• Human Infrastructure
  • Posts
  • Human Infrastructure 429: Wi-Fi 7 Reality Check, Ansible Angst, Holiday Vibes, and More

Human Infrastructure 429: Wi-Fi 7 Reality Check, Ansible Angst, Holiday Vibes, and More

AuthorAuthor

Drew Conry-Murray & Ethan Banks
December 18, 2025

Holiday greetings from the Packet Pushers, wherever you are in the wide world. As this is our last newsletter edition for 2025, I wanted to share a quick note to answer a question I’ve gotten a lot this year. “How is Greg?”

My dear friend, long-time co-host, and business partner retired in July 2024. He and I are in regular contact, and I’ve visited him in person a few times since then where we’ve enjoyed time in English pubs together. Greg is doing as well as can be expected. He’s managing. He still has many of the health challenges he talked about in podcast interviews before he retired, but he’s doing okay.

From my perspective, he’s definitely in a better place than he was, now that he has the freedom and time to focus on his health. He’s applied a priority queue to improving his quality of life.

He’s sincerely appreciative of all of you that ask after him. He’s humbled that you still care, and that helps make all those years at the keyboard and on the mic worth it to him. I’m hoping to record a pod with Greg so you can hear directly from him about how he’s getting on. He’s not ready for that right now, but maybe soon. If it happens, I’ll let you all know. - Ethan

Me & Greg sharing a very serious moment at some tech event or other in the bowels of the Mandalay Bay convention center in Las Vegas. 1-May-2016

THIS WEEK’S MUST-READ BLOGS 🤓

John makes an interesting observation: at the same time more low-quality, inefficient code is being generated by AI, the AI infrastructure bubble is making it harder and more expensive to get the gear to run that bad code. The upshot?  

“...we use the machine that requires so much compute resource that there is actual silicon scarcity, in order to produce poor performing code that requires more compute to run, that we cannot acquire.”

What to do about it? John’s advice is to learn to read a stack trace. “Cleaning up the crap code (which plenty of humans make too of course) will free up insane amounts of CPU hours. That means you could get the equivalent of 10 new servers just by 1 hour polishing a tiny corner of your codebase.” - Drew 

Wi-Fi 7 was supposed to be more wonderful due, in part, to multi-link operation. The articles states that MLO allows for, “simultaneous use of the 2.4, 5, and 6GHz bands for faster, smoother, and more resilient connections.”

Sounds good, but here’s the problem.

“The 802.11be specification actually defines two very different modes of Multi-Link Operation: Simultaneous MLO and Alternating MLO. Simultaneous MLO is the model implied by much of today's Wi-Fi 7 marketing. Product pages often show multiple bands being used at once for aggregation and instant fallback, suggesting that a router can operate links concurrently for higher throughput and lower latency. In reality, that capability is essentially absent from current consumer hardware. What today's routers implement instead is Alternating MLO, a far more limited fallback mode in which devices can switch between bands but cannot use them simultaneously. Marketing materials make these two modes appear equivalent, even complementary, but in practice, they deliver vastly different levels of performance and user experience.”

The article goes on to explain in more detail what’s going on here, but you’ve got the gist of it. Something to be aware of before you throw money at a Wi-Fi 7 refresh. The more you know! - Ethan

Before we all started belching prompts at an LLM, we’d write our own code to query APIs and process the structured data we’d get back. Man, we were such barbarians back then.

And some of us still are! One such barbarian is Markku Leiniö, who walks you through getting some deterministic use out of F5’s iControl API. As usual with Markku’s tutorials, you get what you need in an easy to parse format. Heavy on context & code snippets and light on bloviation. - Ethan

Ivan Pepelnjak has his grumpy hat on due to the number of breaking changes introduced in Ansible 13 for network automation. In this post, he itemizes the impact of the changes on his world.

