Using the AWS CLI to Tag Groups of AWS Resources

To conduct some testing, I recently needed to spin up a group of Kubernetes clusters on AWS. Generally speaking, my “weapon of choice” for something like this is Cluster API (CAPI) with the AWS provider. Normally this would be enormously simple. In this particular case—for reasons that I won’t bother going into here—I needed to spin up all these clusters in a single VPC. This presents a problem for the Cluster API Provider for AWS (CAPA), as it currently doesn’t add some required tags to existing AWS infrastructure (see this issue). The fix is to add the tags manually, so in this post I’ll share how I used the AWS CLI to add the necessary tags.

Without the necessary tags, the AWS cloud provider—which is responsible for the integration that creates Elastic Load Balancers (ELBs) in response to the creation of a Service of type LoadBalancer, for example— won’t work properly. Specifically, the following tags are needed:

kubernetes.io/cluster/<cluster-name>
kubernetes.io/role/elb
kubernetes.io/role/internal-elb

The latter two tags are mutually exclusive: the former should be assigned to public subnets to tell the AWS cloud provider where to place public-facing ELBs, while the latter is assigned to private subnets Continue reading

It always takes longer than you think

Everyone is aware that it always takes longer to find a problem in a network than it should. Moving through the troubleshooting process often feels like swimming in molasses—you’re pulling hard, and progress is being made, but never fast enough or far enough to get the application back up and running before that crucial deadline. The “swimming in molasses effect” doesn’t end when the problem is found out, either—repairing the problem requires juggling a thousand variables, most of which are unknown, combined with the wit and sagacity of a soothsayer to work with vendors, code releases, and unintended consequences.

It’s enough to make a network engineer want to find a mountain top and assume an all-knowing pose—even if they don’t know anything at all.
The problem of taking longer, though, applies in every area of computer networking. It takes too long for the packet to get there, it takes to long for the routing protocol to converge, it takes too long to support a new application or server. It takes so long to create and validate a network design change that the hardware, software and processes created are obsolete before they are used.

Why does it always take too long? Continue reading

Intel shifts to multiarchitecture model

There was a time when Intel was all-x86, all the time, everywhere.Not anymore.Last week Intel held its annual Architecture Day with previews of multiple major upcoming architectures beyond x86. For once, it’s not hyperbole when they say these are some of the “biggest shifts in a generation.”CEO Gelsinger shakes up Intel And it’s not just architectures or just more and faster cores, it’s new designs, whole new ways of doing things. Instead of just packing more cores onto a smaller die, Intel is switching to a new hybrid architecture that adds low-energy-draw cores, similar to what some ARM chip makers have been doing for years on mobile devices.To read this article in full, please click here

Intel shifts to multiarchitecture model

There was a time when Intel was all-x86, all the time, everywhere.Not anymore.Last week Intel held its annual Architecture Day with previews of multiple major upcoming architectures beyond x86. For once, it’s not hyperbole when they say these are some of the “biggest shifts in a generation.”CEO Gelsinger shakes up Intel And it’s not just architectures or just more and faster cores, it’s new designs, whole new ways of doing things. Instead of just packing more cores onto a smaller die, Intel is switching to a new hybrid architecture that adds low-energy-draw cores, similar to what some ARM chip makers have been doing for years on mobile devices.To read this article in full, please click here

Network Break 347: Cisco Acquires Container App Monitor; Intel Unwraps Mount Evans IPU

It's the Network Break! This week we analyze Cisco's $500 million acquisition of a container-based and serverless application monitor, Intel's announcement of Mount Evans, an Infrastructure Processing Unit (IPU) for network and storage offload, and more tech news. Guest analyst Johna Till Johnson, CEO and founder of Nemertes Research, joins Greg Ferro.

The post Network Break 347: Cisco Acquires Container App Monitor; Intel Unwraps Mount Evans IPU appeared first on Packet Pushers.

Making Magic Transit health checks faster and more responsive

Making Magic Transit health checks faster and more responsive
Making Magic Transit health checks faster and more responsive

Magic Transit advertises our customer’s IP prefixes directly from our edge network, applying DDoS mitigation and firewall policies to all traffic destined for the customer’s network. After the traffic is scrubbed, we deliver clean traffic to the customer over GRE tunnels (over the public Internet or Cloudflare Network Interconnect). But sometimes, we experience inclement weather on the Internet: network paths between Cloudflare and the customer can become unreliable or go down. Customers often configure multiple tunnels through different network paths and rely on Cloudflare to pick the best tunnel to use if, for example, some router on the Internet is having a stormy day and starts dropping traffic.

Making Magic Transit health checks faster and more responsive

Because we use Anycast GRE, every server across Cloudflare’s 200+ locations globally can send GRE traffic to customers. Every server needs to know the status of every tunnel, and every location has completely different network routes to customers. Where to start?

