Has Ansible Team Abandoned Network Automation?

A month ago, I described how Ansible release 12 broke the network device configuration modules, the little engines (that could) that brought us from the dark days of copy-and-paste into the more-survivable land of configuration templates.

Three releases later (they just released 13.1), the same bug is still there (at least it was on a fresh Python virtual environment install I made on a Ubuntu 24.04 server on December 13th, 2025), making all device_config modules unusable (without changing your Ansible playbooks) for configuration templating. Even worse:

Read more …

Where are you? A look at GeoIP

The activity of locating devices and users, termed "Geolocation" was the topic of a workshop, hosted by the Internet Architecture Board in early December 2025, and here I'd like to relate my impressions of the discussions that took place in this workshop.

UET Request–Response Packet Flow Overview

 This section brings together the processes described earlier and explains the packet flow from the node perspective. A detailed network-level packet walk is presented in the following sections..

Initiator – SES Request Packet Transmission

After the Work Request Entity (WRE) and the corresponding SES and PDS headers are constructed, they are submitted to the NIC as a Work Element (WE). As part of this process, a Packet Delivery Context (PDC) is created, and the base Packet Sequence Number (PSN) is selected and encoded into the PDS header.

Once the PDC is established, it begins tracking acknowledged PSNs from the target. For example, the PSN 0x12000 is marked as transmitted. 

The NIC then fetches the payload data from local memory according to the address and length information in the WRE. The NIC autonomously performs these steps without CPU intervention, illustrating the hardware offload capabilities of UET.

Next, the NIC encapsulates the data with the required protocol headers: Ethernet, IP, optional UDP, PDS, and SES, and computes the Cyclic Redundancy Check (CRC). The fully formed packet is then transmitted toward the target with Traffic Class (TC) set to Low.

Note: The Traffic Class is orthogonal to the PDC; a single PDC Continue reading

The 2025 Cloudflare Radar Year in Review: The rise of AI, post-quantum, and record-breaking DDoS attacks

The 2025 Cloudflare Radar Year in Review is here: our sixth annual review of the Internet trends and patterns we observed throughout the year, based on Cloudflare’s expansive network view.

Our view is unique, due to Cloudflare’s global network, which has a presence in 330 cities in over 125 countries/regions, handling over 81 million HTTP requests per second on average, with more than 129 million HTTP requests per second at peak on behalf of millions of customer Web properties, in addition to responding to approximately 67 million (authoritative + resolver) DNS queries per second. Cloudflare Radar uses the data generated by these Web and DNS services, combined with other complementary data sets, to provide near-real time insights into traffic, bots, security, connectivity, and DNS patterns and trends that we observe across the Internet. 

Our Radar Year in Review takes that observability and, instead of a real-time view, offers a look back at 2025: incorporating interactive charts, graphs, and maps that allow you to explore and compare selected trends and measurements year-over-year and across geographies, as well as share and embed Year in Review graphs. 

The 2025 Year In Review is organized Continue reading

ChatGPT’s rivals, Kwai’s quiet rise: the top Internet services of 2025

In 2025, the Internet is more central to our lives than ever, and we rely on an array of online services to get things done, connect with others, and enjoy ourselves. Cloudflare’s Top Internet Services of 2025 report explores how the connected world interacted this year, based on Cloudflare’s observations and analysis of DNS trends. 

This report is part of the 2025 Cloudflare Radar Year in Review, focused on shifts in popularity of Internet services. We hope you find the results are a compelling view of trends in nine major categories — who’s moving up, who’s sliding down, and who continues to hold our attention.

These rankings show relative popularity within each category, based on anonymized DNS query data from Cloudflare’s 1.1.1.1 DNS resolver and a machine-learning-assisted ranking method introduced in 2022. A lower rank does not imply lower traffic, only that other services may have grown faster.

Categories

  • Generative AI

  • Social Media

  • E-commerce

  • Video Streaming

  • News

  • Messaging

  • Metaverse & Gaming

  • Financial Services

  • Cryptocurrency Services

Key trends and takeaways

From the dominance of social media and streaming to the rapid growth of AI chatbots, the data Continue reading

Underscores (in Hostnames) Strike Again

I don’t know why I decided to allow underscores in netlab node names. Maybe it’s a leftover from the ancient days when some network devices refused to accept hyphens in hostnames, or perhaps it’s a programmer’s subconscious hatred of hyphens in identifiers (no programming language I’m aware of allows them for a very good reason).

Regardless, you can use underscores in netlab node names (and plugins like multilab use them to create unique hostnames), and they work great on Linux distributions we recommend… until they don’t.

What follows is a story about the weird dependencies that might bite you if you ignore ancient RFCs.

Read more …

Otak Anda, Atlet Tersembunyi: Mengungkap Rahasia Neuro-Olahraga yang Jarang Dibahas

Ketika kita membicarakan olahraga, fokus kita seringkali tertuju pada otot yang kuat, teknik yang sempurna, atau strategi brilian di lapangan. Kita memuja atlet karena fisik mereka yang menakjubkan. Tapi, pernahkah terbersit di benak Anda, apa sebenarnya yang membedakan seorang atlet elit dengan mereka yang hanya “baik”? Jawabannya mungkin bukan terletak di otot mereka, melainkan di dalam organ yang paling kompleks di tubuh: otak.

