Scaling Docker’s Business to Serve Millions More Developers: Storage

At Docker, our mission is to enable developers worldwide to quickly bring their ideas to life by reducing the complexity of application development. While over 6.5 million registered Docker developers are enjoying the benefits of Docker today, we want to scale Docker’s business to the tens of millions of developers who are just discovering Docker. Offering free tools and services is a cornerstone of our mission, and these are funded by our paid subscription services.

In this blog series, we will deep dive into why and how the recently announced Terms of Service changes were introduced. This blog, Part 1, will explore the inactive image retention policy and how it will impact development teams who use Docker Hub for managing their container images. Part 2 will focus on the new rate limits policies that were introduced for image pulls.

A deeper look at Docker Hub images

Delivering containerized applications in a portable, secure, and resource efficient manner also requires tools and services for securely storing and sharing applications with your development team. Today, Docker is proud to offer the world’s largest container registry, Docker Hub, which is used by over 6.5 million developers around the world. Over 15 Continue reading

Network Break 298: Arista Launches CloudVision As A Service; Cisco, Megaport Partner On SD-WAN

Take a Network Break! Pass around the virtual pickles as we delve into Arista's new SaaS version of CloudVision, Cisco and Megaport's SD-WAN partnership, new Intent-Based Networking features from Apstra, and more tech news.

The post Network Break 298: Arista Launches CloudVision As A Service; Cisco, Megaport Partner On SD-WAN appeared first on Packet Pushers.

The Week in Internet News: Facebook Bans Conspiracy Accounts

Ban hammer: Facebook has banned banned about 900 pages and groups and 1,500 ads tied to the conspiracy theory QAnon, NBC News reports. QAnon followers believe an anonymous, supposed government insider has warned them about a massive group of satanic cannibals and pedophiles inside the U.S. government. QAnon, militia movements, and violent movements tied to protests will no longer be allowed to buy ads on Facebook, the social media giant said.

That’s really fast: Researchers from University College London have been able to transmit data at 178 terabits per second, The Independent says. That speed is double the speed of any current system being used, and about 20 percent faster than the previous record. With that speed, an Internet user could download the entire Netflix library in just one second.

Cracks in the ‘Net: U.S. President Donald Trump’s campaign against Chinese services TikTok and WeChat could further fracture the Internet, the New York Times reports. “China and the United States once acted like opposites when it came to governing the internet … When President Donald Trump issued executive orders that could lead to a U.S. ban next month on two of the world’s most popular Chinese-made apps, TikTok Continue reading

KubeCon EU: Envoy Looks to WebAssembly to Extend Microservices Monitoring

The whole agile move towards autonomous development is great to embrace the individual team and even engineer preference. However, there’s no doubt it makes it difficult for governance. It’s hard to monitor, observe and learn from disparate tooling. Tetrate.io, KubeCon + CloudNativeCon Europe, virtual edition, a new Envoy extension as a single interpretation for these many languages. He started by saying how: “One fundamental purpose of Envoy is its ability to see into every single request received or made by your application.” Skopets says the next step is to extend Envoy as a way to learn from actual traffic in an efficient, flexible and simple manner. This usually involves natively developing Envoy in C++ and statically linking into the Envoy binary. He says this involves a lot of custom builds of Envoy which leads to “a lot of investment and commitment upfront.” Skopets suggests instead using AssemblyScript, which is a subset of the Fork the code for this instance on Github. KubeCon + CloudNativeCon is a sponsor of The New Stack. Feature image by Pixabay. The post KubeCon EU: Envoy Looks to WebAssembly to Extend Microservices Monitoring appeared first on The New Stack.

Red Hat Ansible Tower Performance Improvements between 3.6 and 3.7

As one of our customers pointed out, "job events are not showing in Tower UI", causing significant performance issues for users trying to view job status updates. To make Red Hat Ansible Tower more approachable in viewing Real-Time job status updates, we’ve applied the following performance improvements. 

 

Performance Improvements

Between the 3.6 and 3.7 releases, there have been significant performance advancements to improve event processing, job running performance and the user interface. This work was done in conjunction with our customers and the Red Hat Scale and Performance team. These include:

  • Added notable performance improvements to event processing to drastically speed up stdout ingestion speed.
  • Updated Ansible Tower to no longer rely on RabbitMQ for clustering and event distribution. Redis is added as a new dependency for event handling.
  • Improved performance in the User Interface for various job views when many simultaneous users are logged into Ansible Tower.
  • Improved job run performance and the write speed of stdout for running playbooks and parallel jobs through optimization of the job dependency/scheduling algorithm.
  • Fixed event processing for inventories with very large numbers of hosts to prevent Ansible Tower slow down.
  • Improved running jobs to no longer block associated Continue reading

Delivering HTTP/2 upload speed improvements

Delivering HTTP/2 upload speed improvements
Delivering HTTP/2 upload speed improvements

Cloudflare recently shipped improved upload speeds across our network for clients using HTTP/2. This post describes our journey from troubleshooting an issue to fixing it and delivering faster upload speeds to the global Internet.

