Hedge 271: AI and Creativity
AI chatbots and image creators are all the rage right now–we are using them for everything from coding to writing books to creating short movies. One question we do not ask often enough, though, is how this impact human creators. How will these tools shape creativity and thinking skills?
HN785: How To Take Your First Steps Into Network Automation
There’s an old saying that a journey of a thousand miles begins with the first step. On today’s show, we talk about taking your first step into network automation with guest Joseph Nicholson. He’s been automating at NTT Data for many years now and has some perspective to share. He’s a network engineer by trade,... Read more »Finding Source Routing Paths
In the previous blog post, we discussed the generic steps that network devices (or a centralized controller) must take to discover paths across a network. Today, we’ll see how these principles are applied in source routing, one of the three main ways to move packets across a network.
Brief recap: In source routing, the sender has to specify the (loose or strict) path a packet should take across the network. The sender thus needs a mechanism to determine that path, and as always, there are numerous solutions to this challenge. We’ll explore a few of them, using the sample topology shown in the following diagram.
Cloudflare service outage June 12, 2025
On June 12, 2025, Cloudflare suffered a significant service outage that affected a large set of our critical services, including Workers KV, WARP, Access, Gateway, Images, Stream, Workers AI, Turnstile and Challenges, AutoRAG, Zaraz, and parts of the Cloudflare Dashboard.
This outage lasted 2 hours and 28 minutes, and globally impacted all Cloudflare customers using the affected services. The cause of this outage was due to a failure in the underlying storage infrastructure used by our Workers KV service, which is a critical dependency for many Cloudflare products and relied upon for configuration, authentication and asset delivery across the affected services. Part of this infrastructure is backed by a third-party cloud provider, which experienced an outage today and directly impacted availability of our KV service.
We’re deeply sorry for this outage: this was a failure on our part, and while the proximate cause (or trigger) for this outage was a third-party vendor failure, we are ultimately responsible for our chosen dependencies and how we choose to architect around them.
This was not the result of an attack or other security event. No data was lost as a result of this incident. Cloudflare Magic Transit and Magic WAN, DNS, cache, proxy, Continue reading
IPB177: Introducing the IPv6 Compatibility Checker
The Hexabuild team is providing a new community resource, an IPv6 compatibility checker, for those trying to figure out IPv6 network hardware and software compatibility. It’s currently in an alpha version. We talk about what inspired it, what it does, and possible future updates. We also want to get your feedback on whether this is... Read more »TNO032: Automation First: NetOps at Megaport
Today we chat with Megaport’s Mitchell Warden, Founding Engineer; and Alexis Bertholf, Global Technical Evangelist, to find out what NetOps is like at Megaport, a company that provides scalable internet connections for all types of organizations. We look at the origins of Megaport and how the company started with the intention of network automation from... Read more »N4N030: Network Shapes and Sizes
What shape is your network? In other words, what is its topology? On today’s episode, we discover the different types of network topologies and designs used in the enterprise, data center, and service provider networks. We cover leaf/spine, hub and spoke, point to point, mesh, and others. We also talk about how topologies affect traffic... Read more »Powering All Ethernet AI Networking
Artificial Intelligence (AI), powered by accelerated processing units (XPUs) like GPUs and TPUs, is transforming industries. The network interconnecting these processors is crucial for efficient and successful AI deployments. AI workloads, involving intensive training and rapid inferencing, require very high bandwidth interconnects with low and consistent latency, and the highest reliability to maximize XPU utilization and reduce AI job completion time (JCT). A best-of-breed network with AI-specific optimizations is critical for delivering AI applications, with any JCT slowdown leading to revenue loss. Typical workloads have fewer, very high-bandwidth, low-entropy flows that run for extended periods, exchanging large messages synchronously, necessitating advanced lossless forwarding and specialized operational tools. They differ from cloud networking traffic as summarized below:
Celebrating 11 years of Project Galileo’s global impact
June 2025 marks the 11th anniversary of Project Galileo, Cloudflare’s initiative to provide free cybersecurity protection to vulnerable organizations working in the public interest around the world. From independent media and human rights groups to community activists, Project Galileo supports those often targeted for their essential work in human rights, civil society, and democracy building.
A lot has changed since we marked the 10th anniversary of Project Galileo. Yet, our commitment remains the same: help ensure that organizations doing critical work in human rights have access to the tools they need to stay online. We believe that organizations, no matter where they are in the world, deserve reliable, accessible protection to continue their important work without disruption.
For our 11th anniversary, we're excited to share several updates including:
An interactive Cloudflare Radar report providing insights into the cyber threats faced by at-risk public interest organizations protected under the project.
An expanded commitment to digital rights in the Asia-Pacific region with two new Project Galileo partners.
New stories from organizations protected by Project Galileo working on the frontlines of civil society, human rights, and journalism from around the world.
Tracking and reporting on cyberattacks with the Project Galileo Continue reading
ArubaCX Cannot Count When Dealing with VXLAN
This blog post describes yet another bizarre example of how reliable digital twins are, but don’t worry; they all work great in PowerPoint.
