• Human Infrastructure
  • Posts
  • Human Infrastructure 427: Segment Routing Architecture, An FRR Intro, Serendipity and Innovation, and More

Human Infrastructure 427: Segment Routing Architecture, An FRR Intro, Serendipity and Innovation, and More

AuthorAuthor

Ethan Banks & Drew Conry-Murray
December 04, 2025

THIS WEEK’S MUST-READ BLOGS 🤓

Herve walks through his network’s hitless conversion from MPLS/LDP to MPLS/SR. Herve is a huge fan of the simplification of the network having transitioned to segment routing using IS-IS as well as sub-50ms convergence times, easier automation, and more.

This is not primarily an engineering post, but rather an architecture post. That is, you won’t get configuration stanzas here, but rather a deeply technical architecture discussion to help you understand the challenges Herve faced in their transition to segment routing and benefits for having done so. You should be able to map his findings to your MPLS network if you’re running MPLS/LDP today. A balanced, insightful read. - Ethan

Former US cable monopolies are losing business to fiber and wireless providers that are moving into the neighborhood. Why so? In part because of pricing. In part because of better performance, at least for fiber. But a bigger reason is that the cable companies treated their customers like garbage for decades—because they could. Support was meme-ably awful, pricing increased regularly, new customers got sweetheart deals while long-standing customers paid full price.

Wouldn’t you leave an abusive relationship, given a simple option to do so? Many people would, and have.

Here’s the punchline of this narrative, though. “The real story is that the ISPs displacing [cable companies] are repeating the same mistakes made by the cable companies, and the public isn’t going to like them any more than the cable companies.”

This seems to be a theme of late-stage capitalism. Squeeze as hard as you can, because profit is all that matters. People are only a concern in the context of the revenue they generate. I disagree. Here’s to all of us treating each other better. - Ethan

Dustin Demers introduces you to the Free Range Routing open source project. Turn your server into a router! FRR offers a host of routing protocols that you can use in production or your lab. The CLI will be comfortable for those of you acquainted with Cisco command lines.

Dustin offers more details as to what FRR is, how to install it, and configuration basics.

We’ve covered FRR at Packet Pushers over the years, chatting with maintainer Donald Sharp. - Ethan

I wasn’t sure if I should put this story in the Must-Read Blogs section, or the Dystopia section, or in a personal folder of evidence that our techno-consumer society has lost its mind. In any case, you can now buy an Internet-connected toilet camera. It’s a camera connected to the Internet that you put in your toilet. The toilet camera takes photos of your waste and sends those photos to a service that analyzes the images.

The toilet camera is marketed as a health monitoring app. Is there health information to be gleaned from our waste? Sure. But is this really a tool for promoting health, or is it just a way to consumerize our health anxieties?

In any case, the above blog takes umbrage over the manufacturer’s claim that the toilet camera employs end-to-end encryption. He’s technically correct to say that this product is not end-to-end encrypted (nor is it rear-end-to-end encrypted). But I think it’s the least of the issues to raise about camera connected to the Internet that you put in your toilet. - Drew 

This is an interesting post about what it takes to build a viable tech culture that fosters innovation and helps launch new companies and products that can compete globally. There are efforts underway in Europe to foster local tech products and tech stacks so that European businesses and governments can reduce their reliance on America tech, American tech giants, and a US federal government that is increasingly hostile to would-be allies. This post notes that while top-down government involvement can be useful, there also needs to be a bottoms-up culture that encourages risk-taking, shares experiences and knowledge, and regards failure as useful information rather than a reason to be shunned. - Drew 

MORE BLOGS

TALK TO YOUR NETWORK. GET ANSWERS. FAST

Meet Ask EDA, your AI-powered assistant for data center automation.
What if managing your network was as easy as having a conversation? With Ask EDA, it is.

Powered by Nokia Event-Driven Automation (EDA), Ask EDA is your always-on AIOps assistant, designed to help you troubleshoot, explain and resolve issues before they ever reach production.

No more late-night log dives. No more frantic bridge calls. No more searching endless documentation.

