Human Infrastructure 442: AI Infrastructure Debt, DIY Routers, and More

AuthorAuthor

Drew Conry-Murray & Ethan Banks
April 02, 2026

THIS WEEK’S MUST-READ BLOGS 🤓

Quinn Emanuel is a global law firm that specializes in business litigation. This memorandum describes with stark and sobering clarity how tech companies and private lenders have taken on hundreds of billions of dollars in debt to build out AI infrastructure. Some of that debt is straightforward to track, such as company-issued bonds.

It also describes various mechanisms being employed to disguise how much debt tech companies and private lenders are actually carrying. That’s on purpose. The document states “The financial relationships among AI ecosystem participants create circular dynamics that inflate apparent demand and obscure underlying risk.”

One example is the Special Purpose Vehicle (SPV), which in this case is a legal entity created by a tech company to build a data center. This SPV takes on all the debt required to construct and operate the data center, and leases its capacity back to the tech company that created the SPV. The intent is to shield the tech company from having to pay creditors if the SPV goes bankrupt. But lawyers can find ways around that shield. 

Other mechanisms include collateralization, in which data center facilities and even the GPUs within are offered as collateral to secure the loan; and securitization, in which debt is carved into tranches and sold off to other buyers, including institutional investors such as pension funds. (Sound familiar? Anyone else getting ‘2008 financial crisis’ vibes?)

The memorandum notes that all of these mechanisms come with risks. “The deeply interconnected AI ecosystem means that distress at any single node—a construction delay, a tenant default, unhedged energy cost differentials, a collapse in GPU resale values—can propagate across multiple counterparties and financing layers.”

The memorandum points out that tech companies’ revenue and cash flows aren’t anywhere close to matching the amount of debt they’re raising, which threatens their ability to make payments. Why should you care? Because the fallout of a collapse likely won’t be limited to tech companies and private lenders. Banks and institutional investors are putting money into these debt vehicles. If one borrower in the chain can’t pay when a loan comes due, the lender takes a hit, as does whoever the lender borrowed from, and so on down the line. Thus, the crisis spreads into the broader financial system.

The document goes on to describe the numerous litigation opportunities for bondholders and creditors to pursue when the debt tower begins to wobble. And it’s already wobbling. The article cites lawsuits that have been filed against Oracle and CoreWeave related to AI infrastructure debt.

This memorandum offers sober and careful analysis of the significant risks to the debt-driven financing of the AI infrastructure boom. But if you listen carefully, you can also hear the litigation knives being sharpened. Law firms stand to profit from an AI infrastructure crash; the rest of us may not be so fortunate. - Drew 

Make your own router with a punk rock, DIY aesthetic. In 2026, it’s not that hard to put something together from e-waste, load it up with free software, and have an Internet gateway that’ll push hundreds of gigabits per second. Rolling your own like this isn’t going to perform the same as purpose-built hardware, but you’re in control. In an age where governments of the world are inserting themselves everywhere, rolling your own is likely the best way to be sure you’re not being probed. - Ethan

Jason Gintert challenges us to consider the network as an entire entity, not merely a collection of interconnected devices that forward packets.

He states, “Something I wish that I understood earlier in my career is the protocols, the design patterns and the best practices you're learning aren't just checkboxes on a certification exam, they're the enfolded logic that determines how everything behaves as a whole. These protocols interoperate, depend on one another and collectively form the underlying order of your network. Change one and you've changed the whole.”

Jason is nailing this here, and his post made me feel things. So, I asked him if we could record a podcast to dive into the topic more deeply. Hopefully, we’ll get that done as a Heavy Networking episode in the next couple of months. - Ethan

This post is so succinct, I’ll share all of it here.

“Automating a strategically sub-optimal process or workflow doesn’t make it markedly better. In some cases it’s even worse (eg a low converting marketing funnel can churn through your target list even faster if an agent is doing most of the work). And something that’s been automated – recently ‘improved’ – is even less likely to want to be revisited post-optimization. Human (and organizational) nature that you’re entrenching the process further vs re-examining it.”

Like the post above, this also made me feel things. - Ethan

I had an ah-ha moment reading this. To my shame, I’d thought “butterfly fabric” was another way to say “leaf-spine”, because if you diagram a leaf-spine network with leaf layers on both sides of a center spine, it kinda looks like a butterfly. Whoops.

