Chris: 0:13

Hello, hello and welcome back to another episode of the Cables to Clouds Fortnightly News episode. So in this episode today, what we're going to do is go through a few news articles that have come out over the last few weeks that we found interesting Maybe a little bit of cynicism sprinkled in, as usual, but yeah, let's hop into it. So I am your host today. My name is Chris Miles at BGP Main on Blue Sky. Joining me, as always, is my co-host, who I'm running out of adjectives to describe, tim McConaughey at Carpe-DMVPN on Blue Sky. So let's go ahead and hop right into the news.

Chris: 0:51

So, as you may be aware, in the US just in the last couple weeks we had Google Cloud Next, which is basically Google Cloud's annual conference that they hold. We've put a wrap-up in the show notes kind of covering conference that they hold. Uh, there is, we've put a wrap up in the show notes kind of covering everything that they announced, because that list is quite lengthy and uh, there's a lot of things sprinkled in there about, um, uh, two word acronym that you can probably guess Um, but we have uh, one, one announcement out of this that we wanted to touch on, which was, uh, the announcement of, uh, a service that they have. They must have had a lot of trouble trying to name this thing called CloudWan. So you know, as you know, cloudwan is already a pretty prominent product offered by AWS, but Google has come to the table offering a similar service called CloudWan. I will say that the you know.

Chris: 1:45

Obviously the description of this will be in the show notes, but they really focus on two predominant use cases here for Google Cloud WAN, use case, one being high performance connectivity from regional data centers to cloud. So it's leveraging some of their existing services like Cloud Interconnect and Cross Cloud Interconnect, which, basically Cloud Interconnect, is your means of connecting. So it's leveraging some of their existing services like cloud interconnect and cross cloud interconnect, which, basically cloud interconnect, is your means of connecting your, your on-premises data centers to google cloud. And then you have cross cloud interconnect, which is the, the service you use to facilitate connecting your google cloud environment to other clouds like aws, azure, etc. And then they this I believe this is a new service that they've introduced called Cross-Site Interconnect, which is basically like a layer two extension between your cloud interconnects.

Chris: 2:35

So I'm thinking this is going to be similar to a service like SiteLink or something like that, so that you can have this Cross-Site Interconnect act as your kind of DCI connection between your cloud interconnect circuits. And then there's a use case two, which is about premium tier networking for branch and campus. So this is kind of an amalgamation of a number of services listed in here, so network connectivity center, so NCC cloud interconnect, ncc gateway, which is kind of that gateway service for connecting NCC to other services, cloud next gen firewall, cross cloud interconnect and some other open ecosystems for services like SSE, things like that. So I will say this is not quite what I expected when they announced something called CloudWay and I thought it would be a little bit more similar to AWS's offering, but I think there is enough differentiation here to be worthy. So, yeah, how do you feel, tim? What are your comments on this?

Tim: 3:40

Yeah, I mean other than the name being exactly the same, of course. What I find interesting about Google's version of this is that Google's version does seem to be closer to the actual spirit of the word. I guess WAN in this case like cloud WAN, not so much in the first use case. You know that first use case seems pretty obvious. You're going to have some kind of high performance connectivity from you know on-prem to middle mile or to the cloud directly, and this new layer two connectivity is going to be definitely, I'm sure, like middle mile circuit stuff, you know like Equinix or maybe not Megaport, but like Equinix or something. I'm not sure how the layer two connects. I guess it depends on whether it's a real layer two connection or it's emulated layer 2, you know like tunnel, you know Q&Q or something like that. But yeah, the use case 2 very much feels like true WAN replacement, at least that seems like. You know.

Tim: 4:35

Look at the diagram. It's in the we'll have it all linked in the show notes. Basically it has NCC being a central hub to centralize, to conglomerate all these services together. So, like Chris was saying, like SD-WAN and then, of course, any kind of service that you would expect your branch to want to leverage right. Instead of going straight to Zscaler or three other different SSC providers or something like that, they're saying why don't you just bring their connectivity to us and then we'll be kind of the glue that holds the whole thing together and then you can peel off or add new services?

