0

Where Are the NETCONF/YANG Tools?

Jo attempted to follow the vendor Kool-Aid recommendations and use NETCONF/YANG to configure network devices. Here’s what he found (slightly edited):

---

IMHO, the whole NETCONF ecosystem primarily suffers from a tooling problem. Or I haven’t found the right tools yet.

ncclient is (as you mentioned somewhere else) an underdocumented mess. And that undocumented part is not even up to date. The commit hash at the bottom of the docs page is from 2020… I am amazed how so many people got it working well enough to depend on it in their applications.

0

A Day in the Life of BGP

I want to look at just one day of the operation of the Internet’s BGP network by looking at the behaviour of a single BGP session. Nothing special or extraordinary happened on that day. There were no large-scale power blackouts, no major faults in the world’s submarine cable network, nor in the terrestrial trunk cable systems. No headlining-grabbing cyber attack took place on that day, as far as I’m aware. It was just an ordinary Thursday on the Internet, just like any other day, and I selected this day due to its very ordinariness! WhAt can this day tell us about BGP and the way we use it?

0

My Experience at AutoCon3

This is my second time attending the AutoCon event. The first one I went to was last year in Amsterdam (AutoCon1), and it was absolutely amazing. I decided to attend again this year, and AutoCon3 took place from the 26th to the 30th of May. The first two days were dedicated to workshops, and the conference itself ran from the 28th to the 30th. I only attended the conference. I heard there were around 650 attendees at this event, which is great to see.

Network Automation Forum (NAF)

In case you’ve never heard of AutoCon, it’s a community-driven conference focused on network automation, organized by the Network Automation Forum (NAF). NAF brings together people from across the industry to share ideas, tools, and best practices around automation, orchestration, and observability in networking.

They typically hold two conferences each year, one in Europe and one in the USA, or at least that’s how it’s been so far. The European event is usually around the end of May, and the US one takes place around November. Tickets are released in tiers, with early bird pricing being cheaper. I grabbed the early bird ticket for 299 euros as soon as it was announced.

Continue reading

0

PP065: A Microsegmentation Overview

Microsegmentation divides a network into boundaries or segments to provide fine-grained access control to resources within those segments. On today’s Packet Protector we talk about network and security reasons for employing microsegmentation, different methods (agents, overlays, network controls, and so on), how microsegmentation fits into a zero trust strategy, and the product landscape. Episode Links:... Read more »

0

HS105: How to Train Your Unicorn: Thoughts on Ops Architects

You need someone to design your operations processes–or perhaps redesign them. That’s an Ops Architect. Should you take an ops person and train them up in architecture? Or an architect and train them up in operations? Do you even have that ops/engineer/architect organizational structure – and should you? Johna and John dive into this discussion... Read more »

0

Building an AI Agent that puts humans in the loop with Knock and Cloudflare’s Agents SDK

_{This is a guest post by Chris Bell, CTO of Knock}

There’s a lot of talk right now about building AI agents, but not a lot out there about what it takes to make those agents truly useful.

An Agent is an autonomous system designed to make decisions and perform actions to achieve a specific goal or set of goals, without human input.

No matter how good your agent is at making decisions, you will need a person to provide guidance or input on the agent’s path towards its goal. After all, an agent that cannot interact or respond to the outside world and the systems that govern it will be limited in the problems it can solve.

That’s where the “human-in-the-loop” interaction pattern comes in. You're bringing a human into the agent's loop and requiring an input from that human before the agent can continue on its task.

In this blog post, we'll use Knock and the Cloudflare Agents SDK to build an AI Agent for a virtual card issuing workflow that requires human approval when a new card is requested.

You can find the complete code for this example in the repository.

Knock is messaging Continue reading

0

Worth Reading 060325

Note to readers: I’m merging the worth reading and weekend reads into a “couple of times a week” worth reading. How often I post these depends on the number of articles I run across, but I’ll try to keep it to around five articles per post

I have been consistently skeptical of claims that LLMs are intelligent in any meaningful sense of the word. It is undeniably remarkable that LLMs can generate coherent conversations and articulate answers to almost any question.

