Tag 1 - 23.11.2017

Zeit23.11.Sprecher
11:30-13:00Registration & Welcome Lunch
13:00-13:15Eröffnung & BegrüßungDENOG Orga
13:15-13:45Peering DB UpdateArnold Nipper
13:45-14:15200G over Alien WavelengthMoritz Frenzel / Marc Helmus
14:15-14:45Secure your server's IPMI remote managementWerner Fischer
14:45-15:15IP Quo vadis Prometheus?Richard Hartmann
15:15-16:00Kaffeepause
16:00-16:45Lightning Talks
16:45-17:00DENOG Vereinsgründung (Ankündigung)DENOG
17:00-17:30Verification of RFC 6980 Implementations on varying Operating SystemsJacky Hammer
17:30-18:00Contemporary Linux NetworkingMaximilian Wilhelm
19:00Social Event @ Corroboree, Kasinostr. 4-6 (Fußweg)

Tag 2 - 24.11.2017

Zeit24.11.Sprecher
09:00-09:30Lightning Talks
09:30-10:00Automation for Network Lab EnviromentsTobias Heister
10:00-10:30Automating Juniper Devices with AnsibleRudolph Bott
10:30-11:00DENOG Vereinsgründung (Gründungsversammlung)DENOG
11:00-11:45Kaffeepause
11:45-12:15Alice-LG Looking glassStefan Plug / Matthias Hanning
12:15-12:45Routing Software vs. Hardware RoutersOliver Knapp
12:45-13:00Abschlussdenog e. V.
13:00Farewell Lunch

 


 

Vorträge am Tag 1 - 2017-11-23


PeeringDB Update
Arnold Nipper, PeeringDB
PeeringDB has been around for 14+ years and has been extremely useful to the peering industry. Since early 2016 PeeringDB is an association with members from all over the world. Board elections have taken place three times already. Quite a few policy documents make PeeringDB a sound organisation having also a sound commercial backing through continous sponsorships from smallest to large companies. The board has delegated the future development and the day-to-day work to two committees, the Product Committee and the Admin Committee. All this work is voluntary work. Since 2016-03-15 PeeringDB 2.0 is live and has been a big success. The Product Committee is constantly gathering input from the community for bug fixes as well as new features. PeeringDB 2.0 also comes with a powerful API which makes it easy to integrate it into any automation.
back to top

 

200G over Alien Wavelength
Moritz Frenzel and Marc Helmus, Globalways AG and Gasline
Alien Wavelengths have been around since ages, and have been specified within ITU-T G.698.2, at least for DWDM applications at 2.5 and 10 Gbit/s with 100 GHz channel frequency spacing as well as applications at 10 Gbit/s with 50 GHz channel frequency spacing. Howsoever it is 2017 and the demand for higher bandwidths is there, therefore we went ahead and performed tests with multiple vendors over a span from Stuttgart to Frankfurt with a 50GHz Alien Wavelength.
back to top

 

Secure your server’s IPMI remote management
Werner Fischer, Thomas-Krenn AG
“Virtually every server has a dedicated remote management chip in the form of an IPMI Baseboard Management Controller (BMC). This controller is independent of the actual server, but has direct access to its hardware for control and monitoring purposes. These features are also quite desirable to manage servers remotely.

Two factors, however, have prompted security experts to devote themselves closer to these management chips:

  1. The firmware of an IPMI BMC is usually an embedded Linux, which must be regularly updated with security updates.
  2. The IPMI specification has some security design weaknesses.

In the previous years, security analyzes published in this context revealed major flaws and the IPMI firmware images did not show a good testimony. For administrators reason enough, not to operate IPMI interfaces publicly on the Internet - so one should actually mean. Network scans carried out on a large scale showed that hundreds of thousands of servers can be accessed publicly via the Internet via IPMI.

