TNO037: The Next Era of Network Management and Operations
What’s the next era of network management and operations? Total Network Operations talks to Mahesh Jethanandani, Area Director(AD) for all of Operations and Management (OPS) at IETF and Distinguished Engineer at Arrcus. Mahesh describes a workshop from December of 2024 that sought to investigate the past, present, and future of network management and operations. He... Read more »Vulnerability disclosure on SSL for SaaS v1 (Managed CNAME)
Earlier this year, a group of external researchers identified and reported a vulnerability in Cloudflare’s SSL for SaaS v1 (Managed CNAME) product offering through Cloudflare’s bug bounty program. We officially deprecated SSL for SaaS v1 in 2021; however, some customers received extensions for extenuating circumstances that prevented them from migrating to SSL for SaaS v2 (Cloudflare for SaaS). We have continually worked with the remaining customers to migrate them onto Cloudflare for SaaS over the past four years and have successfully migrated the vast majority of these customers. For most of our customers, there is no action required; for the very small number of SaaS v1 customers, we will be actively working to help migrate you to SSL for SaaS v2 (Cloudflare for SaaS).
Back in 2017, Cloudflare announced SSL for SaaS, a product that allows SaaS providers to extend the benefits of Cloudflare security and performance to their end customers. Using a “Managed CNAME” configuration, providers could bring their customer’s domain onto Cloudflare. In the first version of SSL for SaaS (v1), the traffic for Custom Hostnames is proxied to the origin based on the IP addresses assigned to the Continue reading
AI Embiggens The Big Clouds, Especially Microsoft
Building a successful cloud and growing it quarter after quarter, year after year, with first mover status or without it, is not an easy task. …
AI Embiggens The Big Clouds, Especially Microsoft was written by Timothy Prickett Morgan at The Next Platform.
IPB180: IPv6 Basics – Deployment
We’re continuing our IPv6 Basics series discussing on this episode deployment. We’ll help you sort out why you should deploy IPv6, things to consider before starting a deployment, and what approach you should take such as “inside out” vs. “outside in” and when you should deploy IPv6. Lastly we explain why you should seek out... Read more »N4N035: Well Actually . . . Listener Comments and Corrections
We ask listeners for follow up and you’ve sent it in. On today’s show we respond to listener comments and corrections on tunneling, the link aggregation control protocol, link aggregation in general, and DHCP options. We also talk about the network engineering certification journey. If you’ve got a “Well, actually” or any other follow up,... Read more »For Financial Services Firms, AI Inference Is As Challenging As Training
A decade ago, when traditional machine learning techniques were first being commercialized, training was incredibly hard and expensive, but because models were relatively small, inference – running new data through a model to cause an application to act or react – was easy. …
For Financial Services Firms, AI Inference Is As Challenging As Training was written by Timothy Prickett Morgan at The Next Platform.
IEPG at IETF 123
he IEPG meeting is held each Sunday at the start of the IETF week. There is no particular theme for these sessions, although subjects of operational relevance are encouraged (www.iepg.org). These are my impressions of the presentations that were made at this IEPG meeting att the start of IETF 123.D2DO278: The Future of HashiCorp Inside IBM
On today’s show, we talk to Armon Dadgar, co-founder and CTO of HashiCorp regarding HashiCorp’s future within IBM. We start with a quick recap of IBM’s acquisition of HashiCorp and then move on to the challenges of bringing a small, young tech company into a huge corporation that makes lots of its revenue on legacy... Read more »Top 5 Kubernetes Network Issues You Can Catch Early with Calico Whisker
Kubernetes networking is deceptively simple on the surface, until it breaks, silently leaks data, or opens the door to a full-cluster compromise. As modern workloads become more distributed and ephemeral, traditional logging and metrics just can’t keep up with the complexity of cloud-native traffic flows.
That’s where Calico Whisker comes in. Whisker is a lightweight Kubernetes-native observability tool created by Tigera. It offers deep insights into real-time traffic flow patterns, without requiring you to deploy heavyweight service meshes or packet sniffer. And here’s something you won’t get anywhere else: Whisker is data plane-agnostic. Whether you run Calico eBPF data plane, nftables, or iptables, you’ll get the same high-fidelity flow logs with consistent fields, format, and visibility. You don’t have to change your data plane, Whisker fits right in and shows you the truth, everywhere.
Let’s walk through 5 network issues Whisker helps you catch early, before they turn into outages or security incidents.
1. Policy Misconfigurations
Traditional observability tools often show whether a packet was forwarded, accepted or dropped, but not why. They lack visibility into which Kubernetes network policy was responsible or if one was even applied.
