HW057: Orb – A New Tool for Monitoring Internet Connectivity

Orb is an intelligent app and platform designed to help consumers understand and improve their internet connectivity. Orb continuously monitors networks to give a complete picture of true internet experience, beyond just peak speed. Today’s guest, Doug Suttles, CEO and co-founder of Orb, explains exactly what Orb does, including speed, responsiveness and reliability testing, plus... Read more »

Cisco’s Outshift Incubator Sends Agentic AI Protocol To The Linux Foundation

AI agents bring with them the promise of being able to autonomously solve complex tasks put before them, from finding and analyzing the necessary data, choosing tools, and making decisions without human intervention to learning from their mistakes and adapting to changes.

Cisco’s Outshift Incubator Sends Agentic AI Protocol To The Linux Foundation was written by Jeffrey Burt at The Next Platform.

Linux packet sampling using eBPF

Linux 6.11+ kernels provide TCX attachment points for eBPF programs to efficiently examine packets as they ingress and egress the host. The latest version of the open source Host sFlow agent includes support for TCX packet sampling to stream industry standard sFlow telemetry to a central collector for network wide visibility, e.g. Deploy real-time network dashboards using Docker compose describes how to quickly set up a Prometheus database and use Grafana to build network dashboards.

static __always_inline void sample_packet(struct __sk_buff *skb, __u8 direction) {
    __u32 key = skb->ifindex;
    __u32 *rate = bpf_map_lookup_elem(&sampling, &key);
    if (!rate || (*rate > 0 && bpf_get_prandom_u32() % *rate != 0))
        return;

    struct packet_event_t pkt = {};
    pkt.timestamp = bpf_ktime_get_ns();
    pkt.ifindex = skb->ifindex;
    pkt.sampling_rate = *rate;
    pkt.ingress_ifindex = skb->ingress_ifindex;
    pkt.routed_ifindex = direction ? 0 : get_route(skb);
    pkt.pkt_len = skb->len;
    pkt.direction = direction;

    __u32 hdr_len = skb->len < MAX_PKT_HDR_LEN ? skb->len : MAX_PKT_HDR_LEN;
    if (hdr_len > 0 && bpf_skb_load_bytes(skb, 0, pkt.hdr, hdr_len) < 0)
        return;
    bpf_perf_event_output(skb, &events, BPF_F_CURRENT_CPU, &pkt, sizeof(pkt));
}

SEC("tcx/ingress")
int tcx_ingress(struct __sk_buff *skb) {
    sample_packet(skb, 0);

    return TCX_NEXT;
}

SEC("tcx/egress")
int tcx_egress(struct __sk_buff *skb) {
    sample_packet(skb, 1);

    return TCX_NEXT;
}

The sample.bpf.c file Continue reading

Worth Reading 072725


We sketch out the enabling technologies for AI. They include search, reasoning, neural networks, natural language processing, signal processing and computer graphics, programming and conventional software engineering, human-computer interaction, communications, and specialized hardware that provides supercomputing power.


For decades, thanks to the low latency enabled by Remote Direct Memory Access, or RDMA, a method of allowing CPUs and then GPUs and finally other kinds of XPUs to directly access the main memory of each other without having to go through the entire network software stack, InfiniBand found a niche and was one of the reasons why Nvidia shelled out $6.9 billion to acquire Mellanox Technologies more than five years ago.


Shipments of tape storage media increased again in 2024, according to HPE, IBM, and Quantum – the three companies that back the Linear Tape-Open (LTO) Format.


In this episode of PING, APNIC’s Chief Scientist, Geoff Huston, discusses a day in the life of Border Gateway Protocol (BGP). Not an extraordinary day, not a special day, just a regular day.


Dumb phones represent the laziest possible solution to a complex behavioral problem. They’re the dietary equivalent of having your jaw wired shut.

