Many services, one cloudflared

Many services, one cloudflared
Route many different local services through many different URLs, with only one cloudflared
Many services, one cloudflared

I work on the Argo Tunnel team, and we make a program called cloudflared, which lets you securely expose your web service to the Internet while ensuring that all its traffic goes through Cloudflare.

Say you have some local service (a website, an API, a TCP server, etc), and you want to securely expose it to the internet using Argo Tunnel. First, you run cloudflared, which establishes some long-lived TCP connections to the Cloudflare edge. Then, when Cloudflare receives a request for your chosen hostname, it proxies the request through those connections to cloudflared, which in turn proxies the request to your local service. This means anyone accessing your service has to go through Cloudflare, and Cloudflare can do caching, rewrite parts of the page, block attackers, or build Zero Trust rules to control who can reach your application (e.g. users with a @corp.com email). Previously, companies had to use VPNs or firewalls to achieve this, but Argo Tunnel aims to be more flexible, more secure, and more scalable than the alternatives.

Some of our larger customers have deployed hundreds of services with Argo Continue reading

European Union, Use Facts to Make Cybersecurity Decisions – Not Myths

Nearly 450 million EU citizens are counting on the Council of the European Union to make decisions that protect their safety. The Council has a duty make these decisions based on reliable information.

In the next week, the Council of the European Union is expected to consider a resolution that argues that law enforcement “must be able to access data in a lawful and targeted manner.” This resolution is the first step of a wider push by the European Union to demand law enforcement access to encrypted data.

But are they relying on accurate information to make their decisions?

A report leaked from the European Commission in September, Technical solutions to detect child sexual abuse in end-to-end encrypted communications, tries to analyze different ways to spot illegal content in private communications that use end-to-end encryption. This leaked report could influence their decison-making on encryption policy in the EU.

The EU Commission’s report alludes to the idea that some access methods may be less risky than others. However, the bottom line is that each method presents serious security and privacy risks for billions of users worldwide.

Don’t take just my word for it. According to the Internet Society and the Continue reading

Fast Failover: Topologies

In the blog post introducing fast failover challenge I mentioned several typical topologies used in fast failover designs. It’s time to explore them.

The Basics

Fast failover is (by definition) adjustment to a change in network topology that happens before a routing protocol wakes up and deals with the change. It can therefore use only locally available information, and cannot involve changes in upstream devices. The node adjacent to the failed link has to deal with the failure on its own without involving anyone else.

Read more …

Fast Failover: Topologies

In the blog post introducing fast failover challenge I mentioned several typical topologies used in fast failover designs. It’s time to explore them.

The Basics

Fast failover is (by definition) adjustment to a change in network topology that happens before a routing protocol wakes up and deals with the change. It can therefore use only locally available information, and cannot involve changes in upstream devices. The node adjacent to the failed link has to deal with the failure on its own without involving anyone else.

Read more …

Apstra arms SONiC support for enterprise network battles

The community around the open-sourced Software for Open Networking in the Cloud (SONiC) NOS got a little stronger as Apstra says its intent-based networking software is now more ready for enterprise prime-time than implementations from Cisco and Arista.The Linux-based NOS, developed and open sourced by Microsoft in 2017, decouples network software from the underlying hardware and lets it run on switches and ASICs from multiple vendors while supporting a full suite of network features such as border gateway protocol (BGP), remote direct memory access (RDMA), QoS, and  other Ethernet/IP technologies.To read this article in full, please click here

Apstra arms SONiC support for enterprise network battles

The community around the open-sourced Software for Open Networking in the Cloud (SONiC) NOS got a little stronger as Apstra says its intent-based networking software is now more ready for enterprise prime-time than implementations from Cisco and Arista.The Linux-based NOS, developed and open sourced by Microsoft in 2017, decouples network software from the underlying hardware and lets it run on switches and ASICs from multiple vendors while supporting a full suite of network features such as border gateway protocol (BGP), remote direct memory access (RDMA), QoS, and  other Ethernet/IP technologies.To read this article in full, please click here

What Are Data Types Anyways?

There are actually quite a few resources out there for a novice programmer to learn about data types like strings, integers, floats, and more. The wikipedia page, as an example, covers a broad spectrum of potential meanings. Just about any book or tutorial focused on a particular programming language will start off by listing the types supported by that language. This makes sense, since they are the fundamental building block of being able to do pretty much anything in that language.

Nvidia shows off at Supercomputing 20

Nearly 70% of the 500 fastests supercomputers in the world as announced at the Supercomputing 20 conference this week are powered by Nvidia, including eight of the top 10.Among them was one named Selene that Nvidia built itself and that debuted at Number 5 on the semi-annual TOP500 list of the fastest machines. With top-end systems requiring 10,000 or more CPUs and GPUs, they are enormously expensive, so government or research institutions own the majority of them.That makes Selene all the more rare. It was built by and is based at Nvidia's Santa Clara, California, headquarters. (It’s widely believed there are many supercomputers in private industry that are not reported for competitive reasons.)To read this article in full, please click here

Nvidia shows off at Supercomputing 20

Nearly 70% of the 500 fastests supercomputers in the world as announced at the Supercomputing 20 conference this week are powered by Nvidia, including eight of the top 10.Among them was one named Selene that Nvidia built itself and that debuted at Number 5 on the semi-annual TOP500 list of the fastest machines. With top-end systems requiring 10,000 or more CPUs and GPUs, they are enormously expensive, so government or research institutions own the majority of them.That makes Selene all the more rare. It was built by and is based at Nvidia's Santa Clara, California, headquarters. (It’s widely believed there are many supercomputers in private industry that are not reported for competitive reasons.)To read this article in full, please click here

Vendor Lock-In. Maybe Not So Evil. (Video)

Is vendor lock-in all that bad? Many argue yes. You’re tied to a vendor because you’ve used some of their proprietary technology, and so you’re (apparently) stuck with it forever, limiting your future business agility. I think that’s an incomplete argument, though.

 

Tools 1. Top 5 tools for network performance troubleshooting

Hello my friend,

some time ago we’ve been recently engaged in the troubleshooting of the performance issues. Namely, the speed of the communication between the application’s endpoints in two data centres was not persistent. Instead, it was deviating a lot having multiple TCP retransmissions for certain flows. The issues was successfully solved, and we’d like to share with you the tools we have used to identify and validate various aspects of traffic forwarding.



1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Can automation help with performance troubleshooting?

Absolutely. During our network automation training we show how to utilise various Linux tools from configuration management tools (e.g. Ansible) and programming languages (Bash, Python). That gives you ready examples from our training, which you can use in your network immediately, and endless possibilities to create your own automated troubleshooting workflows.

Our network automation training has two faces: either live or self-paced. So you can choose yourself, what works better for you. On our side, we Continue reading

Briefings In Brief 098: Cisco Tetration Enables Microsegmentation And App Dependency Mapping

Cisco Tetration enables microsegmentation and application dependency mapping for on-premises and cloud applications. This Briefings In Brief explores essential details on Tetration, including how it works and how it fits with other products in Cisco's portfolio. This briefing is based on a Security Field Day presentation by Cisco on the Tetration product.

Briefings In Brief 098: Cisco Tetration Enables Microsegmentation And App Dependency Mapping

Cisco Tetration enables microsegmentation and application dependency mapping for on-premises and cloud applications. This Briefings In Brief explores essential details on Tetration, including how it works and how it fits with other products in Cisco's portfolio. This briefing is based on a Security Field Day presentation by Cisco on the Tetration product.

The post Briefings In Brief 098: Cisco Tetration Enables Microsegmentation And App Dependency Mapping appeared first on Packet Pushers.

Open Policy Agent for the Enterprise: Styra’s Declarative Authorization Service

Open Policy Agent (OPA, pronounced “oh-pa”) for cloud native environments was created, and policy enforcement in code became much more practical. Now, its developers, under their company, new three-tier product offering for Styra Declarative Authorization Service (DAS). Before diving into DAS, though, let’s make sure we’re all on the same page with OPA and policies in general. OPA is an open source, general-purpose policy engine that unifies policy enforcement across the stack. You write these policies in its high-level declarative language Datalog query language. With Rego, you can specify policy as code and create simple APIs to offload policy decision-making from your software. You can then use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more. And, what’s a policy engine you ask?

Contributing to the Internet Society Governance Reform Working Group

[Published on behalf of the Internet Society Board of Trustees]

As we announced some time ago, the Board of Trustees of the Internet Society (ISOC) has established the Governance Reform Working Group in order to host open community discussion on the general topic of potential governance changes at the Internet Society. We would like to welcome all members of any Internet Society Chapter, Organization Member, SIG, as well as individual members and IETF participants to contribute to this effort. Please, find the initial charter for the working group at:
https://www.internetsociety.org/board-of-trustees/governance-reform-working-group-charter/

Olga Cavalli and Mike Godwin will be the chair and vice-chair of the working group, respectively. You can subscribe to the working group’s mailing list in order to contribute to the discussion on the following link (where you can also check the mailing list archives) :
https://elists.isoc.org/mailman/listinfo/governance-reform

The post Contributing to the Internet Society Governance Reform Working Group appeared first on Internet Society.

1 846 847 848 849 850 3,841