• Human Infrastructure
  • Posts
  • Human Infrastructure 443: Modern DC Design, Turning Linux Into a Router, and More

Human Infrastructure 443: Modern DC Design, Turning Linux Into a Router, and More

AuthorAuthor

Drew Conry-Murray & Ethan Banks
April 09, 2026

THIS WEEK’S MUST-READ BLOGS 🤓 

Phil Gervasi explains the traffic patterns found in a data center built to deliver AI magic, and what a network looks like that can effectively support those patterns.

The core issue that many of us might not have faced before? Phil explains, “Traditional data centers deal with many short-lived flows, whereas AI data centers do not. Instead, typical traffic during training runs in an AI data center is long-lived, high-bandwidth elephant flows in synchronized bursts at line rate. On top of that, you still have to deal with incast and microburst conditions.”

Phil goes into plenty of detail from there to help you understand the topology & techniques used to minimize latency & loss to keep those GPUs busy. - Ethan

In this post, Patrick explains how a packet moves through a Linux device. From there, he explains how to turn a Linux host into an Internet gateway complete with DHCP & DNS services as well as Wi-Fi access. Here are the 7 changes he works through.

  1. Activating IP Forwarding

  2. Defining The Bridge

  3. Activating nftables policies

  4. Stateful Firewalling with conntrack

  5. Defining NAT and Masquerade policies

  6. Vending DHCP and DNS with dnsmasq

  7. Vending WiFi networks with hostapd

Between How to turn anything into a router I found for last week’s issue and this article, I really want to take a little Raspberry Pi or similar and attempt to work through one of these projects. Time to dig through the gear drawers and see what I have lying around. - Ethan

You’ve done SSH with password. You’ve probably done SSH with keypairs. SSH with certificates? I bet there’s fewer of us that have performed that feat. But Jan-Piet thinks it’s a worthy idea, and explains both the why and the how in this blog. - Ethan

TL;DR: Filippo anticipates that a cryptographically relevant quantum computer (CRQC) could emerge in as few as 33 months, based on some recently published papers. Yes, there are caveats and suppositions, so it’s fine not to take 33 months as gospel. But the larger point of his blog is to say that a CRQC emerging in our lifetimes is now more likely than not, which means the tech industry needs to get more serious about deploying and supporting post-quantum cryptography (PQC). 

This post also examines the practical implications of rolling out PQC in areas including key exchange (inelegant but doable), symmetric encryption (not a problem), trusted execution environments (f*cked), and cryptocurriences (better start now!). 

For additional perspective, Filippo gets into an interesting back-and-forth on Bluesky with crytopgrapher Matthew Green, who bets against a CRQC emerging in the next ten years, never mind 33 months. - Drew 

Bruce Davie has written a quick (sorry, couldn’t resist) overview of some aspects of the QUIC protocol, which is becoming a more widely used alternative to TCP for Web applications. The post looks at QUIC’s use of variable-length header fields, how QUIC layers in with TLS, and QUIC’s use of streams within a single connection to better support the needs of request/response applications. - Drew 

This is a cri de coeur of an academic who worries that grad students who lean on AI to do the gruntwork of research and calculations will produce results, but won’t have any understanding of what they mean. 

The parallels between academia and technical disciplines are quite clear: The point of the grunt work is that that’s how humans learn. People learn by making mistakes and trying again. Over and over. If AI agents take away those opportunities for failure, we the humans miss out on the act of building our own knowledge.

The author writes “The failures are the curriculum. The error messages are the syllabus. Every hour you spend confused is an hour you spend building the infrastructure inside your own head that will eventually let you do original work. There is no shortcut through that process that doesn't leave you diminished on the other side.” - Drew 

MORE BLOGS

NANOG97
NANOG, the North American Network Operators Group, meets three times a year, and the next meeting is NANOG 97 in Bellevue, WA, June 1-3, 2026. Register today at nanog.org.

The format is educational talks from people who are on the cutting edge of networking, along with social events and a peering forum. You can get some human networking done while you're there, too. The hallway track is a key element of having conversations above and beyond the sessions, and the Beer N Gear. NANOG is big brains solving big problems, and you're there right in the thick of things. 

