SwiNOG #39, 25. September 2024, Berne

Network Disaggregation is not a new concept; it has its roots in the disaggregation of personal computers and the subsequent disaggregation in hyperscale data centers. Now, the disaggregation of telecom networks is the last frontier that is happening today.

No network is completely stable, and the backbone is no exception. By injecting controlled failures into the network, we can identify vulnerabilities, design flaws, and performance bottlenecks. The presentation will focus on the implementation in a simulated network and on the benefits of Chaos Engineering.

The INPG Stack (Infrahub, NUTS, Prometheus and Grafana) provides an automated approach to network testing, offering visualised results for enhanced visibility. The INPG Stack automates the generation and execution of tests for all network devices, thereby addressing a significant challenge in modern network management where manual testing remains prevalent. By reducing the time required for testing and ensuring networks are continuously updated and tested, the INPG Stack enhances the efficiency and reliability of network operations. This system represents a notable advancement over traditional manual methods, offering scalability, maintainability, and improved performance visibility through its automated processes and integration of open-source tools.

GitOps is a widely used term, and the CNCF GitOps Working Group has defined 4 principles: “Declarative,” “Versioned and Immutable,” “Pulled Automatically,” and “Continuously Reconciled.” This presentation explores what it means for network automation or network operations to adhere to these principles. Tools like Kubnet (learn.kubenet.dev) or the newly released Infrahub from OpsMill make it easier to create GitOps solutions, and this will be demonstrated in the presentation.

With the speed of 400G coherent technology was introduced to pluggable optical transceivers (OIF 400ZR and OpenZR+). This technology is complex and powerful for your network, it even has influence on your network device operating system.
This talk will provide first insight in Nokia’s implementation as well as known or potential interoperability issues addressed by the OIForum. If your transport system, router or even switch already provides coherent pluggable transceivers check the available interface parameters. You can send me these CLI outputs / management software screenshots to thomas.weible@flexoptix.net. I will try to include it into the presentation.
And finally new formfactors for 800G and 1,6T will be part of the game as well. Stay tuned….

Using 5G fixed wireless access as a transitionary technology before deploying full-fibre to the home/business/farm/barn. This talk is about projects carried out on the Orkney Islands, in the far north of Scotland, UK. Lots of photographs and discussions about building access networks serving remote rural locations with their own environmental challenges. Parts of this talk have been given at UKNOF (focussed on “automation”), NetMcr (focussed on “rainy and windy POPs”), and GEANT’s SIG-NGN (“the first fibre-in-pipe deployment in the UK”), but it’s the first time I intend to bring together all the technologies into one big talk.

Swisscom’s plan to monopolise the future fibre optic network by building a point-to-multipoint (P2MP) topology instead of the traditional point-to-point (P2P) network topology was prohibited by the Swiss Competition Commission. The effects of this decision, the future rollout of the fibre optic network and the possible development of the Swiss telecoms market will be presented in the lecture.

An Internet provider must be able to intercept Internet traffic, like IP, VoIP and e-mail, if a legal warrant is submitted. There are commercial solutions as software, hardware and services to handle this. With OpenLI there is open source software for implementing LI. This talk will show the software, how to implement it and real use cases.

OpenLI (openli.nz) is an open source implementation of Lawful Interception (LI) based on the ETSI specifications for LI (ETSI 102 232). The origin of the software is from the University of Waikato in New Zealand. In New Zealand (and also in Australia) the ETSI standards are used for telecommunication including lawful interception. Therefore this open source software can also be used in Europe.

We use the ETSI standards and have a Dutch specification for the Dutch implementation (ETSI-IP.nl). The OpenLI software is adapted to fit for the Dutch situation.

The following topcis will pass in the session:
1. Brief introduction on the ETSI standards for LI
2. Brief introduction to the Lawful Intercept proces
3. Introduction on the OpenLI software
4. Implementation of OpenLI – how you can install and use it

Network attacks, including Distributed Denial-of-Service (DDoS), continuously increase in terms of bandwidth along with damage and have a devastating impact on the targeted companies/governments. Over the years, mitigation techniques, ranging from blackholing to policy-based filtering at routers, and on to traffic scrubbing, have been added to the network operator’s toolbox.
The presentation will outline what possibilities exist for mitigating DDoS attacks at SwissIX.

More and more service providers no longer have IPv4 addresses. CGN offers the possibility to counteract this shortage technically. However, there are some challenges here that are presented in the lecture.

In this presentation, we will begin with a brief introduction to our company, followed by an exploration of the limitations we’ve encountered using Juniper SRX firewalls in cluster mode. We will discuss the specific challenges we face and how these impact our operations. Finally, we will share how we aim to address these issues through the implementation of MNHA (Multi-Node High Availability) and the potential improvements it offers.

SCION is a secure path-aware Internet architecture developed in Switzerland that is designed to achieve high resilience to routing attacks and offer path selection for Internet users and operators with safety critical traffic such as in the financial and healthcare sectors. RPKI/ROV is useful for origin validation but does not validate paths, ASPA is still an evolving technology, whilst BGPSEC has yet to be widely deployed and needs explicit router support along a path to achieve the full benefits.

SCION has commercial and open-source implementations and is in production use by the financial services and healthcare industry in Switzerland and internationally. It is currently supported by Swiss ISPs and SwissIX, is being evaluated for use in government, power utility, aviation, military and other applications, whilst a number of vendors are also interested in implementing it in their products.

This talk will discuss the SCION design and architecture, its trust model, how it can be deployed, as well as some deployment experiences to-date. It will also discuss the IETF/IRTF work, and the community efforts supported by the SCION Association to encourage further deployment and development.