While not completely different from leaf-spine, a butterfly fabric is distinct in crucial ways. Phil points out, “Instead of every node connecting uniformly to a central spine layer, nodes are connected through a sequence of switching stages that systematically route traffic using predefined patterns.”

He adds later on, “The key advantage of a butterfly fabric is deterministic pathing. Unlike Clos fabrics, which rely on probabilistic load balancing via hashing, butterfly networks can distribute traffic evenly across all available paths by design. This eliminates the risk of hash collisions and uneven link utilization.”

Phil included a great butterfly fabric diagram that led to my ah-ha moment.

Why do we care about the nuances here? Because we need to be creating network designs that are well-suited for the workloads & traffic mix they are carrying. Understanding application traffic patterns and building a network to support them reduces hotspots, maximizes utilization, and might even lower costs. - Ethan

MORE BLOGS

  1. Symmetric Irb Anycast Gateway On Catalyst - The Forwarding Table

  2. How MSDP got kicked out quietly - Hirak Debnath via LinkedIn

  3. The Why and What of the CIDR Report (mostly historical tool) - The ISP Column | Geoff Huston

  4. Thoughts on slowing the f down (agentic AI considerations) - { Mario Zechner }

Browse Bravely.
In a brave new world of AI and the cloud, your secure browser is the new edge. Meet the Secure Browser from Prisma® Access that's designed for the future. Want to learn how Prisma® Access Browser can enable your team to browse bravely? Contact Palo Alto Networks today and experience the secure browser.
https://start.paloaltonetworks.com/contact-us-pab.html

TECH NEWS 📣

The headline statement is driven by—you guessed it—AI. AI data centers are so energy-dense, that power distribution is having to be reconsidered. Lots happening with 400V DC and soon 800V DC power distribution, which gets the copper electrical plant size down considerably versus the typical designs most of us having lived that data center life have run into. - Ethan

Anthropic accidentally leaked news of a forthcoming AI model, dubbed Mythos, via an unsecured content management system. Anthropic has since confirmed that Mythos is in the works, and claimed that this model will include “meaningful advances in reasoning, coding, and cybersecurity.” Anthropic has warned that this model could be used by malicious actors to find and exploit security flaws and vulnerabilities at an ever-faster rate. One assumes it can also be used by defenders, but just finding vulnerabilities isn’t enough; they have to be patched or otherwise mitigated, which takes time. That creates a window of opportunity for attackers. - Drew

We’ve already landed on the moon multiple times, so this lunar fly-by feels a bit anti-climatic, but I still get an old-fashioned sense of pride watching humanity strive for something difficult. - Drew 

More from the world of data center power and AI workloads. I assumed this article would be, more or less, “AI data centers need batteries for backup, so they’re buying them all and not leaving any for the rest of us.” Well, yes. But there’s more to the story. When it comes to power loads, AI hits different.

“Unlike conventional server applications, AI inference and training draw large amounts of electricity in short bursts to sustain GPU processing, causing peak power levels to spike rapidly and voltages to fluctuate.”

The article adds, “Panasonic said the solution gaining traction among hyperscalers is to place a battery backup unit on each server rack rather than rely on centralized UPS infrastructure upstream, absorbing voltage instability at the source.”

That means existing enterprise data centers that are being asked to run AI workloads might not have the power distribution for it. You can’t just throw a bigger UPS at the problem. A full power distribution redesign might be in order. - Ethan

MORE NEWS

FOR THE LULZ 🤣

Shared by Anton on the Packet Pushers Community Slack

RESEARCH & RESOURCES 📒

ayaFlow - DavidHavoc via GitHub
https://github.com/DavidHavoc/ayaFlow

From the README. “A high-performance, eBPF-based network traffic analyzer written in Rust. Designed to run as a sidecarless DaemonSet in Kubernetes, providing kernel-native visibility into node-wide network traffic with minimal overhead. Built on the Aya eBPF framework.

  • eBPF-native capture -- No libpcap, no privileged sidecar. Hooks directly into the kernel's traffic control subsystem.

  • Sidecarless DaemonSet -- One pod per node instead of one per application pod.

  • Real-time monitoring -- Live dashboard via REST API + WebSocket streaming.

  • Persistent history -- SQLite storage with configurable data retention and aggregation.

  • Deep L7 inspection -- Optional TLS SNI and DNS query extraction for domain-level visibility into encrypted traffic.

  • Prometheus /metrics -- Native exporter for ayaflow_packets_total, ayaflow_bytes_total, ayaflow_active_connections, ayaflow_domains_resolved_total, ayaflow_deep_inspect_packets_total.

