Docker Hub Incident Reviews – April 3rd and 15th 2021

In line with our promise last year to continue publishing incident reviews for Docker Hub, we have two to discuss from April. While many users were unaffected, it is important for us to be transparent with our community, and we hope it is both informative and instructive.

April 3rd 2021

Starting at about 07:30 UTC, a small proportion of registry requests (under 3%) against Docker Hub began failing. Initial investigation pointed towards several causes, including overloaded internal DNS services and significant and unusual load from several users and IPs. Changes were made to address all of these (scaling, blocking, etc), and while the issue seemed to resolve for several hours at a time, it continued coming back.

The issue re-occurred intermittently into the next day, at which point the actual root cause was determined to be under-scaled load balancers doing service discovery and routing for our applications. 

In the past, the bottleneck for the load balancing system was network bandwidth on the nodes, and auto scaling rules were thus tied to bandwidth metrics. Over time and across some significant changes to this system, the load balancing application had become more CPU intensive, and thus the current auto scaling setup Continue reading

What’s New in Calico v3.19

We’re excited to announce Calico v3.19.0! This release includes a number of cool new features as well as bug fixes. Thank you to each one of the contributors to this release! For detailed release notes, please go here. Here are some highlights from the release…

VPP Data Plane (tech-preview)

We’re very excited to announce that Calico v3.19 includes tech-preview support for FD.io’s Vector Packet Processing (VPP) data plane, joining Calico’s existing iptables, eBPF, and Windows dataplanes.

The VPP data plane promises high performance Kubernetes networking with support for network policy, encryption via WireGuard or IPSec, and MagLev service load balancing.

Interested? Try it out by following the tech-preview getting started guide!

Resource Management with kubectl (tech-preview)

In previous versions of Calico, the “calicoctl” command line tool was required to properly manage Calico API resources. In Calico v3.19, we’ve introduced a new tech-preview feature that allows you to manage all projectcalico.org API resources directly with kubectl using an optional API server add-on.

Try it out on your cluster by following the guide!

Windows Data Plane Support for containerd

Calico v3.19 introduces support for Calico for Windows users to deploy containers using containerd Continue reading

Passed AWS Associate Exam

I took the exam on 8th May 2021 and was able to crack it .Now you can call me AWS certified Associate .

I started thinking of giving the AWS associate exam more than a year back when my company provided us the free license of cloud Guru. We started a group of individuals who were interested in learning and taking the AWS associate exam. Our plan was to go through the cloud guru videos twice in a week during office hrs ( Allocated 1 hrs for learning ) and discuss any doubts related to topics. It all went very well for few weeks and suddenly people started missing sessions due to different reasons such as office meeting and workload. The group which started with 30 people reduced to 10 now and unfortunately I too dropped due to timing clash and office workload.

Almost after 6 months, again I started going through cloud Guru Videos and this time I was able to complete it and at that time i can easily rate myself 6 out of 10.

I went through AWS FAQ’s , I must say that they are must if you are preparing to take AWS exam.

I didn’t stop, Continue reading

Designing the new Cloudflare Web Application Firewall

Designing the new Cloudflare Web Application Firewall
Designing the new Cloudflare Web Application Firewall

The Cloudflare Web Application Firewall (WAF) protects websites and applications from malicious traffic attempting to exploit vulnerabilities in server software. It’s a critical piece of the broader security posture of your application. With that in mind, we made sure improvements to the Web Application Firewall dashboard experience made it easier to enable the WAF and configure rules to match the specific requirements of an application. In this post, I’ll share parts of the process we followed and the rationale behind the decisions we took when designing the new Web Application Firewall dashboard experience.

