Heavy Networking 589: Cloud Networking’s Good, Bad, And Ugly: What CSPs Don’t Tell You (Sponsored)
Today's Heavy Networking examines how some of the unpleasant bits of cloud networking can be improved, particularly in the areas of troubleshooting, visibility, security, and automation. Our sponsor is Aviatrix, and they’ve sent us three architects to nerd out about cloud network design and how Aviatrix might fit into the picture. Our guests are Brad Hedlund and James Devine from Aviatrix, and customer Chris Oliver with NI.
The post Heavy Networking 589: Cloud Networking’s Good, Bad, And Ugly: What CSPs Don’t Tell You (Sponsored) appeared first on Packet Pushers.
Rich, complex rules for advanced load balancing
Load Balancing — functionality that’s been around for the last 30 years to help businesses leverage their existing infrastructure resources. Load balancing works by proactively steering traffic away from unhealthy origin servers and — for more advanced solutions — intelligently distributing traffic load based on different steering algorithms. This process ensures that errors aren’t served to end users and empowers businesses to tightly couple overall business objectives to their traffic behavior.
What’s important for load balancing today?
We are no longer in the age where setting up a fixed amount of servers in a data center is enough to meet the massive growth of users browsing the Internet. This means that we are well past the time when there is a one size fits all solution to suffice the needs of different businesses. Today, customers look for load balancers that are easy to use, propagate changes quickly, and — especially now — provide the most feature flexibility. Feature flexibility has become so important because different businesses have different paths to success and, consequently, different challenges! Let’s go through a few common use cases:
- You might have an application split into microservices, where specific origins support segments of your application. You Continue reading
Calico eBPF Data Plane Deep-Dive
Why Take the Lid Off if it’s Working?
Sometimes the best way to understand something is to take it apart and see how it works. This blog post will help you take the lid off your Calico eBPF data plane based Kubernetes cluster and see how the forwarding is actually happening. The bonus is, unlike home repairs, you don’t even have to try to figure out how to put it back together again!
The target audience for this post is users who are already running a cluster with the eBPF data plane, either as a proof-of-concept or in production. Therefore, we will not go through the steps to set up a cluster from scratch. If you would like to learn how to do that, the best starting point is this documentation.
In the best case and likely scenario, you will have no data plane issues in the future and this knowledge will still help you to make informed decisions about the Calico eBPF data plane and your future clusters, and how to get the best from them. Knowledge is power!
If you are unlucky enough to experience future issues, being armed with a good understanding of the underlying technologies will Continue reading
Network Automation: Accelerating Adoption Through Compliance
Network automation is the key to providing consistent performance across a company’s infrastructure. But establishing a compliant baseline will provide the foundation for effective utilization across the cloud.Sponsored Post: Pinecone, Kinsta, Bridgecrew, IP2Location, StackHawk, InterviewCamp.io, Educative, Stream, Fauna, Triplebyte
Who's Hiring?
- DevOps Engineer: At Kinsta, we set out to create the best managed hosting platform in the world. If you are an experienced DevOps Engineer who is constantly looking for ways to innovate and improve, we might just be the place for you! As Kinsta’s DevOps Engineer, you will be instrumental in making sure that our infrastructure is always on the bleeding edge of technology, remaining stable and high-performing at all times. If you love working with Linux, have a background in PHP, and have worked with cutting-edge technologies, such as Ansible and LXC, check us out and apply here.
- SysOps Engineer: As Kinsta’s SysOps Engineer, you’ll play a key role in caring for the health of our servers, preventing issues, and responding immediately to mitigate any problems in our infrastructure. If you have experience in hosting and with the WordPress stack, have worked with Ubuntu or Debian-based systems, and cutting-edge technologies, such Ansible and LXC, you should definitely check us out and apply here!
- JavaScript Developer: Kinsta’s Development Team aims to create truly effective solutions for our customers and our internal teams. We believe the only way to maintain and scale Continue reading
Encryption: A Building Block of a Trustworthy Internet
At the Internet Society, we’re committed to building a bigger and stronger Internet. To make sure it remains open, globally connected, secure, and trustworthy, we connect the right people to discuss different aspects of key legislative proposals. It’s a healthy way to create debate, setting up the right conditions for different parties to find common […]
The post Encryption: A Building Block of a Trustworthy Internet appeared first on Internet Society.
Kubernetes security policy design: 10 critical best practices
In this blog post, I will be looking at 10 best practices for Kubernetes security policy design. Application modernization is a strategic initiative that changes the way enterprises are doing business. The journey requires a significant investment in people, processes, and technology in order to achieve the desired business outcomes of accelerating the pace of innovation, optimizing cost, and improving an enterprise’s overall security posture. It is crucial to establish the right foundation from the beginning, to avoid the high cost of re-architecture. Developing a standard and scalable security design for your Kubernetes environment helps establish the framework for implementing the necessary checks, enforcement, and visibility to enable your strategic business objectives.
High-level design
Building a scalable Kubernetes security policy design requires that you adopt a fully cloud-native mindset that takes into account how your streamlined CI/CD process should enable security policy provisioning. A sound design would enable your enforcement and policy provisioning requirements in Day-N, while accommodating Day-1 requirements. The following list summarizes the fundamental requirements that a cloud-native security policy design should include:
- Segmentation of the control, management, and data planes
- Segmentation of deployment environments
- Multi-tenancy controls
- Application microsegmentation
- Cluster hardening
- Ingress access control
- Egress access control
- Continue reading
IPv6 Buzz 080: Working With IPv6 In The Management Plane
On today's IPv6 Buzz, Ed and Scott talk about IPv6 in the management plane with network engineers Nick Buraglio and Chris Cummings, including management challenges, dual-stack vs. IPv6 only, IPv6 prefix space for lab deployments, and more.IPv6 Buzz 080: Working With IPv6 In The Management Plane
On today's IPv6 Buzz, Ed and Scott talk about IPv6 in the management plane with network engineers Nick Buraglio and Chris Cummings, including management challenges, dual-stack vs. IPv6 only, IPv6 prefix space for lab deployments, and more.
The post IPv6 Buzz 080: Working With IPv6 In The Management Plane appeared first on Packet Pushers.
Heavy Strategy 008: Five Core Issues for IT Architects in 2021
I’ve just published the latest episode of Heavy Strategy with Johna Til-Johnson. In this episode we discuss five issues that we think IT Architects should be considered for 2021. The discussion on why and why not should be helpful for your own thinking and prepare you for discussions in your own organisations. You can find […]
Microsoft Misplaced Security Priorites
Pays bug bounty pittance, spends big on speculative product
How AI is Changing the Role of Network Managers and Teams
AI tools are set to transform network management and operations. The technology is also poised to bring major changes to the way network leaders and staff work.HS 008: Five Core Issues for IT Architects in 2021
What five issues would be top of mind for IT architects ? Security, Backup.Recovery, Cloud, Skills Development and Distributed/Hybrid Work. Listen in on why and how these issues are our choices. If you have feedback or want us to followup then head over to our Follow Up page and send us your anonymous (or not) feedback.
Heavy Strategy 008: Five Core Issues for IT Architects in 2021
What five issues would be top of mind for IT architects ? Security, Backup.Recovery, Cloud, Skills Development and Distributed/Hybrid Work. Listen in on why and how these issues are our choices. If you have feedback or want us to followup then head over to our Follow Up page and send us your anonymous (or not) feedback.
The post Heavy Strategy 008: Five Core Issues for IT Architects in 2021 appeared first on Packet Pushers.
