Focus is In for 2026

Hey everyone. It’s January 1 again, which means it’s time for me to own up to the fact that I wrote five posts in 2025. Two of those were about AI. Not surprising given that everyone was talking about it. But that seemed to be all I was talking about. What else was I doing instead?

  • I upped my running amount drastically. I covered over 1,600 miles this year. I ran another half marathon distance for the first time in four years. I feel a lot better about my health and my consistency because now running is something I prioritize. I don’t think I’m going to run quite so much in 2026 but you never know.
  • I revitalized a podcast. We relaunched Security Boulevard with big help from my coworker Corey Dirrig. We’ve got a great group of hosts that discuss weekly security topics. You should totally check it out.
  • I’m also doing more with things like Techstrong Gang and other Futurum Group media. That’s in addition to the weekly Tech Field Day Rundown I host with Alastair Cooke. Lots of video!
  • For those that follow my Scouting journey, I was asked to be an Assistant District Commissioner with the Continue reading

Getting DNS Right: Principles for Effective Monitoring

This is the second of two parts. Read Part 1: How to Get DNS Right: A Guide to Common Failure Modes Monitoring DNS is not simply a matter of checking whether a record resolves. A comprehensive approach follows four key principles: Test from multiple networks and regions to avoid blind spots. Validate both correctness and speed, since slow answers can harm user flows even when technically valid. Measure continuously, not periodically, because many issues manifest as short-lived or regionalized incidents. Compare control plane changes to real-world propagation patterns to ensure updates are applied as intended. DNS monitoring is most effective when it targets specific signals that reveal problems with record integrity, server behavior and real-world performance. The key groups of tests: DNS mapping. DNS record validation. DNS performance measurements. DNS Mapping Mapping tests verify that users are directed to an appropriate DNS server based on location. This matters because the closest healthy server usually provides the fastest response. If a user’s request is sent across a country or to another continent, latency increases and resilience decreases. Different managed DNS providers use different methods to determine which server responds to a query. Many compare the geographic location of the querying IP Continue reading

The Rise of AI Agents and the Reinvention of Kubernetes: Ratan Tipirneni’s 2026 Outlook

Prediction: The next evolution of Kubernetes is not about scale alone, but about intelligence, autonomy, and governance.

As part of the article ‘AI and Enterprise Technology Predictions from Industry Experts for 2026′, published by Solutions Review, Ratan Tipirneni, CEO of Tigera, shares his perspective on how AI and cloud-native technologies are shaping the future of Kubernetes.

His predictions describe how production clusters are evolving as AI becomes a core part of enterprise platforms, introducing new requirements for security, networking, and operational control.

Looking toward 2026, Tipirneni expects Kubernetes to move beyond its traditional role of running microservices and stateless applications. Clusters will increasingly support AI-driven components that operate with greater autonomy and interact directly with other services and systems. This shift places new demands on platform teams around workload identity, access control, traffic management, and policy enforcement. It also drives changes in how APIs are governed and how network infrastructure is designed inside the cluster.

Read on to explore Tipirneni’s predictions and what they mean for teams preparing Kubernetes platforms for an AI-driven future.

AI Agents Become First-Class Workloads

By 2026, Tipirneni predicts that Kubernetes environments will increasingly host agent-based workloads rather than only traditional cloud native applications. Continue reading

UET Congestion Management: Introduction

 Introduction


Figure 6-1 depicts a simple scale-out backend network for an AI data center. The topology follows a modular design, allowing the network to scale out or scale in as needed. The smallest building block in this example is a segment, which consists of two nodes, two rail switches, and one spine switch. Each node in the segment is equipped with a dual-port UET NIC and two GPUs.

Within a segment, GPUs are connected to the leaf switches using a rail-based topology. For example, in Segment 1A, the communication path between GPU 0 on Node A1 and GPU 0 on Node A2 uses Rail A0 (Leaf 1A-1). Similarly, GPU 1 on both nodes is connected to Rail A1 (Leaf 1A-2). In this example, we assume that intra-node GPU collective communication takes place over an internal, high-bandwidth scale-up network (such as NVLink). As a result, intra-segment GPU traffic never reaches the spine layer. Communication between segments is carried over the spine layer.

The example network is a best-effort (that is, PFC is not enabled) two-tier, three-stage non-blocking fat-tree topology, where each leaf and spine switch has four 100-Gbps links. Leaf switches have two host-facing links and two inter-switch links, while spine Continue reading

Great Wall Motor (GWM): Raksasa Otomotif Cina yang Mendunia

Industri otomotif Cina terus berkembang pesat. Salah satu pemain utamanya adalah Great Wall Motor atau GWM. Perusahaan ini dikenal sebagai produsen mobil andal. Mereka fokus pada SUV dan pikap. Kini, GWM sedang melangkah lebih jauh. Mereka menjadi kekuatan global yang tidak bisa dianggap remeh. Mari kita gali lebih dalam perjalanan mereka.

Perjalanan GWM Menjadi Pemimpin Pasar

GWM didirikan pada tahun 1984. Awalnya, mereka hanya memproduksi truk pikap. Produk mereka sangat populer di pasar domestik. Kemudian, mereka melihat peluang besar di pasar SUV. Mereka pun meluncurkan merek Haval. Strategi ini ternyata sangat sukses. Haval dengan cepat menjadi merek SUV terlaris di Cina. Oleh karena itu, GWM kokoh sebagai pemimpin di pasar lokal. Mereka membangun fondasi yang sangat kuat sebelum melangkah ke kancah internasional.

Strategi Cerdas dengan Multi-Brand

Untuk menjangkau pasar yang lebih luas, GWM mengadopsi strategi multi-brand. Setiap merek memiliki target pasar yang berbeda. Ini memungkinkan mereka bersaing di berbagai segmen. Strategi ini membuat portofolio GWM sangat lengkap. Berikut adalah rincian merek-merek utama mereka.

Merek
Fokus Utama
Haval SUV Mainstream
WEY SUV Premium
Ora Mobil Listrik Kompak
Tank Continue reading

What Is BGP Confederation?

What Is BGP Confederation?

By design, iBGP requires a full mesh of peerings between all routers so every router can learn routes from all other routers without loops. Prefixes learned from an iBGP peer are not advertised to another iBGP peer. This rule exists to prevent routing loops inside the autonomous system, and it is also the main reason why a full mesh is required. As the number of routers grows, maintaining this full mesh becomes complex and resource-heavy.

BGP confederations are one way to solve the scaling problems created by the BGP full mesh requirement. Another common approach is using Route Reflectors. BGP confederations break up a large autonomous system into smaller subautonomous systems (sub-ASs), reducing the number of iBGP peerings required.

BGP Route Reflectors, Originator ID and Cluster ID
This is where route reflectors come in. A route reflector reduces the need for full mesh by allowing certain routers to reflect routes to others.
What Is BGP Confederation?PacketswitchSuresh Vinasiththamby
What Is BGP Confederation?

Routers within the same sub-AS still need a full iBGP mesh, but the number of peerings is much smaller now. Connections to other confederations are made with standard eBGP, and peers outside the sub-AS are treated as external.

The confederation AS appears whole to other Continue reading

Worth Reading 122625


ASPA is now available in the RIPE NCC RPKI Dashboard, adding a way to express and validate your upstream relationships on top of ROA-based origin validation. Building on its introduction at RIPE 91, this article explains what ASPA does, why it matters, and how to start thinking about deployment.


AI bots made their presence felt this year, accounting for 4.2 percent of HTML request traffic as they trawl the web for content to be used in training models.


Multimodal tasks were the weakest area across the board, with accuracy often below 50%. This matters because these tasks involve reading charts, diagrams, or images, where a chatbot could confidently misread a sales graph or pull the wrong number from a document, leading to mistakes that are easy to miss but hard to undo.


Or, for that matter, where am I? Let’s look at location on the Internet, and how the Internet “knows” where I am.


It’s not science fiction. When a solar storm hits Earth, it can have real-world consequences, and satellite networks like Starlink are on the front lines.


