Turbocharging AKS Networking with Calico eBPF

Reza Ramezanpour Reza is a developer advocate at Tigera, working to promote adoption of Project Calico. Before joining Tigera, Reza worked as a systems engineer and network administrator. A single Kubernetes cluster expends a small percentage of its total available assigned resources on delivering in-cluster networking. We don’t have to be satisfied with this, though, achieving the lowest possible overhead can provide significant cost savings and performance improvements if you are running network-intensive workloads. This article explores and explains the improvements that can be achieved in Microsoft Azure using Calico instructions for installing Calico’s network policy engine with AKS use a version of Calico that pre-dates eBPF mode. Accelerating Network Performance Test Methodology To show how Calico accelerates AKS network performance using eBPF, the Calico team ran a series of network Continue reading

Real-Time Data Access Across Highly Distributed Environments

The goal is straightforward, but getting there has proven to be a challenge: how to offer real- or near real-time access to data that is continually refreshed on an as-needed basis across a number of different distributed environments. Consequently, as different systems of data and their locations can proliferate across different network environments — including multiclouds and on-premises and, in many cases, geographic zones — organizations can struggle to maintain low-latency connections to the data their applications require. The challenges are especially manifest when users require and increasingly demand that their experiences, which are often transactional-based, are met in near- or real-time that require data-intensive backend support. Many organizations continue to struggle with the challenges of maintaining and relying on data streaming and other ways, such as through so-called “speed layers” with cached memory, to maintain low-latency connections between multicloud and on-premises environments. In this article, we describe the different components necessary to maintain asynchronously updated data sources consisting of different systems of record for which real-time access is essential for the end-user experience. For the CIO, the challenges consist of the ability for applications to have low-latency access to data, often dispersed across a number of often highly distributed Continue reading

Cloudflare’s Athenian Project Expands Internationally

Cloudflare's Athenian Project Expands Internationally
Cloudflare's Athenian Project Expands Internationally

Over the course of the past few years, we’ve seen a wide variety of different kinds of online threats to democratically-held elections around the world. These threats range from attempts to restrict the availability of information, to efforts to control the dialogue around elections, to full disruptions of the voting process.

Some countries have shut down the Internet completely during elections. In 2020, Access Now’s #KeepItOn Campaign reported at least 155 Internet shutdowns in 29 countries such as Togo, Republic of the Congo, Niger and Benin. In 2021, Uganda's government ordered the "Suspension Of The Operation Of Internet Gateways" the day before the country's general election.

Even outside a full Internet shutdown, election reporting and registration websites can face attacks from other nations and from parties seeking to disrupt the administration of the election or undermine trust in the electoral process. These cyberattacks target not only electronic voting or election technologies, but access to information and communications tools such as voter registration and websites that host election results. In 2014, a series of cyberattacks including DDoS, malware and phishing attacks were launched against Ukraine’s Central Election Commission ahead of the presidential election. These sophisticated attacks attempted to infiltrate the internal Continue reading

Working with those who protect human rights around the world

Working with those who protect human rights around the world
Working with those who protect human rights around the world

Over the past few years, we’ve seen an increasing use of Internet shutdowns and cyberattacks that restrict the availability of information in communities around the world. In 2020, Access Now’s #KeepItOn coalition documented at least 155 Internet shutdowns in 29 countries. During the same period, Cloudflare witnessed a five-fold increase in cyberattacks against the human rights, journalism, and non-profit websites that benefit from the protection of Project Galileo.

These disruptive measures, which put up barriers to those looking to use the Internet to express themselves, earn a livelihood, gather and disseminate information, and participate in public life,  affect the lives of millions of people around the world.