In this post, I’ll break down my work to improve the Magic Transit GRE tunnel health check system, creating a more stable experience for customers and dramatically reducing CPU and memory usage at Cloudflare’s edge.

Everybody has their own weather station

To decide where to send traffic, Cloudflare edge servers Continue reading

Schneider Electric joins the hardware-as-a-service movement

German data center hardware giant Schneider Electric is the latest OEM to jump on the on-demand leasing program hardware, in this case the company’s American Power Conversion line of uninterruptible power supplies (UPS).The primary beneficiaries are channel partners, but the user comes out ahead as well. This is similar to the on-premises leasing model used by Hewlett Packard Enterprise, Dell Technologies, Lenovo, Cisco, and more. Rather than make a massive up-front purchase, you lease the gear and pay monthly for actual use.The deal is for channel partners to pair APC Smart-UPS solutions with its monitoring and dispatch services to create their own service offering. Schneider says this partnership will allow channel partners to offer more visibility and front-end maintenance across their customers’ dispersed UPS systems.To read this article in full, please click here

Schneider Electric joins the hardware-as-a-service movement

German data center hardware giant Schneider Electric is the latest OEM to jump on the on-demand leasing program hardware, in this case the company’s American Power Conversion line of uninterruptable power supplies (UPS).The primary beneficiaries are channel partners, but the user comes out ahead as well. This is similar to the on-premises leasing model used by Hewlett Packard Enterprise, Dell Technologies, Lenovo, Cisco, and more. Rather than make a massive up-front purchase, you lease the gear and pay monthly for actual use.The deal is for channel partners to pair APC Smart-UPS solutions with its monitoring and dispatch services to create their own service offering. Schneider says this partnership will allow channel partners to offer more visibility and front-end maintenance across their customers’ dispersed UPS systems.To read this article in full, please click here

Why Is Professional Development Important?

Learning is a lifelong process, and it never stops. Of course, no one is born to be brilliant at their job, but we learn and work on our development goals. After all, it takes time and effort to learn new skills and apply new knowledge. 

Thanks to the fierce competition, everyone is focused on their professional development to stay ahead. Here is everything you need to know about why is professional development important. 

Professional Development Explained

Before we understand why it’s important, you need to understand what professional development is. The term refers to career training and continuing education after an individual starts working to develop new skills for advancement in their career. Many jobs out there require individuals to take continuing education. 

However, professional development is not just limited to education. It refers to all the training and learning opportunities you can take to enhance your work and skills. These skills are used to advance in the career. 

Why Is Professional Development Important?

Here are the many reasons why professional development tools are important for any organization:

1. Increases Employee Retention 

As an organization, you can offer professional development opportunities to increase employee retention. It Continue reading

Weekend Reads 082021


Cross Site Scripting is the second most prevalent issue in the Open Source Foundation for Application Security (OWASP) top 10 – it’s found in roughly 2/3 of all applications.


Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.


Big O notation is an important tools for computer scientists to analyze the cost of an algorithm. Most software engineers should have an understanding of it.


Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to exfiltrate sensitive information from corporate networks.


In his keynote, Tait, former information security specialist for the UK’s GCHQ and more recently a member of Google’s Project Zero team, outlined what he considers the three main factors that drove high-profile cyberattacks on Colonial Pipeline, Kaseya, Exchange Server, SolarWinds, and Codecov, as well as North Korea’s targeting of security researchers and the NSO Pegasus Project iOS hacks.


The two researchers reported the issues to Apple and many of them have been fixed. However, the security weaknesses are not Continue reading

The Mystery of Known Issues

I’ve spent the better part of the last month fighting a transient issue with my home ISP. I thought I had it figure out after a hardware failure at the connection point but it crept back up after I got back from my Philmont trip. I spent a lot of energy upgrading my home equipment firmware and charting the seemingly random timing of the issue. I also called the technical support line and carefully explained what I was seeing and what had been done to work on the problem already.

The responses usually ranged from confused reactions to attempts to reset my cable modem, which never worked. It took several phone calls and lots of repeated explanations before I finally got a different answer from a technician. It turns out there was a known issue with the modem hardware! It’s something they’ve been working on for a few weeks and they’re not entirely sure what the ultimate fix is going to be. So for now I’m going to have to endure the daily resets. But at least I know I’m not going crazy!

Issues for Days

Known issues are a way of life in technology. If you’ve worked with any Continue reading

Heavy Networking 594: TLS 1.3 Down Deep With Ed Harmoush

Like anything in the world of IT, TLS has gone through various versions. TLS 1.1 and 1.2 are still commonly used, but TLS 1.3 is really where it’s at. Our guest is Ed Harmoush. Ed’s a professional instructor who’s researched TLS 1.3 and more as he’s prepped for his latest course offering, Practical TLS, which you can find at http://pracnet.net/tls. Use coupon PacketPushers100 to get $100 off this deep dive course from Ed.
1 690 691 692 693 694 3,856