Dual-Stack SR-MPLS
After the introduction to SR-MPLS demo I did during the Segment Routing workshop @ ITNOG10, we moved to dual-stack SR-MPLS – can we assign node segment identifiers (SIDs) to IPv4 and IPv6 prefixes? The demo used the same three-router network as the previous one, with IPv4 SIDs starting at one and IPv6 SIDs starting at 101:
Cisco Launches Major Updates to Certifications
Cisco just announced major updates to their certification portfolio. Here’s what’s changing:
- CCNA v2.0
- CCIE practical exam AI DOO module
- CCIE automation v1.2
CCNA v2.0
Effective February 2027, the CCNA is getting a major update. The future networking administrator/engineer will be more of an orchestrator than operator. Meaning that punching commands on the CLI will only be a small part of the future job role. Instead, you must be able to design, secure, and optimize increasingly autonomous networks. To be job-ready, you’ll need to learn how to:
- Troubleshoot production issues under pressure
- Evaluate what an AI assistant recommends and know when it’s wrong
- Secure an environment by design, not an afterthought
The CCNA is about to get a whole lot more practical! Here’s what’s changing:
Troubleshooting gets a front seat. Employers value troubleshooting over reciting commands. Every domain will diagnostics and problem resolution. Think of the old TSHOOT CCNP exam, but instead of a separate exam, this is the format of the CCNA now. I’m really excited about this!
Security everywhere. We can no longer afford to think of security only as a separate domain, it needs to be part of everything we do. The new exam Continue reading
BGP and Multi-Cloud Routing
For years, enterprise cloud networking was built around a simple assumption: pick a primary cloud provider, connect the data center to it, and expand from there.
That model no longer reflects how many organizations actually operate.
Today, workloads often live across AWS, Azure, and Google Cloud at the same time. Sometimes this is intentional. Sometimes it is the result of acquisitions, separate engineering teams, SaaS dependencies, regional requirements, or SaaS platforms that depend on a specific cloud provider. Either way, the network has to make these environments behave like one reliable system.
That is where the hard part begins.
Cloud-native routing tools are useful inside each provider, but they do not automatically solve routing between providers, between clouds and colocation hubs, or between multiple cloud environments and an enterprise WAN. Once routing needs to become dynamic, policy-driven, and resilient across administrative boundaries, BGP becomes the common language.
BGP is not new, and it is not always simple. But in multi-cloud networking, it remains one of the few mechanisms that AWS, Azure, Google Cloud, carriers, colocation providers, SD-WAN platforms, and enterprise routers can all understand.
What inter-cloud routing actually means
The term “inter-cloud routing” is often used loosely, so it is Continue reading
NAN123: How ION Meets the Out-of-this-World Challenges of Deep-Space Networking
Eric Chou and guest host Drew Conry-Murray sit down with deep space networking specialist Scott Spicer. Following the Artemis 2 mission, they discuss the challenges of long-delay space communications and the essential technologies making it possible such as the Interplanetary Overlay Network (ION), Delay-Tolerant Networking (DTN), and Contact Graph Routing (CGR). AdSpot Sponsor: Meter Meter... Read more »TCG076: Packet Pushers Assemble! Bridging the Telemetry Divide
Today our Packet Pushers team assembles to discuss whether the grass is greener on the NetOps or DevOps side of the telemetry fence. William of The Cloud Gambit, Scott of Total Network Operations, and Ned and Kyler of Day Two DevOps discuss the difficulties and differences of getting telemetry and state from devices across different... Read more »My Network is Talking Back Thanks to SuzieQ MCP and it’s Channeling Sam Kinison
Last Updated: 2025-05-19 Every SuzieQ Enterprise release quietly adds things that end up being genuinely useful in day-to-day network operations. Version 3.3 has had a few updates already. The GUI has seen a lot of attention. The new workbench makes it even easier to get at your data without jumping around, and you can now READ MORE
The post My Network is Talking Back Thanks to SuzieQ MCP and it’s Channeling Sam Kinison appeared first on The Gratuitous Arp.
Worth Reading: Agentic AI Setup: Sandboxes and Worktrees
Most of the hyperventilated AI “success stories” are as useful as the “ANSIBLE!!!” movement was a few years ago. It’s thus always a pleasure to find someone with well-established software development chops who took the time to describe what works for them.
One cannot argue with Mike McQuaid’s credentials (at least if you happen to be using homebrew on MacOS, which you REALLY SHOULD), and his Sandboxes and Worktrees: My secure Agentic AI Setup in 2026 article is full of relevant recommendations in case you’re brave enough to let AI agents loose on your GitHub repository.
Encrypted DNS at OARC 46
Much has been said about the use of the DNS as a means of tracking and controlling the online behaviour of users. The response has been to hide the DNS behind encrypted transport.phpIPAM installation on Ubuntu Server 26.04 LTS
How to install phpipam on Ubuntu Server 26.04 LTS server.PP110: News Roundup–Linux Fragged, Edge’s Password Manager Dragged, Android Intrusions Tagged, and More
JJ and Drew unpack an overstuffed suitcase of infosec stories in today’s News Roundup. Microsoft’s Edge password manager stores credentials in plaintext and Microsoft says “Yup”, the Linux kernel takes a one-two punch from Dirty Frag and Fragnesia, and a new industry coalition takes critical infrastructure protection private. A Taiwanese radio enthusiast allegedly brings high-speed... Read more »HS132: Heart of Glasswing
How can enterprise IT folks prepare for the age of Mythos? Anthropic says its Claude Mythos model is so much better at finding software vulnerabilities that it has delayed public release. Instead Anthropic launched Project Glasswing to give IT infrastructure and software makers early access, so they can have some lead time to address vulnerabilities... Read more »
HW079: Driving AI Efficacy in Wi-Fi (Sponsored)
Every wireless vendor has an AI story. What actually matters now? Efficacy. Recorded live at Mobility Field Day, Keith sits down with HPE’s Bob Friday right off the show floor to discuss how HPE’s announcements are driving toward an autonomous network and what features are the key to truly making a difference in day-to-day life... Read more »Fixing Ghost Drops: How eBPF Rescued IPv6 Telemetry
A customer complains that they aren't getting IPFIX flow data from a router.