With Whisker, each network flow is paired with:
- The enforced policy name Continue reading
Skimpy HBM Memory Opens Up The Way For AI Inference Memory Godbox
Generative AI is arguably the most complex application that humankind has ever created, and the math behind it is incredibly complex even if the results are simple enough to understand. …
Skimpy HBM Memory Opens Up The Way For AI Inference Memory Godbox was written by Timothy Prickett Morgan at The Next Platform.
PP072: Mobile Device Threat Management
Mobile devices blur the boundaries between personal and work devices and are packed with sensitive information, making them popular targets for malware, spyware, and data collection. On today’s Packet Protector we dig into strategies for managing threats to mobile devices with guest Akili Akridge. Akili started his career pulling burner phones off suspects as a... Read more »AMD EPYC Is A More Universal Hybrid Cloud Substrate Than Arm
SPONSORED FEATURE The hyperscalers and big cloud builders have their own technical and political reasons for designing proprietary Arm server chips and having them built by Taiwan Semiconductor Manufacturing Co. …
AMD EPYC Is A More Universal Hybrid Cloud Substrate Than Arm was written by Timothy Prickett Morgan at The Next Platform.
HW057: Orb – A New Tool for Monitoring Internet Connectivity
Orb is an intelligent app and platform designed to help consumers understand and improve their internet connectivity. Orb continuously monitors networks to give a complete picture of true internet experience, beyond just peak speed. Today’s guest, Doug Suttles, CEO and co-founder of Orb, explains exactly what Orb does, including speed, responsiveness and reliability testing, plus... Read more »Cisco’s Outshift Incubator Sends Agentic AI Protocol To The Linux Foundation
AI agents bring with them the promise of being able to autonomously solve complex tasks put before them, from finding and analyzing the necessary data, choosing tools, and making decisions without human intervention to learning from their mistakes and adapting to changes. …
Cisco’s Outshift Incubator Sends Agentic AI Protocol To The Linux Foundation was written by Jeffrey Burt at The Next Platform.
How To Cash In On Massive Datacenter Spending
Both the global economy and spending on information technology are so vast that it is hard to really grasp the numbers sometimes. …
How To Cash In On Massive Datacenter Spending was written by Timothy Prickett Morgan at The Next Platform.
Linux packet sampling using eBPF
Linux 6.11+ kernels provide TCX attachment points for eBPF programs to efficiently examine packets as they ingress and egress the host. The latest version of the open source Host sFlow agent includes support for TCX packet sampling to stream industry standard sFlow telemetry to a central collector for network wide visibility, e.g. Deploy real-time network dashboards using Docker compose describes how to quickly set up a Prometheus database and use Grafana to build network dashboards.
static __always_inline void sample_packet(struct __sk_buff *skb, __u8 direction) {
__u32 key = skb->ifindex;
__u32 *rate = bpf_map_lookup_elem(&sampling, &key);
if (!rate || (*rate > 0 && bpf_get_prandom_u32() % *rate != 0))
return;
struct packet_event_t pkt = {};
pkt.timestamp = bpf_ktime_get_ns();
pkt.ifindex = skb->ifindex;
pkt.sampling_rate = *rate;
pkt.ingress_ifindex = skb->ingress_ifindex;
pkt.routed_ifindex = direction ? 0 : get_route(skb);
pkt.pkt_len = skb->len;
pkt.direction = direction;
__u32 hdr_len = skb->len < MAX_PKT_HDR_LEN ? skb->len : MAX_PKT_HDR_LEN;
if (hdr_len > 0 && bpf_skb_load_bytes(skb, 0, pkt.hdr, hdr_len) < 0)
return;
bpf_perf_event_output(skb, &events, BPF_F_CURRENT_CPU, &pkt, sizeof(pkt));
}
SEC("tcx/ingress")
int tcx_ingress(struct __sk_buff *skb) {
sample_packet(skb, 0);
return TCX_NEXT;
}
SEC("tcx/egress")
int tcx_egress(struct __sk_buff *skb) {
sample_packet(skb, 1);
return TCX_NEXT;
}
The sample.bpf.c file Continue reading
NB536: Fortinet FortiOS Goes Post-Quantum; Intel Scales Back Global Projects
Take a Network Break! In our Red Alert section we note that memory safety bugs bug Firefox and Thunderbird, and on-prem SharePoint instances are under attack. In tech news, Fortinet adds support for Post Quantum Cryptography in FortiOS, Cato Networks integrates Azure Virtual WANs to its SASE offering, and we weigh the pros and cons... Read more »Fun Reading: Who is LLM?
Is an LLM a stubborn donkey, a genie, or a slot machine (and why)? Find out in the Who is LLM? article by Martin Fowler.