Fakta Ilmiah Awan: Struktur, Fungsi, dan Dinamika Atmosfer

Daftar Pustaka

Massa dan Komposisi Awan

Secara ilmiah, awan merupakan agregat tetesan air dan kristal es yang tersuspensi di atmosfer. Setiap tetesan memiliki diameter antara 10 hingga 50 mikrometer, namun jumlahnya bisa mencapai jutaan per meter kubik udara. Akibatnya, bobot satu awan cumulus rata-rata mencapai satu juta ton. Meskipun demikian, awan tetap melayang karena adanya gaya buoyancy yang dihasilkan oleh udara panas dan arus konveksi. Proses ini menyeimbangkan gaya gravitasi sehingga awan mampu tetap stabil di berbagai ketinggian.

Dinamika Pergerakan Awan

Pergerakan awan dikendalikan oleh angin atmosfer dan perbedaan tekanan. Di lapisan troposfer, angin dapat mencapai kecepatan lebih dari 200 km/jam pada ketinggian tertentu, terutama di jet stream. Awan cirrus, yang berada di ketinggian 6–12 km, bergerak lebih cepat dibanding awan rendah karena dipengaruhi oleh aliran angin kuat di lapisan atas. Selain itu, konveksi lokal dan sistem tekanan rendah juga memicu pergerakan horizontal dan vertikal awan, memengaruhi distribusi hujan serta pola cuaca regional.

Spektrum Warna Awan

Warna awan tergantung pada interaksi cahaya matahari dengan tetesan air atau kristal es. Secara ilmiah, awan putih terjadi karena Continue reading

The Why and What of the CIDR Report

For some time, I have been looking after a routing analysis report called the "". Here I'd like to explain the reasons for this report, and what is in the report and share some thoughts as to its usefulness today to the Internet routing community.

NB567: CISA Says Harden Endpoint Managers; NVIDIA Launches GPUs for Orbital Workloads

Take a Network Break! We sound a red alert about a swarm of critical D-Link vulnerabilities. In this week’s news, CISA warns organizations to harden endpoint management systems in the wake of a cyberattack that used the target’s own Microsoft Intune system to wipe thousands of devices, Cisco rolls an NVIDIA ASIC into an N9100... Read more »

Worth Reading 032326

The ENIAC (Electronic Numerical Integrator and Computer), a machine that profoundly reshaped computing, marked its 80th anniversary on 15 February 2026. ENIAC was a technological leap that laid the foundation for the modern computing revolution and eventually transformed nearly every aspect of society.

During the APNIC Routing Security SIG session, held at APRICOT 2026 in Jakarta, the community heard about six applications of Resource Public Key Infrastructure (RPKI) to the problem of secure Internet routing.

There is no doubt that automation offers benefits such as speed, accuracy, reliability, and efficiency, and goes far beyond simple configuration management tasks, including resource provisioning. However, it may not be a good fit for every infrastructure environment. One must evaluate and compare the pros and cons before adopting automation.

Meta’s Ray-Ban smart glasses are a privacy nightmare, with footage of naked people, sensitive information, and violent acts captured and seen by Meta’s AI and an army of employees.

MOSAIC ditches lasers for cheap MicroLEDs and medical imaging fiber, cuts cabling energy by up to 50%, and already fits in a standard transceiver after a proof-of-concept with MediaTek.

How to deploy Pi-Hole with Docker and stop ads on every device on your LAN

How do you block ads? Most people install various and sundry ad-blocking software on their computers or add browser extensions to handle the task. Either way you go, blocking ads can help prevent your web browser from loading ads that could consume too many system resources or even inject malicious code into your system. I’ve had instances where a single ad bogged down my CPU so much that the computer came to a screeching halt. The only solution was a hard reboot. After that, I was on a quest to do whatever it took to avoid another such instance. At first, I thought about going the browser extension route, but I realized I’d have to install extensions on every browser I used on every desktop and laptop on my home network. That’s all fine and good if you only have a few machines connected to your LAN. But what if you have considerably more? You might want to consider an app like Pi-Hole.

Data Analytics Helps Make The Mighty Lionesses Roar

Launching Cloudflare’s Gen 13 servers: trading cache for cores for 2x edge compute performance

Two years ago, Cloudflare deployed our 12th Generation server fleet, based on AMD EPYC™ Genoa-X processors with their massive 3D V-Cache. That cache-heavy architecture was a perfect match for our request handling layer, FL1 at the time. But as we evaluated next-generation hardware, we faced a dilemma — the CPUs offering the biggest throughput gains came with a significant cache reduction. Our legacy software stack wasn't optimized for this, and the potential throughput benefits were being capped by increasing latency.

