Hedge 260: The State of the DFZ
Trends in the global BGP table–the Default Free Zone (DFZ) table–can tell us a lot about the state of the global Internet. Is the Internet growing? Is IPv6 growing, or are we still in a world of “all things IPv4?” Geoff Huston joins Tom Ammon and Russ White to review the state of the routing table from 2024.
download
Python Getters, Setters and @property Decorator
When I first started working with Python classes, some of the most confusing topics were getters, setters, and @property. There are plenty of tutorials on how to use them, but very few actually explain why do we need them or what problem do they solve. So, I thought I’d write a dedicated post covering what they are and the problems they solve. Let’s get to it.
As always, if you find this post helpful, press the ‘clap’ button. It means a lot to me and helps me know you enjoy this type of content.
Python OOP - Method vs Function and the Mystery of ‘self’
I just realized how much I didn’t understand about Python Object-Oriented Programming. I thought I knew the basics, but a few days ago, while going through a Python course, I found out I was wrong.
Suresh Vina
Python Classes
Before diving in, let's have a quick look at a Python class. Here’s a simple example of a Person class with two attributes name and age.
class Person:
def __init__(self, name, age):
self.name = name
self.age = age
I'm going to create an instance of the class called p1, passing Continue reading
Do You Need To Answer That Question?
Photo by Pixabay on Pexels.com
We’ve all been in a situation where we’re listening to a presentation or in a class where someone is sharing knowledge. The presenter or expert finishes a point and stops to take a breath or move on to the next point when you hear a voice.
“What they meant to say was…”
You can already picture the person doing it. I don’t need to describe the kind of person that does this. We all know who it is and, if you’re like me, it drives you crazy. I know it because I’ve found myself being that person several times and it’s something I’m working hard to fix.
Info to Share
People that want to chime in feel like they have important things to share. Maybe they know something deeper about the subject. Perhaps they’ve worked on a technology and have additional information to add to the discussion. They mean well. They’re eager to add to the discussion. They mean well. Most of the time.
What about the other times? Maybe it’s someone that thinks they’re smarter than the presenter. I know I’ve had to deal with that plenty of times. It could be an Continue reading
Network Automation and AI at NANOG 93
The dominant theme of the presentations this time around at NANOG 93 was the combination of automation of network command and control and the application of Artificial Intelligence tools to this control function. The interest in AI appears to have heightened of late, and while the hype levels are impressive even for an industry that can get totally fixated on hype, the deliverables so far still appear to fall somewhat short.Loopback as a Service
Methods of steering traffic into MPLS and Segment Routing LSP is one of the least standardized and most confusing parts of traffic engineering.
The mess of nexthop resolution
Despite some existing interoperability issues, in general, the MPLS and SR control …
Helping civil society monitor attacks with the CyberPeaceTracer and Cloudflare Email Security
Civil society organizations have always been at the forefront of humanitarian relief efforts, as well as safeguarding civil and human rights. These organizations play a large role in delivering services during crises, whether it is fighting climate change, support during natural disasters, providing health services to marginalized communities and more.
What do many of these organizations have in common? Many times, it’s cyber attacks from adversaries looking to steal sensitive information or disrupt their operations. Cloudflare has seen this firsthand when providing free cybersecurity services to vulnerable groups through programs like Project Galileo, and found that in aggregate, organizations protected under the project experience an average of 95 million attacks per day. While cyber attacks are a problem across all industries in the digital age, civil society organizations are disproportionately targeted, many times due to their advocacy, and because attackers know that they typically operate with limited resources. In most cases, these organizations don’t even know they have been attacked until it is too late.
Over the last 10 years of Project Galileo, we’ve had the opportunity to work more closely with leading civil society organizations. This has led to a number of exciting new partnerships, Continue reading
Large Language Model (LLM) – Part 2/2: Transformer Architecture
Introduction
Sequence-to-sequence (seq2seq) language translation and Generative Pretrained Transformer (GPT) models are subcategories of Natural Language Processing (NLP) that utilize the Transformer architecture. Seq2seq models are typically using Long Short-Term Memory (LSTM) networks or encoder-decored based Transformers. In contrast, GPT is an autoregressive language model that uses decoder-only Transformer mechanism. The purpose of this chapter is to provide an overview of the decoder-only Transformer architecture.
