Traffic on Wirez

Cloudflare's 500 Tbps capacity stops 31.4 Tbps attacks

Fri, 10 Apr 2026 00:00:00 +0000

Cloudflare now commands 500 Tbps of external capacity across 330+ cities, reserving the surplus explicitly as a DDoS budget. You will examine the sheer physical reality of this global backbone, dissect the packet processing pipeline using eBPF and XDP for line-rate filtering, and explore how Workers and RPKI validate routes at the edge.

Akvorado IPv6 Visibility: See SOHO Traffic Clearly

Thu, 09 Apr 2026 00:00:00 +0000

Deploying Akvorado on modest hardware like a 6-core Ryzen NUC eliminates blind spots in IPv6-first networks instantly. This guide argues that open-source flow analysis via Akvorado is now essential for SOHO administrators to visualize traffic without enterprise overhead. Readers will learn how NetFlow enrichment leverages SNMP queries to map interface indices, the mechanics of packet sampling intervals, and a streamlined Docker Compose deployment strategy.

Global traffic management: My take on the new K8s CRD

Thu, 02 Apr 2026 00:00:00 +0000

Routing traffic through AWS's private backbone improves application performance by up to 60%, according to recent data from Amazon Web Services. This update fundamentally shifts global traffic management from manual, external scripts to a native, declarative Kubernetes API. By embedding network logic directly into cluster definitions, organizations eliminate the configuration drift that has long plagued multi-region deployments.

IPv6 loops explained: Stop packet amplification now

Thu, 26 Mar 2026 00:00:00 +0000

Routing loops can exponentially amplify traffic when routers duplicate packets, a flaw prevalent in 34% of assigned IPv6 blocks.

The core thesis is clear: the sparse population of IPv6 address space combined with misconfigured provider-aggregatable assignments creates a fertile ground for packet amplification that network operators are lazily ignoring. While cloud-native workloads drive adoption, the underlying routing hygiene has not kept pace, leaving infrastructure vulnerable to self-inflicted DDoS attacks. Research indicates that despite the simplicity of the fix, the community fails to prioritize these dangerous misconfigurations, allowing unnecessary load to congest links and destabilize the global internet.

Public DNS logs reveal hidden CDN costs

Tue, 03 Mar 2026 00:00:00 +0000

With global companies losing nearly $400 billion annually to downtime, analyzing DNS logs is a financial imperative, not just an IT task. You will learn how to extract strategic value from resolver data, architect real-time visualization pipelines using ClickHouse and Grafana, and enforce network automation through rigorous Source of Truth principles.

Active path verification stops blackhole errors

Sun, 01 Mar 2026 00:00:00 +0000

With RPKI adoption for leased prefixes surging from 29.9% in 2021 to 71.0% by late 2024, validating blackhole routes remains dangerously ambiguous. Blindly propagating these filters across all points of view often collapses complex routing topologies into a single, erroneous perspective that the source ASN never authorized.

Blackhole validation must use active path data now

Sun, 01 Mar 2026 00:00:00 +0000

Strict path verification now overrides legacy IRR checks, as 2026 mandates enforce penalties for invalid blackhole route requests. The industry has decisively shifted from voluntary filtering to rigid enforcement protocols, where regulators and Tier-1 providers penalize operators who fail to validate traffic forwarding paths accurately. Job Snijders confirmed in a March 2026 NANOG discussion that modern blackhole validation must discard reliance on unverified IRR data, noting that such arbitrary lists lack the provenance required for today's compliance environment. Instead, operators must verify if IP traffic is actively forwarded to the requesting entity before honoring any mitigation request.

RTBH validation: Secure blackhole routing fast

Sun, 01 Mar 2026 00:00:00 +0000

Validating RTBH routes requires checking for the BLACKHOLE community within seconds, not relying on stale IRR data. The central thesis is that operators must shift to originAS-only validation specifically for blackhole traffic, enforcing strict community attachment while ignoring maxLength constraints to ensure rapid, secure mitigation.

ASPA records prove your upstream provider ties

Fri, 27 Feb 2026 00:00:00 +0000

Cloudflare handles over 20% of global Internet traffic, yet standard BGP routing remains vulnerable to undetected path manipulation. Cloudflare's bgp hijack detection The deployment of ASPA records under RFC 9582 represents the critical shift from verifying only traffic origins to validating the entire transmission path against configuration errors and malicious leaks. While ROA systems successfully mitigate origin hijacks, they fail to detect when traffic traverses unauthorized intermediate networks, a gap this new cryptographic standard explicitly closes.

Routing security gaps threaten your 2026 supply chain

Thu, 26 Feb 2026 00:00:00 +0000

With global cybercrime costs hitting $10.8 trillion in 2026, ignoring Internet routing security is financial suicide. Dan Fidler's February 2026 MANRS paper argues that enterprises must treat the global routing system as a critical, under-managed supply chain dependency rather than a background utility. The thesis is clear: voluntary operator goodwill has failed, and only aggressive demand-side pressure via enterprise procurement can force the adoption of necessary safeguards.

Physical damage now drives global internet loss

Mon, 26 Jan 2026 00:00:00 +0000

Only one government shutdown occurred in Q4 2027, proving physical fragility now drives global connectivity loss more than political censorship. While 2025 saw a record 212 state-imposed outages across 28 countries, the final quarter marked a decisive shift where cable damage, power failures, and routine operational errors became the dominant disruptors. This transition highlights that the internet's greatest vulnerability is no longer the kill switch, but the decaying infrastructure supporting.

Iran Network Blackout: Routing Withdrawn Fast

Tue, 13 Jan 2026 00:00:00 +0000

Iran's internet traffic collapsed by nearly 90% on January 8 as the state executed a near-total digital blackout. This event marks a strategic pivot from temporary censorship to permanent digital isolation, effectively severing the domestic network from global infrastructure to crush dissent. Cloudflare Radar data confirms that connectivity did not merely degrade; it was surgically dismantled through coordinated protocol suppression. Cloudflare's iran protests internet shutdown