Networking — Things Worth Sharing

Networking — Things Worth SharingBài viết gắn tag Networking.https://cloudsecop.net/Network policy L4: chặn non-HTTP, DoH bypass và app rulehttps://cloudsecop.net/blog/network-policy-l4-non-http/https://cloudsecop.net/blog/network-policy-l4-non-http/Network policy deep-dive: chặn non-HTTP (SSH, RDP, SMTP), chặn DoH bypass DNS filter, app rule cho SaaS, kết hợp WARP, checklist production và playbook siết chặt.Thu, 15 May 2025 00:00:00 GMTCloudflareCloudflare OneGatewayNetworkingZero TrustKhaVanMagic WAN: kết nối site và cloud qua Cloudflare backbonehttps://cloudsecop.net/blog/magic-wan-va-bgp-over-gre/https://cloudsecop.net/blog/magic-wan-va-bgp-over-gre/Magic WAN deep-dive: tunnel network-layer thay SD-WAN/MPLS. 4 tuỳ chọn tunnel (IPsec, GRE, Anycast IP, CNI), BGP peering, multi-cloud, Magic Firewall, playbook chuyển đổi.Sat, 26 Apr 2025 00:00:00 GMTCloudflareCloudflare OneMagic WANNetworkingSD-WANKhaVanCloudflare Tunnel deep-dive: đưa internal service ra ngoàihttps://cloudsecop.net/blog/cloudflare-tunnel-deep-dive/https://cloudsecop.net/blog/cloudflare-tunnel-deep-dive/Kiến trúc daemon cloudflared, ingress rules, HA replicas, protocol non-HTTP (SSH/RDP/SMB), chuyển từ VPN, truy nguyên 6 trường hợp. Tunnel là nền tảng kết nối cho Zero Trust.Sun, 30 Mar 2025 00:00:00 GMTCloudflareCloudflare OneCloudflare TunnelNetworkingKhaVanPingora vs AWS ALB/NLB — khi nào self-host reverse proxy thắnghttps://cloudsecop.net/blog/pingora-vs-aws-alb-nlb/https://cloudsecop.net/blog/pingora-vs-aws-alb-nlb/Pingora xử lý 40M+ req/sec ở Cloudflare. Khi nào self-host bằng pingora-core/pingora-proxy thắng AWS ALB $20/tháng + LCU và NLB managed.Tue, 04 Feb 2025 00:00:00 GMTCloudflareNetworkingRustAWSPerformanceKhaVancloudflared internals — build from source, ingress patterns, debugginghttps://cloudsecop.net/blog/cloudflared-internals-from-source/https://cloudsecop.net/blog/cloudflared-internals-from-source/Build cloudflared từ Go source, ingress.yaml advanced patterns (path routing, HTTP/2, origin cert), tunnel info JSON cho monitoring, top 5 debug technique.Sat, 23 Nov 2024 00:00:00 GMTCloudflareCloudflare OneCloudflare TunnelNetworkingKhaVanBoringtun: WireGuard userspace cho WARP — tại sao nhanh hơn corporate VPNhttps://cloudsecop.net/blog/boringtun-wireguard-warp/https://cloudsecop.net/blog/boringtun-wireguard-warp/Boringtun Rust userspace WireGuard, kiến trúc bên trong WARP client, vì sao userspace WG thắng kernel module ở mobile/edge, MASQUE evolution.Tue, 19 Nov 2024 00:00:00 GMTCloudflareCloudflare OneWARPNetworkingWireGuardKhaVan