0

Cloudflare’s 2025 Annual Founders’ Letter

Cloudflare launched 15 years ago this week. We like to celebrate our birthday by announcing new products and features that give back to the Internet, which we’ll do a lot of this week. But, on this occasion, we've also been thinking about what's changed on the Internet over the last 15 years and what has not.

With some things there's been clear progress: when we launched in 2010 less than 10 percent of the Internet was encrypted, today well over 95 percent is encrypted. We're proud of the role we played in making that happen.

Some other areas have seen limited progress: IPv6 adoption has grown steadily but painfully slowly over the last 15 years, in spite of our efforts. That's a problem because as IPv4 addresses have become scarce and expensive it’s held back new entrants and driven up the costs of things like networking and cloud computing.

Still other things have remained remarkably consistent: the basic business model of the Internet has for the last 15 years been the same — create compelling content, find a way to be discovered, and then generate value from the resulting traffic. Whether that was through ads or Continue reading

0

🖥️ Running Local LLMs: Experiments and Insights

✨ Summary Large Language Models (LLMs) have powered the AI wave of the last 3–4 years. While most are closed-source, a vibrant ecosystem of open-weight and open-source models has emerged. As a long-time AI user, I wanted to peek under the hood: how do GenAI models work, and what happens when you actually run them … Continue reading 🖥️ Running Local LLMs: Experiments and Insights →

0

Getting Started With Infrahub MCP Server

In this post, we’ll be looking at how to use the Infrahub MCP server. But, before we get there, we’ll go through some background on the Model Context Protocol (MCP) itself, show a simple example to explain how it works, and then connect it back to Infrahub. This will give us the basics before moving on to the Infrahub-specific setup. Here’s what we’ll cover:

• A quick background on what MCP is and why it’s needed
• A simple example of an MCP server to show how it works
• How to connect an MCP server to host applications like Claude Desktop and Cursor
• Setting up and using the Infrahub MCP server
• Example use cases where the Infrahub MCP server can help in real workflows

What is Model Context Protocol (MCP)?

If you're doing anything with AI (and honestly, who isn’t these days), you’ve probably heard of Model Context Protocol, or MCP. Anthropic introduced MCP in November 2024, which means it hasn’t been around for long and is still evolving quickly.

MCP is a communication Continue reading

0

Pleasant Surprise: Google AI Overview

When I was writing a blog post, I needed a link to the netlab lab topology documentation, so I searched for “netlab lab topology” (I know I’m lazy, but it felt quicker than navigating the sidebar menu).

The AI overview I got was way too verbose, but it nailed the Key Concepts and How It Works well enough that I could just use them in the netlab README.md file. Maybe this AI thing is becoming useful after all ;)

0

Worth Reading 091925

“Classic” TCP uses an extremely simple loss-based congestion detection algorithm that is intended to save networks from collapsing under extreme overload.

The endgame is a society where corporate algorithms make decisions about employment, education, and social interaction with no accountability.

The rise of Agentic AI, the emergence and adoption of AI agents and agent-to-agent networking to autonomously perform tasks on behalf of humans, has introduced unique challenges for existing security products.

In the landscape of organizational management, a distinction exists between teams that (a.) efficiently deliver a high-quality service or product, and (b.) those that innovate and develop their thought leadership in an area of emerging technology.

Broadcom CEO Hock Tan delivered a rather defiant keynote to open the VMware Explore conference in Las Vegas recently, telling the audience they are better off using the latest version of VMware Cloud Foundation (VCF) on-premises than hyperscale cloud service providers.

The public is told that AI systems are super smart and have the world’s info at their electronic beck and call. At the same time, it is humans and human organizations who claim professional expertise and so deliver their “truth” via media and Internet.

While Eutelsat’s OneWeb operates the second-largest Continue reading

0

Hedge 281: Blockchain

What is the relationship between blockchain technologies and network engineering? Is blockchain “just another application,” or are there implications for naming, performance, and connectivity? Austin Federa joins Tom and Russ to discuss the intersection of blockchain and networks.
 

 
download

0

TNO042: Building a Network Digital Twin for Automation and AI (Sponsored)

The digital twin is an evolving technology in the networking space. On today’s sponsored episode of Total Network Operations, we dig into details and definitions of the digital twin, how it ties into network automation and autonomy, and the power of abstraction layers. We’ll also talk about how the concepts in today’s show might influence... Read more »

0

Ultra Ethernet: Libfabric Resource Initialization

Introduction

Ultra Ethernet uses the libfabric communication framework to let endpoints interact with AI frameworks and, ultimately, with each other across GPUs. Libfabric provides a high-performance, low-latency API that hides the details of the underlying transport, so AI frameworks do not need to manage the low-level details of endpoints, buffers, or the underlying address tables that map communication paths. This makes applications more portable across different fabrics while still providing access to advanced features such as zero-copy transfers and RDMA, which are essential for large-scale AI workloads.

