Cisco open-source code boosts performance of Kubernetes apps over SD-WAN

Cisco has introduced an open-source project that it says could go a long way toward reducing the manual work involved in optimizing performance of Kubernetes-applications across SD-WANs.Cisco said it launched the Cloud-Native SD-WAN (CN-WAN) project to show how Kubernetes applications can be automatically mapped to SD-WAN with the result that the applications perform better over the WAN.More about SD-WAN: How to buy SD-WAN technology: Key questions to consider when selecting a supplier • How to pick an off-site data-backup method •  SD-Branch: What it is and why you’ll need it • What are the options for security SD-WAN? “In many cases, enterprises deploy an SD-WAN to connect a Kubernetes cluster with users or workloads that consume cloud-native applications. In a typical enterprise, NetOps teams leverage their network expertise to program SD-WAN policies to optimize general connectivity to the Kubernetes hosted applications, with the goal to reduce latency, reduce packet loss, etc.” wrote John Apostolopoulos, vice president and CTO of Cisco’s intent-based networking group in a group blog.To read this article in full, please click here

Opening Up Remote Access with Opengear

Opengear OM2200

The Opengear OM2200

If you had told me last year at this time that remote management of devices would be a huge thing in 2020 I might have agreed but laughed quietly. We were traveling down the path of simultaneously removing hardware from our organizations and deploying IoT devices that could be managed easily from the cloud. We didn’t need to access stuff like we did in the past. Even if we did, it was easy to just SSH or console into the system from a jump box inside the corporate firewall. After all, who wants to work on something when you’re not in the office?

Um, yeah. Surprise, surprise.

Turns out 2020 is the Year of Having Our Hair Lit On Fire. Which is a catchy song someone should record. But it’s also the year where we have learned how to stand up 100% Work From Home VPN setups within a week, deploy architecture to the cloud and refactor on the fly to help employees stay productive, and institute massive change freezes in the corporate data center because no one can drive in to do a reboot if someone forgets to do commit confirmed or reload in 5.

Remote Continue reading

Weekend Reads 082120

When a zero-day vulnerability is exploited in the wild, it’s essential to identify the bug at the root of the attack. This “root cause analysis” informs researchers how an attack unfolded.

The House Judiciary chairman was closing in on his Perry Mason moment with Facebook CEO Mark Zuckerberg. Fortified with “hot” internal company documents, Rep. Jerrold Nadler was building his case at a hearing that seemed almost like a trial for Facebook and three other tech giants over alleged anti-competitive tactics.

While it’s true consumers have largely moved on, data centers are still looking for higher capacity hard drives. That’s why Western Digital (WD) developed new enterprise drives, which are packing what the company calls “ePMR” (energy-assisted perpendicular magnetic recording). For simplicity’s sake, we’ll stick with energy-assisted magnetic recording (EAMR).

Respondents to Tripwire’s survey revealed that they’re specifically worried about their employers’ cloud security. Indeed, 37% of participants indicated that risk management capabilities in the cloud were at least somewhat worse in the cloud than in other parts of the organization’s infrastructure.

In our previous blog about IcedID, we explored some of the changes in the malware and how it tries to evade detection. We also detailed how threat actors Continue reading

JUNOS | Filter-Based Forwarding

Alright, so Filter-Based Forwarding is nothing new. The technology has been around for a while and is relatively well documented. However, I wanted to share a specific use case where Filter-Based Forwarding can be extremely useful. In this scenario, we’re going to use Filter-Based Forwarding to forward traffic to a dedicated VRF where it is then pushed through a DDOS appliance and back to the router via a different VRF.

This construct is very useful when you only need to pass specific ingress traffic through the DDOS appliance. For example, customer destination prefixes who are paying for a DDOS service. Or traffic from certain source prefixes that are known to be malicious. Return traffic in either scenario is not passed via the appliance and is routed directly back to the source.

Challenge Statement
Specific ingress traffic received from transit & peering providers, via the TRANSIT VRF, must be pushed to the DIRTY VRF. The traffic must then be forwarded back towards the TRANSIT VRF via an appliance for inspection. Once the traffic is received back into the TRANSIT VRF it is onward routed as normal.