For decades, Communist China’s spies, hackers and businessmen have feasted on the forced transfer of technology from vulnerable US corporate enterprises drawn to the vast Chinese market. Little has been accomplished to reduce this massive theft of intellectual property. US businesses seem to have resigned themselves to such unfair practices as the price of doing business in China.

His technical work and evangelism have improved the Internet, and I will give some examples of his contributions to the Internet community and users, but I am sad because he was a good person—idealistic, unselfish, open, and funny.

To build a data-driven story, we must use a basic narrative model. Various models exist in the literature, such as the Data-Information-Knowledge-Wisdom (DIKW) Continue reading

0

Interesting: Bootstrapping HTTPS

Jan Schaumann published an interesting blog post describing the circuitous journey a browser might take to figure out that it can use QUIC with a web server.

Now, if only there were a record in a distributed database telling the browser what the web server supports. Oh, wait… Not surprisingly, browser vendors don’t trust that data and have implemented a happy eyeballs-like protocol to decide between HTTPS over TCP and QUIC.

0

NB529: HPE Debuts 8Tbps Switch with Onboard DPUs; NVIDIA Revenues Run Wild

Take a Network Break! We start with a Red Alert for the IBM Tivoli Monitoring Tool, which has an unpatched (as of recording time) vulnerability that could allow remote attackers to execute arbitrary code. On the news front, Salesforce ponies up $8 billion for Informatica to improve data governance capabilities, Google researchers revise estimates of... Read more »

0

Tech Bytes: NetFlow Optimizer: More Insights, Less Flow Volume (Sponsored)

Today on the Tech Bytes podcast, we talk about how to get more out of your NetFlow records with sponsor NetFlow Logic. NetFlow’s been around for a long time, and if you’re already including flow records as part of your monitoring and management arsenal, you may think you’re extracting all the value you can from... Read more »

0

Cumulus Linux (As We Know It) Is Gone

A reader of my blog pointed out the following minutiae hidden at the very bottom of the Cumulus Linux 5.13 What’s New document:

NVIDIA no longer releases Cumulus VX as a standalone image. To simulate a Cumulus Linux switch, use NVIDIA AIR.

And what is NVIDIA AIR?

0

Are Smart Glasses the Future of AI? My Hands-On Review of Meta AI Glasses

Honestly, I never believed smart glasses would become a mainstream AI form factor—until I bought the Meta Ray-Ban Smart Glasses two weeks ago! 😎 This gadget had been on my wishlist for a while, but it wasn’t available in India, and even if you managed to get one from abroad, the app didn’t work well … Continue reading Are Smart Glasses the Future of AI? My Hands-On Review of Meta AI Glasses →

0

HN783: BGP Routing Policy for Enterprise Networkers: Unpacking IRR and RPSL

If you participate in the public Internet by announcing your own netblocks, you should be familiar with Internet Routing Registries (IRRs) and the Routing Policy Specification Language (RPSL). These are tools that help you be a good network citizen. In a world of BGP hijacks and other problems, these tools matter more than ever. We... Read more »

0

Cloudflare named a Strong Performer in Email Security by Forrester

Today, we are excited to announce that Forrester has recognized Cloudflare Email Security as a Strong Performer and among the top three providers in the ‘current offering’ category in “The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025” report. Get a complimentary copy of the report here. According to Forrester:

“Cloudflare is a solid choice for organizations looking to augment current email, messaging, and collaboration security tooling with deep content analysis and processing and malware detection capabilities.”

In this evaluation, Forrester analyzed 10 Email Security vendors across 27 different criteria. Cloudflare received the highest scores possible in nine key evaluation criteria, and also scored among the top three in the current offering category. We believe this recognition is due to our ability to deliver stronger security outcomes across email and collaboration tools. These highlights showcase the strength and maturity of our Email Security solution:

Antimalware & sandboxing

Cloudflare’s advanced sandboxing engine analyzes files, whether directly attached or linked via cloud storage, using both static and dynamic analysis. Our AI-powered detectors evaluate attachment structure and behavior in real time, enabling protection not only against known malware but also emerging threats.