In the conclusion, he opines, “The attitude of releasing a product that’s useless for a particular well-publicized use case is no better than Juniper releasing a vJunos-something VM with a broken DHCP server on its management interface. One of the hoped-for side effects of releasing free stuff is to enhance uptake and grow the sales funnel; releasing broken stuff tends to have the opposite effect.”

This article garnered a discussion in the Network Automation Forum’s Slack, where (my oversimplification of) the prevailing opinion seemed to be, “Well, don’t upgrade to Ansible 13.” - Ethan

Keith Townsend writes “Private cloud almost always fails 18 to 36 months in — when the organization realizes it has accidentally taken on the job of running a cloud as a product.” 

If you’d like to avoid that failure, Keith lays out a small number of clear-eyed, cogent reasons why you might want to build a private cloud in the first place. If you don’t have one of those reasons, consider a different option. 

If you do have one of those reasons, he offers a second set of clear-eyed, cogent issues you will need to address if you decide to move forward. He notes that none of these issues show up in vendor demos or architecture diagrams. They are year-2 problems. But if you know they’re coming, you can plan accordingly. Top-notch advice from Keith here. - Drew

MORE BLOGS

  1. veth on MacOS (and fake or “feth” too) - Srivats P

  2. 10 Years of AWS Well-Architected Framework: A Personal Reflection on a Living Technical Object - Ibrahim Cesar Blog

  3. The Case Against Microservices - Sasha Found The Root Cause Again

  4. New Ways to Corrupt LLMs - Marcus on AI

We're answering your questions on Tech Bytes

In our next Tech Bytes episode, we're answering your questions about AI infrastructure, hybrid cloud, edge connectivity — whatever's on your mind. Maybe you're trying to figure out where AI workloads actually belong. Maybe you just want to know how distributed infrastructure works in practice. Send it over.

Want to explore Distributed AI now? See how Equinix helps you train, process and run inference across a global footprint.

Explore Distributed AI Solutions → https://www.equinix.com/lp/equinix-distributed-ai

TECH NEWS 📣

A zero-day exploit is being used to target appliances running Cisco’s AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. If successful, the exploit gives attackers root privilege on the OS and the ability to execute arbitrary commands.

That’s bad, but Cisco says two conditions have to be met for the attack to succeed: first, the appliance has to have the Spam Quarantine feature enabled; second, the Spam Quarantine feature has to be reachable from the Internet. These conditions may limit the scope of the attack. As of this writing, there is no patch available; instead, Cisco has a long list of recommendations to harden the device. More details are available in this Cisco Talos blog. - Drew

Big Tech’s problem is that people are realizing the giant data centers being built in their towns don’t create local jobs, but do create lots of noise, consume water, and drive up energy prices. Big Tech’s “fix” is to throw money at politicians and run marketing and PR campaigns to downplay concerns and discredit legitimate objections. - Drew

One of my favorite Ferroisms #iykyk is, “Lighting my way forward by the bridges I’ve torched behind me.” - Ethan

While I doubt this effort will lead to an undoing of the merger (follow the money), I admire the Cloud Infrastructure Providers in Europe for placing their protest on the record.

“The Commission looked at this merger through half-closed eyes and declared it safe. By rubber stamping the deal, Brussels handed Broadcom a blank cheque to raise prices, lock-in and squeeze customers. This was a failure of oversight by the regulator with real world costs for Europe’s cloud sector and every organization that depends upon it,” CISPE secretary general Francisco Mingorence said in a written statement.

Anyone feel like that’s hyperbolic? Doesn’t seem that way to me, as the stories coming to Packet Pushers from many of you echo Francisco’s “raise prices & squeeze” sentiment. Plus, I’ve witnessed several conversations where folks are evaluating Proxmox, Nutanix, and OpenShift. New VMware pricing has proven unaffordable for many. - Ethan

MORE NEWS

FOR THE LULZ 🤣

Shared by Chris Emerick in the Packet Pushers Community Slack

RESEARCH & RESOURCES 📒

IS-IS routing labs designed for use with the free netlab labbing platform (and my current favorite—YAML-defined labbing).

