A few weeks ago, we added OSPF areas functionality to netlab. In the next release1, you’ll be able to configure stub areas, NSSA areas, inter-area route summarization and filtering (OSPF ranges), and summarization of NSSA type-7 prefixes for OSPFv2 and OSPFv3.
OSPFv2 (defined in RFC 2328) is 27 years old, and NSSA functionality (RFC 3101) was last touched 22 years ago. One would hope the implementations in network devices are mature and feature-complete. Yeah, keep dreaming 🤦‍♂️.
If you are not using a GenAI tool, like ChatGPT, you know someone that does.
And you've definitely read hundreds of LinkedIn posts that were entirely written by GenAI.
Did you notice that your colleague who used to write a short update like:
'Met with team for the quarterly review & cupcakes! #yum #teamwork #rockstars #cake'
Suddenly, they seemed to become much more ebullient and flowery in their words, emotional range, and emoji use?
And now, without fail, every post must have a final motivational message to stir the heart (and the Like button).
👩⚖️ Exhibit A:
Yes, that post was written without any input from me, no prompting of what the post should contain other than:
Write a LinkedIn post about a meeting
That's it. That's the prompt!
And you don't even need to go that far!
Why waste your words and typing fingers, just go for it super-brief with:
LinkedIn post for today
And...here it is:
With those few words I've got a pretty inspiring response.
It's got the earnest, open tone.
The bland relatable work-bound troubles: 'blockers' everyone!
This is the third blog post in the AWS Networking series. If you have been following along, you can continue with the lab we have built so far. For anyone who has just landed on this page, you can still follow along as long as you are already familiar with the basics of AWS networking. If you are completely new, however, I highly recommend checking out the introductory posts linked below to get up to speed.
In this blog post, we will look at AWS Security Groups, Network ACL (NACL) and Elastic Network Interfaces (ENI).
There is not one Ethernet business, but several, and now, with the evolution of Ethernet switches for back-end AI cluster networks, there is a new one that has the possibility to dominate revenues and profits. …
When working with AWS networking, you will often hear the terms 'public subnet' and 'private subnet'. However, if you go into the AWS console to create a subnet, you won't find any option to explicitly make it one or the other. So, what exactly makes a subnet public or private?
In this blog post, we will look at the differences between public and private subnets, see how they are defined by their routing, and understand how the AWS NAT Gateway fits into this architecture.
If you are completely new to AWS networking and want to learn the basics of setting up a VPC, feel free to check out my previous post linked below.
The key difference between a 'public' and a 'private' subnet is simply its route to the Internet. It is not an inherent setting of the subnet itself, but a behaviour defined by the route table associated Continue reading
As much as we’d love everything in our networks to be dynamic, auto-configured, or software-defined, reality often intervenes and forces us to use static routes, so we needed a mechanism to specify them in netlab lab topologies.
A static route has two components: the destination prefix and the next hop – the device that we hope knows how to reach that destination. The next hop is usually specified as an IPv4 or IPv6 address, but may also include outgoing interface information1.
I started by calibrating my ICOM IC-9700. I made sure it got a GPS
lock, and connected it to the 9700 10MHz reference port, with a 20dB attenuator
inline, just in case. Ok, the receive frequency moved a bit, but how do I know
it was improved? My D75 was still about 200Hz off frequency.
Segal’s law parahrased: “Someone with one radio
knows what frequency they’re on. Someone with two radios is never sure”.
Unless, of course, that person has two radios with disciplined oscillators.
Which I do. I also have a USRP B200 with an added GPSDO
accessory.
Sidenote: wow, that’s gotten expensive. Today I’d probably use the same GPSDO
from DXPatrol instead. Note that if you do have the GPSDO installed in the
B200, then you cannot use an external 10MHz reference. It’s a known
issue. Then again if you paid this much, why would you not use it?
Configuring GNU Radio to use the GPSDO
First I thought that surely the best reference would be the default, so I
should be able to just send Continue reading
I’ve kept working on my SDR framework in Rust called
RustRadio, that I’ve blogged about
twicebefore. I’ve been adding a little bit here, a little
bit there, with one of my goals being to control a whole AX.25 stack.
Applications, client and server — I’ve made those.
AX.25 connected mode stack (OSI layer 4, basically) — The kernel’s sucks,
so I made that too.
A modem (OSI layer 2), turning digital packets into analog radio — The topic
of this post.
The job of the modem
Applications talk in terms of streams. AX.25 implementation turns that into
individual data frames. The most common protocol for sending and receiving
frames is KISS.
I’ve not been happy with the existing KISS modems for a few reasons. The main
one is that they just convert between packets and audio. I don’t want audio,
I want I/Q signals suitable for SDRs.
On the transmit side it’s less of a problem for regular 1200bps AX.25, since
either the radio will turn audio into a FM-modulated signal, or if using an SDR
it’s trivial to add the audio-to-I/Q step.
Despite the promises of HTTP/2, the web still struggles with latency, jitter and real-world network volatility. Enter HTTP/3 — not just an upgrade, but a ground-up redesign over User Datagram Protocol (UDP). Based on thousands of real-user simulations and extensive
Service provider networks face a couple of difficult challenges: how to map service level agreements to actual network health and performance, and how to deliver service assurance to customers regardless of what happens on the network. On today’s sponsored Heavy Networking we talk with Cisco Systems about its approach to service assurance, how Cisco is... Read more »
At AutoCon 3 in Prague, Scott Robohn sat down with Ernest Lefner from sponsor Gluware to talk about lessons learned throughout his career: from his early days of pulling cable to becoming Chief Product Officer at Gluware and helping to found ONUG. Ernest talks about being a continuous technology learner, and also about the need... Read more »
Sitting in an office at QuEra Computing’s Boston headquarters, Yuval Boger was talking about the recent advancements made in quantum computing that are driving the chorus around an accelerated the timeframe the launch of a usable and reliable system. …
In this blog post, we'll see how to configure bulk Address-Objects at once and then add them to an Address-Group using the pan-os-python Library. If you haven't used the pan-os-python library before, have a look at my other blog post to learn more.
add() - This method is used to add an object as a child of another object. In our scenario, it's for adding an Address Object to the firewall or panorama object.
extend() - This method allows you to add a list of objects as children. In our context, it means adding a 'list' of Address objects to the firewall or panorama object.
create() - Once you've defined an object in the script, the create() method is used to push this object to the live device, making the configuration active.
create_similar() - This method pushes objects of the same type to the live Continue reading
People consistently overestimate their ability to predict whether a new product or feature will be a success. Instead of blithely going forward with a project that takes up lots of resources and yields minimal results, today’s guest says we should get our ideas into contact with external reality as quickly as possible, and maybe do... Read more »
If you need to route in your network, you can program static routes into all your routing-capable devices. And this can work. But at some point, you’re probably going to want to switch to a dynamic routing protocol. On today’s N Is For Networking, Ethan and Holly discuss the differences between static and dynamic routes,... Read more »
NIST has released another Special Publication in this series, SP 1800-35, titled "Implementing a Zero Trust Architecture (ZTA)" which aims to provide practical steps and best practices for deploying ZTA across various environments. NIST’s publications about ZTA have been extremely influential across the industry, but are often lengthy and highly detailed, so this blog provides a short and easier-to-read summary of NIST’s latest guidance on ZTA.
And so, in this blog post:
We summarize the key items you need to know about this new NIST publication, which presents a reference architecture for Zero Trust Architecture (ZTA) along with a series of “Builds” that demonstrate how different products from various vendors can be combined to construct a ZTA that complies with the reference architecture.
We show how Cloudflare’s Zero Trust product suite can be integrated with offerings from other vendors Continue reading
In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps). This comes shortly after the publication of our DDoS threat report for 2025 Q1 on April 27, 2025, where we highlighted attacks reaching 6.5 Tbps and 4.8 billion packets per second (pps). The 7.3 Tbps attack is 12% larger than our previous record and 1 Tbps greater than a recent attack reported by cyber security reporter Brian Krebs at KrebsOnSecurity.
New world record: 7.3 Tbps DDoS attack autonomously blocked by Cloudflare
The attack targeted a Cloudflare customer, a hosting provider, that uses Magic Transit to defend their IP network. Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks, as we reported in our latest DDoS threat report. Pictured below is an attack campaign from January and February 2025 that blasted over 13.5 million DDoS attacks against Cloudflare’s infrastructure and hosting providers protected by Cloudflare.
DDoS attack campaign target Cloudflare infrastructure and hosting providers protected by Cloudflare
Let's start with some stats, and then we’ll dive into how our systems detected and mitigated this attack.
A Network Artist left an interesting remark on one of my blog posts:
It’s kind of confusing sometimes to see the digital twin (being a really good idea) never really take off.
His remark prompted me to resurface a two-year-old draft listing a bunch of minor annoyances that make Networking Digital Twins more of a PowerPoint project than a reality.