NAT Overload Towards Specific Host

This is a quick post on how to perform NAT overload (PAT) towards a specific host only. I have an inside network of 10.10.1.0/24. I need a host in this network to reach the host 192.168.0.1. They don’t have direct connectivity so I need to PAT it behind the router which has an IP of 192.168.128.103. I don’t want to PAT all the traffic from 10.10.1.0/24, though, only towards this specific host. There are hosts in 192.168.128.0/24 that the VM should access using its original source. The network is shown in the diagram below:

First, I’ll define my inside and outside interface:

RT01(config)#int gi0/0
RT01(config-if)#ip nat inside
RT01(config-if)#int gi0/1
RT01(config-if)#ip nat outside

Then I’m going to create the ACL that matches on traffic from the 10.10.1.0/24 network to the host 192.168.0.1:

RT01(config)#ip access-list extended NAT-SRC-10.10.2.0/24
RT01(config-ext-nacl)#permit ip 10.10.2.0 0.0.255.255 host 192.168.0.1

Then, I’ll configure the NAT statement to match on the ACL and do an overload to interface Gi0/1:

RT01(config)#ip nat inside source list NAT-SRC-10.10.2. Continue reading

Cloudflare’s 2024 Annual Founders’ Letter

This week Cloudflare will celebrate the fourteenth anniversary of our launch. We think of it as our birthday. As is our tradition ever since our first anniversary, we use our Birthday Week each year to launch new products that we think of as gifts back to the Internet. For the last five years, we also take this time to write our annual Founders’ Letter reflecting on our business and the state of the Internet. This year is no different.

That said, one thing that is different is you may have noticed we've actually had fewer public innovation weeks over the last year than usual. That's been because a couple of incidents nearly a year ago caused us to focus on improving our internal systems over releasing new features. We're incredibly proud of our team's focus to make security, resilience, and reliability the top priorities for the last year. Today, Cloudflare's underlying platform, and the products that run on top of it, are significantly more robust than ever before.

With that work largely complete, and our platform in its strongest shape ever, we plan to pick back up the usual cadence of new product launches that we're known for. This Continue reading

Logging in Python

Logging in Python

How many times have you found yourself staring at your screen, surrounded by a sea of hastily added print statements, thinking "There's got to be a better way"? If you're like me, the answer is probably "more times than I'd care to admit."

Sick of finding myself in this situation more often than I'd like, I decided to take action. Python's default logging module is powerful, but it just didn't cut it for my needs. I was looking for something more.

Why Logging Matters

Before we dive in, let's look at why logging is crucial:

  1. Debugging: Logs provide a trail of breadcrumbs to track down issues.
  2. Monitoring: They help you understand your application's behavior.
  3. Auditing: Logs can serve as a record of important events or actions.
  4. Performance Tracking: You can use logs to identify bottlenecks and optimize your code.

Introducing PyLogger

With these benefits in mind, I set out to build a custom logging class that would meet all my requirements. The result is PyLogger, a Python logging class that aims to make logging both powerful and user-friendly.

GitHub Repository

Key Features

Below are some of the key features that make pylogger appealing:

  1. Flexible Continue reading

IPv6: Instructions for Use

Retirement obviously does not sit well with my friend Tiziano Tofoni; the English version of his IPv6 book just came out.

It is a bit sad, though, that we still need “how to use IPv6” books when the protocol is old enough to enjoy a nice glass of whiskey (in the US) trying to drown its sorrow at its slow adoption.

Creating a Simple GUI Application with Python Tkinter

Creating a Simple GUI Application with Python Tkinter

A few years ago, I used a simple application called 'TypeItIn'. It kept a small GUI window open with some buttons and labels. You could configure each label with your own text. If you wanted to type one of these texts into a window, all you needed to do was click on the label, and it would start typing the text into whatever window you opened. It was such a time-saver, especially if you had multiple texts that you often used.

Fast forward a few years, I really needed such a tool and then realized I knew a bit of Python, so I should be able to create the same functionality using Python. So, in this blog post, let's go through how you can create a simple GUI application with just a few lines of code.

What Is Tkinter?

Tkinter is the standard GUI toolkit for Python, providing a fast and easy way to create simple GUI applications. It is built into Python, so there’s no need to install anything separately if you already have Python.