The content is by and for engineers. You're hearing from people you might not otherwise have access to. And you get to talk to them afterwards, which is pretty cool. Register for NANOG 97 at nanog.org

TECH NEWS 📣

The TL;DR here is that if you rely on AWS in any of the Middle East regions, consider where else you might move those workloads and services to service your customers. Although the war situation is fluid, the short-term prognosis is poor for cloud-scale data centers in the region. Bahrain is, of course, the most notably impacted at this time.

Click through for more details about impacted locations & availability zones and how AWS is instructing their teams internally. Perhaps also keep your eye on this AWS health status page. - Ethan

I don’t care about Meta’s latest AI model. I’m just including this because of the headline. Well done, El Reg. - Drew 

MORE NEWS

FOR THE LULZ 🤣

Shared on the Packet Pushers Community Slack by Aaron.

RESEARCH & RESOURCES 📒

SubnetLab Pro v15.0 - Learn networking, and not just subnetting
https://chaithu-lets-code.github.io/SubnetPro/

SubnetLab Pro has many excellent features to help you get your head around subnetting...AND SO MANY MORE THINGS. To think of SubnetLab Pro as just for subnetting is not correct.

It's honestly overwhelming how much information is here, and not just stuff to read. There's interactive exercises, diagrams, simulations, and animations hitting routing, switching, IP services, and IPv6. There's even a troubleshooting section with predefined broken network scenarios to work through.

In this LinkedIn post, creator Chaithanya Katari says, “All of it is: ✅ 100% free ✅ No login, no ads ✅ Works completely offline ✅ Single HTML file — open and go. If you're studying for CCNA, CCNP, or CCIE — or if you're a working network engineer who needs a quick reference — I built this for you.”

Thanks, Chaithanya! - Ethan

SRv6.md - The open-source knowledge base for Segment Routing over IPv6
https://srv6.md/

In this LinkedIn post, Daniel Navas says, “I've been deep into SRv6 lately, studying it, implementing it, breaking things, fixing them, and falling in love with how elegant network programming can be when you let IPv6 do the heavy lifting.

And somewhere along the way, I realized something: the learning resources for SRv6 are scattered everywhere. RFCs here, vendor docs there, a blog post from 2021 that's half-outdated. If you're a network engineer or DevNet engineer trying to wrap your head around Segment Routing over IPv6, you know exactly what I mean.

So I built something about it.”

He built SRv6.md. There’s a lot of information on the site already, but you can contribute to this project on GitHub to make it even better. - Ethan

sentence2IPv6 - encode a v6 address as an English sentence
https://sentence2ipv6.tib3rius.com/

This quirky little site converts an IPv6 address into a sentence that, in theory, you can remember. You can remember it better than you can remember 128 bits represented as hexadecimal, anyway.

For example, one of the packetpushers.net quad A records resolves to 2606:4700:3033::6815:5087. Encoded on sentence2IPv6, 2606:4700:3033::6815:5087 comes back as, “How popularly the vulgar peoples exist the new time beyond new time where german averages refuse.”

Then if you paste that sentence in, you get the hex address back. Is this useful? I don’t know! Interesting nonetheless. - Ethan

If you’ve wanted to try your hand at building an AI agent to help you with network ops tasks, this workshop might be of interest. The instructor, Sif Baksh, is a member of the Packet Pushers Community Slack. This is from the description of the workshop:

“This hands-on workshop is built for network engineers who are done waiting for a tool that fits. You will build a working AI agent from scratch, connected to real Arista cEOS devices, and leave with production-ready code you can take back to your environment and adapt immediately. No mock demos. No stopping short of deployment.”

You have to pay to attend the workshop, but if you use the link above, it comes with a 30% discount. - Drew 

MORE RESOURCES

UPCOMING LIVE EVENTS 🍕🍻

A curated list of near-future meatspace events of interest to network engineers. Sometimes a Packet Pusher or two will be there (noted below).

Subscribe to events.packetpushers.net in your calendar software.