Two months ago, I wrote about the competition concerns with the GenAI infrastructure boom. One of my provocative claims was Continue reading

Monitor Your Servers With Free Uptime Kuma Container

If you run a collection of servers, be they a home network lab or those powering your business, you are going to want to know the status of each server or service. That can be a real pain in the kiester if you have a lot of servers that you have to monitor regularly. Imagine if you had to log into each one of them individually to check on their status. Or, maybe you have several Docker containers that you need to keep tabs on to make sure they’re up and running. If they go down, you might even want to be alerted. What do you do? You could turn to an easy-to-use Docker container, Uptime Kuma. Uptime Kuma can monitor several services, from ping, HTTP(S), MySQL, TCP port, SMTP, SNMP, gRPC(s), DNS, Docker containers and more. Most of the service setups are fairly straightforward, and the UI is incredibly well designed. I’m going to show you how to install Uptime Kuma and add some hosts to keep an eye on. What You’ll Need To use Uptime Kuma, you’ll need a host server (or desktop) that supports Docker and some hosts to monitor. If you’re using Uptime Kuma on Linux, you’ll need a user with sudo privileges so you can install Docker. As usual, I’ll demonstrate this on Linux (specifically, Ubuntu Server 24.04). If your hosting OS is different, make sure to alter the installation instructions accordingly. If you already have Docker installed, skip to the Uptime Kuma deployment section. Ready? Let’s go. Installing Docker 1. Install the Dependencies The first step is to install the necessary dependencies with the commands: 2. Add the Official Docker GPG Key The next thing to do is add the official Docker GPG key. To do that, use the following commands: 3. Add the Correct Repository You can now add the Docker repository, which is done with the following command: Once that’s taken care of, update apt with: 4. Install Docker It’s now time to finally install Docker, which is taken care of with the command: 5. Add Your User to the Correct Group It’s required to add your user to the Docker group; otherwise, you’ll have to run Docker with admin privileges, which can lead to security issues. Add your user to the Docker group with: Log out and log back in so the changes take effect. Deploying Uptime Kuma Deploying Uptime Kuma can be done with a single command: However, before you do that, consider whether you want to monitor Docker Containers on that server. If you do, you have to bind the /var/run/docker.sock to your Uptime Kuma container, which is done with the command: Give Uptime Kuma a moment to start, and then point your browser to http://SERVER:3001 (where SERVER is the IP address of the hosting server). The first thing to do is select your language and the database you want to use (Figure 1). I chose Embedded MariaDB because it’s the easiest route. Figure 1: Choose your database wisely. You’ll then be prompted to create a new admin account (Figure 2). Figure 2: Make sure to use a strong/unique password for this account. After setting up your admin user, you’ll find yourself on the Uptime Kuma dashboard (Figure 3), where you can start adding hosts/services to monitor. Figure 3: I’ve already added a few hosts to monitor (one of which is down … gasp!). Adding a Host I’ll now show you how to add a monitor for a Docker container. The Docker container I’ll add is hosted on the same server as Uptime Kuma (as I’ve yet to figure out how to get it to work with remote containers). To monitor a container, you’ll first need to locate the container ID, which can be found using the command: Copy the full ID of the container you want to monitor. Next, go back to the Uptime Kuma dashboard and click Add New Monitor in the upper left corner. In the resulting pop-up (Figure 4), you’ll need to fill out the following information: Monitor Type: Docker container. Friendly Name: A human-readable name. Container Name / ID: The container ID to be monitored. Docker Host: You’ll have to click the + button, type localhost for the Friendly Name space, and click Save. Figure 4: Adding a Docker container for monitoring with Uptime Kuma. Click Save, and the host is added. You should immediately see it listed on the dashboard. And that’s the gist of getting Uptime Kuma up and running. With this easy-to-use tool, you can add as many servers and services as you need to monitor, so you don’t have to log into those machines individually or pay the high cost of a proprietary, complex monitoring system. The post Monitor Your Servers With Free Uptime Kuma Container appeared first on The New Stack.

