Generative AI is still very much an emerging technology and it’s morphing and evolving rapidly, as is illustrated with the trend toward agentic AI, which we’ve written about previously. …
Cisco Puts Big AI Infrastructure Into Small Packages was written by Jeffrey Burt at The Next Platform.
COMMISSIONED In the fast-paced world of AI, GPUs are often hailed as the quiet powerhouse driving innovation. …
Stop Bottlenecking Your AI: Storage Hacks for Hungry GPUs was written by Timothy Prickett Morgan at The Next Platform.
On October 24, 2024, the National Institute of Standards and Technology (NIST) announced that they’re advancing fourteen post-quantum signature schemes to the second round of the “signatures on ramp” competition. “Post-quantum” means that these algorithms are designed to resist the attack of quantum computers. NIST already standardized four post-quantum signature schemes (ML-DSA, SLH-DSA, XMSS, and LHS) and they are drafting a standard for a fifth (Falcon). Why do we need even more, you might ask? We’ll get to that.
A regular reader of the blog will know that this is not the first time we’ve taken measure of post-quantum signatures. In 2021 we took a first hard look, and reported on the performance impact we expect from large-scale measurements. Since then, dozens of new post-quantum algorithms have been proposed. Many of them have been submitted to this new NIST competition. We discussed some of the more promising ones in our early 2024 blog post.
In this blog post, we will go over the fourteen schemes advanced to the second round of the on ramp and discuss their feasibility for use in TLS — the protocol that secures browsing the Internet. The defining Continue reading
The use of Group Policy Objects (GPO) can be really powerful in a Windows environment. In this post we’re going to leverage GPO to distribute certificates to the user and computer as well as enabling the 802.1X supplicant.
First, let’s see if there are any certificates on the Windows 10 VM in my lab:
Currently, there are no certificates present on the VM. It has also not been joined to the domain.
First, open the GPO app:
There’s a default domain policy that can be used, but I’m going to create new policies, one for users, and one for computers. First, let’s create a policy for computers. I’m going to right click my computer OU, named iselab computers, and then select Create a GPO in this domain, and Link it here…:
Give the GPO a name:
The GPO has been created:
Right click the GPO and select Edit…:
The GPO Editor window opens:
Then we’re going to navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Public Key Policies and select Certificate Services Client – Auto Enrollment and then Properties:
A new window opens up:
Change the Configuration Model to Enabled and Continue reading
After some reflection I’ve realized that while I’ve spent a lot of time talking about BGP in it’s many forms I haven’t really ever done a deep dive on it. To be clear – Im not aiming to talk about how to configure BGP , or how path selection works, or even how to troubleshoot BGP. What I want to examine is what BGP is doing on the wire. How it communicates with peers, when it sends updates, and what kind of things are in the updates. Im hoping to write several blogs starting with the basics and then diving deeper as we go. That said, let’s get started!
To start things out with – I think it makes sense to start with a simple lab consisting of two BGP nodes that are peering together. Something like this…
I don’t want to spend a lot of time focusing on the configuration syntax and basic configuration parameters so let’s just run BIRD on both of the nodes so we can get off the ground with minimal effort. Let’s assume that both BGP Peers shown above are just normal Ubuntu VMs and both have a single interface on common 169.254.10. Continue reading
There are lots of ways that we might build out the memory capacity and memory bandwidth of compute engines to drive AI and HPC workloads better than we have been able to do thus far. …
We Can’t Get Enough HBM, Or Stack It Up High Enough was written by Timothy Prickett Morgan at The Next Platform.
Elections are not just a matter of casting ballots. They depend on citizens being able to register to vote and accessing information about candidates and the election process, which in turn depend on the strength and security of the Internet. Despite the risks posed by potential cyberattacks aimed to disrupt democracy, Cloudflare did not observe any significant disruptions to campaigns or local government websites from cyberattack.
