Making WireGuard from Homebrew Work on an M1 Mac

After writing the post on using WireGuard on macOS (using the official WireGuard GUI app from the Mac App Store), I found the GUI app’s behavior to be less than ideal. For example, tunnels marked as on-demand would later show up as no longer configured as an on-demand tunnel. When I decided to set up WireGuard on my M1-based MacBook Pro (see my review of the M1 MacBook Pro), I didn’t want to use the GUI app. Fortunately, Homebrew has formulas for WireGuard. Unfortunately, the WireGuard tools as installed by Homebrew on an M1-based Mac won’t work. Here’s how to fix that.

The key issues with WireGuard as installed by Homebrew on an M1-based Mac are:

  • On an M1-based Mac, Homebrew installs (by default) to the /opt/homebrew prefix. By comparison, Homebrew uses /usr/local on Intel-based Macs. Some of the WireGuard-related scripts are hard-coded to use /usr/local as the Homebrew prefix. Because the prefix has changed, though, these scripts now don’t work on an M1-based Mac.
  • WireGuard has a dependency on Bash. Unfortunately, the version of Bash supplied by macOS isn’t supported by WireGuard (it’s too old). Without a very specific PATH configuration, even installing the Homebrew version of Bash—which is Continue reading

More products, more partners, and a new look for Cloudflare Logs

More products, more partners, and a new look for Cloudflare Logs

We are excited to announce a new look and new capabilities for Cloudflare Logs! Customers on our Enterprise plan can now configure Logpush for Firewall Events and Network Error Logs Reports directly from the dashboard. Additionally, it’s easier to send Logs directly to our analytics partners Microsoft Azure Sentinel, Splunk, Sumo Logic, and Datadog. This blog post discusses how customers use Cloudflare Logs, how we’ve made it easier to consume logs, and tours the new user interface.

New data sets for insight into more products

Cloudflare Logs are almost as old as Cloudflare itself, but we have a few big improvements: new datasets and new destinations.

Cloudflare has a large number of products, and nearly all of them can generate Logs in different data sets. We have “HTTP Request” Logs, or one log line for every L7 HTTP request that we handle (whether cached or not). We also provide connection Logs for Spectrum, our proxy for any TCP or UDP based application. Gateway, part of our Cloudflare for Teams suite, can provide Logs for HTTP and DNS traffic.

Today, we are introducing two new data sets:

Firewall Events gives insight into malicious traffic handled by Cloudflare. It provides detailed information Continue reading

Using VMware vCenter Tags in a Red Hat Ansible Tower Dynamic Inventory

VMware vCenter Server tags are labels that can be applied to objects like the system’s environment and usage, therefore it is a very useful method of asset management - also making tags a perfect fit in the Ansible world to organize systems in an Ansible inventory. Red Hat customers have regularly requested the ability to use vCenter Tags in Red Hat Ansible Tower. This is now possible with an Ansible Tower inventory source that supports tags and provides the vmware_vm_inventory plugin.

Ansible Automation Platform 1.2 brings completely native Ansible inventory plugin support to Ansible Tower 3.8. In previous versions, there were specific inventory plugin configurations based on the old inventory scripts where a specific set of parameters surfaced in Ansible Tower's user interface. For example: cloud region and a specific subset of variables you could pass to those inventory scripts surfaced as variables you could pass to the inventory source, which means that new configuration parameters that come with Ansible inventory plugins are not supported in order to maintain compatibility with the old inventory scripts. 

The move to support native inventory plugins allows Red Hat Ansible Automation Platform customers to use all the configuration parameters available through Continue reading

Sudan’s exam-related Internet shutdowns

Sudan's exam-related Internet shutdowns

To prevent cheating in exams many countries restrict or even shut down Internet access during critical exam hours. I wrote two weeks ago about Syria having planned Internet shutdowns during June, for exams.

Sudan is doing the same thing and has had four shutdowns so far. Here's the Internet traffic pattern for Sudan over the last seven days. I've circled the shutdowns on Saturday, Sunday, Monday and Tuesday (today, June 22, 2021).

Sudan's exam-related Internet shutdowns

Cloudflare Radar allows anyone to track Internet traffic patterns around the world, and it has country-specific pages. The chart for the last seven days (shown above) came from the dedicated page for Sudan.

The Internet outages start at 0600 UTC (0800 local time) and end three hours later at 0900 UTC (1100 local time). This corresponds to the timings announced by the Sudanese Ministry of Education.

Sudan's exam-related Internet shutdowns

Further shutdowns are likely in Sudan on June 24, 26, 27, 29 and 30 (thanks to Twitter user _adonese for his assistance). Looking deeper into the data, the largest drop in use is for mobile Internet access in Sudan (the message above talks about mobile Internet use being restricted) while some non-mobile access appears to continue.

