Archive

Category Archives for "Networking"

netlab 2.0: Routers, Hosts, Gateways and Bridges

In a previous blog post, I explained how you can use bridges in a netlab topology to create custom LAN segments. Netlab supports two other node roles (host and router), and we’ll eventually add gateways.

netlab assumes that most network devices are routers (it considers a firewall to be a router in disguise), apart from Linux hosts, but you can always change what a node is with the role node attribute:

Read more …

Secure and Scalable Kubernetes for Multi-Cluster Management

This story is becoming more and more common in the Kubernetes world. What starts as a manageable cluster or two can quickly balloon into a sprawling, multi-cluster architecture spanning public clouds, private data centers, or a bit of both. And with that growth comes a whole new set of headaches. How do you keep tabs on compliance across wildly different configurations? When a service goes down across multiple clusters, how do you pinpoint the cause amidst the chaos? And what about those hard-to-diagnose latency issues that seem to crop up between regions?

The truth is, achieving secure and scalable multi-cluster Kubernetes isn’t about throwing more tools at the problem. It’s about having the right tools and adopting the right best practices. This is where a solution like Calico Cluster Mesh shines, offering those essential capabilities for a seamless multi-cluster experience without the complexity or overhead that you expect with traditional service meshes.

The Multi-Cluster Challenge: When Complexity Takes Over

So, why are so many organizations finding themselves in this multi-cluster maze? Often, it’s driven by solid business reasons:

  • High Availability and Disaster Recovery: Spreading workloads across multiple regions or clusters means that if one goes down, your users shouldn’t notice.
  • Continue reading

Worth Reading 061025


This report examines the growing global trend of Internet blocking and its impact on the stability, openness, and interoperability of the Internet. It details how governments and private actors are increasingly using network-level interventions—such as DNS blocking, IP address blocking, and protocol filtering—to control online content.


Broadcom began shipping its answer to Nvidia’s upcoming Quantum-X and Spectrum-X switches on Tuesday: the Tomahawk 6. The chip doubles the bandwidth of its predecessor and comes in both standard and co-packaged optics flavors.


Artificial intelligence, once hailed as the great liberator of human productivity and ingenuity, is now moonlighting as a con artist, data thief, and spy.


The current craze for AI has helped drive a wave of datacenter building, but the industry has run into opposition from local communities in many areas, something it is understandably keen to address.


Low orbit space is growing increasingly crowded. Starlink has over 7,100 satellites in orbit and has plans to grow to 30,000. Project Kuiper has plans for a constellation of 3,232 satellites.

PP066: News Roundup – NIST’s New Exploit Metric, Windows RDP Issues, Compromised Routers, and More

Our security news roundup discusses the compromise of thousands of ASUS routers and the need to perform a full factory reset to remove the malware, why Microsoft allows users to log into Windows via RDP using revoked passwords, and the ongoing risk to US infrastructure from “unexplained communications equipment” being found in Chinese-made electrical equipment... Read more »

HW054: Validation Survey Controversies

A validation survey is typically used for wireless infrastructure post-installation. It compares predictions to real wireless network performance. On today’s show we chat with Joel Crane about validation survey controversies and the challenges of producing a survey whose data has integrity. We cover topics such as the perfectly green heat map, how fast you should... Read more »

Interesting: Juniper MX and Jumbo Frames

Did you know that there’s an Ethernet link between the Packet Forwarding Engine (PFE – data plane) and Routing Engine (RE – control plane) in every Juniper MX? That’s why you have to run two VMs to emulate it (sometimes conveniently packed into one larger VM, proving RFC 1925 rule 6a).

That Ethernet link happens to have the MTU fixed at 1500 bytes. Guess what happens in the world where everyone uses jumbo frames? Did you say fragmentation? Bingo! And what do you think happens when one of those fragments gets dropped due to control-plane policing, and the rest of them are stuck in the reassembly queue? You’ll find the gory details in a lengthy blog post by Nitzan Tzelniker.

