Welcome to Security Week 2025
The layer of security around today’s Internet is essential to safeguarding everything. From the way we shop online, engage with our communities, access critical healthcare resources, sustain the worldwide digital economy, and beyond. Our dependence on the Internet has led to cyber attacks that are bigger and more widespread than ever, worsening the so-called defender’s dilemma: attackers only need to succeed once, while defenders must succeed every time.
In the past year alone, we discovered and mitigated the largest DDoS attack ever recorded in the history of the Internet – three different times – underscoring the rapid and persistent efforts of threat actors. We helped safeguard the largest year of elections across the globe, with more than half the world’s population eligible to vote, all while witnessing geopolitical tensions and war reflected in the digital world.
2025 already promises to follow suit, with cyberattacks estimated to cost the global economy $10.5 trillion in 2025. As the rapid advancement of AI and emerging technologies increases, and as threat actors become more agile and creative, the security landscape continues to drastically evolve. Organizations now face a higher volume of attacks, and an influx of more complex threats that carry real-world consequences, Continue reading
The Root of the DNS
The Root Zone of the DNS is "special" in that it is the critical component that glues the rest of the distributed database that is the Internet's Name SYstem into a coherent whole. So how's it going? And more importantly, how will we scale it up to meet the demands of an inexorably larger Internet in the future?TNO020: Automating Network Operations with Juniper Mist (Sponsored)
Mist AI is a key part of Juniper’s AI-Native Networking Platform to simplify operations and optimize user experiences across wired and wireless networks. On today’s sponsored show, we explore the evolution of network operations and talk about the integration of AI and automation in the Juniper Mist platform. We also look at how Juniper has... Read more »HN772: Measuring Users’ Digital Experience with Catchpoint Internet Performance Monitoring (Sponsored)
Digital Experience Monitoring (DEM) is all about understanding a user’s application experience, and pinpointing problems if the experience is bad. Under the DEM umbrella, you’ll find Internet Performance Monitoring, or IPM. That’s our topic in today’s episode with sponsor Catchpoint. With more and more applications hosted in the cloud and more employees working remotely, organizations... Read more »Public Videos: Queuing Theory
The Queuing Theory webinar by Rachel Traylor is now available without a valid ipSpace.net account. Enjoy!
N4N017: Routing Fundamentals
On today’s N Is For Networking, we explore the fundamentals of routing, focusing on layer 3 of the OSI model. We explain the concepts of routers, routing tables, and routing protocols, and discuss why it’s important to have a firm grasp of these concepts before you tackle advanced topics such as VXLAN and EVPN. Today’s... Read more »Hedge 262: Stealthy BGP Attacks
Many providers count on detection in the global routing table to discover and counter BGP route hijacks. What if there were a kind of BGP hijack that cannot be detected using current mechanisms? Henry Birge-Lee joins Tom Ammon and Russ White to discuss a kind of stealthy BGP attack that avoids normal detection, and how we can resolve these attacks.
To find out more, check this RIPE video.
downloa
Lab: IS-IS Designated Router Election
Like OSPF, IS-IS needs a router to originate the pseudo-node for a LAN segment. IS-IS standards call that router a Designated Intermediate System (DIS), and since it is not responsible for flooding, it does not need a backup.
Want to know more? The Influence the Designated IS Election lab exercise provides the details (and some hands-on work).
NAN087: Modular Network Management with Slurp’it and Netpicker
In this episode of the Network Automation Nerds podcast, we talk network management with Wim Gerrits and Pieter van Os, co-founders of Slurp’it and Netpicker. These tools aim to simplify network inventory and discovery, and ensure compliance and security. We talk about what drove them to build these tools, what problems they solve, and how... Read more »Faster, Smarter, Cheaper: The Networking Revolution Powering Generative AI
AI models have rapidly evolved from GPT-2 (1.5B parameters) in 2019 to models like GPT-4 (1+ trillion parameters) and DeepSeek-V3 (671B parameters, using Mixture-of-Experts). More parameters enhance context understanding and text/image generation but increase computational demands. Modern AI is now multimodal, handling text, images, audio, and video (e.g., GPT-4V, Gemini), and task-specific, fine-tuned for applications like drug discovery, financial modeling or coding. As AI models continue to scale and evolve, they require massive parallel computing, specialized hardware (GPUs, TPUs), and crucially, optimized networking to ensure efficient training and inference.
Model Parallelism with Pipeline Parallelism
In Model Parallelism, the
neural network is partitioned across multiple GPUs, with each GPU responsible
for specific layers of the model. This strategy is particularly
beneficial for large-scale models that surpass the memory limitations of a
single GPU.
