Daily Meeting Report

Monday, 8 May

Attendees joining RIPE 74 today were welcomed by warm, sunny weather and a beautiful view of the Danube from the meeting venue. Early birds participated in tutorials and an introduction to RIPE and the RIPE NCC in the Newcomers’ Intro.

The meeting officially began after lunch with plenary sessions. There was the usual introductions by RIPE Chair, Hans Petter Holen, the meeting host representative, Janos Zsako from ISKT and BIX, and Benno Overeinder, the RIPE Programme Committee Chair.

Laura Roberts presents ”The Effect of DNS on Tor’s Anonymity”
Edward Lewis from ICANN gave a presentation on what’s going to happen during the DNSSEC KSK Rollover in 2017. It provided a view of the new KSK, tips and tools for obtaining the key electronically and tools and techniques for building trust in the new KSK.

Laura Roberts from Princeton University gave a presentation on ”The Effect of DNS on Tor’s Anonymity”, how users are still subject to interference at exit relays contradictory to belief and the experiments they conducted in relation to that. The question period prompted a rush to the mics and an engaging conversation ensued.

Queue for the microphone during Andrew Alston’s presentation “Anti-Shutdown Policies – The Rationale”
Brian Nisbet from HEAnet talked about how service demands have evolved over time. Today, downtime is less tolerated and can have more of an impact on customers. He outlined some good practices in minimising downtime and dealing responsibly when the inevitable outage occurs.

Luca Marzialetti from Roma 3 University presented his research work on a tool that allows network operators to monitor their BGP routing at a glance. The tool aims to enhance and extend the overall capabilities of BGPlay.

Andrew Alston from Liquid Telecommunication gave a lightning talk on a policy proposal in the AFRINIC region on anti-shutdown policies. It generated an epic line at the microphones with a lot of input from attendees both at the meeting and following remotely.

The day finished with the Best Current Operation Practices Task Force session, a reception with the RIPE NCC Executive Board and the RIPE 74 Welcome Reception.

There were 520 attendees checked in as of 18:00.

 

Tuesday, 9 May

Filiz Yilmaz’s RIPE Accountability Task Force update

And so we come to the end of the second day of RIPE 74. Today’s first plenary session began with an update on the RIPE Accountability Task Force from the Chair herself, Filiz Yilmaz. The update provided an overview of the status and scope of the task force, mapped a list of areas where RIPE are accountable, and looked at steps to be taken in filling gaps in that list. The discussion afterwards served to accentuate the need to determine a clear timeline and fixed end-point for the project.

Elvis Daniel Velea, V4 Escrow, was next to take to the podium with a talk on IPv4 transfers five years after runout. He provided details on transfer statistics over the past five years, gave a summary of lessons learned from the relevant trends, then looked at some recent developments. In discussion, caveats were raised about the transfer market, with Elvis pointing out that most abuse comes from hijackers.

Geoff Huston on the Internet of Stupid Things

Andreas Reuter, Freie Universitat Berlin, was up last with a talk on the adoption of RPKI route validation and filtering, where he looked at various ways of measuring the adoption of RPKI-based filter policies. Questions and comments included a plea for methods to boost confidence in RPKI among operators, and to allay fears regarding the potential for RPKI to break things.

After the coffee break, we moved on to the second plenary session. First up, we learned about how a do-it-yourself ISP started free WiFi services provided to refugees from the ground up, in a talk from Philip Berndroth and Maximilian Wilhelm. Geoff Huston then gave a somewhat pessimistic, yet characteristically entertaining presentation on his concerns about the current bleak situation regarding the so-called Internet of Things. During the discussion, members of the audience offered more hopeful outlooks, though Geoff remained somewhat sceptical.

The session concluded with three lightning talks, which offered a heads up about RFC7999 (BGP community for blackholing), a review of the IANA Numbering Services Reviewing Committee and Community-IX, a Connectivity platform for non-profits.

