Simplify the Modern Network with VMware NSX-T 3.1

Continuing our commitment to helping organizations around the world deliver a public cloud experience in the data center through VMware’s Virtual Cloud Network, were excited to announce the general availability of VMware NSX-TTM 3.1. This latest release of our full stack Layer 2 7 networking and security platform delivers capabilities that allow you to build modern networks at cloud scale while simplifying operations and strengthening security for east-west traffic inside the data center.  

As we continue to adapt to new realities, organizations need to build modern networks that can deliver any application, to any user, anywhere at any time, over any infrastructure all while ensuring performance and connectivity objectives are met. And they need to do this at public cloud scale. NSX-T 3.1 gives organizations a way to simplify modern networks and replace legacy appliances that congest data center traffic. The Virtual Cloud Network powered by NSX-T enables you to achieve a stronger security posture and run virtual and containerized workloads anywhere. 

Continue reading

What you need to know about upcoming Docker Hub rate limiting

On August 13th, we announced the implementation of rate limiting for Docker container pulls for some users. Beginning November 2, Docker will begin phasing in limits of Docker container pull requests for anonymous and free authenticated users.  The limits will be gradually reduced over a number of weeks until the final levels (where anonymous users are limited to 100 container pulls per six hours and free users limited to 200 container pulls per six hours) are reached. All paid Docker accounts (Pro, Team or Legacy subscribers) are exempt from rate limiting. 

The rationale behind the phased implementation periods is to allow our anonymous and free tier users and integrators to see the places where anonymous CI/CD processes are pulling container images. This will allow Docker users to address the limitations in one of two ways:  upgrade to an unlimited Docker Pro or Docker Team subscription,  or adjust application pipelines to accommodate the container image request limits.  After a lot of thought and discussion, we’ve decided on this gradual, phased increase over the upcoming weeks instead of an abrupt implementation of the policy. An up-do-date status update on rate limitations is available at https://www.docker.com/increase-rate-limits.

Docker users Continue reading

Checking Your Current Docker Pull Rate Limits and Status

Continuing with our move towards consumption-based limits, customers will see the new rate limits for Docker pulls of container images at each tier of Docker subscriptions starting from November 2, 2020. 

Anonymous free users will be limited to 100 pulls per six hours, and authenticated free users will be limited to 200 pulls per six hours. Docker Pro and Team subscribers can pull container images from Docker Hub without restriction as long as the quantities are not excessive or abusive.

In this article, we’ll take a look at determining where you currently fall within the rate limiting policy using some command line tools.

Determining your current rate limit

Requests to Docker Hub now include rate limit information in the response headers for requests that count towards the limit. These are named as follows:

  • RateLimit-Limit    
  • RateLimit-Remaining

The RateLimit-Limit header contains the total number of pulls that can be performed within a six hour window. The RateLimit-Remaining header contains the number of pulls remaining for the six hour rolling window. 

Let’s take a look at these headers using the terminal. But before we can make a request to Docker Hub, we need to obtain a bearer token. We will then Continue reading

Heavy Networking 547: Building And Monitoring A User-Centric Digital Experience With Catchpoint (Sponsored)

Today’s Heavy Networking show dives into Digital Experience Monitoring (DEM) with sponsor Catchpoint. Catchpoint combines synthetic testing with end user device monitoring to provide greater visibility into the end user experience while helping network engineers and IT admins support and troubleshoot a distributed workforce. Our guests from Catchpoint are Nik Koutsoukos, CMO; and Tony Ferelli, VP Operations.

Heavy Networking 547: Building And Monitoring A User-Centric Digital Experience With Catchpoint (Sponsored)

Today’s Heavy Networking show dives into Digital Experience Monitoring (DEM) with sponsor Catchpoint. Catchpoint combines synthetic testing with end user device monitoring to provide greater visibility into the end user experience while helping network engineers and IT admins support and troubleshoot a distributed workforce. Our guests from Catchpoint are Nik Koutsoukos, CMO; and Tony Ferelli, VP Operations.

The post Heavy Networking 547: Building And Monitoring A User-Centric Digital Experience With Catchpoint (Sponsored) appeared first on Packet Pushers.

AMD grabs Xilinx for $35 billion in expansion play

The rumors were true, only the price was off. AMD formally announced this week it intends to acquire FPGA maker Xilinx for $35 billion, not $30 billion as originally rumored.Xilinx is the biggest maker of field-programmable gate array (FPGA) chips, a class of chips that can be reconfigured for a variety of specialized tasks by the end user. They are especially popular in vertical markets like automotive and cellular base stations, where a chip can be reprogrammed for a new or special task.Analysts see Xilinx as an AI play for AMD, which has lagged behind Nvidia in the race for machine learning (ML) and inference.To read this article in full, please click here

AMD grabs Xilinx for $35 billion in expansion play

The rumors were true, only the price was off. AMD formally announced this week it intends to acquire FPGA maker Xilinx for $35 billion, not $30 billion as originally rumored.Xilinx is the biggest maker of field-programmable gate array (FPGA) chips, a class of chips that can be reconfigured for a variety of specialized tasks by the end user. They are especially popular in vertical markets like automotive and cellular base stations, where a chip can be reprogrammed for a new or special task.Analysts see Xilinx as an AI play for AMD, which has lagged behind Nvidia in the race for machine learning (ML) and inference.To read this article in full, please click here

Forrester: Get ready for IoT networking chaos

The sheer number of connectivity options available for IoT networks will create chaos in the coming year, according to a newly released set of predictions from Forrester Research.As there’s no single connectivity option that meets every use case for IoT, businesses should expect to navigate a landscape that includes proprietary low-power options like Zigbee, unlicensed standards like Bluetooth, both public and private varieties of 5G, Wi-Fi, and even satellite in order to make deployments work.To read this article in full, please click here

Learning To Listen For Learning

Can you hear me? Are you listening to me? Those two statements are used frequently to see if someone is paying attention to what you’re saying. Their connotation is very different though. One asks a question about whether you can tell if there are words coming out of someone’s mouth. Is the language something you can process? The other question is all about understanding.

