The Difficulty – And Necessity – Of Parsing Out AI Spending

For a decade before the generative AI boom took off in late 2022, classical artificial intelligence, used for all kinds of self-learning predictive algorithms, was destined to be a very large component of the IT stack at most organizations in the world.

The Difficulty – And Necessity – Of Parsing Out AI Spending was written by Timothy Prickett Morgan at The Next Platform.

TL003: Leveling Up Your Team’s Skills

IT work requires ongoing training and skills development. Laura Santamaria and guest Scott Robohn discuss strategies for leveling up your team to ensure they have the skills they need. Laura and Scott talk about the need for continuous learning and explore options for encouraging skill development, even in budget-constrained environments. Good leaders should guide by... Read more »

The Evolution of PON

The evolution of wired access networks for suburban reticulation has been driven by a special set of economic and technical circumstances. Infrastructure assets are in this sector need to have an extended service life in order to by financially viable. While optical technology continues to evolve rapidly the challenge is to map this changing technology on to a fixed fibre cable plant.

How Meta Is Reinforcing its Global Network for AI Traffic

It was in 2022 when Meta engineers started to see the first clouds of an incoming storm, namely how much AI would change the nature —and volume — of the company’s network traffic. “Starting 2022, we started seeing a whole other picture,” said Meta’s Networking @Scale 2024 conference, being held this week both virtually and at Santa Clara Convention Center, in Calif. Mind you, Meta owns one of the world’s largest private backbones, a global network physically connecting 25 data centers and 85 points of presence with millions of miles of fiber optic cable, buried under both land and sea. Its reach and throughput allows someone on an Australian beach to see videos being posted by their friend in Greece nearly instantaneously. And for the past five years, this global capacity has grown consistently by 30% a year. Yet, the growing AI demands on the backbone is bumpy and difficult to predict. “The impact of large clusters, GenAI, and AGI is yet to be learned,” Sundaresan said. “We haven’t yet fully flushed out what that means for the backend.” Nonetheless, the networking team has gotten creative Continue reading

Hedge 243: The Open Radio Area Network (RAN)

The cellular network world is similar enough to the IP networking world to feel familiar, but different enough to require learning new terms and ideas. Tom Nadeau joins Tom Ammon and Russ White to discuss one element of this networking world, the RAN network, and the current move towards open source and white box disaggregated solutions.

download

Protecting APIs from abuse using sequence learning and variable order Markov chains

Consider the case of a malicious actor attempting to inject, scrape, harvest, or exfiltrate data via an API. Such malicious activities are often characterized by the particular order in which the actor initiates requests to API endpoints. Moreover, the malicious activity is often not readily detectable using volumetric techniques alone, because the actor may intentionally execute API requests slowly, in an attempt to thwart volumetric abuse protection. To reliably prevent such malicious activity, we therefore need to consider the sequential order of API requests. We use the term sequential abuse to refer to malicious API request behavior. Our fundamental goal thus involves distinguishing malicious from benign API request sequences.

In this blog post, you’ll learn about how we address the challenge of helping customers protect their APIs against sequential abuse. To this end, we’ll unmask the statistical machine learning (ML) techniques currently underpinning our Sequence Analytics product. We’ll build on the high-level introduction to Sequence Analytics provided in a previous blog post.

API sessions

Introduced in the previous blog post, let’s consider the idea of a time-ordered series of HTTP API requests initiated by a specific user. These occur as the user interacts with a service, such as while browsing Continue reading

NAN073: Some Final Words of Wisdom from Greg Ferro

This episode was recorded with Greg Ferro, co-founder of Packet Pushers, just days before his retirement in July 2024. Greg and Eric reflect on Greg’s influential career in network engineering and the evolution of the industry. Greg discusses the challenges of maintaining open-source projects amid increasing commercialization and corporate exploitation. He emphasizes the importance of... Read more »

How the Harris-Trump US presidential debate influenced Internet traffic

Much has changed in the 2024 United States presidential election since the June 27 debate between Donald Trump and Joe Biden, then the presumptive nominees for the November election. Now, over two months later, on September 10, the debate was between Kamala Harris, the Democratic nominee, and Donald Trump, the Republican nominee. In this post, we will explore the event's impact on Internet traffic in specific states where there was a bigger impact than during the Biden-Trump debate, as well as examine cyberattacks, email phishing trends, and general DNS data on candidates, news, and election-related activity.

We’ve been tracking the 2024 elections globally through our blog and election report on Cloudflare Radar, covering some of the more than 60 national elections this year. Regarding the US elections, we have previously reported on trends surrounding the first Biden vs. Trump debate, the attempted assassination of Trump, the Republican National Convention, and the Democratic National Convention.

Typically, we have observed that election days don’t come with significant changes to Internet traffic, and the same is true for debates. Yet, debates can also draw attention that impacts traffic, especially when there is heightened anticipation. The 2024 debates were not only Continue reading

Customers get increased integration with Cloudflare Email Security and Zero Trust through expanded partnership with CrowdStrike

Today, we’re excited to expand our recent Unified Risk Posture announcement with more information on our latest integrations with CrowdStrike. We previously shared that our CrowdStrike Falcon Next-Gen SIEM integration allows for deeper analysis and further investigations by unifying first- and third-party data, native threat intelligence, AI, and workflow automation to allow your security teams to focus on work that matters.

