DENOG15

In this workshop, we'll explore the very basics of IPv6. We'll start with why you should care about IPv6, what excesses people claim to have for not doing IPv6, then move on to the different address types and how to configure them on Linux, and some NOS. We will also IPv6 (network security) and some routing basics.

EPS Global and IP Infusion will explain the benefits of Open Networking by demonstrating a real world application of total network disaggregation. The team will start with an overview of open networking. This will culminate by showing how to deploy advanced technology on IP Infusion's OcNOS to deliver residential broadband services. The presentation will highlight technologies such as segment routing, eVPN, and integration into broadband network gateways (BNGs).

EVPN-MH
ISIS-SR w/TILFA
Simple user-defined TE policy

Want to perform the bgp handshake in real life? We got you covered ... in this workshop for beginners and intermediates we will dive into some network basics of bgp driven networks and also explore route filtering best practices (mainly for the DfZ = default free zone).

After some theory every attendee will receive one network node to configure. The fellow participants will be your peers. You will depend on the peers to reach your goals.

Warning: You will have to socialise with the peers around you!

Agenda:
11:00 - 12:00 = Theory Session
12:00 - 12:30 = Lab Intro
12:30 - 13:25 = Lunch
13:30 - 14:45 = Initial Handshakes and Lab Exercise
14:45 - 15:00 = Quiz

Background:
Last year we talked about the basics of carrier and bgp driven networks in our workshop "Network Architecture In Practice". This year we will cover the basics and especially the filtering again BUT we plan to include a hands-on lab which we couldn't supply last year.

Full abstract:
In network engineering there are a lot of rules and best practices, some written and some not. In this workshop we condense the most important knowledge we have accumulated over many years of running different service provider networks. We'll take a look at fundamental architecture decisions, traffic engineering and routing security for data and control plane.

There will be lots of real world config examples and plenty of time for questions and discussion.
Who is this for?

It is intended for people who (want to) run small to medium sized ISP networks. A basic understanding of routing concepts is going to be helpful. If you've configured a bgp session before, this workshop is for you.

Here all materials can be downloaded:
https://drive.google.com/drive/folders/1Z86vSptg2qgB88m8gq2lobyGWxn0WYpC?usp=sharing

Start monitoring your networking components with Prometheus, Loki and Grafana as monitoring stack.
We‘ll go through the basics of snmp and snmp_exporter, getting metrics into Prometheus, logs into Loki and use Grafana as visualization and analysis tool.

As anyone else who works with network devices, you always stumble over errors during the planning phase which then cause outages during the execution phase.
Most of the time the errors are not syntax related but semantic errors or environmental impacts because of the configuration change.
Containerlab is versatile and can help you to replicate a testing environment for your needs.
It can integrate also with hypervisors if the network vendor only has virtual images of his network OS.

• containerlab
• podman
• git

Please bring with you a VM with Ubuntu 22.04
Laptops with Proxies and no direct internet access will be problematic.
Some guidance about the lab is available here .

Lab information

Is DENOG15 your first DENOG, or do you need a refresher on everything the event and community have to offer? Join us for a newcomer session at DENOG15 and feel free to bring as many questions as you want!

Welcome to Berlin, welcome to DENOG15

Between 2015 and 2021, in Germany, Deutsche Telekom has first enabled Dualstack IPv4 and IPv6 for their mobile subscribers, and then successfully transitioned most of them into an IPv6-only access model.

This talk will highlight the rationale, the planning phase, the different testing stages as well as the implementation and the migration of the customer base.

You will also learn some basics on how IPv6 works in 3GPP mobile networks, and a lot of lessons learnt will be shared.

The 2nd Internet Backbone Study examined various areas and effects of ongoing centralization and consolidation on the Internet infrastructure. It comprises:
* A catalog of wide-ranging Internet disruptions
* Fictitious outage scenarios
* Dependencies on international cable connections
* Developments and changes in the Internet infrastructure
* Social and economic consequences

The market has gathered more than a year’s experience with Private Relay, which Apple introduced with iOS15. We want to shed some light on the traffic profile visible from an access-network perspective.

So far, the market has not seen a major uptake in Apple Relay services, it is still in the permille range of total traffic. However, operators have voiced concerns about how such services, if deployed widespread, could impact the ability to manage capacity, traffic and availability effectively.