After “fixing” the integration tests to deal with ArubaCX’s notion of VXLAN VNI having 16 bits, the bridging test worked, but the IRB tests kept failing.
In the IRB test, the lab has two layer-3 switches. Each of them should be able to bridge within a VLAN/VXLAN segment and route across the segments.
D2DO275: WebAssembly – The Next Big Thing?
Is WebAssembly the next big thing? Here to help us understand what WebAssembly (WASM) is and what it can and can’t do is Michael Levan, a consultant and WASM trainer. He also dives deeper into WASM details such as hosting, security, monitoring, and the ever-present influence of AI. AdSpot: Spacelift Founded by the creator of... Read more »We shipped FinalizationRegistry in Workers: why you should never use it
We’ve recently added support for the FinalizationRegistry API in Cloudflare Workers. This API allows developers to request a callback when a JavaScript object is garbage-collected, a feature that can be particularly relevant for managing external resources, such as memory allocated by WebAssembly (Wasm). However, despite its availability, our general advice is: avoid using it directly in most scenarios.
Our decision to add FinalizationRegistry — while still cautioning against using it — opens up a bigger conversation: how memory management works when JavaScript and WebAssembly share the same runtime. This is becoming more common in high-performance web apps, and getting it wrong can lead to memory leaks, out-of-memory errors, and performance issues, especially in resource-constrained environments like Cloudflare Workers.
In this post, we’ll look at how JavaScript and Wasm handle memory differently, why that difference matters, and what FinalizationRegistry is actually useful for. We’ll also explain its limitations, particularly around timing and predictability, walk through why we decided to support it, and how we’ve made it safer to use. Finally, we’ll talk about how newer JavaScript language features offer a more reliable and structured approach to solving these problems.
JavaScript relies on automatic memory management through a Continue reading
netlab 2.0: Routers, Hosts, Gateways and Bridges
In a previous blog post, I explained how you can use bridges in a netlab topology to create custom LAN segments. Netlab supports two other node roles (host and router), and we’ll eventually add gateways.
netlab assumes that most network devices are routers (it considers a firewall to be a router in disguise), apart from Linux hosts, but you can always change what a node is with the role node attribute:
Secure and Scalable Kubernetes for Multi-Cluster Management
This story is becoming more and more common in the Kubernetes world. What starts as a manageable cluster or two can quickly balloon into a sprawling, multi-cluster architecture spanning public clouds, private data centers, or a bit of both. And with that growth comes a whole new set of headaches. How do you keep tabs on compliance across wildly different configurations? When a service goes down across multiple clusters, how do you pinpoint the cause amidst the chaos? And what about those hard-to-diagnose latency issues that seem to crop up between regions?
The truth is, achieving secure and scalable multi-cluster Kubernetes isn’t about throwing more tools at the problem. It’s about having the right tools and adopting the right best practices. This is where a solution like Calico Cluster Mesh shines, offering those essential capabilities for a seamless multi-cluster experience without the complexity or overhead that you expect with traditional service meshes.
The Multi-Cluster Challenge: When Complexity Takes Over
So, why are so many organizations finding themselves in this multi-cluster maze? Often, it’s driven by solid business reasons:
- High Availability and Disaster Recovery: Spreading workloads across multiple regions or clusters means that if one goes down, your users shouldn’t notice.
- Continue reading
PP066: News Roundup – NIST’s New Exploit Metric, Windows RDP Issues, Compromised Routers, and More
Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electrical equipment... Read more »HW054: Validation Survey Controversies
A validation survey is typically used for wireless infrastructure post-installation. It compares predictions to real wireless network performance. On today’s show we chat with Joel Crane about validation survey controversies and the challenges of producing a survey whose data has integrity. We cover topics such as the perfectly green heat map, how fast you should... Read more »Interesting: Juniper MX and Jumbo Frames
Did you know that there’s an Ethernet link between the Packet Forwarding Engine (PFE – data plane) and Routing Engine (RE – control plane) in every Juniper MX? That’s why you have to run two VMs to emulate it (sometimes conveniently packed into one larger VM, proving RFC 1925 rule 6a).
That Ethernet link happens to have the MTU fixed at 1500 bytes. Guess what happens in the world where everyone uses jumbo frames? Did you say fragmentation? Bingo! And what do you think happens when one of those fragments gets dropped due to control-plane policing, and the rest of them are stuck in the reassembly queue? You’ll find the gory details in a lengthy blog post by Nitzan Tzelniker.
AI Metrics with Grafana Cloud
The metrics include:
- Total Traffic Total traffic entering fabric
- Operations Total RoCEv2 operations broken out by type
- Core Link Traffic Histogram of load on fabric links
- Edge Link Traffic Histogram of load on access ports
- RDMA Operations Total RDMA operations
- RDMA Bytes Average RDMA operation size
- Credits Average number of credits in RoCEv2 acknowledgements
- Period Detected period of compute / exchange activity on fabric (in this case just over 0.5 seconds)
- Congestion Total ECN / CNP congestion messages
- Errors Total ingress / egress errors
- Discards Total ingress / egress discards
- Drop Reasons Packet drop reasons
Note: Grafana Cloud has a free service tier that can be used to test this example.