Cloudflare Network expands to more than 100 Countries

Cloudflare Network expands to more than 100 Countries
Cloudflare Network expands to more than 100 Countries

2020 has been a historic year that will forever be associated with the COVID-19 pandemic. Over the past six months, we have seen societies, businesses, and entire industries unsettled. The situation at Cloudflare has been no different. And while this pandemic has affected each and every one of us, we here at Cloudflare have not forgotten what our mission is: to help build a better Internet.

We have expanded our global network to 206 cities across more than 100 countries. This is in addition to completing 40+ datacenter expansion projects and adding over 1Tbps in dedicated “backbone” (transport) capacity connecting our major data centers so far this year.

Pandemic times means new processes

There was zero chance that 2020 would mean business as usual within the Infrastructure department. We were thrown a curve-ball as the pandemic began affecting our supply chains and operations. By April, the vast majority of the world’s passenger flights were grounded. The majority of bulk air freight ships within the lower deck (“belly”) of these flights, which saw an imbalance between supply and demand with the sudden 74% decrease in passenger belly cargo capacity relative to the same period last year.

We were fortunate to have Continue reading

Day Two Cloud 057: See Your Data With Grafana

Day Two Cloud gets into data visualization with the open-source Grafana project. Grafana helps you visualize, alert on, and query all kinds of data and metrics. We look at how Grafana works, how it manipulates and stores data, and common use cases. Our guest is Ryan McKinley, VP of Applications at Grafana.

Introduction to Segment Routing

Jeff Tantsura and Nick Buraglio bring a wealth of knowledge to this Network Collective Introduction to Segment Routing webinar. In this webinar we cover the fundamental SR technologies and how they work, as well as some of the practical implementation details that can only be learned by working with the technology directly.

Jeff Tantsura
Host
Nick Buraglio
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post Introduction to Segment Routing appeared first on Network Collective.

BGP EVPN Underlay Network with BGP (Multi-AS)


Introduction


The focus of this chapter is to explain the BGP Multi-AS Underlay Network design in BGP EVPN/VXLAN Fabric. It starts by explaining the BGP configuration because this way explanation can be done by using show and debug command as well as taking packet captures. The next section discusses of BGP adjacency process and its related states (Idle, Connect/Active, OpenSent, Open Confirm and Established). After that, this chapter explains the BGP routing discussing how connected routes are sent from RIB to Loc-RIB and from there to Adj-RIB-Out (Pre/Post). This section also introduces how NLRIs received within BGP Update eventually ends up into the RIB of receiving BGP speaker. In addition, this chapter shortly introduces the MRAI timer as well as a non-disruptive device maintenance solution. The last section tries to give an answer which protocol best fits in the Underlay Network of BGP EVPN fabric.



Infrastructure AS Numbering and IP Addressing Scheme


The AS-numbering scheme used in this chapter is the same as what was used in chapter 1 but instead of using unnumbered interfaces, each inter-switch interface now has an IP address assigned to it. It is possible to use the Unnumbered interface also with BGP using IPv6 Link-Local addressing [RFC 5549]. However, this solution is not supported by all vendors.


Figure 2-1: IP addressing Scheme.
Continue reading

Worth Reading: Working with TC on Linux systems

Here’s one of the weirdest ideas I’ve found recently: patch together two dangling ends of virtual Ethernet cables with PBR.

To be fair, Jon Langemak used that example to demonstrate how powerful tc could be. It’s always fun to see a totally-unexpected aspect of Linux networking… even though it looks like the creators of those tools believed in Perl mentality of creating a gazillion variants of line noise to get the job done.

Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored)

Today's Heavy Networking explores a partnership between Juniper Networks and Anuta Networks to bring low-code network automation to service providers and enterprises. In this sponsored show, we'll dive into how Anuta's ATOM platform integrates with Juniper's NorthStar SDN controller and HealthBot diagnostic software to automate and orchestrate common networking tasks. Our guests are Peter Weinberger, Principal Product Manager at Juniper Networks; and Kiran Sirupa, Head of Marketing at Anuta Networks.

Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored)

Today's Heavy Networking explores a partnership between Juniper Networks and Anuta Networks to bring low-code network automation to service providers and enterprises. In this sponsored show, we'll dive into how Anuta's ATOM platform integrates with Juniper's NorthStar SDN controller and HealthBot diagnostic software to automate and orchestrate common networking tasks. Our guests are Peter Weinberger, Principal Product Manager at Juniper Networks; and Kiran Sirupa, Head of Marketing at Anuta Networks.

The post Heavy Networking 529: Demystifying Automation With Low-Code Workflows (Sponsored) appeared first on Packet Pushers.

Next Platform TV for July 14, 2020

A wide-ranging program for you today with everything from neuromorphic hardware and software research; some impressive FPGA acceleration for Caffe from Samsung AI Research; why the datacenter industry is booming (the answers might surprise you); the state of Lustre and OpenSFS; and where some unique opportunities are in HPC on the pandemic modeling front.

Next Platform TV for July 14, 2020 was written by Nicole Hemsoth at The Next Platform.

MANRS Welcomes Three New CDN and Cloud Participants

The MANRS Content Delivery Network (CDN) and Cloud Program continues to grow in numbers and in strength with three new participants.

Hostmein, Verisign, and Vultr have deepened their commitment to strengthening the security and resilience of the Internet’s global routing system. Participants of this program, which launched in March 2020, implement important practices for mitigating common routing security threats.

Joining means committing to taking five mandatory, and one optional, security-strengthening actions. These include preventing propagation of incorrect routing information and traffic with illegitimate source IP addresses, and facilitating global operational communication and coordination. Read the full list of actions.

