.advertise@offshoreoiljobs.co.uk

.www.offshoreoiljobs.co.uk

Category: Electronics Engineering

Extending Cloudflare To 65,533 More Ports

Today we are introducing Spectrum, which brings Cloudflare’s security and acceleration to the whole spectrum of TCP ports and protocols for our Enterprise customers. It’s DDoS protection for any box, container or VM that connects to the internet; whether it runs email, file transfer or a custom protocol, it can now get the full benefits of Cloudflare. If you want to skip ahead and see it in action, you can scroll to the video demo at the bottom. DDoS Protection…

The hack that made the Spectrum possible This is a Korean translation of a prior post by Marek Majkowski . ] We recently released Spectrum : A new Cloudflare feature that allows DDoS protection, load balancing and content acceleration for any TCP-based protocol Staffan Vilcans CC BY-SA 2.0 Beginning to create Spectrum, it soon became an important technical challenge: Spectrum should allow access to any valid TCP port between 1 and 65535. On our Linux Edge Server " it is impossible to allow any port number inbound connections". This is not a Linux-only limitation: it is largely a property of the BSD socket API, which is the basis for network applications in the operating system. Internally there were two overlapping problems that had to be solved in order to complete Spectrum: How to accept TCP connections for all port numbers from 1 to 65535 How to set up a single Linux server to accept connections from a very large number of IP addresses (we have a lot of IP addresses in the anycast band) Assigning millions of IPs to the server Cloudflare's Edge Servers have almost identical configurations. In the early days, we assigned specific / 32 (and / 128) IP addresses to the loopback network interface [1] . This worked well when I only had dozens of IP addresses, but failed to extend it as it grew. Then "AnyIP" trick appeared. AnyIP allows you to assign the entire IP prefix (subnet), rather than a single address, to the loopback interface. In fact, we are using AnyIP a lot: 127.0.0.0/8 is assigned to the lub-back interface on your computer. From a computer perspective, all addresses from 127.0.0.1 to 127.255.255.254 are assigned to the local machine. This trick is applicable beyond the 127.0.0.1/8 band. To make the entire 192.0.2.0/24 look like it's locally assigned: ip route add local 192.0.2.0/24 dev lo Next, it's OK to bind to port 8080 on one of these IP addresses: nc -l 192.0.2.1 8080 Making IPv6 work that way is a bit more difficult: ip route add local 2001: db8 :: / 64 dev Unfortunately you can not assign a v6 IP address like that in the v4 example. To do this, you need to use the IP_FREEBIND socket option which requires additional privileges. For completeness net.ipv6.ip_nonlocal_bind There is a sysctl but it is recommended not to modify it. This AnyIP trick allows millions of IP addresses assigned as local interfaces to each server: $ ip addr show 1: lo: mtu 65536     inet 1.1.1.0/24 scope global lo        valid_lft forever preferred_lft forever     inet 104.16.0.0/16 scope global lo        valid_lft forever preferred_lft forever … Binding to all ports The second biggest problem is the ability to open a TCP socket on any port number. On systems that support the Linux and BSD socket APIs, it is generally possible to bind to only a specific TCP port number with a single bind system call. It is not possible to bind to multiple ports with a single command. Simply thinking is to have bind 65535 times for each of the possible 65535 ports. Of course you can think of this, but it can have terrible consequences: Internally, the Linux kernel stores the listening socket in a hash table indexed by port number in LHTABLE and uses 32 buckets / * Yes, really, this is all you need. * / #define INET_LHTABLE_SIZE 32 Looking at this table is very slow if you open up to 650,000 ports: each hash table bucket can contain 2,000 items. Another way to solve this problem is to use the rich NAT feature of iptable. The address of the incoming packet is changed to a specific address / port and the application binds to it I have not tried this, but I need the conntrack module of iptables. Previously we found

when it was a performance problem Source link…

Super salty water beneath ice could serve as a terrestrial analogue for a habitat for life on other planets — ScienceDaily

