Tim McConnaughy: 0:14

Hello and welcome back to another episode of the Cables to Clouds Fortnightly News. I'm your host this week, tim. I'm actually just now getting back from London where I attended CubeCon and because it is at the moment, it's only four in the afternoon here on the East Coast, but man, I feel I'm already starting to drag. I already had to have a cup of coffee and, yeah, last night I went, we got back last night and I think I went to bed at like 8 pm. I was trying, I was fighting to stay up but I couldn't do it.

Tim McConnaughy: 0:42

But anyway, with me, as always, is my co-host, chris Miles, at BGB Main on Blue Sky, and yeah, we'll just launch right into the news. We have some interesting stuff, some fun stuff that's happened within the last couple weeks, so yeah, we'll just roll right into that. The first article comes to us from Network World and it's called Tariff War Throws Building of Data Centers into Disarray. And boy, I wish it was just the data centers that got thrown into disarray on that one. So for anyone who's been living under a rock, of course, the president of the US, donald Trump, has just rolled out a continually escalating series of tariffs on enemies. Allies probably would do it on aliens if he could prove they exist.

Tim McConnaughy: 1:32

But yeah, so this, of course, has thrown everything to incredible uncertainty, especially for tech companies that, basically, are planning major capital improvements, right? So within the last six months to a year, we've been reporting multiple stories about how Microsoft, google, aws just all sorts of people are planning to build these giant data centers, either for cloud expansion or, more recently, for AI expansion. And, surprise, surprise, doing that costs a lot of money and requires an insane amount of planning and raw materials. And raw materials is really what's, uh, what's going on here. So I mean, the article talks about this. There's a lot of uncertainty uh, being put into this. I mean, this is, you know it? This actually reminds me a little bit of a few years ago, uh, during COVID, when, like, building materials, like wood and everything was. You know, if you're building houses and stuff you, you would find the cost for building a house just went up like 20% overnight and changed, and it's it's very much, very much the same here, except on a giant scale, you know, you know, just following up with that, just just to go ahead and throw it in there together and we'll talk about it a little bit.

Tim McConnaughy: 2:44

There's another article we have from Network World saying European cloud group invests to create what it dubs the Trump-proof cloud services initiative. This is not at all surprising. I think some of this was probably already in flight even before Trump announced all these tariffs, but the idea is that there are a lot of service providers public cloud or private cloud or whatnot so just traditional service providers in the EU. Of course, you know different countries and everything, and they're trying to essentially build an initiative. Is it called the Fulcrum Project? Is that right? Is that what it's called?

Chris Miles: 3:20

Yeah, that's right.

Tim McConnaughy: 3:21

Yeah, yeah, I don't have the article right up in front of me, but yeah, the Fulcrum project basically aims to create a almost like a federated services initiative, kind of like how you can federate with Active Directory, kind of like that, but like amongst all of the different providers that are out there. So think about, you know, you have all these small business, small, medium business, targeted service providers in the EU that maybe only carry a certain number of services, like a couple of things that they do well, but you want to. You know, you don't want to have to go to the CS, the major cloud providers that are going to have all the services. So you have this, this kind of opportunity to use these, these small cloud services, but have the still have some hopefully amount of ease in federating them all together. So it's a really ambitious idea. Yeah, I don't know Anything to add there. What do you think?

Chris Miles: 4:11

Yeah, I mean, obviously these articles kind of go hand in hand when we're talking about tariffs and things like that. But I think kind of the major piece that you called out in the first article is, like these tariffs don't really take into consideration the entire supply chain for some of these pieces that go into building digital infrastructure. Right, like there was, I think there was exceptions put in for things like semiconductors and things like that, but like, everything else that goes into building a data center is still at a very high price point. When it comes to the tariffs, so like and that's like, this is a thing that is not, it's not unique to technology in any way. Right, that is not, it's not unique to technology in any way.

Chris Miles: 4:54

Right, like we're talking about um, even the supply chain of like, um, uh, cars, cars, agriculture, et cetera, like, like oranges. I saw somebody kind of diving into like what it costs to put a tangerine, like a Florida grown tangerine, into um, a uh, into a supermarket, and like when it comes to the truck, the packaging, the labels, the netting that you buy the, the oranges, and all of that is manufactured outside of the outside of the country, so that naturally things are going to uh rise in price and and data centers are of no exception. Um, it's funny because the I think the ultimate like message of that article is basically, if you're looking to buy, like build a huge data center, just wait it out. Like put a pause on it, just wait it out. Um, because he's he's obviously very ephemeral with these things. Right, the the tariffs seems to change on a, on a relatively regular basis.

Chris Miles: 5:47

Yeah, um, someone, I heard someone say yesterday, I think it was like oh. Say yesterday, I think is like oh well, when it comes to trump, like if he says anything, wait 72 hours and see if that's right.

