BGP Labs: Graceful Degradation for Unsupported Devices
A few weeks ago, I described the changes in the online BGP labs that allow you to use most of the common network operating systems as “external” routers1. However, while we keep improving it, netlab still can’t configure all BGP features on all supported devices (PRs from Nokia and Mikrotik fans would be highly appreciated đ), which means that it’s possible to configure your environment in a way where some of the more complex labs would simply fail to start.
The limited choice of devices for external routers was always well-documented (example), but if you insisted on using unsupported devices, the lab would fail to start with an error message, and you’d have to tweak the lab topology (example). Wouldn’t it be better to start the lab with a warning?
PP105: Cybercrime Has Gone Industrial: Insights from HPE Threat Labs (Sponsored)
Threat actors are behaving more like professional organizations in an effort to launch more effective and profitable attacks. We explore this and other themes from the latest Threat Labs report from HPE, our sponsor for todayâs Packet Protector episode. We also look at how older vulnerabilities are still contributing to todayâs exploits, why security organizations... Read more »HW075: Speedtest Certified
Speedtest Certified is a network connectivity verification program for properties and venues, allowing them to prove the performance of their Wi-Fi. Alan Blake of Ookla joins the show to break down what the certification actually measures, how assessments are performed, and what it means for network owners as well as Wi Fi professionals. This is... Read more »Four public live production flow analytics dashboards
The following publicly accessible dashboards show live data from operational networks, including: an AI/ML RoCEv2 fabric, a world-wide Kubernetes cluster, and an Internet Exchange Provider (IXP). Click on the [ LIVE DASHBOARD ] link under each screen capture to access the live dashboard.
[ LIVE DASHBOARD ]
San Diego Supercomputer Center Expanse Cluster AI/ML dashboard using ai-metrics application. See AI Metrics with Prometheus and Grafana for detailed, step-by-step, instructions for setting up monitoring and dashboard.
[ LIVE DASHBOARD ]
San Diego Supercomputer Center Expanse Cluster AI/ML traffic matrix using heatmap application. See Real-time visualization of AI / ML traffic matrix for an explanation of the chart with examples.
[ LIVE DASHBOARD ]
National Research Platform Nautilus Cluster GPU, CPU, and network resources in world-wide Kubernetes cluster using sunburst application. See Real-time Kubernetes cluster monitoring example for more details and step-by-step instructions for deploying monitoring.
[ LIVE DASHBOARD ]
San Francisco Metropolitan Internet Exchange overall traffic dashboard using ixp-metrics application. See Internet eXchange Provider (IXP) Metrics for detailed, step-by-step, instructions for setting up overall exchange traffic and per member peering traffic dashboards.
Live Dashboards maintains a current list publicly accessible dashboards. If you have dashboard to share, would like help learning Continue reading
What is Netlab and Why Network Engineers Should Care
Milan Zapletal, the author of the biggest netlab topology I’ve seen so far (full story), has published a nice introductory article explaining What is Netlab and Why Network Engineers Should Care.
Thank you, Milan! Much appreciated ;)
NB570: Project Glasswingâs FUD and Thunder; Au Revoir Windows, Bonjour Linux
Take a Network Break! We commence with a red alert on FastMCP, and then debate whether Anthropic’s Project Glasswing is a marketing stunt or a reasonable response to the growing ability of AI models to find and exploit software vulnerabilities. Iran targets US OT networks, startup Aria Networks unveils Ethernet switches purpose-built for AI factories,... Read more »Building a CLI for all of Cloudflare
Cloudflare has a vast API surface. We have over 100 products, and nearly 3,000 HTTP API operations.
Increasingly, agents are the primary customer of our APIs. Developers bring their coding agents to build and deploy applications, agents, and platforms to Cloudflare, configure their account, and query our APIs for analytics and logs.
We want to make every Cloudflare product available in all of the ways agents need. For example, we now make Cloudflareâs entire API available in a single Code Mode MCP server that uses less than 1,000 tokens. Thereâs a lot more surface area to cover, though: CLI commands. Workers Bindings â including APIs for local development and testing. SDKs across multiple languages. Our configuration file. Terraform. Developer docs. API docs and OpenAPI schemas. Agent Skills.
Today, many of our products arenât available across every one of these interfaces. This is particularly true of our CLI â Wrangler. Many Cloudflare products have no CLI commands in Wrangler. And agents love CLIs.
So weâve been rebuilding Wrangler CLI, to make it the CLI for all of Cloudflare. It provides commands for all Cloudflare products, and lets you configure them together using infrastructure-as-code.