An analysis of radar data led scientists to an unexpected discovery of two lakes located beneath 550 to 750 metres of ice underneath the Devon Ice Cap, one of the largest ice caps in the Canadian Arctic. They are thought to be the first isolated hypersaline subglacial lakes in the world. “We weren’t looking for subglacial lakes. The ice is frozen to the ground underneath that part of the Devon Ice Cap, so we didn’t expect to find liquid water,”…

Sophomore shows skills at Orthopaedic Research Society Annual Meeting

Muhammad Salim, alongside Assistant Professor of Bioengineering Ferris Pfeiffer and recent MU Engineering graduate Lia Howe, published an abstract titled “Computational Modeling of Stress Relation in Articular Cartilage,” and Salim presented the accompanying poster at this year’s ORS Annual Meeting in March. Photo courtesy of Ferris Pfeiffer. Having an abstract accepted and getting the opportunity to present a poster at the Orthopaedic Research Society’s Annual Meeting is a huge honor for any researcher. To do it as a sophomore is…

Venice Performance Optimization | LinkedIn Engineering

Optimization strategies for Venice read path Venice Client: D2 sticky routing with router cacheAccording to the operating experience of Venice, we noticed that several customers encountered hotkey problems, which are caused by a skewed access pattern, and this hotkey issue has made the quota allocation much harder, since the quota is per storage node. To alleviate this problem, we introduced the router caching layer. Internally, Venice Client internally uses D2 as the load balancer and the built-in sticky routing feature…

Novel process for surface hardening of stainless steel

Credit: Alexander Varhoshkov Stainless steel is the material of choice in various industries where corrosion resistance is of utmost importance, take for instance parts that are exposed to harsh environments. However, this highly favourable property does not always go hand in hand with high surface hardness, wear resistance and fatigue strength. Most heat treatment methods cannot be easily applied to stainless steels to improve its properties. In particular, surface hardening of stainless steel by nitriding and nitrocarburising in the conventional…

Shedding new light on laser additive manufacturing

Using I12 and the LAMPR the complete process of track formation during 3D printing is revealed. A first complete track and details on the laser/gas flow are shown at the top. The first stages of the formation of this track are shown below for the first few milliseconds of track formation. Credit: Diamond Light Source Additive manufacturing (AM, also known as 3-D printing) allows us to create incredibly complex shapes, which would not be possible using traditional manufacturing techniques. However,…

AV1 beats x264 and libvpx-vp9 in practical use case | Engineering Blog | Facebook Code

Improved video compression is important for delivering digital video files more quickly and with higher quality, while using less bandwidth and storage. Everything from 4K movie streaming to smartphone video chat to laptop screen sharing can be enhanced by making the video files smaller through better compression codecs. The Alliance for Open Media — a consortium founded in 2015 and made up of video-on-demand providers including Amazon, Facebook, Google, Microsoft and Netflix, along with web browser developers and semiconductor firms…

A cautionary tale about passwords – Medium Engineering

A post for engineers and the technically astute to share with less technical friends and family, brought to you by the Department of Technical Comfort & Security at Medium (previously known as IT). One day, Rabbit frantically hopped over to his friend Fred. Rabbit’s ears were sticking straight up in alarm, “Fred! I just got an email that there was suspicious activity on my RoughageAndMore.bun account! What do I do?” Fred puffs up a bit and says, “It’s okay Rabbit,…

Engineers build smallest volume, most efficient wireless nerve stimulator

The small size of StimDust can be seen in comparison to a dime. Credit: Rikky Muller In 2016, University of California, Berkeley, engineers demonstrated the first implanted, ultrasonic neural dust sensors, bringing closer the day when a Fitbit-like device could monitor internal nerves, muscles or organs in real time. Now, Berkeley engineers have taken neural dust a step forward by building the smallest volume, most efficient wireless nerve stimulator to date. The device, called StimDust, short for stimulating neural dust,…