Calico Enterprise: Leverage multiple benefits from the new eBPF data plane

Calico was designed from the ground up with a pluggable data plane architecture. The Enterprise 3.6 release introduces an exciting new eBPF (extended Berkeley Packet Filter) data plane that provides multiple benefits to users.

Great performance, lower latency for load-balanced traffic

When compared with the standard Linux data plane (based on iptables), the eBPF data plane:

  • Scales to higher throughput, using less CPU per GBit
  • Natively supports Kubernetes services (without kube-proxy) in a way that:
    • Reduces latency
    • Preserves external client source IP addresses
    • Supports direct server return (DSR) for reduced latency and CPU usage
    • Uses less CPU than kube-proxy to keep the data plane in sync

The impact of NAT on source IP

The application of network address translation (NAT) by kube-proxy to incoming network connections to Kubernetes services (e.g. via a service node port) is a frequently encountered friction point with Kubernetes networking. NAT has the unfortunate side effect of removing the original client source IP address from incoming traffic. When this occurs, Kubernetes network policies can’t restrict incoming traffic from specific external clients. By the time the traffic reaches the pod it no longer has the original client IP address. For some applications, knowing the Continue reading

4 Advancements That Led to Decentralized Cloud Storage

The evolution of cloud storage as we know it is a fascinating journey filled with projects that built on one another to bring us to where we are today. Interestingly enough, most of the technology used to build a decentralized cloud storage network today has been available for decades. The fact that decentralized cloud storage is viable is mostly because of the growth of storage capacity available at the edge and the incredible increases we’ve made across the globe in bandwidth. Here are four key advancements throughout the years that have paved the way for decentralized cloud storage. Advancement #1: Network Bandwidth Increased JT Olio JT is the CTO at Storj. He oversees product development and led the re-architecture of Storj’s distributed cloud storage platform. He was previously director of engineering at Space Monkey, which was acquired by Vivint in 2014. JT has an MS in computer science from the University of Utah and a BS in computer science and mathematics from the University of Minnesota. There is a great paper by Charles Blake and Rodrigo Rodrigues entitled “

The chip shortage is real, but driven by more than COVID

By now you’ve undoubtedly heard the complaining about computing parts shortages, particularly from gamers who can’t get modern GPU cards and from car makers, since new cars these days are a rolling data center.The problem is also affecting business IT but in a different way, and there are steps you can take to address the problem. The first step, though, is patience. This shortage isn’t due to staffing or fabs being out of commission, it’s that demand is so high that it’s leading to very long lead times.Chip shortage will hit hardware buyers for months to years That delay can mean 36 weeks, according to Mario Morales, program vice president for the semiconductor and enabling technologies team at IDC, with the demand for components “seeing untempered demand.”To read this article in full, please click here

The chip shortage is real, but driven by more than COVID

By now you’ve undoubtedly heard the complaining about computing parts shortages, particularly from gamers who can’t get modern GPU cards and from car makers, since new cars these days are a rolling data center.The problem is also affecting business IT but in a different way, and there are steps you can take to address the problem. The first step, though, is patience. This shortage isn’t due to staffing or fabs being out of commission, it’s that demand is so high that it’s leading to very long lead times.Chip shortage will hit hardware buyers for months to years That delay can mean 36 weeks, according to Mario Morales, program vice president for the semiconductor and enabling technologies team at IDC, with the demand for components “seeing untempered demand.”To read this article in full, please click here

Some quick notes on SDR

I'm trying to create perfect screen captures of SDR to explain the world of radio around us. In this blogpost, I'm going to discuss some of the imperfect captures I'm getting, specifically, some notes about WiFi and Bluetooth.

An SDR is a "software defined radio" which digitally samples radio waves and uses number crunching to decode the signal into data. Among the simplest thing an SDR can do is look at a chunk of spectrum and see signal strength. This is shown below, where I'm monitoring part of the famous 2.4 GHz pectrum used by WiFi/Bluetooth/microwave-ovens:


There are two panes. The top shows the current signal strength as graph. The bottom pane is the "waterfall" graph showing signal strength over time, display strength as colors: black means almost no signal, blue means some, and yellow means a strong signal.

The signal strength graph is a bowl shape, because we are actually sampling at a specific frequency of 2.42 GHz, and the further away from this "center", the less accurate the analysis. Thus, the algorithms think there is more signal the further away from the center we are.

What we do see here is two peaks, at 2.402 Continue reading

Install Calico to Enhance Kubernetes’ Built-in Networking Capability

Calico, from network software provider Tigera, is a third-party plugin for Kubernetes geared to make full network connectivity more flexible and easier. Out of the box, Kubernetes provides the NetworkPolicy API for managing network policies within the cluster. The problem many Kubernetes admins find (especially those new to the technology) is that network can quickly become a rather complicated mess of YAML configurations, where you must configure traffic ingress and egress properly, or communication between Kubernetes objects (such as pods and containers) can be difficult. That’s where the likes of Flannel, which cannot configure network policies. With Calico, you can significantly enhance the Kubernetes networking configuration. Take, for instance, the feature limitations found in the default NetworkPolicy, which are: Policies are limited to a single environment and are applied only to pods marked with labels. You can only apply rules to pods, environments, or subnets. Rules can only contain protocols, numerical ports, or named ports. When you add the Calico plugin, the Continue reading

Intel stumbles in supercomputer rankings, delays next-gen CPU

This week the TOP500 list of the world’s fastest supercomuters found that, once again, Fugaku is number one, benchmarking at 442 Pflop/sec, making it three times faster than the second place machine. Impressive, but also indicative that it might also be the first to break the exaflop barrier if it’s working on the right kind of problem.TOP500 pointed out that Fugaku’s score (and everyone else’s) is based on double-precision benchmarks, the most accurate floating point math calculation you can do. But much of AI and machine learning is single-precision, which can be less than half the compute power of double precision.To read this article in full, please click here

