NetworkingNexus.net

Awesome-Compose: Application samples for project development kickoff

Software systems have become quite complex nowadays. A system may consist of several distributed services, each one providing a specific functionality and being updated independently. Starting the development of a project of such complexity is sometimes time consuming, in particular when you are not already familiar with the software stack you are going to work on. This may be because, most of the time, we need to follow rigorous steps to put together the entire project and if we make a mistake in-between, we may have to start all over again.

As a developer, getting a quick understanding of how all the stack is wired together and having an easy to manage project skeleton may be a very good incentive to use that particular stack for future projects.

Furthermore, there are plenty of open-source software stacks that developers can use for their own setups. Providing them with a straightforward way to deploy these software stacks in order to check them out is an important matter when looking to simplify software development and allow developers to explore different options.

To tackle this, we have put together a Github repository with application samples that can be easily deployed with Docker Continue reading

Comparing Internet Connection used in AWS and LISP Based Networks

Forewords

This post starts by discussing the Internet connection from the AWS VPC Control Plane operation perspective. The public AWS documentation only describes the basic components, such as an Internet Gateway (IGW) and a subnet specific Implicit Routers. However, the public AWS documentation does not describe the Control Plane operation related to distributing the default route from IGWs to IMRs. The AWS VPC Control Plane part in this post is based on my assumptions, so be critical of what you read. The second part of this post shortly explains the Control-Plane operation of the Internet connection used in LISP based network. By comparing the AWS VPC to LISP based network I just want to point out that even though some might think that cloud-based networking is much simple than traditional on-premise networking, it is not. People tend to trust network solutions used in clouds (AWS, Azure, etc.) and there is no debate about (a) what hardware is used, (b) how the redundancy works, (c), are solutions standard-based and so on. Now it is more like, I do not care how it works as long as it works. Good or bad, I do not know.
Continue reading

Gartner Cancels Conferences losing >260MM in 2020 revenues

Cancelled or postponed all conferences scheduled through August 2020.

The post Gartner Cancels Conferences losing >260MM in 2020 revenues appeared first on EtherealMind.

Speeding up Linux disk encryption

Data encryption at rest is a must-have for any modern Internet company. Many companies, however, don't encrypt their disks, because they fear the potential performance penalty caused by encryption overhead.

Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how we made it at least two times faster for ourselves and our customers!

Encrypting data at rest

When it comes to encrypting data at rest there are several ways it can be implemented on a modern operating system (OS). Available techniques are tightly coupled with a typical OS storage stack. A simplified version of the storage stack and encryption solutions can be found on the diagram below:

Speeding up Linux disk encryption

On the top of the stack are applications, which read and write data in files (or streams). The file system in the OS kernel keeps track of which blocks of the underlying block device belong to which files and translates these file reads and writes into block reads and writes, however the hardware specifics of the underlying storage device is abstracted away from the filesystem. Finally, the block subsystem actually Continue reading

SD-WAN: A Service Provider Perspective

A reader of my blog was “blessed” with hands-on experience with SD-WAN offered by large service providers. Based on that experience he sent me his views on whether that makes sense. Enjoy ;)

We all have less-than-stellar opinion on service providers and their offerings. Its well known that those services are expensive and usually lacking quality, experience, or simply, knowledge. This applies to regular MPLS/BGP techniques as to - currently, the new challenge - SD-WAN.

Cockroach Labs Defends Default Congif of AWS, Azure, GCP Test

“Ultimately, each cloud can’t hide from public, open-source benchmarks,” said Cockroach Labs'...

Read More »

© SDxCentral, LLC. Use of this feed is limited to personal, non-commercial use and is governed by SDxCentral's Terms of Use (https://www.sdxcentral.com/legal/terms-of-service/). Publishing this feed for public or commercial use and/or misrepresentation by a third party is prohibited.

How Fortinet and Tigera Protect Kubernetes in the Enterprise

What Problems are We Solving?

