Training AI models is expensive, and the world can tolerate that to a certain extent so long as the cost inference for these increasingly complex transformer models can be driven down. …
Stacking Up AMD Versus Nvidia For Llama 3.1 GPU Inference was written by Timothy Prickett Morgan at The Next Platform.
In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated. At Cloudflare, we stay close to industry changes to ensure that we can provide the best solutions to our customers. One practice that we’re continuing to see in use that no longer serves its original purpose is certificate pinning. In this post, we’ll dive into certificate pinning, the consequences of using it in today’s Public Key Infrastructure (PKI) world, and alternatives to pinning that offer the same level of security without the management overhead.
PKI exists to help issue and manage TLS certificates, which are vital to keeping the Internet secure – they ensure that users access the correct applications or servers and that data between two parties stays encrypted. The mis-issuance of a certificate can pose great risk. For example, if a malicious party is able to issue a TLS certificate for your bank’s website, then they can potentially impersonate your bank and intercept that traffic to get access to your bank account. To prevent a mis-issued certificate from intercepting traffic, the server can give a certificate to the client and say “only trust connections if Continue reading
In today’s world, technology is quickly evolving and some practices that were once considered the gold standard are quickly becoming outdated. At Cloudflare, we stay close to industry changes to ensure that we can provide the best solutions to our customers. One practice that we’re continuing to see in use that no longer serves its original purpose is certificate pinning. In this post, we’ll dive into certificate pinning, the consequences of using it in today’s Public Key Infrastructure (PKI) world, and alternatives to pinning that offer the same level of security without the management overhead.
PKI exists to help issue and manage TLS certificates, which are vital to keeping the Internet secure – they ensure that users access the correct applications or servers and that data between two parties stays encrypted. The mis-issuance of a certificate can pose great risk. For example, if a malicious party is able to issue a TLS certificate for your bank’s website, then they can potentially impersonate your bank and intercept that traffic to get access to your bank account. To prevent a mis-issued certificate from intercepting traffic, the server can give a certificate to the client and say “only trust connections if Continue reading
Back in March of this year, I talked about how I started using markdownlint-cli to perform linting against the Markdown source files that are used by Hugo to generate this site. At the same time, I also started exploring the use of similar tools to check (or lint, if you will) my writing itself. In this post, I’ll share with you how I started using Vale to perform some checks against my writing.
More details on my use of markdownlint-cli are available here for reference. markdownlint-cli checks for the structure and formatting of Markdown files, but it doesn’t do any “higher level” checks regarding the writing itself. For that, I needed to add a second tool, and I opted to use Vale, an open source tool specifically aimed at “linting your prose.” Among other things, what I liked about Vale was that it offers integration with graphical editors like Visual Studio Code (what I use when I’m on macOS) and Sublime Text (what I use when I’m on Linux), but it also can be run directly from the command-line. And, if you are so inclined, there’s a GitHub Action for Vale, too. Nice!
The first step is Continue reading
Combining BGP confederations and AS override can potentially create a BGP routing loop, resulting in an indefinitely expanding AS path.
BGP confederation is a technique used to reduce the number of iBGP sessions and improve scalability in large autonomous systems (AS). It divides an AS into sub-ASes. Most eBGP rules apply between sub-ASes, except that next-hop, MED, and local preferences remain unchanged. The AS path length ignores contributions from confederation sub-ASes. BGP confederation is rarely used and BGP route reflection is typically preferred for scaling.
AS override is a feature that allows a router to replace the ASN of a
neighbor in the AS path of outgoing BGP routes with its own. It’s useful when
two distinct autonomous systems share the same ASN. However, it interferes with
BGP’s loop prevention mechanism and should be used cautiously. A safer
alternative is the allowas-in directive.1
In the example below, we have four routers in a single confederation, each in
its own sub-AS. R0 originates the 2001:db8::1/128 prefix. R1, R2, and
R3 forward this prefix to the next router in the loop.
The router configurations are available in a Continue reading
When you are International Business Machines and you do corporate IT deals in 185 countries around the world, political and economic uncertainty is always a problem. …
IBM Lays Its GenAI Foundation With Software And Services was written by Timothy Prickett Morgan at The Next Platform.
