NANOG 96
NANOG 96 was held in February 2026 at San Francisco. Here are my impressions on some of the presentations that were made at that meeting.Shedding old code with ecdysis: graceful restarts for Rust services at Cloudflare
ecdysis | ˈekdəsəs |
noun
the process of shedding the old skin (in reptiles) or casting off the outer cuticle (in insects and other arthropods).
How do you upgrade a network service, handling millions of requests per second around the globe, without disrupting even a single connection?
One of our solutions at Cloudflare to this massive challenge has long been ecdysis, a Rust library that implements graceful process restarts where no live connections are dropped, and no new connections are refused.
Last month, we open-sourced ecdysis, so now anyone can use it. After five years of production use at Cloudflare, ecdysis has proven itself by enabling zero-downtime upgrades across our critical Rust infrastructure, saving millions of requests with every restart across Cloudflare’s global network.
It’s hard to overstate the importance of getting these upgrades right, especially at the scale of Cloudflare’s network. Many of our services perform critical tasks such as traffic routing, TLS lifecycle management, or firewall rules enforcement, and must operate continuously. If one of these services goes down, even for an instant, the cascading impact can be catastrophic. Dropped connections and failed requests quickly lead to degraded customer performance and business impact.
When Continue reading
Hedge 295: Specialization
Should network engineers focus on specializing in one technology, vendor, or solution, or should they think about building a diverse skill set? Eyvonne, Tom, and Russ discuss the advantages of each, how these options relate to the future of network engineering, and skill diversification.
download
Worth Reading 021326
https://blog.apnic.net/2026/02/06/from-roots-to-reach-network-resilience-in-natural-disasters/
When communication networks break down, people cannot report their condition, responders lose situational awareness, and entire communities risk slipping beyond the reach of coordinated assistance. Network failure does not merely accompany disaster — it reshapes the human consequences.
Amid this “worldwide” economic backdrop, nuclear energy presents an affordable alternative to unreliable electricity sources like wind and solar. Economically, it makes no sense to abandon working production methods until new ones can replace the existing and future demand. World citizens are facing this reality in higher electricity prices.
https://www.potaroo.net/ispcol/2026-02/ipasn.html
There have been a number of services that allow a lookup of an IP address or Autonomous System Number (ASN) and return information about that IP number resource. The Regional Internet Registries (RIRs) each operate a database that records (among other data items) the number resource and the details of the entity that is described in the relevant number registration record.
On February 5, the FCC issued a Memorandum and Order related to a pole attachment dispute between Comcast and Appalachian Power Company (APCO).
https://blog.apnic.net/2026/02/10/the-current-state-of-rdap/
While whois remains Continue reading
s start with hosting, and the key point here is that resource pools to host AI agents are not the answer. There are multiple reasons for this, but the main one is LIU008: Breaking Barriers: Thriving as a Woman in Tech
Kevin and Alexis sit down with Melissa Brooks, a Senior Cloud Engineer at Aritzia, to discuss how she went from being a “terrible waitress” to going back to school for a diploma in network security. They explore how she used a strategic, “reverse engineered” approach to goal setting to land on a career in tech.... Read more »The Inattention Economy
Million Dollar Home Page by Alex Tew – http://milliondollarhomepage.com/, Fair use, https://en.wikipedia.org/w/index.php?curid=20132455
I need you to try to do something very hard for me. I need you to read this entire blog post. I don’t think it’s going to be hard because I’m going to use big words or highly technical terms. I don’t think it’s going to be hard because of the subject matter. It’s going to be hard because you’re going to get interrupted. In fact, I’m willing to be you got some notification before you ever finished this paragraph.
I didn’t realize just how scattered my attention was until a close friend pointed it out to me. She mentioned that I was always checking my watch for notifications. I didn’t realize it until someone that wasn’t around me all the time saw it. I stepped back and honestly asked myself why I was getting so many notifications. In the back of my mind I knew I was getting too many because when I go on a run my watch won’t stop buzzing with all the things that I don’t even bother to check. That’s when I realized my attention was beyond Continue reading
Introducing Markdown for Agents
The way content and businesses are discovered online is changing rapidly. In the past, traffic originated from traditional search engines, and SEO determined who got found first. Now the traffic is increasingly coming from AI crawlers and agents that demand structured data within the often-unstructured Web that was built for humans.
As a business, to continue to stay ahead, now is the time to consider not just human visitors, or traditional wisdom for SEO-optimization, but start to treat agents as first-class citizens.
Feeding raw HTML to an AI is like paying by the word to read packaging instead of the letter inside. A simple ## About Us on a page in markdown costs roughly 3 tokens; its HTML equivalent – <h2 class="section-title" id="about">About Us</h2> – burns 12-15, and that's before you account for the <div> wrappers, nav bars, and script tags that pad every real web page and have zero semantic value.
This blog post you’re reading takes 16,180 tokens in HTML and 3,150 tokens when converted to markdown. That’s a 80% reduction in token usage.
Markdown has quickly become the lingua franca for agents and AI systems as a whole. The format’s explicit structure Continue reading
Kubernetes Network Observability: Comparing Calico, Cilium, Retina, and Netobserv
Calico, Cilium, Retina, and Netobserv: Which Observability Tool is Right for Your Kubernetes Cluster? Network observability is a tale as old as the OSI model itself and anyone who has managed a network or even a Kubernetes cluster knows the feeling: a service suddenly can’t reach its dependency, a pod is mysteriously offline, and the Slack alerts start rolling in. Investigating network connectivity issues in these complex, distributed environments can be incredibly time consuming. Without the right tools, the debugging process often involves manually connecting to each node, running tcpdump on multiple machines, and piecing together logs to find the root cause. A path that often leads to frustration and extended downtime.