Chris Miles: 6:00

That's still what the what the actual uh um truth is, um, but I mean, we are like what I think these ones were announced like last week, right, so we're, yeah, uh, we are past the 72 hour mark, I think. So, um, not looking great, not looking great Um, but yeah, with this Fulcrum project and kind of these, um, uh, this Trump proof um cloud services that they're building, um, super interesting Um, you know, they kind of talk about the investment in this Fulcrum project, which they're talking about an investment of like 1 million euros, and we know like seed money that's.

Chris Miles: 6:36

That's peanuts like at the end of the day, right Compared to what um people are investing in the in the hyperscalers, but um very cool idea and, like I said, like you said, very targeted at SMBs and smaller organizations that um want something more local to them, rather than feeding into the, the grand hyperscalers, where they may be subject to regulations and things outside of the control.

Tim McConnaughy: 7:00

Yeah, exactly.

Chris Miles: 7:02

But yeah, I think one interesting piece that they called out in this article as well was that it's kind of redefining, for at least EMEA, what data sovereignty means to them. It's less about where data lives. It's almost like taking one step further Now. It's about who the cloud provider is and means to them. It's less about where data lives. It's almost like taking one step further Now. It's about who the cloud provider is and who controls them. So it's, yeah, super interesting. Not sure how it's going to shake down, but it is eye-opening for sure.

Tim McConnaughy: 7:30

This is interesting because I was just at, like I said I was just at KubeCon and the amount of European service provider practitioners that I was just at, like I said, I was just at KubeCon and the amount of European service provider practitioners that I talked to, was it just it opened my eyes. I had no idea how many European service providers there are out there. I mean just all. I must've talked to 10 different people and I think almost all of them worked for a different, you know, public cloud provider or private cloud provider in the EU. So this idea of federating to get around the the major, like juggernauts, it's, it's almost like an underdog story. You kind of you kind of want to see, see it succeed a little bit and see how it goes. It's, it's a really cool idea. Like I said, like we're saying it's, I'd like to see some legs on it, you know, before it gets squashed by somebody with too much money.

Chris Miles: 8:24

All right. Next up we have an article from Bleeping Computer. So if again you've been living under a rock, or maybe you just don't consume Oracle Cloud services. Oracle has finally started to admit that there was a data breach of their environment. So specifically, it sounds like there was a breach of Oracle Cloud in a quote-unquote legacy environment I think they were calling it Oracle Cloud Classic or something like that through some kind of older Java exploit, and it's funny because they spent so much time denying it, like even talking to journalists and saying yeah, like there was no breach.

Chris Miles: 8:58

There was. You know, no Oracle Cloud customers were impacted. But now it sounds like they've kind of come to the table and say that you know there were. I think I'm trying to look how many thousands of records were exfiltrated from the environment. Exfiltrated from the environment and it was funny they were still denying it while there were organizations actually coming to the table and saying, like actually, all this Intel that is in this database about us is true, so they know they had to get it somehow. So, yeah, not a good look for Oracle. I mean, you know breaches happen, happens to everybody, but you know, I think it probably could have been handled a little better, for sure.

Tim McConnaughy: 9:37

Yeah, I mean, there's such a trust problem here Like I don't know what to say. Like it's one thing if you suffer a breach and your customer's data gets impacted or whatever, but when you deny it, even though the people you know selling the data basically are proving that, hey, actually this is real data from your customers and your customers are saying, actually, yeah, that's our data. Like who? At that point, who are you even trying to fool? Like your own customers just said this is our shit. I don't even know what the point is at that point.

Chris Miles: 10:10

It's like it's like a shaggy thing right. Yeah right, it wasn't me it wasn't me, you know.

Tim McConnaughy: 10:19

Yeah, that's it. I definitely get the shaggy vibe from that one. So what is the point? At that point, your customers can't even like. I don't think your customers can trust you. So I don't know what to say about that other than it would have been better just to admit that some part of your organization was breached and just be clear about what that was, and also be clear about what you've done to resolve it.

Chris Miles: 10:43

Like everybody else, I mean, obviously this is this is only impacting customers that have been relatively longstanding with Oracle Cloud as well, right, so this is like an environment. I think that was deployed in like pre 2017. As well, right, so this is like an environment. I think that was deployed in like pre-2017. So this is um the the overall impact of like their well over like their total range of customers I would think was pretty low.

Tim McConnaughy: 11:04

Um, it's probably customers that have had some longevity there yeah, but the article mentions that the data that was stolen was recent like so. So there's some, either some lateral movement or some some way that the they were able to leverage this breach to yeah, six million yeah, get into the real, like the, the gold mine or whatever.

