D2DO278: The Future of HashiCorp Inside IBM
On today’s show, we talk to Armon Dadgar, co-founder and CTO of HashiCorp regarding HashiCorp’s future within IBM. We start with a quick recap of IBM’s acquisition of HashiCorp and then move on to the challenges of bringing a small, young tech company into a huge corporation that makes lots of its revenue on legacy... Read more »Top 5 Kubernetes Network Issues You Can Catch Early with Calico Whisker
Kubernetes networking is deceptively simple on the surface, until it breaks, silently leaks data, or opens the door to a full-cluster compromise. As modern workloads become more distributed and ephemeral, traditional logging and metrics just can’t keep up with the complexity of cloud-native traffic flows.
That’s where Calico Whisker comes in. Whisker is a lightweight Kubernetes-native observability tool created by Tigera. It offers deep insights into real-time traffic flow patterns, without requiring you to deploy heavyweight service meshes or packet sniffer. And here’s something you won’t get anywhere else: Whisker is data plane-agnostic. Whether you run Calico eBPF data plane, nftables, or iptables, you’ll get the same high-fidelity flow logs with consistent fields, format, and visibility. You don’t have to change your data plane, Whisker fits right in and shows you the truth, everywhere.
Let’s walk through 5 network issues Whisker helps you catch early, before they turn into outages or security incidents.
1. Policy Misconfigurations
Traditional observability tools often show whether a packet was forwarded, accepted or dropped, but not why. They lack visibility into which Kubernetes network policy was responsible or if one was even applied.
With Whisker, each network flow is paired with:
- The enforced policy name Continue reading
Skimpy HBM Memory Opens Up The Way For AI Inference Memory Godbox
Generative AI is arguably the most complex application that humankind has ever created, and the math behind it is incredibly complex even if the results are simple enough to understand. …
Skimpy HBM Memory Opens Up The Way For AI Inference Memory Godbox was written by Timothy Prickett Morgan at The Next Platform.
PP072: Mobile Device Threat Management
Mobile devices blur the boundaries between personal and work devices and are packed with sensitive information, making them popular targets for malware, spyware, and data collection. On today’s Packet Protector we dig into strategies for managing threats to mobile devices with guest Akili Akridge. Akili started his career pulling burner phones off suspects as a... Read more »AMD EPYC Is A More Universal Hybrid Cloud Substrate Than Arm
SPONSORED FEATURE The hyperscalers and big cloud builders have their own technical and political reasons for designing proprietary Arm server chips and having them built by Taiwan Semiconductor Manufacturing Co. …
AMD EPYC Is A More Universal Hybrid Cloud Substrate Than Arm was written by Timothy Prickett Morgan at The Next Platform.
HW057: Orb – A New Tool for Monitoring Internet Connectivity
Orb is an intelligent app and platform designed to help consumers understand and improve their internet connectivity. Orb continuously monitors networks to give a complete picture of true internet experience, beyond just peak speed. Today’s guest, Doug Suttles, CEO and co-founder of Orb, explains exactly what Orb does, including speed, responsiveness and reliability testing, plus... Read more »Cisco’s Outshift Incubator Sends Agentic AI Protocol To The Linux Foundation
AI agents bring with them the promise of being able to autonomously solve complex tasks put before them, from finding and analyzing the necessary data, choosing tools, and making decisions without human intervention to learning from their mistakes and adapting to changes. …
Cisco’s Outshift Incubator Sends Agentic AI Protocol To The Linux Foundation was written by Jeffrey Burt at The Next Platform.
How To Cash In On Massive Datacenter Spending
Both the global economy and spending on information technology are so vast that it is hard to really grasp the numbers sometimes. …
How To Cash In On Massive Datacenter Spending was written by Timothy Prickett Morgan at The Next Platform.
Linux packet sampling using eBPF
Linux 6.11+ kernels provide TCX attachment points for eBPF programs to efficiently examine packets as they ingress and egress the host. The latest version of the open source Host sFlow agent includes support for TCX packet sampling to stream industry standard sFlow telemetry to a central collector for network wide visibility, e.g. Deploy real-time network dashboards using Docker compose describes how to quickly set up a Prometheus database and use Grafana to build network dashboards.