Welcome to Technology Short Take #180! It’s hard to believe that July is almost over, and that 2024 is flying past us. It’s probably time that you, my readers, took some time to slow down and read more technical blogs. To help with that, I just happen to have a little collection of links to share. Enjoy!
Recently at Networking Field Day, one of the presenters for cPacket had a wonderful line that stuck with me:
There’s no compression algorithm for experience.
Like, floored. Because it hits at the heart of a couple of different things that are going on in the IT industry right now that showcase why it feels like everything is on the verge of falling apart and what we can do to help that.
Let’s just get this out of the way: you are going to screw up. Anyone doing any job ever for any amount of time has made a mistake. I know I’ve made my fair share of them over the years. When I finished chastising myself I looked back at what happened, figured out what went wrong, and made sure that it didn’t happen that exact same way again. That’s experience.
Experience is key to understanding why we do things the way we do them or why we don’t do something a certain way. You know how you get experience? By doing it. It’s rare that someone can read a book or a blog post about some topic and instantly know everything there is to know about Continue reading
Eyvonne and Russ catch up with Greg Ferro one last time to talk about the permissionless Internet–a thing of the past–vendor lock in, and many other random topics on this episode of the Hedge. Greg–here’s to a grand time in the future. We’ll miss you.
Did you know you can use netlab to generate reports describing your lab topology, IP addressing, BGP details, or OSPF areas? The magic command (netlab report) was introduced in August 2023, followed by netlab show reports to display the available reports a few months later.
You can generate the reports in text, Markdown, or HTML format. The desired format is selected with the report name suffix. For example, the bgp-asn.md report will create Markdown text.
Let’s see how that works.
A scant three months ago, when Meta Platforms released the Llama 3 AI model in 8B and 70B versions, which correspond to the billions of parameters they can span, we asked the question we ask of every open source tool or platform since the dawn of Linux: Who’s going to profit from it and how are they going to do it? …
Meta Lets Its Largest Llama AI Model Loose Into The Open Field was written by Jeffrey Burt at The Next Platform.
As a Network Engineer, I often receive messages on LinkedIn and through my blog with people asking, “How do I start learning about Cloud?” After getting so many similar messages, I thought it would be more easier to write a dedicated blog post to address this. If you’re looking for a quick answer, I’ll tell you this, Learning about Cloud is easier than you might think, especially if you’re already familiar with networking concepts like BGP, Subnets and Routing.
Please note, this blog post isn’t intended to teach you everything about AWS but rather to point you in the right direction on how to begin learning. The best way to learn is by actively doing something in AWS and picking up more knowledge as you go.
SPONSORED POST: The rapid breakout of Artificial Intelligence is driving business opportunities across verticals – but there’s one sector for which AI presents some formidable challenges, and that’s the datacenter industry itself. …
AI Era Datacenters Need AI-Ready Ethernet Switching was written by Timothy Prickett Morgan at The Next Platform.
Visibility into dropped packets is essential for Artificial Intelligence/Machine Learning (AI/ML) workloads, where a single dropped packet can stall large scale computational tasks, idling millions of dollars worth of GPU/CPU resources, and delaying the completion of business critical workloads. Enabling real-time sFlow telemetry provides the observability into traffic flows and packet drops needed to effectively manage these networks.
The availability of the Arista EOS 4.31.4M maintenance release brings sFlow dropped packet monitoring (previously demonstrated using the 4.30.1F feature release - see SC23 Dropped packet visibility demonstration) to production networks, see EOS Life Cycle Policysflow sampling 50000 sflow polling-interval 20 sflow vrf mgmt destination 203.0.113.100 sflow vrf mgmt source-interface Management0 sflow runThe above Arista EOS commands enable sFlow counter polling and packet sampling on all ports, sending the sFlow telemetry to the sFlow analyzer at 203.0.113.100
flow tracking mirror-on-drop
sample limit 100 pps
!
tracker SFLOW
exporter SFLOW
format sflow
collector sflow
local interface Management0
no shutdown
The above commands add sFlow Dropped Packet Notification Structures to the sFlow telemetry feed using Broadcom Mirror on Drop (MoD) instrumentation. Broadcom implements mirror-on-drop in Jericho 2, Trident 3, and Tomahawk 3, Continue reading