Tkinter is widely used due to its simplicity and the vast availability of widgets like buttons, menus, and text fields, which help Continue reading

Removing uncertainty through “what-if” capacity planning

Infrastructure planning for a network serving more than 81 million requests at peak and which is globally distributed across more than 330 cities in 120+ countries is complex. The capacity planning team at Cloudflare ensures there is enough capacity in place all over the world so that our customers have one less thing to worry about - our infrastructure, which should just work. Through our processes, the team puts careful consideration into “what-ifs”. What if something unexpected happens and one of our data centers fails? What if one of our largest customers triples, or quadruples their request count?  Across a gamut of scenarios like these, the team works to understand where traffic will be served from and how the Cloudflare customer experience may change.

This blog post gives a look behind the curtain of how these scenarios are modeled at Cloudflare, and why it's so critical for our customers.

Scenario planning and our customers

Cloudflare customers rely on the data centers that Cloudflare has deployed all over the world, placing us within 50 ms of approximately 95% of the Internet-connected population globally. But round-trip time to our end users means little if those data centers don’t have the capacity Continue reading

Cloudflare incident on September 17, 2024

On September 17, 2024, during routine maintenance, Cloudflare inadvertently stopped announcing fifteen IPv4 prefixes, affecting some Business plan websites for approximately one hour. During this time, IPv4 traffic for these customers would not have reached Cloudflare, and users attempting to connect to websites assigned addresses within those prefixes would have received errors. 

We’re very sorry for this outage. 

This outage was the result of an internal software error and not the result of an attack. In this blog post, we’re going to talk about what the failure was, why it occurred, and what we’re doing to make sure this doesn’t happen again.

Background

Cloudflare assembled a dedicated Addressing team in 2019 to simplify the ways that IP addresses are used across Cloudflare products and services. The team builds and maintains systems that help Cloudflare conserve and manage its own network resources. The Addressing team also manages periodic changes to the assignment of IP addresses across infrastructure and services at Cloudflare. In this case, our goal was to reduce the number of IPv4 addresses used for customer websites, allowing us to free up addresses for other purposes, like deploying infrastructure in new locations. Since IPv4 addresses are a finite Continue reading

How Cloudflare is helping domain owners with the upcoming Entrust CA distrust by Chrome and Mozilla

Chrome and Mozilla announced that they will stop trusting Entrust’s public TLS certificates issued after November 12, 2024 and December 1, 2024, respectively. This decision stems from concerns related to Entrust’s ability to meet the CA/Browser Forum’s requirements for a publicly trusted certificate authority (CA). To prevent Entrust customers from being impacted by this change, Entrust has announced that they are partnering with SSL.com, a publicly trusted CA, and will be issuing certs from SSL.com’s roots to ensure that they can continue to provide their customers with certificates that are trusted by Chrome and Mozilla. 

We’re excited to announce that we’re going to be adding SSL.com as a certificate authority that Cloudflare customers can use. This means that Cloudflare customers that are currently relying on Entrust as a CA and uploading their certificate manually to Cloudflare will now be able to rely on Cloudflare’s certificate management pipeline for automatic issuance and renewal of SSL.com certificates. 

CA distrust: responsibilities, repercussions, and responses

With great power comes great responsibility Every publicly trusted certificate authority (CA) is responsible for maintaining a high standard of security and compliance to ensure that the certificates they issue are trustworthy. Continue reading

AWS Boosts Memory Capacity On Graviton 4 Compute

UPDATED  With its Graviton 4 homegrown Graviton 4 Arm server processors, Amazon Web Services has put into the field a CPU that can compete with all but the toppest of bin parts from AMD for X86 CPUs and Ampere Computing and Nvidia for Arm CPUs, and it is driving price/performance that will in turn drive their adoption for Amazon’s various business units and for its IT infrastructure rental customers on AWS.

AWS Boosts Memory Capacity On Graviton 4 Compute was written by Timothy Prickett Morgan at The Next Platform.

EVPN Hub-and-Spoke Layer-3 VPN

Now that we figured out how to implement a hub-and-spoke VPN design on a single PE-router, let’s do the same thing with EVPN. It turns out to be trivial:

  • We’ll split the single PE router into three PE devices (pe_a, pe_b, and pe_h)
  • We’ll add a core router (p) and connect it with all three PE devices.

As we want to use EVPN and have a larger core network, we’ll also have to enable VLANs, VXLAN, BGP, and OSPF on the PE devices.

This is the topology of our expanded lab:

Read more …
1 63 64 65 66 67 3,794