  • IP allowlist -- Restrict API/dashboard access by source CIDR.” - Ethan

Sylve - Management Plane for FreeBSD
https://sylve.io/

From the website. “Sylve is a modern control plane for FreeBSD powered by libvirt, OpenZFS, and Zelta. Sylve brings virtualization, containers, storage, and networking together in one intuitive interface giving you complete control of your FreeBSD systems.”

I’ve not tried it, but perhaps Sylve is another angle for hosting a lab box like these folks think. - Ethan

MORE RESOURCES

AUTOCON 5 CALL FOR SPONSORS
The Network Automation Forum’s AutoCon 5 is June 8-12 in Munich. Sponsor opportunities still remain, but they’re filling up fast! If you’re a vendor, technology provider, network provider, or solutions provider, AutoCon 5 is a unique opportunity to spend time with the largest group of network automation implementers and leaders. 

The people participating in the Network Automation Forum have formed an incredible community helping each other with network automation, orchestration, observability, and figuring out what role AI can/should play in #NetOps - from a very practical perspective. 

You won’t find a better audience. Come aboard with a sponsorship. Contact us ASAP: https://networkautomation.forum/call-for-sponsors

See you in Munich! 🍻

UPCOMING LIVE EVENTS 🍕🍻

A curated list of near-future meatspace events of interest to network engineers. Sometimes a Packet Pusher or two will be there (noted below).

Subscribe to events.packetpushers.net in your calendar software.

APRIL 2026

NetAuto Episode 6 | NetAuto Group
9 April | Neu-Isenburg, Germany

Wi-Co Finland
9 April | Helsinki, Finland

TORNOG1 | Toronto Network Operators Group
13 April | Toronto, Canada (Ethan attending)

Wi-Fi World Congress USA 2026
13 - 15 April | Mountain View, CA

CaribNOG 31 | Caribbean Network Operators Group
14 - 16 April | Kingston, Jamaica

Wi-Co Philadelphia
16 April | Philadelphia, PA

Wi-Fi Design Day 2026
16 April | London, UK

Wi-Co Toronto
22 April | Toronto, Canada

Wi-Co Frankfurt
29 April | Frankfurt, Germany

MAY 2026

Extreme Connect 2026
4 -7 May | Orlando, FL (Packet Pushers attending)

NLNAM Meetup 2 | NL Network Automation Meetup
13 May | Alphen aan den Rijn, Netherlands

Wi-Co Brussels
21 May | Brussels, Belgium

(NH)NUG | New Hampshire Networking User Group (USNUA)
27 May | TBD, NH (Ethan co-organizing)

Wi-Co Memphis
29 May | Memphis, TN

Cisco Live US
31 May - 4 June | Las Vegas, NV (Packet Pushers likely)

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

SonicWall has released its 2026 Cyber Threat report. This report takes a new tack by focusing on what it calls “Seven Deadly Sins,” which are operational failures that occur across a large swathe of SMB organizations. Those sins include ignoring fundamentals, thinking you’re too small to be a target, overexposed access, and more. 

I like the idea of tying a security threat landscape report back to operational practices. Of course, there are myriad reasons for these seven deadly operational failures listed above that aren’t necessarily the fault of security and IT teams, but perhaps a clear diagnosis of the issues is a good first step. - Drew 

Nile, which provides networking and security as a service using its own software and hardware, has announced new identity-based microsegmentation capabilities. It also announced new service options including Secure Guest access, RADIUS and DHCP services, and more. Nile says its microsegmentation capabilities don’t rely on VLANs. Instead, customers set access policies around what users and devices are authorized to access, and Nile enforces that access based on user and device identities. - Drew 

Cato Networks has announced new services to help organizations stay on top of attacks and exploits accelerated by AI tools. The first is, from the press release “One-Day  Agentic Vulnerability Protection, which delivers zero time from CVE to global live protection without customer intervention. This eliminates the gap between disclosure and defense. Protections are automatically generated and deployed globally with zero customer intervention…”

Second, also from the press release, is “Zero-Day Agentic Attack Protection. By continuously analyzing activity across its global cloud data lake, Cato’s agentic systems identify the early “breadcrumbs” of attacks in progress and generate new in-line algorithms to stop them before they can evolve or cause harm.” - Drew 

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

LAST LAUGH 😆

Found on Bluesky