APRIL 2026

TORNOG1 | Toronto Network Operators Group
13 April | Toronto, Canada (Ethan attending)

Wi-Fi World Congress USA 2026
13 - 15 April | Mountain View, CA

CaribNOG 31 | Caribbean Network Operators Group
14 - 16 April | Kingston, Jamaica

Wi-Co Philadelphia
16 April | Philadelphia, PA

Wi-Fi Design Day 2026
16 April | London, UK

Wi-Co Toronto
22 April | Toronto, Canada

Wi-Co Frankfurt
29 April | Frankfurt, Germany

MAY 2026

Extreme Connect 2026
4 -7 May | Orlando, FL (Packet Pushers attending)

NLNAM Meetup 2 | NL Network Automation Meetup
13 May | Alphen aan den Rijn, Netherlands

Wi-Co Brussels
21 May | Brussels, Belgium

(NH)NUG | New Hampshire Networking User Group (USNUA)
27 May | TBD, NH (Ethan co-organizing)

Wi-Co Memphis
29 May | Memphis, TN

Cisco Live US
31 May - 4 June | Las Vegas, NV (Packet Pushers likely)

JUNE 2026

Wi-Co Oslo
3 June | Oslo, Norway

AUTOCON5 | Network Automation Forum
8 - 12 June | Munich, Germany (Packet Pushers attending)

HPE Discover 2026
15 - 18 June | Las Vegas, NV

INDUSTRY BLOGS & VENDOR ANNOUNCEMENTS 💬 

Anthropic claims that the latest version of its general-purpose LLM, dubbed Mythos, has identified thousands of critical and high-severity vulnerabilities in open-source and closed-source software. Anthropic also says the LLM has proven adept at writing exploits for these vulnerabilities. That sounds…worrying.

This post from Anthropic’s red team explains how the company tested and evaluated Mythos’s ability to find and exploit bugs. The team also provides details about three bugs: one each in OpenBSD, FFmpeg, and an unnamed virtual machine monitor (unnamed because the vulnerability had been reported but not patched when the blog was posted). The authors repeatedly stress that they can’t say more about the thousands of other bugs because they are working with developers, both open-source and corporate, to validate the vulnerabilities and patch them before they release details. 

On one hand, that’s commendable. On the other hand, it’s hard not to get a whiff of marketing hype. “Hey, guess what? We built a product that could kill all your software. Thank goodness it can also protect all your software. How many licenses should we sign you up for?” 

The authors of the post state that the benefits of this model will, eventually, accrue to defenders rather than attackers. They write “In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships.”

Maybe. In the meantime, it’s hard not to feel like a hostage as Anthropic waves this gun around.  - Drew  

Dell’Oro analyst Mauricio Sanchez shares insights from dozens of vendor conversations at RSA Conference 2026. The big takeaway, he writes, is that “the market is not collapsing into one monolithic control plane, but it is consolidating around a smaller number of them inside the existing pillars of identity, endpoint, network, cloud, application, data, and security operations.” There’s other insights as well, including his take on platformization, why endpoint security is becoming more relevant, AI’s role in governance, and more. - Drew 

MORE INDUSTRY NOISES

DYSTOPIA IRL 🐙

Sam Altman May Control Our Future—Can He Be Trusted? - New Yorker
https://www.newyorker.com/magazine/2026/04/13/sam-altman-may-control-our-future-can-he-be-trusted

This is a long piece. I deleted about 45 minutes of my life working through it. You should read it, too—not because it’s a hit piece on Sam Altman, because it isn’t exactly that.

Yes, you’ll come away understanding that Altman’s track record is that of a sociopathic liar who can expertly manipulate others and is motivated by power. That storyline occupies most of the New Yorker’s prose. But I believe that element of the story is best framed in the larger context of why AI is seeing so much money invested into it.

You could see this piece as the setting for a near-future dystopia. Or not. The outcome doesn’t have to be bleak, but I find it difficult to see otherwise considering where the financing for AI builds is sourced from and the powers behind that money.

I hold onto the hope that AGI is out of reach for LLM technology, as many experts suggest. - Ethan

TOO MANY LINKS WOULD NEVER BE ENOUGH 🐳

  1. A Few Good Magazines from the 70s and 80s (some of these were staples in my home growing up) - bi6

LAST LAUGH 😆

Who else but Network Phil