AI Metrics with Grafana Cloud

The Grafana AI Metrics dashboard shown above tracks performance metrics for AI/ML RoCEv2 network traffic, for example, large scale CUDA compute tasks using NVIDIA Collective Communication Library (NCCL) operations for inter-GPU communications: AllReduce, Broadcast, Reduce, AllGather, and ReduceScatter.

The metrics include:

  • Total Traffic Total traffic entering fabric
  • Operations Total RoCEv2 operations broken out by type
  • Core Link Traffic Histogram of load on fabric links
  • Edge Link Traffic Histogram of load on access ports
  • RDMA Operations Total RDMA operations
  • RDMA Bytes Average RDMA operation size
  • Credits Average number of credits in RoCEv2 acknowledgements
  • Period Detected period of compute / exchange activity on fabric (in this case just over 0.5 seconds)
  • Congestion Total ECN / CNP congestion messages
  • Errors Total ingress / egress errors
  • Discards Total ingress / egress discards
  • Drop Reasons Packet drop reasons
AI Metrics with Prometheus and Grafana describes how to stand up an analytics stack with Prometheus and Grafana to track performance metrics for an AI/ML GPU cluster. This article shows how to integrate with Prometheus and Grafana hosted in the cloud, Grafana Cloud, instead of running the services locally.

Note: Grafana Cloud has a free service tier that can be used to test this example.

Continue reading

NB530: Broadcom Hits 102.4 Tbps With Tomahawk 6; Wireshark Debuts Certificate Program

Take a Network Break! We start with two critical vulnerabilities: one affecting cloud versions of Cisco ISE, and the other for HPE StoreOnce. In the news, Broadcom announces the Tomahawk 6 ASIC with 102.4Tbits of bandwidth, SentinelOne suffers a self-imposed network outage, and the Wireshark Foundation announces its first-ever professional certification for Wireshark. Cisco rebrands... Read more »

Worth Reading 060925


The story of computing and communications over the past eighty years has been a story of quite astounding improvements in the capability, cost and efficiency of computers and communications.


In recent discussions, it became clear that additional information could be helpful, breaking down what a user or administrator needs to understand about TLS implementation and configuration options to better assess points of potential exposure.


The use of pseudo-random processes to generate secret quantities can result in pseudo-security. A sophisticated attacker may find it easier to reproduce the environment that produced the secret quantities and to search the resulting small set of possibilities than to locate the quantities in the whole of the potential number space.


We’ve all had the serendipity experience, even online — clicking through a chain of links, scanning Google search results, drifting between loosely connected ideas. But search engines and information retrieval systems aren’t designed to enhance serendipity.


Here I want to look at just one day of the operation of the Internet’s BGP network by looking at the behaviour of a single BGP session. The day we’ll use for this study is the 8h May 2025, and the BGP vantage point used here is an unremarkable Continue reading

Getting Started with the Pytest Plugin for Infrahub

Getting Started with the Pytest Plugin for Infrahub

We all write code, but how do we know the changes we make in the future won’t break something that used to work? That’s where testing becomes important.

The idea is to catch problems early, ideally before they reach production. In the Python world, one of the most common ways to do this is with a tool called pytest. It lets you write tests to check that your code behaves the way you expect and helps you catch issues before they become a bigger problem.

Originally published under - https://www.opsmill.com/pytest-plugin-infrahub/

When working with Infrahub, testing is just as important. You might want to make sure your GraphQL queries are valid, your Jinja2 templates render correctly, or your transformations behave as expected.

Infrahub simplifies this by offering a pytest plugin that doesn’t require Python code; you define tests using plain YAML. This makes testing more accessible to teams across roles and speeds up the feedback loop during development.

These kinds of unit tests aren’t just about convenience, they help establish a production-ready automation system. With automated checks built into your process, every change is validated consistently, reducing the chance of something breaking unexpectedly. That consistency builds trust when your Continue reading

Publishing Content as an Introvert

I got an interesting question from a reader. He listened to my podcast with Eric Chou and decided to try to learn in public:

Currently, I’m studying for the CCNP ENARSI exam, and would like to start posting my labs to LinkedIn, and perhaps even upload my lab topologies and configs to Git.

That’s a great idea. I would minimize the LinkedIn part1 and focus on Git:

Read more …

UGreen NASync DXP2800 Review and First Impressions

UGreen NASync DXP2800 Review and First Impressions

TL;DR - For anyone who doesn’t want to go through the full post, here’s the short version. I bought the UGreen NASync DXP2800 (2 bay) from Amazon for £249 and paired it with two Seagate Ironwolf 8TB HDDs, around £180 each.

The unit comes with an Intel N100 CPU, 8GB of RAM (upgradeable to 16GB, but there’s only one RAM slot), and a 2.5Gb/s LAN port. It has a solid build, was easy to set up, and I actually like the UI. Sure, it lacks a lot of features compared to Synology or QNAP, but since I’m mainly using it for file storage, I’m happy with the purchase.

Setting up Proxmox Backup Server
In this post, we’ll go through the process of setting up Proxmox Backup Server and backing up all the VMs from my Proxmox server to this backup server. So, let’s get to it.
UGreen NASync DXP2800 Review and First ImpressionsPacketswitchSuresh Vina
UGreen NASync DXP2800 Review and First Impressions

But Why UGreen NAS?

The short answer is, this is the best bang for the buck. For £249, I’m getting a 2-bay NAS with an N100 CPU, 8GB of RAM, a 2.5Gb/s LAN port, and two NVMe slots.

I’ve been wanting to buy a NAS for over Continue reading

HN784: Accelerate Your Network Automation With Gluware Labs and New Ansible Collection (Sponsored)

Network automation is today’s topic with sponsor Gluware. Gluware provides a network automation platform that targets both network engineers and automation builders. On today’s Heavy Networking, we discuss how Gluware supports these two constituencies. We also talk about a recent product announcement, Gluware Labs. Gluware Labs includes a free Community Edition of Gluware software you... Read more »

Finding End-to-End Paths: Topology and Endpoints

We know there are three main ways to move packets across a network. However, before we can start forwarding packets, someone has to populate the forwarding tables in the intermediate devices or build the sequence of nodes to traverse in source routing.

Usually, whoever is responsible for the contents of the forwarding tables must first discover the network topology. Let’s start there, using the following network diagram to illustrate the discussion.

Read more …

Juniper vJunos-router in Containerlab

Juniper vJunos-router in Containerlab

If you follow me or read my blog, you probably know I'm a big advocate of Containerlab. I've been using it for over two years now and I absolutely love it. Why? Because it's open source, it has an amazing community behind it (thank you again, Roman), and labs are defined using simple YAML files that are easy to share and reuse.

So far, I've used Cisco IOL, Arista EOS, and Palo Alto VM in Containerlab. And finally, the time came to try Juniper. I decided to test the Juniper vJunos-router, which is a virtualized MX router. It's a single-VM version of vMX that doesn't require any feature licenses and is meant for lab or testing purposes. You can even download the image directly from Juniper's website without needing an account. Thank you, Juniper and Cisco, please take note. In this post, I'll show you how to run Juniper vJunos-router in Containerlab.

Prerequisites

This post assumes you're somewhat familiar with Containerlab and already have it installed. If you're new, feel free to check out my introductory blog below. Containerlab also has great documentation on how to use vJunos-router, so be sure to check that out as well.

Containerlab - Creating Continue reading

N4N029: Four Goals of Network Design

Let’s explore four goals of network design: stability, speed, scalability, and security. These goals are based on Ethan’s experience designing, building, and operating networks. Network architects and design experts might have other objectives, and that’s fine, but these four goals are the basis of today’s episode. Ethan and Holly discuss why these four goals are... Read more »
1 2 3 4 5 6 3,442