diff --git a/Content/20240212173904-cloud_computing.org b/Content/20240212173904-cloud_computing.org index 9abb194..6d158dd 100644 --- a/Content/20240212173904-cloud_computing.org +++ b/Content/20240212173904-cloud_computing.org @@ -39,11 +39,12 @@ See [[id:89784e77-cdd0-460c-a5b9-cb0a18842903][Anything as a service]] - Platform - Infrastructure - Software -* Control Flow (work in progress) +* WIPs +** Control Flow This sub-node intends to document the major points of control when it comes to provisioning resources on the cloud. -** [[id:d2dce984-a72a-4069-9fae-10b515f97a26][Cloud-Init]] +*** [[id:d2dce984-a72a-4069-9fae-10b515f97a26][Cloud-Init]] * Practical Sentinel Refs - [[id:c2072565-787a-4cea-9894-60fad254f61d][Kubernetes]] - [[id:af4d4e9f-3fd3-4718-ba73-e6af4f57c29c][Docker]] - [[id:03cd8062-b3fb-4cd9-97a8-5d60f037f7b6][Open Stack]] - + - [[id:714b029b-d0ac-4842-89f5-5f871d1a22c7][Software Defined Networking]] diff --git a/Content/20240305152640-web_application_firewall.org b/Content/20240305152640-web_application_firewall.org index dc9f8db..0842598 100644 --- a/Content/20240305152640-web_application_firewall.org +++ b/Content/20240305152640-web_application_firewall.org @@ -12,3 +12,6 @@ A DLP (Data Loss Prevention) module may be installed on the reverse proxy to add ** Data Loss Prevention * Cloud Native ** [[id:aad7cf70-154f-4198-ad2b-8e6cd40771aa][Traefik]] + +* Resources + - https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-worke diff --git a/Content/20240308144621-software_defined_networking.org b/Content/20240308144621-software_defined_networking.org index 1950d2d..deb7ab9 100644 --- a/Content/20240308144621-software_defined_networking.org +++ b/Content/20240308144621-software_defined_networking.org @@ -3,8 +3,46 @@ :ROAM_ALIASES: SDN :END: #+title: Software Defined Networking -#+filetags: :programming: +#+filetags: :cs:network: + + + +* Overview + - Software Defined Networking (SDN) is a [[id:8d7067b7-084f-4c25-a8e0-609bbbe6fac6][networking paradigm]] that separates the control plane from the data plane. + - *Control Plane*: Responsible for decision-making processes about where traffic is sent. + - *Data Plane*: Handles the actual forwarding of packets according to decisions made by the control plane. + - SDN allows network administrators to manage network services through [[id:20240218T061653.528745][abstraction]]. + - Centralized management of network configuration. + - Simplifies network design and operation since the control plane is logically centralized. + +** Key Components + - *SDN Controller*: The central system that governs the behavior of the network. + - *Northbound Interfaces (APIs)*: Interfaces allowing interactions between the SDN controller and the applications/processes. + - *Southbound Interfaces (APIs)*: Interfaces enabling communication between the SDN controller and the network devices/switches (e.g., [[id:b148083e-d81d-4ea5-830e-b944cd0034dc][OpenFlow]]). + +** Benefits of SDN + - Improved network flexibility and agility. + - Easier automation of network functions and services. + - Enhanced network programmability. + +** Challenges and Critiques + - Potential security risks due to centralized control. + - Complexity in the initial transition from traditional networking to SDN. + - Performance bottlenecks if the controller fails or the network is overly centralized. + +** Current Trends + - Integration with cloud computing to enhance network scalability. + - Use in modern [[id:744acfd8-f1eb-4b5b-a8b5-043b9cd36ca4][data centers]] to support [[id:4e6ad3db-c61d-4f5a-8c4f-6e4a7f169c87][multi-tenant networking]]. + +** Connections and Further Insights + - *SDN and [[id:bc1cc0cf-5e6a-4fee-b9a5-16533730020a][Cloud Computing]]*: Both aim for resource optimization and improved service delivery, and they complement each other by enhancing network management in cloud environments. + - *Security Concerns*: Centralization in SDN introduces a single point of failure, making thorough security measures essential. + - *Technical Evolution*: Movement towards more decentralized models like distributed SDN to mitigate some of the centralization risks. + +* [[id:5e9efba1-5e48-4ecb-a8dd-752481528b1b][Distributed SDN]] * Resources - https://www.ibm.com/topics/sdn - + - https://opennetworking.org/sdn-definition/ + - https://sdn.systemsapproach.org/ + - https://github.com/sdnds-tw/awesome-sdn