This blog describes how the FL2 transition, our Rust-based rewrite of Cloudflare's core request handling layer, allowed us to prove Gen 13's full potential and unlock performance gains that would have been impossible on our previous stack. FL2 removes the dependency on the larger cache, allowing for performance to scale with cores while maintaining our SLAs. Today, we are proud to announce the launch of Cloudflare's Gen 13 based on AMD EPYC™ 5th Gen Turin-based servers running FL2, effectively capturing and scaling performance at the edge.

What AMD EPYCTurin brings to the table

AMD's EPYC™ 5th Generation Turin-based processors deliver more than just a core count increase. The architecture delivers improvements across multiple dimensions of what Cloudflare Continue reading

Inside Gen 13: how we built our most powerful server yet

A few months ago, Cloudflare announced the transition to FL2, our Rust-based rewrite of Cloudflare's core request handling layer. This transition accelerates our ability to help build a better Internet for everyone. With the migration in the software stack, Cloudflare has refreshed our server hardware design with improved hardware capabilities and better efficiency to serve the evolving demands of our network and software stack. Gen 13 is designed with 192-core AMD EPYC™ Turin 9965 processor, 768 GB of DDR5-6400 memory, 24 TB of PCIe 5.0 NVMe storage, and dual 100 GbE port network interface card.

Gen 13 delivers:

Up to 2x throughput compared to Gen 12 while staying within latency SLA
Up to 50% improvement in performance / watt efficiency, reducing data center expansion costs
Up to 60% higher throughput per rack keeping rack power budget constant
2x memory capacity, 1.5x storage capacity, 4x network bandwidth
Introduced PCIe encryption hardware support in addition to memory encryption
Improved support for thermally demanding powerful drop-in PCIe accelerators

This blog post covers the engineering rationale behind each major component selection: what we evaluated, what we chose, and why.

Generation	Gen 13 Compute	Previous Gen 12 Compute
Form Factor	2U1N, Single Continue reading

ASPA: The cryptographic upgrade for BGP path security

The Internet routing security story of the past decade has largely been about fixing route origins. RPKI Route Origin Validation (ROV) gave operators a cryptographic way to verify that the AS announcing a prefix was actually authorized to do so. That work has now reached majority coverage, with over half of all IPv4 and IPv6 routes now protected by Route Origin Authorizations (ROAs).

But origin validation only tells you where a route claims to start. It says nothing about the path it took to get to you. A route can have a perfectly valid origin and still arrive via a completely illegitimate chain of ASes, through a misconfigured transit network, a malicious route leak, or a manipulated AS_PATH. This gap is exactly what ASPA (Autonomous System Provider Authorization) is designed to close.

ASPA has moved from theory into early operational deployment, even though the core ASPA profile and verification work remain in IETF draft form as of March 2026. ARIN and RIPE NCC both support ASPA object creation in production. Major networks have begun deploying ASPA validation globally. Router implementations exist in BIRD and OpenBGPD. This article is intended to explain what ASPA is, how it works technically, what it Continue reading

netlab: Switch to Lab Directory After an SSH Session Loss

I work on a laptop that loves to power down when not used (the right thing to do), which often breaks the SSH session to my netlab server (not so good).

Reconnecting is trivial. Figuring out which lab I was working on and where it lives on the disk after a few hours? That’s the annoying part.

We solved most of that ages ago with the netlab status --all command. It shows all running labs¹ and their directories, so you can quickly jump back to where you were. However, even that gets tedious the 100th time you have to do it.

Introducing AI Assistant for Calico, Calico Load Balancer, and Seamless VM-to-Kubernetes Migration

SAN JOSE, Calif., March 23, 2026 — Tigera, the creator and maintainer of Project Calico, today announced a major expansion of its Unified Network Security Platform for Kubernetes, aimed at helping enterprises consolidate infrastructure and accelerate the migration of legacy workloads to cloud-native platforms.

The new capabilities include:

Al Assistant for Calico: A proactive, conversational intelligence layer that replaces complex manual log analysis with natural-language troubleshooting and proactive security audits.
Calico Load Balancer: A high-performance, eBPF-based, software-defined load balancer that replaces expensive, rigid hardware appliances with a Kubernetes-native solution.
Seamless VM-to-Kubernetes Migration: Advanced Layer 2 (L2) networking support eliminates migration friction by allowing virtual machines to move into Kubernetes clusters without changing their original IP addresses or existing VLAN dependencies.