static __always_inline void sample_packet(struct __sk_buff *skb, __u8 direction) {
__u32 key = skb->ifindex;
__u32 *rate = bpf_map_lookup_elem(&sampling, &key);
if (!rate || (*rate > 0 && bpf_get_prandom_u32() % *rate != 0))
return;
struct packet_event_t pkt = {};
pkt.timestamp = bpf_ktime_get_ns();
pkt.ifindex = skb->ifindex;
pkt.sampling_rate = *rate;
pkt.ingress_ifindex = skb->ingress_ifindex;
pkt.routed_ifindex = direction ? 0 : get_route(skb);
pkt.pkt_len = skb->len;
pkt.direction = direction;
__u32 hdr_len = skb->len < MAX_PKT_HDR_LEN ? skb->len : MAX_PKT_HDR_LEN;
if (hdr_len > 0 && bpf_skb_load_bytes(skb, 0, pkt.hdr, hdr_len) < 0)
return;
bpf_perf_event_output(skb, &events, BPF_F_CURRENT_CPU, &pkt, sizeof(pkt));
}
SEC("tcx/ingress")
int tcx_ingress(struct __sk_buff *skb) {
sample_packet(skb, 0);
return TCX_NEXT;
}
SEC("tcx/egress")
int tcx_egress(struct __sk_buff *skb) {
sample_packet(skb, 1);
return TCX_NEXT;
}
The sample.bpf.c file Continue reading
NB536: Fortinet FortiOS Goes Post-Quantum; Intel Scales Back Global Projects
Take a Network Break! In our Red Alert section we note that memory safety bugs bug Firefox and Thunderbird, and on-prem SharePoint instances are under attack. In tech news, Fortinet adds support for Post Quantum Cryptography in FortiOS, Cato Networks integrates Azure Virtual WANs to its SASE offering, and we weigh the pros and cons... Read more »Fun Reading: Who is LLM?
Is an LLM a stubborn donkey, a genie, or a slot machine (and why)? Find out in the Who is LLM? article by Martin Fowler.
Intel Puts The Process Horse Back In Front Of The Foundry Cart
It is beginning to look like Intel plans to milk the impending 18A manufacturing process for a long time. …
Intel Puts The Process Horse Back In Front Of The Foundry Cart was written by Timothy Prickett Morgan at The Next Platform.
HN789: How a Global Payments Processor Automates Firewall Changes at Scale
Adyen is a global payments processor whose primary business is providing payment services for merchants, retailers, and venues, as well as online payments. On today’s Heavy Networking we talk about a firewall automation project the company has undertaken. With dozens of change requests coming in every day that need to touch network and host firewalls,... Read more »TNO036: Bridging Networking and Security with Auvik (Sponsored)
Auvik is network management software that lets users monitor, manage, and troubleshoot their networks. On today’s sponsored episode we talk with Doug Murray, CEO; and John Harden, Director of Strategy & Technology Evangelism, both from Auvik, about the challenges facing today’s network operators. We look at the rise of the IT generalist, workloads and burnout,... Read more »ArubaCX: When BGP Soft Reconfiguration Becomes a No-Op
Changing an existing BGP routing policy is always tricky on platforms that apply line-by-line changes to device configurations (Cisco IOS and most other platforms claiming to have industry-standard CLI, with the notable exception of Arista EOS). The safest approach seems to be:
- Do not panic when the user makes changes to route maps and underlying filters (prefix lists, AS-path access lists, or community lists).
- Let the user decide when they’re done and process the BGP table with the new routing policy at that time.
The White House AI Action Plan: a new chapter in U.S. AI policy
On July 23, 2025, the White House unveiled its AI Action Plan (Plan), a significant policy document outlining the current administration's priorities and deliverables in Artificial Intelligence. This plan emerged after the White House received over 10,000 public comments in response to a February 2025 Request for Information (RFI). Cloudflare’s comments urged the White House to foster conditions for U.S. leadership in AI and support open-source AI, among other recommendations.
There is a lot packed into the three pillar, 28-page Plan.
Pillar I: Accelerate AI Innovation. Focuses on removing regulations, enabling AI adoption and developing, and ensuring the availability of open-source and open-weight AI models.
Pillar II: Build American AI Infrastructure. Prioritizes the construction of high-security data centers, bolstering critical infrastructure cybersecurity, and promoting Secure-by-Design AI technologies.
Pillar III: Lead in International AI Diplomacy and Security. Centers on providing America’s allies and partners with access to AI, as well as strengthening AI compute export control enforcement.
Each of these pillars outlines policy recommendations for various federal agencies to advance the plan’s overarching goals. There’s much that the Plan gets right. Below we cover a few parts of the Plan that we think are particularly important. Continue reading
Testing Arista AVD with GNS3 and EOS
Arista AVD (Architect, Validate, Deploy) – https://avd.arista.com – is a powerful tool that brings network architecture into the world of Infrastructure-as-Code. I wanted to try it out in a lab setting and see how it works in a non-standard environment. Since my go-to lab tool is GNS3 with Arista cEOS images — while the AVD […]
<p>The post Testing Arista AVD with GNS3 and EOS first appeared on IPNET.</p>