diff --git a/Content/20240707174313-plantuml.org b/Content/20240707174313-plantuml.org index 44ba208..2e23466 100644 --- a/Content/20240707174313-plantuml.org +++ b/Content/20240707174313-plantuml.org @@ -8,9 +8,10 @@ #+begin_src plantuml :file images/plantuml-seq.png :exports both @startuml -Alice -> Bob: Authentication request -Bob --> Alice: Authenticate accepted -Alice -> Bob: Another request +Client -> "R-Proxy": request +"R-Proxy" -> Server: request +Server -> "R-Proxy": response +"R-Proxy" -> Client: response @enduml #+end_src @@ -33,9 +34,6 @@ Note "1" *-- "*" Tag @enduml #+end_src -#+RESULTS: -[[file:images/plant-uml.png]] - * State diagrams #+begin_src plantuml :file images/plantuml-state.png :exports both diff --git a/Content/20240728173428-flux.org b/Content/20240728173428-flux.org index ba21083..2317f59 100644 --- a/Content/20240728173428-flux.org +++ b/Content/20240728173428-flux.org @@ -4,5 +4,9 @@ #+title: Flux #+filetags: :cloud-native:cncf: +* Relevant Nodes + - [[id:92efb858-8a87-40f6-bbcf-d736d0ffd942][GitOps]] + * Resources - https://fluxcd.io/flux/ +- https://fluxcd.io/ diff --git a/Content/20241013061220-internet_protocol_address.org b/Content/20241013061220-internet_protocol_address.org index c85b5d6..95c24b2 100644 --- a/Content/20241013061220-internet_protocol_address.org +++ b/Content/20241013061220-internet_protocol_address.org @@ -37,3 +37,5 @@ - Allows multiple devices on a local network to share a single public IP address. ** [[id:74055437-5557-4a21-9b7a-a3b5df3a8a24][IPVS (IP Virtual Server)]] +* [[id:3081373b-adbd-413d-8151-06ce322b9583][IPTables]] +- https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture diff --git a/Content/20241013062709-nat_network_address_translation.org b/Content/20241013062709-nat_network_address_translation.org index f97df9f..bbcbcd6 100644 --- a/Content/20241013062709-nat_network_address_translation.org +++ b/Content/20241013062709-nat_network_address_translation.org @@ -3,3 +3,92 @@ :END: #+title: NAT (Network Address Translation) #+filetags: :cs:network: + +* Overview +** Definition + - NAT is a method used in [[id:8d7067b7-084f-4c25-a8e0-609bbbe6fac6][networking]] to remap one [[id:d799bc90-5032-4a69-9806-83145297a335][IP address]] space into another by modifying network address information in the IP header of packets while they are in transit. + +** Types of NAT + + - Static NAT (SNAT): Maps a single private IP address to a single public IP address. + + - Dynamic NAT (DNAT): Dynamically maps private IP addresses to a pool of public IP addresses. + + - Port Address Translation (PAT): Also known as NAT overload, maps multiple private IP addresses to a single public IP address using different ports. + +** Benefits of NAT + + - Conserves the number of public IP addresses used within an organization. + + - Enhances security by masking internal IP addresses from external networks. + + - Allows multiple devices on a local network to access the internet using a single public IP address. + +** Challenges and Criticism of NAT + + - Complicates peer-to-peer communications and certain applications that require end-to-end connectivity. + + - Can pose challenges for applications using IP-level information, such as VoIP. + + - Introduces latency due to the need for translation. + +** Connections + + - NAT and IPv4 Address Exhaustion + - NAT was widely adopted as a solution to the IPv4 address exhaustion problem by allowing multiple devices on a local network to share a single public IP address. + + - NAT and Security + - While NAT can hide internal network structures, it is not inherently a security mechanism and should be used in conjunction with other [[id:49fee858-eb36-4230-8eb0-881df964aec8][security measures]]. + + - NAT vs. [[id:1a3d2a4c-bfad-4e5a-ab97-4db4531e7bd2][IPv6]] + - IPv6 was designed to overcome the limitations of IPv4, including the need for NAT, through a vastly larger address space. + +** Further Research Pathways + - How does NAT affect newer networking technologies such as [[id:714b029b-d0ac-4842-89f5-5f871d1a22c7][Software-Defined Networking (SDN)]]? + - What are the performance implications of NAT on high-throughput applications and how can these be mitigated? + - In transitioning to IPv6, what role does NAT still play, if any, in the IPv6-based networks? + +* NAT & IPV6 +** Context +- *IPv6 (Internet Protocol version 6)* + - Address