HTTP/2 and HTTP/3 HTTP/2 (2015) @ignatkn
HTTP/2 and HTTP/3 HTTP/2 (2015) ● major rework from HTTP/1 (1991) binary protocol ○ connection multiplexing ○ server push ○ @ignatkn
HTTP/2 and HTTP/3 HTTP/2 (2015) ● major rework from HTTP/1 (1991) binary protocol ○ connection multiplexing ○ server push ○ ● HTTP/3 (in progress) transport over QUIC/UDP ○ @ignatkn
HTTP/2 performance (2015) https://blog.cloudflare.com/introducing-http2/ @ignatkn
HTTP/2 performance https://imagekit.io/demo/http2-vs-http1 @ignatkn
HTTP/2 performance @ignatkn https://www.flickr.com/photos/smemon/15944989872/
HTTP/2 performance @ignatkn https://www.flickr.com/photos/smemon/15944989872/
SSL/TLS https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/ @ignatkn
SSL/TLS: RSA vs ECC https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/ @ignatkn
SSL/TLS: RSA vs ECC ● RSA “older” cryptosystem (1977) ○ factoring problem of large numbers ○ sub-exponential complexity cracking algorithms ○ large keys (>=2048 bit) ○ @ignatkn
SSL/TLS: RSA vs ECC ● RSA “older” cryptosystem (1977) ○ factoring problem of large numbers ○ sub-exponential complexity cracking algorithms ○ large keys (>=2048 bit) ○ ● ECC “newer” cryptosystem (1985) ○ discrete logarithm problem over elliptic curves ○ exponential complexity cracking algorithms ○ small keys (>=256 bit) ○ @ignatkn
SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa @ignatkn
SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 @ignatkn
SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 faster TLS handshakes (~15 times faster from above) ● @ignatkn
SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 faster TLS handshakes (~15 times faster from above) ● less CPU utilisation ● @ignatkn
SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 faster TLS handshakes (~15 times faster from above) ● less CPU utilisation ● less key storage ● @ignatkn
SSL/TLS: RSA vs ECC $ openssl speed rsa ecdsa sign verify sign/s verify/s ... rsa 2048 bits 0.000616s 0.000018s 1623.5 55200.6 ... 256 bit ecdsa (nistp256) 0.0000s 0.0001s 25487.6 10731.6 faster TLS handshakes (~15 times faster from above) ● less CPU utilisation ● less key storage ● better security ● @ignatkn
SSL/TLS: RSA vs ECC (2017) https://blog.cloudflare.com/how-expensive-is-crypto-anyway/ @ignatkn
The Internet: network of networks https://www.cloudflare.com/en-au/learning/security/glossary/what-is-bgp/ @ignatkn
The Internet: AS and BGP I have 1.1.1.1 @ignatkn
The Internet: AS and BGP I have 8.8.8.8 I have 1.1.1.1 @ignatkn
The Internet: packet switching By Oddbodz - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=29033823 @ignatkn
The Internet: BGP security I have 8.8.8.8 I have 1.1.1.1 @ignatkn
The Internet: BGP security I have 8.8.8.8 I have 1.1.1.1 I have 1.2.3.4 @ignatkn
The Internet: BGP security I have 8.8.8.8 I have 1.1.1.1 I have 1.2.3.4 I have 1.2.3.4 @ignatkn
The Internet: BGP with RPKI I have 8.8.8.8 I have 1.1.1.1 I have 1.2.3.4 I have 1.2.3.4 @ignatkn
The Internet: BGP with RPKI I have 8.8.8.8 I have 1.1.1.1 I have 1.2.3.4 I have 1.2.3.4 @ignatkn
The Internet: BGP with RPKI ● RPKI prevents bad actors from claiming resources they don’t own @ignatkn
The Internet: BGP with RPKI ● RPKI prevents bad actors from claiming resources they don’t own ● however, not all “false claimers” are bad actors bugs in network equipment software ○ network equipment misconfigurations ○ @ignatkn
The Internet: BGP with RPKI ● RPKI prevents bad actors from claiming resources they don’t own ● however, not all “false claimers” are bad actors bugs in network equipment software ○ network equipment misconfigurations ○ ● RPKI improves network throughput by ensuring routes validity some misconfigurations cause severe outages ○ minor misconfigurations create packet loss ○ https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/ @ignatkn
Security and process performance
Cloudflare Network @ignatkn
Datacentre provisioning ● connect hardware @ignatkn
Datacentre provisioning ● connect hardware ● verify hardware @ignatkn
Datacentre provisioning ● connect hardware ● verify hardware setup initial network ○ @ignatkn
Datacentre provisioning ● connect hardware ● verify hardware setup initial network ○ configure OOB ○ @ignatkn
Recommend
More recommend