Deploy360 IPv6

Deploy360 @ SINOG 4.0

The Deploy360 team will be supporting the 4th Slovenian Network Operators Group (SINOG) event next week. This is being organised by the Go6 Institute, ARNES and LTFE, and is sponsored by the Internet Society along with several others.

This year, SINOG is being combined with the Slovenian IPv6 summit and held as a two-day event on Tuesday, 23 June and Wednesday, 24 May 2017. The first day will be mostly focusing on IPv6, with more general networking issues being covered the following day.

There’s a great line-up of speakers on the programme too, with Ole Trøan (Cisco) providing the keynote. As well as working on a open source software router implementation called VPP, he’s also active in the IETF as the Co-Chair of the 6MAN Working Group and has authored a number of RFCs on IPv6.

Our colleague Jan Žorž will again be talking about the experiments on NAT64 and DNS64 in the Go6lab, and of course about NAT64Check. Ivan Pepelnjak (ipSpace) will also follow up on Enno Rey’s presentation at RIPE 74 on ‘Why IPv6 Security is so Hard‘ which offers an analysis of the structural deficits of IPv6 and their implications, whilst Nathalie Kunneke-Trenaman (RIPE NCC) will provide an overview of IPv6 routing in Slovenia.

The highlight of Day 1 though, is the ‘The dark Side of the IPv6 Moon’ panel chaired by Jan and featuring Ole Trøan (Cisco), Job Snijders (NTT), Ivan Pepelnjak (ipSpace) and Nathalie Kunneke-Trenaman (RIPE NCC). The focus is the deployment and operational consequences of the IPv6 architectural and standardisation decisions about IPv6, and this will discuss the real world challenges of using IPv6 in production networks.

Day 2 sees another talk from Ole Trøan on the VPP software router he’s developing. Ivan Pepelnjak will talking about network automation solutions based around small reusable components, whilst Job Snijders will introduce BGP Large Communities which is a new way to signal meta-information within and between networks.

Our other Deploy360 colleague Kevin Meynell will also be on hand with an update o the MANRS Initiative. This defines four concrete actions that network operators should implement to promote a culture of collaborative responsibility, and the next steps are to develop a MANRS certification programme as well as partnerships with IXPs.

The full programme can be found on the SINOG website. Registration is free-of-charge and open to anyone.

The event is being held at Tehnološki park Ljubljana, and is being streamed.


SINOG 3.0 in Ljubljana


The 3rd meeting of the Slovenian Network Operators’ Group organised by Go6ARNES and LTFE was held on 22 June 2016 at the Brdo Technology Park in Ljubljana. This was held the day after the Slovenian IPv6 Summit and was co-sponsored by the Internet Society; attracting another good audience of around 110 participants.

The keynote was provided by Ivan Pepelnjak (ipSpace) who continued the theme of network automation whereby any well-defined repeatable task can be automated. This is commonly applied to device and service provisioning, as well as VLANs, ACLs and firewall rules, but it can also be used for troubleshooting, consistency checks, routing and failure remediation.

Ivan PepanjakIvan went onto discuss the tools for automated network and service provisioning such as Chef and Puppet, along with automation frameworks such as Ansible, and workflow tools such as Gerrit and Jenkins. Network remediation though, was the holy grail of automation whereby networks could identify faults or degraded performance and have the ability to fix themselves. Nevertheless, development scenarios need to be avoided whereby effort is expended to improve automation, but instead additional time is spent on debugging, rethinking and improving the code to the detriment of the original labour saving reason for doing it.

Anand Buddhev (RIPE NCC) continued the automation theme with his overview of Ansible. This is a open source software platform written in Python for configuring and managing multiple Linux and Windows computers that combines multi-node software deployment, ad-hoc task execution, and configuration management. It utilises a controlling machine, with nodes being managed over SSH using modules that communicate through a JSON protocol.

Anand BuddhevThe RIPE NCC was using it to automate tasks on 585 hosts using a series of ‘playbooks’ written in YAML that provides data-oriented but human readable scripts defining the necessary tasks. It’s a lightweight yet powerful framework which is well documented on the Ansible website. Following the SINOG meeting, Uroš Bajželj also ran a hands-on workshop for those interested in using Ansible.