Illustrations courtesy of @WeddingTrash

The Main Room having filled up again as the attendees returned from lunch, we dived right in to the third plenary session of the day. The first talk came from Yossi Gilad, from the Hebrew University of Jerusalem, who discussed the topic of RPKI deployment and security. The talk raised issues about prefix/subprefix hijacks and how these could be prevented by using RPKI, giving rise to a discussion on whether it is better to use tight or loose Route Origin Authorisations (ROAs) for DDoS mitigators when there is a need to create ROAs.

Constanze Dietrich, Technical University Berlin, looked at security misconfigurations and the operator’s perspective on this matter. The talk raised comments about security misconfigurations and where the risks and responsibilities lie in such instances. Enno Rey, ERNW GmbH, then looked at the complexity of IPv6 protocol and security issues that could arise therefrom. The topic triggered hot discussion among the attendees and different opinions were raised. It was noted that although the design of IPv6 protocol is complicated, IPv4 is no better and it’s a matter of educating the people how to create stable and secure networks. Marco Hogewoning, RIPE NCC, requested that the RIPE community continue this conversation.

The fourth and final plenary session kicked off with brief remarks from the RIPE Programme Committee nominees: Benno Overeinder (NLnet Labs), Seán Stuart (Verisign) and Franziska Lichtblau (Technische Universität Berlin). Resuming talks, Joao Taveira Araujo, from Fastly, told us all about addressing IPv6 from a CDN perspective. Friso Feenstra, of Rabobank, then presented on the why of IPv6 at Rabobank. Handing out mints in a creative bid to keep audience engaged. Stephanie Wehner, from the Delft University of Technology, then gave a fascinating talk on the Quantum Internet.

Security on the Quantum Internet

The day ended with a RIPE Academic Cooperation Initiative (RACI) session in the Main Room and a BoF on security, focusing on the linkage between device and infrastructure. The RACI session included talks from Ahmed AlEroud, from Yarmouk University Jordan, Pawel Foremski, from the Polish Academy of Sciences, Poland, and Wouter de Vries, of the University of Twente.

With the day’s events all wrapped up, it was time for the Tuesday night social event, which took place at the Vigadó Concert Hall, one of the most renowned historical buildings in the city.

 

Wednesday, 10 May

Day three of RIPE 74 kicked off with 607 attendees checked in and a full agenda of working group sessions.

In the Address Policy Working Group (APWG), Gert Doering from SpaceNet AG was reconfirmed for another term as Co-chair. Marco Schmidt, RIPE NCC, gave an update on the RIPE NCC’s examination of obsolete references in RIPE Policy Documents. There were differing views on whether a lightweight approach should be used, or whether this should follow the PDP. The WG agreed to discuss this further on the mailing list.

Robert Kisteleki sharing the latest RIPE Atlas news

After a break, the second APWG session continued the discussion on Elvis Velea’s, V4Escrow, proposal to include legacy resources in the transfer statistics. This was followed by a proposal from Maximilian Wilhelm, Universität Paderborn, to clarify the definition of sub-assignment in the IPv6 PI policies. Finally, in the open discussion period, Randy Bush of the Internet Initiative Japan proposed they think about moving to a smaller allocation size to preserve the RIPE NCC’s remaining IPv4 addresses for new entrants.

Over in the Connect WG, Christian Urricariet, Finisar, gave input into the latest trends in DC Optics and spoke about the shortage of 100G transceivers. Job Snijders, NTT Communications, presented on the need to have a standard format for the communication of BGP shutdown events and Zbynek Pospichal shared a new way of mitigating DDoS attacks in IXPs.

Friso Feenstra Presenting on Rabobank’s IPv6 deployment

After lunch in the IPv6 WG, Enno Rey from ERNW presented on experiments on the IPv6 source address selection mechanism specified in RFC 6724. During the discussion, questions were raised about the mechanism’s performance in dealing with broken paths, multiple source addresses, and instances of inconsistent address selection in relation to rule 5.5 of the RFC 6724. Friso Feenstra, Rabobank, gave a brief presentation on Rabobank’s IPv6 addressing plan for end devices and network infrastructure. A panel discussed IPv6 deployment for enterprises. The panel agreed that most difficulties come from individuals and management structures, but also pointed to complications that arise in dealing with specific applications and specialist software.

