Eliminating cold starts with Cloudflare Workers

A “cold start” is the time it takes to load and execute a new copy of a serverless function for the first time. It’s a problem that’s both complicated to solve and costly to fix. Other serverless platforms make you choose between suffering from random increases in execution time, or paying your way out with synthetic requests to keep your function warm. Cold starts are a horrible experience, especially when serverless containers can take full seconds to warm up.

Unlike containers, Cloudflare Workers utilize isolate technology, which measure cold starts in single-digit milliseconds. Well, at least they did. Today, we’re removing the need to worry about cold starts entirely, by introducing support for Workers that have no cold starts at all – that’s right, zero. Forget about cold starts, warm starts, or... any starts, with Cloudflare Workers you get always-hot, raw performance in more than 200 cities worldwide.

Why is there a cold start problem?

It’s impractical to keep everyone’s functions warm in memory all the time. Instead, serverless providers only warm up a function after the first request is received. Then, after a period of inactivity, the function becomes cold again and the cycle continues.

For Workers, this has Continue reading

HS. Part 7. Interoperability of Nokia SRLinux and Microsoft Azure SONiC

Hello my friend,

we continue the series of the blogpost dedicated to the overview of the Nokia SR Linux. Today we will speak about the interoperability and its joint operation with Microsoft Azure SONiC, another disaggregated OS, which is used in the hyper scale data centres.

1
2
3
4
5
No part of this blogpost could be reproduced, stored in a 

retrieval system, or transmitted in any form or by any 

means, electronic, mechanical or photocopying, recording, 

or otherwise, for commercial purposes without the 

prior permission of the author.

Automate your data centre infrastrcutre

The data centres and applications they host might be very static, if that is classical enterprise workloads. However, in the world of the clouds the frequency of the changes performed in the data centre network and servers can be very high. Effectively, it can be so high that doing them manually is impractical.

At our network automation training (either live or self-paced) you will learn the foundation of the automation for the small and big data centres, and clouds. You will lean how to structure the data using YANG modules, how to serialise it using JSON, XML, Protobuf depending on the application requirements Continue reading

Balancing AMD’s Future On The Edge Of A Silicon Wafer

The hardest job at any chip designer that doesn’t actually own its own foundry – and maybe even those that do – is figuring out what wafer start commitment level to make for a new compute engine in the datacenter. …

Balancing AMD’s Future On The Edge Of A Silicon Wafer was written by Timothy Prickett Morgan at The Next Platform.

Creating an AWS ELB using Pulumi and Go

In case you hadn’t noticed, I’ve been on a bit of a kick with Pulumi and Go recently. There are two reasons for this. First, I have a number of “learning projects” (things that I decide I’d like to try or test) that would benefit greatly from the use of infrastructure as code. Second, I’ve been working on getting more familiar with Go. The idea of combining both those reasons by using Pulumi with Go seemed natural. Unfortunately, examples of using Pulumi with Go seem to be more limited than examples of using Pulumi with other languages, so in this post I’d like to share how to create an AWS ELB using Pulumi and Go.

Here’s the example code:

elb, err := elb.NewLoadBalancer(ctx, "elb", &elb.LoadBalancerArgs{
	NamePrefix:             pulumi.String(baseName),
	CrossZoneLoadBalancing: pulumi.Bool(true),
	AvailabilityZones:      pulumi.StringArray(azNames),
	Instances:              pulumi.StringArray(cpNodeIds),
	HealthCheck: &elb.LoadBalancerHealthCheckArgs{
		HealthyThreshold:   pulumi.Int(3),
		Interval:           pulumi.Int(30),
		Target:             pulumi.String("SSL:6443"),
		UnhealthyThreshold: pulumi.Int(3),
		Timeout:            pulumi.Int(30),
	},
	Listeners: &elb.LoadBalancerListenerArray{
		&elb.LoadBalancerListenerArgs{
			InstancePort:     pulumi.Int(6443),
			InstanceProtocol: pulumi.String("TCP"),
			LbPort:           pulumi.Int(6443),
			LbProtocol:       pulumi.String("TCP"),
		},
	},
	Tags: pulumi.StringMap{
		"Name": pulumi.String(fmt.Sprintf("cp-elb-%s", baseName)),
		k8sTag: pulumi.String("shared"),
	},
})

You can probably infer from the code above that this Continue reading

Software Has To Lead Hardware In The AI Dance

A lot of the people who are working at the many AI chip startups have a long history in processor development in the datacenter, and that is certainly true of the folks who founded SambaNova Systems. …

Software Has To Lead Hardware In The AI Dance was written by Nicole Hemsoth at The Next Platform.

