A Novel Way To Compact Data For More Efficient Storage And Transmission
IT companies have spent billions of dollars creating ways to move data more efficiently and cheaply in an increasingly distributed world of on-premises datacenters, multiple clouds, and the edge. …
A Novel Way To Compact Data For More Efficient Storage And Transmission was written by Jeffrey Burt at The Next Platform.
Hedge 254: Should you /64?
One of the big questions about IPv6 is: “Should you use /64’s for subnets?” Tom Coffeen joins Eyvonne Sharp, Rick Graziani, and Russ as we discuss the various questions surrounding IPv6 addressing, planning, waste, and … should you /64?
TNO012: From Hardware to Cloud: Evolving Roles for Network Operators
Cloud networking is still networking, but there are differences. In this special collaboration episode between the Total Network Operations and Cloud Gambit podcasts, Scott Robohn, Eyvonne Sharp, and William Collins dive into the contrasts between traditional and cloud networking, and how network engineers raised on hardware and the CLI can flourish in cloudy environments. In... Read more »Technology Short Take 185
Welcome to Technology Short Take #185, the first of 2025! I’m excited for the opportunity to continue to bring readers articles and links of interest across data center- and cloud-related technologies (along with some original content along the way). I had originally intended for this post to be my last post of 2024, but personal challenges got in the way. Enough of that, though—on to the content!
Networking
- Rasika Nayanajith has a detailed overview of Wi-Fi 7.
- Just before the end of 2024, John Howard (whose blog I only recently discovered—lots of great content there!) posted a write-up on using Vault to provision TLS certificates onto a network appliance.
- Federico Paolinelli shared information on running Podman pods as systemd units in the context of an architecture to terminate EVPN inside Kubernetes nodes. Federico’s blog is another one I only recently discovered; there’s lots of great networking content here.
- Julio Perez has a nice write-up on Codespaces for network engineers and educators. (Hat tip to Ivan Pepelnjak for pointing me to Julio’s site.)
Servers/Hardware
- Bryan Cantrill shares some thoughts on why Gelsinger was wrong for Intel.
Security
- Brian Krebs’ article on the operations of a prolific voice phishing crew Continue reading
Palo Alto Allow Access To Certain URLs Matching A Blocked URL Category
If you use URL filtering on your Palo Alto firewalls, you may come across situations where a specific URL category is set to block, but you need to allow certain sites. For example, you might block the 'social networking' category but still want to allow access to Facebook. Similarly, you may block 'newly registered domains,' but need immediate access to a site categorized as such. While you can request Palo Alto to re-categorize the site, sometimes you need a quicker solution.
In this blog post, we'll look at how to allow access to specific URLs that match a blocked URL category. There are two ways to achieve this, and I’ll cover both.
A Quick Recap on URL Filtering
This blog post assumes you have some familiarity with URL filtering. In a typical setup, you create a URL Filtering profile, configure the categories to allow or block, and attach this profile to your security policies. For instance, if you block the 'proxy-avoidance' category and try to access a site like expressvpn.com, the traffic will be blocked.
To demonstrate this, I'll set the 'proxy-avoidance' category to block. This means that if I try to access expressvpn.com, it will be blocked. Continue reading
XtendISE Key Features – Simplifying Cisco ISE Management
XtendISE is a user-friendly web application integrated with Cisco ISE and designed to simplify daily tasks and common challenges related to 802.1X without requiring extensive training on Cisco ISE. XtendISE helps manage MAC addresses, troubleshoot 802.1X authentication issues, and simplify the management of switch 802.1X configurations. It also validates configurations to ensure they are set up correctly and as intended.
We covered the basics of XtendISE in a previous article linked below. In this blog post, we will explore in detail three key features that XtendISE offers.
- MAC address management
- Enhanced Troubleshooting Capabilities
- Configuration and Auditing of the network access devices
Suresh Vina
Mac Address Management
Typically, when a device doesn’t support 802.1X, we collect its MAC address and add it to a specific group in Continue reading
netlab 1.9.3: MLAG, Static Routes, Node Cloning
netlab release 1.9.3 brings these new features:
- Multi-chassis Link Aggregation (MLAG) on Arista EOS, Aruba CX, Cumulus NVUE, and Dell OS10
- VRF and VLAN groups
- Additional OSPF interface parameters (hello and dead timers, cleartext passwords, and DR priority) implemented on Arista EOS, Aruba CX, Cisco IOS/IOS-XE, Cisco Nexus OS, Cumulus Linux, Dell OS10, and FRRouting
- Static routes with direct or indirect next hops implemented on Arista EOS, Cisco IOS/IOS-XE, FRRouting, and Linux
- Node cloning plugin for users who want to build detailed digital twins of their networks.
- Consistent selection of default address pools based on the number of nodes attached to a link (this could change addressing in multi-provider topologies)
- Support for vjunos-router and Cisco NSO tool.
Other new features include:
Scaling Retrieval Augmented Generation With RAGOps And Agents
COMMISSIONED: Retrieval-augmented generation (RAG) has become the gold standard for helping businesses refine their large language model (LLM) results with corporate data. …
Scaling Retrieval Augmented Generation With RAGOps And Agents was written by Timothy Prickett Morgan at The Next Platform.
N4N008: What Is a Default Gateway?
Today’s topic is the default gateway, essential for routing traffic between networks. We explain its purpose, configuration, and the consequences of incorrect settings. Using home networks as an example, Ethan and Holly illustrate how default gateways enable devices to communicate with external networks. The discussion also covers routing tables, subnet masks, and the differences between... Read more »Configuring IP Addresses Won’t Make You an Expert
A friend of mine recently wrote a nice post explaining how netlab helped him set up a large network topology in a reasonably short timeframe. As expected, his post attracted a wide variety of comments, from “netlab is a gamechanger” (thank you 😎) to “I prefer traditional labs.” Instead of writing a bunch of replies into a walled-garden ecosystem, I decided to address some of those concerns in a public place.