Ask EDA sees the network in real time, understands what’s happening, and tells you in plain language what went wrong, why it happened, and how to fix it. From YAML errors to dropped BGP sessions, it doesn’t just point fingers. It shows you the fix that you test in our integrated digital twin.

Ask EDA is the smartest network engineer you’ll never have to wake up.

Explain alarms. Investigate outages. Build dashboards on demand. Just ask.

TECH NEWS 📣

The Leo Ultra antenna for businesses & governments has been announced by Amazon. The unit measures 20 inches by 30 inches and supports 1Gbps down and 400Mbps up. Availability date TBD.

Starlink is apparently not far behind. “SpaceX has promised its V3 satellite will be capable of 1Tbps total download bandwidth, and that gigabit speeds are coming to Starlink customers [in 2026].” - Ethan

Carrier Grade Network Address Translation (CGNAT) allows a large number of ISP customers to be hidden behind a single IPv4 address. But if you’re the unlucky customer hidden behind the same address as a bad actor, you’re kinda screwed if that address gets put on blocklists. You might be rate-limited or unable to connect to certain Internet services.

To avoid penalizing innocents, the Internet needs to do better at identifying and documenting CGNATs, applying filters, and…IPv6. If we’d all moved to v6 by now, we wouldn’t need these pesky CGNATs, and could discriminate against bad actors with less collateral damage. - Ethan

Steven J. Vaughan-Nichols reports, “Ingress NGINX, for those who don't know it, is an ingress controller in Kubernetes clusters that manages and routes external HTTP and HTTPS traffic to the cluster's internal services based on configurable Ingress rules. It acts as a reverse proxy, ensuring that requests from clients outside the cluster are forwarded to the correct backend services within the cluster according to path, domain, and TLS configuration. As such, it's vital for network traffic management and load balancing. You know, the important stuff.”

Why, oh why? Same old story. It’s been maintained by a fleetingly few volunteers, they can’t keep doing it, and no one else is stepping up to keep the project alive. - Ethan

Researchers have observed a phenomena called “AI-inbreeding.” That is, when you train AI models on text or images created by AI, the quality of the output of subsequent generations gets more homogenous. The further down the generations you go, output can become illegible or nonsensical. The cure for AI inbreeding is steady infusions of authentic, human-generated content, but that’s becoming harder to come by as more and more AI-generated text, images, and videos flood the Internet. The article notes “Without a course correction, AI could well enter a new era: One that is more biased and strangely monotonous.” - Drew  

Executive who needs the tech industry to keep buying her chips says everything is fine. - Drew 

MORE NEWS

FOR THE LULZ 🤣

Shared by John Howard in the Packet Pushers community Slack #random…

peak meme

RESEARCH & RESOURCES 📒

Netlab & Related Community Labbing - lots of activity!
https://netlab.tools

Ivan Pepelnjak & the netlab community have been busy working on the netlab labbing platform & related resources for hands-on people trying to learn things. Here’s what I caught flying by in my feeds.

There’s more for netlab being released pretty much every week lately. I’m also noticing various GitHub repos of netlab YAMLs with related diagrams popping up. I can’t possibly keep track of it all, but I’m excited to see it! - Ethan

This learning path covers vibecoding, prompting, agent wrangling, model tuning & augmentation, and hallucination mitigation. Okay…that’s my succinct interpretation of what Cisco said. Cisco phrased it rather more professionally, but I think I got it about right.

I don’t mean to make light of this content, either. If you view AI as a just another tool that can benefit your workflow, then a learning path such as this might be just the thing to help you make use of AI. - Ethan

In response to the MACsec podcast Holly Metlitzky and I recorded on N Is For Networking, Benjamin Pfister let us know on LinkedIn about some MACsec pieces he published on ComputerWeekly.de. They were published in German, and for non-German speakers, Google Translate works just fine. Thanks, Benjamin! - Ethan

