Yesterday I got to attend the yearly NLNOG Day for the second time. NLNOG is a Dutch group of network operators that organizes this conference, among other things. The day consists of a proper lunch, a good dinner, beer, socializing and also talks about networking. Read on for my summary of this day and what I got out of it.
Jurrian runs hosting instances and monitors the abuse on them (think things like improper DNS queries, port scans and failed SSH logins). He has a project where he tries to automate reporting the abuse to the appropriate “authorities”, mostly the ISP’s providing the access for the concerning IP’s. A couple of things he ran into are invalid abuse e-mail addresses and different formats in which the addresses are provided.
Like last year, Rejo (who works for the Dutch digital rights organization Bits of Freedom) was here to provide us with an update regarding the current status of some European and Dutch privacy and data law regulations. This particular talk was mostly about new regulations making internet companies responsible for content that users upload. The Bits of Freedom people are very passionate about these kind of topics and we should be thankful for the work that they do. Last year Rejo also made the great point that in order to push back a bit against the government interests in driving legislation way too far, people like us who actually work with and understand the technologies should participate in conversation with those around us. I have to admit I am a bit negative regarding the future on this subject and also regarding my own influence which is why it’s very good that organizations like Bits of Freedom keep battling for the interests of citizens and keep raising the awareness on the subject.
Job (one of the organizers of the NLNOG Day) told us about BGP Graceful Shutdown which is a feature that he’s trying to promote. The feature boils down to being able to notify your BGP peers that a link will go down for maintenance. This is about a scheduled maintenance situation so it’s not relevant for when stuff suddenly breaks down. The graceful shutdown feature is a BGP community that gives your peers the opportunity to route traffic over different paths to minimize the chance of blackholing traffic for a short while when a device goes down for maintenance.
Stefan Plug from ECIX told us all about his BGP looking glass tool called Alice. I am not in a situation where such a looking glass is relevant for me, so this was one of the harder talks for me to interpret correctly. I did like the fact that the tool has a modular setup allowing it to pull information from different software like BIRD and GoBGP via watcher services. The watcher service for BIRD is logically called BIRDwatcher.
Arien had a presentation about some basic optical networking stuff. I thought the presentation was very spot on; exactly the right kind of information for a general network engineering audience in exactly the right amount. The slides are definitely worth looking through to get an idea of the content of this talk although they are a bit shallow compared to the verbal content. I would love it if he wrote an article with exactly the information from his presentation as a reference.
Nick Hilliard from INEX had a very good presentation about his experience in automating the configuration of networking equiment. The cool thing for me was that he cited a lot of the lessons that we also learned at our company, things like describing the required state for your devices as generic as possible (using YAML for example). There was a lot of familiar territory in his talk including using Jinja2 templating. I liked how he used SaltStack to stitch it all together as the name has been coming up more often as an alternative to Ansible which is very popular for this use case.
Neil Lathwood is a contributor to the LibreNMS open source monitoring distribution (which some folks might now as a fork of Observium). Neils’ talk was pretty broad including all the capabilities of LibreNMS and some information about how it scales and its internals. I do know Observium but haven’t had a chance to look at LibreNMS yet. On a side note: this was the first public speaking Neil has done and in that light he’s done a remarkable job. If he didn’t tell us before the talk I would never have guessed. Neil is very passionate about the LibreNMS project and it shows. He is a friendly guy and happily answered all our questions about LibreNMS over a beer after the days program was through.
A couple of weeks ago there was a Dutch hacking and computing event called SHA2017. Some co-workers also attended this event. Arjan Koopen was at the NLNOG Day to tell us all about how the network was set up for this event. The events’ terrain is rented from a local scouting that has some fiber cabling already present for some reason. They also had access to an uplink from a local ISP present at the edge of the terrain and were able to hookup a 100 gigabit connection, beefy! Juniper sponsored a pair of MX240’s to make all of this possible. The access network was divided over different POP’s connected via 10 gig links and the entire topology was routed in each POP except for the wireless network. All in all I was very impressed with how this network was built.
Hans Maes has built an IPv6 enabled Christmas Tree. The whole idea is that you ping an address from his globally unique prefix where the last six hex characters represent and RGB color code, and doing this will make one of the RGB LED’s on the christmas tree light up briefly. The electronic part of his project used an Arduino board with an ethernet shield. Because the ethernet shield is only IPv4 enabled, he hooked that up to a Mikrotik board to make it accessible via IPv6. When the project went online he also set up a live stream on Youtube. His wife put the project on Twitter which resulted in his internet connection being pounded with 300 mbit ICMPv6 traffic, hogging the entire line.
Bert Hubert, famous as the original PowerDNS author, showed us a proof of concept called Kolmo. His gripe is that even with automation efforts he’s still missing something. His main point was that even if you automate the configuration of a server there are almost always going to be manual changes to get the behaviour of the server to suit your needs or just to keep the server running. What he would like is something that keeps track of these manual changes and pushes them back to the repository on which the automatic configuration is based. Because of this, Bert built a proof of concept (to be found here on his Github page). He showed the workings of his POC and I have to say it looked very good and practical. The next step is making something like this more adult and of course it has to be picked up by and integrated info software packages that you want to use it with. I hope I will see more of this idea in the future.
Daan Keuper works for Computest where he investigates the security of lots of different products and technologies. A recent project was hacking cars. He presented us with some basic information of how a modern car uses information technology and where the weak spots are. Car security is something I’ve kept an eye on in the media for the last couple of years so I wasn’t surprised by the content of his talk, but he did a good job to lay out all the basics for the audience. The topic is a bit frightening, especially since it’s apparently really hard to keep cars secure and the problem is likely to get worse.
After the talks there was the merciless NLNOG quiz that doesn’t improve ones mood. One lucky bastard got to walk away with a /24 of IPv4 PI space and there were some other cool prices including some LEGO and a Nintendo Switch. All in all I really enjoyed the NLNOG Day again and I’m already counting down the days until the next one.