0

Heavy Networking 555: Top Network Design Trends Of 2020

Today's episode is the last Heavy Networking of 2020. In the spirit of an end-of-year reflection, we're going to talk about network design trends from this year, some of which were driven, or at least accelerated, by the pandemic hellscape that was 2020. Our guest is Zig Zsiga, a network designer, architect, CCDE, and instructor.

0

Heavy Networking 555: Top Network Design Trends Of 2020

Today's episode is the last Heavy Networking of 2020. In the spirit of an end-of-year reflection, we're going to talk about network design trends from this year, some of which were driven, or at least accelerated, by the pandemic hellscape that was 2020. Our guest is Zig Zsiga, a network designer, architect, CCDE, and instructor.

The post Heavy Networking 555: Top Network Design Trends Of 2020 appeared first on Packet Pushers.

0

Computing Euclidean distance on 144 dimensions

Late last year I read a blog post about our CSAM image scanning tool. I remember thinking: this is so cool! Image processing is always hard, and deploying a real image identification system at Cloudflare is no small achievement!

Some time later, I was chatting with Kornel: "We have all the pieces in the image processing pipeline, but we are struggling with the performance of one component." Scaling to Cloudflare needs ain't easy!

The problem was in the speed of the matching algorithm itself. Let me elaborate. As John explained in his blog post, the image matching algorithm creates a fuzzy hash from a processed image. The hash is exactly 144 bytes long. For example, it might look like this:

00e308346a494a188e1043333147267a 653a16b94c33417c12b433095c318012
5612442030d14a4ce82c623f4e224733 1dd84436734e4a5d6e25332e507a8218
6e3b89174e30372d

The hash is designed to be used in a fuzzy matching algorithm that can find "nearby", related images. The specific algorithm is well defined, but making it fast is left to the programmer — and at Cloudflare we need the matching to be done super fast. We want to match thousands of hashes per second, of images passing through our network, against a database of millions of known images. To make this work, Continue reading

0

Streaming Telemetry with Avi Freedman on Software Gone Wild

Remember my rant how “fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results”? Streaming telemetry is no exception to this rule, and Avi Freedman (CEO of Kentik) has been on the receiving end of this gizmo long enough to have to deal with several generations of experiments… and formed a few strong opinions.

Unfortunately Avi is still a bit more diplomatic than Artur Bergman – another CEO I love for his blunt statements – but based on his NFD16 presentation I expected a lively debate, and I was definitely not disappointed.

0

Streaming Telemetry with Avi Freedman on Software Gone Wild

Remember my rant how “fail fast, fail often sounds great in a VC pitch deck, and sucks when you have to deal with its results”? Streaming telemetry is no exception to this rule, and Avi Freedman (CEO of Kentik) has been on the receiving end of this gizmo long enough to have to deal with several generations of experiments… and formed a few strong opinions.

Unfortunately Avi is still a bit more diplomatic than Artur Bergman – another CEO I love for his blunt statements – but based on his NFD16 presentation I expected a lively debate, and I was definitely not disappointed.

0

A quirk in the SUNBURST DGA algorithm

On Wednesday, December 16, the RedDrip Team from QiAnXin Technology released their discoveries (tweet, github) regarding the random subdomains associated with the SUNBURST malware which was present in the SolarWinds Orion compromise. In studying queries performed by the malware, Cloudflare has uncovered additional details about how the Domain Generation Algorithm (DGA) encodes data and exfiltrates the compromised hostname to the command and control servers.

Background

The RedDrip team discovered that the DNS queries are created by combining the previously reverse-engineered unique guid (based on hashing of hostname and MAC address) with a payload that is a custom base 32 encoding of the hostname. The article they published includes screenshots of decompiled or reimplemented C# functions that are included in the compromised DLL. This background primer summarizes their work so far (which is published in Chinese).

