• Human Infrastructure
  • Posts
  • Human Infrastructure 417: GitOps and Network Engineers, Gimme Counters, Nostalgia From a ThinkPad Web Server, and More

Human Infrastructure 417: GitOps and Network Engineers, Gimme Counters, Nostalgia From a ThinkPad Web Server, and More

AuthorAuthor

Drew Conry-Murray & Ethan Banks
September 18, 2025

THIS WEEK’S MUST-READ BLOGS 🤓

Chris opines from the perspective of a sysadmin using Apache .htaccess files to limit activity on a web server. Of course, in networking, we often do have usage counters or logging to help note when an access control entry or policy rule is being hit. But Chris’ complaint got me right in the feels. As someone who likes everything to be exactly as it should be with no cruft leftover from bygone days, ambiguity is awful. Can we delete that rule? I dunno…bad things might happen. We better leave it in. Sigh. No, no, no - gimme those counters! - Ethan

This short post caught my attention because Herman Õunapuu’s home server is a ThinkPad T430 running Linux. This is not a special machine. It is, in fact, just an old laptop from 2012.

In a world where we’re spending billions and perhaps even trillions on data centers and nuclear power plants are making a comeback all so LLMs can math their way to answers that might or might not be correct, Herman’s sharing information on a quad core i7 CPU.

I know, I know. Not quite a fair comparison. But still. Somehow, we’ve lost the storyline. - Ethan

Jeffrey Lyon is writing a multi-part series on introducing network engineers to GitOps into a network automation workflow. The blog linked above has links to all the previous posts in the series, so it’s easy to work your way through. This post, which builds on work done in previous installments, walks through how you can bring a simple Nautobot deployment online. - Drew 

So as not to keep you in suspense, netlab can handle more than 3,000 lab devices. Ivan also describes some other fixes and upgrades that have made his labbing software more performant. Check it out! - Drew 

Tim McConnaughy has written a thoughtful series about his experience working at the startup Aviatrix. As you might guess from the title above, this post is the final entry, and it details his departure from the company. The whole series grapples with the ups and downs of working in a startup, including the excitement of building a new technology and the despair of watching cherished colleagues be let go for reasons that seem inscrutable to you. - Drew  

MORE BLOGS

Deploy Bravely

Pursue your ideas fearlessly with the world’s most comprehensive AI security platform safeguarding your innovation. Prisma AIRS by Palo Alto Networks ensures your innovations radiate hope, not risk. Be a Genius. Deploy Bravely. 

TECH NEWS 📣

An IPU is an Infrastructure Processing Unit, and you might think of them as a network adapter with lots more functionality than you might expect. An IPU is akin to a smart NIC, but with not only software defined networking capabilities but also other infrastructure function accelerators used to offload the host CPU.

Chester Lam reports, “Intel’s incoming ‘Mount Morgan’ IPU packs a variety of highly configurable accelerators alongside general purpose CPU cores, and aims to capture as many infrastructure tasks as possible. It shares those characteristics with its predecessor, ‘Mount Evans’. Flexibility is the name of the game with these IPUs, which can appear as a particularly capable network card to up to four host servers, or run standalone to act as a small server. Compared to Mount Evans, Mount Morgan packs more general purpose compute power, improved accelerators, and more off-chip bandwidth to support the whole package.”

If you’re interested in the IPU architecture, Chester shares and explains several slides from the Hot Chips event describing Intel’s E2200 in more detail. - Ethan

Simon Sharwood chronicles the drama of legal conflicts, public criticism, and contention that has plagued AFRINIC for the last few years. The fresh election of a board of directors mentioned in the headline is contested, as some question of the legality of it.

Simon says, “Critics of AFRINIC claim that last week’s election took place under arrangements that may not be allowed under the organization’s bylaws. Sources tell us AFRINIC stakeholders are likely to ask Mauritius’ courts to consider if the election was properly run. Smart Africa has previously called for AFRINIC to follow its bylaws.

AFRINIC also remains subject to an investigation ordered by the government of Mauritius, although the validity of the government’s decision will be the subject of another court case later next week.

A criminal investigation into the June election [which was anulled] is also under way.”

More drama to come. - Ethan

TL;DR. Maintaining undersea cable infrastructure is a matter of security for nation states now. In the face of rising global attacks on undersea cables, Japan is subsidizing the cable laying and repair infrastructure. - Ethan

MORE NEWS

FOR THE LULZ 🤣

Luckily we’re getting rid of quarterly reporting. Shared on the Packet Pushers Slack by Anton.

