Lab as Code – Part1

I wrote a post a while back about how the world of labbing changed during my time in networking, this is a follow on to see what options I have in terms of ‘labbing as Code’. I want a way to declaratively deploy the initial lab setup (devices, links, addressing, remote access, etc) so that I can concentrate on the features I am actually trying to lab. My idea is to try and use existing tools rather than writing my own, the following repo has all the code and files I used as part of this blog.

Palo Alto Automated Scheduled Configuration Backup

Palo Alto Automated Scheduled Configuration Backup

I'm writing this in February 2025, and as far as I know, Palo Alto firewalls (not Panorama) don’t have a built-in mechanism for automatic configuration backups. Panorama, on the other hand, supports scheduled backups and allows you to send them to various locations like an SCP or FTP server. I’m not sure why this feature isn’t available on standalone firewalls, but in any case, let’s look at how you can use the API to periodically fetch the configuration from the Palo Alto firewall.

As always, if you find this post helpful, press the ‘clap’ button. It means a lot to me and helps me know you enjoy this type of content.

Trying to Automate Palo Alto Firewall Objects/Rules Cleanup
In this blog post, we will walk you through how to clean up Palo Alto Firewall Objects and Rules using a Python script. The script is designed to search for a
Palo Alto Automated Scheduled Configuration BackupPacketswitchSuresh Vina
Palo Alto Automated Scheduled Configuration Backup

Overview

The Palo Alto KB article explains how to use the XML API with cURL to fetch the configuration and then use a cron job to run it periodically. This method works, but I want to make some tweaks to ensure we have Continue reading

Calico at KubeCon + CloudNativeCon Europe 2025

Tigera is getting ready for KubeCon + CloudNativeCon Europe this year!

Join us for exciting demos, networking opportunities, meaningful community connections, and fun celebrations. We can’t wait to share what’s in store!

This blog post covers all the ways you can engage with us and dive deeper into your favorite tool, Calico, at KubeCon + CloudNativeCon Europe 2025.

CalicoCon 2025

CalicoCon 2025 is your go-to event for the latest in Kubernetes networking, security, and observability. Hosted by the Calico team, it offers an in-depth look at the state of Project Calico.

Attendees will have the chance to connect with Calico engineers and leadership, ask questions, and share their experiences.

Add CalicoCon to your existing KubeCon + CloudNativeCon registration ‌to secure your spot. If you are not attending KubeCon + CloudNativeCon Europe but would still like to attend CalicoCon, please reach out to us ‌on the Calico User Slack.


Event Details

Date: April 1, 2025
Time: 1:00pm – 4:30pm BST
Location: Good Hotel London

<Register Now>

Party with Calico Cool Cats

This is your chance to connect with fellow Kubernetes enthusiasts, Calico users, and the brilliant minds behind Project Calico in a relaxed setting.

Engage in insightful conversations, share your Kubernetes Continue reading

TNO018: The Network Engineer’s Evolution: Thinking Like a Product Owner (Sponsored)

What does it mean for a network engineer to develop a product mindset? And what does a product mindset have to do with network automation? Guest Peter Sprygada connects these concepts in today’s episode of Total Network Operations, sponsored by Itential. Peter says that as an organization advances its network automation capabilities, the impetus shifts... Read more »

Some TXT about, and A PTR to, new DNS insights on Cloudflare Radar

No joke – Cloudflare's 1.1.1.1 resolver was launched on April Fool's Day in 2018. Over the last seven years, this highly performant and privacy-conscious service has grown to handle an average of 1.9 Trillion queries per day from approximately 250 locations (countries/regions) around the world. Aggregated analysis of this traffic provides us with unique insight into Internet activity that goes beyond simple Web traffic trends, and we currently use analysis of 1.1.1.1 data to power Radar's Domains page, as well as the Radar Domain Rankings.

