Docker Hub Incident Review – 5 July 2020

Background

This is Docker’s first time publishing an incident report publicly. While we have always done detailed post mortems on incidents internally, as part of the changing culture at Docker, we want to be more open externally as well. For example, this year we have started publishing our roadmap publicly and asking our users for their input. You should expect to see us continue publishing reports for most significant incidents.

In publishing these reports, we hope others can learn from the issues we have faced and how we have dealt with them. We hope it builds trust in our services and our teams. We also think this one is pretty interesting due to the complex interaction between multiple services and stakeholders.

Incident Summary

Amazon Linux users in several regions encountered intermittent hanging downloads of Docker images from the Docker Hub registry between roughly July 5 19:00 UTC and July 6 06:30 UTC. The issue stemmed from an anti-botnet protection mechanism our CDN provider Cloudflare had deployed. Teams from Docker, Cloudflare, and AWS worked together to pinpoint the issue and the mechanism in question was disabled, leading to full service restoration.

What Happened

At about 01:45 UTC on Monday July 6th Continue reading

Industry groups prep Ethernet for operational, wireless networks

As Ethernet-based networks continue to evolve, two industry groups recently announced plans to take it to yet another level – this time extending the technology to operational and  wireless time-sensitive communication applications.This week the Ethernet Alliance said it was pushing an effort to bring faster, simpler communications to the operational technology (OT) networks typically found in building and industrial automation environments. The Ethernet Alliance includes a variety of communications players including Broadcom, Cisco, Dell, Juniper, Intel as well as university and industry members.[Get regularly scheduled insights by signing up for Network World newsletters.] A recently standardized IEEE specification, 802.3cg, which defines the use of Single-Pair Ethernet (SPE) in many circumstances rather than a wide range of fieldbus cables, including RS‑485 twisted-pair, RG‑6 coaxial, and instrumentation cables is behind the group’s strategy. To read this article in full, please click here

A guide to migrating off Windows Server 2008

With the OS reaching end of life, it’s time to migrate whatever old servers you have left, and it’s not a trivial job.

The 2020 Indigenous Connectivity Summit and Trainings: Register Now

People around the world are relying on the Internet to keep them connected to everyday life, but Indigenous communities in North America are being left behind by companies and governments. Lack of connectivity means many are unable to access even basic information and healthcare. And while COVID-19 has hit Indigenous communities especially hard, lack of access means they can’t use services that connected populations consider critical, such as remote learning and teleworking.

We must address this critical gap.

For years, the Internet Society has worked with those very communities, along with network operators, technologists, civil society, academia, and policymakers – bringing them together to discuss what can be done collectively to narrow the digital divide. We do this through our Indigenous Connectivity Summit (ICS) and the pre-Summit Trainings: Community Networks and Policy and Advocacy.

This year, though we can’t meet in person, we’ll hold a virtual event.

We’re excited to announce that registration is now open for the 2020 Indigenous Connectivity Summit.

The Summit will take place October 5-9, 2020, with training sessions beginning the first week of September. Those who register for the Summit before Friday, September 11th will receive a swag bag and materials for hands-on training prior to the Summit. Continue reading

Accelerating the data center with NVIDIA, Mellanox + Cumulus

Today’s modern datacenter and cloud architectures are horizontally scalable disaggregated distributed systems. Distributed systems have many individual components that work together independently creating a powerful cohesive solution. Just like how compute is the brains behind a datacenter’s distributed system, the network is the nervous system, responsible for ensuring communication gets to all the individual components. This blog tells you why NVIDIA Mellanox gives NVIDIA a larger footprint in the datacenter. The combination of NVIDIA, Mellanox and Cumulus together can provide end-to-end acceleration technologies for the modern disaggregated data-center.

