How OpenInfra Can Solve the Global Connectivity Crisis

Jonathan Bryce Jonathan Bryce, who has spent his career building the cloud, is Executive Director of the Open Infrastructure Foundation. Previously he was a founder of The Rackspace Cloud. He started his career working as a web developer for Rackspace, and during his tenure, he and co-worker Todd Morey had a vision to build a sophisticated web hosting environment where users and businesses alike could turn to design, develop and deploy their ideal website — all without being responsible for procuring the technology, installing it or making sure it is built to be always available. This vision became The Rackspace Cloud. Since then he has been a major driver of OpenStack, the open source cloud software initiative. When the internet began as Arapanet in 1969, it connected one computer at each of four universities. Today, it’s an estimated 50 billion devices, with that number growing each second. The computing architecture originally designed to connect four hard-wired laboratories in the southwest now connects billions of wired and wireless devices globally. On a recent episode of Martin Casado Continue reading

Day Two Cloud 109: PacketFabric Wants To Make Networking As Easy As Cloud (Sponsored)

Today's sponsored Day Two Cloud episode talks WAN networking with PacketFabric. PacketFabric lets you provision point-to-point and hybrid cloud connectivity as a service. Built on a private fiber network, the company's goal is to let you set up networking as if it was software. Our guest is Anna Claiborne, Co-Founder, CTO and CPO.

The post Day Two Cloud 109: PacketFabric Wants To Make Networking As Easy As Cloud (Sponsored) appeared first on Packet Pushers.

Modernizing a familiar approach to REST APIs, with PostgreSQL and Cloudflare Workers

Modernizing a familiar approach to REST APIs, with PostgreSQL and Cloudflare Workers

Postgres is a ubiquitous open-source database technology. It contains a vast number of features and offers rock-solid reliability. It's also one of the most popular SQL database tools in the industry. As the industry builds “modern” developer experience tools—real-time and highly interactive—Postgres has also served as a great foundation. Projects like Hasura, which offers a real-time GraphQL engine, and Supabase, an open-source Firebase alternative, use Postgres under the hood. This makes Postgres a technology that every developer should know, and consider using in their applications.

For many developers, REST APIs serve as the primary way we interact with our data. Language-specific libraries like pg allow developers to connect with Postgres in their code, and directly interact with their databases. Yet in almost every case, developers reinvent the wheel, building the same connection logic on an app-by-app basis.

Many developers building applications with Cloudflare Workers, our serverless functions platform, have asked how they can use Postgres in Workers functions. Today, we're releasing a new tutorial for Workers that shows how to connect to Postgres inside Workers functions. Built on PostgREST, you'll write a REST API that communicates directly with your database, on the edge.

This means that Continue reading

Starting WireGuard Interfaces Automatically with Launchd on macOS

In late June of this year, I wrote a piece on using WireGuard on macOS via the CLI, where I walked readers using macOS through how to configure and use the WireGuard VPN from the terminal (as opposed to using the GUI client, which I discussed here). In that post, I briefly mentioned that I was planning to explore how to have macOS' launchd automatically start WireGuard interfaces. In this post, I’ll show you how to do exactly that.

These instructions borrow heavily from this post showing how to use macOS as a WireGuard VPN server. These instructions also assume that you’ve already walked through installing the necessary WireGuard components, and that you’ve already created the configuration file(s) for your WireGuard interface(s). Finally, I wrote this using my M1-based MacBook Pro, so my example files and instructions will be referencing the default Homebrew prefix of /opt/homebrew. If you’re on an Intel-based Mac, change this to /usr/local instead.

The first step is to create a launchd job definition. This file should be named <label>.plist, and it will need to be placed in a specific location. The <label> value is taken from the name given to the job Continue reading

LISP – OMP – BGP EVPN Interoperability – Part V: BGP EVPN MAC Advertisement Route (Type 2).

 

Introduction

 

We have seen in previous chapters how the IP address 172.16.100.10 assigned to EP1 is advertised within the LISP domain and advertised as an aggregate route all the way down to Leaf-11 in the BGP EVPN domain. This chapter first explains how the EP3 ‘s IP address 172.16.30.3 is first advertised by Leaf-11 as BGP EVPN MAC Advertisement Route (Route-Type 2) via Spine-1 to Border-Leaf-13. Next, you will learn how Border-Leaf-13 advertises the aggregate route 172.16.30.0/24 to SD-WAN edge device vEdge-2. The last section briefly shows how the routing information is propagated over the SD-WAN. The BGP EVPN NLRI MAC Advertisement Route carries to MPLS Labels which identifies L2VN (10000) and L3VN (10077). In our example, VLAN 10 is part of the VRF NWKT and it is attached to L2VN 10000. L3VNI for VRF NWKT is 10077. 