“MANRS is more an idea than a framework, and it is a tremendous idea,” said Hostmein CTO Alexander Stamatis. “It raises awareness, it raises new checks to be implemented in the industry, and it keeps us more in line with the primary mission: keeping the network clean, keeping it safe.

“[MANRS] is better because it was built by engineers for engineers. We discovered issues no other initiatives could detect.”

“MANRS is the best implementation that we have done to date. We have found it to be more effective than other specialised IT certifications. And it is better because it Continue reading

Bringing Order to the Cloud: Day 2 Operations in AWS with Ansible

Cloud environments do not lend themselves to manual management or interference, and only thrive in well-automated environments. Many cloud environments are created and deployed from a known definition/template, but what do you do on day 2? In this blog post, we will cover some of the top day 2 operations use cases available through our Red Hat Certified Ansible Content Collection for AWS (requires a Red Hat Ansible Automation Platform subscription) or from Ansible Galaxy (community supported).

 

Let’s manage some clouds!

No matter the road that led you to managing a cloud environment, you’ll likely have run into the ever-scaling challenge of maintaining cloud-based services over time. Cloud environments do not operate the same ways the old datacenter-based infrastructures did. Coupled with the ease of access for just about anyone to deploy services, you’ll have a potential recipe for years of unlimited maintenance headaches.

The good news is that there is one way to bring order to all the cloud-based chaos: Ansible. In this blog post we will explore common day 2 operations use cases for Amazon Web Services using the amazon.aws Ansible Certified Content Collection. For more information on how to use Ansible Content Collections, check out Continue reading

flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking

flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking
flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking

Magic Transit is Cloudflare’s L3 DDoS Scrubbing service for protecting network infrastructure. As part of our ongoing investment in Magic Transit and our DDoS protection capabilities, we’re excited to talk about a new piece of software helping to protect Magic Transit customers: flowtrackd. flowrackd is a software-defined DDoS protection system that significantly improves our ability to automatically detect and mitigate even the most complex TCP-based DDoS attacks. If you are a Magic Transit customer, this feature will be enabled by default at no additional cost on July 29, 2020.

flowtrackd: DDoS Protection with Unidirectional TCP Flow Tracking

TCP-Based DDoS Attacks

In the first quarter of 2020, one out of every two L3/4 DDoS attacks Cloudflare mitigated was an ACK Flood, and over 66% of all L3/4 attacks were TCP based. Most types of DDoS attacks can be mitigated by finding unique characteristics that are present in all attack packets and using that to distinguish ‘good’ packets from the ‘bad’ ones. This is called "stateless" mitigation, because any packet that has these unique characteristics can simply be dropped without remembering any information (or "state") about the other packets that came before it. However, when attack packets have no unique characteristics, then "stateful" mitigation is required, because whether a Continue reading

In defense of open debate

Recently, Harper's published a Letter on Justice and Open Debate. It's a rather boring defense of liberalism and the norm of tolerating differing points of view. Mike Masnick wrote rebuttal on Techdirt. In this post, I'm going to rebut his rebuttal, writing a counter-counter-argument.

The Letter said that the norms of liberalism tolerate disagreement, and that these norms are under attack by increasing illiberalism on both sides, both the left and the right.

My point is this: Masnick avoids the rebutting the letter. He's recycling his arguments against right-wingers who want their speech coddled, rather than the addressing the concerns of (mostly) left-wingers worried about the fanaticism on their own side.


Free speech

Masnick mentions "free speech" 19 times in his rebuttal -- but the term does not appear in the Harper's letter, not even once. This demonstrates my thesis that his rebuttal misses the point.

The term "free speech" has lost its meaning. It's no longer useful for such conversations.

Left-wingers want media sites like Facebook, YouTube, the New York Times to remove "bad" speech, like right-wing "misinformation". But, as we've been taught, censoring speech is bad. Therefore, "censoring free speech" has to be redefined to as to not Continue reading

How To Deploy Containers to Azure ACI using Docker CLI and Compose

Running containers in the cloud can be hard and confusing. There are so many options to choose from and then understanding how all the different clouds work from virtual networks to security. Not to mention orchestrators. It’s a learning curve to say the least.

At Docker we are making the Developer Experience (DX) more simple. As an extension of that we want to provide the same beloved Docker experience that developers use daily and integrate it with the cloud. Microsoft’s Azure ACI provided an awesome platform to do just that.

In this tutorial, we take a look at running single containers and multiple containers with Compose in Azure ACI. We’ll walk you through setting up your docker context and even simplifying logging into Azure. At the end of this tutorial, you will be able to use familiar Docker commands to deploy your applications into your own Azure ACI account.

Prerequisites

To complete this tutorial, you will need:

Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN

On today's Network Break we discuss Nokia's new network OS, examine a Cisco/AT&T partnership on SD-WAN, and analyze Google's pullback from a cloud venture in China. We also cover a new video codec and an image format that will save bandwidth, the rise of online learning, and what Uber's Postmates acquisition can tell us about IT startups.

The post Network Break 292: Nokia Debuts SR Linux Network OS; AT&T, Cisco Team Up On SD-WAN appeared first on Packet Pushers.

Tech Bytes: Intent-Based Networking And The Evolution Of Automation (Sponsored)

Today's Tech Bytes dives into Intent-Based Networking (IBN) as an evolution of network automation. Apstra is our sponsor for this episode and our guest is Mansour Karam, fouder and President. We discuss how IBN advances traditional automation, Apstra's support for open networking, customer use cases, and more.

The post Tech Bytes: Intent-Based Networking And The Evolution Of Automation (Sponsored) appeared first on Packet Pushers.

1 878 879 880 881 882 3,796