Arm Says Neoverse Is A More Universal Compute Substrate Than X86
Back at the end of July, we had a discussion with CPU maker AMD and the topic of conversation was hybrid cloud. …
Arm Says Neoverse Is A More Universal Compute Substrate Than X86 was written by Timothy Prickett Morgan at The Next Platform.
EVPN Designs: Multi-Pod Fabrics
In the EVPN Designs: Layer-3 Inter-AS Option A, I described the simplest multi-site design in which the WAN edge routers exchange IP routes in individual VRFs, resulting in two isolated layer-2 fabrics connected with a layer-3 link.
Today, let’s explore a design that will excite the True Believers in end-to-end layer-2 networks: two EVPN fabrics connected with an EBGP session to form a unified, larger EVPN fabric. We’ll use the same “physical” topology as the previous example; the only modification is that the WA-WB link is now part of the underlay IP network.
Get Your Money For Nothing, Chips Definitely Not For Free
What’s the difference between Meta Platforms and OpenAI? The big one – and perhaps the most important one in the long run – is that when Meta Platforms does a deal with neocloud CoreWeave, it actually has a revenue stream from its advertising on various Web properties that it can pump back into AI investments while OpenAI is still burning money much faster than it is making it. …
Get Your Money For Nothing, Chips Definitely Not For Free was written by Timothy Prickett Morgan at The Next Platform.
Managing AI Datacenter Networks With – You Guessed It – AI
At some point, when the cloud bills get very high and the AI usage starts going up and up, the enterprise is going to want to stop paying a cloud and get their own iron and co-locate it in a rentable datacenter. …
Managing AI Datacenter Networks With – You Guessed It – AI was written by Timothy Prickett Morgan at The Next Platform.
PP080: The State of OT Risks in 2025 (and What to Do About Them)
What does the risk environment for Operational Technology (OT) look like in 2025? JJ and Drew review four recent reports on the state of OT security from Dragos, Fortinet, and others. We discuss ransomware impacts, ongoing risks of RDP traffic, directly exposed OT devices, and overall attack trends and the tools and processes that organizations... Read more »Payload on Workers: a full-fledged CMS, running entirely on Cloudflare’s stack
Tucked behind the administrator login screen of countless websites is one of the Internet’s unsung heroes: the Content Management System (CMS). This seemingly basic piece of software is used to draft and publish blog posts, organize media assets, manage user profiles, and perform countless other tasks across a dizzying array of use cases. One standout in this category is a vibrant open-source project called Payload, which has over 35,000 stars on GitHub and has generated so much community excitement that it was recently acquired by Figma.
Today we’re excited to showcase a new template from the Payload team, which makes it possible to deploy a full-fledged CMS to Cloudflare’s platform in a single click: just click the Deploy to Cloudflare button to generate a fully-configured Payload instance, complete with bindings to Cloudflare D1 and R2. Below we’ll dig into the technical work that enables this, some of the opportunities it unlocks, and how we’re using Payload to help power Cloudflare TV. But first, a look at why hosting a CMS on Workers is such a game changer.
Behind the scenes: Cloudflare TV’s Payload instance
Most CMSs are designed to be hosted on a conventional server that runs Continue reading
HS113: Bad Tech Romance: Five Signs You’re In an Abusive IT Relationship
Sure, some days you hate your job. But how do you know when an IT position has gone from being run-of-the-mill annoying to truly toxic? And what do you do about it? Johna Johnson and John Burke are joined by Sandy Miller, a pseudonym for a CIO at a major global company who talks about... Read more »
Ultra Ethernet: Completion Queue
Completion Queue Creation (fi_cq_open)
Phase 1: Application – Request & Definition
The purpose of this phase is to define the queue where operation completions will be reported. Completion queues are used to report the completion of operations submitted to endpoints, such as data transfers, RMA accesses, or remote write requests. By preparing a struct fi_cq_attr, the application describes exactly what it needs, so the provider can allocate a CQ that meets its requirements.
