N4N029: Four Goals of Network Design

Let’s explore four goals of network design: stability, speed, scalability, and security. These goals are based on Ethan’s experience designing, building, and operating networks. Network architects and design experts might have other objectives, and that’s fine, but these four goals are the basis of today’s episode. Ethan and Holly discuss why these four goals are... Read more »

Weird: Ports on Linux Bridge Are Stuck

Just when you thought you got used to the weirdnesses in the networking implementations, you get a curveball like this one. Life is never dull if you test network devices.

Before releasing netlab release 2.0, I ran the full suite of integration tests for all devices for which I have the images. Interestingly, most VXLAN tests failed for Cumulus Linux 4.x even though we haven’t touched that code for ages.

Next step: trying to figure out what changed. The configuration changes were minimal. Even worse, the failure was non-deterministic. Somehow, we managed to transform a Cumulus Linux 4.x VM into a Heisenberg switch.

Read more …

D2DO274: Firefly’s State of IaC Report for 2025, aka ClickOps Is a Disgrace (Sponsored)

Firefly is a cloud infrastructure automation platform that helps cloud teams, DevOps, SRE, platform engineering, DevSecOps, and other groups manage their entire cloud as code. Firefly helps to manage cloud complexity and produce consistent and efficient cloud platforms with code. To help Firefly better understand their customers and industry trends around Infrastructure as Code (IaC),... Read more »

HPE Uses AI To Drive The Business, Which Is Increasingly AI

Hewlett Packard Enterprise is going through yet another restructuring to reduce costs, something we have seen a lot of in the past two decades and a half decades since it acquired Compaq to become a volume server peddler as well as high end system supplier for enterprises.

HPE Uses AI To Drive The Business, Which Is Increasingly AI was written by Timothy Prickett Morgan at The Next Platform.

Worth Reading 060425


There is an interesting article from the Brookings Institute that documents four trends in infrastructure funding. The conclusions of the report surprised me and I suspect they will surprise others.


And when details do emerge, they usually involve a retraction. IBM laid off 8,000 workers in 2023, and then hired them back in May 2025. In 2024, a top headline for Klarna was “Klarna’s AI Assistant Is Doing The Job Of 700 Workers” but a year later it was “Klarna Reverses AI-Only Customer Support Strategy.”


I would like to look at the ways in which the operators of the number Resource Public Key Infrastructure (RPKI) have deployed this infrastructure in a way that maximises its available and performance and hardens it against potential service interruptions, or in other words, an examination of the resilience of the RPKI infrastructure.


OFC 2025 made one thing clear: The transition to Co-Packaged Optics (CPO) switches in data centres is inevitable, driven primarily by the power savings they offer.


I’d like to look at that spike in the total route count that occurred on the 1st May in further detail. Between 16:00 UTC on the 1st May and 18:00 UTC on the same day, Continue reading

Is It Time to Migrate? A Practical Look at Kubernetes Ingress vs. Gateway API

If you’ve managed traffic in Kubernetes, you’ve likely navigated the world of Ingress controllers. For years, Ingress has been the standard way of getting HTTP/S services exposed. But let’s be honest, it often felt like a compromise. We wrestled with controller-specific annotations to unlock critical features, blurred the lines between infrastructure and application concerns, this complexity didn’t just make portability more difficult, it sometimes led to security vulnerabilities and other complications.

As part of Calico Open Source v3.30, we have released a free and open source Calico Ingress Gateway that implements a custom built Envoy proxy with the Kubernetes Gateway API standard to help you navigate Ingress complexities with style. This blog post is designed to get you up to speed on why such a change might be the missing link in your environment.

The Situation: The Ingress Rut

The challenge with traditional Ingress wasn’t a lack of effort, since the landscape is full of innovative solutions. However, the problem was the lack of a unified, expressive, and role-aware standard. Existing ingress controllers were capable, implemented advanced features, however at the same time tied you to a specific project/vendor.

This meant:

What Developers Should Know About Modern CDNs and the Edge

When the web was first scaling up, content delivery networks (CDNs) became a way of dealing with the ever-increasing load. Akamai is widely considered the pioneer of CDN technology in the late-1990s, but arguably it’s been overtaken now by younger, more agile CDN competitors. At least that’s the view of fashions itself as an “edge cloud platform.” “Akamai was the first cloud service, the first multitenant cloud service,” Bergman told The New Stack in an interview. “And I think if they had been developer-friendly, then they should have been as large of a player as AWS, right?” Akamai may not have been the very first cloud service, but it was definitely among the first — and its CDN debuted well before “

Where Are the NETCONF/YANG Tools?

Jo attempted to follow the vendor Kool-Aid recommendations and use NETCONF/YANG to configure network devices. Here’s what he found (slightly edited):

IMHO, the whole NETCONF ecosystem primarily suffers from a tooling problem. Or I haven’t found the right tools yet.

ncclient is (as you mentioned somewhere else) an underdocumented mess. And that undocumented part is not even up to date. The commit hash at the bottom of the docs page is from 2020… I am amazed how so many people got it working well enough to depend on it in their applications.

