Alexander Timokhin on Wirez

CIDR fixes IPv4 waste from old Class B blocks

Fri, 01 May 2026 12:56:18 +0000

Geoff Huston's CIDR Report has named and shamed inefficient networks for over two decades to curb routing bloat.

Classless Inter-Domain Routing (CIDR) remains the single most critical mechanism for preventing IPv4 exhaustion, a reality reinforced by rising address demand in 2026. By replacing the rigid Class A, B, and C structures of RFC 791 with flexible prefix lengths defined in RFC 1519, CIDR solved the twin crises of address scarcity and router table scalability. Readers will examine the historical transition from fixed-size blocks to the variable-length architecture that powers modern connectivity. We analyze how BGP4 mechanics use route aggregation to minimize the processing load on shared infrastructure, contrasting this with the inefficiencies of legacy models. Finally, we explore the operational influence of APNIC's reporting tools in driving behavioral changes among network operators who might otherwise ignore the collective cost of their routing announcements. (APNIC's the why and what of the cidr report))

Centralized ingress cuts cloud firewall costs now

Fri, 01 May 2026 10:47:25 +0000

Centralized ingress inspection reduces operational complexity caused by managing duplicate firewalls across every single.

The thesis is clear: organizations must abandon distributed hardware models in favor of a unified global network using AWS Cloud WAN. While the distributed model offers isolated failure domains, it creates unsustainable policy fragmentation and configuration drift. As Delloro Group predicts, 2026 security budgets are shifting away from discrete branch "boxes" toward recurring spend on cloud-native services like SASE and WAF. This financial pivot supports the move to centralize IDS/IPS and DLP tools at a single inspection point rather than replicating them endlessly.

DDoS scrubbing data proves on-demand is dead

Fri, 01 May 2026 10:45:23 +0000

Always-on scrubbing now dominates the environment, eclipsing reactive on-demand models according to April 2026 research by APNIC. APNIC's detecting and characterizing ddos scrubbing from ... This shift confirms that modern network defense has fundamentally abandoned sporadic, attack-triggered responses in favor of continuous proactive protection. The era of waiting for an alert before diverting traffic is effectively over for major autonomous systems.

IPv8 Draft Fails: Why Centralized Zones Don't Work

Fri, 01 May 2026 10:45:23 +0000

With Google data showing IPv6 access exceeding 50%, the IPv8 proposal fails as a viable replacement for current Internet standards. This draft, authored by Brendan Thain of One Limited, attempts to fix routing trust and address exhaustion but ultimately collapses under the weight of its own centralized security models and rigid architectural coupling.

RPKI route validation cuts $4.44M breach risk

Mon, 20 Apr 2026 00:00:00 +0000

With cybercrime costing $10.5 trillion in 2026, ignoring cryptographic route validation is financial negligence. The stability of the global network now demands that operators abandon fragile manual databases for RPKI Route Origin Authorizations to prevent catastrophic hijacking. Readers will examine the critical transition from the error-prone Internet Routing Registry to modern cryptographic standards that bind prefixes to origin ASNs automatically. We dissect the mechanics of AS path authorization, detailing how routers drop invalid routes in real-time rather than relying on outdated static lists. Finally, the analysis covers practical deployment using MyAPNIC and DASH monitoring to visualize complex data streams. APNIC's nro rpki program 2025 in review

Akamai edge steering breaks with open DNS

Mon, 13 Apr 2026 00:00:00 +0000

Akamai's 4,000 edge Points of Presence rely on DNS-based content steering to triangulate user location, a method increasingly compromised by centralized resolvers. This architecture assumes the querying recursive resolver sits near the end user, a premise that collapses when traffic routes through distant open DNS platforms like Google's 8.8.8..

Pacific infrastructure cuts latency with local IXP

Fri, 10 Apr 2026 00:00:00 +0000

Pacific connectivity advances through submarine cable investments despite small markets and disaster risks.

The region's digital future depends not on raw capital but on hybrid infrastructure that bridges the gap between international capacity and local fragility. While the global telecommunication market projects a 6.14% CAGR through 2034 per Precedence Research, Pacific economies like Fiji, Tonga, and Papua New Guinea face unique structural bottlenecks that generic growth models ignore. The upcoming APNIC Sub-Regional Forum in Rarotonga highlights how geographic isolation and skills scarcity undermine even the most reliable physical links. APNIC's non member

Akvorado IPv6 Visibility: See SOHO Traffic Clearly

Thu, 09 Apr 2026 00:00:00 +0000

Deploying Akvorado on modest hardware like a 6-core Ryzen NUC eliminates blind spots in IPv6-first networks instantly. This guide argues that open-source flow analysis via Akvorado is now essential for SOHO administrators to visualize traffic without enterprise overhead. Readers will learn how NetFlow enrichment leverages SNMP queries to map interface indices, the mechanics of packet sampling intervals, and a streamlined Docker Compose deployment strategy.

Airgapped VPC for SageMaker: Zero Public Internet

Thu, 02 Apr 2026 00:00:00 +0000

Three Availability Zones form the mandatory minimum foundation for deploying a network-isolated Amazon SageMaker Unified Studio domain.