Conversely, Pipeline Parallelism involves dividing the model into consecutive stages, assigning each stage to a different GPU. This setup allows data to be processed in a pipeline fashion, akin to an assembly line, enabling simultaneous processing of multiple training samples. Without pipeline parallelism, each GPU would process its inputs sequentially from the complete dataset, while all other GPUs remain idle.
Our example neural network in Figure 8-3 consists of three hidden layers and an output layer. The first hidden layer is assigned to GPU A1, while the second and third hidden layers are assigned to GPU A2 and GPU B1, respectively. The output layer is placed on GPU B2. The training dataset is divided into four micro-batches and stored on the GPUs. These micro-batches are fed sequentially into the first hidden layer on GPU A1.
Note 8-1. In this example, we use a small training dataset. However, if the dataset is too large to fit on a Continue reading
PP053: Rethinking Secure Network Access and Zero Trust With Bowtie (Sponsored)
On today’s Packet Protector episode we talk with sponsor Bowtie about its secure network access offering. If you think secure network access is just another way to say ‘VPN,’ you’ll want to think again. Bowtie’s approach aims to provide fast, resilient connectivity while also incorporating zero trust network access, a secure Web gateway, CASB, and... Read more »HS097: Build A Strategy, Not Just A Project Plan
IT teams too often wrap a strategy statement around a basket of projects already in progress or known to be coming, rather than defining a strategy and then letting it spawn, guide, or absorb projects. On today’s Heavy Strategy we discuss whether IT teams have any alternative to this approach, given how much gets “thrown... Read more »
How Calico Network Security Works
In the rapidly evolving world of Kubernetes, network security remains one of the most challenging aspects for organizations. The shift to dynamic containerized environments brings challenges like inter-cluster communication, rapid scaling, and multi-cloud deployments. These challenges, compounded by tool sprawl and fragmented visibility, leave teams grappling with operational inefficiencies, misaligned priorities, and increasing vulnerabilities. Without a unified solution, organizations risk security breaches and compliance failures.
Calico reimagines Kubernetes security with a holistic, end-to-end approach that simplifies operations while strengthening defenses. By unifying key capabilities like ingress and egress gateways, microsegmentation, and real-time observability, Calico empowers teams to bridge the gaps between security, compliance, and operational efficiency. The result is a scalable, robust platform that addresses the unique demands of containerized environments without introducing unnecessary complexity. Let’s look at how Calico’s key network security capabilities make this possible.
Calico Ingress Gateway
The Calico Ingress Gateway is a Kubernetes-native solution, built on the Envoy Gateway, that serves as a centralized entry point for managing and securing incoming traffic to your clusters. Implementing the Kubernetes Gateway API specification, it replaces traditional ingress controllers with a more robust, scalable, and flexible architecture that is capable of more Continue reading
The Linux Bridge MTU Hell
It all started with an innocuous article describing the MTU basics. As the real purpose of the MTU is to prevent packet drops due to fixed-size receiver buffers, and I waste spend most of my time in virtual labs, I wanted to check how various virtual network devices react to incoming oversized packets.
As the first step, I created a simple netlab topology in which a single link had a slightly larger than usual MTU… and then all hell broke loose.
Tech Bytes: How Internet Synthetic Transactions Boost App Performance Visibility (Sponsored)
Today on the Tech Bytes podcast we talk about Internet Performance Monitoring, or IPM, with sponsor Catchpoint. Catchpoint provides visibility across the full Internet Stack to help you understand the performance of your SaaS and cloud apps, WAN and branch connections, and more. We’ll talk about how Catchpoint can enrich network monitoring with synthetic transactions... Read more »Parallelism Strategies in Deep Learning
Introduction
Figure 8-1 depicts some of the model parameters that need to be stored in GPU memory: a) Weight matrices associated with connections to the preceding layer, b) Weighted sum (z), c) Activation values (y), d) Errors (E), e) Local gradients (local ∇), f) Gradients received from peer GPUs (remote ∇), g) Learning rates (LR), and h) Weight adjustment values (Δw).
In addition, the training and test datasets, along with the model code, must also be stored in GPU memory. However, a single GPU may not have enough memory to accommodate all these elements. To address this limitation, an appropriate parallelization strategy must be chosen to efficiently distribute computations across multiple GPUs.
This chapter introduces the most common strategies include data parallelism, model parallelism, pipeline parallelism, and tensor parallelism.
Figure 8-1: Overview of Neural Networks Parameters.
Data Parallelism
In data parallelization, each GPU has an identical copy of the complete model but processes different mini-batches of data. Gradients from all GPUs are averaged and synchronized before updating the model. This approach is effective when the model fits within a single GPU’s memory.
In Figure 8-2, the batch of training data is split into eight micro-batches. The first four micro-batches are Continue reading