The architecture is well documented by Apple and the three CDNs operating egress-proxies, Akamai, Cloudflare and Fastly. But how does the traffic look in real life? Does content localization work as expected? Such questions are yet to be adequately answered.
We used flow-based data from affiliated networks to investigate the parts of the traffic flows which are visible to an access network and applied the documentation of the relay architecture to understand what we see.

What we can clearly see is that traffic behaves less structured compared to a comparable non-relay stream. Also, debugging is extremely challenging, as the Private Relay design is purposely effectively hindering an end-to-end view for any involved party.

Communication networks are vital for society and network availability is therefore crucial. There is a huge potential in using network telemetry data and machine learning algorithms to proactively detect anomalies and remedy network problems before they affect the customers. In practice, however, there are many steps on the way to get there. In this presentation we would like to share the status of an ongoing research collaboration with the purpose of simplifying the operation and increase the availability of fiber access networks.

The research project is part of a CELTIC_NEXT flagship research program (AI-NET) that has the overall target of accelerating the digital transformation in Europe by intelligent network automation.

The project (“Palantir”) consists of two parts:

A field trial in a Swedish municipality network where telemetry data from more than 500 access switches, connecting more than 12000 households, are collected and analyzed for anomalies using machine learning. (The field trial is planned to be expanded to cover 1000 access switches during the project and synthetic errors are planned to be injected to emulate error situations.)

The second part is a demonstrator to be set up at Fraunhoffer HHI in Berlin (starting in October 2023). The demonstrator covers an end to end network and aims to demonstrate all aspects of the research program.

In the presentation we would like to describe our field trial and demonstrator, share our experiences in collecting and analyzing telemetry data in the field and describe our conclusions so far.
We would also like to open up for a discussion with the DENOG15 participants on what real life error situations that causes the most problems in fiber access networks and whether they would be suitable for AI detection (and potentially also for error emulation in our field trial).

Project Palantir is a collaboration between:
• Fraunhofer HHI (German Research Institute): Demonstrator
• Lunet (Swedish operator - open access municipality network): Field trial
• RISE (Independent Swedish research institute): Field trial
• Savantic (Swedish AI specialists): Field trial
• Waystream (FTTX vendor): Field trial and demonstrator

News from IXPs in Germany
As introduced 2021 we collect some parameters from all IXPs, which are active in Germany.
This talk aggregates the Updates for all the IXPs in a common format and will be presented in a neutral way.

This presentation will give an insight why and how NetMeta, an Open-Source network observability toolkit, is build, what its features are and why you should consider using it.

Let's have a look at a new feature on FreeBSD: "pfsync transport over IPv6" and talk briefly about a bugfix on BIRD for IPv4 over IPv6 nexthop routes support.

With the rise and fall of social networks, decentralized networks, and new spin-offs were moved in the focus of the public. One significant benefit of advertising non-commercial social networks is diversity and the ability to self-host. Independence should give federated networks more resiliency against the power of certain actors.

This talk will examine the dispersion of federated instances in the wild. Where are hotspots? What are the networks and ASNs the Fediverse lives in?

With the speed of 400G coherent technology was introduced to pluggable optical transceivers (OIF 400ZR and OpenZR+). This technology is complex and powerful for your network, it even has influence on your network device operating system.
This talk will provide first insight in Nokia's implementation as well as known or potential interoperability issues addressed by the OIForum. If your transport system, router or even switch already provides coherent pluggable transceivers check the available interface parameters. You can send me these CLI outputs / management software screenshots to thomas.weible@flexoptix.net. I will try to include it into the presentation.
And finally new formfactors for 800G and 1,6T will be part of the game as well. Stay tuned....

Internet Governance is a terminology which is often used and referred to, but who are the players? Who is responsible for what and how does this puzzle pieces fit together?
This presentation aims to explains some of this questions.

End of Day 1

As vehicles get more and more connected, their networks grow larger and more complex. This talk gives an introduction to automotive networks. It covers bus systems for automotive use cases and shows different network architectures used in road vehicles.

The BNG Blaster (https://github.com/rtbrick/bngblaster) is an open-source network tester that has evolved significantly since my last presentation at DENOG13 two years ago. Beyond its initial capabilities with various access protocols, it has been enhanced to support all major routing protocols, including BGP, ISIS, OSPF, and LDP.

In this presentation I will delve into the BNG Blaster routing protocol implementation, exploring their functionalities, and potential applications. Moreover, I will provide insights into the versatile usage of the BNG Blaster from different perspectives, including vendors like us here at RtBrick, open-source routing applications, network integrators, and operators.