The Transformer consists of stacks of decoder modules. A word embedding vector, a result of the word tokenization and embbeding, is fed as input to the first decoder module. After processing, the resulting context vector is passed to the next decodeer, and so on. After the final decoder, a softmax layer evaluates the output against the complete vocabulary to predict the next word. As an autoregressive model, the predicted word vector from the softmax layer is converted into a token before being fed back into the subsequent decoder layer. This process involves a token-to-word vector transformation prior to re-entering the decoder.
Each decoder module consists of an attention layer, Add & Normalization layer and a feedforward neural network (FFNN). Rather than feeding the embedded word vector (i.e., token embedding plus positional encoding) directly Continue reading
Hedge 259: Architecture and Process
We often try to “institutionalize” things that work into repeatable processes—and most of the time, it doesn’t work. The process ends up becoming unwieldy, eventually failing to prevent failures and stifling innovation. How can we get out of this rut? Differentiating between architecture and process. Far too many IT shops try to replace architecture with process. Our second topic for this episode is the destructive lies of the tool trope. Tools are not “neutral,” they impact the way we think and work. A primary example of a tool that can often reshape our thinking and doing in very negative ways is … the process.
Searching for the cause of hung tasks in the Linux kernel
Depending on your configuration, the Linux kernel can produce a hung task warning message in its log. Searching the Internet and the kernel documentation, you can find a brief explanation that the kernel process is stuck in the uninterruptable state and hasn’t been scheduled on the CPU for an unexpectedly long period of time. That explains the warning’s meaning, but doesn’t provide the reason it occurred. In this blog post we’re going to explore how the hung task warning works, why it happens, whether it is a bug in the Linux kernel or application itself, and whether it is worth monitoring at all.
The hung task message in the kernel log looks like this:
INFO: task XXX:1495882 blocked for more than YYY seconds.
Tainted: G O 6.6.39-cloudflare-2024.7.3 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:XXX state:D stack:0 pid:1495882 ppid:1 flags:0x00004002
. . .Processes in Linux can be in different states. Some of them are running or ready to run on the CPU — they are in the TASK_RUNNING state. Others are waiting for some signal or event to happen, e.g. network packets to arrive or terminal input Continue reading
Pike is wrong on bloat
This is my response to Rob Pike’s words On Bloat.
I’m not surprised to see this from Pike. He’s a NIH extremist. And yes, in this aspect he’s my spirit animal when coding for fun. I’ll avoid using a framework or a dependency because it’s not the way that I would have done it, and it doesn’t do it quite right… for me.
And he correctly recognizes the technical debt that an added dependency involves.
But I would say that he has two big blind spots.
-
He doesn’t recognize that not using the available dependency is also adding huge technical debt. Every line of code you write is code that you have to maintain, forever.
-
The option for most software isn’t “use the dependency” vs “implement it yourself”. It’s “use the dependency” vs “don’t do it at all”. If the latter means adding 10 human years to the product, then most of the time the trade-off makes it not worth doing at all.
He shows a dependency graph of Kubernetes. Great. So are you going to write your own Kubernetes now?
Pike is a good enough coder that he can write his own editor (wikipedia: “Pike has written many text Continue reading
Automatic Audit Logs: new updates deliver increased transparency and accountability
Audit logs are a critical tool for tracking and recording changes, actions, and resource access patterns within your Cloudflare environment. They provide visibility into who performed an action, what the action was, when it occurred, where it happened, and how it was executed. This enables security teams to identify vulnerabilities, ensure regulatory compliance, and assist in troubleshooting operational issues. Audit logs provide critical transparency and accountability. That's why we're making them "automatic" — eliminating the need for individual Cloudflare product teams to manually send events. Instead, audit logs are generated automatically in a standardized format when an action is performed, providing complete visibility and ensuring comprehensive coverage across all our products.
We're excited to announce the beta release of Automatic Audit Logs — a system that unifies audit logging across Cloudflare products. This new system is designed to give you a complete and consistent view of your environment’s activity. Here’s how we’ve enhanced our audit logging capabilities:
Standardized logging: Previously, audit logs generation was dependent on separate internal teams, which could lead to gaps and inconsistencies. Now, audit logs are automatically produced in a seamless and standardized way, eliminating Continue reading
Projects to Work On – the AI Recommendations
Vini Motta decided to use AI on ipSpace.net content to find what it would recommend as the projects to work on in order to become employable in 2025. Here are the results he sent me; my comments are inline on a gray background.
- Network Automation with Python
- Project: Automate basic network tasks like device configuration, backup, or monitoring using Python scripts.