Solution
The solution involves defining the prefixes that should be considered within the Filter-Based Forwarding Continue reading

Mapping Intermediary Liability in Latin America

Thanks to our Chapters in Latin America, we now have a clearer map of the intermediary liability regulatory landscape across the region.

Intermediary liability answers the question, “Should Internet intermediaries (ISPs, web hosting and cloud services, social media platforms, etc.)  be liable for content posted or for actions performed by others, such as, for example, their users?”

The success of the Internet depends on intermediary liability regimes that protect Internet providers – by ensuring responsibility for user behavior is on the users themselves, not on the intermediaries upon which they rely (both at the infrastructure and content layers).

The way legal frameworks deal with intermediary liability around the world can impact the Internet way of networking in different ways.

In some countries, intermediary liability legislation is well known: the 1996 US Communications Decency Act (Section 230) and the Brazilian Internet Bill of Rights, for example. But in much of the world it is covered by other more general-purpose regulations, such as tort law, consumer protection law, and child protection law.

We asked our local community to help us map and monitor the current regimes that apply to Internet intermediaries in their countries, so that our work can Continue reading

Technology Short Take 130

Welcome to Technology Short Take #130! I’ve had this blog post sitting in my Drafts folder waiting to be published for almost a month, and I kept forgetting to actually make it live. Sorry! So, here it is—better late than never, right?

Networking

Security

Cloud Computing/Cloud Management

Working Collaboratively to Improve Emerging Network Time Security Implementations

Accurate and secure time is essential for the security and trustworthiness of the Internet. Many systems that we regularly interact with rely on accurate time to function properly. Accurate time also provides an essential foundation for online security, and many security mechanisms, such as digital certificates used for Transport Layer Security (TLS), depend on accurate timekeeping. The Network Time Protocol (NTP) provides time synchronization for clocks on computer networks.

NTP’s security mechanisms were designed back in an era when most Internet traffic was trusted, and the risk of attack was unlikely. Due to the continued exponential expansion of the Internet, these mechanisms became outdated and needed to be redesigned. The Internet Engineering Task Force (IETF) has been working on a specification for Network Time Security (NTS) for several years now. This specification was approved by the Internet Engineering Steering Group (IESG) in March of this year and is currently in the RFC editing process for the final publication. Over the course of the last couple of years, there have been a series of NTS projects held as part of the IETF Hackathons. These projects have worked to identify mistakes and ambiguities in the specification and to test and improve interoperability Continue reading

How Cloudflare uses Cloudflare Spectrum: A look into an intern’s project at Cloudflare

How Cloudflare uses Cloudflare Spectrum: A look into an intern’s project at Cloudflare
How Cloudflare uses Cloudflare Spectrum: A look into an intern’s project at Cloudflare

Cloudflare extensively uses its own products internally in a process known as dogfooding. As part of my onboarding as an intern on the Spectrum (a layer 4 reverse proxy) team, I learned that many internal services dogfood Spectrum, as they are exposed to the Internet and benefit from layer 4 DDoS protection. One of my first tasks was to update the configuration for an internal service that was using Spectrum. The configuration was managed in Salt (used for configuration management at Cloudflare), which was not particularly user-friendly, and required an engineer on the Spectrum team to handle updating it manually.

This process took about a week. That should instantly raise some questions, as a typical Spectrum customer can create a new Spectrum app in under a minute through Cloudflare Dashboard. So why couldn’t I?

This question formed the basis of my intern project for the summer.