As described by the UN Human Rights Council (UNHRC), the Internet is not only a key means by which individuals exercise their rights to freedom of opinion and expression, it “facilitates the realization of a range of other human rights” including “economic, social and cultural rights, such as the right to education and the right to take part in cultural life and to enjoy the benefits of scientific progress and its applications, as well as civil and political rights, such as the rights to freedom of association and assembly.” The effect of Continue reading

Cloudflare’s Human Rights Commitments

Cloudflare's Human Rights Commitments
Cloudflare's Human Rights Commitments

Last year, we announced our commitment to the UN Guiding Principles on Business and Human Rights, and our partnership with Global Network Initiative (GNI). As part of that announcement, Cloudflare committed to developing a human rights policy in order to ensure that the responsibility to respect human rights is embedded throughout our business functions. We spent much of the last year talking to those inside and outside the company about what a policy should look like, the company’s expectations for human rights-respecting behavior, and how to identify activities that might affect human rights.

Today, we are releasing our first human rights policy. The policy sets out our commitments and the way we implement them.

Why would Cloudflare develop a human rights policy?

Cloudflare’s mission — to help build a better Internet — reflects a long-standing belief that we can help make the Internet better for everyone. We believe that everyone should have access to an Internet that is faster, more reliable, more private, and more secure. To earn our customers’ trust, we also strive to live up to our core values of being principled, curious, and transparent. The actions that we have taken over the years reflect our mission and Continue reading

Certifying our Commitment to Your Right to Information Privacy

Certifying our Commitment to Your Right to Information Privacy
Certifying our Commitment to Your Right to Information Privacy

Cloudflare recognizes privacy in personal data as a fundamental human right and has taken a number of steps, including certifying to international standards, to demonstrate our commitment to privacy.

Privacy has long been recognized as a fundamental human right. The United Nations included a right to privacy in its 1948 Universal Declaration of Human Rights (Article 12) and in the 1976 International Covenant on Civil and Political Rights (Article 17). A number of other jurisdiction-specific laws and treaties also recognize privacy as a fundamental right.

Cloudflare shares the belief that privacy is a fundamental right. We believe that our mission to help build a better Internet means building a privacy-respecting Internet, so people don’t feel they have to sacrifice their personal information — where they live, their ages and interests, their shopping habits, or their religious or political beliefs — in order to navigate the online world.

But talk is cheap. Anyone can say they value privacy. We show it. We demonstrate our commitment to privacy not only in the products and services we build and the way we run our privacy program, but also in the examinations we perform of our processes and products  to ensure they work the Continue reading

Cloudflare and COVID-19: Project Fair Shot Update

Cloudflare and COVID-19: Project Fair Shot Update
Cloudflare and COVID-19: Project Fair Shot Update

In February 2021, Cloudflare launched Project Fair Shot — a program that gave our Waiting Room product free of charge to any government, municipality, private/public business, or anyone responsible for the scheduling and/or dissemination of the COVID-19 vaccine.

By having our Waiting Room technology in front of the vaccine scheduling application, it ensured that:

  • Applications would remain available, reliable, and resilient against massive spikes of traffic for users attempting to get their vaccine appointment scheduled.
  • Visitors could wait for their long-awaited vaccine with confidence, arriving at a branded queuing page that provided accurate, estimated wait times.
  • Vaccines would get distributed equitably, and not just to folks with faster reflexes or Internet connections.

Since February, we’ve seen a good number of participants in Project Fair Shot. To date, we have helped more than 100 customers across more than 10 countries to schedule approximately 100 million vaccinations. Even better, these vaccinations went smoothly, with customers like the County of San Luis Obispo regularly dealing with more than 20,000 appointments in a day.  “The bottom line is Cloudflare saved lives today. Our County will forever be grateful for your participation in getting the vaccine to those that need it most in an elegant, Continue reading

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists
Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

Cloudflare started Project Galileo in 2014 to provide a set of free security products to a range of groups on the Internet that are targeted by cyberattacks due to their critical work. These groups include human rights defenders, independent media and journalists, and organizations that work in strengthening democracy. Seven year later, Project Galileo currently protects more than 1,500 organizations in 111 countries.

