Networking

We flipped our edge servers from CUBIC to BBR and measured the actual win for our traffic, which was smaller than the marketing suggests

A pattern I now use for testing every firewall and routing change before it touches the edge: cheap, repeatable, and on a laptop

I set up BGP between two homelab routers to learn, and reached some unromantic conclusions about when it earns its keep

A perfectly-working WireGuard tunnel that failed only on video streams, and the diagnosis that made me finally understand MSS clamping

An internal service stopped accepting a client cert after a seemingly innocent renewal, and the issue hid in the SAN encoding

Every non-cluster DNS lookup in our pods was paying for five failed attempts first, and lowering ndots cut tail latency significantly

After years of excuses I enabled IPv6 end to end at home, and most of the friction came from devices I did not expect

A short bpftrace script that pinpoints which process and peer are responsible for TCP retransmits on a noisy box

After a decade on nginx, two weekends of YAML and a lingering distaste for certbot cronjobs made me try Caddy for my homelab ingress

After a year of running both, here's where each one earned its keep and where I'd pick differently next time

A long-lived HTTP connection got RST every 12 hours, and the answer lived in the intersection of conntrack, a load balancer, and a very patient test

A one-line bpftrace probe that ranks processes by the number of TCP retransmits they're causing.

A two-hour outage caused by a harmless-looking rule insertion into the wrong chain position, and what I learned about nftables evaluation

A checklist of the settings I reach for when a Go service needs to talk to an upstream that's... not great

Most Go HTTP tests I see are mocked when they should be using httptest.Server, and it shows