This post explains how Falcon Next-Gen SIEM allows customers to identify and investigate risky user behavior and analyze data combined with other log sources to uncover hidden threats. By combining Cloudflare and CrowdStrike, organizations are better equipped to manage risk and decisively take action to stop cyberattacks.

By leveraging the combined capabilities of Cloudflare and CrowdStrike, organizations combine Cloudflare’s email security and zero trust logging capabilities with CrowdStrike’s dashboards and custom workflows to get better visibility into their environments and remediate potential threats. Happy Cog, a full-service digital agency, currently leverages the integration. Co-Founder and President Matthew Weinberg said:

'The integration of Cloudflare’s robust Zero Trust capabilities with CrowdStrike Falcon Next-Gen SIEM enables organizations to gain a more comprehensive view of the threat landscape and take action to mitigate both internal and external risks posed by today’s security Continue reading

PMTUD in MPLS-enabled Networks

In the previous post on MSS, MSS Clamping, PMTUD, and MTU, we learned how PMTUD is performed by setting the Don’t fragment flag in the IP header which leads to the device that needs to perform fragmentation dropping the packet and sending ICMP Fragmentation needed packet towards the source. In MPLS-enabled networks, it’s not always possible to send the ICMP packet straight towards the source as the P routers have no knowledge of the customer specific networks. In RFC 3032 – MPLS Label Stack Encoding, such a scenario is described:

Suppose one is using MPLS to "tunnel" through a transit routing
domain, where the external routes are not leaked into the domain's
interior routers. For example, the interior routers may be running
OSPF, and may only know how to reach destinations within that OSPF
domain. The domain might contain several Autonomous System Border
Routers (ASBRs), which talk BGP to each other. However, in this
example the routes from BGP are not distributed into OSPF, and the
LSRs which are not ASBRs do not run BGP.

In this example, only an ASBR will know how to route to the source of
some arbitrary packet. If an interior router needs Continue reading

PP030: Volt Typhoon On the Attack, Starlink Joins the Navy, and More Security News

Today’s Packet Protector is an all-news episode. We cover the Volt Typhoon hacker group exploiting a zero-day in Versa Networks gear and a multitude of vulnerabilities in Zyxel network products. We also debate whether Microsoft’s endpoint security summit will be more than a public relations exercise, a serious backdoor in RFID cards used in offices... Read more »

HS082: Citizen Coders: Boon Or Bane?

The low-code/no-code movement means business users who aren’t programmers can create software. This capability might make these citizen coders more efficient and productive, but could also pose risks due to a lack of formal training in software development and security. Is citizen coding a boon or bane to business? Johna Johnson and John Burke discuss... Read more »

A good day to trie-hard: saving compute 1% at a time

Cloudflare’s global network handles a lot of HTTP requests – over 60 million per second on average. That in and of itself is not news, but it is the starting point to an adventure that started a few months ago and ends with the announcement of a new open-source Rust crate that we are using to reduce our CPU utilization, enabling our CDN to handle even more of the world’s ever-increasing Web traffic. 

Motivation

Let’s start at the beginning. You may recall a few months ago we released Pingora (the heart of our Rust-based proxy services) as an open-source project on GitHub. I work on the team that maintains the Pingora framework, as well as Cloudflare’s production services built upon it. One of those services is responsible for the final step in transmitting users’ (non-cached) requests to their true destination. Internally, we call the request’s destination server its “origin”, so our service has the (unimaginative) name of “pingora-origin”.

One of the many responsibilities of pingora-origin is to ensure that when a request leaves our infrastructure, it has been cleaned to remove the internal information we use to route, measure, and optimize traffic for our customers. This has to be Continue reading

Emulating congestion with Containerlab

The Containerlab dashboard above shows variation in throughput in a leaf and spine network due to large "Elephant" flow collisions in an emulated network, see Leaf and spine traffic engineering using segment routing and SDN for a demonstration of the issue using physical switches.

This article describes the steps needed to emulate realistic network performance problems using Containerlab. First, using the FRRouting (FRR) open source router to build the topology provides a lightweight, high performance, routing implementation that can be used to efficiently emulate large numbers of routers using the native Linux dataplane for packet forwarding. Second, the containerlab tools netem set command can be used to introduce packet loss, delay, jitter, or restrict bandwidth of ports.

The netem tool makes use of the Linux tc (traffic control) module. Unfortunately, if you are using Docker desktop, the minimal virtual machine used to run containers does not include the tc module.

multipass launch docker
Instead, use Multipass as a convenient way to create and start an Ubuntu virtual machine with Docker support on your laptop. If you are already on a Linux system with Docker installed, skip forward to the git clone step.
multipass ls
List the multipass virtual machines.
 Continue reading
1 2 3 3,679