During system initialization, libfabric coordinates with the appropriate provider—such as the UET provider—to query the network hardware and organize communication around three main objects: the Fabric, the Domain, and the Endpoint. Each object manages specific sub-objects and resources. For example, a Domain handles memory registration and hardware resources, while an Endpoint is associated with completion queues, transmit/receive buffers, and transport metadata. Ultra Ethernet maps these objects directly to the network hardware, ensuring that when GPUs begin exchanging training data, the communication paths are already aligned for low-latency, high-bandwidth transfers.

Once initialization is complete, AI frameworks issue standard libfabric calls to send and receive data. Ultra Ethernet ensures that this data flows efficiently across Continue reading

0

Technology Short Take 188

Welcome to Technology Short Take #188! I’m back once again with a small collection of articles and links related to a variety of data center-related technologies. I hope you find something useful!

Networking

• Scott Hogg discusses using dual-stack network configurations on your DNS name servers as part of an overall IPv6 deployment plan.
• Leon Adato explains why knowing what’s under the hood helps when it comes to networking telemetry.
• Via Ivan Pepelnjak, I found Suresh Vina’s article on using netlab to build network labs.

Security

• The use of malicious software packages continues to be a vector for attacks; here’s the latest discovery of malicious Go and npm packages.
• James Kettle explains why HTTP/1.1 must die.
• Gary Marcus and Nathan Hamiel discuss why the combination of LLMs plus coding agents has the potential to result in a security nightmare.
• Weaponized RAR files are delivering a backdoor to Linux systems using only a filename—more details in the linked article.
• WhatsApp patches a zero-click exploit targeting iOS and macOS devices. I don’t use WhatsApp, but I know lots of folks that do (it’s especially popular among my international friends). If you’re a WhatsApp user, be sure to update.
• More software supply chain Continue reading

0

You don’t need quantum hardware for post-quantum security

Organizations have finite resources available to combat threats, both by the adversaries of today and those in the not-so-distant future that are armed with quantum computers. In this post, we provide guidance on what to prioritize to best prepare for the future, when quantum computers become powerful enough to break the conventional cryptography that underpins the security of modern computing systems.  We describe how post-quantum cryptography (PQC) can be deployed on your existing hardware to protect from threats posed by quantum computing, and explain why quantum key distribution (QKD) and quantum random number generation (QRNG) are neither necessary nor sufficient for security in the quantum age.

“Quantum” is becoming one of the most heavily used buzzwords in the tech industry. What does it actually mean, and why should you care?

At its core, “quantum” refers to technologies that harness principles of quantum mechanics to perform tasks that are not feasible with classical computers. Quantum computers have exciting potential to unlock advancements in materials science and medicine, but also pose a threat to computer security systems. The term Q-day refers to the day that adversaries possess quantum computers that are large and stable enough to Continue reading

0

HN797: What To Do When The Business Asks for “AI”

When someone from the executive suite starts an AI initiative, what does that mean to you, the network engineer? The executive suite probably doesn’t know what their AI idea might mean for infrastructure. They might only have a vague idea of what they’re even trying to accomplish with an AI initiative. Regardless, that initiative puts... Read more »

0

Use Additional BGP Paths for IBGP Load Balancing

I wrote about the optimal BGP path selection with BGP additional paths in 2021, and I probably mentioned (in one of the 360 BGP-related blog posts) that you need it to implement IBGP load balancing in networks using BGP route reflectors. If you want to try that out, check out the IBGP Load Balancing with BGP Additional Paths lab exercise.

Click here to start the lab in your browser using GitHub Codespaces (or set up your own lab infrastructure). After starting the lab environment, change the directory to lb/4-ibgp-add-path and execute netlab up.

0

Connect and secure any private or public app by hostname, not IP — free for everyone in Cloudflare One

Connecting to an application should be as simple as knowing its name. Yet, many security models still force us to rely on brittle, ever-changing IP addresses. And we heard from many of you that managing those ever-changing IP lists was a constant struggle. 

