Dear SwiNOGers,
I’m happy to present the final agenda of SwiNOG#35
If you have not registered yet, please do it now and let your friends and
colleagues know ;-)
08:15 | Registration, Coffee & Gipfeli
09:15 | Welcome, Agenda | Simon Ryf (SwiNOG)
09:20 | How to grow IPv6 only services | Nico Schottelius (ungleich glarus ag)
As an IPv6 first Data Center, we are looking at IPv6 from a technological and
marketing perspective. In this talk I will show our findings in how users
reacted towards IPv6 (only) offers, which challenges we encountered on this
path and which strategies aid in building and selling IPv6 only services. IPv6
adoption is often compared to the chicken or the egg problem. At the end of the
talk I will present you with 2 (strongly biased) solutions to it.
09:45 | Network Telemetry and Big Data - Part 1 | Thomas Graf, Paolo Lucente &
Zongren Liu (Swisscom)
This presentation with demo shows the collaboration with Swisscom to advance
Network Telemetry and Big Data technologies in two parts.
Swisscom explains, from a Service Provider viewpoint, the challenges in
virtualization and why Swisscom believes this is a key topic to gain visibility
in their networks and improve quality. This includes flow aggregation, BMP and
Streaming Telemetry for forwarding-plane, control-plane and topology/device
metrics. We will underline the importance of schema conversion and registration
and the current challenges to align Big Data (data processing, storage and
analytics) and Network Telemetry (data collection). We are going to demo flow
aggregation and streaming telemetry.
Paolo Lucente is going to present the open source project pmacct. Its
versatility to cover flow technologies such as IPFIX, BMP and last but not
least streaming telemetry metrics where Paolo and Swissscom co-developing.
10:30 | Coffee Break
11:00 | Network Telemetry and Big Data - Part 2 | Christian Kuster (Huawei)
Huawei is going to present the new Swisscom Broadband network Sultan, what part
Network Telemetry and Big Data plays there and how Huawei supports Swisscom
with their innovations and close collaboration.
11:45 | RIPE RPKI | Massimiliano Stucchi (RIPE)
tbd
12:05 | SwissIX Update | Manuel Schweizer (SwissIX)
Traditional SwissIX update
12:15 | Lunch
13:45 | The State of Internet Security: 2019 | Rayhaan Jaufeerally
There are a wide range of technologies that have been developed to secure core
Internet infrastructure, however not all of them have yet been widely deployed
to reap their benefits. In this presentation we present a selection of these
technologies, investigate what security properties they will provide given
sufficient adoption, and look at the current deployment status. Specifically we
focus on three core areas: interdomain routing, Public Key Infrastructure, and
the Domain Name System. In interdomain routing we look at mechanisms to
validate routing control protocol messages (Resource Public Key Infrastructure,
and Border Gateway Protocol Security), in PKI we focus on the Certificate
Authority ecosystem and Certificate Transparency, and for DNS security we look
at DNSSEC, and DNS over HTTPS.
14:15 | machine Learning in action - L7 Behavioral Analysis for DDoS detection
| Carine Polaillon (F5)
tbd
14:40 | The State of DNSSEC Implementation in Switzerland | Michael Hausding
(SWITCH)
DNSSEC, the DNS Security Extensions was introduced more than 10 years ago. The
adoption of DNSSEC in Switzerland was slow for the last 10 years, but gained
some momentum in the last 24 months. What is the reason behind a growing number
of DNSSEC signed domain names and more ASNs having validating resolvers in
Switzerland? Will the recommendation of ICANN for DNSSEC after the recent
attacks help with the implementation of DNSSEC in Switzerland? What can hosters
and ISPs do to secure the basic DNS infrastructure in Switzerland.
15:05 | Everything is a Freaking DNS problem - dnsdist to the rescue | Dominic
Lüchinger (cyon GmbH)
DNS plays a crucial part in any network infrastructure. dnsdist, a DoS- and
abuse-aware loadbalancer, can help you mitigate the risk of a downtime that
occur during maintenance work, attacks and configuration errors. We share our
experience putting dnsdist in front of our nameservers and resolvers. With the
help of the many built-in stats, we were able to improve the performance even
further.
15:35 | Coffee Break
16:05 | Managing sleep with a resilient DNS infrastructure | Jeroen Massar
(Quickline AG)
The talk will discuss deploying both an Authoritive and Recursive DNS
infrastructure that is resilient against outages of network (DoS,
misconfiguration), datacenter and people with the ultimate goal of very rarely
having ops folks awake during the night. We'll discuss the combination of
various open source projects in combination with the techniques that achieve
this goal and how we have deployed the