Example API Call:
struct fi_cq_attr cq_attr = {
.size = 2048,
.format = FI_CQ_FORMAT_DATA,
.wait_obj = FI_WAIT_FD,
.flags = FI_WRITE | FI_REMOTE_WRITE | FI_RMA,
.data_size = 64
};
struct fid_cq *cq;
int ret = fi_cq_open(domain, &cq_attr, &cq, NULL);
Explanation of fields:
.size = 2048: The CQ can hold up to 2048 completions. This determines how many completed operations can be buffered before the application consumes them.
.format = FI_CQ_FORMAT_DATA: This setting determines the level of detail included in each completion entry. With FI_CQ_FORMAT_DATA, the CQ entries contain information about the operation, such as the buffer pointer, the length of data, and optional completion data. If the application uses tagged messaging, choosing FI_CQ_FORMAT_TAGGED expands the entries to Continue reading
Nationwide Internet shutdown in Afghanistan extends localized disruptions
Just after 11:30 UTC (16:00 local time) on Monday, September 29, 2025, subscribers of wired Internet providers in Afghanistan experienced a brief service interruption, lasting until just before 12:00 UTC (16:30 local time). Cloudflare traffic data for AS38472 (Afghan Wireless) and AS131284 (Etisalat) shows that traffic from these mobile providers remained available during that period.
However, just after 12:30 UTC (17:00 local time), the Internet was completely shut down, with Afghani news outlet TOLOnews initially reporting in a post on X that “Sources have confirmed to TOLOnews that today (Monday), afternoon, fiber-optic Internet will be shut down across the country.” This shutdown is likely an extension of the regional shutdowns of fiber optic connections that took place earlier in September, and it will reportedly remain in force “until further notice”. (The earlier regional shutdowns are discussed in more detail below.)
While Monday’s first shutdown was only partial, with mobile connectivity apparently remaining available, the graphs below show that the second event took the country completely offline, with web and DNS traffic dropping to zero at a national level, as seen in the graphs below.
While the shutdown will impact subscribers to fixed and mobile Internet Continue reading
Ultra Ethernet: Event Queue
Event Queue Creation (fi_eq_open)
Phase 1: Application – Request & Definition
The purpose of this phase is to specify the type, size, and capabilities of the Event Queue (EQ) your application needs. Event queues are used to report events associated with control operations. They can be linked to memory registration, address vectors, connection management, and fabric- or domain-level events. Reported events are either associated with a requested operation or affiliated with a call that registers for specific types of events, such as listening for connection requests. By preparing a struct fi_eq_attr, the application describes exactly what it needs so the provider can allocate the EQ properly.
In addition to basic properties like .size (number of events the queue can hold) and .wait_obj (how the application waits for events), the .flags field can request specific EQ capabilities. Common flags include:
- FI_WRITE: Requests support for user-inserted events via fi_eq_write(). If this flag is set, the provider must allow the application to invoke fi_eq_write().
- FI_REMOTE_WRITE: Requests support for remote write completions being reported to this EQ.
- FI_RMA: Requests support for Remote Memory Access events (e.g., RMA completions) to be delivered to this EQ.
Flags are encoded as a bitmask, so multiple Continue reading
Changing the Layout of netlab Topology Graphs
After I published the updated netlab topology graphs article, Samuel K. Lam quickly made a comment along the lines of now we know how the graph representing the following topology was made, adding a nice ASCII art that illustrated the point I was trying to make much better than my graphs:
ASCII art representing the BGP leak lab
Let’s see how close we can get to that ideal topology diagram with GraphViz and D2 graphs.
Geolocation and Starlink
"Where are you?" is not an easy question to answer on the Internet. The Internet did not adopt a geographic address plan which means that you are going to need a lot of additional information if you want to map an IP address into a location at the level of a country or a city. But what can you do about a satellite service that Provides Internet access for ships at sea aircraft flying international routes?NB545: CISA Orders Immediate Patch of Cisco Vulnerabilities; Firewall Upgrade Blocks Emergency Calls
There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »15 years of helping build a better Internet: a look back at Birthday Week 2025
Cloudflare launched fifteen years ago with a mission to help build a better Internet. Over that time the Internet has changed and so has what it needs from teams like ours. In this year’s Founder’s Letter, Matthew and Michelle discussed the role we have played in the evolution of the Internet, from helping encryption grow from 10% to 95% of Internet traffic to more recent challenges like how people consume content.
