Setting up a VPC Route Server with Pulumi
If you need to work with BGP in your AWS VPCs—so that BGP-learned routes can be injected into a VPC route table—then you will likely need a VPC Route Server. While you could set up a VPC Route Server manually, what’s the fun in that? In this post, I will walk you through a Pulumi program that will set up a VPC Route Server. Afterward, I will discuss some ways you could check the functionality of the VPC Route Server to show that it is indeed working as expected.
To make things as easy as possible, I have added a simple Pulumi program to my GitHub “learning-tools” repository in the aws/vpc-route-server directory. This program sets up a VPC Route Server and its associated components for you, and I will walk through this program in this blog post.
The first step is creating the VPC Route Server itself. The VPC Route Server has no prerequisities, and the primary configuration needed is setting the ASN (Autonomous System Number) the Route Server should use:
rs, err := vpc.NewRouteServer(ctx, "rs", &vpc.RouteServerArgs{
AmazonSideAsn: pulumi.Int(65534),
Tags: pulumi.StringMap{
"Name": Continue readingWorth Reading: A Tech Career in 2026
There’s no “networking in 20xx” video this year, so this insightful article by Anil Dash will have to do ;) He seems to be based in Silicon Valley, so keep in mind the Three IT Geographies, but one cannot beat advice like this:
So much opportunity, inspiration, creativity, and possibility lies in applying the skills and experience that you may have from technological disciplines in other realms and industries that are often far less advanced in their deployment of technologies.
As well as:
This too shall pass. One of the great gifts of working in technology is that it’s given so many of us the habit of constantly learning, of always being curious and paying attention to the new things worth discovering.
Hope you’ll find it helpful and at least a bit inspiring.
Microsoft Takes On Other Clouds With “Braga” Maia 200 AI Compute Engines
Microsoft is not just the world’s biggest consumer of OpenAI models, but also still the largest partner providing compute, networking, and storage to OpenAI as it builds its latest GPT models. …
Microsoft Takes On Other Clouds With “Braga” Maia 200 AI Compute Engines was written by Timothy Prickett Morgan at The Next Platform.
HW069: The Hamina Clip
Keith sits down with old friend Jussi Kiviniemi, CEO of Hamina, to unveil their new product: The Hamina Clip. Together they discuss this new wireless survey device, including its portable design, its price point, and its ability to help you perform surveys and create heat maps without a floor plan. They also compare it to... Read more »PP094: Understanding OAuth and Reducing Authorization Risks
OAuth is a widely used authorization (not authentication) protocol that lets a resource owner grant access to a resource using access tokens. These tokens define access attributes, including scope and length of time. OAuth can be used to grant access to human and non-human entities (for example, AI agents). OAuth is increasingly being abused by... Read more »HS123: What Can You Stop Worrying About in 2026?
Are there some things that can come off your strategic planning radar for IT and cybersecurity in 2026? If you ask AI, you’ll get some surprising answers. Johna and John take a critical look at this AI-generated list to see which ones may or may not be “solved enough” to fall off the strategic planning... Read more »
Ultra Ethernet: Network-Signaled Congestion Control (NSCC) – Overview
Network-Signaled Congestion Control (NSCC)
The Network-Signaled Congestion Control (NSCC) algorithm operates on the principle that the network fabric itself is the best source of truth regarding congestion. Rather than waiting for packet loss to occur, NSCC relies on proactive feedback from switches to adjust transmission rates in real time. The primary mechanism for this feedback is Explicit Congestion Notification (ECN) marking. When a switch interface's egress queue begins to build up, it employs a Random Early Detection (RED) logic to mark specific packets. Once the buffer’s Minimum Threshold is crossed, the switch begins randomly marking packets by setting the last two bits of the IP header’s Type of Service (ToS) field to the CE (11) state. If the congestion worsens and the Maximum Threshold is reached, every packet passing through that interface is marked, providing a clear and urgent signal to the endpoints.
The practical impact of this mechanism is best illustrated by a hash collision event, such as the one shown in Figure 6-10. In this scenario, multiple GPUs on the left-hand side of the fabric transmit data at line rate. Due to the specific entropy of these flows, the ECMP hashing algorithms on leaf switches 1A-1 and 1A-2 Continue reading
Building a serverless, post-quantum Matrix homeserver
* This post was updated at 11:45 a.m. Pacific time to clarify that the use case described here is a proof of concept and a personal project. Some sections have been updated for clarity.
Matrix is the gold standard for decentralized, end-to-end encrypted communication. It powers government messaging systems, open-source communities, and privacy-focused organizations worldwide.
For the individual developer, however, the appeal is often closer to home: bridging fragmented chat networks (like Discord and Slack) into a single inbox, or simply ensuring your conversation history lives on infrastructure you control. Functionally, Matrix operates as a decentralized, eventually consistent state machine. Instead of a central server pushing updates, homeservers exchange signed JSON events over HTTP, using a conflict resolution algorithm to merge these streams into a unified view of the room's history.
But there is a "tax" to running it. Traditionally, operating a Matrix homeserver has meant accepting a heavy operational burden. You have to provision virtual private servers (VPS), tune PostgreSQL for heavy write loads, manage Redis for caching, configure reverse proxies, and handle rotation for TLS certificates. It’s a stateful, heavy beast that demands to be fed time and money, whether you’re using it a lot Continue reading
Lab: VXLAN Bridging with EVPN Control Plane
In the previous VXLAN labs, we covered the basics of Ethernet bridging over VXLAN and a more complex scenario with multiple VLANs.
