Heavy Networking 546: Making Zero Trust Remote Access Work (Sponsored)

Zero trust network access is ideal for today's distributed workforce, but it can be tricky to put into place. On today's sponsored Heavy Networking podcast, we talk with NetMotion about its remote access product that enable zero trust plus performance monitoring to help troubleshoot problems for remote workers. Our guest is Jay Klauser, VP of Worldwide Sales Engineering & Alliances at NetMotion.

Heavy Networking 546: Making Zero Trust Remote Access Work (Sponsored)

Zero trust network access is ideal for today's distributed workforce, but it can be tricky to put into place. On today's sponsored Heavy Networking podcast, we talk with NetMotion about its remote access product that enable zero trust plus performance monitoring to help troubleshoot problems for remote workers. Our guest is Jay Klauser, VP of Worldwide Sales Engineering & Alliances at NetMotion.

The post Heavy Networking 546: Making Zero Trust Remote Access Work (Sponsored) appeared first on Packet Pushers.

Docker V2 Github Action is Now GA

Docker is happy to announce the GA of our V2 Github Action. We’ve been working with @crazy-max over the last few months along with getting feedback from the wider community on how we can improve our existing Github Action. We have now moved from our single action to a clearer division and advanced set of options that not only allow you to just build & push but also support features like multiple architectures and build cache.

The big change with the advent of our V2 action is also the expansion of the number of actions that Docker is providing on Github. This more modular approach and the power of Github Actions has allowed us to make the minimal UX changes to the original action and add a lot more functionality.

We still have our more meta build/push action which does not actually require all of these preconfiguration steps and can still be used to deliver the same workflow we had with the previous workflow! To Upgrade the only changes are that we have split out the login to a new step and also now have a step to setup our builder. 

  -
        name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v1

This Continue reading

Pandemic Accelerates Loss of Internet Freedoms

The COVID-19 pandemic has not only caused more than one million deaths worldwide, but it is also accelerating a decline in Internet freedoms across the globe, according to a new report from Freedom House.

The past year has been “especially dismal” for Internet Freedom, according to the Freedom on the Net 2020 report, sponsored by the Internet Society. Political leaders have used the pandemic as an excuse to limit access to information and to roll out new surveillance measures, the report says.

At the same time, a slow-motion splintering of the Internet has turned into an “all-out race toward ‘cyber sovereignty,’ with each government imposing its own internet regulations in a manner that restricts the flow of information across national borders,” the report says. Authorities in several countries, including the U.S., China, Russia, Brazil, and Turkey have erected new digital borders.

As a result, Internet freedoms have declined for the 10th consecutive year, says the report, which tracks Internet freedom in 65 countries, covering 87 percent of the world’s Internet users. From May 2019 to June 2020, the report found Internet freedom scores dropping in 26 countries, with 22 registering net gains.

The largest declines occurred in  Continue reading

Diving into /proc/[pid]/mem

Diving into /proc/[pid]/mem
Diving into /proc/[pid]/mem

A few months ago, after reading about Cloudflare doubling its intern class size, I quickly dusted off my CV and applied for an internship. Long story short: now, a couple of months later, I found myself staring into Linux kernel code and adding a pretty cool feature to gVisor, a Linux container runtime.

My internship was under the Emerging Technologies and Incubation group on a project involving gVisor. A co-worker contacted my team about not being able to read the debug symbols of stack traces inside the sandbox. For example, when the isolated process crashed, this is what we saw in the logs:

*** Check failure stack trace: ***
    @     0x7ff5f69e50bd  (unknown)
    @     0x7ff5f69e9c9c  (unknown)
    @     0x7ff5f69e4dbd  (unknown)
    @     0x7ff5f69e55a9  (unknown)
    @     0x5564b27912da  (unknown)
    @     0x7ff5f650ecca  (unknown)
    @     0x5564b27910fa  (unknown)

Obviously, this wasn't very useful. I eagerly volunteered to fix this stack unwinding code - how hard could it be?

After some debugging, we found that the logging library used in the project opened /proc/self/mem to look for ELF headers at the start of each memory-mapped region. This was necessary to calculate an offset to find the correct addresses for debug symbols.

It turns out this mechanism is rather Continue reading

COVID-19: Weekly internet health check

As COVID-19 continues to spread, forcing employees to work from home, the services of ISPs, cloud providers and conferencing services a.k.a. unified communications as a service (UCaaS) providers are experiencing increased traffic.ThousandEyes is monitoring how these increases affect outages and the performance challenges these providers undergo. It will provide Network World a roundup of interesting events of the week in the delivery of these services, and Network World will provide a summary here. Stop back next week for another update, and see more details here.To read this article in full, please click here

Folding@home exascale supercomputer finds potential targets for COVID-19 cure

The Folding@home project has shared new results of its efforts to simulate proteins from the SARS-CoV-2 virus to better understand how they function and how to stop them.Folding@home is a distributed computing effort that uses small clients to run simulations for biomedical research when users' PCs are idle. The clients operate independently of each other to perform their own unique simulation and send in the results to the F@h servers. (Read more about where the Folding@home network is administered and how it broke the exaFLOPS barrier.)To read this article in full, please click here