Read more …

A Day in the Life of BGP

I want to look at just one day of the operation of the Internet’s BGP network by looking at the behaviour of a single BGP session. Nothing special or extraordinary happened on that day. There were no large-scale power blackouts, no major faults in the world’s submarine cable network, nor in the terrestrial trunk cable systems. No headlining-grabbing cyber attack took place on that day, as far as I’m aware. It was just an ordinary Thursday on the Internet, just like any other day, and I selected this day due to its very ordinariness! WhAt can this day tell us about BGP and the way we use it?

My Experience at AutoCon3

My Experience at AutoCon3

This is my second time attending the AutoCon event. The first one I went to was last year in Amsterdam (AutoCon1), and it was absolutely amazing. I decided to attend again this year, and AutoCon3 took place from the 26th to the 30th of May. The first two days were dedicated to workshops, and the conference itself ran from the 28th to the 30th. I only attended the conference. I heard there were around 650 attendees at this event, which is great to see.

Network Automation Forum (NAF)

In case you’ve never heard of AutoCon, it’s a community-driven conference focused on network automation, organized by the Network Automation Forum (NAF). NAF brings together people from across the industry to share ideas, tools, and best practices around automation, orchestration, and observability in networking.

They typically hold two conferences each year, one in Europe and one in the USA, or at least that’s how it’s been so far. The European event is usually around the end of May, and the US one takes place around November. Tickets are released in tiers, with early bird pricing being cheaper. I grabbed the early bird ticket for 299 euros as soon as it was announced.

Continue reading

The AI Datacenter Is Ravenous For 102.4 Tb/sec Ethernet Switch ASICs

While it has always been true that flatter networks and faster networks are possible with every speed bump on the Ethernet roadmap, the scale of networks has kept growing fast enough that the switch ASIC makers and the switch makers have been able to make it up in volume and keep the switch business growing.

The AI Datacenter Is Ravenous For 102.4 Tb/sec Ethernet Switch ASICs was written by Timothy Prickett Morgan at The Next Platform.

PP065: A Microsegmentation Overview

Microsegmentation divides a network into boundaries or segments to provide fine-grained access control to resources within those segments. On today’s Packet Protector we talk about network and security reasons for employing microsegmentation, different methods (agents, overlays, network controls, and so on), how microsegmentation fits into a zero trust strategy, and the product landscape. Episode Links:... Read more »

Bootstrapping Dual-Stack Kubernetes on Flatcar with Kubeadm

Recently I needed to be able to stand up a dual-stack (IPv4/IPv6) Kubernetes cluster on Flatcar Container Linux using kubeadm. At first glance, this seemed like it would be relatively straightforward, but as I dug deeper into it there were a few quirks that emerged. Given these quirks, it seemed like a worthwhile process to write up and publish here. In this post, you’ll see how to use Butane and kubeadm to bootstrap a dual-stack IPv4/IPv6 Kubernetes cluster on AWS.

For those who are unfamiliar, Flatcar Container Linux is a container-optimized Linux distribution considered to be the spiritual successor to CoreOS. For configuring OS instances during provisioning, Flatcar uses Ignition (see here or here for more information). Ignition is intended to be machine-friendly, but not human-friendly. Users can use Butane to write human-friendly YAML configurations that then get transpiled into Ignition. So, when bootstrapping Kubernetes on Flatcar, users will generally use a Butane configuration that leverages kubeadm, as described in the Flatcar documentation.

While the Butane configurations in the documentation are a good start for bootstrapping Kubernetes on Flatcar, they don’t address the dual-stack use case. As outlined in the Kubernetes documentation for dual-stack support with kubeadm, you Continue reading

Building an AI Agent that puts humans in the loop with Knock and Cloudflare’s Agents SDK

This is a guest post by Chris Bell, CTO of Knock

There’s a lot of talk right now about building AI agents, but not a lot out there about what it takes to make those agents truly useful.

An Agent is an autonomous system designed to make decisions and perform actions to achieve a specific goal or set of goals, without human input.

No matter how good your agent is at making decisions, you will need a person to provide guidance or input on the agent’s path towards its goal. After all, an agent that cannot interact or respond to the outside world and the systems that govern it will be limited in the problems it can solve.

That’s where the “human-in-the-loop” interaction pattern comes in. You're bringing a human into the agent's loop and requiring an input from that human before the agent can continue on its task.

In this blog post, we'll use Knock and the Cloudflare Agents SDK to build an AI Agent for a virtual card issuing workflow that requires human approval when a new card is requested.

You can find the complete code for this example in the repository.

What is Knock?

Knock is messaging Continue reading

1 9 10 11 12 13 3,798