Tag 1 - 23.11.2017

11:30-13:00Registration & Welcome Lunch
13:00-13:15Eröffnung & BegrüßungDENOG Orga
13:15-13:45Peering DB Update (PDF)Arnold Nipper
13:45-14:15200G over Alien Wavelength (PDF)Moritz Frenzel / Marc Helmus
14:15-14:45Secure your server's IPMI remote management (PDF)Werner Fischer
14:45-15:15IP Quo vadis Prometheus? (PDF)Richard Hartmann
16:00-16:45Lightning Talks (PDFs am Ende der Seite)
16:45-17:00DENOG Vereinsgründung (Ankündigung)DENOG
17:00-17:30Verification of RFC 6980 Implementations on varying Operating Systems (PDF)Jacky Hammer
17:30-18:00Contemporary Linux Networking (PDF)Maximilian Wilhelm
19:00Social Event @ Corroboree, Kasinostr. 4-6 (Fußweg)

Tag 2 - 24.11.2017

09:00-09:30Lightning Talks (PDFs am Ende der Seite)
09:30-10:00Automation for Network Lab Enviroments (PDF)Tobias Heister
10:00-10:30Automating Juniper Devices with Ansible (PDF)Rudolph Bott
10:30-11:00DENOG Vereinsgründung (Gründungsversammlung)DENOG
11:45-12:15Alice-LG Looking glass (PDF)Stefan Plug / Matthias Hanning
12:15-12:45Routing Software vs. Hardware Routers (PDF)Oliver Knapp
12:45-13:00Abschlussdenog e. V.
13:00Farewell Lunch



Vorträge am Tag 1 - 2017-11-23

PeeringDB Update (PDF)
Arnold Nipper, PeeringDB
PeeringDB has been around for 14+ years and has been extremely useful to the peering industry. Since early 2016 PeeringDB is an association with members from all over the world. Board elections have taken place three times already. Quite a few policy documents make PeeringDB a sound organisation having also a sound commercial backing through continous sponsorships from smallest to large companies. The board has delegated the future development and the day-to-day work to two committees, the Product Committee and the Admin Committee. All this work is voluntary work. Since 2016-03-15 PeeringDB 2.0 is live and has been a big success. The Product Committee is constantly gathering input from the community for bug fixes as well as new features. PeeringDB 2.0 also comes with a powerful API which makes it easy to integrate it into any automation.
back to top


200G over Alien Wavelength (PDF)
Moritz Frenzel and Marc Helmus, Globalways AG and Gasline
Alien Wavelengths have been around since ages, and have been specified within ITU-T G.698.2, at least for DWDM applications at 2.5 and 10 Gbit/s with 100 GHz channel frequency spacing as well as applications at 10 Gbit/s with 50 GHz channel frequency spacing. Howsoever it is 2017 and the demand for higher bandwidths is there, therefore we went ahead and performed tests with multiple vendors over a span from Stuttgart to Frankfurt with a 50GHz Alien Wavelength.
back to top


Secure your server’s IPMI remote management (PDF)
Werner Fischer, Thomas-Krenn AG
“Virtually every server has a dedicated remote management chip in the form of an IPMI Baseboard Management Controller (BMC). This controller is independent of the actual server, but has direct access to its hardware for control and monitoring purposes. These features are also quite desirable to manage servers remotely.

Two factors, however, have prompted security experts to devote themselves closer to these management chips:

  1. The firmware of an IPMI BMC is usually an embedded Linux, which must be regularly updated with security updates.
  2. The IPMI specification has some security design weaknesses.

In the previous years, security analyzes published in this context revealed major flaws and the IPMI firmware images did not show a good testimony. For administrators reason enough, not to operate IPMI interfaces publicly on the Internet - so one should actually mean. Network scans carried out on a large scale showed that hundreds of thousands of servers can be accessed publicly via the Internet via IPMI.

The lack of awareness about existing risks and non-existent knowledge about safe configuration are often the reasons why IPMI interfaces are publicly operated on the Internet. In this talk Werner Fischer will show you can secure your own server’s IPMI configuration and how you can detect suspicious traffic in your networks.”
back to top


Verification of RFC 6980 Implementations on varying Operating Systems (<a href”http://dump.hackathon.de/denog9/171123_1700_rfc6980__jacky_hammer.pdf”>PDF</a>)
Jacky Hammer, ERNW GmbH
Following the research on RFC 6980 implementations published on insinuator.net, I would like to present my findings about targeting FreeBSD and additionally some about the behavior of Linux systems that are still to be done. In this talk, I will do a short introduction on IPv6 Neighbor Discovery and the general problem of rogue router advertisements and then cover the topic of sending those and the existing shortcomings of systems enabling one to successfully inject default routes to clients.
As IPv6 becomes more popular and widespread, attacks become more attractive and come to the center of attention. Focusing on abusing the neighbor discovery protocol and router advertisements, we can see how even the best efforts can barely prevent the injection of harmful information.
back to top


Contemporary Linux Networking (PDF)
Maximilian Wilhelm, University of Paderborn / Freifunk Hochstift / Freifunk Rheinland
This talk will provide a brief overview about some of the latest developments in the Linux networking world: Things like VLAN-aware-bridges, VXLAN, VRF-Lites, as well as MPLS support will be shown with practical examples.

