Capturing Traffic in Virtual Networking Labs
When I announced the Stub Networks in Virtual Labs blog post on LinkedIn, I claimed it was the last chapter in the “links in virtual labs” saga. I was wrong; here comes the fourth part of the virtual links trilogy – capturing “on the wire” traffic in virtual networking labs.
While network devices provide traffic capture capabilities (usually tcpdump in disguise generating a .pcap file), it’s often better to capture the traffic outside of the device to see what the root cause of the problems you’re experiencing might be.
NB516: Cisco, Nvidia ASIC Deal Chases Enterprise AI; Juniper Welcomes Third-Party LLMs
Take a Network Break! This week we start with a couple of follow-ups and a Red Alert, and then jump into tech news. Cisco and Nvidia team up to put Cisco ASICs and the Nexus NOS into Nvidia Ethernet switches, the market reads tea leaves as Microsoft walks away from data center capacity, and Juniper... Read more »Banish bots from your Waiting Room and improve wait times for real users
With Cloudflare Waiting Room, you can safeguard your site from traffic surges by placing visitors in a customizable, virtual queue. Previously, many site visitors waited in the queue alongside bots, only to find themselves competing for inventory once in the application. This competition is inherently unfair, as bots are much faster and more efficient than humans. As a result, humans inevitably lose out in these high-demand situations, unable to secure inventory before bots sweep it all up. This creates a frustrating experience for real customers, who feel powerless against the speed and automation of bots, leading to a diminished experience overall. Those days are over! Today, we are thrilled to announce the launch of two Waiting Room solutions that significantly improve the visitor experience.
Now, all Waiting Room customers can add an invisible Turnstile challenge to their queueing page, robustly challenging traffic and gathering analytics on bot activity within their queue. With Advanced Waiting Rooms, you can select between an invisible, managed, or non-interactive widget mode. But, we won’t just block these bots! Instead, traffic with definite bot signals that have failed the Turnstile challenge can be sent to an Infinite Queue, a completely customizable page that mimics a real Continue reading
Podcast: The Rise of NAT
When Ned Bellavance asked me to be a guest on the Chaos Lever podcast talking about NAT, I replied, “and why do you hate me so much?”
However, it turned out one can have a fun conversation about a controversial topic. For more details, listen to The Rise of NAT on Chaos Lever. I hope you’ll enjoy it ;)
Training Neural Networks: Backpropagation Algorithm
Introduction
The previous chapter explained the operation of a single artificial neuron. It covered how input values are multiplied by their respective weight parameters, summed together, and combined with a bias term. The resulting value, z, is then passed through a non-linear sigmoid function, which squeezed a neuron’s output value y ̂ between 0 and 1.
In this chapter, we form the smallest possible Feed Forward Neural Network (FFNN) model using only two neurons. While this is far from a Deep Neural Network (DNN), a simple NN with two neurons is sufficient to explain the Backpropagation algorithm, which is the focus of this chapter.
The goal is to demonstrate the training process and illustrate how the Forward Pass (computation phase) first generates a model output, y ̂. The algorithm then evaluates the model’s accuracy by computing the error term using Mean Squared Error (MSE). The first training iteration rarely, if ever, produces a perfect output. To gradually bring the training result closer to the expected value, the Backward Pass (adjustment and communication phase) calculates the magnitude and direction by which the weight values should be adjusted. The Backward Pass is repeated as many times as necessary until an acceptable model Continue reading
Hedge 261: The NTIA, Spectrum, and Broadband
In the United States, the National Telecommunications and Infrastructure Administration manages spectrum and researches the current state of Internet connectivity for policy makers. Henning Schulzrinne joins Tom and Russ to discuss the role of the NTIA, spectrum management, and broadband management.
You can read the NTIA’s reports here.
download
HN770: Deploying A Global Network in Minutes With Megaport (Sponsored)
In our conversation today with CTO Cameron Daniel of Megaport, we discuss their global WAN architecture, PoPs, use cases, the Megaport Cloud Router, and more. Megaport is our sponsor today. It’s accurate to describe Megaport as providing Network-as-a-Service. Megaport’s automated connectivity solutions enable rapid provisioning of circuits, contrasting sharply with traditional telcos. The discussion also... Read more »Cloudflare’s 2024 Transparency Reports – now live with new data and a new format
Cloudflare’s 2024 Transparency Reports are now live — with new topics, new data points, and a new format. For over 10 years, Cloudflare has published transparency reports twice a year in order to provide information to our customers, policymakers, and the public about how we handle legal requests and abuse reports relating to the websites using our services. Such transparency reporting is now recognized as a best practice among companies offering online services, and has even been written into law with the European Union’s Digital Service Act (DSA).
While Cloudflare has been publishing transparency reports for a long time, this year we chose to revamp the report in light of new reporting obligations under the DSA, and our goal of making our reports both comprehensive and easy to understand. Before you dive into the reports, learn more about Cloudflare’s longstanding commitment to transparency reporting and the key updates we made in this year’s reports.
Cloudflare started issuing transparency reports early on, because we have long believed that transparency is essential to earning trust. In addition to sharing data about the number and nature of requests we receive, our transparency reports have provided a forum Continue reading
Worth Reading: The Generative AI Con
I love good steamy rants, and The Generative AI Con from Edward Zitron is as good as they come. Pour yourself a glass of wine (or a cup of tea or whatever else you prefer) and have some fun ;)
Lab as Code – Part1
I wrote a post a while back about how the world of labbing changed during my time in networking, this is a follow on to see what options I have in terms of ‘labbing as Code’. I want a way to declaratively deploy the initial lab setup (devices, links, addressing, remote access, etc) so that I can concentrate on the features I am actually trying to lab. My idea is to try and use existing tools rather than writing my own, the following repo has all the code and files I used as part of this blog.