Let’s start with:
How Calico Network Threat Detection Works
In today’s cloud-native environments, network security is more complex than ever, with Kubernetes and containerized workloads introducing unique challenges. Traditional tools struggle to monitor and secure these dynamic, interconnected systems, leaving organizations vulnerable to advanced threats, such as lateral movement, zero-day exploits, ransomware, data exfiltration, and more.
Network threat detection identifies malicious or suspicious activity within network traffic by using rules and analyzing patterns, behaviors, and anomalies. It enables organizations to spot attacks early, respond quickly, and mitigate risks before they escalate. Tools like Calico are specifically designed to address these challenges in Kubernetes, offering visibility, detection, and automated responses to protect workloads from known and emerging threats.
Calico delivers advanced network threat detection for Kubernetes environments, leveraging a variety of techniques to ensure comprehensive protection. Here are the key features of Calico’s network threat detection.
Behavior-based detection
Calico uses machine learning algorithms to establish a baseline of normal network behavior and detect anomalies such as port scans, IP (Internet Protocol) sweeps, and domain generation algorithms (DGA), which are commonly used by malware to evade detection and maintain communication with command and control (C2) servers.
Calico’s anomaly detection capability evaluates traffic flows using machine learning to identify the baseline behavior Continue reading
HW043: Is OFDMA Worth It?
OFDMA, or Orthogonal Frequency-Division Multiple Access, was introduced in 802.11ax. This technology allows a radio to split a single channel into multiple sub-carriers, which in turn can be used to send data to multiple devices at the same time. OFDMA is meant to reduce congestion by allowing APs to allocate resource units among, and communicate... Read more »D2DO262: The Science and Magic of Network Mapping and Measurement
Measuring network speed seems straightforward: send some traffic between two endpoints and see how long it took. But what path did the traffic take? Were wired or wireless networks involved? What intermediary devices stood between your two endpoints? Was there interference? Congestion? Are device limitations affecting your results? The fact is, there’s more to measurement... Read more »Open source all the way down: Upgrading our developer documentation
At Cloudflare, we treat developer content like a product, where we take the user and their feedback into consideration. We are constantly iterating, testing, analyzing, and refining content. Inspired by agile practices, treating developer content like an open source product means we approach our documentation the same way an open source software project is created and maintained. Open source documentation empowers the developer community because it allows anyone, anywhere, to contribute content. By making both the content and the framework of the documentation site publicly accessible, we provide developers with the opportunity to not only improve the material itself but also understand and engage with the processes that govern how the documentation is built, approved, and maintained. This transparency fosters collaboration, learning, and innovation, enabling developers to contribute their expertise and learn from others in a shared, open environment. We also provide feedback to other open source products and plugins, giving back to the same community that supports us.
Great documentation empowers users to be successful with a new product as quickly as possible, showing them how to use the product and describing its benefits. Relevant, timely, and accurate content can save Continue reading
The Future Is The One We Generate
If you want to be at the top of the food chain on Earth, as human beings have ascended to after millions of years of evolution, there are a bunch of things that you need to be able to do. …
The Future Is The One We Generate was written by Timothy Prickett Morgan at The Next Platform.
Building Ultra Long Range TOSLINK
Building Ultra Long Range TOSLINK
This post is a textual version of a talk I gave at The 38th Chaos Computer Congress at the end of 2018
OSPFv3 on Bird Needs IPv6 LLA on the Loopback Interface
Wanted to share this “too weird to believe” SNAFU I found when running integration tests with the Bird routing daemon. It’s irrelevant unless you want Bird to advertise the IPv6 prefix configured on the main loopback interface (lo) with OSPFv3.
Late last year, I decided to run netlab integration tests with the Bird routing daemon. It passed most baseline netlab OSPFv3 integration tests but failed those that checked the loopback IPv6 prefix advertised by the tested device (test results).
Ethernet Switching Still In Recession Thanks To AI Shift
The original design manufacturers, or ODMs, as well as the portions of the original equipment manufacturers, or OEMs, that act like ODMs in that they create custom machines for hyperscalers and cloud builders and sell that at high volume and low margin, have long since taken over the server market. …
Ethernet Switching Still In Recession Thanks To AI Shift was written by Timothy Prickett Morgan at The Next Platform.
AI for Network Engineers: Long Short-Term Memory (LSTM)
Introduction
As mentioned in the previous chapter, Recurrent Neural Networks (RNNs) can have hundreds or even thousands of time steps. These basic RNNs often suffer from the gradient vanishing problem, where the network struggles to retain historical information across all time steps. In other words, the network gradually "forgets" historical information as it progresses through the time steps.
One solution to address the horizontal gradient vanishing problem between time steps is the use of Long Short-Term Memory (LSTM) based RNN instead of basic RNN. LSTM cells can preserve historical information across all time steps, whether the model contains ten or several thousand time steps.
Figure 6-1 illustrates the overall architecture of an LSTM cell. It includes three gates: the Forget gate, the Input gate (a.k.a. Remember gate), and the Output gate. Each gate contains input neurons that use the Sigmoid activation function. The reason for employing the Sigmoid function, as shown in Figure 5-4 of the previous chapter, is its ability to produce outputs in the range of 0 to 1. An output of 0 indicates that the gate is "closed," meaning the information is excluded from contributing to the cell's internal state calculations. An output of Continue reading