Accelerating the datacenter

All parties coming together in this acquisition are involved in acceleration technologies in the modern data center:

• NVIDIA is at the center of Compute acceleration: Its GPU’s provide compute acceleration for High performance computing and infrastructure for neural networks that power AI assisted application features.
• Mellanox comes to the table with its dominance in High performance interconnects, Data and network processing acceleration on the host and hardware for the network fabric
• Cumulus Networks provides the Linux stack to accelerate the network fabric by enabling networking hardware features, and accelerating deployment, integration and monitoring of the network fabric with Automation and the Linux ecosystem. Cumulus Networks software architecture and DNA Continue reading

Day Two Cloud 061: Using Public Cloud For Disaster Recovery

Day Two Cloud 061: Using Public Cloud For Disaster Recovery

The Day Two Cloud podcast explores different approaches to using the public cloud for disaster recovery. We examine costs and benefits, discuss recovery times, dive into planning, and more. The show draws on co-host Ned Bellavance's experience working on DR projects for a variety of customers during his VAR days.

The post Day Two Cloud 061: Using Public Cloud For Disaster Recovery appeared first on Packet Pushers.

NTC – Netpalm With Tony Nealon

Open source continues to accelerate in the network domain with projects such as Netmiko, NAPALM, and Nornir–all of which are led by individuals, not large organizations or venture-backed startups.  In this episode we sit down with Tony Nealon, creator of Netpalm. Netpalm is a network API platform that can abstract and render structured data, both inbound and outbound, to your network device’s native telnet, SSH, NETCONF or RESTCONF interface–leveraging popular libraries like NAPALM, Netmiko, and ncclient under the hood for network device communication

Helpful Links:

• https://github.com/tbotnz/netpalm
• http://netpalm.tech/
• #netpalm on Network to Code Slack

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post NTC – Netpalm With Tony Nealon appeared first on Network Collective.

How to Simplify and Accelerate Network Segmentation 

Network segmentation—splitting a network into subnetworks or segments—is widely accepted to be a powerful and effective method for improving cybersecurity within the data center. Yet even though it’s acknowledged to be an essential component of network security hygiene, organizations have frequently avoided putting segmentation into practice.  

Why? Because historically network segmentation has been complex, disruptive, and time-consuming to implement, requiring extensive changes to the physical network and/or network addresses. The potential impact of taking applications offline for network changes means that many organizations decide to forego this industry-wide best practice. Teams that do forge ahead often face months- or years-long effort to create security zones by re–architecting the network, relocating equipment, and re-assigning IP addresses.  

It doesn’t have to be that way. Today there’s an elegant solution that greatly simplifies and accelerates network segmentation: VMware NSX Service-defined Firewall. Purpose–built to protect east-west traffic, VMware Service-defined Firewall enables segmentation without any disruptive physical network or address changes. 

Attackers Love Flat Networks  

To back up a step, let’s examine why network segmentation  Continue reading

AnsibleFest 2020 – The Biggest AnsibleFest EVER

It is almost that time of year again for everyone’s favorite automation event! 2020 has given us our fair share of change (and then some). But we’re not just facing new challenges. We’re adapting to them and innovating to overcome them together. We’re distributed yet we’re connected -- connected to new technologies, to new ways of working, and most importantly, to each other.

This year’s AnsibleFest is now a virtual experience, and we are using this opportunity to engage and collaborate with Ansible users across the globe. It will be a free virtual experience where our communities can connect to a wider audience to collaborate and solve problems. The venue may be different this year, but it is still the same AnsibleFest you know and love.

Keynotes

This year we have a great lineup of keynote speakers. We have brought together a group of people rich with Ansible knowledge, tapped to share meaningful insights with you right at home:

• Richard Henshall, Senior Manager for Product Management - Ansible Product Updates
• Matt Jones, Ansible Senior Principal Software Engineer - The Future of Automation
• Chris Wright, Red Hat CTO - Automation at the Edge
• Robyn Bergeron, Senior Principal Community Architect - Continue reading

BGP Confederation Fundamentals – What is BGP Confederation?

The post BGP Confederation Fundamentals – What is BGP Confederation? appeared first on orhanergun.net.

BGP Route Server – Scalable IXP BGP Architecture

The post BGP Route Server – Scalable IXP BGP Architecture appeared first on orhanergun.net.

Worth Reading: Seamless Suffering

When someone sent me a presentation on seamless MPLS a long while ago my head (almost) exploded just by looking at the diagrams… or in the immortal words of @amyengineer:

“If it requires a very solid CCIE on an obscure protocol mix at 4am, it is a bad design” - Peter Welcher, genius crafter of networks, granter of sage advice.