Tim: 5:11

So interesting offer. Definitely, like I said, closer to the whole WAN thing, I am curious to find out who, besides people who already use Google as their primary provider, will actually want to centralize their branch services like this with NCC, because I mean NCC by itself. Even though this offers a service where, hey, you know, you can bring in all of your branch services and then just essentially connect us to your branches with NCC, I still feel like there's a whole big chunk of the cloud piece missing. Not missing, but just like without it it wouldn't be as strong a value prop on its own.

Chris: 5:48

Yeah, I think we kind of talked about this before we hit the record button, but I think a bit of this kind of relates to how Google does networking, quite different than all of the other CSPs out there. Out there, um, like a lot of it seems like a lot of encouragement from Google is to for customers just have one VPC, like just have a global VPC deployed across every region that they want presence in, and everything resides in the same VPC. And you know, that is very different to what you would do in AWS, because you can't even have, you know, subnets that go multi-region, uh or multi-az at that, uh, at that comment there. But, um, so, like this, this idea of like leveraging ncc as a true like backbone type thing, um, it seems nice. I just don't typically see customers consuming cloud in this way um, yeah and the I mean they obviously there's.

Chris: 6:45

There's a lot of commentary in here about how this can reduce tco up to 40. Yeah, that Google Cloud. If Google is your primary cloud, then this may be a no brainer for you. But yeah, very, very interesting offering. I'll say yeah for sure.

Tim: 7:14

I think we're going to need to wait and see who adopts and how they end up using it. Yep, agreed, all right, okay. So now we have an article from Bleeping Computer about well, it's been all over the news so I'd be amazed if somebody hadn't seen it already but the whole MITRE losing funding bit for the CVE program. It just so for those who maybe didn't already know, and I'll dig into the article here in a second about a week or two ago I think, maybe two weeks now the uh mitre announced basically that the um that they had lost funding well, not lost funding, it just wasn't going to be renewed for the, the new year um and because of that funding loss they were going to no longer going to be able to administrate the cve program.

Tim: 8:02

The common vulnerabilities, next points uh, which is kind of the backbone of cybersecurity notification, if you will right. It's. You know MITRE is a nonprofit. It's you know its whole purpose is, well, not whole purpose, but a large part of its purpose is administrating the CVE program and that means you know that takes money, that takes time, that takes obviously a lot of resources to not only administrate the program but then provide all of the you know websites and everything for it, anyway. So they lost funding because the government basically was not going to renew the contract because there's a big surprise there. Luckily, cisa has stepped in. Cisa, the government sorry the government arm, if you will, of cybersecurity. I forget what CISA stands for.

Chris: 8:52

Cybersecurity and Infrastructure Security Agency.

Tim: 8:55

That's, it Could not just blank completely out of nowhere on that one. So, yeah, so they've stepped in. They provided an 11 month bridge contract, basically, um, I am curious what is going to happen after this is over, uh, the 11th month. So actually I'm kind of curious what's going to happen even before 11 months are over, because you know something that basically was the gold standard for the entire world cybersecurity database is has been shown to be essentially vulnerable to the whims of of government. So you know, I was reading another article that, uh, maybe we'll, maybe we will include that one in the probably won't cover it, but we'll might include it in the show notes about how the Europe is already standing up its own, you know CVE type of of thing, and we're, you know, here comes the fracturing of that, uh, the effort.

Tim: 9:42

You know, to the point where CVE won't be the only thing out there. You'll have other ones that track them differently or God knows how that's going to work. When you start assigning, you know a vulnerability that now carries a CVE number and some EU number and God knows what else kind of number that down the sign. So it's going to be really complicated, man. But yeah, it's absolutely insane to me. I don't know. What do you think?