Figure 4-1:Overall Control-Plane Operation: BGP EVPN to OMP to LISP.

Continue reading

Operating Sonos Speakers in a Multi-VLAN Network

In a throwback to the problems I dealt with using AirPlay across VLANs, I recently jumped through similar hoops for Sonos speakers. There are many forum and blog posts out there that describe (or attempt to describe) how to make this work, however all of the ones I read suffered from one or both of these problems:

  1. Their instructions had errors (eg, reversing the upstream and downstream interfaces when talking about multicast).
  2. They don't have a digram of traffic flow! Every network engineer knows that a diagram is a must when trying to understand how two systems are talking to each other.

This post will dive deep on what's happening on the wire when a Sonos controller (eg, your mobile phone running the Sonos app) tries to talk with the players (the speakers) on the network. The focus will be how to make this process work when those two devices are in different VLANs.

What you read below works successfully with Sonos Beam, Sonos Sub, and Sonos Move using the Sonos S1 app.

An Alternate Approach to etcd Certificate Generation with Kubeadm

I’ve written a fair amount about kubeadm, which was my preferred way of bootstrapping Kubernetes clusters until Cluster API arrived. Along the way, I’ve also discussed using kubeadm to assist with setting up etcd, the distributed key-value store leveraged by the Kubernetes control plane (see here, here, and here). In this post, I’d like to revisit the topic of using kubeadm to set up an etcd cluster once again, this time taking a look at an alternate approach to generating the necessary TLS certificates than what the official documentation describes.

There is absolutely nothing wrong with the process the official documentation describes (I’m referring to this page, by the way); this process just creates slightly “cleaner” certificates. What do I mean by “cleaner” certificates? The official documentation uses a series of kubeadm configuration files, one for each etcd cluster member, to control how the utility creates the necessary certificates and configuration files. The user is instructed to use these configuration files on a single system to generate the certificates for all the cluster members. This works fine, with one caveat: each of the certificates will have an extra hostname—the hostname of the system being used Continue reading

Juniper software triggers network response to threats

Juniper Networks continues to grow its enterprise cloud-security family with a new product that promises to protect application workloads in any cloud or on-premises environment.The company rolled out Juniper Cloud Workload Protection package--a  lightweight software agent that the company says controls application execution and monitors application behavior to help businesses spot and fix anomalies.Backup lessons from a cloud-storage disaster The idea is to provide protection from attackers looking to exploit application vulnerabilities, said Kate Adam, senior director of security product marketing for Juniper Networks. To read this article in full, please click here

Juniper software triggers network response to threats

Juniper Networks continues to grow its enterprise cloud-security family with a new product that promises to protect application workloads in any cloud or on-premises environment.The company rolled out Juniper Cloud Workload Protection package--a  lightweight software agent that the company says controls application execution and monitors application behavior to help businesses spot and fix anomalies.Backup lessons from a cloud-storage disaster The idea is to provide protection from attackers looking to exploit application vulnerabilities, said Kate Adam, senior director of security product marketing for Juniper Networks. To read this article in full, please click here

Ampere Computing Buys An AI Inference Performance Leap

Machine learning inference models have been running on X86 server processors from the very beginning of the latest – and by far the most successful – AI revolution, and the techies that know both hardware and software down to the minutest detail at the hyperscalers, cloud builders, and semiconductor manufacturers have been able to tune the software, jack the hardware, and retune for more than a decade.

Ampere Computing Buys An AI Inference Performance Leap was written by Timothy Prickett Morgan at The Next Platform.

Audit your VMware vCenter Server using Ansible

vCenter has a graphical user interface if you want to interact with it, but what if you manage multiple vCenter servers and want to automate audits or the maintenance of those servers? In this blog, we will see how we can retrieve details about the VMware vCenter Server directly using Ansible. The practices laid out in the blog will help system administrators responsible for managing multiple vCenter servers. In addition, Ansible automation becomes imperative in development environments for testing against multiple instances in your CI/CD pipeline. 

The new vmware.vmware_rest Collection has recently been released and published, and it comes with a new set of modules dedicated to vCenter Server (VCSA) management.