That can be seen by looking Continue reading

AI tackles data-center workload management

As data center workloads spiral upward, a growing number of enterprises are looking to artificial intelligence (AI), hoping that technology will enable them to reduce the management burden on IT teams while boosting efficiency and slashing expenses.AI promises to automate the movement of workloads to the most efficient infrastructure in real time, both inside the data center as well as in a hybrid-cloud setting comprised of on-prem, cloud, and edge environments. As AI transforms workload management, future data centers may look far different than today's facilities. One possible scenario is a collection of small, interconnected edge data centers, all managed by a remote administrator.To read this article in full, please click here

AI tackles data-center workload management

As data center workloads spiral upward, a growing number of enterprises are looking to artificial intelligence (AI), hoping that technology will enable them to reduce the management burden on IT teams while boosting efficiency and slashing expenses.AI promises to automate the movement of workloads to the most efficient infrastructure in real time, both inside the data center as well as in a hybrid-cloud setting comprised of on-prem, cloud, and edge environments. As AI transforms workload management, future data centers may look far different than today's facilities. One possible scenario is a collection of small, interconnected edge data centers, all managed by a remote administrator.To read this article in full, please click here

AI tackles workload management challenges in the data center

As data center workloads spiral upward, a growing number of enterprises are looking to artificial intelligence (AI), hoping that technology will enable them to reduce the management burden on IT teams while boosting efficiency and slashing expenses.AI promises to automate the movement of workloads to the most efficient infrastructure in real time, both inside the data center as well as in a hybrid-cloud setting comprised of on-prem, cloud, and edge environments. As AI transforms workload management, future data centers may look far different than today's facilities. One possible scenario is a collection of small, interconnected edge data centers, all managed by a remote administrator.To read this article in full, please click here

AI tackles workload management challenges in the data center

As data center workloads spiral upward, a growing number of enterprises are looking to artificial intelligence (AI), hoping that technology will enable them to reduce the management burden on IT teams while boosting efficiency and slashing expenses.AI promises to automate the movement of workloads to the most efficient infrastructure in real time, both inside the data center as well as in a hybrid-cloud setting comprised of on-prem, cloud, and edge environments. As AI transforms workload management, future data centers may look far different than today's facilities. One possible scenario is a collection of small, interconnected edge data centers, all managed by a remote administrator.To read this article in full, please click here

Unexpected Interactions Between OSPF and BGP

It started with an interesting question tweeted by @pilgrimdave81

I’ve seen on Cisco NX-OS that it’s preferring a (ospf->bgp) locally redistributed route over a learned EBGP route, until/unless you clear the route, then it correctly prefers the learned BGP one. Seems to be just ooo but don’t remember this being an issue?

Ignoring the “why would you get the same route over OSPF and EBGP, and why would you redistribute an alternate copy of a route you’re getting over EBGP into BGP” aspect, Peter Palúch wrote a detailed explanation of what’s going on and allowed me to copy into a blog post to make it more permanent:

Read more …

Unexpected Interactions Between OSPF and BGP

It started with an interesting question tweeted by @pilgrimdave81

I’ve seen on Cisco NX-OS that it’s preferring a (ospf->bgp) locally redistributed route over a learned EBGP route, until/unless you clear the route, then it correctly prefers the learned BGP one. Seems to be just ooo but don’t remember this being an issue?

Ignoring the “why would you get the same route over OSPF and EBGP, and why would you redistribute an alternate copy of a route you’re getting over EBGP into BGP” aspect, Peter Palúch wrote a detailed explanation of what’s going on and allowed me to copy into a blog post to make it more permanent:

Read more …

Kubernetes Port Names and Terminating HTTPS Traffic on AWS

I recently came across something that wasn’t immediately intuitive with regard to terminating HTTPS traffic on an AWS Elastic Load Balancer (ELB) when using Kubernetes on AWS. At least, it wasn’t intuitive to me, and I’m guessing that it may not be intuitive to some other readers as well. Kudos to my teammates Hart Hoover and Brent Yarger for identifying the resolution, which I’m going to call out in this post.

This AWS Premium Support post outlines the basic scenario:

  • You’re running Kubernetes on AWS. The post references EKS, but as far as I know the issue is not limited to EKS, and should apply to self-managed Kubernetes clusters on AWS (assuming these clusters are configured with the AWS cloud provider).
  • You’ve published a Service of type LoadBalancer (which, in turn, creates a classic ELB). For self-managed clusters, this requires the AWS cloud provider to be installed and configured.
  • You want to terminate HTTPS traffic on the ELB. The post references the use of an ACM certificate, but I suspect it’s not limited to ACM certificates.

Consider the following YAML, taken directly from the previously-referenced AWS Premium Support article:

apiVersion: v1
kind: Service
metadata:
  name:  Continue reading

Network Break 338: Breach In Progress? Gigamon Operators Are Standing By; IEEE Finalizes New Ethernet Standard

Gigamon adds a human touch to a new SaaS NDR offering, the IEEE finalizes 802.3cu for faster speeds over single-mode optical fiber, US service providers roll out managed SASE services, and more IT news in this week's Network Break podcast.

The post Network Break 338: Breach In Progress? Gigamon Operators Are Standing By; IEEE Finalizes New Ethernet Standard appeared first on Packet Pushers.

The Week in Internet News: Biden Warns Putin About Some Cyberattacks

No-go zone: U.S. President Joe Biden told Russian President Vladimir Putin that some types of cyberattacks are off-limits during a meeting at the G7 summit in Switzerland recently, Reuters reports. Destructive attacks by Russian hackers on U.S. critical infrastructure must end, Biden said. It’s unclear if the talk will have much of an effect. Banned […]

The post The Week in Internet News: Biden Warns Putin About Some Cyberattacks appeared first on Internet Society.

1 701 702 703 704 705 3,835