We spend Birthday Week every year releasing the products and capabilities we believe the Internet needs at this moment and around the corner. Previous Birthday Weeks saw the launch of IPv6 gateway in 2011, Universal SSL in 2014, Cloudflare Workers and unmetered DDoS protection in 2017, Cloudflare Radar in 2020, R2 Object Storage with zero egress fees in 2021, post-quantum upgrades for Cloudflare Tunnel in 2022, Workers AI and Encrypted Client Hello in 2023. And those are just a sample of the launches.
This year’s themes focused on helping prepare the Internet for a new model of monetization that encourages great content to be published, fostering more opportunities to build community both inside and outside of Cloudflare, and evergreen missions like making more features available to Continue reading
MythWorx Mashes Up Neuromorphic And GenAI To Take On Model Giants
There is constant chatter surrounding the promise of generative AI, agentic AI, and – eventually – artificial general intelligence, but the need for the massive, expensive, high-density compute and the datacenters to wrap around them and the juice to feed them are incredible, particularly with models OpenAI GPT-4, Alibaba’s Qwen-3, Moonshot AI’s Kimi K2, xAI’s Grok4, and Amazon’s Olympus all cresting the trillion-parameter mark and aiming higher. …
MythWorx Mashes Up Neuromorphic And GenAI To Take On Model Giants was written by Jeffrey Burt at The Next Platform.
Android Phones Might Ask for /64 Delegated Prefix
I’m too old to be fighting with windmills, but sometimes I have to get a rant off my chest. This one was triggered by the latest episode of the hilarious1 “DHCPv6 on Android” soap opera
In a 720-degree turnaround, Android 11 supports DHCPv6, but only for prefix delegation purposes. Yes, you got it right, in a year or two, every phone might want to have a dedicated /64 prefix assigned to it on WiFi segments2.
Want more details? Well, there’s a high-level overview published on the Android Developers blog and a corresponding message sent to the v6ops mailing list. Let’s see how much sense that makes.
Ultra Ethernet: Domain Creation Process in Libfabric
Creating a domain object is the step where the application establishes a logical context for a NIC within a fabric, enabling endpoints, completion queues, and memory regions to be created and managed consistently.
Phase 1: Application (Discovery & choice — selecting a domain snapshot)
During discovery, the provider had populated one or more fi_info entries — each entry was a snapshot describing one possible NIC/port/transport combination. Each fi_info contained nested attribute structures for fabric, domain, and endpoint: fi_fabric_attr, fi_domain_attr, and fi_ep_attr. The fi_domain_attr substructure captured the domain-level template the provider had reported during discovery (memory registration modes, MR key sizes, counts and limits, capability and mode bitmasks, CQ/CTX limits, authentication key sizes, etc.).
When the application had decided which NIC/port it wanted to use, it selected a single fi_info entry whose fi_domain_attr matched its needs. That chosen fi_info became the authoritative configuration for domain creation, containing both the application’s requested settings and the provider-reported capabilities. At this phase, the application moved forward from fabric initialization to domain creation.
To create the domain, the application called the fi_domain function:
API Call → Create Domain object
Within Fabric ID: 0xF1DFA01
Using fi_info structure: 0xCAFE43E
HN798: Fortinet Offers a SOC Every Org Can Grow Into (Sponsored)
On today’s Heavy Networking: the Security Operations Center, or SOC. When I think of a SOC, I picture a miniature version of NASA’s mission control: lots of computers, lots of people, some big boards with lines and arrows and telemetry scrolling across the screens. I also think of SOCs as requiring a lot of gear,... Read more »Best of the Hedge: Episode 4
Multicloud is all the rage — but is this always an intentional state of affairs, or do companies just “fall into” multicloud? Security in multicloud and certifications round out this episode of the Hedge, where we are joined by Joe Cozzupoli. You can get in touch with Joe through twitter at @jcozzupo24150.
download