Operations vs Projects Balance in IT infrastructure teams
For the past two years, I have been managing a team in charge of operations and engineering projects on the data center infrastructure of an HPC center. It is a…
The post Operations vs Projects Balance in IT infrastructure teams appeared first on AboutNetworks.net.
Palo Alto Automated Scheduled Configuration Backup
I'm writing this in February 2025, and as far as I know, Palo Alto firewalls (not Panorama) don’t have a built-in mechanism for automatic configuration backups. Panorama, on the other hand, supports scheduled backups and allows you to send them to various locations like an SCP or FTP server. I’m not sure why this feature isn’t available on standalone firewalls, but in any case, let’s look at how you can use the API to periodically fetch the configuration from the Palo Alto firewall.
As always, if you find this post helpful, press the ‘clap’ button. It means a lot to me and helps me know you enjoy this type of content.
Trying to Automate Palo Alto Firewall Objects/Rules Cleanup
In this blog post, we will walk you through how to clean up Palo Alto Firewall Objects and Rules using a Python script. The script is designed to search for a
Suresh Vina
Overview
The Palo Alto KB article explains how to use the XML API with cURL to fetch the configuration and then use a cron job to run it periodically. This method works, but I want to make some tweaks to ensure we have Continue reading
N4N015: Spanning Tree Part 3 – Versions, States and Guards
We’re back with the third and last (for now) installment of our spanning tree series. Today’s episode includes an explanation of spanning tree versions, 802.1D, 802.1w, 802.1s, and their practical implications for network design. The discussion then turns to BPDU guard for preventing loops and ensuring rapid connectivity. Bonus material on why you should or... Read more »TNO018: The Network Engineer’s Evolution: Thinking Like a Product Owner (Sponsored)
What does it mean for a network engineer to develop a product mindset? And what does a product mindset have to do with network automation? Guest Peter Sprygada connects these concepts in today’s episode of Total Network Operations, sponsored by Itential. Peter says that as an organization advances its network automation capabilities, the impetus shifts... Read more »Some TXT about, and A PTR to, new DNS insights on Cloudflare Radar
No joke – Cloudflare's 1.1.1.1 resolver was launched on April Fool's Day in 2018. Over the last seven years, this highly performant and privacy-conscious service has grown to handle an average of 1.9 Trillion queries per day from approximately 250 locations (countries/regions) around the world. Aggregated analysis of this traffic provides us with unique insight into Internet activity that goes beyond simple Web traffic trends, and we currently use analysis of 1.1.1.1 data to power Radar's Domains page, as well as the Radar Domain Rankings.
In December 2022, Cloudflare joined the AS112 Project, which helps the Internet deal with misdirected DNS queries. In March 2023, we launched an AS112 statistics page on Radar, providing insight into traffic trends and query types for this misdirected traffic. Extending the basic analysis presented on that page, and building on the analysis of resolver data used for the Domains page, today we are excited to launch a dedicated DNS page on Cloudflare Radar to provide increased visibility into aggregate traffic and usage trends seen across 1.1.1.1 resolver traffic. In addition to looking at global, location, and autonomous system (ASN) traffic trends, Continue reading
Notes from OARC44
The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. They meet between two or three times a year in a workshops format. The most recent workshop was held in Atlanta, in February 2025. Here are my thoughts on some of the material that was presented and discussed at this workshop where too much DNS is barely enough!Rebuilding FRR with pim6d
Short post today.
Turns out that Debian, in its infinite wisdom, disables pim6d in frr. Here’s
a short howto on how to build it fixed.
$ sudo apt build-dep frr
[…]
$ apt source frr
[…]
$ cd frr-8*
$ DEB_BUILD_PROFILES=pkg.frr.pim6d dpkg-buildpackage -us -uc -b
$ sudo dpkg -i ../frr_*.deb
Then you can enable pim6d in /etc/frr/daemons and restart frr.
Not that I managed to get IPv6 multicast routing to to work over wireguard
interfaces anyway. Not sure what’s wrong. Though it didn’t fix it, here’s an
interesting command that made stuff like ip -6 mroute look like it should
work:
$ sudo smcroutectl add LAN ff38:40:fd11:222:3333:44:0:1122 wg-foo
NAN086: A Reality Check On AI for Network Operations
On today’s episode, we get a reality check on all the hype surrounding AI with guest Phil Gervasi. Phil provides background on Large Language Models (LLMs) and their applications, as well as the current state of AI technology. We also delve into practical use cases for AI in network operations, from AI as an assistant... Read more »Keep AI interactions secure and risk-free with Guardrails in AI Gateway
The transition of AI from experimental to production is not without its challenges. Developers face the challenge of balancing rapid innovation with the need to protect users and meet strict regulatory requirements. To address this, we are introducing Guardrails in AI Gateway, designed to help you deploy AI safely and confidently.
LLMs are inherently non-deterministic, meaning outputs can be unpredictable. Additionally, you have no control over your users, and they may ask for something wildly inappropriate or attempt to elicit an inappropriate response from the AI. Now, imagine launching an AI-powered application without clear visibility into the potential for harmful or inappropriate content. Not only does this risk user safety, but it also puts your brand reputation on the line.
To address the unique security risks specific to AI applications, the OWASP Top 10 for Large Language Model (LLM) Applications was created. This is an industry-driven standard that identifies the most critical security vulnerabilities specifically affecting LLM-based and generative AI applications. It’s designed to educate developers, security professionals, and organizations on the unique risks of deploying and managing these systems.
The stakes are even higher with new regulations being introduced: