Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) IETF

NLNOG Day 2016

nlnog_logoWe’ve already reported on bits of this, but Deploy360 was supporting the NLNOG Day 2016. This was the second such event organised by the Netherlands Network Operator Group (NLNOG), and was held on 9 September 2016 in the Podium Mozaïek venue in Amsterdam; an old converted church. This attracted around 150 participants from the national and international Internet community in the Netherlands, who were treated to a programme of interesting presentations on contemporary matters and history mixed with a bit of fun.

The day kicked off with a presentation on pmacct from Paolo Lucent which is open source software that correlates different data sources including BGP, BMP and IGP and builds multiple views of network traffic for analytic, modelling or forensic purposes which can sent to message brokers. This was a similar presentation to that at SINOG 3.0, so check out the report from that meeting.

Our colleague Jan Žorž was on next with a presentation about DANE & TLS testing in the Go6lab. Again this has previously been discussed in previous Deploy360 blogs, but the Netherlands is fortunate to have relatively high deployment of DNSSEC which makes the use of DANE even more practical.

nlnog-opening

Next up was a presentation on IPv6 deployment by Sky Broadband. Richard Patterson discussed the lessons learned since they started the rollout in July 2015. Although they had to pause the rollout for six months in the fourth quarter of 2016 to ensure their RADIUS authentication and recursive DNS systems were scalable, they have now reached 90% penetration amongst customers and expect to reach 95% by the end of the year. In addition, whilst Sky Broadband experienced a widespread network outage in August, this affected IPv4 but not IPv6 connectivity, demonstrating how dual stack networking is able to function seamlessly.

Following-on was something completely different – an overview of proposed legislation that would enhance the powers of the Dutch intelligence and security authorities to collect and share network traffic, as well as the proposed reform of the European Directive on ePrivacy.

Just before lunch was a presentation from Thijs Alkemade & Christiaan Ottow from CompuTest on the problems with digital certificates used for encryption and verification on the Internet, and the widely varying standards of verification of holders employed by the Certificate Authorities that issues. It highlighted that trust relies on the reliability of the third party CAs that undertake the verification, and compared the methodology of several different CAs. This included StartCom/WoSign which not only has unclear ownership, but has been known to issue improperly validated certificates as well not automatically revoking certificates known to be compromised.

Job Snijders (NLNOG Foundation) continued after lunch with the launch of the NLNOG Infrastructure Platform. This offers free hosting on global infrastructure for Internet community related projects, kindly supported by Leaseweb.

Johan Stokking (The Things Network) then provided a useful technical overview of LoRaWAN (Long Range Wide Area Network) which is a media access control protocol for long range, low power radio networks. These networks use a star-of-stars topology in which gateways forward messages between nodes and applications using different channels and data rates depending on the radio spectrum regulations of specific geographic regions.

We already discussed Ron Broersma’s (SPAWAR-US Navy) back-to-the-future presentation on the ARPANET TCP/IP migration of 1983, whilst Ansible and FENIX were previously covered in our report on SINOG 3.0. That just left time for an appeal from Job Snijders for routing vendors to support the Internet Draft draft-heitz-idr-large-community-04 which is a new type of BGP community attribute permitting 12 bytes for specifying two 4 byte ASNs for routing policy, along with 4 bytes for defining an action.

Rounding off the day was the infamous Merciless NLNOG Quiz that truly tested the knowledge of network engineers and administrators. If you know what ‘gdate -d @0 output’ will output for ‘TZ=Europe/London’ or what the MD5 hash of ‘secret’ is, then this would have been for you. Unfortunately, the Deploy360 representatives didn’t feature near the top of the leaderboard, although Kevin did manage to take the intra-team honours from Jan which if nothing else demonstrates who knows the most pointless information!