Self-hosted external DNS resolver for Kubernetes

There comes a time in the life of every Kubernetes cluster when internal resources (pods, deployments) need to be exposed to the outside world. Doing so from a pure IP connectivity perspective is relatively easy as most of the constructs come baked-in (e.g. NodePort-type Services) or can be enabled with an off-the-shelf add-on (e.g. Ingress and LoadBalancer controllers). In this post, we’ll focus on one crucial piece of network connectivity which glues together the dynamically-allocated external IP with a static customer-defined hostname — a DNS. We’ll examine the pros and cons of various ways of implementing external DNS in Kubernetes and introduce a new CoreDNS plugin that can be used for dynamic discovery and resolution of multiple types of external Kubernetes resources.

External Kubernetes Resources

Let’s start by reviewing various types of “external” Kubernetes resources and the level of networking abstraction they provide starting from the lowest all the way to the highest level.

One of the most fundamental building block of all things external in Kubernetes is the NodePort service. It works by allocating a unique external port for every service instance and setting up kube-proxy to deliver incoming packets from that port to the one of Continue reading

AI system analyzes code similarities, makes progress toward automated coding

With the rapid advances in artificial intelligence (AI), are we getting to the point when computers will be smart enough to write their own code and be done with human coders? New research suggests we might be getting closer to that milestone.Researchers from MIT and Georgia Tech teamed with Intel to develop an AI engine, dubbed Machine Inferred Code Similarity (MISIM), that's designed to analyze software code and determine how it's similar to other code. What's most interesting is the potential for the system to learn what bits of code do, and then use that intelligence to change how software is written. Ultimately, a human could explain what it wants a software program to do, and then a machine programming (MP) system could come up with a coded app to accomplish it.To read this article in full, please click here

Juniper expands WiFi 6 access point family to support remote workers

Taking aim at helping enterprise customers support tons of remote workers, Juniper this week extended its family of Wi-Fi 6 wireless access points.The access points feature integration with the Juniper Mist Wi-Fi Assurance cloud service to help customers with automated WLAN configuration, anomaly detection, performance and service-level metrics to ultimately make wireless networks more predictable and reliable. Learn about 5G and Wi-Fi 6To read this article in full, please click here

IT employment takes a hit but overall remains healthy

The tech sector is beginning to feel some of the negative hiring impact of the prolonged COVID-19 shutdown, but the overall job field remains a lot healthier than other sectors. That's according to CompTIA's review of the newest Employment Situation Summary from the U.S. Bureau of Labor Statistics.The BLS report covers all sectors, but CompTIA focused on two areas: technology sector employment, which relates to jobs in the tech industry as a whole (people employed by Google, Microsoft, Dell, etc.) and includes both technical and non-technical roles; and IT employment, which covers IT jobs across all sectors of the economy (travel, retail, health care, etc.).To read this article in full, please click here

Cisco CEO to accelerate as-a-service offerings, cut costs $1B-plus

When you think of Cisco, the first thing that comes to mind is switches the size of a refrigerator, but on the company’s Q4 and year-end 2020 earnings call with financial analysts, CEO Chuck Robbins laid out a surprising transformation.For the full fiscal year, the company saw 51% of revenues come from software and services. It had also set out the goal for two-thirds of software sales to be sold as subscription. That rate has now reached 78%.[Get regularly scheduled insights by signing up for Network World newsletters.] And Robbins said Cisco isn’t done there. He says the company is reexamining its entire business model in the wake of changes to the work environment brought on by the COVID-19 pandemic. “We're even looking at how we deliver our traditional networking hardware as a service over time,” he told analysts. And  he said much of it will be available by the end of the calendar year.To read this article in full, please click here

How To Use the Official NGINX Docker Image

NGINX is one of the most popular web servers in the world. Not only is NGINX a fast and reliable static web server, it is also used by a ton of developers as a reverse-proxy that sits in front of their APIs. 

In this tutorial we will take a look at the NGINX Official Docker Image and how to use it. We’ll start by running a static web server locally then we’ll build a custom image to house our web server and the files it needs to serve. We’ll finish up by taking a look at creating a reverse-proxy server for a simple REST API and then how to share this image with your team.

Prerequisites

To complete this tutorial, you will need the following:

NGINX Official Image

The Docker Official Images are a curated set of Docker repositories hosted on Docker Hub that have been scanned for vulnerabilities and are maintained by Docker employees and upstream maintainers.

Official Continue reading

Speed Matters: How Businesses Can Improve User Experience Using Open Standards

A recent report – Milliseconds make Millions – commissioned by Google and published by Deloitte, has shown that mobile website speed has a direct impact on user experience. Reducing latency and increasing load times by just 0.1 second can positively affect conversion rates potentially leading to an increase in net earnings.

Over a four-week period, Deloitte’s research team analyzed mobile web data from 37 retail, travel, luxury, and lead generation brands throughout Europe and the U.S. Results showed that by decreasing load time by 0.1s, the average conversion rate grew by 8% for retail sites and by 10% for travel sites. The team also observed an increase in engagement, page views, and the amount of money spent by website visitors when sites loaded faster.