RedDrip discovered that the DGA subdomain portion of the query is split into three parts:

<encoded_guid> + <byte> + <encoded_hostname>

An example malicious domain is:

7cbtailjomqle1pjvr2d32i2voe60ce2.appsync-api.us-east-1.avsvmcloud.com

Where the domain is split into the three parts as

Encoded guid Continue reading

0

Using the Linux arping command to ping local systems

The arping command is one of the lesser known commands that works much like the ping command.The name stands for “arp ping” and it’s a tool that allows you to perform limited ping requests in that it collects information on local systems only. The reason for this is that it uses a Layer 2 network protocol and is, therefore, non-routable. The arping command is used for discovering and probing hosts on your local network.[Get regularly scheduled insights by signing up for Network World newsletters.] If arping isn’t installed on your system, you should be able take care of that with one of these commands:To read this article in full, please click here

0

Developing Enterprise Software with Scalability Top of Mind

Yasser Ganjisaffar Yasser Ganjisaffar is the VP of Engineering at Forward Networks, overseeing all the company’s engineering efforts. He joined Forward Networks in 2014 as an early employee and led the team that scaled the computation core of Forward Enterprise product by 1000x in five years. Prior to that, he built large-scale search infrastructures in Facebook and Microsoft. He holds a Computer Science Ph.D. in the information retrieval domain. Developing enterprise software is far from simple. Designing a platform to serve hundreds of thousands of users, devices, or data streams (sometimes all at once) is a Herculean task. But that doesn’t mean that it’s impossible to approach the design methodology in a way that encourages scalability in the future. Scalability is one of the most important considerations in making a new software solution. Without it, the software cannot support user growth without crippling the user experience, and similarly inhibiting sales. Making a scalable software platform is challenging simply because it’s near impossible to know what factors, options and problems the vendor needs to take into consideration beforehand, requiring companies to instead iterate along the way. That was the issue

0

Enterprise File Workloads Shift to Cloud Data Management in 2021

Next year brings a new normal where cloud becomes core to enterprise IT strategies. As a result, multi-cloud data management becomes more important.

0

Mizar: Scalable Multitenant Networking with XDP on Kubernetes

Mizar is an open source project providing cloud networking to run virtual machines, containers, and other compute workloads. We built Mizar from the ground up with large scale and high performance in mind. Built in the same way as distributed systems in the cloud, Mizar utilizes XDP (eXpress Data Path) and Kubernetes to allow for the efficient creation of multitenant overlay networks with massive amounts of endpoints. Each of these technologies brings valuable perks that enable Mizar to achieve its goals. With XDP, Mizar is able to: Skip unnecessary stages of the network stack whenever possible and transit packet processing to smart NICs. Efficiently use kernel packet processing constructs without being locked into a specific processor architecture. Produce very small packet processing programs (<4KB). With Kubernetes, Mizar is able to: Efficiently program the underlying core XDP programs. Manage the lifecycle of its abstractions via CRDs. Have a scalable and distributed management plane. Deploy its core components and modules across all specified hosts. Mizar’s Goals and Continue reading

0

The Once And Future Federated Database

There are many different schools of thought when it comes to databases, which is one of the reasons that we launch our inaugural event focused solely on database technologies this year. …

The Once And Future Federated Database was written by Timothy Prickett Morgan at The Next Platform.

0

Upcoming Webinar: How Routers Really Work

Just a gentle reminder that on Monday (just a few days from now) I’m teaching a three hour webinar over at Safari Books on How Routers Really Work. From the course description—

This training will peer into the internal components of a router, starting with an explanation of how a router switches packets. This walk through of a switching path, in turn, will be used as a foundation for explaining the components of a router, including the various tables used to build forwarding tables and the software components used to build these tables.

Register here if you’re interested.

0

TTL255 finalist of Cisco 2020 IT Blog Awards

0

Connecting with the Docker Community– Recap of Our First Community All Hands

Last week, we held our first Community All Hands and the response was phenomenal. A huge thank you to all 1,100+ people who joined. If you missed it, you can watch the recording here. You can also find answers to those questions that came in towards the end that we didn’t have time to answer here.

This all-hands was an effort to further deepen our engagement with the community and bring users, contributors and staff together on a quarterly basis to share updates on what we’re working on and what our priorities are for 2021 and beyond. The event was also an opportunity to give the community direct access to Docker’s leadership and provide a platform to submit questions and upvote those that are most relevant and important to people. 

The overwhelming piece of feedback we got from attendees was that the event was too short and people would have loved to see more demos. We certainly had a packed agenda and we did our best to squeeze in as much into an hour. For our next one (in February 2021!), we’ll aim to extend the event by 30 minutes and include more live demos. We’ll also try Continue reading

0

2020 IT Blog Awards finalist!

I have the honor of having my blog selected as a finalist in the Most Educational category of the 2020 IT Blog Awards, hosted by Cisco. It is an honor and a great joy for me to be selected, for the third consecutive year, alongside other high-level bloggers who all have very deep technical knowledge! I hope you enjoy my articles as much as I enjoy writing and sharing them. I know I could write more, but I try to put quality ahead of quantity.   Please click here to vote…

The post 2020 IT Blog Awards finalist! appeared first on AboutNetworks.net.

