Agenda @ SwiNOG #37
|08:15||60min||Registration, Coffee & Gipfeli|
|09:15||10min||Welcome, Agenda||Simon Ryf||SwiNOG|
|09:25||30min||Evolution of DPDK Controlplanes|
Pim van Pelt is known for SixXS, a global IPv6 tunnelbroker which ran from 2001-2017. In this journey, he found that kernel routing at scale (many interfaces, many prefixes or many packets/sec) were better handled in userspace than server kernels (either FreeBSD or Linux). Today, Pim operates IPng Networks, a small network using software-based routers which will give silicon-based routers a run for their money.
In this talk, we will explore Intel's DataPlane Development Kit (https://dpdk.org), open source dataplane solutions such as VPP (https://fd.io), DANOS (https://danosproject.org), DPDK based loadtesting (https://trex-tgn.cisco.com) and discuss performance benchmarking results from the field.
|Pim van Pelt||IPng Networks|
|09:55||35min||Evaluating a DNS Servers value in a DDoS attack|
DNS reflection attacks are a favorite protocol for botmasters to pummel a victim's network. The attackers usually benefit from poorly configured DNS servers: A small request of 60-80 byte can elicit a response of 4000 byte or more.
This talk introduces the tool DNS hammer, which can analyze a DNS servers value to an attacker. The presentation also covers methods to limit the DNS servers value without impact on the production network.
|Eduard Blenkers||Kantonale Verwaltung Aargau|
|11:00||20min||IPFIX Export at IXPs – Benefits and Tools|
As traffic engineering and discovering beneficial peering partners is of growing importance for today's network operations, insights in traffic statistics become an increasingly valuable resource for right decision making. Also, coping with DDoS attacks might require better understanding of the traffic that crosses the infrastructure. The IPFIX Export at IXPs helps to deliver these pieces of information.
This talk presents the implementation of a non-disruptive multi-tenancy software for exporting customer's IXP flow data. Also, the Internet Protocol Flow Information Export (IPFIX) protocol is being introduced. Open-Source tools for customers to use this service are also presented.
This service is productive at some DE-CIX IXPs and available free-to-use for all its customers. We hope to motivate other IXPs to also provide a similar service.
|Thomas King||DE-CIX Management GmbH|
|11:20||30min||The design and implementation of a BGP speaker|
Over the last year AS210036 has been developing a BGP speaker implementation for research and development of BGP technologies. The aims of this project include greater programmability of the control plane, decoupling BGP from routing devices, and providing an API to enable development of new BGP features easily. In this talk we will present the software design, go into some of the architectural decisions, and explore some potential future research directions that this work can enable.
Traditional SwissIX Update
|Manuel Schweizer||SwissIX Internet Exchange|
|13:30||20min||How we inadvertently made the fastest Internet access|
How we did it, what were and still are the challenges, why did we do it.
|13:50||35min||Network Analytics with BMP, IPFIX and YANG Push|
BMP (BGP Monitoring Protocol) is actively being developed at IETF. Thomas will give you an update on the latest developments, how BMP can be used to correlate with IPFIX collected forwarding-plane metrics and used for routing and peering visualization. Further dig into how Network Telemetry data collection at Swisscom is scaled and integrated into Big Data by leveraging eBPF and anycast load balancing.
|Thomas Graf & Marco Tollini||Swisscom|
|14:25||25min||HACK YOURSELF – Find it before they do!|
Why it is worth hacking your own IT security infrastructure on a regular basis? This presentation will show how hackers proceed during an IT attack (CyberKillChain), which validation options exist for the IT security infrastructure and how to proactively monitor the efficiency of this cyber security infrastructure.
|Christian Hirsch||Emitec Datacom|
|15:25||30min||Discover the power of the Segment Routing encapsulation|
The talk contains an overview of the Segment Routing technology. It gives an introduction to Segment Routing with the MPLS (SR-MPLS) as well as IPv6 (SRv6) data plane. Besides, it shows the advantages, applications, and a further outlook on the technology.
|Severin Dellsperger||INS - Institute for Networked Solutions|
|15:55||15min||Quad9 recursive DNS services|
Quad9 is a non-profit Zurich-based organization that offers recursive DNS services which include malware filtering and high privacy guarantees. This talk will cover some of the mission and features of Quad9, and also will touch on some of the technical delivery components of how the service is deployed
|16:10||10min||CommunityRack.org & Community-IX – Update|
Lightning talk update on CommunityRack and Community-IX
|16:20||10min||How (NOT) to do a presentation|
415 Unsupported Media Type
Please be aware that the 3G (vaccinated, cured, tested) rules are applied for the event. With the latest update (see below) all attendees have to wear masks.
For further information about the situation in Switzerland click here.
Update 26. November 2021: Unfortunately the Canton of Berne stated, that beside the certificate obligation there is now a requirement to wear masks (except speakers). Details here.
Guten Park im Grünen
Sponsors of SwiNOG #37