Multiple studies have consistently shown that faster page load speeds will result in better conversion rates. Akamai’s 2017 Online Retail Performance Report, for example, showed that a 100-millisecond delay in website load time can reduce conversion rates by 7% and that over half (53%) of mobile site visitors will leave a page that takes longer than three seconds to load.

HTTP/2 and IPv6: Faster and More Available

There’s good news: making some Continue reading

Word game: Finding anadromes with Linux

In these stressful times, one way to distract ourselves from the gloom is by playing word games. With this thought in mind, I challenged myself to identify words that, spelled backwards, would still be words.Instead of cheating by doing a simple Google search, I cheated by using my Linux commands skills. So, in this post, we’ll look at how Linux commands and resources can be used to identify such words.Defining the search Before we get started on the Linux search technique, I should point out that what I was looking for were not just palindromes – words like “civic” and “deified” that read the same from left to right as they do right to left. Instead, I was also looking for words like “reward” and “decaf” that turn into different words – in this case, “drawer” and “faced” -- when one reads them backwards.To read this article in full, please click here

Automating Mitigation of the Microsoft (CVE-2020-1350) Security Vulnerability in Windows Domain Name System Using Ansible Tower

On July 14, 2020, a Critical Remote Code Execution (RCE) vulnerability in Windows DNS Server was released that is classified as a ‘wormable’ vulnerability, and has a CVSS base score of 10.0. This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected.

Updates to this vulnerability are available. However, in some use cases, applying the update quickly might not be practical: in many enterprises, even hotfixes need to run through a series of tests that require time. For such cases, a registry-based workaround is available that also requires restarting the DNS service.  However, doing so manually is time consuming and prone to error, especially if many servers are involved. For customers with the Red Hat Ansible Automation Platform, a playbook has been written to automate the workaround.

 

Background of the vulnerability

The vulnerability is described in CVE-2020-1350

Wormable vulnerabilities have the potential to spread via malware between vulnerable computers without user interaction. Windows DNS Server is a core networking component. While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address Continue reading

My Journey Towards the Cisco Certified DevNet Specialist – Security by Nick Russo

On 10 August 2020, I took and passed the Automating Cisco Security Solutions (SAUTO) exam on my first attempt. In February of the same year, I passed DEVASC, DEVCOR, and ENAUTO to earn both the CCDevA and CCDevP certifications. You might be wondering why I decided to take another concentration exam. I won’t use this blog to talk about myself too much, but know this: learning is a life-long journey that doesn’t end when you earn your degree, certification, or other victory trinket. I saw SAUTO as an opportunity to challenge myself by leaving my “comfort zone” … and trust me, it was very difficult.

One of the hardest aspects of SAUTO is that it encompasses 12 different APIs spread across an enormous collection of products covering the full spectrum of cyber defense. Learning any new API is difficult as you’ll have to familiarize yourself with new API documentations, authentication/authorization schemes, request/response formats, and various other product nuances. For that reason along, the scope of SAUTO when compared to ENAUTO makes it a formidable exam.

Network automation skills are less relevant in this exam than in DEVASC, DEVCOR, or ENAUTO, as they only account for 10% Continue reading

Enforcing Enterprise Security Controls in Kubernetes using Calico Enterprise

Hybrid cloud infrastructures run critical business resources and are subject to some of the strictest network security controls. Irrespective of the industry and resource types, these controls broadly fall into three categories.

  1. Segmenting environments (Dev, Staging, Prod)
  2. Enforcing zones (DMZ, Trusted, etc.)
  3. Compliance requirements (GDPR, PCI DSS)

Workloads (pods) running on Kubernetes are ephemeral in nature, and IP-based controls are no longer effective. The challenge is to enforce the organizational security controls on the workloads and Kubernetes nodes themselves. Customers need the following capabilities:

  • Ability to implement security controls both globally and on a per-app basis: Global controls help enforce segmentation across the cluster, and work well when the workloads are classified into different environments and/or zones using labels. As long as the labels are in place, these controls will work for any new workloads.
  • Generate alerts if security controls are tampered with: Anyone with valid permissions can make changes to the controls. There is a possibility that these controls can be modified without proper authorization or even with a malicious intent to bypass the security. Hence, it is important to monitor changes to the policies.
  • Produce an audit log showing changes to security controls over time: This is Continue reading

Docker Hub Incident Review – 5 July 2020

Background

This is Docker’s first time publishing an incident report publicly. While we have always done detailed post mortems on incidents internally, as part of the changing culture at Docker, we want to be more open externally as well. For example, this year we have started publishing our roadmap publicly and asking our users for their input. You should expect to see us continue publishing reports for most significant incidents.

In publishing these reports, we hope others can learn from the issues we have faced and how we have dealt with them. We hope it builds trust in our services and our teams. We also think this one is pretty interesting due to the complex interaction between multiple services and stakeholders.

Incident Summary

Amazon Linux users in several regions encountered intermittent hanging downloads of Docker images from the Docker Hub registry between roughly July 5 19:00 UTC and July 6 06:30 UTC. The issue stemmed from an anti-botnet protection mechanism our CDN provider Cloudflare had deployed. Teams from Docker, Cloudflare, and AWS worked together to pinpoint the issue and the mechanism in question was disabled, leading to full service restoration.

What Happened

At about 01:45 UTC on Monday July 6th Continue reading

Industry groups prep Ethernet for operational, wireless networks

As Ethernet-based networks continue to evolve, two industry groups recently announced plans to take it to yet another level – this time extending the technology to operational and  wireless time-sensitive communication applications.This week the Ethernet Alliance said it was pushing an effort to bring faster, simpler communications to the operational technology (OT) networks typically found in building and industrial automation environments. The Ethernet Alliance includes a variety of communications players including Broadcom, Cisco, Dell, Juniper, Intel as well as university and industry members.[Get regularly scheduled insights by signing up for Network World newsletters.] A recently standardized IEEE specification, 802.3cg, which defines the use of Single-Pair Ethernet (SPE) in many circumstances rather than a wide range of fieldbus cables, including RS‑485 twisted-pair, RG‑6 coaxial, and instrumentation cables is behind the group’s strategy. To read this article in full, please click here

The 2020 Indigenous Connectivity Summit and Trainings: Register Now

People around the world are relying on the Internet to keep them connected to everyday life, but Indigenous communities in North America are being left behind by companies and governments. Lack of connectivity means many are unable to access even basic information and healthcare. And while COVID-19 has hit Indigenous communities especially hard, lack of access means they can’t use services that connected populations consider critical, such as remote learning and teleworking.

We must address this critical gap.

For years, the Internet Society has worked with those very communities, along with network operators, technologists, civil society, academia, and policymakers – bringing them together to discuss what can be done collectively to narrow the digital divide. We do this through our Indigenous Connectivity Summit (ICS) and the pre-Summit Trainings: Community Networks and Policy and Advocacy.

This year, though we can’t meet in person, we’ll hold a virtual event.

We’re excited to announce that registration is now open for the 2020 Indigenous Connectivity Summit.

The Summit will take place October 5-9, 2020, with training sessions beginning the first week of September. Those who register for the Summit before Friday, September 11th will receive a swag bag and materials for hands-on training prior to the Summit. Continue reading

Accelerating the data center with NVIDIA, Mellanox + Cumulus

Today’s modern datacenter and cloud architectures are horizontally scalable disaggregated distributed systems. Distributed systems have many individual components that work together independently creating a powerful cohesive solution. Just like how compute is the brains behind a datacenter’s distributed system, the network is the nervous system, responsible for ensuring communication gets to all the individual components. This blog tells you why NVIDIA Mellanox gives NVIDIA a larger footprint in the datacenter. The combination of NVIDIA, Mellanox and Cumulus together can provide end-to-end acceleration technologies for the modern disaggregated data-center.

Accelerating the datacenter

All parties coming together in this acquisition are involved in acceleration technologies in the modern data center:

  • NVIDIA is at the center of Compute acceleration: Its GPU’s provide compute acceleration for High performance computing and infrastructure for neural networks that power AI assisted application features.
  • Mellanox comes to the table with its dominance in High performance interconnects, Data and network processing acceleration on the host and hardware for the network fabric
  • Cumulus Networks provides the Linux stack to accelerate the network fabric by enabling networking hardware features, and accelerating deployment, integration and monitoring of the network fabric with Automation and the Linux ecosystem. Cumulus Networks software architecture and DNA Continue reading

Day Two Cloud 061: Using Public Cloud For Disaster Recovery

The Day Two Cloud podcast explores different approaches to using the public cloud for disaster recovery. We examine costs and benefits, discuss recovery times, dive into planning, and more. The show draws on co-host Ned Bellavance's experience working on DR projects for a variety of customers during his VAR days.

The post Day Two Cloud 061: Using Public Cloud For Disaster Recovery appeared first on Packet Pushers.

NTC – Netpalm With Tony Nealon

Open source continues to accelerate in the network domain with projects such as Netmiko, NAPALM, and Nornir–all of which are led by individuals, not large organizations or venture-backed startups.  In this episode we sit down with Tony Nealon, creator of Netpalm. Netpalm is a network API platform that can abstract and render structured data, both inbound and outbound, to your network device’s native telnet, SSH, NETCONF or RESTCONF interface–leveraging popular libraries like NAPALM, Netmiko, and ncclient under the hood for network device communication

Helpful Links:

Tony Nealon
Guest
Jason Edelman
Host

Outro Music:
Danger Storm Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License
http://creativecommons.org/licenses/by/3.0/

The post NTC – Netpalm With Tony Nealon appeared first on Network Collective.

1 916 917 918 919 920 3,849