Cloudflare’s commitment to CISA Secure-By-Design pledge: delivering new kernels, faster
As cyber threats continue to exploit systemic vulnerabilities in widely used technologies, the United States Cybersecurity and Infrastructure Agency (CISA) produced best practices for the technology industry with their Secure-by-Design pledge. Cloudflare proudly signed this pledge on May 8, 2024, reinforcing our commitment to creating resilient systems where security is not just a feature, but a foundational principle.
We’re excited to share and provide transparency into how our security patching process meets one of CISA’s goals in the pledge: Demonstrating actions taken to increase installation of security patches for our customers.
Managing and deploying Linux kernel updates is one of Cloudflare’s most challenging security processes. In 2024, over 1000 CVEs were logged against the Linux kernel and patched. To keep our systems secure, it is vital to perform critical patch deployment across systems while maintaining the user experience.
A common technical support phrase is “Have you tried turning it off and then on again?”. One may be surprised how often this tactic is used — it is also an essential part of how Cloudflare operates at scale when it comes to applying our most critical patches. Frequently restarting systems exercises the Continue reading
Transitioning into Networking, 2025 Edition
Elmer sent me the following question:
I’ve been working in systems engineering (Linux, virtualization, infrastructure ops) and am considering shifting toward network engineering or architecture. I got my CCNA years ago and started CCNP but didn’t continue.
I’d really appreciate any thoughts you might have on how someone with my background could best make that transition today, especially with how things are evolving around automation and the cloud.
I keep answering a variant of this question every other year or so (2019, 2021, 2023, 2024). I guess it’s time for another answer, so here we go.
IPB172: IPv6 SMB – Does it Work? Plus Other Listener Questions!
On today’s episode we’re doing some follow up on listener comments and questions that have come in via the Follow Up on packetpushers.net. We cover questions regarding IPv6 for small businesses, then go even smaller and answer a question about IPv6 for home networks. Lastly, we have a quick discussion about Path MTU discovery with... Read more »Parasail Brokers Between AI Compute Demand And Supply
Mike Henry was interim chief product officer at AI inference company Groq in 2023, a position that put him in close contact with a lot of datacenter administrators and managers. …
Parasail Brokers Between AI Compute Demand And Supply was written by Jeffrey Burt at The Next Platform.
N4N020: To Cert Or Not To Cert?
To cert or not to cert? That is the question Holly & Ethan discuss on today’s episode. Will a certification really land you a networking job? Are certs the guaranteed path to tech career success? We consider this, talking through the benefits, challenges and even risks of networking industry certification. And there’s some bonus material,... Read more »Improve your media pipelines with the Images binding for Cloudflare Workers
When building a full-stack application, many developers spend a surprising amount of time trying to make sure that the various services they use can communicate and interact with each other. Media-rich applications require image and video pipelines that can integrate seamlessly with the rest of your technology stack.
With this in mind, we’re excited to introduce the Images binding, a way to connect the Images API directly to your Worker and enable new, programmatic workflows. The binding removes unnecessary friction from application development by allowing you to transform, overlay, and encode images within the Cloudflare Developer Platform ecosystem.
In this post, we’ll explain how the Images binding works, as well as the decisions behind local development support. We’ll also walk through an example app that watermarks and encodes a user-uploaded image, then uploads the output directly to an R2 bucket.
Cloudflare Images was designed to help developers build scalable, cost-effective, and reliable image pipelines. You can deliver multiple copies of an image — each resized, manipulated, and encoded based on your needs. Only the original image needs to be stored; different versions are generated dynamically, or as requested by a user’s browser, then subsequently served Continue reading
ARP Challenges in EVPN/VXLAN Symmetric IRB
Whenever I claimed that EVPN is The SIP of Networking, vendor engineers quickly told me that “EVPN interoperability is a solved problem” and that they run regular multi-vendor interoperability labs to iron out the quirks. As it turns out, things aren’t as rosy in real life; it’s still helpful to have an EVPN equivalent of the DTMF tone generators handy.
I encountered a particularly nasty quirk when running the netlab EVPN integration test using symmetric IRB with an anycast gateway between Nokia SR Linux (or Juniper vSwitch) and FRR container.
Lab topology
A Second Opinion On Future GenAI Spending
Two weeks ago, before we began our nightmare travels to get to the 2025 edition of the GOU Technology Conference in San Jose, we put together an analysis of the AI server and storage spending forecasts put out by the good folks at IDC. …
A Second Opinion On Future GenAI Spending was written by Timothy Prickett Morgan at The Next Platform.
Calico Whisker, Your New Ally in Network Observability
With the upcoming release of Calico v3.30 on the horizon, we are excited to introduce Calico Whisker, a simple yet powerful User Interface (UI) designed to enhance network observability and policy debugging. If you’ve ever struggled to make sense of network flow logs or troubleshoot policies in a complex Kubernetes cluster, Whisker is your friend!