Intel stumbles in supercomputer rankings, delays next-gen CPU

This week the TOP500 list of the world’s fastest supercomuters found that, once again, Fugaku is number one, benchmarking at 442 Pflop/sec, making it three times faster than the second place machine. Impressive, but also indicative that it might also be the first to break the exaflop barrier if it’s working on the right kind of problem.TOP500 pointed out that Fugaku’s score (and everyone else’s) is based on double-precision benchmarks, the most accurate floating point math calculation you can do. But much of AI and machine learning is single-precision, which can be less than half the compute power of double precision.To read this article in full, please click here

The Week in Internet News: U.K. Government says ‘No Encryption for Kids’

"In the news" text on yellow background

Less protection for kids: The U.K.’s Department of Digital, Media, Culture and Sport has recommended that children’s accounts on social media platforms and messaging services should not use end-to-end encryption, TechCrunch reports. In the effort to protect kids against online predators, cyber bullying and other bad stuff, the agency says children shouldn’t be protected against cybercrime, […]

The post The Week in Internet News: U.K. Government says ‘No Encryption for Kids’ appeared first on Internet Society.

What’s the Most Secure Network of Them All?

You’re standing in front of three doors. Door number one is big, tall, and sturdy. Nothing fancy, but seemingly safe. Door number two has more bells and whistles, fancy engravings, and twice the number of locks. Elevated security for sure, but you suspect more form over function, so you’re not entirely sold. Door number three features a winning combination of practicality and advanced locks. This one has to be the best choice, right?

You can’t see behind any door, so your choice is limited to inference. That’s frustrating. Today, choosing the right security solution for your business is no different. Bells and whistles can distract us from our core objective of ultimate, unwavering security. And old reliable doesn’t seem capable of repelling an onslaught of modern threats and distributed exposures.

Organizations need to make the right network security choice to successfully secure their networks in a highly dynamic, distributed world where it’s not a matter of if intruders will get in, but when. Turns out, the right approach is as much about philosophy as it is about technology: trust no one. But, before we get into the relationship between trust and better security, let’s begin with a review of how Continue reading

Friday Thoughts on Going Back To the Office

EmptyOffice

We’re halfway through 2021 and it’s been going better than last year. Technology seems to be rebounding and we’re seeing companies trying to find ways to get employees to come back into the office. Of course, that is being met head on by the desire to not go back at all and continue to do the job from home that has been done over the past year. Something is going to have to give and I don’t know what that might be.

  • Working from home is comfortable for sure. And the lack of schedule means that people are unknowingly putting in hours beyond what they normally would at the office. At least in the office you can walk away from your desk at the end of the day.
  • Unlimited PTO and flexible work schedules sound great in theory. Except not tracking your PTO hours also means you don’t accrue them. You don’t get paid for time you don’t take off. And a flexible work schedule sounds great in theory but reality says that you’re not likely to get much support if you suddenly decide you want to work noon to 10pm Hawaiian time. Flexible really means “work longer than normal”.
  • Continue reading

Weekend Reads 070221


Many ISPs in the Asia Pacific region use MikroTik RouterOS to provide access to their customers via PPPoE (please get on board with IPv6!), and some use MikroTik for their edge/core routers as well.


In the reorganization that relatively new chief executive officer and formerly not only Intel’s first chief technology officer (in 2001) and also the first general manager (in 2005) of its Digital Enterprise Group, the company’s first implementation of Data Center Group.


Let’s begin with the obvious, uncontested fact: the number of ransomware attacks is going up because companies are paying the ransoms.


The 2020 calendar year will long be remembered as an annus horribilis for most, except for a handful of technology companies that reaped the rewards of a global shift to remote work with successful initial public offerings (IPOs).


In 2021, the high-end TV landscape is just as confusing to new buyers as ever. There’s a bunch of new televisions to consider, a raft of technical-sounding features — 8K, HDR, Ultra HD 4K, 120Hz and HDMI 2.1 — and a stable of familiar brand names competing for your dollar.


Windows 11 adds several unexpected new features, including Android apps, a revised Start Menu Continue reading

Heavy Networking 586: Virtualizing And Accelerating 5G RAN With 3rd Gen Intel® Xeon (Sponsored)

Today's Heavy Networking, sponsored by Intel, dives into 5G, virtualization, and AI. Intel's 3rd Gen Xeon processors can support a variety of use cases, including running virtualized network functions in the data center, at the edge, and in the cloud. They also have built-in acceleration for AI and cryptography, giving organizations a flexible platform for a variety of workloads, including service providers building out 5G networks. Our guest is Cristina Rodriguez, Vice President Data Center Group General Manager Wireless Access Network Division at Intel.

Heavy Networking 586: Virtualizing And Accelerating 5G RAN With 3rd Gen Intel® Xeon (Sponsored)

Today's Heavy Networking, sponsored by Intel, dives into 5G, virtualization, and AI. Intel's 3rd Gen Xeon processors can support a variety of use cases, including running virtualized network functions in the data center, at the edge, and in the cloud. They also have built-in acceleration for AI and cryptography, giving organizations a flexible platform for a variety of workloads, including service providers building out 5G networks. Our guest is Cristina Rodriguez, Vice President Data Center Group General Manager Wireless Access Network Division at Intel.

The post Heavy Networking 586: Virtualizing And Accelerating 5G RAN With 3rd Gen Intel® Xeon (Sponsored) appeared first on Packet Pushers.

1 701 702 703 704 705 3,841