VMware vSphere (Product bundle that includes vCenter Server and other features) 7.0.2 (a.k.a 7.0U2) comes with some new REST end-points. This REST API does not cover all the features exposed over the SOAP interface. Modules in the vmware.vmware_rest Collection are built on top of this API and face the same limitations.

The vmware.vmware_rest Collection contains these modules, which is supported by Red Hat and available on Ansible automation hub.

 

Validate the state of a vCenter Server instance from Ansible

Continue reading

Durable Objects: Easy, Fast, Correct — Choose three

Durable Objects: Easy, Fast, Correct — Choose three
Durable Objects: Easy, Fast, Correct — Choose three

Storage in distributed systems is surprisingly hard to get right. Distributed databases and consensus are well-known to be extremely hard to build. But, application code isn't necessarily easy either. There are many ways in which apps that use databases can have subtle timing bugs that could result in inconsistent results, or even data loss. Worse, these problems can be very hard to test for, as they'll often manifest only under heavy load, or only after a sudden machine failure.

Up until recently, Durable Objects were no exception. A Durable Object is a special kind of Cloudflare Worker that has access to persistent storage and processes requests in one of Cloudflare’s points of presence. Each Object has its own private storage, accessible through a classical key/value storage API. Like any classical database API, this storage API had to be used carefully to avoid possible race conditions and data loss, especially when performance mattered. And like any classical database API, many apps got it wrong.

However, rather than fix the apps, we decided to fix the model. Last month, we rolled out deep changes to the Durable Objects runtime such that many applications which previously contained subtle race conditions are now correct Continue reading

Computational storage startup Pliops launches flagship product

A startup called Pliops has emerged from stealth mode with a new way to do data processing. Rather than load data into main memory as is traditionally done, the Pliops technology offloads data and the application to a PCI Express card, and data is processed where it is stored, thus freeing up the CPU for other tasks.It's called computational storage. The concept has been around for a while, but like so many technological ideas, it was ahead of its time. The technology needed to catch up to the concept. It could never be done with mechanical hard drives, and SSDs, too, needed to make gains. Recently, Samsung and Xilinx partnered to deliver a compute-on-storage SSD device that uses a Xilinx FPGA to offload the processing work.To read this article in full, please click here

Computational storage startup Pliops launches flagship product

A startup called Pliops has emerged from stealth mode with a new way to do data processing. Rather than load data into main memory as is traditionally done, the Pliops technology offloads data and the application to a PCI Express card, and data is processed where it is stored, thus freeing up the CPU for other tasks.It's called computational storage. The concept has been around for a while, but like so many technological ideas, it was ahead of its time. The technology needed to catch up to the concept. It could never be done with mechanical hard drives, and SSDs, too, needed to make gains. Recently, Samsung and Xilinx partnered to deliver a compute-on-storage SSD device that uses a Xilinx FPGA to offload the processing work.To read this article in full, please click here

Segment Routing | Control and Data plane review

Hi all!

Today I’m going to talk about Segment Routing, especially SR-MPLS. Exactly the best source of theoretical information is RFC. But Segment Routing is a huge topic and it's difficult to sort things out. I will provide basic concepts of SR-MPLS and we will go through basic control plane and data plane tasks of SR.

A good network engineer always tries to optimize network, operation tools and workflow. And I’m sure, engineers who develop Segment Routing concepts follow the same idea.


Why do I think so? Look SR-MPLS short facts:

  1. SR is an alternative of main label distribution protocols - LDP and RSVP.

  2. SR decreases control plane entities because it’s a part of IGP protocols (IS-IS or OSPF)

  3. SR uses stateless paradigm unlike RSVP (It helps to reduce CPU consumption)


Let’s investigate basic SR concepts.

Segment and routing. Take the first definition. What is a "segment"? What types of segments do we have? 


Segments are instructions. Head-end encodes these instructions into MPLS headers. It's an interesting concept. We can steer traffic flow by data plane units that contain a stack of MPLS labels - stack of instructions. It helps to eliminate states for every MPLS LSP on Continue reading

Network Break 344: Zoom Expands Into Contact Center Biz; Will Devs Choose Cloudflare’s Green Compute?

Zoom buys its way into the contact center biz with the $14.7 billion purchase of Five9, Extreme announces Wi-Fi 6E APs, Cloudflare debuts Green Compute for scheduled workloads, and IT vendors report strong quarterly financial results. We analyze these stories and more IT news on today's Network Break podcast.

The post Network Break 344: Zoom Expands Into Contact Center Biz; Will Devs Choose Cloudflare’s Green Compute? appeared first on Packet Pushers.

1 641 642 643 644 645 3,796