0

International Community Joins Indian Policy and Cybersecurity Experts in Warning about the Dangers of Traceability

A growing group of international and local cybersecurity and policy experts are weighing in on proposed changes to Indian regulations that could jeopardize the safety of billions worldwide. By seeking to restrict WhatsApp and other popular messaging apps’ use of end-to-end encryption, the proposed policies pose a major threat to cybersecurity in India.

In Traceability and Cybersecurity, over 50 cybersecurity experts in Europe, North and Latin America, Africa, and the Asia-Pacific region agreed that amendments to the Information Technology (Intermediaries Guidelines) Rules under the Indian Information Technology Act proposed by the Indian Ministry of Electronics and Information Technology (MeiTY) will create many more problems than it seeks to solve.

Produced as a result of a global technical experts meeting series organized by the Internet Society in partnership with Medianama, the report notes that MeiTY’s proposal ignores sound advice: requiring intermediaries such as WhatsApp to enable the traceability of the content and data they handle is a major threat not only to the safety of users, but to India’s national security.

The report stresses that traceability would mean enabling third-party access to private communications, a move that undermines the end-to-end encryption that users everywhere, including government entities, rely on to Continue reading

0

Big Blue Shines A Light On The Future Of Tape Storage

IBM knows how to adapt to an ever-changing enterprise tech landscape. …

Big Blue Shines A Light On The Future Of Tape Storage was written by Jeffrey Burt at The Next Platform.

0

Migrating to Ansible Collections (Webinar Q&A)

Sean Cavanaugh, Anshul Behl and I recently hosted a webinar entitled “Migrating to Ansible Collections” (link to YouTube on-demand webinar replay and link to PDF slides download). This webinar was focused on enabling the Ansible Playbook writers, looking to move to the wonderful world of Ansible Collections in existing Ansible 2.9 environments and beyond.

 

The webinar was much more popular than we expected, so much so we didn’t have enough time to answer all the questions, so we took all the questions and put them in this blog to make them available to everyone.

 

I would like to use Ansible to automate an application using a REST API (for example creating a new bitbucket project). Should I be writing a role or a custom module? And should I then publish that as a Collection?    

It depends on how much investment you’d like to make into the module or role that you develop. For example, creating a role that references the built-in Ansible URI module can be evaluated versus creating an Ansible module written in Python. If you were to create a module, it can be utilized via a role developed by you or the playbook author. Continue reading

0

Introducing Cloudflare Pages: the best way to build JAMstack websites

Across multiple cultures around the world, this time of year is a time of celebration and sharing of gifts with the people we care the most about. In that spirit, we thought we'd take this time to give back to the developer community that has been so supportive of Cloudflare for the last 10 years.

Today, we’re excited to announce Cloudflare Pages: a fast, secure and free way to build and host your JAMstack sites.

Today, the path from an idea to a website is paved with good intentions

Websites are the way we express ourselves on the web. It doesn’t matter if you’re a hobbyist with a blog, or the largest of corporations with millions of customers — if you want to reach people outside the confines of 140 280 characters, the web is the place to be.

As a frontend developer, it’s your responsibility to bring this expression to life. And make no mistake — with so many frontend frameworks, tooling, and static site generators at your disposal — it’s a great time to be in your line of work.

That is, of course, right up until the point when you’re ready to show your work off Continue reading

0

Migrating to Ansible Collections (Webinar Q&A)

Sean Cavanaugh, Anshul Behl and I recently hosted a webinar entitled “Migrating to Ansible Collections” (link to YouTube on-demand webinar replay and link to PDF slides download). This webinar was focused on enabling the Ansible Playbook writers, looking to move to the wonderful world of Ansible Collections in existing Ansible 2.9 environments and beyond.

 

The webinar was much more popular than we expected, so much so we didn’t have enough time to answer all the questions, so we took all the questions and put them in this blog to make them available to everyone.

 

I would like to use Ansible to automate an application using a REST API (for example creating a new bitbucket project). Should I be writing a role or a custom module? And should I then publish that as a Collection?    

It depends on how much investment you’d like to make into the module or role that you develop. For example, creating a role that references the built-in Ansible URI module can be evaluated versus creating an Ansible module written in Python. If you were to create a module, it can be utilized via a role developed by you or the playbook author. Continue reading