Selamat datang di dunia Neuro-Olahraga, sebuah bidang yang masih tergolong baru namun revolusioner. Ini adalah ilmu yang mempelajari koneksi langsung antara sistem saraf, fungsi kognitif, dan performa fisik. Artikel ini akan mengajak Anda melampaui pembahasan “fokus” atau “konsentrasi” yang klise, dan menyelami mekanisme otak yang sesungguhnya bekerja di balik setiap gerakan presisi, setiap keputusan sepersekian detik, dan setiap momen “keajaiban” dalam olahraga.

Apa Itu Neuro-Olahraga? Lebih dari Sekadar Mental Blocking

Neuro-olahraga bukanlah psikologi Continue reading

Lab: Multilevel IS-IS Deployments

Like OSPF, IS-IS was designed when router memory was measured in megabytes and clock speeds in megahertz. Not surprisingly, it includes a scalability mechanism similar to OSPF areas. An IS-IS router could be a level-1 router (having in-area prefixes and a default route), a level-2 router (knowing just inter-area prefixes), or a level-1-2 router (equivalent to OSPF ABR).

Even though multilevel IS-IS is rarely used today, it always makes sense to understand how things work, and the Multilevel IS-IS Deployments lab exercise created by Dan Partelly gives you a perfect starting point.

Click here to start the lab in your browser using GitHub Codespaces (or set up your own lab infrastructure). After starting the lab environment, change the directory to advanced/1-multilevel and execute netlab up.

An In-Depth Look at Istio Ambient Mode with Calico

The Next Step Toward a Unified Kubernetes Platform: Istio Ambient Mode

Organizations are struggling with rising operational complexity, fragmented tools, and inconsistent security enforcement as Kubernetes becomes the foundation for modern application platforms. As a result of this complexity and fragmentation, platform teams are increasingly burdened by the need to stitch together separate solutions for networking, network security, and observability. This fragmentation also creates higher operating costs, security gaps, inefficient troubleshooting, and an elevated risk of outages in mission-critical environments. The challenge is even greater for companies running multiple Kubernetes distributions, as relying on each platform’s unique and often incompatible networking stack can lead to significant vendor lock-in and operational overhead.

The Tigera Unified Strategy: Addressing Fragmentation

Tigera’s unified platform strategy is designed to address these challenges by providing a single solution that brings together all the essential Kubernetes networking and security capabilities enterprises need, that includes Istio Ambient Mode, delivered consistently across every Kubernetes distribution.

Istio Ambient Mode brings sidecarless service-mesh functionality that includes authentication, authorization, encryption, L4/L7 traffic controls, and deep application-level (L7) observability directly into the unified Calico platform. By including Istio Ambient Mode with Calico and making it easy to install and manage with the Tigera Continue reading

React2Shell and related RSC vulnerabilities threat brief: early exploitation activity and threat actor techniques

On December 3, 2025, immediately following the public disclosure of the critical, maximum-severity React2Shell vulnerability (CVE-2025-55182), the Cloudforce One Threat Intelligence team began monitoring for early signs of exploitation. Within hours, we observed scanning and active exploitation attempts, including traffic originating from infrastructure associated with Asian-nexus threat groups.

Early activity indicates that threat actors quickly integrated this vulnerability into their scanning and reconnaissance routines. We observed systematic probing of exposed systems, testing for the flaw at scale, and incorporating it into broader sweeps of Internet‑facing assets. The identified behavior reveals the actors relied on a combination of tools, such as standard vulnerability scanners and publicly accessible Internet asset discovery platforms, to find potentially vulnerable React Server Components (RSC) deployments exposed to the Internet.

Patterns in observed threat activity also suggest that the actors focused on identifying specific application metadata — such as icon hashes, SSL certificate details, or geographic region identifiers — to refine their candidate target lists before attempting exploitation. 

In addition to React2Shell, two additional vulnerabilities affecting specific RSC implementations were disclosed: CVE-2025-55183 and CVE-2025-55184. Both vulnerabilities, while distinct from React2Shell, also relate to RSC payload handling and Server Function semantics, and are described in more detail Continue reading

IETF v6ops Working Group with Nick Buraglio

The first IPv6 specs were published in 1995, and yet 30 years later, we still have a pretty active IETF working group focused on “developing guidelines for the deployment and operation of new and existing IPv6 networks.” (taken from the old charter; they updated it in late October 2025). Why is it taking so long, and what problems are they trying to solve?

Nick Buraglio, one of the working group chairs, provided some answers in Episode 203 of the Software Gone Wild podcast.

Listen to the podcast

Driving HPC Performance Up Is Easier Than Keeping The Spending Constant

We are still mulling over all of the new HPC-AI supercomputer systems that were announced in recent months before and during the SC25 supercomputing conference in St Louis, particularly how the slew of new machines announced by the HPC national labs will be advancing not just the state of the art, but also pushing down the cost of the FP64 floating point operations that still drives a lot of HPC simulation and modeling work.

Driving HPC Performance Up Is Easier Than Keeping The Spending Constant was written by Timothy Prickett Morgan at The Next Platform.

TCG065: AutoCon 4 Recap, AI Tools, MCP’s First Birthday, and More

In this year-end episode, William and Eyvonne recap their experiences at AutoCon 4 in Austin, Texas. They discuss the conference’s new multi-track format, including Eyvonne’s presentation in the leadership track on why technical projects fail. The conversation dives into how AI tools like Google Gemini can augment – not replace – human creativity, from research... Read more »
1 2 3 4 3,833