Grasp the Fundamentals before Spreading Opinions

I should have known better, but I got pulled into another stretched VLANs for disaster recovery tweetfest. Surprisingly, most of the tweets were along the lines of you really shouldn’t be doing that and that would never work well, but then I guess I was only exposed to a small curated bubble of common sense… until this gem appeared in my timeline:

Networking Needs ZIP codes

Interestingly, that’s exactly how IP works:

Read more …

Grasp the Fundamentals before Spreading Opinions

I should have known better, but I got pulled into another stretched VLANs for disaster recovery tweetfest. Surprisingly, most of the tweets were along the lines of you really shouldn’t be doing that and that would never work well, but then I guess I was only exposed to a small curated bubble of common sense… until this gem appeared in my timeline:

Networking Needs ZIP codes

Interestingly, that’s exactly how IP works:

Read more …

Choosing a Container-Native Network for Kubernetes

Similar to container-native storage, the container-native network abstracts the physical network infrastructure to expose a flat network to containers. It is tightly integrated with Kubernetes to tackle the challenges involved in pod-to-pod, node-to-node, pod-to-service and external communication. Kubernetes can support a host of plugins based on the Cloud Native Computing Foundation. Sponsor Note KubeCon + CloudNativeCon conferences gather adopters and technologists to further the education and advancement of cloud native computing. The vendor-neutral events feature domain experts and key maintainers behind popular projects like Kubernetes, Prometheus, Envoy, CoreDNS, containerd and more. Container-native networks go beyond basic connectivity. They provide dynamic enforcement of network security rules. Through a predefined policy, it is possible to configure fine-grained control over communications between containers, pods and nodes. Choosing the right networking stack is critical to maintain and secure the CaaS platform. Customers can select the stack from open source projects including Contiv, Project CalicoTungsten Fabric and

Tech Bytes: Construction Firm Improves Job Site Productivity With Silver Peak SD-WAN (Sponsored)

Today's Tech Bytes, sponsored by Silver Peak, is an SD-WAN conversation with Rogers-O’Brien Construction. We’ll talk about how this construction company relies on SD-WAN to enable fast, high-performance connectivity at remote construction sites, handle massive file transfers, securely segment partner traffic, and more.

The post Tech Bytes: Construction Firm Improves Job Site Productivity With Silver Peak SD-WAN (Sponsored) appeared first on Packet Pushers.

Random Thoughts on IoT

Let’s play the analogy game. The Internet of Things (IoT) is probably going end up being like … a box of chocolates, because you never do know what you are going to get? a big bowl of spaghetti with a serious lack of meatballs? Whatever it is, the IoT should have network folks worried about security. There is, of course, the problem of IoT devices being attached to random places on the network, exfiltrating personal data back to a cloud server you don’t know anything about. Some of these devices might be rogue, of course, such as Raspberry Pi attached to some random place in the network. Others might be more conventional, such as those new exercise machines the company just brought into the gym that’s sending personal information in the clear to an outside service.

While there is research into how to tell the difference between IoT and “larger” devices, the reality is spoofing and blurred lines will likely make such classification difficult. What do you do with a virtual machine that looks like a Raspberry Pi running on a corporate laptop for completely legitimate reasons? Or what about the Raspberry Pi-like device that can run a fully operational Continue reading

Road to gRPC

Road to gRPC
Road to gRPC

Cloudflare launched support for gRPC® during our 2020 Birthday Week. We’ve been humbled by the immense interest in the beta, and we’d like to thank everyone that has applied and tried out gRPC! In this post we’ll do a deep-dive into the technical details on how we implemented support.

What is gRPC?

gRPC is an open source RPC framework running over HTTP/2. RPC (remote procedure call) is a way for one machine to tell another machine to do something, rather than calling a local function in a library. RPC has been around in the history of distributed computing, with different implementations focusing on different areas, for a long time. What makes gRPC unique are the following characteristics:

  • It requires the modern HTTP/2 protocol for transport, which is now widely available.
  • A full client/server reference implementation, demo, and test suites are available as open source.
  • It does not specify a message format, although Protocol Buffers are the preferred serialization mechanism.
  • Both clients and servers can stream data, which avoids having to poll for new data or create new connections.

In terms of the protocol, gRPC uses HTTP/2 frames extensively: requests and responses look very similar to a normal HTTP/2 request.

Continue reading

Network Break 307: Cisco Launches Catalyst 8000 Edge Routers; Juniper Spends $450 Million For 128 Technology

Today's Network Break covers new SD-WAN routers from Cisco, a giant Juniper acquisition, new WIPS capabilities from Extreme, the United States' anti-trust lawsuit against Google, Intel selling its NAND business, and Space Networking!

The post Network Break 307: Cisco Launches Catalyst 8000 Edge Routers; Juniper Spends $450 Million For 128 Technology appeared first on Packet Pushers.

1 818 819 820 821 822 3,795