Turns out I was not that far off… Dmytro Shypovalov documented the underlying complexity and a few things that can go wrong in Seamless Suffering.

Jinja Template Inheritance

Jinja template inheritance uses the concept of block to define sections of the base parent template that can be overridden by sections from a child template. An extends statement links the child template to the parent template so that when the child template is rendered the parent template is also rendered and the block statement contents inherited by the parent template.

Real-time trending of dropped packets

8 free Wi-Fi stumbling and surveying tools for Windows and Mac

There is enterprise-level software for surveying Wi-Fi networks, but even in large wireless networks, simple freeware tools are handy for a quick peek at the airwaves during design, deployment or troubleshooting.Here is a look at eight free tools – some for Windows and some for Mac OS X – that provide basic details about nearby Wi-Fi signals: SSIDs, signal strength, channels, MAC addresses and security status. Learn about 5G and Wi-Fi 6 What is 5G? How is it better than 4G? How to determine if WiFi 6 is right for you What is MU-MIMO? Why do you need it in your wireless routers? When to use 5G, when to use WiFi 6 How enterprises can prep for 5G networks Some can even reveal “hidden” or non-broadcasted SSIDs, display the noise levels, or display statistics on successful and failed packets of your wireless connection. One of them includes Wi-Fi password-cracking tools that are useful for educational or penetration testing purposes.To read this article in full, please click here

Deploying WordPress to the Cloud

I was curious the other day how hard it would be to actually set up my own blog or rather I was more interested in how easy it is now to do this with containers. There are plenty of platforms that host blogs for you but is it really now as easy to just run one yourself?

In order to get started, you can sign up for a Docker ID, or use your existing Docker ID to download the latest version of Docker Desktop Edge which includes the new Compose on ECS experience. 

Start with the local experience

To start I setup a local WordPress instance on my machine, grabbing a Compose file example from the awesome-compose repo.

Initially I had a go at running this locally on with Docker Compose:

$ docker-compose up -d

Then I can get the list of running containers:

$ docker-compose ps
           Name                          Command               State          Ports
--------------------------------------------------------------------------------------
deploywptocloud_db_1          docker-entrypoint.sh --def ...   Up      3306/tcp, 33060/tcp
deploywptocloud_wordpress_1   docker-entrypoint.sh apach ...   Up      0.0.0.0:80->80/tcp

And then lastly I had a look to see that this was running correctly:

Deploy to the Cloud

Great! Now I needed to look at the contents of the Compose file Continue reading

Heavy Networking 534: Managing Automated Networks With vCenter And Dell SmartFabric Services (Sponsored)

Heavy Networking 534: Managing Automated Networks With vCenter And Dell SmartFabric Services (Sponsored)

Heavy Networking dives into building cost-effective, practical, and easily managed leaf-spine networks with sponsor Dell Technologies. We discuss Dell's SmartFabric Services offering, including the underlying infrastructure and software overlay, key automation features, interconnects for enterprise uses such as HCI, and more. Our guest is Saleem Muhammad, Director of Product Management and Marketing at Dell Technologies.

The post Heavy Networking 534: Managing Automated Networks With vCenter And Dell SmartFabric Services (Sponsored) appeared first on Packet Pushers.

Partnering with Euro-IX on Infrastructure Development, Routing Security, and More

We can only be successful in creating an Internet for everyone if everyone is part of the effort. That’s why the Internet Society is thrilled to be entering into a partnership with the European Internet Exchange Association (Euro-IX).

The partnership was made official with a Memorandum of Understanding (MoU) on 14 July. This formal agreement builds on an existing collaboration between the two organizations, who have worked together since 2012. But, whether it’s helping to bring cheaper and faster Internet to the world through the data provided in the IXP Database or making the Internet more secure by supporting the Mutually Agreed Norms for Routing Security (MANRS), our work has only just begun.

Kjetil Otter Olsen, the chair of Euro-IX said, “The Internet Society has been an excellent supporter of Internet exchange points (IXPs) for many years and has lent the support of its teams across the world to promoting the benefits of peering for Internet networks and the end users of those networks globally.

“Signing this MoU, on behalf of Euro-IX and the community of IXPs we represent, reflects our shared commitment with the Internet Society to continue this work into the future.

“This MoU extends our existing relationship Continue reading