Malicious URL detection & web Continue reading

0

TNO031: Attracting New Talent to Networking, Pairing Dev With NetOps, and More With Justin Ryburn

Total Networks Operations sits down with Justin Ryburn for a wide-ranging discussion on the state of the networking industry. Topics including how to attract new talent to network engineering and network operations; getting literate in DevOps/infrastructure tools such as GitHub, Terraform, and Python; pairing Dev and NetOps to maximize domain expertise; integrating tools and trying... Read more »

0

Multi-Layer Switching and Tunneling

When deep-diving into the confusing terminology of switching, routing, and bridging, I mentioned you could perform packet forwarding at different layers of a networking stack. In this blog post, we’ll explore what happens when we combine packet forwarding on multiple layers within a single network, resulting in multi-layer switching, where edge devices perform Layer n forwarding (usually Layer 3), and core devices perform Layer n-1 forwarding (typically Layer 2).

Each layer can use any forwarding paradigm you choose. However, since we generally use IP at Layer 3, edge devices typically perform hop-by-hop destination-based forwarding, while core devices can use alternative methods.

0

IPB176: How to Number Point-to-Point Links

Let’s chat about point-to-point links. On today’s episode we cover what should and shouldn’t be done, and discuss why following RFC’s doesn’t always get you to the right place. We dig into questions including: Don’t we just use link-local addresses for point-to-points? Shouldn’t we assign a /127, just like we do a /31 in IPv4?... Read more »

0

Hedge 269: Web 3.0

Yes, we took an (unintentional) three-week break for medical reasons … but we’re back with a new episode.

What is Web 3.0, and how is it different from Web 2.0? What about XR, AI, and Quantum, and their relationship to Web 3.0? Jamie Schwartz joins Tom Ammon and Russ White to try to get to a solid definition of what Web 3.0 and how it impacts the future of the Internet.

download

0

Let’s DO this: detecting Workers Builds errors across 1 million Durable Objects

Cloudflare Workers Builds is our CI/CD product that makes it easy to build and deploy Workers applications every time code is pushed to GitHub or GitLab. What makes Workers Builds special is that projects can be built and deployed with minimal configuration. Just hook up your project and let us take care of the rest!

But what happens when things go wrong, such as failing to install tools or dependencies? What usually happens is that we don’t fix the problem until a customer contacts us about it, at which point many other customers have likely faced the same issue. This can be a frustrating experience for both us and our customers because of the lag time between issues occurring and us fixing them.

We want Workers Builds to be reliable, fast, and easy to use so that developers can focus on building, not dealing with our bugs. That’s why we recently started building an error detection system that can detect, categorize, and surface all build issues occurring on Workers Builds, enabling us to proactively fix issues and add missing features.

It’s also no secret that we’re big fans of being “Customer Zero” at Cloudflare, and Workers Builds is itself a Continue reading

0

BGP and MTU Deep Dive

A long long time ago, BGP implementations would use a Maximum Segment Size (MSS) of 536 bytes for BGP peerings. Why 536? Because in RFC 791, the original IP RFC, the maximum length of a datagram is defined as follows:

Total Length:  16 bits

    Total Length is the length of the datagram, measured in octets,
    including internet header and data.  This field allows the length of
    a datagram to be up to 65,535 octets.  Such long datagrams are
    impractical for most hosts and networks.  All hosts must be prepared
    to accept datagrams of up to 576 octets (whether they arrive whole
    or in fragments).  It is recommended that hosts only send datagrams
    larger than 576 octets if they have assurance that the destination
    is prepared to accept the larger datagrams.

    The number 576 is selected to allow a reasonable sized data block to
    be transmitted in addition to the required header information.  For
    example, this size allows a data block of 512 octets plus 64 header
    octets to fit in a datagram.  The maximal internet header is 60
    octets, and a typical internet header is 20 octets, allowing a
    margin for headers of higher level protocols.

The idea was to Continue reading