Use socat to check that IPFIX is being received (IANA assigned port for IPFIX is 4739):
socat -b 0 -dd -u UDP6-RECV:4739 - 2>&1Output demonstrates that at least some IPFIX messages can be received when listening on port 4739.
2026/05/15 22:46:32 socat[108419] N using stdout for writing 2026/05/15 22:46:32 socat[108419] N starting data transfer loop with FDs [5,5] and [1,1] 2026/05/15 22:46:33 socat[108419] N received packet with 0 bytes from AF=10 [fec0:0000:0000:0000:0001:000c:2744:69f1]:50978 2026/05/15 22:46:33 socat[108419] N received packet with 0 bytes from AF=10 [fec0:0000:0000:0000:0001:000c:2744:69f1]:50978Use tcpdump to check for IPFIX packets. This gives visibility into packets before the host network stack, so you can see packets before they are dropped by host network stack or host firewall
tcpdump -i enp0s3 -n udp port 4739The output shows that IPFIX datagrams are being received from a second source, fec0::1:c:2744:69f0, but they aren't showing up in the socat output, so the Linux kernel must be dropping them for some reason.
dropped privs to tcpdump tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes 21:09:57.217821 Continue reading
Announcing Claude Managed Agents on Cloudflare
Cloudflare and Anthropic have collaborated to integrate Claude Managed Agents with Cloudflare Sandboxes. Our new integration gives you more control over your agent sandboxes, secures connections to private services, and improves observability.
In the past year, Cloudflare’s Developer Platform has expanded to give more developers the tools they need to run agents at scale. This includes:
Sandboxes for full stateful Linux microVMs at scale
Agents SDK, providing simple and customizable agent framework
Browser Run, which gives agents fully programmable and observable browsers
Dynamic Workers, allowing for dynamic sandboxed code execution at massive scale
Our goal is to make Cloudflare the simplest, most secure, and most programmable cloud for agents.
Integrating with Claude Managed Agents is another step in this direction. You can run your agent loop on the Claude Platform, while using Cloudflare to execute code, secure connections, and run custom tool calls.
To get going in just minutes, we’ve created a default deployment template that gives you the following:
Enhanced security - Run all agent traffic through customizable proxies. This allows you to securely inject credentials, prevent data exfiltration, and better observe how your agents interact with the outside world.
Sandbox control and observability - Get Continue reading
netlab 26.05: BGP-free SRv6 Core, Junos Features
netlab release 26.05 is out. Here are the highlights:
- Support for global BGP routes with SRv6 next hops (inspired by proof-of-concept by @jvbemmel) on FRR and IOS XR
- Junos OSPF/IS-IS route redistribution, VRF IS-IS instances, and OSPF interface parameters
- Streamline and speed up the FortiOS initial device configuration by @a-v-popov
- Support for Juniper cSRX container by @leec-666
Everything in C is undefined behavior
If he had been a programmer, Cardinal Richelieu would have said “Give me six lines written by the hand of the most expert C programmer in the world, and I will find enough in them to trigger undefined behavior”.
Nobody can write correct C, or C++. And I say that as someone who’s written C and C++ on an almost daily basis for about 30 years. I listen to C++ podcasts. I watch C++ conference talks. I enjoy reading and writing C++.
C++ has served us well, but it’s 2026, and the environment of 1985 (C++) or 1972 (C) is not the environment of today.
I’m definitely not the first to say this. I remember reading a post by someone prominent about a decade ago saying that a good case can be made that use of C++ is a SOX violation. And while I was not onboard with the rest of their rant (nor their confusion about “its” vs “it’s”), I never disagreed about that point.
With time I found it to be more and more true. WAY more things are undefined behavior (UB) than you’d expect.
Everyone knows that double-free, use after free, accessing outside the bounds of an Continue reading
NB575: AI Multipath Protocol Goes to Open Compute Project; Cisco Shrinks Workforce as Income Swells
Take a Network Break! In this week’s Red Alert we suggest an audit of your Azure environment after Microsoft says it patched four critical vulnerabilities. On the news front, Nvidia has brought the Multipath Reliable Connection (MCR) protocol to the Open Compute Project, AT&T rolls out quantum-resistant SD-WAN services, and HPE introduces new Wi-Fi automation... Read more »Project Glasswing: what Mythos showed us
For the last few months, we've been testing a range of security-focused LLMs on our own infrastructure. These LLMs help identify potential vulnerabilities in our own systems, so we can fix them – and they also show us what attackers are going to be able to do with the latest models.
None of these LLMs has captured more attention than Mythos Preview, from Anthropic. A few weeks ago, we were invited to use Mythos Preview as part of Project Glasswing. We soon pointed it at more than fifty of our own repositories – to see what it would find, and to see how it works.
This post shares what we observed, what the models did well and what they didn't, and how the architecture and process around them needs to change, so they can be used at scale.
Mythos Preview is a real step forward, and it's worth saying that plainly before getting into anything else. We've been running models against our code for a while now, and the jump from what was possible with previous general-purpose frontier models to what Mythos Preview does today is not just a refinement of what came before.
It's Continue reading