Now let’s add the EVPN control plane into the mix. The data plane (VLANs mapped into VXLAN-over-IPv4) will remain unchanged, but we’ll use EVPN (a BGP address family) to build the ingress replication lists and MAC-to-VTEP mappings.
IP Address to Organisation Name Map
The whois query tool is useful to identify which organisation holds an IP Address Prefix or an Autonomous System Number, but not so useful in performing the reverse query, listing all IP Addresses and Autonomous System Numbers held by an organisation. Here is a resource that can help with such queries.Nvidia’s $2 Billion Investment In CoreWeave Is A Drop In A $250 Billion Bucket
With the hyperscalers and the cloud builders all working on their own CPU and AI XPU designs, it is no wonder that Nvidia has been championing the neoclouds that can’t afford to try to be everything to everyone – this is the very definition of enterprise computing – and that, frankly, are having trouble coming up with the trillions of dollars to cover the 150 gigawatts to more than 200 gigawatts of datacenter capacity that is estimated to be on the books between 2025 and 2030 for AI workloads. …
Nvidia’s $2 Billion Investment In CoreWeave Is A Drop In A $250 Billion Bucket was written by Timothy Prickett Morgan at The Next Platform.
Tech Bytes: How AI Raises the Stakes for Data Protection (Sponsored)
Today on the podcast, data protection. There’s always been a tension between the need for companies to share data, whether among coworkers, partners, or customers; and the need to protect data, whether it’s for security, privacy, compliance, and so on. That tension existed before AI, but the rise of third-party and external AI tools has... Read more »NB559: Cisco Builds Nexus Switch for Intel AI Chips; TeraWave Promises 6Tbps from Space
Take a Network Break! We start with a Red Alert in Oracle’s WebLogic Server Proxy Plugin for Apache or IIS, which has a severity score of 10. In the news, Fortinet warns that attackers have found a new exploit path against previously-patched vulnerabilities, Microsoft 365 services suffered an outage, and ServiceNow inks a deal with... Read more »Nvidia Takes The Open Road In AI Weather Forecasting
Amid the myriad discussions about AI – from the astounding amount of money being spent by vendors and enterprises and the debate about actual ROI those businesses are getting to the technology’s effect on cybersecurity, jobs, and the fear of disinformation and resulting distrust – it’s easy to forget its usefulness in particular industries. …
Nvidia Takes The Open Road In AI Weather Forecasting was written by Jeffrey Burt at The Next Platform.
AI Is Coming To Solve Your System Outages
SPONSORED Your phone buzzes at 2 AM. The website is down. …
AI Is Coming To Solve Your System Outages was written by Timothy Prickett Morgan at The Next Platform.
The Heat is On
One of the things I like to do in my twenty-eight minutes of spare time per week is play Battletech. It’s a table top wargame that involves big robots and lots of weapons. Some of them are familiar, like missiles and artillery. Because it’s science fiction there are also lasers and other crazy stuff. It’s a game of resource allocation. Can my ammunition last through this fight? You might be asking yourself “why not just carry lots of lasers?” After all, they don’t need ammo. Except the game designers thought of that too. Lasers produce heat. And heat, like ammunition, must be managed. Generate too much and you will shut down. Or boil your pilot alive in the cockpit. Rewind a thousand years and the modern network in a data center is facing a similar issue.
Watt Are You Talking About?
The average AI rack is expected to consume 600 kilowatts of power by next year. GPUs and CPUs are hungry beasts. They need to be fed as much power as possible in order to do whatever math makes AI happen. They have to come up with creative ways to cool those devices as well. We’re quickly reaching the Continue reading
Cable cuts, storms, and DNS: a look at Internet disruptions in Q4 2025
In 2025, we observed over 180 Internet disruptions spurred by a variety of causes – some were brief and partial, while others were complete outages lasting for days. In the fourth quarter, we tracked only a single government-directed Internet shutdown, but multiple cable cuts wreaked havoc on connectivity in several countries. Power outages and extreme weather disrupted Internet services in multiple places, and the ongoing conflict in Ukraine impacted connectivity there as well. As always, a number of the disruptions we observed were due to technical problems – with some acknowledged by the relevant providers, while others had unknown causes. In addition, incidents at several hyperscaler cloud platforms and Cloudflare impacted the availability of websites and applications.
This post is intended as a summary overview of observed and confirmed disruptions and is not an exhaustive or complete list of issues that have occurred during the quarter. These anomalies are detected through significant deviations from expected traffic patterns observed across our network. Check out the Cloudflare Radar Outage Center for a full list of verified anomalies and confirmed outages.
The Internet was shut down in Tanzania on October 29 as violent protests took place during the country’s Continue reading
Deploy Partially-Configured Training Labs with netlab
Imagine you want to use netlab to build training labs, like the free BGP labs I created. Sometimes, you want to give students a device to work on while the other lab devices are already configured, just waiting for the students to get their job done.
My BGP labs were designed for self-study. You might also want to listen to how Sander Steffann uses netlab in classroom training.
For example, in the initial BGP lab, I didn’t want any BGP-related configuration on RTR while X1 would already be fully configured – when the student configures BGP on RTR, everything just works.