These innovations help organizations tackle the rising “complexity tax” in managing high-scale Kubernetes clusters and provide a high-velocity path to consolidate virtual machines and containers into a single, standardized platform.

“The industry is at a breaking point where the operational overhead of managing legacy hardware and fragmented VM silos is no longer sustainable. By building a distributed load balancer into the fabric of Calico, launching an Al assistant that ‘troubleshoots at the speed of thought,’ Continue reading

Building IRRd and bgpq4 Docker Containers for Network Labs

To demonstrate basic BGP security practices in a network emulator in a way that emulates real-world conditions, researchers need to emulate an Internet Routing Registry (IRR) database server running software like IRRd and a network management workstation running software utilities like bgpq4. These tools enable the centralized registration of prefix information and the generation of prefix filter lists from that information. I was not able to find ready-to-use container images that support either of these functions, so I created them.

In this post, I walk through the process of building reusable container images that can be dropped into any network emulator that supports Docker containers, such as Containerlab, GNS3, or Kathará, etc. I also show how I published the containers in a public repository.

IRRd and bgpq4

IRRd (Internet Routing Registry daemon) version 4 is a widely used software program for maintaining and serving IRR data in the RPSL format. To experience IRRd, you can directly interact with the IRRd user interface at ntt.net, which is a tier-1 global IP backbone provider, and it also powers industry-standard registries like RADB.

Bgpq4 is a command-line tool used by network engineers to query an IRR server and Continue reading

Secure and Scale VMware VKS with Calico Kubernetes Networking

Co-authors

Abhishek Rao | Tigera
Ka Kit Wong, Charles Lee, & Christian Rauber | Broadcom

VMware vSphere Kubernetes Service (VKS) is the CNCF-certified Kubernetes runtime built directly into VMware Cloud Foundation (VCF), which delivers a single platform for both virtual machines and containers. VKS enables platform engineers to deploy, manage, and scale Kubernetes clusters while leveraging a comprehensive set of cloud services. And with VKS v3.6, that foundation just got significantly more powerful: VKS now natively supports Calico Enterprise — part of the Calico Unified Platform — as a validated, lifecycle-managed networking add-on through the new VKS Addon Framework. This integration is a key milestone in VMware’s expanded partnerships across the Kubernetes ecosystem, ensuring customers have access to best-in-class networking and security tools.

Even better, VKS natively integrates Calico Open Source by Tigera as a supported, out-of-the-box Container Network Interface (CNI). This gives organizations a powerful open source baseline right from day one:

Pluggable Data Planes: The flexibility to run high-performance eBPF, standard Linux iptables, modern nftables, or Windows data planes based on specific workload needs.
Wire-Speed Routing: Direct BGP peering with the underlying VMware NSX infrastructure, eliminating the performance overhead of traditional overlay networks.
Foundational Zero-Trust: Global Continue reading

400G Over Multimode Fiber: BiDi Changes the Game

For anyone who has managed a data center fiber plant over the past decade, the arrival of 400 Gigabit Ethernet came with a painful side effect: singlemode fiber. If your…

The post 400G Over Multimode Fiber: BiDi Changes the Game appeared first on AboutNetworks.net.

Calculate “1/(40rods/hogshead) → L/100km” from your Zsh prompt

I often need a quick calculation or a unit conversion. Rather than reaching for a separate tool, a few lines of Zsh configuration turn = into a calculator. Typing = 660km / (2/3)c * 2 -> ms gives me 6.60457 ms¹ without leaving my terminal, thanks to the Zsh line editor.

The equal alias

The main idea looks simple: define = as an alias to a calculator command. I prefer Numbat, a scientific calculator that supports unit conversions. Qalculate is a close second.² If neither is available, we fall back to Zsh’s built-in zcalc module.

As the alias built-in uses = as a separator for name and value, we need to alter the aliases associative array:

if (( $+commands[numbat] )); then
  aliases[=]='numbat -e'
elif (( $+commands[qalc] )); then
  aliases[=]='qalc'
else
  autoload -Uz zcalc
  aliases[=]='zcalc -f -e'
fi

With this in place, = 847/11 becomes numbat -e 847/11.