A majority of the organizations protected under Project Galileo work in independent media and journalism, and are targeted both physically and online as a result of reporting critical events around the world. From July 2020 to March 2021, there were more than seven billion cyberattacks against Project Galileo journalism and media sites, equating to over 30 million attacks per day against this group. We reported many of these findings for the 7th anniversary of Project Galileo’s Radar Dashboard.

Global Cyber Alliance

Project Galileo and The Global Cyber Alliance Cybersecurity Toolkit for Journalists

We have reported on the cyber threats to independent journalists and media organizations in the past, with the goal of creating best practices on how to protect these groups online. As we shared these insights, we started to collaborate with organizations that provide support and resources to improve journalists’ cybersecurity capabilities and respond to threats. One Continue reading

A Sneak Peek at the “Calico Certified Operator: AWS Expert” Course

This One’s All About You

Recently, we released our new “Calico Certified Operator: AWS Expert” course. You can read more about why we created this course and how it can benefit your organization in the introductory blog post.

This blog post is different; it’s an opportunity for you, the potential learner, to get a glimpse of just a few interesting parts of the course. You won’t learn all the answers here, but you’ll learn some of the questions!

If you find that you already know the answers, then you’re all set to grab yourself a shiny badge. If not, consider taking some time to invest in your personal development and pick up some new knowledge in AWS and container networking—really current and relevant knowledge.

Let’s take a sneak peek at what the “Calico Certified Operator: AWS Expert” course has to offer.

Considering Cluster Types

There are several ways to build a Kubernetes cluster in AWS. There is no single “right” way. What are the considerations your organization should have in mind, and how can you help your organization make an informed choice?

You will review, amongst many other things, how to decide:

Viewing enabled and running services on Linux with systemctl

A vast majority of Linux systems these days are using systemd – a suite of programs aimed at managing and interconnecting different parts of the system. Systemd started replacing the init process back in 2014 and is now the first process that starts when most Linux systems boot. To get a quick peek, you can run a command like this, which verifies that process 1 is indeed systemd. On this system, two additional systemd processes are currently also running.$ ps -C systemd PID TTY TIME CMD 1 ? 00:00:59 systemd <=== 1244 ? 00:00:00 systemd 54429 ? 00:00:00 systemd To see a little more detail, try the command below. The blank within the quotes is meant to prevent related processes like systemd-journald from showing up in the list.To read this article in full, please click here

Viewing enabled and running services on Linux with systemctl

A vast majority of Linux systems these days are using systemd – a suite of programs aimed at managing and interconnecting different parts of the system. Systemd started replacing the init process back in 2014 and is now the first process that starts when most Linux systems boot. To get a quick peek, you can run a command like this, which verifies that process 1 is indeed systemd. On this system, two additional systemd processes are currently also running.$ ps -C systemd PID TTY TIME CMD 1 ? 00:00:59 systemd <=== 1244 ? 00:00:00 systemd 54429 ? 00:00:00 systemd To see a little more detail, try the command below. The blank within the quotes is meant to prevent related processes like systemd-journald from showing up in the list.To read this article in full, please click here

Cisco preps now for the hybrid workforce

Work-from employees will no longer be treated as a second-class citizen, which means they will get best-in-class technology including SD-WAN appliances, cellular backup alternatives, zero trust security support and maybe even battery backup.That’s at least part of the plan for hybrid workers now and moving forward, said Cisco’s Todd Nightingale, executive vice president and general manager of the company’s Enterprise Networking & Cloud business. “The ‘return-to-office’ concept is a myth--it’s a world we have left behind.”To read this article in full, please click here

Cisco preps now for the hybrid workforce

Work-from employees will no longer be treated as a second-class citizen, which means they will get best-in-class technology including SD-WAN appliances, cellular backup alternatives, zero trust security support and maybe even battery backup.That’s at least part of the plan for hybrid workers now and moving forward, said Cisco’s Todd Nightingale, executive vice president and general manager of the company’s Enterprise Networking & Cloud business. “The ‘return-to-office’ concept is a myth--it’s a world we have left behind.”To read this article in full, please click here

1 690 691 692 693 694 3,843