FortiGate Radius Administrator Login with Cisco ISE

FortiGate Radius Administrator Login with Cisco ISE

Let’s assume a simple scenario. You have two different teams managing your FortiGate firewalls. One team is made up of network administrators who need full access to the firewalls. The other team only needs limited access and should not be able to make any configuration changes.

A common way to handle this is by using administrator profiles and a remote radius server. You can assign different admin profiles based on who is logging in, without creating local users on every firewall. In this post, we will look at how to achieve this using Cisco ISE and Radius. You do not have to use Cisco ISE, any Radius server can do the job, but this post focuses on Cisco ISE since it is commonly used in enterprise environments.

Arista Radius Administrator Login with Cisco ISE
Arista comes with two built-in roles called network-admin and network-operator. ISE then responds with either access-accept or access-reject
FortiGate Radius Administrator Login with Cisco ISEPacketswitchSuresh Vinasiththamby
FortiGate Radius Administrator Login with Cisco ISE

Overview

For this example, we will have two users, each belonging to a different group with different access requirements. In most environments, group membership is managed by something like Active Directory. For the sake of simplicity, I am going to use local identity groups on Continue reading

Air Terjun Moramo: Surga Bertingkat di Sulawesi Tenggara

Indonesia mempunyai ribuan destinasi wisata menakjubkan. Salah satu permata tersembunyinya ada di Sulawesi Tenggara. Namanya adalah Air Terjun Moramo. Tempat ini bukanlah air terjun biasa. Ia menawarkan keindahan yang sangat unik. Banyak orang menyebutnya surga yang bertingkat. Keindahannya akan membuat Anda takjub. Mari kita jelajahi pesonanya lebih lanjut.

Keunikan Air Terjun Bertingkat Moramo

Air Terjun Moramo memiliki daya tarik utama. Ia tidak terjun dari ketinggian sekali. Sebaliknya, air mengalir melewati tujuh tingkatan. Setiap tingkatan membentuk kolam alami yang indah. Airnya sangat jernih dan berwarna biru kehijauan. Anda bisa melihat dasar kolam dengan jelas. Struktur berundak inilah yang membuatnya istimewa. Ini seperti tangga raksasa buatan alam.

Selain itu, bebatuan di sekitarnya sangat halus. Hal ini memungkinkan pengunjung untuk meluncur. Anda bisa mencoba seluncuran alami dari satu kolam ke kolam lain. Tentu saja, ini adalah pengalaman yang sangat seru. Air terjun bertingkat ini terasa seperti taman air alami. Panorama di sekitarnya juga masih asri. Hutan tropis menambah kesan damai dan sejuk. Oleh karena itu, tempat ini sempurna untuk melarikan diri dari hiruk pikuk kota.

Aktivitas Seru dan Tips Menikmatinya

Berkunjung ke sini tidak hanya Continue reading

Do You Need a Service Mesh? Understanding the Role of CNI vs. Service Mesh

The world of Kubernetes networking can sometimes be confusing. What’s a CNI? A service mesh? Do I need one? Both? And how do they interact in my cluster? The questions can go on and on.

Even for seasoned platform engineers, making sense of where these two components overlap and where the boundaries of responsibility end can be challenging. Seemingly bewildering obstacles can stand in the way of getting the most out of their complementary features.

One way to cut through the confusion is to start by defining what each of them is, then look at their respective capabilities, and finally clarify where they intersect and how they can work together.

This post will clarify:

  • What a CNI is responsible for
  • What a service mesh adds on top
  • When you need one, the other, or both

What a CNI Actually Does

Container Network Interface (CNI) is a standard way to connect and manage networking for containers in Kubernetes. It is a set of standards defined by Kubernetes for configuring container network interfaces and maintaining connectivity between pods in a dynamic environment where network peers are constantly being created and destroyed.

Those standards are implemented by CNI plugins. A CNI plugin is Continue reading

Arista Radius Administrator Login with Cisco ISE

Arista Radius Administrator Login with Cisco ISE

Let’s assume a simple scenario. You have two different teams managing your Arista devices. One team is made up of network administrators who need full access to the devices. The other team only needs limited access and should not be able to make any configuration changes.

