Get ready, North America! The Calico team is thrilled to announce our participation in KubeCon + CloudNativeCon North America 2025, where we’ll be showcasing the latest advancements in Kubernetes networking, security, and observability. We’re excited to connect with the vibrant cloud-native community, share insights, and demonstrate how Calico Open Source continues to empower organizations worldwide.
We have a packed agenda designed to offer you multiple ways to engage with our team and learn more about Calico. Mark your calendars for these exciting opportunities!
Join us at CalicoCon North America 2025, your go-to event for the latest in Kubernetes networking, security, and observability.
Hosted by the Calico team, this hybrid event is your chance to hear directly from Calico engineers and leadership, get hands-on with new features, and take an in-depth look at the state of Project Calico. We’ll dive into Calico 3.30, Calico eBPF, and Calico Whisker: open source observability for Kubernetes.
Add CalicoCon to your existing KubeCon + CloudNativeCon registration to secure your spot. If you are not attending KubeCon + CloudNativeCon North America but would still like to attend CalicoCon, please reach out to us on the Calico User Slack.
Event Details
What is the relationship between humans and machines? Do we adapt to machines, or do we adapt machines to humans? Does technology drive culture, or does our culture drive our technology? Join Mark Prosser, Eyvonne, Tom, and Russ as they discuss what a sociotechnical system is and how it impacts our lives.
download
On August 13, security researchers at Tel Aviv University disclosed a new HTTP/2 denial-of-service (DoS) vulnerability that they are calling MadeYouReset (CVE-2025-8671). This vulnerability exists in a limited number of unpatched HTTP/2 server implementations that do not sufficiently enforce restrictions on the number of times a client may send malformed frames. If you’re using Cloudflare for HTTP DDoS mitigation, you’re already protected from MadeYouReset.
Cloudflare was informed of this vulnerability in May through a coordinated disclosure process, and we were able to confirm that our systems were not susceptible, due in large part to the mitigations we put in place during Rapid Reset (CVE-2023-44487). MadeYouReset and Rapid Reset are two conceptually similar HTTP/2 protocol attacks that exploit a fundamental feature within the HTTP/2 specification: stream resets. In the HTTP/2 protocol, a "stream" represents an independent series of HTTP request/response pairs exchanged between the client and server within an HTTP/2 connection. The stream reset feature is intended to allow a client to initiate an HTTP request and subsequently cancel it before the server has delivered its response.
The vulnerability exploited by both MadeYouReset and Rapid Reset lies in the potential for malicious actors to abuse this Continue reading
Have you ever had to defend your choice of internet service provider? All you can say is: “Everyone says they’re reliable”, “My buddy recommended them.”, “They are the incumbent player”. But when pressed about frequent connectivity issues, then what? Sound familiar? This plays out in businesses across the world every day. We make one of […]
The post Transform ISP Choice from Anecdote to Evidence first appeared on Rick Mur.Rodney Brooks republished an article on great AI expectations that he wrote 37 years ago. Not surprisingly, apart from a few technical details triggered by four decades of exponential growth in silicon capabilities, the article could have been written yesterday.
Side note: I’m a bit younger than Rodney, but I also went through at least three waves of AI hype cycles, starting with Prolog and 4GL, then expert systems, and finally neural networks. Around that time, I stopped caring and focused on networking, but I have enough battle scars to remain skeptical.
At Cloudflare, we have a simple but audacious goal: to help build a better Internet. That mission has driven us to build one of the world’s largest networks, to stand up for content providers, and to innovate relentlessly to make the Internet safer, faster, and more reliable for everyone, everywhere.
Building world-class products is only part of the battle, however. Fulfilling our mission means making these products accessible, including a pricing model that is fair, predictable, and aligned with the value we provide. If our packaging is confusing, or if our pricing penalizes you for using the service, then we’re not living up to our mission. And the best way to ensure that alignment?
Listen to our customers.
Over the years, your feedback has shaped our product roadmap, helping us evolve to offer nearly 100 products across four solution areas — Application Services, Network Services, Zero Trust Services, and our Developer Platform — on a single, unified platform and network infrastructure. Recently, we’ve heard a new theme emerge: the need for simplicity. You’ve asked us, “A hundred products is a lot. Can you please be more prescriptive?” and “Can you make your pricing more Continue reading
Just when I thought no vendor stupidity peculiarity could surprise me, Cisco IOS/XE proved me wrong.
I was improving a completely unrelated BGP functionality. I ran BGP integration tests on Cisco IOL (because it’s the fastest one to boot), and the BGP community propagation test failed. After verifying that I did not change the template and that the data structures had not changed, I checked the IOL release I was using.
Surprise 🎉🎉: the neighbor send-community configurations that worked since (at least) the IOS Classic release 15.x stopped working in Cisco IOS/XE release 17.16.01a.