Tim McConnaughy: 11:24

Um, yeah, true, that's newer. So, yeah, the initial vector may have been that legacy situation or that legacy environment, rather. But, yeah, according to this article I mean the sub, you know many of the things that were shown on that website to be stolen are are new, like 2025, new data yeah, it said um all of them allegedly stolen from oracle cloud's federated sso login servers yeah, there was, there was still live yeah, true, so, yeah, um, so oracle definitely has a bit of egg on their face from this, but you know, as always, they should be able to bounce back.

Chris Miles: 12:01

But yeah, not a good look for the next few months at least.

Tim McConnaughy: 12:06

Yeah, I think the best look would have been just to say hey, we got hacked and this is what we're going to do, like every other normal person you know does. And this is what we're going to do, like every other normal person you know does. I don't know who decided that I'm, you know, to play the shaggy card. I don't, I don't get it 100%.

Chris Miles: 12:23

All right. Next up, we have an article here from CSO Online talking about a surge in threat actors scanning for Juniper, cisco and Palo Alto network devices. So it you know kind of relatively generic message across the board for each one of these vendors, there's basically been a surge of actors looking for either scanning these services offered by each vendor or looking for default credentials across the board. I think even Palo said that they mentioned there was a significant surge in login scanning activity targeting their Global Protect portals, which are obviously publicly accessible. They said over the last 30 days they saw 24,000 unique IP addresses attempting to access these portals, although they don't mention any login attempts, just like scanning from each of these IP addresses, which is a bit strange. But yeah, I think there's even mention in here of the issue the known vulnerability with Cisco smart licensing as well and then even mentions what is this.

Chris Miles: 13:33

Yeah, t128 username and password, 128t routes Sounds like a generic login for maybe some kind of platform that was maybe acquired by Juniper at some point. So don't know if this is. You know, it's kind of just generic botnets and obviously this is there's been an uptick in this targeting here. Don't know if this is something related to AI. Maybe some of this is being automated and why it's being done at a broader scale. But, yeah, just make sure you are, make sure, aware of these, make sure your platforms are patched, make sure you're not using default passwords. Yeah, I think that's the general sentiment here.

Tim McConnaughy: 14:13

Yeah, I can't even imagine the idea of putting a network device publicly accessible with default credentials. Now, I mean, the article does mention for each of the vendors Juniper, Cisco and Paolo what type of vulnerability or scanning or, you know, login attempt or whatever it was that's happening, and it does point out that you know for Cisco, of course, Cisco disclosed a smart licensing. Vulnerability was last year, and in that case there was a default hard-coded credential that customers didn't even see, Like, wasn't even. You couldn't change it anyway, Like. So that's a different kind of exploit, Although, boy, that one's pretty bad. But then again, you know, like I said, that's, everybody has something going on, Everybody eats, yeah, everybody rides that train eventually, yeah, we're not throwing stones, it's more.

Chris Miles: 15:07

It's about the response that train eventually. Yeah, we're not throwing stones, it's about the response.

Tim McConnaughy: 15:10

that's important, yeah, and the responses again, especially contrasting this with the previous article. They're getting it out there to do this stuff. So I think, yeah, so the AI thing, I think that I mean, obviously it's being automated, there's no question about automation, the scanning that's happening being automated, there's no question about automation there's. You know, the scanning that's happening is automated, there's no question about that. I think that I wonder if we're seeing more of an uptick in the or if this is. This doesn't feel sophisticated, right, it feels like a shotgun, like all scanning is. But I wonder if this is. If you remember, like when Kali and other automated penetration tools were kind of made more available, you kind of had the. Even before that, actually you had the whole script kitty thing where everybody could just get scripts and anybody could launch an attack and be a hacker if you will. I wonder if there's some of that going on, because we've seen time and again and again how easy it is to prompt, evade, Like you know, do the thing, you know, poison the prompt where you can actually get an AI to do some things for you or give you some information that you probably it probably is told not to give you. It's criminally easy to do. So, yeah, I think we're seeing an uptick, but I don't know if they're, I don't know if it's related. I think we will eventually, if not now, see more attacks, just because it becomes more and more easy to launch this. You know, to find this info and launch these kinds of attacks from anybody. All right, let's see.

Tim McConnaughy: 16:40

We got one more here and this one's pretty, I mean. Yeah, I didn't see it coming, although I just don't think it's. It's not the most interesting article, but it is. It is very relevant to cloud networking. So AWS has kind of announced the general availability, at least in some regions, for its route server. Construct base is basically, if you know, Azure route server. It's basically ARS, it's almost entirely the same. The idea is that you can have a third party virtualized device that can form a BGP neighborship with this route server, and this route server will handle propagating all of the routes that are learned into VPCs, right? So think TGW without the TGW part, right? Yeah?