In December 2022, Cloudflare joined the AS112 Project, which helps the Internet deal with misdirected DNS queries. In March 2023, we launched an AS112 statistics page on Radar, providing insight into traffic trends and query types for this misdirected traffic. Extending the basic analysis presented on that page, and building on the analysis of resolver data used for the Domains page, today we are excited to launch a dedicated DNS page on Cloudflare Radar to provide increased visibility into aggregate traffic and usage trends seen across 1.1.1.1 resolver traffic. In addition to looking at global, location, and autonomous system (ASN) traffic trends, Continue reading

Notes from OARC44

The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together DNS service operators, DNS software implementors, and researchers together to share concerns, information and learn together about the operation and evolution of the DNS. They meet between two or three times a year in a workshops format. The most recent workshop was held in Atlanta, in February 2025. Here are my thoughts on some of the material that was presented and discussed at this workshop where too much DNS is barely enough!

Blackwell Is The Fastest Ramping Compute Engine In Nvidia’s History

With the months-long blip in manufacturing that delayed the “Blackwell” B100 and B200 generations of GPUs in the rear view mirror and nerves more calm about the potential threat that the techniques used in the AI models of Chinese startup DeepSeek better understood, Nvidia’s final quarter of its fiscal 2025 and its projections for continuing sequential growth in fiscal 2026 will bring joy to Wall Street.

Blackwell Is The Fastest Ramping Compute Engine In Nvidia’s History was written by Timothy Prickett Morgan at The Next Platform.

Rebuilding FRR with pim6d

Short post today.

Turns out that Debian, in its infinite wisdom, disables pim6d in frr. Here’s a short howto on how to build it fixed.

$ sudo apt build-dep frr
[…]
$ apt source frr
[…]
$ cd frr-8*
$ DEB_BUILD_PROFILES=pkg.frr.pim6d dpkg-buildpackage -us -uc -b
$ sudo dpkg -i ../frr_*.deb

Then you can enable pim6d in /etc/frr/daemons and restart frr.

Not that I managed to get IPv6 multicast routing to to work over wireguard interfaces anyway. Not sure what’s wrong. Though it didn’t fix it, here’s an interesting command that made stuff like ip -6 mroute look like it should work:

$ sudo smcroutectl  add LAN ff38:40:fd11:222:3333:44:0:1122 wg-foo

Broadcom Itching To Get PCI-Express 6.0 Into The Field

With a three year cadence between PCI-Express bandwidth increases and a three year span between when a gear shift is first talked about and when its chippery is first put into the field, it is extremely difficult to not be impatient for the next PCI-Express release to get into the field.

Broadcom Itching To Get PCI-Express 6.0 Into The Field was written by Timothy Prickett Morgan at The Next Platform.

Keep AI interactions secure and risk-free with Guardrails in AI Gateway

The transition of AI from experimental to production is not without its challenges. Developers face the challenge of balancing rapid innovation with the need to protect users and meet strict regulatory requirements. To address this, we are introducing Guardrails in AI Gateway, designed to help you deploy AI safely and confidently. 

Why safety matters

LLMs are inherently non-deterministic, meaning outputs can be unpredictable. Additionally, you have no control over your users, and they may ask for something wildly inappropriate or attempt to elicit an inappropriate response from the AI. Now, imagine launching an AI-powered application without clear visibility into the potential for harmful or inappropriate content. Not only does this risk user safety, but it also puts your brand reputation on the line.

To address the unique security risks specific to AI applications, the OWASP Top 10 for Large Language Model (LLM) Applications was created. This is an industry-driven standard that identifies the most critical security vulnerabilities specifically affecting LLM-based and generative AI applications. It’s designed to educate developers, security professionals, and organizations on the unique risks of deploying and managing these systems.

The stakes are even higher with new regulations being introduced:

Hell Freezes Over: Cisco And Nvidia Cross-Pollenate AI Networking

UPDATED  Networking giant Cisco Systems and AI platform provider Nvidia have hammered out a deal to mix and match each other’s technologies to create a broader set of AI networking options for their respective and – importantly, prospective – customers.

Hell Freezes Over: Cisco And Nvidia Cross-Pollenate AI Networking was written by Timothy Prickett Morgan at The Next Platform.

1 26 27 28 29 30 3,793