Whisker is a three part deployment that holds a UI, backend and a gRPC channel to communicate with the Felix brain of Calico to gather live flow information and present it in a human readable, easy to understand way. But before we get started let’s dive into why Whisker is a must-have for your Kubernetes environment, what problems it solves, and how it can streamline your policy management.
Navigating Network Flows is Difficult
In Kubernetes environments, network flows are the backbone of communication between workloads. As clusters scale, so does the complexity of managing these flows and their security. Without clear visibility and effective observability tools, teams often struggle with:
- Diagnosing unexplained workload behavior and determining why certain applications aren’t working as expected.
- Identifying the real reason why certain workload communications are permitted or denied, which stems from understanding which policies are affecting specific Continue reading
D2DO268: Solving Big Problems By Solving Small Problems
“You build a shop that solves big problems by solving small problems” is advice given by today’s guest, Merritt Baer. Merritt is currently a CISO at Reco, and has deep security experience in both government and private sectors. She chats with Day Two DevOps podcast hosts Ned Bellavance and Kyler Middleton to discuss the current... Read more »A steam locomotive from 1993 broke my yarn test
So the story begins with a pair programming session I had with my colleague, which I desperately needed because my node skill tree is still at level 1, and I needed to get started with React because I'll be working on our internal backstage instance.
We worked together on a small feature, tested it locally, and it worked. Great. Now it's time to make My Very First React Commit. So I ran the usual git add and git commit, which hooked into yarn test, to automatically run unit tests for backstage, and that's when everything got derailed. For all the React tutorials I have followed, I have never actually run a yarn test on my machine. And the first time I tried yarn test, it hung, and after a long time, the command eventually failed:
Determining test suites to run...
● Test suite failed to run
thrown: [Error]
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
🌈 backstage ⚡I could tell it was obviously unhappy about something, and then it threw some [Error]. I have very little actual JavaScript experience, but this looks suspiciously like someone had neglected to Continue reading
Comparing IP and CLNP: Local (Node) Multihoming
Another area where CLNP is a clear winner when compared to the TCP/IP stack is multi-homed nodes (nodes with multiple interfaces, not site multi-homing, where whole networks are connected to two upstream providers).
Multi-homed TCP/IP nodes must have multiple IP addresses because IP uses address interfaces. There is no well-defined procedure in TCP/IP for how a multi-homed node should behave. In the early days of TCP/IP, they tried to address that in RFC 1122 (Host Requirements RFC), but even then, there were two ideas about dealing with multiple interfaces: the strong and weak end system models (more details).
The Team That Will Implement Intel’s New Vision
Intel is hosting its Vision 2025 annual event in Las Vegas this week, what we old hands used to call Intel Developer Forum back in the days when the chip maker was taking over more and more of the datacenter and had give the world a relatively inexpensive and uniform substrate on which to build hyperscale infrastructure. …
The Team That Will Implement Intel’s New Vision was written by Timothy Prickett Morgan at The Next Platform.
HW049: Updates on Wi-Fi Security, Wi-Fi 7 and WPA3
Host Keith Parsons and guest Stephen Orr took time at the Wireless LAN Professionals Conference in Phoenix this past February to discuss the security implications of Wi-Fi 7. Stephen explains that new features in Wi-Fi 7 require specific security protocols such as WPA3 to function. Challenges with device onboarding and secure authentication are addressed next,... Read more »HS099: From CLI to CFO: Translating Complex Network Data into Clear Strategic and Financial Insights (Sponsored)
IT and network leaders need more than uptime—they need to know what their networks cost, what they deliver, and how future changes will impact the business. That’s where Netos comes in. CEO and founder Richard Foster joins Johna and John in a lively discussion to explore how Netos turns complex operational data into clear financial... Read more »
Comparing AI / ML activity from two production networks
This article goes beyond simulation to demonstrate the AI Metrics dashboard by comparing live traffic seen in two production AI clusters.
Cluster 1
PP056: Ask A CISO with Joe Evangelisto
On today’s show, we chat with Joe Evangelisto, CISO at NetSPI. He recounts his journey to becoming a Chief Information Security Officer, one that started as an IT sysadmin, advanced to management, and led him ultimately to the CISO role. Joe talks about building security programs from the ground up and developing both personally and... Read more »Nvidia Says It Will Be An Accelerator Of Quantum Computing
The way that Nvidia co-founder and chief executive officer Jensen Huang sees it, his company’s role in the ever-emerging quantum computing field is no different than that in other industries where AI and accelerated computing play roles. …
Nvidia Says It Will Be An Accelerator Of Quantum Computing was written by Jeffrey Burt at The Next Platform.