RESEARCH & RESOURCES 📒

From the README. “Secure Cartography is a comprehensive network discovery and mapping tool that automates the process of documenting network topologies through SSH-based device interrogation. The system leverages CDP/LLDP protocols to discover device relationships and generates professional-grade network diagrams with customizable device icons and multiple export formats.

Key Features

  • Automated Network Discovery: SSH-based multi-vendor device discovery

  • Enhanced Visualization: Customizable device icons for professional diagrams

  • Multiple Output Formats: JSON, GraphML (yEd), Draw.io, and SVG

  • Security-First Design: Encrypted credential storage with master password protection

  • TextFSM Integration: Advanced parsing engine for accurate device data extraction

  • Map Enhancement Tools: Interactive icon mapping and diagram customization”

If you’d like to automate network diagrams, click on this one. Having never heard of Secure Cartography before this week, I haven’t worked with it yet, but I am very interested. - Ethan

This might be useful for some of you. From the README. “A simple Docker container app which allows connecting existing WireGuard hosts to the Tailscale network, in case the device running WireGuard is locked in and/or does not support Tailscale binaries.” - Ethan

Freemium software, with a useful free tier offering 10 million “spans/metrics” per month. And what does Logfire do? Helps you figure out why your app is slow. If you’re developing a network automation platform that integrates LLMs, let’s say, Logfire might be quite useful.

“See exactly what your apps and LLMs are doing, while you code. Built on open standards (OpenTelemetry), Pydantic Logfire offers native AI integrations—from LLM API calls to agent frameworks. Plus comprehensive observability for any workload in any language, AI or not.

Pydantic Logfire delivers entire application traces, logs and metrics, not just the LLM calls. You’d be surprised how often the slow-down is found in the seams between tools. You want full visibility, from network calls to database queries to third party APIs. Take the guesswork out of debugging, catch bugs as you code.” - Ethan

MORE RESOURCES

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

At this point in the American experiment, the fact that the US is top 5 in anything even remotely positive is welcome news. - Drew 

Tigera, which makes the Project Calico CNI for Kubernetes, is positioning Calico as a network and security platform for AI workloads running in Kubernetes. Tigera says the Calico egress gateway can monitor and log all outbound communications from pods, and enforce security policies, to prevent data exfiltration of sensitive information such as training datasets and model outputs. Additional details on how Calico can be applied to AI workload security are available in this Tigera blog. - Drew 

GitHub reports, “We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as sntrup761x25519-sha512 and [email protected], to our SSH endpoints for accessing Git data. This only affects SSH access and doesn’t impact HTTPS access at all. It also does not affect GitHub Enterprise Cloud with data residency in the United States region.”

If your SSH client can use those key exchange algorithms and prefers them (the likely default), that’s all there is to it. You don’t need to do anything else. Older SSH clients will probably need an upgrade.

The change should be in effect at GitHub by the time you read this. - Ethan

Google Cloud introduces OpenTelemetry Protocol (OLTP) to their environment in this announcement. You can now send trace data via OLTP to telemetry.googleapis.com.

Google Cloud says that this is just the beginning of OLTP support for them. “Our vision is to leverage OpenTelemetry to generate, collect, and access telemetry across Google Cloud. Our commitment to OpenTelemetry extends across all telemetry types — traces, metrics, and logs — and is a cornerstone of our strategy to simplify telemetry management and foster an open cloud environment.”

If you’ve been wondering if OLTP is one of those newer technologies that’s gonna stick, I think so. Lots of OLTP support noises across the industry for a while now. - Ethan

Check Point has snatched up Lakera to bolster their AI security offering. What’s Lakera do? The release states, “Built for AI from the start, Lakera secures LLMs, generative AI, and agents across prompts, RAG, and MCP, providing real-time defenses against prompt injection, data leakage, and model manipulation.”

In other words, Lakera defends against all the bad things we’ve learned can be achieved by bad actors when generative AI, LLMs, and related tech are attacked.

I also see this as Check Point, like other big security vendors, trying to be one stop cybersecurity shopping. Check Point et al. don’t want you buying a point solution because of some lack in their portfolio. They want you to stay with them for all of your security needs. - Ethan

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆

This is an actual thing! Shared on the Packet Pushers Slack by Rickard.