0

Cisco Launches Major Updates to Certifications

Cisco just announced major updates to their certification portfolio. Here’s what’s changing:

• CCNA v2.0
• CCIE practical exam AI DOO module
• CCIE automation v1.2

CCNA v2.0

Effective February 2027, the CCNA is getting a major update. The future networking administrator/engineer will be more of an orchestrator than operator. Meaning that punching commands on the CLI will only be a small part of the future job role. Instead, you must be able to design, secure, and optimize increasingly autonomous networks. To be job-ready, you’ll need to learn how to:

• Troubleshoot production issues under pressure
• Evaluate what an AI assistant recommends and know when it’s wrong
• Secure an environment by design, not an afterthought

The CCNA is about to get a whole lot more practical! Here’s what’s changing:

Troubleshooting gets a front seat. Employers value troubleshooting over reciting commands. Every domain will diagnostics and problem resolution. Think of the old TSHOOT CCNP exam, but instead of a separate exam, this is the format of the CCNA now. I’m really excited about this!

Security everywhere. We can no longer afford to think of security only as a separate domain, it needs to be part of everything we do. The new exam Continue reading

0

TCG076: Packet Pushers Assemble! Bridging the Telemetry Divide

Today our Packet Pushers team assembles to discuss whether the grass is greener on the NetOps or DevOps side of the telemetry fence. William of The Cloud Gambit, Scott of Total Network Operations, and Ned and Kyler of Day Two DevOps discuss the difficulties and differences of getting telemetry and state from devices across different... Read more »

0

My Network is Talking Back Thanks to SuzieQ MCP and it’s Channeling Sam Kinison

Last Updated: 2025-05-19 Every SuzieQ Enterprise release quietly adds things that end up being genuinely useful in day-to-day network operations. Version 3.3 has had a few updates already. The GUI has seen a lot of attention. The new workbench makes it even easier to get at your data without jumping around, and you can now READ MORE

The post My Network is Talking Back Thanks to SuzieQ MCP and it’s Channeling Sam Kinison appeared first on The Gratuitous Arp.

0

Encrypted DNS at OARC 46

Much has been said about the use of the DNS as a means of tracking and controlling the online behaviour of users. The response has been to hide the DNS behind encrypted transport.

0

phpIPAM installation on Ubuntu Server 26.04 LTS

How to install phpipam on Ubuntu Server 26.04 LTS server.

0

Dell Bulks Up Hardware As AI Infrastructure Shifts To On-Premises

0

PP110: News Roundup–Linux Fragged, Edge’s Password Manager Dragged, Android Intrusions Tagged, and More

JJ and Drew unpack an overstuffed suitcase of infosec stories in today’s News Roundup. Microsoft’s Edge password manager stores credentials in plaintext and Microsoft says “Yup”, the Linux kernel takes a one-two punch from Dirty Frag and Fragnesia, and a new industry coalition takes critical infrastructure protection private. A Taiwanese radio enthusiast allegedly brings high-speed... Read more »

0

HS132: Heart of Glasswing

How can enterprise IT folks prepare for the age of Mythos? Anthropic says its Claude Mythos model is so much better at finding software vulnerabilities that it has delayed public release. Instead Anthropic launched Project Glasswing to give IT infrastructure and software makers early access, so they can have some lead time to address vulnerabilities... Read more »

0

HW079: Driving AI Efficacy in Wi-Fi (Sponsored)

Every wireless vendor has an AI story. What actually matters now? Efficacy. Recorded live at Mobility Field Day, Keith sits down with HPE’s Bob Friday right off the show floor to discuss how HPE’s announcements are driving toward an autonomous network and what features are the key to truly making a difference in day-to-day life... Read more »

0

Fixing Ghost Drops: How eBPF Rescued IPv6 Telemetry

A customer complains that they aren't getting IPFIX flow data from a router.

Use socat to check that IPFIX is being received (IANA assigned port for IPFIX is 4739):

socat -b 0 -dd -u UDP6-RECV:4739 - 2>&1

Output demonstrates that at least some IPFIX messages can be received when listening on port 4739.

