Networking
Explore data center networking, BGP, SDN, and modern network technologies
Navigate through content by publication date
Tue, May 5
undefined items found
Why your automation stack needs Cisco Agentic Workflows
Cisco Agentic Workflows unifies existing automation tools into a cohesive, enterprise-grade strategy that acts as a force multiplier to help network, automation teams streamline fragmented tasks and attain a new level of competency and control.
A Protocol-Independent Transport Architecture
The network transport layer is increasingly implemented in the NIC hardware to meet the performance demands of modern workloads, but this has made it difficult to evolve or deploy new transport protocols. Existing approaches either fix protocol logic in the data-path or build protocol-specific assumptions into the architecture that limit the range of protocols that can be supported on a single hardware substrate. We present PITA, a protocol-independent transport architecture that enables full data-path programmability while sustaining line-rate performance. PITA eliminates protocol-specific assumptions by structuring the data-path around a uniform abstraction over events, state, and instructions, and rethinks core components, including scheduling, packet generation, and data reassembly, to operate on this abstraction. We evaluate PITA along key dimensions reflecting the goals of its protocol-agnostic datapath design. Specifically, we show that PITA supports diverse protocol semantics by showing it can implement TCP and \roce on the same data path and preserve their distinct end-to-end behavior. Through targeted microbenchmarks and synthesis on Alveo U250 cards, we show that PITA's redesigned components sustain high performance under demanding conditions, with modest hardware overhead and meeting timing at 250MHz.
Spatial-Temporal Learning-Based Distributed Routing for Dynamic LEO Satellite Networks
In this paper, we propose a spatial-temporal learning-based distributed routing framework for dynamic Low Earth Orbit (LEO) satellite networks, where graph attention networks (GAT) and long short-term memory (LSTM) are integrated within a deep Q-network (DQN)-based architecture to enable distributed and adaptive routing decisions based on local observations. The routing problem is formulated as a partially observable Markov decision process (POMDP) to address partial observability under dynamic topology and time-varying traffic. Simulation results show that the proposed method significantly outperforms conventional and learning-based routing schemes in terms of throughput, packet loss, queue length, and end-to-end delay, while achieving proactive congestion avoidance with up to 23.26% queue reduction. In addition, the proposed approach maintains low computational overhead with negligible carbon emissions, demonstrating its efficiency from a Green AI perspective.
Early-Stage IoT Device Identification Using Passive Network Traffic Analysis
The rapid proliferation of Internet of Things (IoT) devices introduces significant security challenges due to limited visibility and weak device-level guarantees. Accurate and timely identification of devices is essential for enforcing network policies and detecting unauthorised hardware, yet existing approaches often rely on long-term traffic observation, payload inspection, or infrastructure-dependent features. In this paper, we investigate whether IoT devices can be reliably identified during the early stages of network attachment using only passive traffic analysis. We propose a lightweight approach based on flow-level features extracted from metadata, avoiding payload inspection and active probing. Through systematic evaluation across multiple observation windows, we show that device-specific signatures emerge within the first few seconds of communication, enabling high-accuracy identification (up to 99%) across 37 IoT devices. Notably, extending the observation window does not consistently improve performance and may slightly degrade accuracy, indicating that the most discriminative behaviour occurs during initial device startup. These findings demonstrate the feasibility of fast, privacy-preserving IoT device identification at the network edge, supporting real-time enforcement, device inventory, and anomaly detection in practical deployments.
Choir: Tackling RTBC Performance Impossible Triangle with 5G Collaboration
Real-time broadband communication (RTBC) scenarios, such as cloud virtual reality and 8K live streaming, further raise the criteria of the performance triangle, requiring video bitrates exceeding 30 Mbps, tail delay below 50 ms, and fairness guarantees for multi-user concurrent access. Based on our testing and analysis, existing RTBC-oriented rate control solutions, including end-to-end algorithms and network-assisted algorithms, fail to simultaneously satisfy all performance metrics. The native dynamic delay and physical-layer resource allocation strategy inherent to the 5G radio access network (RAN) are the key reasons. These solutions lack adaptation to the 5G architecture, leading to reduced decision performance. This paper proposes Choir, an innovative collaborative solution mainly deployed on 5G base stations that deeply integrates 5G radio characteristics and video streaming traffic patterns to guide efficient sender-side rate control. Extensive simulation and testbed evaluations demonstrate Choir's significant performance in achieving high average bitrate, low tail delay, and inter-flow fairness across different 5G network scenarios.