The BNG Blaster operates under the BSD license as an open-source project sponsored by RtBrick, emphasizing a strong commitment to the community. Contributions from the community and other networking equipment vendors are highly encouraged.

This project has a clear mission: to fortify networks by making essential tools available to all.

Time is a common good, yet hardly any thought is given to its handling or its synchronisation in particular.
Time synchronisation is used in various areas: from own networks to trading transactions in the financial sector. Depending on the type of application, it requires high accuracy.
Today's solutions are mostly based on satellites (e.g. GNSS, GPS) and therefore exposed to various risks, including hacker attacks or technical problems. Synchronisation information can be provided in various ways and different standards though.
New application areas such as 5G and edge cloud evolution are creating additional drivers and requirements for highly accurate time.
Based on the company's history, Deutsche Telekom has its own synchronisation network, which can be operated independently of GNSS systems. We would like to give a brief insight into the history of time synchronisation and its use cases.

Reeling under the blows of the Russian assault on Ukraine and the ever-increasing threats to networks and utilities, the European regulatory regime for critical infrastructures is undergoing profound changes. Both cyber and physical security of essential service providers are covered by the recent EU directives NIS 2 and CER, with several additional initiatives targeting specific areas: DORA (the operational resilience act for the financial sector), the upcoming Cyber Resilience Act for secure hardware and software, the EU certification scheme for cloud services and more. All are either subject to being transposed into national legislation or effective immediately all over the Union – and they hold consequences for all types of industries, telecommunication and digital infrastructure being just the most prominent sector to be held responsible to rules and regulations regarding their perimeter and information security.

Network operators are particularly exposed to the new rulesets – their criticality does not rely solely on their services being considered critical in their own right: they inherit the requirements from their customers when those are within the scope of critical infrastructure regulation. The entire sector of digital infrastructure, plus managed service and security providers, is undergoing the most significant change, with implementing acts to specify technical and methodological requirements from the NIS 2 directive being prepared.

What does all that mean for operators? More money to spend on security, eventually, since the budget increase necessary to fulfil the obligations is estimated at anywhere between 15 and 25 percent compared to before NIS 2 and CER. Technical compliance for network operations not only requires implementing security measures – you need to prove it via audits, certificates, mandatory reporting.

This talk is going to take you on a speed run through the maze of legal and regulatory thickets both in the European Union and especially in Germany. Entertaining as it may seem, there may be dizzying side effects from the drastic changes in both direction and speed. Buckle up, buttercup, it’s a bumpy one.

Are you managing your network infrastructure using NetBox?
Do you need to manually create Letters of Authorization (LOAs)?
Not anymore! You can let Bulk Loagen create them automatically from the data in NetBox.
Bulk Loagen is a small service running alongside NetBox that generated PDFs on-demand with the technical information fetched from NetBox.

An summary of strategies for providing a customer-facing looking glass, highlighting our free software project 'fernglas'.
github.com/wobcom/fernglas

When you want to provide telecommunication services to customers you need to provide a good set of functions/services to them. Most commonly those services are IP-based, I mean of cource IP6-based.
These functions are commonly provided by vendors which are pre-selected by long negotiations.
In these, all requirements are marked as fulfilled at the end.

After signing the contracts, the vendors + internal operations teams onboard those functions onto our platform. And this is what we find.

• Kubernetes?
• cloud-native?
• 12-factors?
• do you have arp?
• redundancy?

This talk focuses on control plane data plane testing aka how long it takes to translate BGP Control Plane events into a new Data plane entry. This is an important metric to look at in the context of your peering edge.

In contrast to the usual dual-stack procedure, IPv6-Mostly can actually save IPv4 addresses. This is achieved by combining a DHCPv4 option (RFC8925) in conjunction with an IPv6 RA extension (RFC8781) and NAT64/DNS64.

I will show how to configure the DHCP server as well as the router and, if necessary, how to configure the clients. We also rolled out IPv6-Mostly in several network segments (wired and wireless) at the end of August and are collecting statistics on client compatibility, which I will also be happy to present.

We are building Das SCHIFF, a Kubernetes Cluster as a Service platform for Deutsche Telekom. Das SCHIFF is used by internal teams to deploy network functions like 5G core and other applications on bare-metal.

Due to the complexity in telecom networks we opted to build a host-centered design with BGP-EVPN to each Kubernetes host.

I would like to share our design, experiences, encountered obstacles, future and present where EVPN to the host has its benefits.

Thank you for joining us for DENOG15, join us for a quick review and some announcements before heading home!