Chris: 10:04

yeah, I mean the. This bleeping computer article does briefly touch on at the end, that the european european union agency for cyber security, or enissa, has launched their program that embraces a multi stakeholder approach by collecting publicly available vulnerability information from multiple sources. So they wanted to kind of be, um, not open source, but you know what I mean kind of more widespread and not tied to a single entity. My thing is, I don't know like maybe this was brought up several times, um, prior to this date, but I feel like I didn't hear jack shit about this until the day that the funding was running out and like, oh yeah, after today, it's, it's over. Like we, we have no, no funding. Like how in the fuck did it get to the last day before?

Chris: 10:49

This was like a known thing amongst the community and like, like you said, the, the exact like the. The concerning part is that the gold standard for what vulnerabilities exist from a cyber security perspective could have been gone like that, like in an instant, just like overnight, and and it got extended for 11 months. So you know what, maybe we'll be having the same conversation in, uh, you know, on March 16th 2026, but I don't know. It's just like. That's absolutely insane. Um, I actually do need to dive into that and maybe find out how. I want to see all the points in time that led up to this, because I feel like someone should have known this.

Tim: 11:27

Yeah, although, to be fair, it's not uncommon for government contracts to essentially run their course and then just be renewed.

Chris: 11:35

Like I'm assuming that what?

Tim: 11:36

happened is that there was an 11th hour, you know, doge cut or something that, that that impacted this when it was expected to be renewed. I'm thinking that it's the only thing that makes sense, right, like otherwise. I would assume MITRE would have, up until this point, been like hey, we're about to lose our funding. Hey, we're going to lose our funding, like it had to have been. Oh yeah, of course, you guys are going to get funded. We've been funding you to the point where you know. And then, all of a sudden, elon, you know, was tying his shoes or something and saw the words CVE somewhere reflected in a monitor and decided they needed to cut it. I don't know, man.

Chris: 12:06

I mean in that same breath, like I don't think. If anyone's been watching what's been happening with the administration, I don't think you can assume anything is going to be renewed right.

Tim: 12:16

Yeah, that's true With the things that they're cutting.

Chris: 12:19

So it probably should have used a little common sense there, I think. But you know I'm not going to throw stones. I don't know what happened. I'll look into it later and I'll get back to you. Yeah, all right.

Chris: 12:32

Next up, much more lighthearted announcement from the Azure Networking blog. So they have announced Microsoft Azure has announced the general availability of route maps for Azure Virtual WAN. So huge congrats to AWS or not AWS, sorry, azure route maps, which is something that has been kind of a staple for network engineering for several, several years, Probably. What are we going back like 20 years at this point, maybe more. So basically they've they've added a route map functionality for virtual WAN and if you're unfamiliar with route maps, it's basically a, a semi-complex like condition, match and and and manipulation of route advertisements, where you can set you know, match conditions, you can set actions and things like that.

Chris: 13:28

It's very useful for manipulating things like AS paths or doing summarization or, you know, allowing or blocking added communities, things like that, which is all pretty much baked into this looks like day one, so, you know, very cool to see this. I'm kind of wondering why we didn't see this sooner. This seems like a relatively simple operation. You know like there's route maps in use today that do far more complex things like than this. You know like Cisco, I think even has RP um, rpl, right I don't know if that's really in in big use still today the route policy language um, which was introduced with iOS XR um where you can do way more complex stuff, and it's almost like programming for for uh, for um, route routing protocols.

Chris: 14:18

but, um, yeah, cool to see this. Um, don't know if it'll we'll see increased adoption for VWAN from this, but maybe we will. If you're waiting for route maps to pull the trigger on VWAN, then this is probably a good day for you.

Tim: 14:32

But yeah, I don't know how you feel, tim implemented, and remember that you got to look at all of this through the lens of.

Tim: 14:44

You know you're consuming a service from the provider. The provider actually has access to everything that's possible under the hood. What they're showing you and what they're allowing you to do, that's the. That's the thing, right?

