In this post, we showed how to implement TTI authentication for Amazon Q data accessors. We covered the setup process for both ISVs and enterprises and demonstrated how TTI authentication simplifies the user experience while maintaining security standards.
Now you can doomscroll on a bigger screen.
After years of requests from users, Instagram will finally have a dedicated app for iPad. Beginning Wednesday, September 3rd, users will be able to download the new app built specifically for Apple’s tablet. But it will be slightly different than the mobile app users are accustomed to. Most significantly, the iPad app will open directly […]
We introduced Cross-Cloud Network to help organizations transform hybrid and multicloud connectivity, and today, many customers are using it to build distributed applications across multiple clouds, on-premises networks, and the internet. A key aspect of this evolution is the ability to scale with IPv6 addressing. However, the transition from IPv4 to IPv6 is a gradual process creating a coexistence challenge: How do IPv6-only devices reach services and content that still resides on IPv4 networks? To ensure a smooth transition to IPv6, we're expanding our toolkit. After launching IPv6 Private Service Connect endpoints that connect to IPv4 published services, we are now introducing DNS64 and NAT64. Together, DNS64 and NAT64 form a robust mechanism that intelligently translates communication, allowing IPv6-only environments in Google Cloud to interact with the legacy IPv4 applications on the internet. In this post, we explore the vital role DNS64 and NAT64 play in making IPv6 adoption practical and efficient, removing the dependency on migrating legacy IPv4 services to IPv6. The importance of DNS64 and NAT64 While dual-stack networking assigns both IPv4 and IPv6 addresses to a network interface, it doesn't solve the pressing issues of private IPv4 address exhaustion or the increasing push for native IPv6 compliance. For major enterprises, the path toward widespread IPv6 adoption of cloud workloads involves creating new single-stack IPv6 workloads without having to migrate legacy IPv4 applications and services to IPv6. Together, DNS64 and NAT64 directly address this requirement, facilitating IPv6-to-IPv4 communication while maintaining access to existing IPv4 infrastructure. This IPv6-to-IPv4 translation mechanism supports several critical use cases. Enabling IPv6-only networks: As IPv4 addresses become increasingly scarce and costly, organizations can build future-proof IPv6-only environments, with DNS64 and NAT64 providing the essential translation to access remaining IPv4 services on the internet. Gradual migration to IPv6: This allows organizations to gradually phase out IPv4 while guaranteeing their IPv6-only clients can still reach vital IPv4-only services. Supporting legacy applications: Many critical business applications still rely solely on IPv4; these new services ensure they remain accessible to IPv6-only clients, safeguarding ongoing business operations during the transition. aside_block <ListValue: [StructValue([('title', '$300 to try Google Cloud networking'), ('body', <wagtail.rich_text.RichText object at 0x3eb642ddb370>), ('btn_text', ''), ('href', ''), ('image', None)])]> How does it work? An IPv6-only workload begins communication by performing a DNS lookup for the specific service URL. If a AAAA record exists, then an IPv6 address is returned and the connection proceeds directly using IPv6. However, if DNS64 is enabled but a AAAA record cannot be found, the system instead queries for an A record. Once an A record is found, DNS64 constructs a unique synthesized IPv6 address by combining the well-known 64:ff9b::/96 prefix with the IPv4 address obtained from the A record. The NAT64 gateway recognizes that the destination address is a part of the 64:ff9b::/96 range. It extracts the original IPv4 address from the latter part of the IPv6 address and initiates a new IPv4 connection to the destination, using the NAT64 gateway's own IPv4 address as the source. Upon receiving a response, the NAT64 gateway prepends the 64:ff9b::/96 prefix to the response packet's source IP, providing communication back to the IPv6-only client. Here’s a diagram of the above-mentioned scenario: Getting started with DNS64 and NAT64 You can simply setup IPv6-only VMs with DNS64 and NAT64 as follows: Create VPC, subnets, VMs and firewall rules Create a DNS64 server policy Create a NAT64 gateway Step 1: Create VPC, subnets, VMs, and firewall rules 1.1 Create a VPC: code_block <ListValue: [StructValue([('code', 'gcloud compute networks create test-vpc rn --project=dns64-and-nat64-testing rn --subnet-mode=custom rn --mtu=1500 rn --bgp-routing-mode=global rn --bgp-best-path-selection-mode=legacy'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3eb64152cd90>)])]> 1.2 Create an IPv6-only subnet and VM Create an IPv6-only subnet: code_block <ListValue: [StructValue([('code', 'gcloud compute networks subnets create public-v6-only-subnet \rn --network=test-vpc \rn --project=dns64-and-nat64-testing \rn --stack-type=IPV6_ONLY \rn --ipv6-access-type=external \rn --region=us-east1'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3eb64152c580>)])]> Create an IPv6-only instance: code_block <ListValue: [StructValue([('code', 'gcloud compute instances create v6-only-vm-in-public-v6-only-subnet \rn --subnet public-v6-only-subnet \rn --stack-type IPV6_ONLY \rn --zone us-east1 \rn --project=dns64-and-nat64-testing'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3eb64152c310>)])]> 1.3 Create firewall rules to allow ssh access into both VMs from your environments: code_block <ListValue: [StructValue([('code', 'gcloud compute firewall-rules create allow-v6-ssh \ rn--network test-vpc \ rn--priority 300 \ rn--direction