Everyone still using »ifconfig«, »route«, »arp« etc. might want to attend to get an idea how to use the Linux swiss army knife for networkers (»ip«) which already has replaced or will replace all the old tools on current distributions.

For Debian based systems ifupdown2 provides a convenient replacement for the old ifupdown toolchain including configuration for VLAN interfaces and LAGs which previously required auxiliary tools.

At the end you will get a glimpse into building your own SDN with Debian Linux, ifupdown2, Salt Stack and Python.
back to top


Vorträge am Tag 2 - 2017-11-24


Automation for Network Lab Enviroments (PDF)
Tobias Heister, Xantaro Deutschland GmbH
We operate a network Test, Verification and PoC Lab in our frankfurt location. Technology from various vendors spanning various OSI Layers (Optical to Application) is placed and run in this Lab. This Talk describes how we tame and managed all of theses devices using open source Tools and Scripting

  • Asset Managemnt with racktables
  • Reservation/scheduling System based on PHP Scheduler
  • lots of scripting glue to tie all of it together to make it easy and convenient to use
  • Power Management via outlet monitoring and powering off of not used and not reserved devices
  • many small bits and pieces like autogenerated aliases for every device to acces it via ssh/serial console power on/off the device
  • Monitoring via Librenms/Grafana

back to top


Automating Juniper Devices with Ansible (PDF)
Rudolph Bott, sipgate GmbH
We replaced our datacenter network gear and decided to let Ansible do all the dirty configuration work. Since we found that nobody usually talks about these things in public, we decided to change that.
Choosing new network gear is not that easy. We would like to give you some insights how we ended up using Juniper gear, why we chose Ansible over other solutions, what are the benefits we already have and what is there to come. And last but not least some examples to get you started into network automation with Ansible!
back to top


Alice-LG Looking glass (PDF)
Stefan Plug, ECIX
ECIX is proud to introduce to the world her new looking glass: Alice-LG. Check her out in action at lg.ecix.net.

The looking glass has the following features:

  • show who is peering with the route servers, and who not
  • show which routes are advertised, and by whom
  • show which routes the route server has rejected, and why
  • show which routes were NOT exported to whom, and why
  • all data you see is also available using the REST API
  • fully open source! Get your own copy at github.com/ecix/alice-lg

Alice-LG was born during RIPE NCC’s RIPE 73 hackathon in Madrid where our developer Matthias Hannig joined forces with INEX’s Barry O’Donovan’s team to build a front-end for Barry’s new BIRD API, Birdseye. We decided to further develop this new looking glass into Alice-LG. A huge thanks to Eileen Gallagher from INEX for coming up with that name.

A pretty sweet feature which Alice-LG throws at us is her REST API, some examples:

  • lg.ecix.net/api/routeservers
  • lg.ecix.net/api/routeservers/0/neighbours

Internally we use the REST API for some Slack tools to quickly check up on a peer without having to log into the route servers themselves, but we can totally imagine a peer writing a tool which alerts them whenever Alice-LG sees that their routes are being rejected.

Alice-LG is developed in-house at ECIX, but it is entirely open source and available to all at github.com/ecix/alice-lg.

Development on Alice-LG is ever ongoing. If you find a bug, miss a feature, or miss documentation don’t hesitate to open up an issue on GitHub.
back to top


Routing Software vs. Hardware Routers (PDF)
Oliver Knapp, Nokia
Software routing based on standard x86 server hardware has become a viable alternative to specialized hardware routers in the recent years. In this presentation, some basic concepts and technologies of software-based routing are explained, and a comparison with conventional hardware-based routers is attempted, as well as a look onto where software routers might have some intrinsic limitations.
back to top

Lightning Talks

C-RAN – Far more than 5G… (PDF)
James Merchant, Huber+Suhner Cube Optics AG

Supporting NOGs in our Region (PDF)
Mirjam Kühne, RIPE NCC

DDoS in Deutschland (PDF)
Karsten Desler, Link11

Status Quo IPv6 Sub-assignment Clarification (RIPE address policy proposal 2016-04) (PDF)
Maximilian Wilhelm, Freifunk Hochstift / Freifunk Rheinland

Avoid blackholing: Selective Next-Hop Resolution (PDF)
Oliver Herms, EXARING AG

Environmental Monitoring (PDF)
Wolfgang Tremmel, DE-CIX Academy

Verify it! (PDF)
André Niemann, becon GmbH

Long Term Storage with Prometheus (PDF)
Richard Hartmann, SpaceNet GmbH

back to top