“Decent modern IS-IS implementations have no problems running a single-level IS-IS network with hundreds of routers, and the memory requirements are usually a non-issue. However, you might still find edge cases where a multi-level deployment might be beneficial. For example, your edge switches might have small hardware forwarding tables, or you might want to limit the blast radius of network failures – IS-IS limits the LSP flooding to a single area (or the level-2 backbone)2.

In this exercise, you’ll explore multi-level IS-IS deployment using a simple 5-router topology.”

Thanks to Dan Partelly for this community contribution. Enjoy! - Ethan

MORE RESOURCES

  1. The Path of a Packet Through the Linux Kernel - Alexander Stephan, Lars Wüstrich   

  2. Tier 1 Analysis - 53bits   

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Security Onion is a free, open platform for threat hunting, network security monitoring, and log management. The most recent version includes enhanced AI capabilities (available in the paid version only) for investigations, including a tool for  creating / updating / disabling / enabling detections, escalating to an existing case, and other features. By the way, we did a Packet Protector episode on Security Onion and other free security tools if you’re curious. - Drew

Fortinet is partnering with Nvidia to run Fortinet’s virtual firewall on Nvidia DPUs. The Fortigate VM can be deployed on Bluefield-3 DPUs to bring firewalling, segmentation, and zero-trust capabilities closer to server workloads without having to use a server’s CPU resources. Fortinet says that by placing security controls on a DPU in an AI fabric or other high-performance cluster, organizations can enforce security policies while still supporting latency-sensitive workloads. For more details, a deployment guide is available here. - Drew

There are three announcements packed into this release, but the big one is an architecture that supports a 500K+ wireless client roaming domain. How are they doing this? Controllerless. EVPN/VXLAN, with APs nailing up VXLAN tunnels to appropriate switches. Virtual Ethernet Segments with Proxy ARP (what they call VESPA). MAC Rewrite Offload (MRO) performed by APs. Check out page 13 in this Arista PDF for a more complete explanation.

The other two announcements? Agentic AI framework to help you give the robots more autonomy. And then a couple of new switches for industrial environments. - Ethan

A RAG-enabled AI assistant for your Ansible work. It’s been trained on the docs, and will eventually know about your specific Ansible operations. The blog says that, today, you can ask it questions such as…

  • "What is an execution environment?"

  • "How do I manage user access to Ansible Automation Platform?"

  • "Explain the "ERROR! couldn’t resolve module/action” error message?"

  • "How do I configure Event-Driven Ansible?"

Someday in the roadmapped future, you’ll be able to ask it questions about your very own Ansible environment like…

  • "Why did my automation 'VM-migration' job fail?"

  • "Show me all inventories that are included in my Ansible Automation Platform deployment."

  • "What is the status of all jobs currently running and their progress?"

These features have become the table-stakes “low hanging fruit” for AI operations. If your networking vendor or tool provider doesn’t offer these things, expect to see announcements coming from them in the near future. Even if you didn’t ask for them. - Ethan

I will spare you several paragraphs of filler: HPE is selling off its Telco Solutions business to HCLTech, an Indian tech firm, for an undisclosed amount. HPE’s Telco Solutions portfolio includes OSS and SDM (Subscriber Data Management) software, Open RAN solutions, and other software and services aimed at telcos. 

Why is HPE divesting this business? To “focus on high-growth, high-margin parts of the market,” according to the release linked above. And just to be clear, HPE is keeping Juniper’s hardware portfolio of routers and switches aimed at telcos and service providers; those margins are high enough to get over the bar. - Drew 

A good milestone for Opengear. These achievements could open more doors (with the proper authentication and access controls, of course) to customers with stringent requirements around risk management, security, regulatory compliance, and audits. - Drew  

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆

Shared by Kaj in the Packet Pushers Community Slack. Happy Holidays and Happy New Year!