The Process

Cloudflare uses various IP ranges for its products. Some customers also authorize Cloudflare to announce their IP prefixes on their behalf (this is known as BYOIP). Collectively, we can refer to these IPs as managed addresses. To prevent Bad Stuff (defined later) from happening, we prohibit managed addresses from Continue reading

SDN startup Lumina Networks closes shop, citing Covid-19 impact

Lumina Networks, a startup spun-off from the purchase and splintering of Brocade in 2017, is shutting down, citing delays in customer deployments due in part to Covid-19, which starved it for cash. The company had raised $14 million in venture capital, including investments from AT&T and Verizon, but it wasn’t enough.Lumina Networks provided an open source-based SDN controller, called the Lumina SDN Controller, which was formerly the Brocade SDN Controller and power by the OpenDaylight technology. Lumina’s claim to fame was that the SDN Controller could manage both the physical and virtual from the same platform.To read this article in full, please click here

Docker Desktop & WSL 2 – Backport Update

While we have continued to make improvements to our Windows experience on Docker Desktop for users of HyperV, we are excited to see that Microsoft has announced the backport of WSL 2 to Windows version 1903 and 1909. This means that as of today, Docker Desktop Edge users will be able to use Docker Desktop with WSL 2 rather than our legacy HyperV based backend. This is available not only for Windows Pro and Windows Enterprise, but also for Windows Home users. This is the first time that Docker has been available on Windows Home versions 1903 and 1909! ?

This means that these developers will be able to take advantage of WSL 2 and Docker’s integration, allowing developers to store their code within their WSL 2 distro and run the Docker CLI from within this distro. This removes the need to access files stored on the Windows host and provides significant performance improvements for users.

To find out more about using Docker Desktop with WSL 2, check out Simon’s full tips and tricks article. If you want to learn more about how Docker developed the WSL 2 backend you can have a look through our history of the integration Continue reading

Introducing Deploy Buttons

Introducing Deploy Buttons
Introducing Deploy Buttons

When I first try out new development platforms, the first thing I do is get an OSS (Open Source Software) project I find on Github up and running. I used to start by following tutorials or digging through documentation. It’s a little bit counterintuitive. Let me share with you why. One reason is that Hello, World! examples rarely show the real “magic” of the platform. I want to feel excited and get a sense of how other people are creatively using the platform.

For example, I love it when I can build and deploy an OSS Pokedex app in a few minutes on Flutter to see if the platform actually lives up to the hype. It’s so much easier to do this than to spend a few hours following tutorials and documentation to get through the initial learning curve. You can think of it as shortening the time to first dopamine.

Another reason is that it makes learning the new platform much faster. Building off of an experienced developer’s work shows me which classes and functions are most useful to learn. There’s more nuance to building out full applications than is usually explained in the documentation. I can see how Continue reading

Pluribus bolsters software-defined data center software, Broadcom support

Pluribus Networks has rolled out new software and analytics packages that take aim at customers looking to build and manage software-defined data-center fabrics.The packages include a new release of the company’s core network operating system, Netvisor One, and the accompanying Unum management software as well as a new version of its Insight Analytics platform. They're all designed to simplify the operations of large-scale traditional and distributed edge data centers, the company said.[Get regularly scheduled insights by signing up for Network World newsletters.] Netvisor ONE is a virtualized NOS that provides Layer 2 and Layer 3 networking, distributed fabric intelligence. It virtualizes switch hardware and implements what the company calls an Adaptive Cloud Fabric. Adaptive Cloud Fabric operates without a controller and can be deployed across a single data center, or targeted to specific racks, pods, server farms or hyper-converged infrastructures, the company said. To read this article in full, please click here

Pluribus bolsters software-defined data center software, Broadcom support

Pluribus Networks has rolled out new software and analytics packages that take aim at customers looking to build and manage software-defined data-center fabrics.The packages include a new release of the company’s core network operating system, Netvisor One, and the accompanying Unum management software as well as a new version of its Insight Analytics platform. They're all designed to simplify the operations of large-scale traditional and distributed edge data centers, the company said.[Get regularly scheduled insights by signing up for Network World newsletters.] Netvisor ONE is a virtualized NOS that provides Layer 2 and Layer 3 networking, distributed fabric intelligence. It virtualizes switch hardware and implements what the company calls an Adaptive Cloud Fabric. Adaptive Cloud Fabric operates without a controller and can be deployed across a single data center, or targeted to specific racks, pods, server farms or hyper-converged infrastructures, the company said. To read this article in full, please click here

1 859 860 861 862 863 3,795