Tim: 14:55

So route maps are actually extremely powerful and can do a lot more than this article says that they can do, but these are the services that Microsoft has essentially vetted and then made available, created the programming, if you will, the front end and the programming and the back end to make you know it, so that you can go in, go through their UI or their CLI or API calls, whatever, and actually send these commands that are, you know, can make these route changes on the backend, underlay, ultimately, vwan Azure routers that exist in a data center somewhere, right? So, yeah, I mean so. With that in mind, it looks like, hey, they don't offer certainly they're not any network person like a CCIE or something would look at this and be like, oh my God, this is barely any kind of route map. But honestly, in the cloud, I mean, what else do you need beyond communities, you know, as path and route prefix filtering, like that's all you're probably ever going to need in the cloud. You know you're not doing anything super complex.

Chris: 15:58

Yeah, especially with something like VLAN, which already has kind of its own defined um route selection and things like that. You're you don't want to mess with too many things under the hood, or else, um, you know you're gonna.

Tim: 16:10

You're asking for pain, basically right, and so you know, honestly, the stuff they've actually I they offered more with this than I thought they would like.

Tim: 16:20

There's actually some really cool stuff in here, like for, for example, they have a thing with a prefix replacement where this is, like you know, this is not a way a network person would ever think to do it, but essentially this is how you would summarize, right, this is how you could summarize from, say, you receive a component routes of 10.0008, but you only, for whatever reason you know, want the 10. Zero, zero, slash eight, to go in. So normally, you know you would, you would trans, you would with routing protocols and stuff. You would do this a different way. You would use a summary command under the routing protocol that you're using, like BGP, for example. In this case they're saying you don't have access to any of that. So here's how you can do that same thing that you would expect to be able to do. So it's a little different, but I got to say I'm looking at it. I'm not seeing any extra functionality that's missing that I would have wanted.

Chris: 17:12

Yeah, and I think this kind of comes back to something that we've talked about on the show for a while, whereas cloud has kind of been this environment where you've had people that don't really know networking, managing networks right, you've had developers kind of spinning up VPCs and VNets with the same side arranges over and over and kind of learning the hard way that you know things don't function that way, that you know things don't function that way. I wonder if some of the language that they've used here, like you know, kind of replacing route prefixes versus summarizing route prefixes, I wonder if that's just kind of catering to who they think will be managing these environments, which is totally fine. But, like you said, I feel like there's some, you know, just kind of my you know, networking PTSD gets a little. Uh, it's a little triggered when I see just kind of replacing routes um with with things without kind of strong conditions in there.

Chris: 18:09

Um, but to your point, like you know, kind of they've kind of scaled back the complexity from a networking perspective on what you can really have as far as you know loops and things like that Um. So I mean I guess, I guess maybe this meets the criteria for for the environment that it's in. But um, yeah, it's just just I'm thinking, maybe it's kind of catering to the audience, but I don't know.

Tim: 18:32

Yeah, the one that gives me hives from a networking perspective is the one where you can match and then remove all the AS paths from the path. That just really messes with me, because I'm thinking like, oh good, so we're going to introduce loops, but anyway.

Chris: 18:47

I imagine if you're removing all of them, you're not removing your own right.

Tim: 18:50

You're still going to put the whatever, I would assume not the Azure one is the what is it?

Chris: 18:53

1.2, whatever. Oh, I assume not. The Azure one is the what is it?

Tim: 18:56

One, two, whatever? Oh man, I don't keep it off, yeah.

Chris: 18:58

I don't remember.

Tim: 18:59

It's a public one. It's a public AS. That I don't remember.

Chris: 19:02

I mean I don't think they're going to change the rules, whereas, like, when they advertise this outside of VWAN, that they're not going to put their own AS number. That's like a general rule that I think everyone has to follow, follow for for it to meet the standard. But yeah, I know what you mean. So that's kind of like if you're a, if you're a developer, and you see that like, oh, I don't need all these asns.

