Logo Antho's Blog
  • Home
  • About
  • Recent Posts
  • Skills
  • Experiences
  • Posts
  • Dark Theme
    Light Theme Dark Theme System Theme
Logo Inverted Logo
  • Posts
  • Firecracker Micro-VMs : the power behind AWS Lambda
  • AWS re:Invent 2024 : wrap up !
  • Have fun with AWS GWLB : I wrote a Geneve router in Python :-)
  • Leveraging BGP to mitigate network attacks
  • PaloAlto / Python - how changing matching logic divided DAG processing time by 300
  • PaloAlto – Digging into API keys
  • Python refcount and garbage collection - under the hood
  • Sending of large files through sockets boosted with Zero-Copy
  • Under the hood : Netflix Open Connect
Hero Image
Firecracker Micro-VMs : the power behind AWS Lambda

We all use AWS Lambda, either at work to automate some workloads, or unconsciously on our daily lives, using our favorite apps and services. When it was introduced by AWS in 2014, Lambda marked a turning point in the way we develop and deploy our applications and services, making it easier than ever : simply upload your micro-service code, and let AWS handle the rest (compute resources, scaling, availability, and maintenance). This new paradigm, later known as serverless computing, then became a foundation for modern cloud-native architectures by introducing the FaaS (function-as-a-service) model.

    Tuesday, August 12, 2025 Read
    Hero Image
    AWS re:Invent 2024 : wrap up !

    This year, I had the luck to attend AWS re:Invent in Las Vegas, the “grand-messe” of Amazon’s Cloud. Despite the very ambitious agenda that I planned, I was able to attend all my booked sessions and keynotes (at the cost of dozens of kilometers of walking, but I’ll come back on it later ^^), and I will try do give in this blog post most of the outcomes from those passionating discussions.

      Tuesday, December 17, 2024 Read
      Hero Image
      Under the hood : Netflix Open Connect

      In today’s digital entertainment and streaming services, only a few names resonate as strongly as Netflix. With million of unique users daily, Netflix is not only known for its impressive content library, but also for the quality of the delivering of this content. As network engineers, we easily understand that smooth streaming to viewers around the globe is a huge challenge. Netflix representing (as of today), 15% of the total Internet traffic, it is a challenge not only for Netflix, but also for all ISPs connecting Netflix users. At the heart of this delivery system lies Netflix CDN, or Content Delivery Network, known as Open Connect.

        Thursday, September 26, 2024 Read
        Hero Image
        Leveraging BGP to mitigate network attacks: A comprehensive guide

        In today’s world, network attacks occurs everyday, targeting all organisations, from the smallest to the biggest. Denial of Services attacks (DoS or DDoS) are innumerable, and their scale increases from month to month. These attacks can disrupt services, overwhelm network infrastructure, and cause significant financial and reputational damage to organizations. However, network administrators have a powerful ally in their arsenal to combat such threats : the Border Gateway Protocol (BGP). In this article, we will explore how BGP can be leveraged to mitigate DoS attacks, focusing on key techniques such as Remote Triggered Black Hole Filtering (RTBH), Source-Based RTBH, and BGP Flow Specification (FlowSpec).

          Wednesday, March 20, 2024 Read
          Hero Image
          PaloAlto / Python - how changing matching logic divided DAG processing time by 300

          If you ever worked with Palo Alto DAG (Dynamic Address Groups), you have an idea of how powerful it can be. If you ever worked with Palo Alto DAG, you also have an idea of how unscalable it is (at the time of writing this post). Using it in production (mixed with static groups, which are the most commonly used yet), we noticed that devices using DAG take a lo[oooooooooo]t more time to commit changes than others (up to 45 minutes for some). Based on Palo Alto TAC support, it’s because of the matching logic, which is performed at commit time, and populates groups which becomes static based on the DAG condition string and objects tags : “Flattening the config to use static address group is the only option as DAGs involve TAG table construction and evaluation of DAGs for every IP”

            Tuesday, June 20, 2023 Read
            Hero Image
            Sending of large file through sockets boosted with Zero-copy !

            Here we are for a new interesting (I hope !) technical topic. To be honest, I’ll talk here about something I discovered very recently, by looking at a very interesting presentation from Netflix, talking about their OCA (Open Connect Appliances). Those are powerful cache appliances Netflix uses on its pops and which they also offer to ISP, which build their CDN (called Open Connect). Of course, those appliances are intended to store as much content as possible, while delivering it at maximum speed to the largest amount possible of users. Working at this scale, each performance increase is infinitely geared down. And one of the “boosters” they use to increase the speed at which they deliver their content is the use of a feature called “ZeroCopy”.

              Friday, April 14, 2023 Read
              Hero Image
              Have fun with AWS GWLB : I wrote a Geneve router in Python :-)

              AWS introduced GWLB (Gateway Load Balancers) a few years ago (Introducing AWS Gateway Load Balancer). This type of load balancers permits to drastically simplify the way you inspect your traffic among several VPCs, avoids having to use complex routing between VPCs, avoids having to use “sandwich design” with firewalls in each VPC, and also permits (depending on the design) to inspect all public VPCs traffic in a central point while having the possibility to provide each VPC a public elastic IP.

                Saturday, February 18, 2023 Read
                Hero Image
                PaloAlto – Digging into API keys

                I recently had to work on some stuff around PAN-OS API keys which made me want to understand how they are built and what they contain. This is part of the “secrets” embedded in PAN-OS code, but trying to understand what API keys are built from might help you understand some strange behaviours you could eventually match, and perhaps avoid you some service disruptions… 🙂 The observation : On its documentation, Palo Alto explicitly writes “To change an API key associated with an administrator account change the password associated with the administrator account.“

                  Monday, January 16, 2023 Read
                  Hero Image
                  Python refcount and garbage collection : under the hood

                  In this (first) article, I will try to explain how Python track objects and reclaims memory space through its famous garbage collector. We’ll also learn (or review) some interesting stuff about Python variables and what they really are 🙂 . Almost every Python developer knows that the interpreter is smart enough to manage memory by itself, which is one of the reasons which makes it handsome. However, most of them also confuses the garbage collector with the reference counting mechanism, which is way more active than the garbage collector in deleting unused (de-referenced) objects.

                    Friday, November 25, 2022 Read
                    Navigation
                    • About
                    • Recent Posts
                    • Skills
                    • Experiences
                    Contact me:
                    • contact@anthony-balitrand.fr
                    • AnthoBalitrand
                    • Anthony Balitrand