We launched speed.cloudflare.com in May 2020 to give our users insight into how well their networks perform. The test provides download, upload and latency tests. Soon after release, we received reports from a small number of users that sometimes upload speeds were underreported. Our investigation determined that it seemed to happen with end users that had high upload bandwidth available (several hundreds Mbps class cable modem or fiber service). Our speed tests are performed via browser JavaScript, and most browsers use HTTP/2 by default. We found that HTTP/2 upload speeds were sometimes much slower than HTTP/1.1 (assuming all TLS) when the user had high available upload bandwidth.

Upload speed is more important than ever, especially for people using home broadband connections. As many people have been forced to work from home they’re using their broadband connections differently than before. Prior to the pandemic broadband traffic was very asymmetric (you downloaded way more than you uploaded… think listening to music, or streaming a movie), Continue reading

5G spectrum auctions expected in 2021 after Pentagon gives up frequencies

The U.S. Department of Defense will turn over some of its 5G frequency spectrum in a bid to help U.S. carriers bring commercial 5G services to market faster. 5G resources What is 5G? Fast wireless technology for enterprises and phones Private 5G can solve some problems that Wi-Fi can’t Private 5G keeps Whirlpool driverless vehicles rolling 5G can make for cost-effective private backhaul CBRS can bring private 5G to enterprises The DoD controls large portions of the mid-band 5G spectrum in the 3 GHz to 6 GHz range, which is used for military radar. Earlier this year, the White House and DoD formed "America's Mid-Band Initiative Team," or AMBIT, with the goal of making a contiguous, 100 MHz segment of mid-band spectrum available for use in 5G development by the end of the summer.To read this article in full, please click here

MUST READ: What I’ve learned about scaling OSPF in Datacenters

Justin Pietsch published a fantastic recap of his experience running OSPF in AWS infrastructure. You MUST read what he wrote, here’s the TL&DR summary:

  • Contrary to popular myths, OSPF works well on very large leaf-and-spine networks.
  • OSPF nuances are really hard to grasp intuitively, and the only way to know what will happen is to run tests with the same codebase you plan to use in production environment.

Dinesh Dutt made similar claims on one of our podcasts, and I wrote numerous blog posts on the same topic. Not that anyone would care or listen, it’s so much better to watch vendor slide decks full of latest unicorn dust… but in the end, it’s usually not the protocol that’s broken, but the network design.

The Making of an RFC in today’s IETF

These days the process of making an RFC involves extensive review. You might think that the result of this truly exhaustive document review process is some bright shiny truth that is stated with precision and clarity. But that is not necessarily so. Why not?

Zero-Touch Provisioning for Cisco IOS

The official documentation to automatically upgrade and configure on first boot a Cisco switch running on IOS, like a Cisco Catalyst 2960-X Series switch, is scarce on details. This note explains how to configure the ISC DHCP Server for this purpose.

When booting for the first time, Cisco IOS sends a DHCP request on all ports:

Dynamic Host Configuration Protocol (Discover)
    Message type: Boot Request (1)
    Hardware type: Ethernet (0x01)
    Hardware address length: 6
    Hops: 0
    Transaction ID: 0x0000117c
    Seconds elapsed: 0
    Bootp flags: 0x8000, Broadcast flag (Broadcast)
    Client IP address: 0.0.0.0
    Your (client) IP address: 0.0.0.0
    Next server IP address: 0.0.0.0
    Relay agent IP address: 0.0.0.0
    Client MAC address: Cisco_6c:12:c0 (b4:14:89:6c:12:c0)
    Client hardware address padding: 00000000000000000000
    Server host name not given
    Boot file name not given
    Magic cookie: DHCP
    Option: (53) DHCP Message Type (Discover)
    Option: (57) Maximum DHCP Message Size
    Option: (61) Client identifier
        Length: 25
        Type: 0
        Client Identifier: cisco-b414.896c.12c0-Vl1
    Option: (55) Parameter Request List
        Length: 12
        Parameter Request List Item: (1) Subnet Mask
        Parameter Request List Item: (66) TFTP Server Name
        Parameter Request List Item: (6) Domain Name Server
        Parameter Request List Item:  Continue reading

CEX (Code EXpress) 13. Creating your own Python modules.

Hello my friend,

Recently we have learned how to use the external modules to make your Python’s code more powerful. At some point, perhaps already now, you started creating user-defined functions so good that you would like to re-use them in other projects.

Automate all the things

Network automation is one of the most important things named by CIOs in Gather’s research. As such, the companies are (and will be) looking for the experts, who are able to develop new solutions and find creative ways to improve networks’ efficiency via automation. And we are keen to help you with that?

At our network automation training, either self-paced or instructor lead, you will learn the leading technologies, protocols, and tools used to manage the networks in the busiest networks worldwide, such as Google data centres. However, once you master all the skills, you will be able to automate the network of any scale. You will see the opportunities and you will exploit them.

