InfoQ Homepage Networking Content on InfoQ
-
Cloudflare Introduces Support for ASPA, an Emerging Internet Routing Security Standard
Cloudflare recently announced support for ASPA (Autonomous System Provider Authorization). The new cryptographic standard helps make Internet routing safer by verifying the path data takes across networks to reach its destination and preventing traffic from traversing unreliable or untrusted networks.
-
Standardizing Post-Quantum IPsec: Cloudflare Adopts Hybrid ML-KEM to Replace Ciphersuite Bloat
Cloudflare has extended hybrid post-quantum encryption to IPsec and WAN traffic, standardizing its SASE stack ahead of the NIST 2030 deadline. By adopting a streamlined ML-KEM key exchange, the move addresses long-standing "ciphersuite bloat" in quantum-resistant IPsec. The update aims to neutralize "harvest now, decrypt later" threats without requiring specialized hardware upgrades.
-
Cilium at Ten Years: Stronger Encryption, Safer Policies, and Clearer Visibility for Large Clusters
Cilium 1.19 has been released, marking ten years of development for the eBPF-based networking and security project. There isn’t a flagship feature in this release; instead, it focuses on security hardening, tightening encryption, refining network policy behaviour, and improving scalability for large Kubernetes clusters.
-
CloudFront Adds Origin mTLS Authentication for End-to-End Zero Trust
Amazon CloudFront now supports mutual TLS authentication for origin servers, completing end-to-end zero-trust authentication from viewers to backends. The feature replaces IP allowlists and shared secrets with cryptographic verification, proving particularly valuable for multi-cloud deployments, where origins can verify that traffic originated from CloudFront without VPN tunnels.
-
How CNAME Ordering in RFC Specs Caused Cloudflare 1.1.1.1 Outage
In a recent article titled "What came first- the CNAME or the A record?" Cloudflare explains how an unclear RFC specification caused the popular Cloudflare’s 1.1.1.1 service to break. After identifying the breakage and the ambiguity in older DNS standards regarding record order, Cloudflare proposes a clarified specification.
-
AWS Previews Route 53 Global Resolver to Decouple DNS from Regional Failures
AWS previews Route 53 Global Resolver, using Anycast to decouple DNS from regional failures. It simplifies hybrid setups with unified public/private resolution, DoH/DoT, and Zero-Trust security.
-
AWS Launches Network Firewall Proxy in Preview to Simplify Managed Egress Security
AWS has unveiled the preview of its Network Firewall proxy, a managed service that optimizes proxy management and enhances outbound security for VPCs. Integrated with NAT Gateway, this tool inspects traffic through a three-phase model and supports both TLS interception and centralized models via Transit Gateway. Currently available in East Ohio.
-
AWS and Google Cloud Preview Secure Multicloud Networking
In a surprising move, AWS and Google Cloud have recently partnered to simplify multicloud networking, introducing a common standard and leveraging "AWS Interconnect - Multicloud" and "Google Cloud's Cross-Cloud Interconnect". The new option makes it easier for organizations to manage and secure workloads across both clouds, with Azure expected to join in 2026.
-
AWS Introduces Regional Availability for NAT Gateway
AWS has recently introduced regional availability for the managed NAT Gateway service. The new capability allows developers to create a single NAT Gateway that automatically spans multiple availability zones (AZs) in a VPC, providing high availability, eliminating the need to define separate gateways and public subnets in each zone.
-
Azure API Management Premium v2 GA: Simplified Private Networking and VNet Injection
Microsoft has launched API Management Premium v2, redefining security and ease-of-use in cloud API gateways. This new architecture enhances private networking by eliminating management traffic from customer VNets. With features like Inbound Private Link, availability zone support, and custom CA certificates, users gain unmatched networking flexibility, resilience, and significant cost savings.
-
Azure Front Door Outage: How a Single Control-Plane Defect Exposed Architectural Fragility
A recent 9-hour Azure Front Door (AFD) outage was triggered by a faulty control-plane configuration change that bypassed safety checks due to a software defect, leading to a massive blast radius and affecting M365 and Entra ID via Identity Coupling, exposing a critical architectural anti-pattern in centralized edge fabrics.
-
AWS ALBs Now Support Native URL and Host Header Rewriting
AWS's Application Load Balancers (ALB) now offer native URL and Host Header Rewriting, eliminating the need for third-party proxies and custom logic. This feature enhances request routing, reduces maintenance, and lowers latency. Easily configurable via the AWS Management Console or API, it streamlines traffic management for backend services, aligning AWS with other cloud leaders.
-
New DNS Armor Service Helps Google Cloud Workloads Preemptively Block Cyber Threats
Google Cloud's DNS Armor, in partnership with Infoblox, offers a vital layer of security against DNS-based threats for Google Cloud workloads. Utilizing advanced threat detection and machine learning, it identifies and mitigates risks like malware and data exfiltration, ensuring robust protection without impacting performance. Deployable as a managed service providing seamless control for users.
-
AWS Simplifies Multi-Region Failover with ARC Region Switch
AWS's Amazon Application Recovery Controller Region Switch revolutionizes multi-region failover with a fully-managed, centralized solution. Simplifying disaster recovery, it automates and coordinates essential tasks across AWS services. With proactive validation and a global dashboard, it transforms complex processes into confident, push-button drills, enhancing reliability and cost efficiency.
-
AWS CloudFront Adds HTTPS DNS Support
Amazon CloudFront now supports HTTPS DNS alias records in Route 53, streamlining DNS lookups by returning protocol details alongside IP addresses. This innovation accelerates page loads, enhances security against downgrade attacks, and eliminates DNS costs. With wide browser support, it significantly boosts performance and reduces operational expenses for users.