Tuesday, November 5, 2024 was Election Day in the United States. It not only decided the next president and vice president but also included elections for the US Senate, House of Representatives, state governorships, and state legislatures. Results confirm that Republican Donald Trump won the presidential election.
In this blog post, we examine online attacks against election-related sites — some of which were notable but none were disruptive — and how initial election results impacted Internet traffic across the US at both national and state levels, with increases in traffic as much as 15% nationwide. We’ll also explore email phishing trends and general DNS data around news interest, the candidates, and election-related activity.
We’ve been tracking 2024 elections globally through our blog and election report on Cloudflare Radar, covering some of the more Continue reading
A BGP route server is like a BGP route reflector but for EBGP sessions. In its simplest implementation, it receives BGP updates over EBGP sessions and propagates them over other EBGP sessions without inserting its own AS number in the AS path (more details).
BGP route servers are commonly used on Internet Exchange Points (IXPs), and that’s what you can practice in the BGP Route Server in an Internet Exchange Point lab exercise.
Click here to start the lab in your browser using GitHub Codespaces (or set up your own lab infrastructure). After starting the lab environment, change the directory to session/5-routeserver and execute netlab up.
We all know that firewalls are limited by hardware resources. Larger devices support higher throughput, while smaller ones may not perform as well. When experiencing slow traffic or latency issues on a firewall, we typically check resource usage and session counts to see if we are reaching these limits. If we are, that often concludes our troubleshooting. But what if we aren't hitting these limits and still experience traffic slowness? In this blog post, we'll explore a few methods to troubleshoot high latency issues on Palo Alto firewalls.
Please note that this troubleshooting is applicable when the dataplane CPU and session count are well below the limit, but you are still experiencing some form of latency issues or random packet loss. If this issue sounds familiar, please continue reading.
If you find yourself in a situation where resource usage is well under the limit but you are still experiencing high latency, the next step is to identify sessions that consume too much of the on-chip packet descriptor.
You can run the following command on any hardware-based firewall model (not a VM-Series firewall) to identify, for each slot and dataplane, the on-chip packet descriptor percentage used, the top Continue reading
Think of it as the ultimate offload model.
One of the geniuses of the cloud – perhaps the central genius – is that a big company that would have a large IT budget, perhaps on the order of hundreds of millions of dollars per year, and that has a certain amount of expertise creates a much, much larger IT organization with billions of dollars – and with AI now tens of billions of dollars – in investments and rents out the vast majority of that capacity to third parties, who essentially allow that original cloud builder to get their own IT operations for close to free. …
You Are Paying The Clouds To Build Better AI Than They Will Rent You was written by Timothy Prickett Morgan at The Next Platform.
Most ISE deployments use a join to Active Directory to be able to query AD groups, perform user lookups, etc. In this post, I’ll join my ISE lab server to AD. First I’m going to create two OUs in my AD, one for users and one for computers. Why not use the default ones? They are containers, not OUs, which means you can’t apply GPOs to them. Additionally, it makes for cleaner separation from the built-in accounts and allows for applying policies that won’t affect them. I’m creating two OUs:
This is done by going to Active Directory Users and Computers, then right clicking the AD domain and selecting New -> Organizational Unit:
Give the OU a name and then click OK:
Repeat for the computers OU. You should now be able to see the OUs:
I’m going to create a user named Bob that I’ll be using to test login later. Right click the users OU and then select New -> User:
Enter the name and logon name:
Click Next. Enter a password for the user. As this is a lab, I won’t require that the user changes the password and the Continue reading
James got confused by a statement made by Hannes Gredler in his IS-IS book:
Things behave really badly if the total IGP cost over the tunnel undermines the total topologies’ cost. What happens next is that the tunnel “wraps” around itself, ultimately causing a meltdown of the entire network.
Let’s unpack that, starting with “Why would you need a tunnel?”
While I was busy fixing bugs in the netlab release 1.9.2, other contributors added exciting new features:
Other new features include: