FortiGate Radius Administrator Login with Cisco ISE
Let’s assume a simple scenario. You have two different teams managing your FortiGate firewalls. One team is made up of network administrators who need full access to the firewalls. The other team only needs limited access and should not be able to make any configuration changes.
A common way to handle this is by using administrator profiles and a remote radius server. You can assign different admin profiles based on who is logging in, without creating local users on every firewall. In this post, we will look at how to achieve this using Cisco ISE and Radius. You do not have to use Cisco ISE, any Radius server can do the job, but this post focuses on Cisco ISE since it is commonly used in enterprise environments.
Arista Radius Administrator Login with Cisco ISE
Arista comes with two built-in roles called network-admin and network-operator. ISE then responds with either access-accept or access-reject
Suresh Vinasiththamby
Overview
For this example, we will have two users, each belonging to a different group with different access requirements. In most environments, group membership is managed by something like Active Directory. For the sake of simplicity, I am going to use local identity groups on Continue reading
Air Terjun Moramo: Surga Bertingkat di Sulawesi Tenggara
Daftar Pustaka
Indonesia mempunyai ribuan destinasi wisata menakjubkan. Salah satu permata tersembunyinya ada di Sulawesi Tenggara. Namanya adalah Air Terjun Moramo. Tempat ini bukanlah air terjun biasa. Ia menawarkan keindahan yang sangat unik. Banyak orang menyebutnya surga yang bertingkat. Keindahannya akan membuat Anda takjub. Mari kita jelajahi pesonanya lebih lanjut.
Keunikan Air Terjun Bertingkat Moramo
Air Terjun Moramo memiliki daya tarik utama. Ia tidak terjun dari ketinggian sekali. Sebaliknya, air mengalir melewati tujuh tingkatan. Setiap tingkatan membentuk kolam alami yang indah. Airnya sangat jernih dan berwarna biru kehijauan. Anda bisa melihat dasar kolam dengan jelas. Struktur berundak inilah yang membuatnya istimewa. Ini seperti tangga raksasa buatan alam.
Selain itu, bebatuan di sekitarnya sangat halus. Hal ini memungkinkan pengunjung untuk meluncur. Anda bisa mencoba seluncuran alami dari satu kolam ke kolam lain. Tentu saja, ini adalah pengalaman yang sangat seru. Air terjun bertingkat ini terasa seperti taman air alami. Panorama di sekitarnya juga masih asri. Hutan tropis menambah kesan damai dan sejuk. Oleh karena itu, tempat ini sempurna untuk melarikan diri dari hiruk pikuk kota.
Aktivitas Seru dan Tips Menikmatinya
Berkunjung ke sini tidak hanya Continue reading
Do You Need a Service Mesh? Understanding the Role of CNI vs. Service Mesh
The world of Kubernetes networking can sometimes be confusing. What’s a CNI? A service mesh? Do I need one? Both? And how do they interact in my cluster? The questions can go on and on.
Even for seasoned platform engineers, making sense of where these two components overlap and where the boundaries of responsibility end can be challenging. Seemingly bewildering obstacles can stand in the way of getting the most out of their complementary features.
One way to cut through the confusion is to start by defining what each of them is, then look at their respective capabilities, and finally clarify where they intersect and how they can work together.
This post will clarify:
- What a CNI is responsible for
- What a service mesh adds on top
- When you need one, the other, or both
What a CNI Actually Does
Container Network Interface (CNI) is a standard way to connect and manage networking for containers in Kubernetes. It is a set of standards defined by Kubernetes for configuring container network interfaces and maintaining connectivity between pods in a dynamic environment where network peers are constantly being created and destroyed.
Those standards are implemented by CNI plugins. A CNI plugin is Continue reading
Arista Radius Administrator Login with Cisco ISE
Let’s assume a simple scenario. You have two different teams managing your Arista devices. One team is made up of network administrators who need full access to the devices. The other team only needs limited access and should not be able to make any configuration changes.
A common way to handle this is by using role-based access with Radius. You can assign different privilege levels based on who is logging in, without creating local users on every device. In this post, we will look at how to achieve this using Cisco ISE and Radius. You do not have to use Cisco ISE, any Radius server can do the job, but this post focuses on Cisco ISE since it is commonly used in enterprise environments.
Configuring AAA on Arista EOS Devices Using TACACS+ and ISE
In this blog post, let’s look at how to configure TACACS+ authentication on Arista EOS devices using Cisco ISE. When someone tries to log in to the device
Suresh Vinasiththamby
Overview
For this example, we will have two users, each belonging to a different group with different access requirements.
- bob is part of the network-admin group and needs full access
- brad is part of the Continue reading
Merry Christmas And Happy New 2026 Year
Dear friends,
Thank you so much for reading our blog, for all your questions and interesting discussions. You are amazing audience, thanks for being with us.
It is absolute pleasure to wish each and every of you Merry Christmas! Let the coming year be successful, healthy and prosperous for you and your beloved ones. And for now, have a wonderful Christmas time.
Yours sincerely,
Team Karneliuk
How Workers powers our internal maintenance scheduling pipeline
Cloudflare has data centers in over 330 cities globally, so you might think we could easily disrupt a few at any time without users noticing when we plan data center operations. However, the reality is that disruptive maintenance requires careful planning, and as Cloudflare grew, managing these complexities through manual coordination between our infrastructure and network operations specialists became nearly impossible.
It is no longer feasible for a human to track every overlapping maintenance request or account for every customer-specific routing rule in real time. We reached a point where manual oversight alone couldn't guarantee that a routine hardware update in one part of the world wouldn't inadvertently conflict with a critical path in another.
We realized we needed a centralized, automated "brain" to act as a safeguard — a system that could see the entire state of our network at once. By building this scheduler on Cloudflare Workers, we created a way to programmatically enforce safety constraints, ensuring that no matter how fast we move, we never sacrifice the reliability of the services on which our customers depend.
In this blog post, we’ll explain how we built it, and share the results we’re seeing now.
Building a Continue reading
Yayoi Kusama: Seniman Polkadot yang Mengubah Dunia Seni Modern
Daftar Pustaka
Perjalanan Hidup Awal yang Penuh Imajinasi
Kisah hidup Yayoi Kusama selalu menarik perhatian banyak pencinta seni. Ia lahir di Matsumoto, Jepang, dan tumbuh dalam lingkungan yang penuh tekanan keluarga. Meski demikian, ia justru menemukan pelarian melalui seni. Imajinasi visualnya berkembang sejak kecil. Ia sering melihat pola berulang yang memenuhi ruang di sekitarnya. Fenomena itu kemudian membentuk identitas artistiknya di masa depan.
Selain itu, Kusama mulai menggambar polkadot sejak usia belia. Pola tersebut muncul dari pengalaman visual yang terus menyertainya. Walau hidupnya tak mudah, Kusama berhasil mengubah kesulitan itu menjadi kekuatan kreatif. Gaya avant-garde miliknya terbentuk dari keberaniannya menolak batas. Karena itu, banyak kritikus menilai konsistensi gagasannya berbeda dibanding seniman lain pada zamannya.
Namun perjalanan menuju panggung dunia tidak terjadi secara instan. Kusama harus menghadapi banyak penolakan. Tetapi tekadnya kuat. Ia terus berkarya dan mencari tempat yang bisa menerima suaranya. Sikap tersebut kemudian menjadi pondasi kesuksesannya.
Era New York dan Lahirnya Seni Eksperimental
Pada tahun 1950-an, Yayoi Kusama mengambil keputusan besar. Ia pindah ke New York untuk mengejar mimpi besar di dunia seni internasional. Kota Continue reading
Code Orange: Fail Small — our resilience plan following recent incidents
On November 18, 2025, Cloudflare’s network experienced significant failures to deliver network traffic for approximately two hours and ten minutes. Nearly three weeks later, on December 5, 2025, our network again failed to serve traffic for 28% of applications behind our network for about 25 minutes.
We published detailed post-mortem blog posts following both incidents, but we know that we have more to do to earn back your trust. Today we are sharing details about the work underway at Cloudflare to prevent outages like these from happening again.
We are calling the plan “Code Orange: Fail Small”, which reflects our goal of making our network more resilient to errors or mistakes that could lead to a major outage. A “Code Orange” means the work on this project is prioritized above all else. For context, we declared a “Code Orange” at Cloudflare once before, following another major incident that required top priority from everyone across the company. We feel the recent events require the same focus. Code Orange is our way to enable that to happen, allowing teams to work cross-functionally as necessary to get the job done while pausing any other work.
The Code Continue reading
Innovating to address streaming abuse — and our latest transparency report
Cloudflare's latest transparency report — covering the first half of 2025 — is now live. As part of our commitment to transparency, Cloudflare publishes such reports twice a year, describing how we handle legal requests for customer information and reports of abuse of our services. Although we’ve been publishing these reports for over 10 years, we’ve continued to adapt our transparency reporting and our commitments to reflect Cloudflare’s growth and changes as a company. Most recently, we made changes to the format of our reports to make them even more comprehensive and understandable.
In general, we try to provide updates on our approach or the requests that we receive in the transparency report itself. To that end, we have some notable updates for the first half of 2025. But our transparency report can only go so far in explaining the numbers.
In this blog post, we’ll do a deeper dive on one topic: Cloudflare’s approach to streaming and claims of copyright violations. Given increased access to AI tools and other systems for abuse, bad actors have become increasingly sophisticated in the way they attempt to abuse systems to stream copyrighted content, often incorporating steps to hide their behavior. We’ve Continue reading
Happy Holidays and All the Best in 2026!
They say time goes faster as you get older, and it seems to be true. Another year has (almost) gone by.
Try to disconnect from the crazy pace of the networking world, forget the “vibe coding with AI will make engineers obsolete” stupidities (hint: Fifth Generation Languages and Natural Language Programming were all the rage in the 1980s and 1990s), and focus on your loved ones. I would also like to wish you all the best in 2026!
In the meantime, I’m working on weaning netlab off of a particular automation tool (you can always track the progress on GitHub). Expect the first results in the January netlab release.
How Istio Ambient Mode Delivers Real World Solutions
For years, platform teams have known what a service mesh can provide: strong workload identity, authorization, mutual TLS authentication and encryption, fine-grained traffic control, and deep observability across distributed systems. In theory, Istio checked all the boxes. In practice though, many teams hit a wall.
Across industries like financial services, media, retail, and SaaS, organizations told a similar story. They wanted mTLS between services to meet regulatory or security requirements. They needed safer deployment capabilities like canary rollouts and traffic splitting. They wanted visibility that went beyond IP addresses.
However, traditional sidecar based meshes came with real costs:
- High operational complexity
- Thousands of sidecars to manage
- Fragile upgrade paths
- Hard to debug failure modes
In several cases, teams started down the Istio service mesh path, only to pause or roll back entirely because the ongoing operational complexity was too high. The value of a service mesh was clear, but the service mesh architecture based on sidecars was not sustainable for many production environments.
The Reality Platform Teams Have Been Living With
In many cases, organizations evaluated service meshes with clear goals in mind. They wanted mTLS between services, better control over traffic during deployments, and observability that could keep up. Continue reading
Hedge 291: The Assault on Standards
As the Internet centralizes and gets “big,” standards are often being sidelined or consumed. What are the possible results of abandoning standards? Is there anything “normal network engineers” can do about it?
download
IPB190: IPv6 in Kubernetes Deployments
Kubernetes is a popular container orchestration platform. Today’s IPv6 Buzz episode explores the benefits of using IPv6 in Kubernetes, and how Kubernetes uses IP addresses in both the control plane and data plane.We also address why the adoption rate is estimated to be so low, from default configurations to issues with non-IPv6-aware applications inside containers.... Read more »N4N045: Audience Follow Up & 2026 Preview
If you’re curious as to what Ethan and Holly have in store for 2026, they give you a sneak peak on today’s episode. Hint: Some of these topics might include letters like B, G, P, Q, o, S, A and I. They also take time in this episode to answer listener questions, ranging from how... Read more »Announcing support for GROUP BY, SUM, and other aggregation queries in R2 SQL
When you’re dealing with large amounts of data, it’s helpful to get a quick overview — which is exactly what aggregations provide in SQL. Aggregations, known as “GROUP BY queries”, provide a bird’s eye view, so you can quickly gain insights from vast volumes of data.
That’s why we are excited to announce support for aggregations in R2 SQL, Cloudflare's serverless, distributed, analytics query engine, which is capable of running SQL queries over data stored in R2 Data Catalog. Aggregations will allow users of R2 SQL to spot important trends and changes in the data, generate reports and find anomalies in logs.
This release builds on the already supported filter queries, which are foundational for analytical workloads, and allow users to find needles in haystacks of Apache Parquet files.
In this post, we’ll unpack the utility and quirks of aggregations, and then dive into how we extended R2 SQL to support running such queries over vast amounts of data stored in R2 Data Catalog.
Aggregations, or “GROUP BY queries”, generate a short summary of the underlying data.
A common use case for aggregations is generating reports. Consider a table called “sales”, which contains Continue reading