If you work with Juniper hardware and have never used the Juniper Port Checker, you are missing out on a really useful tool. It is part of the Juniper Pathfinder suite and it gives you a visual representation of the front panel of a device and lets you configure port speeds to validate that your...
The post Juniper Port Checker – Validate Port Speed Mappings Before You Deploy first appeared on Fryguy's Blog.I have been meaning to put together some network tools for a while now, and I finally got around to it. I added a new Network Tools section to the site with eight tools that I find myself needing on a regular basis. They all run in the browser – nothing gets sent to a...
The post New Network Tools Section first appeared on Fryguy's Blog.Cloudflare's mission has always been to help build a better Internet. Sometimes that means building for the Internet as it exists. Sometimes it means building for the Internet as it's about to become.
Today, we're kicking off Agents Week, dedicated to building the Internet for what comes next.
The cloud, as we know it, was a product of the last major technological paradigm shift: smartphones.
When smartphones put the Internet in everyone's pocket, they didn't just add users — they changed the nature of what it meant to be online. Always connected, always expecting an instant response. Applications had to handle an order of magnitude more users, and the infrastructure powering them had to evolve.
The approach the industry converged on was straightforward: more users, more copies of your application. As applications grew in complexity, teams broke them into smaller pieces — microservices — so each team could control its own destiny. But the core principle stayed the same: a finite number of applications, each serving many users. Scale meant more copies.
Kubernetes and containers became the default. They made it easy to spin up instances, Continue reading
Even though UniFi released the UTR (UniFi Travel Router) a while back, I've been researching it and trying to find a use case for myself. Fast forward to today, and even though I still don't have a clear use case for it, I bought it purely based on vibes.
It was out of stock pretty much all the time in the UK store, and even when it came back in stock, it would sell out within minutes. I happened to be checking their site one day and noticed it was available, so I ordered it right away. It costs £90 including delivery.
The UTR is a small (like very tiny), portable router that you can take anywhere with you. It fits in your pocket. It supports both 2.4GHz and 5GHz bands and can connect to an upstream network via Wi-Fi or Ethernet. If you are into the UniFi ecosystem, in a nutshell, it can extend your home network wherever you go.
It is a small device, measuring 95.95 x 65 x 12.5 mm and weighing just 89g, so it genuinely fits in your pocket. It runs WiFi 5 with 2x2 MIMO Continue reading
I’ve previously blogged about RustRadio, my GNU Radio like framework for writing software defined radio applications in Rust. And now there’s more progress of an interesting kind.
Anything that tries to do something similar to GNU Radio needs a few things:
In addition to these, GNU Radio also has the excellent GNU Radio Companion for interactive creation of flowgraphs, but I’m not tackling that yet.
I have a core framework, and some components (blocks). But the UI has been a bit lacking.
I’ve played around with TUI applications, but I always knew I also wanted to support having a UI in the browser. I’m not as interested in adding support for QT or Windows native UI. The browser will do fine.
There are two ways to get the UI in the browser:
While I’ll want (1) eventually, and have some ideas about that, this post is about running everything in the browser, using Wasm.
I know that this is just scratching the surface Continue reading
Cloudflare’s global network and backbone in 2026.
Cloudflare's network recently passed a major milestone: we crossed 500 terabits per second (Tbps) of external capacity.
When we say 500 Tbps, we mean total provisioned external interconnection capacity: the sum of every port facing a transit provider, private peering partner, Internet exchange, or Cloudflare Network Interconnect (CNI) port across all 330+ cities. This is not peak traffic. On any given day, our peak utilization is a fraction of that number. (The rest is our DDoS budget.)
It’s a long way from where we started. In 2010, we launched from a small office above a nail salon in Palo Alto, with a single transit provider and a reverse proxy you could set up by changing two nameservers.
Our first transit provider was nLayer Communications, a network most people now know as GTT. nLayer gave us our first capacity and our first hands-on company experience in peering relationships and the careful balance between cost and performance.
From there, we grew city by city: Chicago, Ashburn, San Jose, Amsterdam, Tokyo. Each new data center meant negotiating colocation contracts, pulling fiber, racking servers, and establishing peering through Continue reading
What are networking fundamentals, and why are they important? Join us for this repost of a classic Hedge discussion with Ethan, Eyvonne, Tom, and Russ.
download
While according to the GIFEE True Believers™, Docker is dead and Kubernetes rules the world, people who want to have a bit of life might be perfectly happy running “obsolete” stuff like Docker on their laptops or Linux VMs.
If you happen to be one of the latter, you might like the Introduction to Docker webinar I put together a few years ago. It’s now public; you can watch it with an ipSpace.net account.
Looking for more binge-watching materials? You’ll find them here.
Linux malware often hides in Berkeley Packet Filter (BPF) socket programs, which are small bits of executable logic that can be embedded in the Linux kernel to customize how it processes network traffic. Some of the most persistent threats on the Internet use these filters to remain dormant until they receive a specific "magic" packet. Because these filters can be hundreds of instructions long and involve complex logical jumps, reverse-engineering them by hand is a slow process that creates a bottleneck for security researchers.
To find a better way, we looked at symbolic execution: a method of treating code as a series of constraints, rather than just instructions. By using the Z3 theorem prover, we can work backward from a malicious filter to automatically generate the packet required to trigger it. In this post, we explain how we built a tool to automate this, turning hours of manual assembly analysis into a task that takes just a few seconds.
Before we look at how to deconstruct malicious filters, we need to understand the engine running them. The Berkeley Packet Filter (BPF) is a highly efficient technology that allows the kernel to pull specific packets from the network Continue reading
FRRouting release 10.6 promised “BGP IPv6 VTEP support,” claiming “it enables EVPN deployments using IPv6 tunnel endpoints while maintaining full backward compatibility with IPv4 VTEPs.” Of course, I had to try it out, and since we already have EVPN over IPv6 running on Arista EOS (since netlab release 26.01), I decided to set up a simple lab with an Arista cEOS device running release 4.35.2F and the latest FRRouting container.
I was not exactly surprised when it did not work. While Arista accepted FRRouting EVPN routes, the FRRouting BGP daemon rejected routes sent by Arista EOS:
Cloudflare is accelerating its post-quantum roadmap. We now target 2029 to be fully post-quantum (PQ) secure including, crucially, post-quantum authentication.
At Cloudflare, we believe in making the Internet private and secure by default. We started by offering free universal SSL certificates in 2014, began preparing our post-quantum migration in 2019, and enabled post-quantum encryption for all websites and APIs in 2022, mitigating harvest-now/decrypt-later attacks. While we’re excited by the fact that over 65% of human traffic to Cloudflare is post-quantum encrypted, our work is not done until authentication is also upgraded. Credible new research and rapid industry developments suggest that the deadline to migrate is much sooner than expected. This is a challenge that any organization must treat with urgency, which is why we’re expediting our own internal Q-Day readiness timeline.
What happened? Last week, Google announced they had drastically improved upon the quantum algorithm to break elliptic curve cryptography, which is widely used to secure the Internet. They did not reveal the algorithm, but instead provided a zero-knowledge proof that they have one.
This is not even the biggest breakthrough. That same day, Oratomic published a resource estimate for breaking RSA-2048 and P-256 on a neutral atom computer. For Continue reading