Taking Turns Speaking

“Seek first to understand,then to be understood.” – Stephen Covey

Listening is hard. Like super hard. How often do you find yourself on a conference call with your mind wandering to other things you need to take care of? How many times have we seen someone shopping online for shoes or camping gear instead of taking notes on the call they should be paying attention to? They answer is more often than we should.

Attention spans are hard for everyone, whether you’re affected by attention disorders or have normal brain chemistry. Our minds hate being bored. They’re always looking for a way to escape to something more exciting and stimulating. You know you can feel it when there’s a topic that seriously interests you and pulls you in versus the same old Continue reading

Unwrap the SERVFAIL

Unwrap the SERVFAIL

We recently released a new version of Cloudflare Resolver which adds a piece of information called “Extended DNS Errors” (EDE) along with the response code under certain circumstances. This will be helpful in tracing DNS resolution errors and figuring out what went wrong behind the scenes.

Unwrap the SERVFAIL
(image from: https://www.pxfuel.com/en/free-photo-expka)

A tight-lipped agent

The DNS protocol was designed to map domain names to IP addresses. To inform the client about the result of the lookup, the protocol has a 4 bit field, called response code/RCODE. The logic to serve a response might look something like this:

function lookup(domain) {
    ...
    switch result {
    case "No error condition":
        return NOERROR with client expected answer
    case "No record for the request type":
        return NOERROR
    case "The request domain does not exist":
        return NXDOMAIN
    case "Refuse to perform the specified operation for policy reasons":
        return REFUSE
    default("Server failure: unable to process this query due to a problem with the name server"):
        return SERVFAIL
    }
}

try {
    lookup(domain)
} catch {
    return SERVFAIL
}

Although the context hasn't changed much, protocol extensions such as DNSSEC have been added, which makes the RCODE run out of space to express the server's internal Continue reading

Using the Midnight Commander to browse Linux directories

Midnight Commander – the "mc" command – provides an easy way to browse directories and to view, move, delete, compare, change and edit files. Similar in some ways to ranger, mc makes it easy to move around directories and offers side-by-side file/directory listings that work independently of each other. In addition, it provides a very wide range of actions that you can take through simple menu choices.To start Midnight Commander, simply type "mc" in a terminal window. When you open mc, both the left and right sides of the display will look the same and will show the contents of whatever directory you started in. You can switch sides using the tab key or simply by clicking on a directory or file in the side of the display. You can select a file or directory simply by clicking on it. You can also browse directory contents using the up and down arrow keys.To read this article in full, please click here

Who’s selling SASE and what do you get?

Demand for secure access service edge (SASE) has grown tremendously during the pandemic. As adoption picks up, vendors are promising feature-rich and integrated SASE solutions. Customers have different needs when it comes to SASE, however, and it’s not always easy to understand what a SASE provider is offering.As an approach, SASE combines networking and security into a scalable cloud service that fits with the remote and hybrid work models companies use today. Potential benefits include easier network and security management, flexibility to scale up or down as business needs require, and lower costs.To read this article in full, please click here

Who’s selling SASE and what do you get?

Demand for secure access service edge (SASE) has grown tremendously during the pandemic. As adoption picks up, vendors are promising feature-rich and integrated SASE solutions. Customers have different needs when it comes to SASE, however, and it’s not always easy to understand what a SASE provider is offering.As an approach, SASE combines networking and security into a scalable cloud service that fits with the remote and hybrid work models companies use today. Potential benefits include easier network and security management, flexibility to scale up or down as business needs require, and lower costs.To read this article in full, please click here

Introducing Data-in-Transit Encryption for Calico Enterprise

We’re excited to announce that Calico Enterprise, the leading solution for Kubernetes networking, security and observability in hybrid and multi-cloud environments, now includes encryption for data-in-transit.

Calico Enterprise is known for its rich set of network security implementations to protect container workloads by restricting traffic to and from trusted sources. These include, but are not limited to, implementing existing enterprise security controls in Kubernetes, managing egress access using DNS policy, extending firewalls to Kubernetes, and intrusion detection and threat defense. As the Kubernetes footprint expands, however, we’ve seen demand for an even greater in-depth approach to protecting sensitive data that falls under regulatory compliance mandates.

Not all threats originate from outside an organization. According to Gartner, nearly 75% of breaches happen due to insider behavior, from people within the organization such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems. This level of exposure is unacceptable for organizations that have strict data protection and regulatory compliance requirements. No matter where a threat originates, encrypted data is unreadable to anyone except the legitimate keyholder, thus protecting the data should a breach occur.

Several regulatory standards Continue reading