The quoting problem

The first problem surfaces quickly. Typing = 5 * 3 fails: Zsh expands the * character as a glob Continue reading

Calico Load Balancer: Simplifying Network Traffic Management with eBPF

Authors: Alex O’Regan, Aadhil Abdul Majeed

Ever had a load balancer become the bottleneck in an on-prem Kubernetes cluster? You are not alone. Traditional hardware load balancers add cost, create coordination overhead, and can make scaling painful. A Kubernetes-native approach can overcome many of those challenges by pushing load balancing into the cluster data plane. Calico Load Balancer is an eBPF powered Kubernetes-native load balancer that uses consistent hashing (Maglev) and Direct Server Return (DSR) to keep sessions stable while allowing you to scale on-demand.

Below is a developer-focused walkthrough: what problem Calico Load Balancer solves, how Maglev consistent hashing works, the life of a packet with DSR, and a clear configuration workflow you can follow to roll it out.

Why a Kubernetes-native load balancer matters

On-prem clusters often rely on dedicated hardware or proprietary appliances to expose services. That comes with a few persistent problems:

Cost and scaling friction – You have to scale the network load balancer vertically as the size and throughput requirements of your Kubernetes cluster/s grows.
Operational overhead – Virtual IPs (VIPs) are often owned by another team, so simple service changes require coordination.
Stateful failure modes – Kube-proxy load balancing is stateful per node, Continue reading

Lift-and-Shift VMs to Kubernetes with Calico L2 Bridge Networks

On paper, lift-and-shift VM migration to Kubernetes sounds simple. Compute can be moved. Storage can be remapped. But many migration projects stall at the network boundary. VM workloads are often tied to IP addresses, network segments, firewall rules, and routing models that already exist in the wider environment. That is where lift-and-shift becomes much harder than it first appears.

Why lift-and-shift migration is challenging

In a traditional hypervisor environment:

A VM connects to a network the rest of the data center already understands.
Its IP address is a first-class citizen of the network.
Firewalls, routers, monitoring tools, and peer applications know how to reach it.
Existing application dependencies are often built around that network identity.

Default Kubernetes pod networking works very differently:

Pod IPs usually come from a cluster-managed pod CIDR.
Those IPs are mainly meaningful inside the Kubernetes cluster.
The upstream network usually does not have direct visibility into pod networks.
The original network segments from the VM world are not preserved by default.

This creates a major problem for VM migration:

The workload can no longer keep the same network presence it had before.
Teams often need to introduce VIPs or reconfigure the networking settings of the Continue reading

HN819: Recipes for Automation – A Look Inside Eric Chou’s AI Networking Cookbook

Eric Chou, author of the AI Networking Cookbook and host of Network Automation Nerds, joins Ethan and Drew to discuss adding artificial intelligence to your network automation toolbox. The AI Networking Cookbook is aimed at network engineers and provides a systematic approach to learning AI for network automation. Together they break down pros and cons... Read more »

TNO058: Detect. Prove. Predict. Turning Network Monitoring Into Operational Intelligence (Sponsored)

In this sponsored episode, Dylan Hensler, Customer Solutions Specialist with Statseeker, joins Scott for a breakdown of what allows Statseeker to move beyond traditional network monitoring. Together they discuss Statseeker’s ability to help NetOps teams detect issues faster, prove root cause, and operate with confidence by turning raw data into operational intelligence. They also discuss... Read more »

Why flat Kubernetes networks fail at scale

Rethinking network security hierarchies for cloud-native platforms Kubernetes networking is powerful. Its flexibility lets teams connect hundreds of microservices across namespaces, clusters, and environments. But as platforms grow, that same flexibility can turn a neat setup into a tangled, fragile system. For many organizations, networking is where friction shows up first. Engineers struggle to debug connectivity issues. Security teams wrestle with enforcing global controls. Platform architects feel the pressure to prove compliance. And most of these headaches come from a common root cause: flat network security models that don’t scale. The limits of flat networking Kubernetes NetworkPolicy gives teams a way to control traffic between workloads. By default, all policies exist at the same level with no built-in manageable priority. “As policies grow, it’s increasingly hard to predict what will happen when you make a change.” That works fine in a small, single-team cluster. But in large, multi-team environments, it quickly becomes risky. In a flat model, security is managed by exception rather than enforcement. Protecting a critical service often means listing every allowed connection and hoping nothing else accidentally overrides it. As policies grow, it’s increasingly hard to predict what will happen when you make a change. Without Continue reading

« Previous 1 … 3 4 5 6 7 … 3,860 Next »