Ashwin has assembled a summary of all the summaries that Ethan Banks and I wrote in our live-blog coverage of the Network Automation Forum’s AutoCon 4 conference. If you couldn’t attend, or did attend but couldn’t make all the sessions, or you just want to re-live the event, this post gives you a great overview of the key points in every presentation. Thanks to Ashwin for putting all this together, and thanks to the presenters for their excellent work! - Drew 

Speaking of AutoCon 4, I ran into Graham at the event in Austin. He’s sharing his networking and network automation learnings publicly via YouTube. I appreciate when folks take a risk to do this kind of informal sharing of their learning process. It’s a nice antidote to the hyper-polished “rise and grind” videos that can make you feel like you suck if you aren’t learning BGP while doing 2,000 pushups in your daily ice bath. BTW, he’s on the job hunt, so if you want to connect with him, here’s his LinkedIn. - Drew

MORE RESOURCES

  1. Six Ways To Use Khipu To See And Solve Network Problems - RIPE Labs

  2. Mapnitor - Real-time IP monitoring. When your website sneezes, Mapnitor catches it. (Commercial product with a free-forever plan.)

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

It seems the AWS folks are trying to compete in the marketplace.

“Today, Amazon Web Services (AWS) is launching flat-rate pricing plans with no overages for website delivery and security. The pricing plans, available with Amazon CloudFront, combine global content delivery (CDN) with multiple AWS services and features into a monthly price with no overage charges, regardless of whether your website or application goes viral or faces a DDoS attack.

Flat-rate pricing plans include the following features for a simple monthly price:

  • CloudFront CDN

  • AWS WAF and DDoS protection

  • Bot management and analytics

  • Amazon Route 53 DNS

  • Amazon CloudWatch Logs ingestion

  • Serverless edge compute

  • Monthly Amazon S3 storage credits

Flat-rate pricing plans are now available in Free ($0/month), Pro ($15/month), Business ($200/month), and Premium ($1,000/month) tiers to match your application’s needs.”

The blog continues with quite a bit more detail explaining what “flat-rate” really means, the services to which this is applicable, and how you can further leverage flat-rate pricing for other AWS services by proxying them behind Cloudfront. - Ethan

Cisco has invested in NetFoundry. Here’s the key bit from the post that gives you insight in the tech Cisco is investing in.

“Cisco’s investment in NetFoundry reflects Cisco’s commitment to advancing the convergence of networking and security, a core pillar of our future‑ready architecture. NetFoundry’s ability to embed identity‑first Zero Trust directly into the network fabric complements Cisco’s initiatives in secure access, segmentation, and policy enforcement, including operational technology and highly regulated industries. By extending security controls to the very point of application‑to‑application connectivity, NetFoundry aligns with our vision to deliver intelligent, adaptive infrastructure that meets the demands of today’s distributed enterprise.”

It’s not exactly security software. It’s more of a network overlay with security baked in that’s developer friendly. We’ve recorded with NetFoundry three separate times. You can find those shows here if their intriguing network model might be interesting to you. - Ethan

Meter is rolling out new hardware, including firewalls, switches, and APs. The new hardware will start shipping to customers in early 2026. New gear includes the F1 firewall, which offers throughput of 50Gbps for stateful firewall services and 13 Gbps of IDS/IPS. There’s also new access switches, including the S1 that offers 24 ports of 2.5Gb Ethernet and PoE++ on all ports, plus 6 25Gbps uplink ports. Meter’s latest APs support Wi-FI 7. More details are available at the above link. - Drew 

Dell’Oro tracked significant growth for SSE vendors (20% in Q3) while traditional firewalls are showing “mature” growth (that is, steady ongoing revenue as existing customers refresh their models, but not a lot of new dollars coming in). Dell’Oro’s Mauricio Sanchez says “We are seeing a clear bifurcation in the market: traditional firewall appliances are growing in the low single digits…but the urgent demand for decentralized access and robust application protection is fueling a massive migration of value to the cloud edge.” Dell’Oro also says Web app firewall revenues jumped 12 percent in Q3, a sign of that security migration to the edge. - Drew 

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆

Shared by Anton Lönnerbro in the Packet Pushers community Slack #random…