher-level observability. In the cybersecurity world, we have our own version of a flying car: modern applications. Modern apps are extremely multi-faceted: housing microservices/APIs, they are SLO/SLI driven, and native to the multi-cloud. The innovative and futuristic feel of modern apps is exciting, but the transition to them doesn’t come without complications. Despite modern app complexities, there are standard security best practices you can use to meet your challenges and continue to move your enterprise forward. 

The four major security requirements are:  

1. Multi-Cloud Secure Connectivity
2. Traffic Management and Perimeter Security
3. Security Observability
4. Distributed Security and Compliance  

Come along for the ride as we break these down. 

Multi-Cloud Secure Connectivity 

A multi-cloud environment is becoming the standard within enterprises today. But just because something is standard doesn’t mean there’s a universal understanding of it. Multi-cloud networks involve the use of multiple cloud computing, storage, and traffic services in a single-space architecture. The multi-cloud aims to provide fast distribution of cloud assets, apps, software, end-to-end encryption, and much more. Adopting this strategy effectively means no room for error. As the multi-cloud is built to speed up an enterprise’s digital transformation, it requires a fast, secure, and reliable foundation to provide a strong end-user experience. If connectivity lags, your organization will Continue reading

0

Burkina Faso Internet shutdown

A few days after Sudan restored access to the Internet, people living in Burkina Faso are facing an Internet shutdown. On Saturday, Cloudflare Radar shows that after 22:00 UTC (the same local time) Internet traffic went down significantly, something that has happened in the context of social tensions in the country that started on November 14, 2021, and after this Saturday’s shooting of protesters that tried to block a French military convoy.

It is clear when we look at the last 30 days, that Sunday and today, Monday, November 22, are days almost without Internet traffic in Burkina Faso.

All the Internet Service Providers (ISP) of the country were significantly affected by what we could see in our data. That is evident when we look at HTTP traffic by ASN (Autonomous System Number). Orange, FasoNet and Telecel are the three most used ISPs in the country and this chart clearly shows how they were impacted.

Mobile traffic affected

Burkina Faso is a mobile-first country because mobile is the main way of accessing the Internet — in the last 30 days the mobile traffic percentage represented 77% of the total Internet traffic in the country.

We can also Continue reading

0

How to Plan for a Data Center Migration

By migrating from a traditional data center environment to a cloud environment, teams will be able to more easily optimize their workloads using the tools that cloud platforms provide.