Secret words: NETCONF, REST API, gRPC, JSON , XML, Protocol buffers, SSH, OpenConfig, Python, Ansible, Linux, Docker; and many other wonderful tools and techniques are waiting for you in our training!

Don’t miss opportunity to start your network Continue reading

Heavy Networking 536: Arrcus Reimagines The Chassis Router With Its Virtualized Distributed Router (Sponsored)

Today's Heavy Networking dives into sponsor Arrcus's Virtualized Distributed Router, new software that transforms the monolithic chassis that can scale to thousands of ports while being operated and managed like a single device. Our guests are Murali Gandluru, Keyur Patel, and Nalin Pai from Arrcus.

The post Heavy Networking 536: Arrcus Reimagines The Chassis Router With Its Virtualized Distributed Router (Sponsored) appeared first on Packet Pushers.

Cisco open-source code boosts performance of Kubernetes apps over SD-WAN

Cisco has introduced an open-source project that it says could go a long way toward reducing the manual work involved in optimizing performance of Kubernetes-applications across SD-WANs.Cisco said it launched the Cloud-Native SD-WAN (CN-WAN) project to show how Kubernetes applications can be automatically mapped to SD-WAN with the result that the applications perform better over the WAN.More about SD-WAN: How to buy SD-WAN technology: Key questions to consider when selecting a supplier • How to pick an off-site data-backup method •  SD-Branch: What it is and why you’ll need it • What are the options for security SD-WAN? “In many cases, enterprises deploy an SD-WAN to connect a Kubernetes cluster with users or workloads that consume cloud-native applications. In a typical enterprise, NetOps teams leverage their network expertise to program SD-WAN policies to optimize general connectivity to the Kubernetes hosted applications, with the goal to reduce latency, reduce packet loss, etc.” wrote John Apostolopoulos, vice president and CTO of Cisco’s intent-based networking group in a group blog.To read this article in full, please click here

Opening Up Remote Access with Opengear

Opengear OM2200

The Opengear OM2200

If you had told me last year at this time that remote management of devices would be a huge thing in 2020 I might have agreed but laughed quietly. We were traveling down the path of simultaneously removing hardware from our organizations and deploying IoT devices that could be managed easily from the cloud. We didn’t need to access stuff like we did in the past. Even if we did, it was easy to just SSH or console into the system from a jump box inside the corporate firewall. After all, who wants to work on something when you’re not in the office?

Um, yeah. Surprise, surprise.

Turns out 2020 is the Year of Having Our Hair Lit On Fire. Which is a catchy song someone should record. But it’s also the year where we have learned how to stand up 100% Work From Home VPN setups within a week, deploy architecture to the cloud and refactor on the fly to help employees stay productive, and institute massive change freezes in the corporate data center because no one can drive in to do a reboot if someone forgets to do commit confirmed or reload in 5.

Remote Continue reading

Weekend Reads 082120

When a zero-day vulnerability is exploited in the wild, it’s essential to identify the bug at the root of the attack. This “root cause analysis” informs researchers how an attack unfolded.

The House Judiciary chairman was closing in on his Perry Mason moment with Facebook CEO Mark Zuckerberg. Fortified with “hot” internal company documents, Rep. Jerrold Nadler was building his case at a hearing that seemed almost like a trial for Facebook and three other tech giants over alleged anti-competitive tactics.

While it’s true consumers have largely moved on, data centers are still looking for higher capacity hard drives. That’s why Western Digital (WD) developed new enterprise drives, which are packing what the company calls “ePMR” (energy-assisted perpendicular magnetic recording). For simplicity’s sake, we’ll stick with energy-assisted magnetic recording (EAMR).

Respondents to Tripwire’s survey revealed that they’re specifically worried about their employers’ cloud security. Indeed, 37% of participants indicated that risk management capabilities in the cloud were at least somewhat worse in the cloud than in other parts of the organization’s infrastructure.

In our previous blog about IcedID, we explored some of the changes in the malware and how it tries to evade detection. We also detailed how threat actors Continue reading

JUNOS | Filter-Based Forwarding

Alright, so Filter-Based Forwarding is nothing new. The technology has been around for a while and is relatively well documented. However, I wanted to share a specific use case where Filter-Based Forwarding can be extremely useful. In this scenario, we’re going to use Filter-Based Forwarding to forward traffic to a dedicated VRF where it is then pushed through a DDOS appliance and back to the router via a different VRF.

This construct is very useful when you only need to pass specific ingress traffic through the DDOS appliance. For example, customer destination prefixes who are paying for a DDOS service. Or traffic from certain source prefixes that are known to be malicious. Return traffic in either scenario is not passed via the appliance and is routed directly back to the source.

Challenge Statement
Specific ingress traffic received from transit & peering providers, via the TRANSIT VRF, must be pushed to the DIRTY VRF. The traffic must then be forwarded back towards the TRANSIT VRF via an appliance for inspection. Once the traffic is received back into the TRANSIT VRF it is onward routed as normal.

Solution
The solution involves defining the prefixes that should be considered within the Filter-Based Forwarding Continue reading

1 903 904 905 906 907 3,841