InfoQ Homepage Networking Content on InfoQ
-
CloudFront Adds Origin mTLS Authentication for End-to-End Zero Trust
Amazon CloudFront now supports mutual TLS authentication for origin servers, completing end-to-end zero-trust authentication from viewers to backends. The feature replaces IP allowlists and shared secrets with cryptographic verification, proving particularly valuable for multi-cloud deployments, where origins can verify that traffic originated from CloudFront without VPN tunnels.
-
How CNAME Ordering in RFC Specs Caused Cloudflare 1.1.1.1 Outage
In a recent article titled "What came first- the CNAME or the A record?" Cloudflare explains how an unclear RFC specification caused the popular Cloudflare’s 1.1.1.1 service to break. After identifying the breakage and the ambiguity in older DNS standards regarding record order, Cloudflare proposes a clarified specification.
-
AWS Previews Route 53 Global Resolver to Decouple DNS from Regional Failures
AWS previews Route 53 Global Resolver, using Anycast to decouple DNS from regional failures. It simplifies hybrid setups with unified public/private resolution, DoH/DoT, and Zero-Trust security.
-
AWS Launches Network Firewall Proxy in Preview to Simplify Managed Egress Security
AWS has unveiled the preview of its Network Firewall proxy, a managed service that optimizes proxy management and enhances outbound security for VPCs. Integrated with NAT Gateway, this tool inspects traffic through a three-phase model and supports both TLS interception and centralized models via Transit Gateway. Currently available in East Ohio.
-
AWS and Google Cloud Preview Secure Multicloud Networking
In a surprising move, AWS and Google Cloud have recently partnered to simplify multicloud networking, introducing a common standard and leveraging "AWS Interconnect - Multicloud" and "Google Cloud's Cross-Cloud Interconnect". The new option makes it easier for organizations to manage and secure workloads across both clouds, with Azure expected to join in 2026.
-
AWS Introduces Regional Availability for NAT Gateway
AWS has recently introduced regional availability for the managed NAT Gateway service. The new capability allows developers to create a single NAT Gateway that automatically spans multiple availability zones (AZs) in a VPC, providing high availability, eliminating the need to define separate gateways and public subnets in each zone.
-
Azure API Management Premium v2 GA: Simplified Private Networking and VNet Injection
Microsoft has launched API Management Premium v2, redefining security and ease-of-use in cloud API gateways. This new architecture enhances private networking by eliminating management traffic from customer VNets. With features like Inbound Private Link, availability zone support, and custom CA certificates, users gain unmatched networking flexibility, resilience, and significant cost savings.
-
Azure Front Door Outage: How a Single Control-Plane Defect Exposed Architectural Fragility
A recent 9-hour Azure Front Door (AFD) outage was triggered by a faulty control-plane configuration change that bypassed safety checks due to a software defect, leading to a massive blast radius and affecting M365 and Entra ID via Identity Coupling, exposing a critical architectural anti-pattern in centralized edge fabrics.
-
AWS ALBs Now Support Native URL and Host Header Rewriting
AWS's Application Load Balancers (ALB) now offer native URL and Host Header Rewriting, eliminating the need for third-party proxies and custom logic. This feature enhances request routing, reduces maintenance, and lowers latency. Easily configurable via the AWS Management Console or API, it streamlines traffic management for backend services, aligning AWS with other cloud leaders.
-
New DNS Armor Service Helps Google Cloud Workloads Preemptively Block Cyber Threats
Google Cloud's DNS Armor, in partnership with Infoblox, offers a vital layer of security against DNS-based threats for Google Cloud workloads. Utilizing advanced threat detection and machine learning, it identifies and mitigates risks like malware and data exfiltration, ensuring robust protection without impacting performance. Deployable as a managed service providing seamless control for users.
-
AWS Simplifies Multi-Region Failover with ARC Region Switch
AWS's Amazon Application Recovery Controller Region Switch revolutionizes multi-region failover with a fully-managed, centralized solution. Simplifying disaster recovery, it automates and coordinates essential tasks across AWS services. With proactive validation and a global dashboard, it transforms complex processes into confident, push-button drills, enhancing reliability and cost efficiency.
-
AWS CloudFront Adds HTTPS DNS Support
Amazon CloudFront now supports HTTPS DNS alias records in Route 53, streamlining DNS lookups by returning protocol details alongside IP addresses. This innovation accelerates page loads, enhances security against downgrade attacks, and eliminates DNS costs. With wide browser support, it significantly boosts performance and reduces operational expenses for users.
-
Overcoming Challenges with eBPF Flow IP Address Misattribution at Netflix
Recently, Netflix discussed how they utilize eBPF to accurately attribute flow IP addresses to their corresponding workload identities. After implementing this new attribution method, Netflix verified the flow logs of their cloud gateway - Zuul, and found no misattribution over a two-week window.
-
Google Cloud WAN Aims to Transform Enterprise Networking
Google has launched Cloud WAN, a robust managed WAN solution built on its global network, featuring 202 PoPs and 2M miles of fiber. It promises secure, high-performance connectivity at lower costs, addressing the complexities of modern enterprise needs. With faster speeds and significant TCO savings, Cloud WAN integrates seamlessly with existing providers.
-
Fast Eventual Consistency: Inside Corrosion, the Distributed System Powering Fly.io
Innovative cloud solutions expert Somtochi Onyekwere recently presented at QCon London 2025, unveiling Corrosion—Fly.io's advanced open-source distributed system. By leveraging CRDTs and Rust, Corrosion enhances scalability and data synchronization, addressing latency challenges and ensuring rapid, consistent application deployment across a global network of 40+ regions.