2026/05/15 22:46:32 socat[108419] N using stdout for writing
2026/05/15 22:46:32 socat[108419] N starting data transfer loop with FDs [5,5] and [1,1]
2026/05/15 22:46:33 socat[108419] N received packet with 0 bytes from AF=10 [fec0:0000:0000:0000:0001:000c:2744:69f1]:50978
2026/05/15 22:46:33 socat[108419] N received packet with 0 bytes from AF=10 [fec0:0000:0000:0000:0001:000c:2744:69f1]:50978

Use tcpdump to check for IPFIX packets. This gives visibility into packets before the host network stack, so you can see packets before they are dropped by host network stack or host firewall

tcpdump -i enp0s3 -n udp port 4739

The output shows that IPFIX datagrams are being received from a second source, fec0::1:c:2744:69f0, but they aren't showing up in the socat output, so the Linux kernel must be dropping them for some reason.

dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
21:09:57.217821  Continue reading

0

Announcing Claude Managed Agents on Cloudflare

Cloudflare and Anthropic have collaborated to integrate Claude Managed Agents with Cloudflare Sandboxes. Our new integration gives you more control over your agent sandboxes, secures connections to private services, and improves observability.

In the past year, Cloudflare’s Developer Platform has expanded to give more developers the tools they need to run agents at scale. This includes:

• Sandboxes for full stateful Linux microVMs at scale

• Agents SDK, providing simple and customizable agent framework

• Browser Run, which gives agents fully programmable and observable browsers

• Dynamic Workers, allowing for dynamic sandboxed code execution at massive scale

Our goal is to make Cloudflare the simplest, most secure, and most programmable cloud for agents.

Integrating with Claude Managed Agents is another step in this direction. You can run your agent loop on the Claude Platform, while using Cloudflare to execute code, secure connections, and run custom tool calls.

To get going in just minutes, we’ve created a default deployment template that gives you the following:

• Enhanced security - Run all agent traffic through customizable proxies. This allows you to securely inject credentials, prevent data exfiltration, and better observe how your agents interact with the outside world.

• Sandbox control and observability - Get Continue reading

0

Everything in C is undefined behavior

If he had been a programmer, Cardinal Richelieu would have said “Give me six lines written by the hand of the most expert C programmer in the world, and I will find enough in them to trigger undefined behavior”.

Nobody can write correct C, or C++. And I say that as someone who’s written C and C++ on an almost daily basis for about 30 years. I listen to C++ podcasts. I watch C++ conference talks. I enjoy reading and writing C++.

C++ has served us well, but it’s 2026, and the environment of 1985 (C++) or 1972 (C) is not the environment of today.

I’m definitely not the first to say this. I remember reading a post by someone prominent about a decade ago saying that a good case can be made that use of C++ is a SOX violation. And while I was not onboard with the rest of their rant (nor their confusion about “its” vs “it’s”), I never disagreed about that point.

With time I found it to be more and more true. WAY more things are undefined behavior (UB) than you’d expect.

Everyone knows that double-free, use after free, accessing outside the bounds of an Continue reading

0

Cisco Wins Over AI Customers With Merchant Silicon And Optics

0

Worth Reading 051826

We’ve all been in that meeting where someone pulls up a chart and says, “Our AI product boosted conversion by 15%.” Everyone nods. Nobody dares to ask: “What if conversions had risen anyway?”

 

The proposed repair is Running-Code Primacy: the number-resource layer should be interpreted only by reference to the minimum technical function running networks require—uniqueness, interoperability, proof of control, routing-adjacent security, and locally verifiable state.

 

You already know IPv6 is overdue. You’ve known for years. You’ve probably sat in a meeting where you laid out the case — address exhaustion, rising costs, growth constraints — and watched leadership nod politely before approving the budget for another batch of leased IPv4 addresses.

 

A key question was whether this reflected a breakthrough specific to one model, or part of a broader trend. Results from an early checkpoint of GPT-5.5 suggest the latter: a second model, from a different developer, now reaches a similar level of performance on our cyber evaluations.