I’ve separated out my design process into three stages:

  1. Identify the tasks customers are trying to complete using the WAF
  2. Prioritise the tasks in such a way that it’s clear what the most common tasks are vs what the more involved tasks are
  3. Define, create, and refine the interface and interactions

Identifying the tasks customers are trying to complete

We support a range of customers — individual developers or hobbyists, small/medium-sized businesses where it’s common for a developer to fulfil multiple roles and responsibilities, through to large global enterprises where often there is an entire department dedicated to information security. Traditionally, product development teams use techniques such Continue reading

We Are the Internet Society: Our Impact in 2020

If there were doubts about how important the Internet is for everyone, 2020 put those to rest. As we push forward through this turbulent time, I want to take a moment to share some inspiration. The Internet Society’s 2020 Impact Report: The Internet Is a Lifeline is a storybook of ingenuity, collaboration, and what happens […]

The post We Are the Internet Society: Our Impact in 2020 appeared first on Internet Society.

DockerCon LIVE 2021 Keynotes

Join us for DockerCon LIVE 2021 on Thursday, May 27. DockerCon LIVE is a free, one day virtual event that is a unique experience for developers and development teams who are building the next generation of modern applications. If you want to learn about how to go from code to cloud fast and how to solve your development challenges, DockerCon LIVE 2021 offers engaging live content to help you build, share and run your applications. Register today at https://dockr.ly/2PSJ7vn

With DockerCon just around the corner, we’re pleased to announce our outstanding keynote speaker line-up.

Among the Docker luminaries taking the virtual stage May 27 will be CEO Scott Johnston, CTO Justin Cormack and VP of Products Donnie Berkholz. Look for keynotes, too, from special guests Dana Lawson, GitHub VP of Engineering, and Matt Falk, VP of Engineering, Data Science and Computer Vision at Orbital Insight.

Picking up hosting duties will be Docker’s Peter McKee and William Quiviger, along with DevOps consultant and Docker Captain Bret Fisher.

They’re just part of the one-day event packed with demonstrations, product announcements, company updates and more — all of it focused on modern application delivery in a cloud-native world.

Last year 78,000 registrants Continue reading

How to avoid the network-as-a-service shell game

I can’t tell you how many times one of my clients or contacts has complained about the difficulties associated with getting network-budget approval. If I’d never met a CFO in person, the description these people gave me would have led me to expect something like a troll or a zombie, bent on eating projects and maybe people, too. Do we wear garlic when we visit the CFO, or maybe do a chant before the meeting, or might there be a more practical approach?CFOs aren’t just trying to mess up a good technology project (at least most of the time), they’re trying to validate two basic financial rules that govern technology procurements.  Rule One is that any project must advance a company’s financial position and not hurt it. That seems logical, but it’s often difficult to assess just what the return on investment (ROI) of any project is.  Rule Two is that you don’t want to buy equipment that you’ll have to replace before it’s been fully depreciated. The useful life of something should be at least as long as the financial life as set by tax laws.To read this article in full, please click here

Tech Bytes: Auto Dealer Takes Network Control With Fortinet (Sponsored)

Frustrated by poor service from an MSP, the IT team at White Family auto dealers needed a more efficient way to connect locations while ensuring high performance and strong security to meet regulatory requirements. The company chose Fortinet for its network and security equipment. Fortinet is our sponsor, and we talk with Shane Williams, Director of IT; and Paul Provorse, System Administrator about going all-in with Fortinet to run their own show.

Tech Bytes: Auto Dealer Takes Network Control With Fortinet (Sponsored)

Frustrated by poor service from an MSP, the IT team at White Family auto dealers needed a more efficient way to connect locations while ensuring high performance and strong security to meet regulatory requirements. The company chose Fortinet for its network and security equipment. Fortinet is our sponsor, and we talk with Shane Williams, Director of IT; and Paul Provorse, System Administrator about going all-in with Fortinet to run their own show.

The post Tech Bytes: Auto Dealer Takes Network Control With Fortinet (Sponsored) appeared first on Packet Pushers.