Container use continues to grow, and Kubernetes is the most widely adopted container orchestration system, managing nearly half of all container deployments.¹ Successful integration of container services within the enterprise depends heavily on access to external resources such as databases, cloud services, third-party application programming interfaces (APIs), and other applications. All this egress activity must be controlled for security and compliance reasons. In a recent container adoption survey, 61% of correspondents, a super-majority, listed data security as their top challenge.²

Kubernetes Requires a Different Approach to Access Control

Traditional IP-based access control doesn’t work in Kubernetes, where workloads are ephemeral, typically stateless, and use short-term IP addresses. While the Calico Enterprise security management interface provides customized control within the Kubernetes environment, using Calico Enterprise security in isolation from existing enterprise network security leaves organizations with disparate policy-enforcement regimes.

Disparate Network Security Systems Introduce Unwanted Complexity

Maintaining two separate network security systems hinders visibility into routing and connectivity within and between Kubernetes clusters. This complicates the process of troubleshooting issues that span Kubernetes and external environments. Because enterprise monitoring tools lack Kubernetes context, the impact of security policy changes are hard to predict, and Continue reading

Daily Roundup: Intel Warns of Financial Hit

Intel warned of financial hit; Attackers exploited remote-code execution vulnerabilities in...

Read More »

Tips for cleaning data-center gear in response to coronavirus

People are washing their hands, countertops, and nearly everything else in an effort to stem the spread of the COVID-19 virus. In a recent trip to the supermarket I found plenty of bread and milk, but the cleaning-aisle shelves were bare.While it's easy to keep your desk clean, what about your data center? People go in and out and touch things all the time. Rubber gloves are an option, but they can be a nuisance when working with gear or touch screens. READ MORE: COVID-19 best practices for data-center operatorsTo read this article in full, please click here

Intel Warns Pandemic Could Erode Financials, Halts Stock Buybacks

There remains "considerable uncertainty" as to how measures taken by world governments to control...

Read More »

Red Hat OpenShift Serverless Inches Closer to GA

The platform is based on the Knative project, which continues to be a lightning rod of controversy...

Read More »

Automate, orchestrate, survive: treating your network as a holistic entity

Organizations need to learn to think about networks as holistic entities. Networks are more than core routers or top-of-rack (ToR) switches. They’re composed of numerous connectivity options, all of which must play nice with one another. What role does automation play in making network heterogeneity viable? And does getting all the pieces from a single vendor really make management easier if that vendor has 15 different operating systems spread across their lineup of network devices?

Most network administrators are used to thinking about their networks in terms of tiers. Access is different from branch, which is different from campus, and so forth. Datacenter is something different again, and then there’s virtual networking complicating everything.

With networks being so big and sprawling that they frequently occupy multiple teams, it’s easy to focus on only one area at a time. Looking at the network holistically—both as it exists, and as it’s likely to evolve—is a much more complicated process, and increasingly important.

Networks grow, evolve and change. Some of this is organic; growth of the organization necessitates the acquisition of new equipment. Other times growth is more unmanaged; something that’s especially common with mergers and acquisitions (M&As).

Regardless of reason, change in Continue reading

Kubernetes testbed

The sFlow-RT real-time analytics platform receives a continuous telemetry stream from sFlow Agents embedded in network devices, hosts and applications and converts the raw measurements into actionable metrics, accessible through open APIs, see Writing Applications.

Application development is greatly simplified if you can emulate the infrastructure you want to monitor on your development machine. Docker testbed describes a simple way to develop sFlow based visibility solutions. This article describes how to build a Kubernetes testbed to develop and test configurations before deploying solutions into production.

Docker Desktop provides a convenient way to set up a single node Kubernetes cluster, just select the Enable Kubernetes setting and click on Apply & Restart.

Create the following sflow-rt.yml file:

apiVersion: v1
kind: Service
metadata:
  name: sflow-rt-sflow
spec:
  type: NodePort
  selector:
    name: sflow-rt
  ports:
    - protocol: UDP
      port: 6343
---
apiVersion: v1
kind: Service
metadata:
  name: sflow-rt-rest
spec:
  type: LoadBalancer
  selector:
    name: sflow-rt
  ports:
    - protocol: TCP
      port: 8008
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sflow-rt
spec:
  replicas: 1
  selector:
    matchLabels:
      name: sflow-rt
  template:
    metadata:
      labels:
        name: sflow-rt
    spec:
      containers:
      - name: sflow-rt
        image: sflow/prometheus:latest
        ports:
          - name: http
            protocol: TCP
            containerPort: 8008
          - name: sflow
            protocol: UDP
            containerPort: 6343

Run the Continue reading

Microsoft Warns of Attacks Exploiting Zero-Day Flaws

Microsoft said it’s “aware of limited targeted attacks” using the remote-code execution...