Point-to-Point Links in Virtual Labs
In the previous blog post, I described the usual mechanisms used to connect virtual machines or containers in a virtual lab, and the drawbacks of using Linux bridges to connect virtual network devices.
In this blog post, we’ll see how KVM/QEMU/libvirt/Vagrant use UDP tunnels to connect virtual machines, and how containerlab creates point-to-point vEth links between Linux containers.
Offline celebrations: how Christmas, NYE, and Lunar New Year festivities shape online behavior
Now that 2025 has been here for a few weeks and 2024 has closed with a variety of year-end traditions — from Christmas and Hanukkah celebrations to New Year’s Eve (NYE) countdowns, as well as celebrations of Orthodox Christmas, and Lunar/Chinese New Year — let’s examine how these events have shaped online behavior across continents and cultures. Reflecting on Christmas and NYE 2024 provides insights into how these trends compared with those of the previous year, as detailed in an earlier blog.
One notable finding is the remarkable consistency in human online patterns from one year to the next, a trend that persists despite cultural differences among countries. Data from over 50 countries reveal how people celebrated in 2024–2025, offering a timely reminder of typical holiday trends. While Christmas remains a dominant influence in many regions, other cultural and religious events — such as Hanukkah and local festivities — also shape online habits where Western traditions hold less sway.
In regions where Christmas is deeply rooted, Internet traffic dips significantly during Christmas Eve dinners, midnight masses, morning gift exchanges, and Christmas Day lunches, a pattern evident in both our previous and current analyses.
This analysis focuses exclusively on non-bot Internet Continue reading
Why use an SDN controller for RSVP-TE
Despite many advantages of Segment Routing, some networks still prefer to use RSVP for traffic engineering – and they can have good reasons for this. Is there any value of SDN controller with RSVP-TE, compared to configuring policies on each …
Tagged VLAN 1 In a Trunk Is a Really Bad Idea
It all started with a netlab issue describing different interpretations of VLAN 1 in a trunk. While Cumulus NVUE (the way the netlab configuration template configures it) assumes that the VLAN 1 in a trunk is tagged, Arista EOS assumes it’s the native VLAN.
At that point, I should have said, “that’s crazy, we shouldn’t allow that” and enforce the “VLAN 1 has to be used as a native VLAN” rule. Alas, 20/20 hindsight never helped anyone.
TL&DR: Do not use VLAN 1 in VLAN trunks; if you have to, use it as a native VLAN.
NB513: UK Demands Apple Backdoor; AI Spending: Can’t Stop, Won’t Stop
Take a Network Break! We start with some red alerts for Cisco ISE, Zyxel, Microsoft, and a Web manager suite called WeGIA. US senators and security experts sound the alarm about DOGE employees introducing security and stability risks in sensitive US government systems, security researchers demonstrate the effectiveness of supply chain attacks that start with... Read more »Tech Bytes: When the Internet Is Your Network, Catchpoint IPM Provides Critical Visibility (Sponsored)
Today on the Tech Bytes podcast we dive into Digital Experience Monitoring and Internet Performance Monitoring with sponsor Catchpoint. As more users rely on SaaS and cloud for applications, the Internet has essentially become a business-critical network. But how can you, a network engineer, be expected to manage the Internet? Enter Internet Performance Monitoring, or... Read more »QUIC action: patching a broadcast address amplification vulnerability
Cloudflare was recently contacted by a group of anonymous security researchers who discovered a broadcast amplification vulnerability through their QUIC Internet measurement research. Our team collaborated with these researchers through our Public Bug Bounty program, and worked to fully patch a dangerous vulnerability that affected our infrastructure.
Since being notified about the vulnerability, we've implemented a mitigation to help secure our infrastructure. According to our analysis, we have fully patched this vulnerability and the amplification vector no longer exists.
QUIC is an Internet transport protocol that is encrypted by default. It offers equivalent features to TCP (Transmission Control Protocol) and TLS (Transport Layer Security), while using a shorter handshake sequence that helps reduce connection establishment times. QUIC runs over UDP (User Datagram Protocol).
The researchers found that a single client QUIC Initial packet targeting a broadcast IP destination address could trigger a large response of initial packets. This manifested as both a server CPU amplification attack and a reflection amplification attack.
When using TCP and TLS there are two handshake interactions. First, is the TCP 3-way transport handshake. A client sends a SYN packet to a server, it responds with Continue reading