This architecture proves that strict regulatory adherence to HIPAA or FedRAMP standards demands eliminating public internet exposure entirely. You will learn how AWS PrivateLink, now available for this service as of January 2026, secures communication channels exclusively over private networks. The guide details constructing a custom VPC named airgapped with specific interface and gateway endpoints to ensure sensitive data never leaves controlled pathways. Finally, we examine the step-by-step configuration required to maintain full functionality for data cataloging and query execution within these hardened boundaries.

eBPF offloading limits: Why 55K requests stall

Wed, 25 Mar 2026 00:00:00 +0000

Running 55K of 60K requests in-kernel exposes why eBPF fails general networked applications despite success in simple functions.

The central thesis asserts that architectural constraints within the Linux kernel runtime prevent broad adoption beyond basic network functions like firewalls. While kernel bypass libraries and smart NICs have evolved, eBPF remains stuck serving infrastructure roles rather than complex services. This limitation exists because current verifier constraints and API restrictions force awkward splits between userspace logic and in-kernel execution, crippling performance for stateful applications.

ARIN Maintenance March 28: What the 12-Hour Outage Means

Mon, 16 Mar 2026 00:00:00 +0000

ARIN Online accounts will be inaccessible for 12 hours on March 28, 2026, as the registry executes critical system maintenance. ARIN research data This scheduled outage represents a necessary friction point in the broader evolution of regional internet infrastructure, proving that even "stateless" architectures still require periodic, total halts for updates. While the industry at large projects massive expansion, the immediate reality for network operators is a hard stop on provisioning capabilities.

AFRINIC Legal Crisis Halts IPv4 for 56 Countries

Fri, 13 Mar 2026 00:00:00 +0000

After years of litigation preventing leadership selection, AFRINIC finally elected a board in 2025 only to face renewed paralysis.

The ongoing legal assault by Cloud Innovation limited demonstrates how strategic litigation can weaponize governance structures to hold critical internet infrastructure hostage. While the global ISP market expands at a 3.61% CAGR through 2035 driven by smart city projects, Africa's sole Regional Internet Registry remains incapacitated by a "web of litigation" targeting its IPv4 allocation capabilities. AFRINIC accuses Cloud Innovation and associated entities of filing procedural roadblocks specifically designed to stop address issuance and block bylaw changes, effectively freezing the organization's ability to serve its 2,400 members across 56 countries.

APNIC data shows routing silos collapsing fast

Fri, 06 Mar 2026 00:00:00 +0000

With TWNIC reporting 98% IPv6 RPKI validity, National Internet Registry coordination has become the definitive mechanism for securing Asia Pacific's routing infrastructure. APNIC's ip addresses through 2025 The strategic alignment of seven regional NIRs under APNIC governance is no longer administrative overhead but a critical defense against escalating route hijacking and resource exhaustion.

ASSET filtering beats linear scans for BGP

Sun, 01 Mar 2026 00:00:00 +0000

Matching a single ASN via tree lookup is exponentially faster than the legacy linear scanning found in older as-path-set implementations.

Legacy IRR filtering fails operators today

Sun, 01 Mar 2026 00:00:00 +0000

Legacy IRR filtering fails because a single ASN cannot define distinct prefix sets for different neighbors. This architectural rigidity forces operators to apply loose, universal filters that expose networks to unauthorized route leaks and mis-originations. Italo Cunha highlights that maintaining sixteen route6 objects just to announce a /44 IPv6 prefix at /48 granularity exemplifies the unmanageable overhead plaguing current AS-set deployments.

APNIC Fellowship 2026: My Take on the Tech Track

Fri, 27 Feb 2026 00:00:00 +0000

With global internet users up 294 million in the last year, the APNIC Fellowship offers a critical pipeline for essential technical leadership. APNIC's non member This program directly addresses the widening skills gap by transitioning candidates from passive observers to active contributors in Internet operations.

IPv6 infrastructure: Master the 24-hour RIPE course

Tue, 10 Feb 2026 00:00:00 +0000

The RIPE NCC's new 24-hour course addresses the critical gap in IPv6 infrastructure design for modern networks. RIPE's training and materials

RIR Governance Rules: Why Stability Beats Speed

Mon, 02 Feb 2026 00:00:00 +0000

The NRO NC concluded its second consultation on the RIR Governance Document after gathering community input from August through November 2025. This draft framework establishes the critical rules for recognizing, operating, and potentially derecognizing the entities that manage global Internet number resources. While the AI sector chases speculative growth, the fundamental plumbing of the Internet relies on this deliberate, often contentious, bureaucratic machinery to function without collapse.

ARIN Fellowship 2026: My Take on Policy Training

Thu, 08 Jan 2026 00:00:00 +0000

Applications for the ARIN 57 Fellowship close strictly on 26 January 2026, demanding immediate action from qualified candidates. ARIN research data This program serves as the primary pipeline for cultivating the next-generation of leaders capable of navigating the complex Policy Development Process before artificial intelligence renders human interpretation obsolete. By 2030, Gartner predicts that 50% of organizations will rely on autonomous AI agents to convert governance policies into machine-verifiable data contracts, making today's human-centric training a rare and critical asset. Gartner announces top predictions for data and analytics ...