Today weâre sharing an early version of Continue reading
Durable Objects in Dynamic Workers: Give each AI-generated app its own database
A few weeks ago, we announced Dynamic Workers, a new feature of the Workers platform which lets you load Worker code on-the-fly into a secure sandbox. The Dynamic Worker Loader API essentially provides direct access to the basic compute isolation primitive that Workers has been based on all along: isolates, not containers. Isolates are much lighter-weight than containers, and as such, can load 100x faster using 1/10 the memory. They are so efficient, they can be treated as "disposable": start one up to run a few lines of code, then throw it away. Like a secure version of eval().
Dynamic Workers have many uses. In the original announcement, we focused on how to use them to run AI-agent-generated code as an alternative to tool calls. In this use case, an AI agent performs actions at the request of a user by writing a few lines of code and executing them. The code is single-use, intended to perform one task one time, and is thrown away immediately after it executes.
But what if you want an AI to generate more persistent code? What if you want your AI to build a small application with a custom UI the user can Continue reading
Agents have their own computers with Sandboxes GA
When we launched Cloudflare Sandboxes last June, the premise was simple: AI agents need to develop and run code, and they need to do it somewhere safe.
If an agent is acting like a developer, this means cloning repositories, building code in many languages, running development servers, etc. To do these things effectively, they will often need a full computer (and if they donât, they can reach for something lightweight!).
Many developers are stitching together solutions using VMs or existing container solutions, but there are lots of hard problems to solve:
Burstiness - With each session needing its own sandbox, you often need to spin up many sandboxes quickly, but you donât want to pay for idle compute on standby.
Quick state restoration - Each session should start quickly and re-start quickly, resuming past state.
Security - Agents need to access services securely, but canât be trusted with credentials.
Control - It needs to be simple to programmatically control sandbox lifecycle, execute commands, handle files, and more.
Ergonomics - You need to give a simple interface for both humans and agents to do common operations.
Weâve spent time solving these issues so you donât have to. Since our initial Continue reading
Dynamic, identity-aware, and secure Sandbox auth
As AI Large Language Models and harnesses like OpenCode and Claude Code become increasingly capable, we see more users kicking off sandboxed agents in response to chat messages, Kanban updates, vibe coding UIs, terminal sessions, GitHub comments, and more.
The sandbox is an important step beyond simple containers, because it gives you a few things:
Security: Any untrusted end user (or a rogue LLM) can run in the sandbox and not compromise the host machine or other sandboxes running alongside it. This is traditionally (but not always) accomplished with a microVM.
Speed: An end user should be able to pick up a new sandbox quickly and restore the state from a previously used one quickly.
Control: The trusted platform needs to be able to take actions within the untrusted domain of the sandbox. This might mean mounting files in the sandbox, or controlling which requests access it, or executing specific commands.
Today, weâre excited to add another key component of control to our Sandboxes and all Containers: outbound Workers. These are programmatic egress proxies that allow users running sandboxes to easily connect to different services, add observability, and, importantly for agents, add flexible Continue reading
Ramla Baharuddin: Pahlawan Dayung Indonesia di SEA Games 2025
Daftar Pustaka
Prestasi Gemilang Ramla Baharuddin
Ramla Baharuddin adalah salah satu atlet dayung terbaik Indonesia yang menunjukkan prestasi luar biasa di SEA Games 2025. Bersama tim nasional, Ramla berhasil meraih medali emas pada nomor mixed kayak four 500m, membawa Indonesia ke puncak podium. Kemenangan ini menjadi bukti nyata dari kerja keras, disiplin, dan dedikasi tinggi yang dimiliki Ramla dan rekan-rekannya.
Selain itu, Ramla dikenal sebagai sosok yang inspiratif, selalu memberikan dukungan semangat kepada timnya. Banyak pengamat olahraga menilai bahwa kemampuan koordinasi dan strategi timnya menjadi faktor penting keberhasilan mereka. Tidak hanya fisik yang kuat, tetapi juga mental juara yang membuat Ramla Baharuddin menonjol dalam ajang internasional.
Perjalanan Karier dan Dedikasi
Sejak kecil, Ramla Baharuddin sudah menunjukkan bakat luar biasa dalam olahraga air. Ia mulai berlatih dayung secara intensif sejak usia dini, mengasah teknik, kecepatan, dan ketahanan tubuh. Berkat latihan disiplin dan komitmen tinggi, Ramla perlahan naik menjadi anggota tim nasional dayung Indonesia.
Selain latihan fisik, Ramla juga fokus pada strategi tim, belajar membaca arus air, dan menjaga sinkronisasi gerakan dengan rekan Continue reading
Lexus LBX: Mobil Compact Mewah dengan Performa Modern
Daftar Pustaka
Desain Eksterior yang Menawan
Lexus LBX menghadirkan desain eksterior yang modern dan sporty. Gril spindle yang khas Lexus tampak lebih agresif dibandingkan model sebelumnya. Selain itu, lampu LED tajam menambah kesan futuristik, sementara garis bodi yang dinamis memberikan aerodinamika optimal. Dengan ukuran compact, mobil ini mudah bermanuver di perkotaan. Bahkan, pengemudi akan merasa percaya diri saat melaju di jalan sempit.