How the Internet Really Works, Part 1

I’m a bit late posting this … but this Thursday (an odd day for me) I’m running How the Internet Really Works, Part 1, over at Safari Books Online. From the page:

This live training will provide an overview of the systems, providers, and standards bodies important to the operation of the global Internet, including the Domain Name System (DNS), the routing and transport systems, standards bodies, and registrars. For DNS, the process of a query will be considered in some detail, who pays for each server used in the resolution process, and tools engineers can use to interact DNS. For routing and transport, the role of each kind of provider will be considered, along with how they make money to cover their costs, and how engineers can interact with the global routing table (the Default Free Zone, of DFZ). Finally, registrars and standards bodies will be considered, including their organizational structure, how they generate revenue, and how to find their standards.

You can register for the training at the link above. I’ll be giving part 2 of How the Internet Really Works next month.

Tracking Internet Shutdowns

Internet shutdowns harm societies, economies, and the global Internet infrastructure – that’s why we’re tracking disruptions on the Internet Society Pulse platform. There are thousands of disruptions to Internet access every day all over the world, but not all of them are the result of deliberate shutdowns. Lengthy outages are usually the result of technical errors, routing misconfigurations, or infrastructure failures. […]

The post Tracking Internet Shutdowns appeared first on Internet Society.

The Effectiveness of AS Path Prepending (1)

Just about everyone prepends AS’ to shift inbound traffic from one provider to another—but does this really work? First, a short review on prepending, and then a look at some recent research in this area.

What is prepending meant to do?

Looking at this network diagram, the idea is for AS6500 (each router is in its own AS) to steer traffic through AS65001, rather than AS65002, for 100::/64. The most common method to trying to accomplish this is AS65000 can prepend its own AS number on the AS Path Multiple times. Increasing the length of the AS Path will, in theory, cause a route to be less preferred.

In this case, suppose AS65000 prepends its own AS number on the AS Path once before advertising the route towards AS65001, and not towards AS65002. Assuming there is no link between AS65001 and AS65002, what would we expect to happen? What we would expect is AS65001 will receive one route towards 100::/64 with an AS Path of 2 and use this route. AS65002 will, likewise, receive one route towards 100::/64 with an AS Path of 1 and use this route.

AS65003, however, will receive two routes towards 100::/64, one with an AS Continue reading

The Week in Internet News: Many U.S. Residents Support Community Broadband

From the community: A new poll from Morning Consult finds that more than half of U.S. residents trust local governments to provide broadband services, and just 14 percent believe local governments should be prohibited from providing broadband. Currently, 18 states limit or outright prohibit local governments from providing their own broadband. In those states, “these […]

The post The Week in Internet News: Many U.S. Residents Support Community Broadband appeared first on Internet Society.

Ansible Network Resource Purge parameter

Red Hat Ansible Network Automation continues to be a popular domain for Red Hat Ansible Automation Platform. We have continually developed additional resource modules to make automating network appliances easier, and more approachable, for novices and experts alike. These resource modules provide a consistent experience across multiple network vendors. There are seven main state parameters for resource modules: merged, replaced, overridden, deleted, gathered, rendered and parsed. The Ansible network team is adding one more parameter, purged, to this tool chest for resource modules. This blog will cover the purged parameter and show use-cases through a practical example.

network purge blog

For this example, we will be using two BGP resource modules to configure a Cisco network device. We will be using the bgp_global module, which was covered in Rohit’s blog post, and the bgp_address_family module. The BGP configuration is split between these two separate modules to simplify configuration and data models associated with them.

Let’s start with a data model:

bgp_global:
    as_number: '65000'
    bgp:
        log_neighbor_changes: true
        router_id:
            address: 192.168.1.1
    neighbor:
    -   activate: true
        address: 10.200.200.2
        remote_as: 65001
bgp_address_family:
    address_family:
    -   afi: ipv4
        neighbor:
        -   activate: true
            address: 10.200.200.2
        network:
        -   address: 10.25. Continue reading
1 700 701 702 703 704 3,808