Today, we’re taking a major step toward making that a relic of the past.

We're excited to announce that you can now route traffic to Cloudflare Tunnel based on a hostname or a domain. This allows you to use Cloudflare Tunnel to build simple zero-trust and egress policies for your private and public web applications without ever needing to know their underlying IP. This is one more step on our mission to strengthen platform-wide support for hostname- and domain-based policies in the Cloudflare One SASE platform, simplifying complexity and improving security for our customers and end users. 

In August 2020, the National Institute of Standards (NIST) published Special Publication 800-207, encouraging organizations to abandon the "castle-and-moat" model of security (where trust is established on the basis of network location) and move to a Zero Trust model (where we “verify anything and everything attempting to establish access").

Continue reading

0

LIU000: Announcing Life In Uptime, a New Podcast to Get You Started on Your IT Journey

Life In Uptime is a brand-new podcast that explores the real journeys of the people who build and run enterprise IT. Each episode dives into the personal and professional paths that got each guest to where they are today—because the road to a career in technology isn’t one-size-fits-all. This show is for anyone wondering how... Read more »

0

Nvidia And Hyperscaler Friends Do Massive AI Deals In The UK

As adoption of generative AI, agentic AI, and all other AIs expands around the globe, a focus in the industry can enable nations to more closely use its own infrastructure, workforces, and data to control, create, and deploy AI models. …

Nvidia And Hyperscaler Friends Do Massive AI Deals In The UK was written by Jeffrey Burt at The Next Platform.

0

Arista EOS Hates a Routing Instance with No Interfaces

I always ask engineers reporting a netlab bug to provide a minimal lab topology that would reproduce the error, sometimes resulting in “interesting” side effects. For example, I was trying to debug a BGP-related Arista EOS issue using a netlab topology similar to this one:

defaults.device: eos
module: [ bgp ]
nodes:
  a: { bgp.as: 65000 }
  b: { bgp.as: 65001 }

Imagine my astonishment when the two switches failed to configure BGP. Here’s the error message I got when running the netlab’s deploy device configurations Ansible playbook:

0

The RUM Diaries: enabling Web Analytics by default

Measuring and improving performance on the Internet can be a daunting task because it spans multiple layers: from the user’s device and browser, to DNS lookups and the network routes, to edge configurations and origin server location. Each layer introduces its own variability such as last-mile bandwidth constraints, third-party scripts, or limited CPU resources, that are often invisible unless you have robust observability tooling in place. Even if you gather data from most of these Internet hops, performance engineers still need to correlate different metrics like front-end events, network processing times, and server-side logs in order to pinpoint where and why elusive “latency” occurs to understand how to fix it.

We want to solve this problem by providing a powerful, in-depth monitoring solution that helps you debug and optimize applications, so you can understand and trace performance issues across the Internet, end to end.

That’s why we’re excited to announce the start of a major upgrade to Cloudflare’s performance analytics suite: Web Analytics as part of our real user monitoring (RUM) tools will soon be combined with network-level insights to help you pinpoint performance issues anywhere on a packet’s journey — from a visitor’s browser, through Cloudflare’s network, to your Continue reading

0

Google Shows Off Its Inference Scale And Prowess

If the hyperscalers are masters of anything, it is driving scale up and driving costs down so that a new type of information technology can be cheap enough so it can be widely deployed. …

Google Shows Off Its Inference Scale And Prowess was written by Timothy Prickett Morgan at The Next Platform.

0

TCG058: Creating the Internet Layer That Should Have Been With Avery Pennarun

In this deep dive episode, we explore the evolution of networking with Avery Pennarun, Co-Founder and CEO of Tailscale. Avery shares his extensive journey through VPN technologies, from writing his first mesh VPN protocol in 1997 called “Tunnel Vision” to building Tailscale, a zero-trust networking solution. We discuss how Tailscale reimagines the OSI stack by... Read more »

0

NAN100: A Retrospective On 100 Episodes of Network Automation Nerds

Network Automation Nerds has reached a special milestone: episode 100! Eric Chou looks back on 5 years of conversations with network automation pioneers, practitioners, and visionaries. Drew Conry-Murray from the Packet Pushers joins Eric, along with online guest Ioannis Theodoridis, to find out why Eric started the podcast, his goals for all these conversations, a... Read more »