Analyzing Unsolicited Internet Traffic: Measuring IoT Security Threats via Network Telescopes
Network telescopes serve as a critical passive monitoring tool for capturing unsolicited Internet traffic, providing insights into global scanning and reconnaissance behavior. This study analyzes a 10-day dataset during January 2025 consisting of approximately 22 million packets collected by the ORION network telescope at Merit Network. By employing privacy-preserving metadata analysis and lightweight behavioral heuristics, we identify scanning and backscatter patterns without payload inspection. Our results reveal a highly structured and centralized ecosystem, where the top 1% of source IP addresses generate over 81% of total traffic. A significant finding is the dominance of Port 23 (Telnet) and Port 2323 (Telnet Alt), which highlights the persistent nature of IoT security threats and widespread attempts to exploit weak credentials in legacy IoT devices. Furthermore, synchronized surges in packet volume and Shannon entropy indicate coordinated, multi-vector reconnaissance campaigns. These findings offer a practical framework for identifying large-scale threat activity and support cybersecurity research and education.
Tool Use as Action: Towards Agentic Control in Mobile Core Networks
Artificial Intelligence (AI) will play an essential role in 6G. It will fundamentally reshape the network architecture itself and drive major changes in the design of network entities, interfaces, and procedures. The adoption of agentic AI in next-generation networks is expected to enhance network intelligence and autonomy through agents capable of planning, reasoning, and acting, while also opening up new business opportunities. Under this vision, existing network functions are expected to evolve into AI-enabled agents and tools that deliver both connectivity and beyond-connectivity services. As an initial attempt to move toward this vision, this paper presents a tool-based interface design and an experimental prototype that are based on agentic AI for the mobile core network, with the Model Context Protocol (MCP) and the Agent2Agent (A2A) protocol as foundational protocols. MCP is selected to design the interface between the agent and network tools, and the A2A protocol is used for message exchange between AI agents. In such an experimental setup, we analyze packet-level message flows between the agents, tools, and network functions and break down the latency of end-to-end operations, starting from the prompt injection until the completion of the input task. This work demonstrates how an AI agent-based core network combined with network-specific tools can be utilized in next generation mobile systems to execute intent-based tasks.
ARP Issues in EVPN Centralized Routing Design
Adding IRB to a EVPN MAC-VRFs (the fancy way of saying stretched VLANs) seems like a no-brainer: Add IP addresses to VLAN interfaces Optionally add a shared anycast gateway Declare “Mission Accomplished” (and try to ignore the inevitable phone call at 2 AM on a Sunday night) Making that work in a multi-vendor environment is even more fun1, as I sadly discovered when creating the EVPN lab exercises or trying to figure out why some EVPN implementations were failing netlab EVPN int...
NB573: Cisco Open-Sources OpenClaw Protection; T-Mobile Taps Starlink for Broadband Redundancy
Take a Network Break! It’s a busy show this week. We start with follow-up on Anthropic’s Project Glasswing, router bans, and end-of-engineering/end-of-support date changes for Fortinet’s FortiOSv7.4. Our Red Alert warns of 13 critical CVEs in the Linux kernel (all of which can be addressed by updating to version 7). On the news front, Cisco... Read more »
Selecting the Right AWS VPN Solution: A Decision Framework
Introduction This post is intended for networking engineers and architects evaluating AWS VPN options (200-level content). It assumes familiarity with basic AWS networking concepts such as virtual private clouds (VPCs), virtual private gateways (VGWs), and transit gateways (TGWs). If you are new to AWS VPN, the AWS VPN User Guide provides foundational context. Organizations implementing […]