Tit Petrič and Marko Ambrož went on to to discuss the Docker software containerisation platform. This essentially allows a piece of software to run in a complete filesystem that contains the necessary code, executables, system tools and system libraries and thereby ensures it will run the same regardless of environment. However, Docker containers differ from virtual machines in that they share the same operating system kernel and resources which allows them to make more efficient use of memory and disk resources. Docker containers are based on open standards, enabling containers to run on all major Linux distributions and Microsoft Windows, whilst isolating applications from each other and the underlying infrastructure and providing an added layer of protection.

SINOG roomThere was an interesting presentation on the security implications of the Internet-of-Things from Milan Gabor (Viris). This focused on the vulnerabilities of devices in industrial control systems, vehicles, unmanned aerial vehicles and retail applications which often involves a multiplicity of hardware architectures, operating systems and protocols in often closed systems. There were already examples of everyday ‘intelligent’ systems being hacked such as electronic door locks, toilets, baby monitors and smart lightbulbs, as well as bigger infrastructure that included nuclear reactors and power grids. This leads to the issue of how to secure things that you can’t update, and the ongoing implications of this.

Also worth checking out was the LTE in Public Safety presentation from Maurizio Moroni (Cisco) who discussed the evolution of incompatible narrowband transmission systems used by different public safety organisations (e.g. police, fire and rescue, medical and security services) towards using common LTE based data services. Whilst this is expected to take a number of years, the LTE can offer better use of existing public infrastructure, improved interoperability and quality of service, as well as the ability to use data communication as well as voice.

SINOG PCFinally, for those interested in network traffic telemetry, Paolo Lucente (pmacct) discussed pmacct. This is open source software that correlates different data sources including BGP, BMP and IGP and builds multiple views of network traffic for analytic, modelling or forensic purposes, and which can sent to message brokers. However, this was somewhat hampered by the availability of data and a lack of standardised mechanisms for collecting and aggregating it. He therefore appealed for network operators to take more of an interest in supporting this initiative as it had great potential for traffic engineering, capacity planning, peering and security.

All the presentations from the meeting can be found on the SINOG website.

Deploy360 Domain Name System Security Extensions (DNSSEC) IPv6

Deploy360 @ Slovenian IPv6 Initiative & SINOG 3

Go 6 logoThe Deploy360 team will be supporting the 11th Slovenian IPv6 Summit and SINOG 3 events next week, that are being organised by the Go6, ARNES and LTFE, and sponsored by the Internet Society along with several other sponsors.

The Slovenian IPv6 Summit is being held on Tuesday, 21 June 2016, and features a keynote from ICANN Board Member Lousewies van der Laan on how Internet governance impacts on operators. Patrick Fältström (NetNod) will also be speaking about the Internet-of-Things and IPv6, with other interesting talks on Automating IPv6 deployments by Ivan Pepelnjak (NIL),  IPv6 Security by Fernando Gont (SI6), and IPv6 Autoconfiguration challenges by Sander Steffann (SJM Steffann).

The afternoon session is largely devoted to case studies, including a talk on IPv6 in SPAWAR by Ron Broersma (US Navy), IPv6 in Switzerland by Silvia Hagen (Sunny Connection), and how IPv6 was deployed in LinkedIn from Stephanie Schuller (LinkedIn), with the local interest coming from Luka Manojlovič (MA-NO).

On Wednesday, 22 June 2016 is the SINOG 3 meeting which will be a mix of presentations in Slovenian and English. The keynote is being provided by Ivan Pepelnjak (ipSpace), followed by a talk on the DNS-management software Ansible by Anand Buddhdev (RIPE NCC). There’s another presentation on the security of the Internet-of-Things by Milan Gabor (Viris), and at the end of the day is an Ansible workshop led by Uroš Bajželj (LTFE).

The full programme can be found on the SINOG website and Go6 website. Registration is free-of-charge and open to anyone.

Both events are being held at Tehnološki park Ljubljana, and are being streamed.