Tim: 19:27

I'll just get rid of them like bad move buddy. Um, yeah, so we'll see. All right, uh, one more. And uh, this one is from tech crunch, so this one is yeah, okay, so I'll just, I'll just roll into it. So the former CISA director, the former director of CISA under Trump, chris Krebs, basically has being targeted by the Trump administration, essentially because he failed to prove that the 2020 election was stolen from Trump. It doesn't make any sense. Oh, yeah, that's right. Yeah, it was, because he basically debunked the false claims about the, about it being rigged in 2020. So I'm so confused.

Chris: 20:18

Yeah, it's. We put this in here just because it said like he was going to basically resign from his position at Sentinel-1 to challenge this federal investigation, which is just yeah. The investigation claims that he falsely and baselessly denied the 2020 election was rigged and stolen. That's right.

Chris: 20:37

When, like I mean this is, this is a person that, like Trump, appointed to be the director of CISA during his first term, right, so it was like, and he's like, if anyone's going to have, like Chris Krebs is a very well-respected person in the world of cybersecurity for the most part. If he was claiming that there was no you know kind of tampering with the election, I imagine he's got security to back or, sorry, he's got evidence to back this up, Whereas the current administration seems to be doing things without a whole lot of you know, investigation and fact based evidence on the decisions that they're making. So this just seems like bullying man, Like I don't think anything's going to come of it. It's just really kind of maybe a jab at Chris Krebs for something that he did years ago.

Tim: 21:32

Yeah, it's crazy. Notice that they also stripped him of a security clearance.

Tim: 21:36

Like this has happened this is not just Krebs, right, like this has happened multiple times now. This administration is systematically finding people that doesn't like and stripping them of their security clearance. Like the there was a journalist. There's some journalists that just or no law. It was a lawyer, it was a, it was a law um firm I can't remember, uh, the name I left up my head. It happened really recently and they lost their like security clearance and stuff like right, just for no reason other than you know they.

Tim: 22:04

It was one of the firms that was investigating trump. Uh, you know, for one of the uh, I forget which federal one, if it was the the one about uh it misuse of campaign funds or whatever it was. But, yeah, they was completely punitive. They had no reason to do it. They just went after them and took their security clearance. So this is this weaponization. Is uh is terrifying, right, because they've just essentially killed that. They could have killed that firm basically took their security clearance. So this is this weaponization. Is uh is terrifying right, cause they've just essentially killed that. They could have killed that firm basically, and maybe they have because of their clientele needs, you know, might need security clearance to to deal with the clientele they have. So, um, we're going to see more of this and I, I, I don't know what the answer is of how you, how to fight against it.

Chris: 22:41

Yeah, I don't, I don't think this has necessarily been like the first domino to fall or anything like that. I think we've already seen several dominoes. At this point, um, this one's just kind of coming from a different direction. But you know, I don't, I don't necessarily want to get too political on this show, but this is just like. This is just insane, like, uh, it's, it's. The administration is venturing too far into into the realm of technology for for me to be comfortable not speaking up about some of this stuff.

Chris: 23:07

So it's it's just, you know, it's going to get worse, I think, before it gets any better. So I guess we will, we will strap in, yeah.

Tim: 23:17

All right. Well, on that exciting note, we should probably go ahead and wrap up for the day.

Chris: 23:24

Yeah, so if you made it this far, thank you so much for listening. This has been the Cables to Clouds Fortnightly News Update. Again, we put all of these articles that we covered today into a Google Doc, which is available in the show notes. So if you want to read any more, if you really want to look at what was announced at Google cloud next 2025, highly recommend looking in there, because we put the full wrap up link in there. Um, and if, uh, if you don't already subscribe, you know, hit that little subscribe button. Let us, uh, let us know what you think about the show, tell a friend about the show and, uh, we will see you again in two weeks, take care.