This is the problem that Kubernetes Network Observability was built to solve. By deploying distributed observers, these cloud-native solutions take the traditional flow entries and enrich them with Kubernetes flags and labels to allow Kubernetes users to get insight into the inner workings of their clusters.
This blog post aims to give you a rundown of the leading solutions in the CNCF ecosystem, and compare how they track a packet’s journey across your cluster.
Feature Comparison Matrix
Before diving into the specifics, let’s look at how these four Continue reading
TCG068: Agents and Identity – Navigating What We Can’t Predict
We’ve spent a decade figuring out how to (more or less) securely authenticate humans. Now AI agents are crashing the party, and identity just got a whole lot more complicated. Today we sit down with Dan Moore, Senior Director of CIAM Strategy and Identity Standards at FusionAuth, to explore the collision course between artificial intelligence... Read more »NAN113: What Works, and What Doesn’t, in Network Automation Projects
Today we are joined by Matt Remke, who has spent years in the trenches of network automation projects as a consultant. Matt offers a unique, non-engineer perspective on scaling network automation in real-world, complex environments for some of the world’s largest companies. Matt shares what worked, what backfired, and the hard-earned lessons he has gained... Read more »netlab 26.02: KinD support, more EVPN/VXLAN
netlab release 26.02 is out, including the usual potpourri of goodies:
- Support for Kubernetes (KinD) clusters based on work by @wnagele
- Layer-2 EVPN/VXLAN support on Cat8000v, IOL, and IOLL2
- netlab graph command can create graphs from a subset of nodes or links
- You can specify the parameters of core links in the fabric plugin
- OSPFv3 reports
The fun part, however, are the new container configuration methods:
PP096: Taking Note of a Notepad++ Attack; Telnet and NTLM Are Still a Thing?
Everything old is new again in today’s Packet Protector news roundup, as a decade-old Telnet exploit resurfaces, and Microsoft unfolds its roadmap to phase out the ancient NTLM protocol. In other news, Google takes down a sprawling residential proxy network, the popular Notepad++ app takes steps to recover from a serious compromise, and a Polish... Read more »HS124: Administration DDoS on AI Regulation
The recent U.S. Executive Order 14365, Ensuring a National Policy Framework for Artificial Intelligence, is the administration’s latest attempt to prevent the enforcement of most of the AI laws passed in individual US states. Because it is only an executive order (EO), it cannot directly nullify, supersede, forestall, or put a pause on state-level laws.... Read more »
Multicast PIM Auto RP (V)
In the previous posts in this series, we covered the basics of multicast, IGMP, PIM Dense Mode, and PIM Sparse Mode. In the Sparse Mode post, we manually configured the RP address on every router in the network. This works fine in a small lab, but in a larger network with many routers, it becomes difficult to manage. If the RP changes, you have to update the configuration on every single router.
Multicast PIM Sparse Mode
Sparse Mode only sends traffic to parts of the network that explicitly request it. Routers with interested receivers send Join messages toward
Suresh Vinasiththamby
AutoRP solves this problem by allowing routers to dynamically learn the RP address. Instead of manually configuring the RP on each router, you configure one or more routers to announce themselves as Candidate RPs. A separate router (or the same as the Candidate RP router) called the Mapping Agent collects these announcements and distributes the RP information to all other routers in the network. This makes RP management much easier and also provides a way to implement RP redundancy.
There are two methods to dynamically learn the RP address, which are Auto-RP and Bootstrap Router (BSR). In this Continue reading
Open-Source Network Simulators (2026 Edition)
Brian Linkletter published an updated overview of open-source network simulators and emulators.
containerlab and GNS3 are clear leaders (no surprise there) with the original vrnetlab becoming abandonware (fortunately, we have Roman Dodin’s fork), which makes me think we should focus on using netlab primarily with containerlab and slowly sunset the Vagrant support, particularly considering some people actively hate the license change.
Also, if anyone feels like writing an interface (provider module) between netlab and GNS3, the pull request would be most welcome 😎
Any thoughts? Please leave a comment!
NB561: Kubernetes Retires Ingress NGINX; Are Data Centers Headed for Orbit?
Take a Network Break! We start with a trio of follow-ups, including a correction regarding Mplify certifications, Cisco proposing new OSI layers, and free-space optics. Our Red Alert sounds off about a remote code execution vulnerability in the Ivanti Endpoint Manager Mobile agent. On the news front, Broadcom announces new silicon for wireless APs for... Read more »Fast Arista cEOS Container Configuration
After the enormous speedup I achieved with the FRR containers, I tried to do something similar with the Arista cEOS ones. After all, Arista’s pretty open about running its software on standard Linux, so it should be possible to map host-side configuration files into container-side scripts and execute them, right?
There was just one tiny gotcha: all netlab-generated EOS configuration files are device configuration snippets that are intended to be submitted via EOS CLI, and I didn’t feel like cracking open the netmiko documentation (that’s another backburner project).
However, Arista cEOS includes this magic command called FastCli ;)
From the Stupid DNS Tricks Department: ipasn.net
It's quite surprising what you can do in the DNS when you break out of the conventional contsraints and adopt a more flexible view of the DNS query/response model.The Twin Engine Strategy That Propels AWS Is Working Well
Like Google and Meta Platforms, Amazon knows exactly how to infuse AI into its business operations such as online retail, transportation, advertising, and even the Amazon Web Services cloud. …
The Twin Engine Strategy That Propels AWS Is Working Well was written by Timothy Prickett Morgan at The Next Platform.