The lack of awareness about existing risks and non-existent knowledge about safe configuration are often the reasons why IPMI interfaces are publicly operated on the Internet. In this talk Werner Fischer will show you can secure your own server’s IPMI configuration and how you can detect suspicious traffic in your networks.”
back to top

 

Verification of RFC 6980 Implementations on varying Operating Systems
Jacky Hammer, ERNW GmbH
Following the research on RFC 6980 implementations published on insinuator.net, I would like to present my findings about targeting FreeBSD and additionally some about the behavior of Linux systems that are still to be done. In this talk, I will do a short introduction on IPv6 Neighbor Discovery and the general problem of rogue router advertisements and then cover the topic of sending those and the existing shortcomings of systems enabling one to successfully inject default routes to clients.
As IPv6 becomes more popular and widespread, attacks become more attractive and come to the center of attention. Focusing on abusing the neighbor discovery protocol and router advertisements, we can see how even the best efforts can barely prevent the injection of harmful information.
back to top

 

Contemporary Linux Networking
Maximilian Wilhelm, University of Paderborn / Freifunk Hochstift / Freifunk Rheinland
This talk will provide a brief overview about some of the latest developments in the Linux networking world: Things like VLAN-aware-bridges, VXLAN, VRF-Lites, as well as MPLS support will be shown with practical examples.

Everyone still using »ifconfig«, »route«, »arp« etc. might want to attend to get an idea how to use the Linux swiss army knife for networkers (»ip«) which already has replaced or will replace all the old tools on current distributions.

For Debian based systems ifupdown2 provides a convenient replacement for the old ifupdown toolchain including configuration for VLAN interfaces and LAGs which previously required auxiliary tools.

At the end you will get a glimpse into building your own SDN with Debian Linux, ifupdown2, Salt Stack and Python.
back to top

 

Vorträge am Tag 2 - 2017-11-24

 

Automation for Network Lab Enviroments
Tobias Heister, Xantaro Deutschland GmbH
We operate a network Test, Verification and PoC Lab in our frankfurt location. Technology from various vendors spanning various OSI Layers (Optical to Application) is placed and run in this Lab. This Talk describes how we tame and managed all of theses devices using open source Tools and Scripting


back to top

 

Automating Juniper Devices with Ansible
Rudolph Bott, sipgate GmbH
We replaced our datacenter network gear and decided to let Ansible do all the dirty configuration work. Since we found that nobody usually talks about these things in public, we decided to change that.
Choosing new network gear is not that easy. We would like to give you some insights how we ended up using Juniper gear, why we chose Ansible over other solutions, what are the benefits we already have and what is there to come. And last but not least some examples to get you started into network automation with Ansible!
back to top

 

Alice-LG Looking glass
Stefan Plug, ECIX
ECIX is proud to introduce to the world her new looking glass: Alice-LG. Check her out in action at lg.ecix.net.

The looking glass has the following features:

Alice-LG was born during RIPE NCC’s RIPE 73 hackathon in Madrid where our developer Matthias Hannig joined forces with INEX’s Barry O’Donovan’s team to build a front-end for Barry’s new BIRD API, Birdseye. We decided to further develop this new looking glass into Alice-LG. A huge thanks to Eileen Gallagher from INEX for coming up with that name.

A pretty sweet feature which Alice-LG throws at us is her REST API, some examples:

Internally we use the REST API for some Slack tools to quickly check up on a peer without having to log into the route servers themselves, but we can totally imagine a peer writing a tool which alerts them whenever Alice-LG sees that their routes are being rejected.

Alice-LG is developed in-house at ECIX, but it is entirely open source and available to all at github.com/ecix/alice-lg.

Development on Alice-LG is ever ongoing. If you find a bug, miss a feature, or miss documentation don’t hesitate to open up an issue on GitHub.
back to top

 

Routing Software vs. Hardware Routers
Oliver Knapp, Nokia
Software routing based on standard x86 server hardware has become a viable alternative to specialized hardware routers in the recent years. In this presentation, some basic concepts and technologies of software-based routing are explained, and a comparison with conventional hardware-based routers is attempted, as well as a look onto where software routers might have some intrinsic limitations.
back to top


Lightning Talks

C-RAN – Far more than 5G…
James Merchant, Huber+Suhner Cube Optics AG



Supporting NOGs in our Region
Mirjam Kühne, RIPE NCC



DDoS in Deutschland
Karsten Desler, Link11



Status Quo IPv6 Sub-assignment Clarification (RIPE address policy proposal 2016-04)
Maximilian Wilhelm, Freifunk Hochstift / Freifunk Rheinland



Avoid blackholing: Selective Next-Hop Resolution
Oliver Herms, EXARING AG



Environmental Monitoring
Wolfgang Tremmel, DE-CIX Academy



Verify it!
André Niemann, becon GmbH



Long Term Storage with Prometheus
Richard Hartmann, SpaceNet GmbH



back to top

Denog 9 Meeting 2017 - Hier Anmelden Mehr erfahren