HN789: How a Global Payments Processor Automates Firewall Changes at Scale

Adyen is a global payments processor whose primary business is providing payment services for merchants, retailers, and venues, as well as online payments. On today’s Heavy Networking we talk about a firewall automation project the company has undertaken. With dozens of change requests coming in every day that need to touch network and host firewalls,... Read more »

TNO036: Bridging Networking and Security with Auvik (Sponsored)

Auvik is network management software that lets users monitor, manage, and troubleshoot their networks. On today’s sponsored episode we talk with Doug Murray, CEO; and John Harden, Director of Strategy & Technology Evangelism, both from Auvik, about the challenges facing today’s network operators. We look at the rise of the IT generalist, workloads and burnout,... Read more »

ArubaCX: When BGP Soft Reconfiguration Becomes a No-Op

Changing an existing BGP routing policy is always tricky on platforms that apply line-by-line changes to device configurations (Cisco IOS and most other platforms claiming to have industry-standard CLI, with the notable exception of Arista EOS). The safest approach seems to be:

  • Do not panic when the user makes changes to route maps and underlying filters (prefix lists, AS-path access lists, or community lists).
  • Let the user decide when they’re done and process the BGP table with the new routing policy at that time.
Read more …

The White House AI Action Plan: a new chapter in U.S. AI policy

On July 23, 2025, the White House unveiled its AI Action Plan (Plan), a significant policy document outlining the current administration's priorities and deliverables in Artificial Intelligence. This plan emerged after the White House received over 10,000 public comments in response to a February 2025 Request for Information (RFI). Cloudflare’s comments urged the White House to foster conditions for U.S. leadership in AI and support open-source AI, among other recommendations. 

There is a lot packed into the three pillar, 28-page Plan. 

  • Pillar I: Accelerate AI Innovation. Focuses on removing regulations, enabling AI adoption and developing, and ensuring the availability of open-source and open-weight AI models.

  • Pillar II: Build American AI Infrastructure. Prioritizes the construction of high-security data centers, bolstering critical infrastructure cybersecurity, and promoting Secure-by-Design AI technologies. 

  • Pillar III: Lead in International AI Diplomacy and Security. Centers on providing America’s allies and partners with access to AI, as well as strengthening AI compute export control enforcement. 

Each of these pillars outlines policy recommendations for various federal agencies to advance the plan’s overarching goals. There’s much that the Plan gets right. Below we cover a few parts of the Plan that we think are particularly important. Continue reading

Testing Arista AVD with GNS3 and EOS

Arista AVD (Architect, Validate, Deploy) – https://avd.arista.com – is a powerful tool that brings network architecture into the world of Infrastructure-as-Code. I wanted to try it out in a lab setting and see how it works in a non-standard environment. Since my go-to lab tool is GNS3 with Arista cEOS images — while the AVD […]

<p>The post Testing Arista AVD with GNS3 and EOS first appeared on IPNET.</p>

TL017: From the Mailbag: Yes and No, and Mid-Year Evaluations

Laura Santamaria opens the listener mailbag to answer questions, including how to say yes or no to leadership opportunities without tanking your career or trashing your work-life balance. She also explores the mid-year review process and offers tips for successful self-evaluation and paths to self-growth. Episode Links: The Line Between Management and IC Leadership –... Read more »

Kubernetes Is Powerful, But Not Secure (at least not by default)

Kubernetes has transformed how we deploy and manage applications. It gives us the ability to spin up a virtual data center in minutes, scaling infrastructure with ease. But with great power comes great complexities, and in the case of Kubernetes, that complexity is security.

By default, Kubernetes permits all traffic between workloads in a cluster. This “allow by default” stance is convenient during development, and testing but it’s dangerous in production. It’s up to DevOps, DevSecOps, and cloud platform teams to lock things down.

To improve the security posture of a Kubernetes cluster, we can use microsegmentation, a practice that limits each workload’s network reach so it can only talk to the specific resources it needs. This is an essential security method in today’s cloud-native environments.

Why Is Microsegmentation So Hard?

We all understand that network policies can achieve microsegmentation; or in other words, it can divide our Kubernetes network model into isolated pieces. This is important since Kubernetes is usually used to provide multiple teams with their infrastructural needs or host multiple workloads for different tenants. With that, you would think network policies are first citizens of clusters. However, when we dig into implementing them, three operational challenges Continue reading

For Now, AI Helps IBM’s Bottom Line More Than Its Top Line

While the hyperscalers and clouds and their AI model builder customers are setting the pace in compute, networking, and storage during the GenAI revolution, that does not mean that they will necessarily provide the only systems that will be used by the largest enterprises in the world.

For Now, AI Helps IBM’s Bottom Line More Than Its Top Line was written by Timothy Prickett Morgan at The Next Platform.

N4N034: OSPF Network Types

Ethan and Holly continue their OSPF journey this week with OSPF Network Types. They discuss the two main OSPF network types used today: the broadcast and point to point networks. They also explain designated routers, backup designated routers, and when those are used and why. Lastly they discuss some soft skills – knowing your vendor... Read more »
1 5 6 7 8 9 3,806