Read More »

Hands On With Ansible collections

Ansible collections have been introduced previously through two of our blogs Getting Started with Ansible Content Collections and The Future of Ansible Content Delivery. In essence, Ansible Automation content is going to be delivered using the collection packaging mechanism. Ansible Content refers to Ansible Playbooks, modules, module utilities and plugins. Basically all the Ansible tools that users use to create their Ansible Automation. Content is divided between two repositories:

Ansible Galaxy (https://galaxy.ansible.com)
Automation Hub (https://cloud.redhat.com/ansible/automation-hub)

Ansible Galaxy is the upstream community for sharing Ansible Collections. Any community user can create a namespace and share content with anyone. Access to Automation Hub is included with a Red Hat Ansible Automation Platform subscription. Automation Hub only contains fully supported and certified content from Red Hat and our partners. This makes it easier for Red Hat customers to determine which content is the official certified, and importantly supported, content. This includes full content from partners such as Arista, Cisco, Checkpoint, F5, IBM, Microsoft and NetApp.

In this blog post we'll walk through a use case wherein, the user would like to use a Red Hat certified collection from Automation Hub Continue reading

Global Pandemic Strains 5G Supply Chain

Vendors that are projecting stability amid unprecedented calamity and uncertainty face bottlenecks...

Read More »

Post: Scrapinghub, Fauna, Sisu, Educative, PA File Sight, Etleap, Triplebyte, Stream

Who's Hiring?

At Scrapinghub you will be designing and implementing distributed systems: large-scale web crawling platform, integrating Deep Learning based web data extraction components, working on queue algorithms, large datasets, creating a development platform for other company departments, etc. - this is going to be a challenging journey for any backend engineer! Please apply here.

Sisu Data is looking for machine learning engineers who are eager to deliver their features end-to-end, from Jupyter notebook to production, and provide actionable insights to businesses based on their first-party, streaming, and structured relational data. Apply here.

Triplebyte lets exceptional software engineers skip screening steps at hundreds of top tech companies like Apple, Dropbox, Mixpanel, and Instacart. Make your job search O(1), not O(n). Apply here.

Need excellent people? Advertise your job here!

Cool Products and Services

Level up on in-demand technologies and prep for your interviews on Educative.io, featuring popular courses like the bestselling Grokking the System Design Interview. For the first time ever, you can now sign up for a subscription to get unlimited access to every course on the platform at a discounted price through the holiday period only. You'll also Continue reading

Full Stack Journey 040: Learning To Work From Home

A panel of guests share tips, tools, and best practices for working from home in the latest episode of Full Stack Journey. Host Scott Lowe speaks to Puja Abbassi, Lisa Caywood, Simon Crosby, and John Teresick about the challenges and rewards of daily life in the home office.

Full Stack Journey 040: Learning To Work From Home

The post Full Stack Journey 040: Learning To Work From Home appeared first on Packet Pushers.

The Bandwidth Alliance Charges Forward with New Partners – Alibaba, Zenlayer, and Cherry Servers

We started the Bandwidth Alliance in 2018 with a group of like-minded cloud and networking partners. Our common goal was to help our mutual customers reduce or eliminate data transfer charges, sometimes known as "bandwidth” or “egress” fees, between the cloud and the consumer. By reducing or eliminating these costs, our customers can more easily choose a best of breed set of solutions because they don’t have to worry about data charges from moving workloads between vendors, and thereby becoming locked-in to a single provider for all their needs. Today we’re announcing an important milestone: the addition of Alibaba, Zenlayer, and Cherry Servers to the Bandwidth Alliance, expanding it to a total of 20 partners. These partners offer our customers a wide choice of cloud services and products each suited to different needs.

In addition, we are working with our existing partners including Microsoft Azure, Digital Ocean and several others to onboard customers and provide them the benefits of the Bandwidth Alliance. Contact us at [email protected] if you are interested.

Customer savings

Over the past year we have seen several customers take advantage of the Bandwidth Alliance and wanted to highlight two examples.

Nodecraft, which Continue reading

« Previous 1 … 996 997 998 999 1,000 … 3,841 Next »