Delegation And You
I once again loved this episode of the Art of Network Engineering featuring Mike Bushong. He is a very astute judge of character as well as how to apply social skills to your tech role. Definitely listen to the above episode if you’re interested in countering cognitive biases.
In the episode, he told a great story of how he had a pivotal career moment with one of his managers that led to some important introspection. I won’t tell his story but the summary is that he had taken on way too much work and way too many roles and he blew up at his manager because of the stress. She leveled him with a quote that rang true for me:
“No one knows everything you’re working on. They just see that the thing that’s important to them is late.”
That’s not the verbatim quote but that’s how I remember it. It’s definitely something that I’ve been thinking about since the previous episode when he mentioned it the first time.
Load Bearing and Busting
The odds are good that we’re all doing way too many things right now. Whether it’s doing more work in our role or taking on way Continue reading
Exploring Internet and security trends during the 2024 U.S. Democratic National Convention
The 2024 Democratic National Convention (DNC) wrapped up on Thursday, August 22, in Chicago, Illinois. Since our blog post about Internet trends during the first presidential debate between President Joe Biden and former President Donald Trump on June 27, the presidential race has fundamentally changed. We experienced the attempted assassination of Trump, the Republican National Convention (RNC), Biden’s late July withdrawal from the race, and Vice President Kamala Harris being selected as the Democratic nominee and participating in her party’s convention this week. Here, we’ll examine trends more focused on DNS traffic to news and candidate-related sites, cyberattacks targeting politically-related organizations, and spam and malicious emails mentioning the candidates’ names.
Over 60 more national elections are scheduled to take place across the world this year, and we have been monitoring them as they occur. Our goal is to provide a neutral analysis of their impact on Internet behavior, which often mirrors human activities. Significant events, such as the total eclipse in Mexico, the United States, and Canada, and the Paris 2024 Olympics, have had an impact on Internet traffic. Our ongoing election report on Cloudflare Radar includes updates from recent elections in the European Union, France, Continue reading
Storing Pulumi State in the Project Directory
Pulumi, like Terraform and OpenTofu, has the ability to store its state in a supported backend. You can store the state in one of the blob/object storage services offered by the major cloud providers, via Pulumi’s SaaS offering (called Pulumi Cloud), or even locally. It’s this last option I’ll explore a little bit in this post, where I’ll show you how to configure Pulumi to store the state in the project directory instead of somewhere else.
Let me start with this disclaimer: If you’re working with a team of folks on IaC for your project or employer, don’t do this. Storing project state locally with your project will just make life difficult for you. Instead, just accept that you need to store the state somewhere that your whole team can access it. Howver, if you are a “team of one” then you might find this interesting or useful.
Pulumi supports a “local” backend, which means storing stack state information locally on the same system where Pulumi is running. By default, Pulumi will store the state information in the ${HOME}/.pulumi folder.
It’s possible to configure the location the local backend uses with the PULUMI_BACKEND_URL environment variable (see this page for Continue reading
Using No-Export Community to Filter Transit Routes
The very first BGP Communities RFC included an interesting idea: let’s tag paths we don’t want to propagate to other autonomous systems. For example, the prefixes received from one upstream ISP should not be propagated to another upstream ISP (sadly, things don’t work that way in reality).
Want to try out that concept? Start the Using No-Export Community to Filter Transit Routes lab in GitHub Codespaces.
Rackspace Goes All In – Again – On OpenStack
Rackspace Technology has admittedly been relatively quiet in recent years when it’s come to OpenStack, the open source cloud infrastructure platform that was born in 2010 out of the collaboration between the cloud computing company and NASA. …
Rackspace Goes All In – Again – On OpenStack was written by Jeffrey Burt at The Next Platform.
When You’re Building The Future, The Past Is No Longer A Guide
A complex world demands complex systems.
Designing and improving new industrial systems, semiconductors, or vehicles, whether earth or space bound, presents massive engineering and manufacturing challenges. …
When You’re Building The Future, The Past Is No Longer A Guide was written by Timothy Prickett Morgan at The Next Platform.
IPB158: “IPv6 Mostly”: A Strategy to Balance Legacy and Modern Networking Needs
The move from IPv4 to IPv6 is not straightforward. In a world where use cases for both protocols exist, there needs to be some sort of transition. Dual stack is one option but “IPv6 mostly” is another. On today’s show, guest Ondřej Caletka from RIPE NCC explores transitioning to an IPv6-centric network while retaining IPv4... Read more »Go wild: Wildcard support in Rules and a new open-source wildcard crate
Back in 2012, we introduced Page Rules, a pioneering feature that gave Cloudflare users unprecedented control over how their web traffic was managed. At the time, this was a significant leap forward, enabling users to define patterns for specific URLs and adjust Cloudflare features on a page-by-page basis. The ability to apply such precise configurations through a simple, user-friendly interface was a major advancement, establishing Page Rules as a cornerstone of our platform.
Page Rules allowed users to implement a variety of actions, including redirects, which automatically send visitors from one URL to another. Redirects are crucial for maintaining a seamless user experience on the Internet, whether it's guiding users from outdated links to new content or managing traffic during site migrations.
As the Internet has evolved, so too have the needs of our users. The demand for greater flexibility, higher performance, and more advanced capabilities led to the development of the Ruleset Engine, a powerful framework designed to handle complex rule evaluations with unmatched speed and precision.
In September 2022, we announced and released Single Redirects as a modern replacement for the URL Forwarding feature of Page Rules. Built on top of the Ruleset Engine, this Continue reading
Better IX network quality monitoring
Better IX network quality monitoring
This post is a textual version of a talk I gave at the first NetUK. You can watch the talk on YouTube that was recorded by the wonderful AV team below if that’s your preferred medium:
Using Multiple Transit VNIs per EVPN VRF
After reading the Layer-3-Only EVPN: Behind the Scenes blog post, one might come to an obvious conclusion: the per-VRF EVPN transit VNI must match across all PE devices forwarding traffic for that VRF.