ingress \ rn--action allow \ rn--source-ranges ::/0[0.0.0.0/0] \ rn--destination-ranges ::/0[0.0.0.0/0] \ rn--rules (tcp:22)'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3eb64152c5b0>)])]> Note: You might need to create more rules or different rules as per your environment to allow connectivity. Step 2: Create a DNS64 server policy Enable DNS64 policy: code_block <ListValue: [StructValue([('code', 'gcloud dns policies create allow-dns64 \rn --networks=test-vpc \rn --enable_dns64_all_queries\rn --project=dns64-and-nat64-testing'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3eb64152c130>)])]> This creates a DNS64 policy as shown below: Step 3: Create a NAT64 gateway 3.1 Create a Cloud Router: code_block <ListValue: [StructValue([('code', 'gcloud compute routers create nat64-router \rn --network=test-vpc \rn --region=us-east1\rn --project=dns64-and-nat64-testing'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3eb64152c040>)])]> The above command creates a Cloud Router as shown below: 3.2 Create a NAT64 gateway using the Cloud Router you created in the above step: code_block <ListValue: [StructValue([('code', 'gcloud beta compute routers nats create nat64-natgw \rn --router=nat64-router \rn --region=us-east1 \rn --auto-allocate-nat-external-ips \rn --nat64-all-v6-subnet-ip-ranges \rn --project=dns64-and-nat64-testing'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3eb64152c430>)])]> This creates a Cloud NAT gateway as shown below: And that’s it! Together at last with DNS64 and NAT64 And with that, we hope that you now understand how to connect your IPv6-only workloads to IPv4 destinations by using DNS64 and NAT64. To learn more about enabling DNS64 and NAT64 for IPv6-only workloads, check out the documentation.
Learn more about how to use Google’s new Pixel Camera feature, Camera Coach.
Most businesses with mission-critical workloads have a two-fold disaster recovery solution in place that 1) replicates data to a secondary location, and 2) enables failover to that location in the event of an outage. For BigQuery, that solution takes the shape of BigQuery Managed Disaster Recovery. But the risk of data loss while testing a disaster recovery event remains a primary concern. Like traditional "hard failover" solutions, it forces a difficult choice: promote the secondary immediately and risk losing any data within the Recovery Point Objective (RPO), or delay recovery while you wait for a primary region that may never come back online. Today, we’re addressing this directly with the introduction of soft failover in BigQuery Managed Disaster Recovery. Soft failover logic promotes the secondary region's compute and datasets only after replication has been confirmed to be complete, providing you with full control over disaster recovery transitions, and minimizing the risk of data loss during a planned failover. Figure 1: Comparing hard vs. soft failover Summary of differences between hard failover and soft failover Hard failover Soft failover Use case Unplanned outages, region down Failover testing, requires primary and secondary to both be available Failover timing As soon as possible ignoring any pending replication between primary and secondary; data loss possible Subject to primary and secondary acquiescing, minimizing potential for data loss RPO/RTO 15 minutes / 5 minutes* N/A *Supported objective depending on configuration BigQuery soft failover in action Imagine a large financial services company, "SecureBank," which uses BigQuery for its mission-critical analytics and reporting. SecureBank requires a reliable Recovery Time Objective (RTO) and15 minute Recovery Point Objective (RPO) for its primary BigQuery datasets, as robust disaster recovery is a top priority. They regularly conduct DR drills with BigQuery Managed DR to ensure compliance and readiness for unforeseen outages. Before the introduction of soft failover in BigQuery Managed DR BigQuery, SecureBank faced a dilemma on how to perform their DR drills. While BigQuery Managed DR handled the failover of compute and associated datasets, conducting a full "hard failover" drill meant accepting the risk of up to 15 minutes of data loss if replication wasn't complete when the failover was initiated — or significant operational disruption if they first manually verified data synchronization across regions. This often led to less realistic or more complex drills, consuming valuable engineering time and causing anxiety. New solution: With soft failover in BigQuery Managed DR, administrators have several options for failover procedures. Unlike hard failover for unplanned outages, soft failover initiates failover only after all data is replicated to the secondary region, to help guarantee data integrity. Figure 2: Soft Failover Mode Selection Figure 3: Disaster recovery reservations Figure 4: Replication status / Failover details BigQuery soft failover feature is available today via the BigQuery UI, DDL, and CLI, providing enterprise-grade control for disaster recovery, confident simulations, and compliance — without risking data loss during testing. Get started today to maintain uptime, prevent data loss, and test scenarios safely.
Streameast, one of the largest sports piracy platforms in the world, has been shut down according to the Alliance for Creativity and Entertainment (ACE), an antipiracy group that counts NBC Universal, Netflix, and Disney among its members. ACE announced in a statement that it worked alongside Egyptian authorities to shut down the “notorious” platform, and […]
This article will explore nano-banana's ability to generate and edit images.
Under Elon Musk's leadership, X has become the perfect platform to supercharge the spread of dangerous disinformation during breaking news events.
The electric two-seater has been greenlit for production.