Space: Offers a vastly larger address space compared to IPv4, theoretically eliminating the need for NAT. + - Direct Addressing: Every device can have a unique global IP address, simplifying end-to-end connectivity and eliminating the middle-man nature of NAT. + +- *NAT in IPv6 Context* + - NAT's Original Purpose: The primary motivation for NAT in IPv4 was IP address conservation due to scarcity. + - IPv6 Design: IPv6 was designed with the intention of removing the need for NAT, providing a globally unique address for every device. + - Usage in IPv6: Technically, NAT is not required with IPv6; however, certain forms such as [[id:e3be59fe-2334-47f8-a889-fff672c1c1af][NAT66]] might be used for other purposes like address masking. + +- *Connections Between NAT and IPv6* + - Security Concerns: Some organizations use NAT66 for perceived security, hiding internal network structures. + - Network Policies: NAT66 can facilitate network policy enforcement where internal addressing schemes need to be kept private. + - Legacy Implementations: Transitional technologies might employ NAT in mixed IPv4/IPv6 environments as a bridging tool. + +- *Critique and Observations* + - Philosophical Standpoints: Some argue NAT remains useful for security and privacy, despite its redundancy in IPv6 for addressing needs. + - Technological Pragmatism: Actual deployments might still rely on NAT due to ingrained IPv4 legacy practices and tools. + +** NAT66 +:PROPERTIES: +:ID: e3be59fe-2334-47f8-a889-fff672c1c1af +:END: +*** NAT66 (Network Address Translation for IPv6) + + - Purpose: NAT66 is a form of network address translation for IPv6, which translates one set of IPv6 addresses to another, while maintaining end-to-end address integrity. + - Debate: While NAT66 is not necessary for preserving address space as in IPv4, some propose its use for: + - Privacy: Masking internal network addresses from external observers. + - Policy Enforcement: Facilitating organizational policies that require address manipulation. + +*** Considerations and Critiques + - Lack of Necessity: With IPv6’s plentiful addresses, NAT66 is not needed to conserve addresses, the original rationale for NAT in IPv4 environments. + - Potential Downsides: NAT66 could disrupt end-to-end connectivity and add complexity, which contradicts one of the core simplifications IPv6 offers. + - Security Illusion: NAT66 may give a false sense of security. True security in IPv6 relies more on robust [[id:49fee858-eb36-4230-8eb0-881df964aec8][firewall]] policies and proper configuration. + +*** Further Research Pathways + - What specific scenarios might justify the use of NAT66 in modern networks? + - How do privacy and security policies differ across regions or industries regarding NAT66? + - In practice, how has NAT66 been implemented, and what are the common pitfalls observed? + - In what ways can IPv6 address the security and policy enforcement needs without relying on NAT66? + +*** Resources + - https://blog.apnic.net/2018/02/02/nat66-good-bad-ugly/ diff --git a/Content/20241014204106-operators_k8s.org b/Content/20241014204106-operators_k8s.org index 9eaf400..929cfad 100644 --- a/Content/20241014204106-operators_k8s.org +++ b/Content/20241014204106-operators_k8s.org @@ -7,9 +7,15 @@ * Whitepaper - https://github.com/cncf/tag-app-delivery/blob/163962c4b1cd70d085107fc579e3e04c2e14d59c/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md - is about [[id:fbf4b86f-9f3b-4fc7-aa76-1112c755eb1a][operators]] in general - - exploring in a dedicated node -* OperatorHub.io + - exploring the generic patterns in a dedicated node + +* Marketplaces +** ArtifactHub.io + - https://artifacthub.io/ +** OperatorHub.io - https://operatorhub.io/ +* [[id:d79e644e-0e3b-4ca3-ab92-6f55e11b372c][MetaController]] +* [[id:1bc077cf-d69d-4cec-a80b-9d8fc9a18386][Operator LifeCycle Manager]] * Resources - https://kubernetes.io/docs/concepts/extend-kubernetes/operator/ - https://github.com/cncf/tag-app-delivery/blob/163962c4b1cd70d085107fc579e3e04c2e14d59c/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md diff --git a/Content/20241021084553-operator.org b/Content/20241021084553-operator.org index 65123a5..0f6b3bd 100644 --- a/Content/20241021084553-operator.org +++ b/Content/20241021084553-operator.org @@ -139,4 +139,4 @@ - Recognition of contributors and reviewers. * Resources - https://github.com/cncf/tag-app-delivery/blob/163962c4b1cd70d085107fc579e3e04c2e14d59c/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md - + - https://github.com/kubernetes/kubernetes/tree/53ee0c86522b1afc1ee64503c73965b89d500db5/staging/src/k8s.io/sample-controller diff --git a/Content/20241021100814-metacontroller.org b/Content/20241021100814-metacontroller.org new file mode 100644 index 0000000..2c07601 --- /dev/null +++ b/Content/20241021100814-metacontroller.org @@ -0,0 +1,9 @@ +:PROPERTIES: +:ID: d79e644e-0e3b-4ca3-ab92-6f55e11b372c +:END: +#+title: MetaController +#+filetags: :k8s: + +* Resources + - https://metacontroller.github.io/metacontroller/intro.html + - https://github.com/metacontroller/metacontroller diff --git a/Content/20241021103615-operator_lifecycle_manager.org b/Content/20241021103615-operator_lifecycle_manager.org new file mode 100644 index 0000000..973c4c6 --- /dev/null +++ b/Content/20241021103615-operator_lifecycle_manager.org @@ -0,0 +1,8 @@ +:PROPERTIES: +:ID: 1bc077cf-d69d-4cec-a80b-9d8fc9a18386 +:END: +#+title: Operator LifeCycle Manager +#+filetags: :k8s: + +* Resources + - https://olm.operatorframework.io/ diff --git a/Content/20241021110953-iptables.org b/Content/20241021110953-iptables.org new file mode 100644 index 0000000..1104590 --- /dev/null +++ b/Content/20241021110953-iptables.org @@ -0,0 +1,28 @@ +:PROPERTIES: +:ID: 3081373b-adbd-413d-8151-06ce322b9583 +:END: +#+title: IPTables +#+filetags: :network:linux:cs: + +* Netfilter +** Netfilter Overview + - Netfilter is a framework within the [[id:d43f2ef3-6eb4-4f8d-89ed-095fedd7d7f9][Linux]] kernel. + - It provides various [[id:8d7067b7-084f-4c25-a8e0-609bbbe6fac6][networking]]-related operations. + - Netfilter’s primary role involves packet filtering, [[id:2db5d39c-8f0d-4bcb-ba73-c5d4e22c4d03][network address translation]], and packet mangling. + +** Key Features of Netfilter + - Allows for the manipulation of packets as they traverse through the Linux [[id:2deb95d6-5474-4096-85fc-bd568031cc33][network stack]]. + - Utilized by administrators to manage and control network traffic. + - Versatile in terms of protocols and network layers. + +** Connection to IPTables + - IPTables is a user-space utility program. + - Utilizes the Netfilter framework to implement firewall configurations. + - Provides a command-line interface to configure rules governing packet filtering and NAT. + +** Additional Functionalities + - Implements different network address translation techniques, such as SNAT and DNAT. + - Supports stateful packet inspection, allowing tracking of connection states. + +* Relevant nodes + - [[id:49fee858-eb36-4230-8eb0-881df964aec8][Firewall]] diff --git a/Content/20241021114251-openflow.org b/Content/20241021114251-openflow.org new file mode 100644 index 0000000..c4e8d47 --- /dev/null +++ b/Content/20241021114251-openflow.org @@ -0,0 +1,11 @@ +:PROPERTIES: +:ID: b148083e-d81d-4ea5-830e-b944cd0034dc +:END: +#+title: OpenFlow +#+filetags: :cs:network: + +* Open Networking Foundation + - https://opennetworking.org/ + - https://en.wikipedia.org/wiki/Open_Networking_Foundation +* Resources + - https://en.wikipedia.org/wiki/OpenFlow diff --git a/Content/20241021115133-multitenant_networking.org b/Content/20241021115133-multitenant_networking.org new file mode 100644 index 0000000..26d1b98 --- /dev/null +++ b/Content/20241021115133-multitenant_networking.org @@ -0,0 +1,5 @@ +:PROPERTIES: +:ID: 4e6ad3db-c61d-4f5a-8c4f-6e4a7f169c87 +:END: +#+title: MultiTenant-Networking +#+filetags: :cs:network: diff --git a/Content/20241021115217-dcops.org b/Content/20241021115217-dcops.org new file mode 100644 index 0000000..c0a850b --- /dev/null +++ b/Content/20241021115217-dcops.org @@ -0,0 +1,6 @@ +:PROPERTIES: +:ID: 744acfd8-f1eb-4b5b-a8b5-043b9cd36ca4 +:ROAM_ALIASES: "Data Center Operations" +:END: +#+title: DCOps +#+filetags: :cloud: diff --git a/Content/20241021152945-distributed_sdn.org b/Content/20241021152945-distributed_sdn.org new file mode 100644 index 0000000..5b0d407 --- /dev/null +++ b/Content/20241021152945-distributed_sdn.org @@ -0,0 +1,5 @@ +:PROPERTIES: +:ID: 5e9efba1-5e48-4ecb-a8dd-752481528b1b +:END: +#+title: Distributed SDN +#+filetags: :cs:network: diff --git a/Content/images/plantuml-seq.png b/Content/images/plantuml-seq.png index 5823ef3..733f78b 100644 Binary files a/Content/images/plantuml-seq.png and b/Content/images/plantuml-seq.png differ