Lebih lanjut, warna metalik dan aksen krom membuat tampilan mobil semakin premium. Di sisi lain, velg 18 inci menambah aura sporty, sementara atap hitam kontras memberi kesan elegan. Seiring tren SUV compact, LBX berhasil memadukan kenyamanan dan gaya dalam satu paket yang menarik.
Interior Lexus LBX: Nyaman dan Canggih
Masuk ke dalam, interior Lexus LBX menawarkan kombinasi kemewahan dan teknologi. Kursi berbahan kulit berkualitas tinggi membuat perjalanan lebih nyaman. Selain itu, dashboard digital 12,3 inci menghadirkan informasi dengan jelas dan mudah diakses. Pengemudi dapat memanfaatkan layar sentuh untuk navigasi, hiburan, dan kontrol mobil.
Selain itu, sistem audio premium menambah pengalaman berkendara. Lebih lanjut, ruang kabin yang lapang memungkinkan penumpang belakang duduk nyaman. Bahkan, bagasi Continue reading
netlab 26.04: EXOS, BGP Prefix Origination, More Static Routes
netlab release 26.04 is out. Here are the highlights:
- Extreme Networks EXOS is supported as a Vagrant box or containerlab node with OSPF, VLAN, and VRRP configuration (by Seb dâArgoeuves).
- The new bgp.advertise node attribute allows you to advertise networks in the IP routing table into BGP. Itâs supported on most platforms.
- The bgp.originate attribute is now dual-stack and VRF-aware, allowing you to originate IPv4 and IPv6 prefixes into per-VRF BGP instances.
- New platforms with static route support: FortiOS (by Aleksey Popov), Nexus OS, Nokia SR OS, Nokia SR Linux. OpenBSD got discard static routes.
Juniper Port Checker â Validate Port Speed Mappings Before You Deploy
If you work with Juniper hardware and have never used the Juniper Port Checker, you are missing out on a really useful tool. It is part of the Juniper Pathfinder suite and it gives you a visual representation of the front panel of a device and lets you configure port speeds to validate that your...
The post Juniper Port Checker â Validate Port Speed Mappings Before You Deploy first appeared on Fryguy's Blog.New Network Tools Section
I have been meaning to put together some network tools for a while now, and I finally got around to it. I added a new Network Tools section to the site with eight tools that I find myself needing on a regular basis. They all run in the browser â nothing gets sent to a...
The post New Network Tools Section first appeared on Fryguy's Blog.Welcome to Agents Week
Cloudflare's mission has always been to help build a better Internet. Sometimes that means building for the Internet as it exists. Sometimes it means building for the Internet as it's about to become.Â
Today, we're kicking off Agents Week, dedicated to building the Internet for what comes next.
The cloud, as we know it, was a product of the last major technological paradigm shift: smartphones.
When smartphones put the Internet in everyone's pocket, they didn't just add users â they changed the nature of what it meant to be online. Always connected, always expecting an instant response. Applications had to handle an order of magnitude more users, and the infrastructure powering them had to evolve.
The approach the industry converged on was straightforward: more users, more copies of your application. As applications grew in complexity, teams broke them into smaller pieces â microservices â so each team could control its own destiny. But the core principle stayed the same: a finite number of applications, each serving many users. Scale meant more copies.
Kubernetes and containers became the default. They made it easy to spin up instances, Continue reading
NZNOG 2026
NZNOG 2026 was held in Christchurch in March 2026. The NZ national community has a long track record of innovation, both in technology and in the underlying investment models for its network infrastructure. Here's a summary of some of the sessions that I found to be of interest.UniFi UTR Initial Impressions, Setup and Review
Even though UniFi released the UTR (UniFi Travel Router) a while back, I've been researching it and trying to find a use case for myself. Fast forward to today, and even though I still don't have a clear use case for it, I bought it purely based on vibes.
It was out of stock pretty much all the time in the UK store, and even when it came back in stock, it would sell out within minutes. I happened to be checking their site one day and noticed it was available, so I ordered it right away. It costs £90 including delivery.
So, what is it?
The UTR is a small (like very tiny), portable router that you can take anywhere with you. It fits in your pocket. It supports both 2.4GHz and 5GHz bands and can connect to an upstream network via Wi-Fi or Ethernet. If you are into the UniFi ecosystem, in a nutshell, it can extend your home network wherever you go.
It is a small device, measuring 95.95 x 65 x 12.5 mm and weighing just 89g, so it genuinely fits in your pocket. It runs WiFi 5 with 2x2 MIMO Continue reading