Next Platform TV for July 29, 2020

On Next Platform TV for today, July 29 we delve into a congressional perspective on AI investments; discuss a new path to low precision in ASICs; talk about the 8-socket server market; and also touch on object storage insights. …

Next Platform TV for July 29, 2020 was written by Nicole Hemsoth at The Next Platform.

Gloo Federation Brings Unified Control Plane, Stitchable APIs Across Multicluster Deployments

For enterprises operating at scale and requiring high availability, ensuring failover at the Kubernetes node level simply isn’t enough. Instead, many are operating in a multicluster environment, ensuring that even if something fails at the cluster level their applications will remain operational. For companies also running API gateway and ingress controller, this multicluster environment had become a pain point, as each cluster would require its own Gloo deployment, which in turn meant configuration, management, and control plane. In response, Solo.io has launched Idit Levine. With federation, Levine said, not only is Gloo able Continue reading

The Hedge Podcast #46: The Value of a College Degree

While many network engineers think about getting a certification, not many think about going after a degree. Is there value in getting a degree for the network engineer? If so, what is it? What kinds of things do you learn in a degree program for network engineering? Eric Osterweil, a professor at George Mason University, joins Jeremy Filliben and Russ White on this episode of the Hedge to consider degrees for network engineers.

download

Workers Security

Hello, I'm an engineer on the Workers team, and today I want to talk to you about security.

Cloudflare is a security company, and the heart of Workers is, in my view, a security project. Running code written by third parties is always a scary proposition, and the primary concern of the Workers team is to make that safe.

For a project like this, it is not enough to pass a security review and say "ok, we're secure" and move on. It's not even enough to consider security at every stage of design and implementation. For Workers, security in and of itself is an ongoing project, and that work is never done. There are always things we can do to reduce the risk and impact of future vulnerabilities.

Today, I want to give you an overview of our security architecture, and then address two specific issues that we are frequently asked about: V8 bugs, and Spectre.

Architectural Overview

Let's start with a quick overview of the Workers Runtime architecture.

There are two fundamental parts of designing a code sandbox: secure isolation and API design.

Isolation

First, we need to create an execution environment where code can't access anything it's not Continue reading

Dictionary : feces barrier

Defining feces barrier

The post Dictionary : feces barrier appeared first on EtherealMind.

Dictionary : bugdoor

Whats is a bugdoor ?

The post Dictionary : bugdoor appeared first on EtherealMind.

OMG, Not Again: New Mobile Internet Protocol Vulnerabilities

Every now and then a security researcher “discovers” a tunneling protocol designed to be used over a protected transport core and “declares it vulnerable” assuming the attacker can connect to that transport network… even though the protocol was purposefully designed that way, and everyone with a bit of clue knew the whole story years ago (and/or it’s even documented in the RFC).

It was MPLS decades ago, then VXLAN a few years ago, and now someone “found” a “high-impact vulnerability” in GPRS Tunnel Protocol. Recommended countermeasures: whitelist-based IP filtering. Yeah, it’s amazing what a wonderful new tool they found.

Unfortunately (for the rest of us), common sense never generated headlines on Hacker News (or anywhere else).

Pluribus Networks Named a Strong Performer in Latest Forrester Wave™ for Open, Programmable Switches for a Businesswide SDN

How Community Networks Are Helping during COVID-19

In July 2020, the Internet Society organized the webinar “How Community Networks are helping during COVID-19.”

We are halfway through this unprecedented year in which COVID-19 continues to cause disruptions and confusion in many areas of our lives. What is clear though, is the recognition of the Internet as a lifeline for us – for communicating with family members and health workers, accessing essential services, and participating in online learning and remote work.

But what about those who don’t have it?

The panel was an opportunity to show that there are solutions out there. To get to them will take strong communities driven by the understanding that everyone can make a difference.

The discussions of July’s webinar got to the heart of this.

The panelists shared stories and videos of the community networks they have helped to build in remote villages where underserved Indigenous tribes live. We heard the story of one Indigenous tribe located in the southern part of West Java in Indonesia, who set up a wireless network for their community. It helped them find jobs and increase their income, as well as access health information, learning resources, and government services.

In India, an Continue reading

Switch turns to Tesla batteries for solar-power storage

Data center provider Switch has selected Tesla as the battery supplier for a massive solar project at its northern Nevada data-center facilities.It's a geographically easy alliance as Switch's campus is right near Tesla's Gigafactory Nevada manufacturing facility. While best known for its cars, Tesla has also made quite an entry in the battery space with products such as the Powerwall, Powerpack, and Megapack energy storage products.To read this article in full, please click here

Google’s Management of Istio Raises Questions in the Cloud Native Community

When the proposed to be included in the still v.02, had only been around less than six months, and yet it aimed to skip the entry-level most young projects enter at and instead applied for inclusion at the secondary incubation tier. While the project was founded primarily by Google and IBM, and boasted numerous other contributors such as Yahoo, Apprenda, Concur, and AT&T, it was met with skepticism — it was so new, it didn’t really have adoption to speak of quite yet, and there were some Solo.io CEO

On the ‘net: Internet Consolidation

Did you know that today Video, gaming and social media account for almost 80% of the world’s internet traffic? The change in the composition of traffic has been accompanied by a dramatic change in the way content is delivered to the internet user: ISPs and transit providers have diminished in number and importance as the power and profile of a few Content Distribution Networks has increased as content is being pushed closer to the edge. But isn’t that just competition at work? What are the long-term consequences of such a change? In the second episode of our three-part series on “Internet Consolidation”, we talk to Russ White, co-host of The History of Networking and The Hedge podcast and a distinguished infrastructure architect and internet transit and routing expert.

Containerized Python Development – Part 3

This is the last part in the series of blog posts showing how to set up and optimize a containerized Python development environment. The first part covered how to containerize a Python service and the best development practices for it. The second part showed how to easily set up different components that our Python application needs and how to easily manage the lifecycle of the overall project with Docker Compose.

In this final part, we review the development cycle of the project and discuss in more details how to apply code updates and debug failures of the containerized Python services. The goal is to analyze how to speed up these recurrent phases of the development process such that we get a similar experience to the local development one.

Applying Code Updates

In general, our containerized development cycle consists of writing/updating code, building, running and debugging it.

For the building and running phase, as most of the time we actually have to wait, we want these phases to go pretty quick such that we focus on coding and debugging.

We now analyze how to optimize the build phase during development. The build phase corresponds to image build time when we change Continue reading

Cloudflare Workers Announces Broad Language Support

We initially launched Cloudflare Workers with support for JavaScript and languages that compile to WebAssembly, such as Rust, C, and C++. Since then, Cloudflare and the community have improved the usability of Typescript on Workers. But we haven't talked much about the many other popular languages that compile to JavaScript. Today, we’re excited to announce support for Python, Scala, Kotlin, Reason and Dart.

You can build applications on Cloudflare Workers using your favorite language starting today.

Getting Started

Getting started is as simple as installing Wrangler, then running generate for the template for your chosen language: Python, Scala, Kotlin, Dart, or Reason. For Python, this looks like:

wrangler generate my-python-project https://github.com/cloudflare/python-worker-hello-world

Follow the installation instructions in the README inside the generated project directory, then run wrangler publish. You can see the output of your Worker at your workers.dev subdomain, e.g. https://my-python-project.cody.workers.dev/. You can sign up for a free Workers account if you don't have one yet.

That’s it. It is really easy to write in your favorite languages. But, this wouldn’t be a very compelling blog post if we left it at that. Now, I’ll shift the focus to Continue reading

The Migration of Legacy Applications to Workers

As Cloudflare Workers, and other Serverless platforms, continue to drive down costs while making it easier for developers to stand up globally scaled applications, the migration of legacy applications is becoming increasingly common. In this post, I want to show how easy it is to migrate such an application onto Workers. To demonstrate, I’m going to use a common migration scenario: moving a legacy application — on an old compute platform behind a VPN or in a private cloud — to a serverless compute platform behind zero-trust security.

Wait but why?

Before we dive further into the technical work, however, let me just address up front: why would someone want to do this? What benefits would they get from such a migration? In my experience, there are two sets of reasons: (1) factors that are “pushing” off legacy platforms, or the constraints and problems of the legacy approach; and (2) factors that are “pulling” onto serverless platforms like Workers, which speaks to the many benefits of this new approach. In terms of the push factors, we often see three core ones:

• Legacy compute resources are not flexible and must be constantly maintained, often leading to capacity constraints or excess cost;
• Continue reading