David Ramos / Getty Images

President Trump just repealed landmark internet privacy rules that restricted what Internet service providers (ISPs) could do with customers' private information. Now, companies like Verizon, AT&T, and Comcast will no longer be obligated to obtain your consent before selling and sharing your data, and they don&039;t have to notify you about what kind of data they collect.

Congress approved the rollback on March 28 in a 215-205 vote. The Federal Communications Commission had only approved the rules in October 2016, and they hadn&039;t fully taken effect yet.

“A measure to roll back crucial privacy protections has crossed the finish line, and Internet users are worse off for it,” the Electronic Frontier Foundation said in a statement emailed to BuzzFeed News. It also noted that the measure to repeal the privacy rules also bars the FCC from creating similar protections in the future.

A lot of people on Twitter were also unhappy:

Republican lawmakers opposed the original regulations before and after they passed. Telecommunications companies argued that the rules gave unfair competitive advantages to internet companies like Google and Facebook, which are allowed to track and sell data.

Democratic lawmakers have pointed out that the comparison is not entirely accurate: ISPs have the capability to monitor all unencrypted browsing, whereas companies that offer specific services and platforms have a much more limited capacity to do so.

Verizon and Comcast have not immediately responded to requests for comment. AT&T referred to a statement posted Friday on its policy blog.

On Friday, Verizon, AT&T, and Comcast all released statements assuring customers that they would respect their privacy. But privacy advocates said these promises are misleading. There are a few ISPs out there that have pledged to never sell any of their customers&039; information to third parties. But because most Americans live in areas with only a single internet provider, they&039;re forced to accept that company&039;s data sharing practices if they want internet access.

Last week, my colleague Hamza Shaban&039;s talked to privacy experts about what would happen if Trump repealed the privacy rules:

Here are three invasive things your ISP can now do with your data:

1. Sell Your Browsing History

“The consequences of repeal are simple: ISPs like Comcast, AT&T, and Charter will be free to sell your personal information to the highest bidder without your permission — and no one will be able to protect you,” wrote Gigi Sohn, counselor to former FCC chairman Tom Wheeler, in an op-ed on The Verge Monday.

While Americans can use free browser tools to block many types of web tracking, monitoring by internet providers is much harder to prevent. “Your ISP is in a privileged position where they can see everything,” said Gillula, who has written about the “creepy” data collection that ISPs can conduct if the regulations are gutted.

“Any attempt to block the ISP from monitoring you, they have the power to override,” Ernesto Falcon, legislative counsel at EFF, told BuzzFeed News.

2. Compile Internet Profiles And Inject Targeted Ads

“There are major medical, financial, and legal websites — like the US Courts, for example — that are largely unencrypted. ISPs will be able to build detailed profiles of their customers — knowing when they&039;re at vulnerable points in their lives — and sell that information to practically whomever they wish,” Gaurav Laroia, policy counsel at Free Press, told BuzzFeed News. If someone is visiting a medical website, for instance, third parties can infer what illnesses they may suffer from, revealing sensitive health information.

“It&039;s well-established that these internet companies are looking hungrily at companies like Facebook and Google; they want in on that advertising action,” Jay Stanley, a senior policy analyst with the ACLU, told BuzzFeed News. “This is an effort by them to preserve the ability to monetize people&039;s information. And without these rules, they are going to plow forward.”

3. Deploy Hidden Tracking Cookies On Our Phones

Following a 15-month investigation, the FCC settled with Verizon Wireless last year over the company&039;s use of so called “supercookies” — tracking code that could not be deleted, which Verizon used to monitor customers&039; online activity without their permission.

“It didn’t matter if you were browsing in Incognito or Private Browsing mode, using a tracker-blocker, or had enabled Do-Not-Track: Verizon ignored all this and inserted a unique identifier into all your unencrypted outbound traffic anyway,” the EFF&039;s Gillula wrote. The browsing history, according to the FCC, was collected for several years without consent; Verizon and other third-party companies used it for targeted advertising.

For privacy advocates, pervasive data collection of your internet activity can be enormously invasive. “The websites you visit can indicate information about your financial life, your sexual life, your medical life, what disease you have, what diseases you might be worried you have,” said Stanley.

“We don&039;t even know what other derivative uses exist, because no one has ever had this type of information on consumers,” Falcon said, referring to new types of data collection and novel forms of the sale of personal data. “That&039;s what&039;s most frightening.”

Quelle: <a href="President Trump Just Repealed Rules That Banned ISPs From Selling Your Private Data“>BuzzFeed

4. April 20174. April 2017

da Agency

Intelligent NFV performance with OpenContrail

The post Intelligent NFV performance with OpenContrail appeared first on Mirantis | Pure Play Open Cloud.
The private cloud market has changed in the past year, and our customers are no longer interested in just getting an amazing tool for installing OpenStack; instead, they are looking more at use cases. Because we see a lot of interest in NFV cloud use cases, Mirantis includes OpenContrail as the default SDN for its new Mirantis Cloud Platform. In fact, NFV has become a mantra for most service providers, and because Mirantis is a key player in this market, we work on a lot of testing and performance validation.
The most common value for performance comparison between solutions is bandwidth, which shows how much capacity a network connection has for supporting data transfer, as measured in bits per second. In this domain, the OpenContrail vRouter can reach near line speed (about 90%, in fact). However, performance also depends on other factors, such as latency, or packets-per-second (pps), which are as important as bandwidth. Packets per second rate is a key factor for VNF (firewalls, routers, etc.) instances running on top of NFV clouds. In this article, we’ll compare PPS rate for different OpenContrail setups so you can decide what will work best for your specific use case.
The simplest way to test PPS rate is to run a VM to VM test. We will provide a short overview of OpenContrail low-level techniques for NFV infrastructure, and perform a comparative analysis of different approaches using simple PPS benchmarking. To make testing fair, we will use only a 10GbE physical interface, and will limit resource consumption for data plane acceleration technologies, making the environment identical for all approaches.
OpenContrail vRouter modes
For different use cases, Mirantis supports several ways of running the OpenContrail vRouter as part of Mirantis Cloud Platform 1.0 (MCP). Let&8217;s look at each of them before we go ahead and take measurements.
Kernel vRouter
OpenContrail has a module called vRouter that performs data forwarding in the kernel. The vRouter module is an alternative to Linux bridge or Open vSwitch (OVS) in the kernel, and one of its functionalities is encapsulating packets sent to the overlay network and decapsulating packets received from the overlay network. A simplified schematic of VM to VM connectivity for 2 compute nodes can be found in Figure 1:

Figure 1: A simplified schematic of VM to VM connectivity for 2 compute nodes
The problem with a kernel module is that packets-per-second is limited by various factors, such as memory copies, the number of VM exits, and the overhead of processing interrupts. Therefore vRouter can be integrated with the Intel DPDK to optimize PPS performance.
DPDK vRouter
Intel DPDK is an open source set of libraries and drivers that perform fast packet processing by enabling drivers to obtain direct control of the NIC address space and map packets directly into an application. The polling model of NIC drivers helps to avoid the overhead of interrupts from the NIC. To integrate with DPDK, the vRouter can now run in a user process instead of a kernel module. This process links with the DPDK libraries and communicates with the vrouter host agent, which runs as a separate process. The schematic for a simplified overview of vRouter-DPDK based nodes is shown in Figure 2:

Figure 2: The schematic for a simplified overview of vRouter-DPDK based nodes
vRouter-DPDK uses user-space packet processing and CPU affinity to dedicate poll mode drivers being served by a particular CPU. This approach enables packets to be processed in user-space during the complete life time – from physical NIC to vhost-user port.
Netronome Agilio Solution
Software and hardware components distributed by Netronome provide an OpenContrail-based platform to perform high-speed packet processing. It’s a scalable, easy to operate solution that includes all server-side networking features, such as overlay networking based on MPLS over UDP/GRE and VXLAN. The Agilio SmartNIC solution supports DPDK, SR-IOV and Express Virtio (XVIO) for data plane acceleration while running the OpenContrail control plane. Wide integration with OpenStack enables you to run VMs with Virtio devices or SR-IOV Passthrough vNICs, as in Figure 3:

Figure 3: OpenContrail network schematic based on Netronome Agilio SmartNICs and software
A key feature of the Netronome Agilio solution is deep integration with OpenContrail and offloading of lookups and actions for vRouter tables.
Compute nodes based on Agilio SmartNICs and software can work in an OpenStack cluster based on OpenContrail without changes to orchestration. That means it’s scale-independent and can be plugged into existing OpenContrail environments with zero downtime.
Mirantis Cloud Platform can be used as an easy and fast delivery tool to set up Netronome Agilio-based compute nodes and provide orchestration and analysis of the cluster environment. Using Agilio and MCP, it is easily to setup a high-performance cluster with a ready-to-use NFV infrastructure.
Testing scenario
To make the test fair and clear, we will use an OpenStack cluster with two compute nodes. Each node will have a 10GbE NIC for the tenant network.
As we mentioned before, the simplest way to test the PPS rate is to run a VM to VM test. Each VM will have 2 Virtio interfaces to receive and transmit packets, 4 vCPU cores, 4096 MB of RAM and will run Pktgen-DPDK inside to generate and receive a high rate of traffic. For each VM a single Virtio interface will be used for generation, and another interface will be used for receiving incoming traffic from the other VM.
To make an analytic comparison of all technologies, we will not use more than 2 cores for the data plane acceleration engines. The results of the RX PPS rate for all VMs will be considered as a result for the VM to VM test.
First of all, we will try to measure kernel vRouter VM to VM performance. Nodes will be connected with Intel 82599 NICs. The following results were achieved for a UDP traffic performance test:
As you can see, the kernel vRouter is not suitable for providing a high packet per second rate, mostly because the interrupt-based model can’t handle a high rate of packets per second. With 64 byte packets we can only achieve 3% of line rate.
For the DPDK-based vRouter, we achieved the following results:

Based on these results, the DPDK based solution is better at handling high-rated traffic based on small UDP packets.
Lastly, we tested the Netronome Agilio SmartNIC-based compute nodes:

With only 2 forwarder cores, we are able to achieve line-rate speed on Netronome Agilio CX 10GbE SmartNICs on all size of packets.
You can also see a demonstration of the Netronome Agilio Solution here.
Since we have achieved line-rate speed on the 10GbE interface using Netronome Agilio SmartNICs we wanted to have the maximum possible PPS rate based on 2 CPUs. To determine the maximum performance result for this deployment, we will upgrade existing nodes with Netronome Agilio CX 40GbE SmartNIC and repeat the maximum PPS scenario one more time. We will use direct wire connection between 40GbE ports and will set up 64-bytes UDP traffic. Even with hard resources limitations, we achieved:

Rate
Packet size, Bytes

Netronome Agilio Agilio CX 40GbE SmartNIC
19.9 Mpps
64

What we learned
Taking all of the results together, we can see a pattern:

Based on 64 byte UDP traffic, we can also see where each solution stands compared to 10GbE line rate:

Rate
% of line rate

Netronome Agilio
14.9 Mpps
100

vRouter DPDK
4.0 Mpps
26

Kernel vRouter
0.56 Mpps
3

OpenContrail remains the best production-ready SDN solution for OpenStack clusters, but to provide NFV-related infrastructure, OpenContrail can be used in different ways:

The Kernel vRouter, based on interrupt model packet processing, works, but does not satisfy the high PPS rate requirement.
The DPDK-based vRouter significantly improves the PPS rate, but due to high resource consumption and because of defined limitations, it can’t achieve the required performance. We also can assume that using a modern DPDK library will improve performance and optimise resource consumption.
The Netronome Agilio SmartNIC solution significantly improves OpenContrail SDN performance, focusing on saving host resources and providing a stable high-performance infrastructure.

With Mirantis Cloud Platform tooling, it is possible to provision, orchestrate and destroy high performance clusters with various networking features, making networking intelligent and agile.
The post Intelligent NFV performance with OpenContrail appeared first on Mirantis | Pure Play Open Cloud.
Quelle: Mirantis