Chris Miles: 17:27

The simplest way I usually think of these route server things is kind of like a BGP route reflector, so it's typically not in the data plane at all. It's really just doing the facilitation of propagating BGP routes. That's its sole purpose, that's it. So yeah, like you said, tim, I did not see this coming because you do see adoption of it in Azure. But Azure also has a very distinct architecture that they push people towards, like if we're talking about the landing zones or even the VWANs of what people are using, whereas I don't see that requirement that much in AWS with kind of the architectures that you build with TGW.

Chris Miles: 18:08

Obviously, there's exceptions to that rule, but one thing that drives me crazy, man, is whenever AWS puts out a new service, they'll have documentation out day one. They have, you know, kind of general availability out day one. The diagrams are shit Like. There's not even like, not even like. I know this. This is a service that they offer. There's going to be like one of their little unique icons that they're gonna make for it but on these diagrams they just put you know a, a white square that says route server.

Chris Miles: 18:37

It's like come on, guys, this is, this should be the easy part. Is the the marketing piece?

Tim McConnaughy: 18:41

yeah, I was, I was reaching it, uh, reading the documentation and it's basically like, yeah, I, I'm still, I'm with you. I don't a hundred percent understand. It's like the point with ARS. It makes perfect sense the way that Azure does its routing. With AWS, you have TGW and it's not as abstracted as like VLAN is. It's very, very much, very, very uh in the data plane. It's very simple. Um, so this kind of out-of-band route server thing is almost like why?

Chris Miles: 19:14

would I use this?

Tim McConnaughy: 19:14

instead of a TGW. I guess if we're just peering, if you just don't want a TGW, but we're going to do VPC peering or something, I'm still trying to wrap my head around what the use case is here as well. But there's quotas and it costs what? $0.75 an hour.

Chris Miles: 19:29

It's not cheap. I mean, ars isn't cheap either. Well, no, that's true.

Tim McConnaughy: 19:31

It makes sense, but at least with a yeah. And this is the part where maybe, once I figure out what is the, what is the point of your, of this new service? Because I mean they even in the documentation say, is that you know, if you want to propagate routes into a tgw route table, use transit gateway connect.

Chris Miles: 19:45

So you can't even use it with TGW right.

Tim McConnaughy: 19:48

Which is what 99% of AWS customers that need to move traffic are probably already using right.

Tim McConnaughy: 19:55

Which either this, or CloudWin, which has managed TGW. So, yeah, this strikes me as a we don't want to build a small. This is more like a small. This seems like a small medium business play where, like, for whatever reason, they don't want to build a small. This is more like a small. This seems like a small medium business play where, for whatever reason, they're not using a TGW, they don't have a big enough environment. For whatever reason, they're just not using a TGW.

Chris Miles: 20:15

Here you go, here's your way to do third party yeah it's funny they launched a very similar service to something that's in Azure, but it's completely different from how it's used in Azure, Because in Azure it's like you're typically connecting it to express routes and your landing zone and things like that, but this one you don't do any of that, at least day one.

Chris Miles: 20:35

So yeah, quite odd, I imagine to your point. It's probably there's a certain subset of customers that have been asking for this for a while, so that's probably why the documentation is quite light. I would think Maybe they're getting it out there just to service the people that they know that need it and it'll kind of grow into something beyond here. But yeah, it's just. I mean it's cool, but I'm still scratching my head Like I don't foresee any kind of clients that I interface with in cloud using this anytime soon.

Tim McConnaughy: 21:04

Yeah, I'm also struggling with it. Even in their diagram it doesn't make sense. You've got two private subnets and the same VPC, a device A and device B, right, and then you're peering with these endpoints and the endpoint peers with the route server and the route server is updating the two private subnet route tables. I'm just thinking like, what is the situation where I needed to do?

Chris Miles: 21:23

this, yeah, so we'll include the link in the show notes. So if you if you're else, you want to have a look at the documentation. Have a look through it and and let us know if you're also scratching your head and if you can think of an exact use case where this, this makes sense that maybe we're not thinking of. Let us know.

Tim McConnaughy: 21:38

Love to hear it yeah, absolutely all right, and with that I think we are ready to close it out this week. Um, so hope you guys enjoyed the uh fortnightly news. If there's anything we missed that you think was a bigger story than what we covered, uh, please drop us a line. You know, post on blue sky, or send us a message. Hate mails fine, call us likes that yeah, call us names.

Tim McConnaughy: 22:00

You probably do that anyway, so we just want to know what you're calling us yeah, right, yeah, we just want to know so we can start using the names ourselves. That'd be fine. Yeah, anything you want to do to give us any feedback on how much you hate this project that we're doing, that would be really appreciated. All right, we'll see everyone next time for the Fortnightly News. Take care, see you, see you guys, see ya.