 

The most mature U.S. small modular nuclear reactor vendor — NuScale Power — and a politically connected firm planning to build perhaps the largest reactor project in the U.S. to power an Continue reading

0

NB575: AI Multipath Protocol Goes to Open Compute Project; Cisco Shrinks Workforce as Income Swells

Take a Network Break! In this week’s Red Alert we suggest an audit of your Azure environment after Microsoft says it patched four critical vulnerabilities. On the news front, Nvidia has brought the Multipath Reliable Connection (MCR) protocol to the Open Compute Project, AT&T rolls out quantum-resistant SD-WAN services, and HPE introduces new Wi-Fi automation... Read more »

0

Project Glasswing: what Mythos showed us

For the last few months, we've been testing a range of security-focused LLMs on our own infrastructure. These LLMs help identify potential vulnerabilities in our own systems, so we can fix them – and they also show us what attackers are going to be able to do with the latest models.

None of these LLMs has captured more attention than Mythos Preview, from Anthropic. A few weeks ago, we were invited to use Mythos Preview as part of Project Glasswing. We soon pointed it at more than fifty of our own repositories – to see what it would find, and to see how it works.

This post shares what we observed, what the models did well and what they didn't, and how the architecture and process around them needs to change, so they can be used at scale.

Mythos Preview is a real step forward, and it's worth saying that plainly before getting into anything else. We've been running models against our code for a while now, and the jump from what was possible with previous general-purpose frontier models to what Mythos Preview does today is not just a refinement of what came before.

It's Continue reading

0

Goodbye, Ubuntu 20.04 (netlab 26.05)

netlab release 26.05 is out. I’ll write about its highlights tomorrow; today, I want to focus on one of its breaking changes: netlab no longer works with Python 3.8 (which reached end-of-life in October 2024), so you can no longer install it on a vanilla Ubuntu 20.04 (which reached end of standard support a year ago).

We wanted to get rid of old Python versions for ages, but never did because Ubuntu 20.04 shipped with Python 3.8, and many netlab early adopters installed it on Ubuntu 20.04 (and the last thing a networking engineer wants is wasting time with upgrades, right?).

0

Automatic SSL with Caddy, Cloudflare and Let’s Encrypt

I run a lot of applications and services in my homelab, and they usually look something like http://10.10.10.10:8000, http://10.10.10.11:8006, and so on. It works, but it comes with a few annoyances. Browsers constantly complain you about insecure connections, and remembering which IP and port maps to which service gets old fast.

The ideal setup is something like https://netbox-lab.yourdomain.com - a proper domain name with a valid SSL certificate and no port numbers to remember. In this post, I'll show you how to get there using Caddy, Cloudflare, and Let's Encrypt with very minimal effort.

Overview

To make this work, we need the following.

• A Cloudflare account with a domain (You don't necessarily need Cloudflare. Other DNS providers should work the same way, but this post uses Cloudflare as the example.)
• An LXC or VM to run Caddy
• A Cloudflare API token with DNS edit permissions
• Let's Encrypt Certificates are automatically managed by Caddy

Cloudflare Setup

I already have a domain that I use in my homelab, so I name my services like app.yourdomain.com. I purchased this domain through Cloudflare and manage it there.

To generate an API Continue reading

0

Using NetBox as a Dynamic Inventory Source for Nornir

If you have used Nornir before, you already know that the most common way to define your inventory is through YAML files. You list your hosts, groups, and defaults in separate files, and Nornir reads them at runtime. This works fine for small labs or quick scripts, but as your network grows, maintaining those files by hand becomes a problem. Every time you add a device, change an IP, or update a site, you have to remember to update your inventory files as well. It is easy to get out of sync.

This is where a source of truth tool like NetBox can help. NetBox is an open source network source of truth. It is a place to document your devices, IP addresses, sites, roles and pretty much anything about your network. Instead of maintaining a separate YAML inventory alongside NetBox, you can pull your inventory directly from NetBox at runtime. That way, Nornir always works with up to date data, and you only have to manage one source of truth.

In this post, we will cover how to use NetBox as a dynamic inventory source for Nornir using the nornir_netbox plugin. If you are new to Nornir, we have Continue reading

0

HN827: When Buffers Attack: Understanding Buffers to Better Diagnose Network Weirdness

Today’s episode covers buffers, the space between ingress and egress where a packet might have to live for a fraction of a second if the egress port is tied up transmitting other packets. This topic came courtesy of John Howard who joins Drew and Ethan as a co-host to discuss buffers with guest Rob Sherwood. How... Read more »