Interestingly, at least some EVPN implementations handle multiple VNIs per VRF without a hitch; I ran my tests in a lab where three switches used unique per-switch VNI for a common VRF.
The rest of this blog post describes Arista cEOS behavior; please feel free to use the same netlab topology to run similar tests on other devices.
Arista Banks On The AI Network Double Whammy
Current AI training and some AI inference clusters have two networks. …
Arista Banks On The AI Network Double Whammy was written by Timothy Prickett Morgan at The Next Platform.
D2DO249: The Anatomy of TLS 1.3 and Why You Should Risk It
Transport Layer Security (TLS) is today’s topic with guest Ed Harmoush. TLS plays a critical role in Internet security, and we dive into the differences between versions 1.2 and 1.3 In addition, Ed shares his journey into TLS, explains its components, and addresses common misconceptions about certificates and their validation processes. The episode also highlights... Read more »NAN071: Understanding the Infrastructure Requirements for AI Workloads (Sponsored)
On today’s Network Automation Nerds, we get into the infrastructure required to support AI workloads. We discuss key considerations including bandwidth, the substantial power and cooling requirements of AI infrastructure, and GPUs. We also talk about InfiniBand and Ethernet as network fabrics for AI workloads, cabling considerations, and more. This is a sponsored episode. Our... Read more »Review: Lenovo ThinkPad X1 Carbon Gen11
I’ve recently had the opportunity to start using a Lenovo ThinkPad X1 Carbon (X1C) Gen11 as my primary work system. Since I am not a Windows person—I don’t think I’ve used Windows as a daily driver since before the turn of the century—I’m running Linux on the X1C Gen11. Now that I’ve had a few weeks of regular use, in this post I’ll provide my review of this laptop.
This is my second ThinkPad X1 Carbon; my first was a Gen 5 that I received when I joined Heptio in 2018 (see my review of the X1C Gen5). I loved that laptop; my experience with the Gen5 was what made me choose the X1C Gen11 when given the opportunity. What I’ve found is that the Gen11 improves upon the X1C experience in some ways, but falls short in other ways.
Before getting into the details, here’s a quick rundown on the specifications:
- 10-core Intel 13th generation Core i7-1365U (two performance cores and eight efficiency cores)
- 32GB of RAM
- 512GB NVMe storage
- 2880×1800 display
- Two USB-C ports, two USB-A ports, and an HDMI port
As with the Gen5, I’m happy with the build quality and subjective “feel” of the laptop; Continue reading
Ethernet History Deepdive – Why Do We Have Different Frame Types?
In my previous post Encapsulation of PDUs On Trunk Ports, I showed what happens to PDUs when you change the configuration of a trunk. You may have noticed that there are typically three different types of Ethernet encapsulations that we see:
- Ethernet II.
- 802.2 LLC.
- 802 SNAP.
Historically, there were even more than three, but we’re ignoring that for now. Why do we have three? To understand this, we need to go back in history.
The Origin of Ethernet
In the early 70’s, Robert Metcalfe, inspired by ARPANET and ALOHAnet had been working on developing what we today know as Ethernet. He published a paper in 1976, together with David Boggs, named Ethernet: Distributed Packet Switching for Local Computer Networks:
In the paper, they describe the addressing used in Ethernet:
3.3 Addressing
Each packet has a source and destination, both of which are identified in the packet’s header.
A packet placed on the Ether eventually propagates to all stations. Any station can copy a packet
from the Ether into its local memory, but normally only an active destination station matching ‘its
address in the packet’s header will do so as the packet passes. By convention, a Continue reading
Testing bgpipe with netlab
Ever since Pawel Foremski talked about BGP Pipe @ RIPE88 meeting, I wanted to kick its tires in netlab. BGP Pipe is a Go executable that runs under Linux (but also FreeBSD or MacOS), so I could add a Linux VM (or container) to a netlab topology and install the software after the lab has been started. However, I wanted to have the BGP neighbor configured on the other side of the link (on the device talking with the BGP Pipe daemon).
I could solve the problem in a few ways:
NIST’s first post-quantum standards
On August 13th, 2024, the US National Institute of Standards and Technology (NIST) published the first three cryptographic standards designed to resist an attack from quantum computers: ML-KEM, ML-DSA, and SLH-DSA. This announcement marks a significant milestone for ensuring that today’s communications remain secure in a future world where large-scale quantum computers are a reality.
In this blog post, we briefly discuss the significance of NIST’s recent announcement, how we expect the ecosystem to evolve given these new standards, and the next steps we are taking. For a deeper dive, see our March 2024 blog post.
Why are quantum computers a threat?
Cryptography is a fundamental aspect of modern technology, securing everything from online communications to financial transactions. For instance, when visiting this blog, your web browser used cryptography to establish a secure communication channel to Cloudflare’s server to ensure that you’re really talking to Cloudflare (and not an impersonator), and that the conversation remains private from eavesdroppers.
Much of the cryptography in widespread use today is based on mathematical puzzles (like factoring very large numbers) which are computationally out of reach for classical (non-quantum) computers. We could likely continue to use traditional cryptography for decades to Continue reading
Supermicro Financials Get Better As The Company Gets Bigger
It’s still Ketchup Week here at The Next Platform, and we are going to be circling back to look at the financials of a number of bellwether datacenter companies that we could not get to during a number of medical crisis – including but not limited to our family catching COVID when we took a week of vacation at a lake in Michigan. …
Supermicro Financials Get Better As The Company Gets Bigger was written by Timothy Prickett Morgan at The Next Platform.