A common way to handle this is by using role-based access with Radius. You can assign different privilege levels based on who is logging in, without creating local users on every device. In this post, we will look at how to achieve this using Cisco ISE and Radius. You do not have to use Cisco ISE, any Radius server can do the job, but this post focuses on Cisco ISE since it is commonly used in enterprise environments.

Configuring AAA on Arista EOS Devices Using TACACS+ and ISE
In this blog post, let’s look at how to configure TACACS+ authentication on Arista EOS devices using Cisco ISE. When someone tries to log in to the device
Arista Radius Administrator Login with Cisco ISEPacketswitchSuresh Vinasiththamby
Arista Radius Administrator Login with Cisco ISE

Overview

For this example, we will have two users, each belonging to a different group with different access requirements.

  • bob is part of the network-admin group and needs full access
  • brad is part of the Continue reading

Merry Christmas And Happy New 2026 Year

Dear friends,

Thank you so much for reading our blog, for all your questions and interesting discussions. You are amazing audience, thanks for being with us.

It is absolute pleasure to wish each and every of you Merry Christmas! Let the coming year be successful, healthy and prosperous for you and your beloved ones. And for now, have a wonderful Christmas time.

Yours sincerely,

Team Karneliuk

How Workers powers our internal maintenance scheduling pipeline

Cloudflare has data centers in over 330 cities globally, so you might think we could easily disrupt a few at any time without users noticing when we plan data center operations. However, the reality is that disruptive maintenance requires careful planning, and as Cloudflare grew, managing these complexities through manual coordination between our infrastructure and network operations specialists became nearly impossible.

It is no longer feasible for a human to track every overlapping maintenance request or account for every customer-specific routing rule in real time. We reached a point where manual oversight alone couldn't guarantee that a routine hardware update in one part of the world wouldn't inadvertently conflict with a critical path in another.

We realized we needed a centralized, automated "brain" to act as a safeguard — a system that could see the entire state of our network at once. By building this scheduler on Cloudflare Workers, we created a way to programmatically enforce safety constraints, ensuring that no matter how fast we move, we never sacrifice the reliability of the services on which our customers depend.

In this blog post, we’ll explain how we built it, and share the results we’re seeing now.

Building a Continue reading

Yayoi Kusama: Seniman Polkadot yang Mengubah Dunia Seni Modern

Perjalanan Hidup Awal yang Penuh Imajinasi

Kisah hidup Yayoi Kusama selalu menarik perhatian banyak pencinta seni. Ia lahir di Matsumoto, Jepang, dan tumbuh dalam lingkungan yang penuh tekanan keluarga. Meski demikian, ia justru menemukan pelarian melalui seni. Imajinasi visualnya berkembang sejak kecil. Ia sering melihat pola berulang yang memenuhi ruang di sekitarnya. Fenomena itu kemudian membentuk identitas artistiknya di masa depan.

Selain itu, Kusama mulai menggambar polkadot sejak usia belia. Pola tersebut muncul dari pengalaman visual yang terus menyertainya. Walau hidupnya tak mudah, Kusama berhasil mengubah kesulitan itu menjadi kekuatan kreatif. Gaya avant-garde miliknya terbentuk dari keberaniannya menolak batas. Karena itu, banyak kritikus menilai konsistensi gagasannya berbeda dibanding seniman lain pada zamannya.

Namun perjalanan menuju panggung dunia tidak terjadi secara instan. Kusama harus menghadapi banyak penolakan. Tetapi tekadnya kuat. Ia terus berkarya dan mencari tempat yang bisa menerima suaranya. Sikap tersebut kemudian menjadi pondasi kesuksesannya.

Era New York dan Lahirnya Seni Eksperimental

Pada tahun 1950-an, Yayoi Kusama mengambil keputusan besar. Ia pindah ke New York untuk mengejar mimpi besar di dunia seni internasional. Kota Continue reading

1 2 3 3,834