The MAT Working Group session included an overview of fast.com, Netflix’s ISP speed index, which provides users with their ISP’s download speed of Netflix’s streaming service. Leslie Daigle, Thinking Cat Enterprises, described her project NOMA, which attempts to measure the user’s experience of the Internet and encourages more network operators to instrument their networks to make these kinds of measurements possible. Robert Kisteleki from the RIPE NCC shared the latest RIPE Atlas news and Massimo Candela, also RIPE NCC, went into more detail about TraceMON, which is RIPE Atlas’s latest tool which is a web application that lets users visualise multi-source traceroutes. Alexander Isavnin wrapped up the session with an overview of three recent Russian hackathons that took place within the past year.

Alexander Isavnin Gives an Overview of Russian Hackathons

The RIPE NCC Services WG was held during the last session of the day. Axel Pawlik, RIPE NCC Managing Director, gave his RIPE NCC Update – there were no big surprises and positive figures were reported. The RIPE NCC’s focus for the coming period is on ensuring the accuracy of the RIPE Registry, accountability, efficiency and engagement with stakeholders. Dmitry Kohmanyuk, Hostmaster Ltd, shared his views on the recent decision to move to one single ENOG meeting each year. Paul Rendek, RIPE NCC’s Director of External Relations, delved into all aspects of RIPE NCC outreach and engagement in the RIPE NCC service region, explaining that the RIPE NCC’s membership is evolving and that a balance in outreach efforts must be found. There was a discussion from attendees on where efforts should be focused, appreciation for the work done so far and pleas from several attendees to focus on diversifying outreach throughout the RIPE NCC service region. Next on the agenda was a technical update from RIPE NCC’s CTO Kaveh Ranjbar and an update from RIPE NCC’s Training Services Manager, Rumy Kanis.

Thursday, 11 May

There were 627 attendees checked in at the end of the day.

In the Cooperation Working Group, Greg Mounier, Europol, spoke of the difficulties law enforcement face when attributing crime online due to the use of CGN. They have lost the ability to trace back an IP address to an individual subscriber, which affects up to 50% of investigations. Alain Durand, ICANN, introduced the Digital Object Architecture (DOA), a distributed name resolution system, which stores and receives data about digital objects and outlined the similarities and differences with DNS. Marco Hogewoning, RIPE NCC, gave an update on the ITU’s Study Group on IoT (SG20) meeting and in specific the IPv6 related work items. He reiterated that IP cannot be used as a permanent identifier. He also spoke of the community concerns about DOA.

In the Routing Working Group, Erik Bais, A2B Internet, recommended that Internet exchanges do filtering based on IRR data. Alexander Azimov, Qrator Labs, asked that Routing WG participants get involved with the IETF to help standardise additional BGP attributes to help prevent route leaks. There was a conversation about MANRS and whether it was stagnating or not.

Image courtesy of @acontios_net
In the Anti-Abuse Working Group, Co-Chair Brian Nisbet stressed that the decision to remove a participant from the mailing list was not censorship but was only with regards to the abusive nature of comments towards other participants. He urged the community to respect each other and behave according to the RIPE Meeting Code of Conduct also on the list. Richard Leaning, RIPE NCC, highlighted the interactions with the law enforcement agencies and stressed that while they may have different operational needs, they are part of the community. Nathalie Falot of the Dutch National Cyber Security Centre (NCSC) gave a very informative presentation on the process to implement the EU network and information systems (NIS) directive in the Dutch national legalisation.

The Database Working Group started with an update from the RIPE NCC on operational ongoings, as well as the usability improvements over the last six months. This was followed by an discussion on how to make sure that the open work items can be resolved. Lastly, Europol presented on data accuracy in the RIPE Database, and the implications it has for their work. This was followed by a lengthy discussion by the working group on the primary purpose of the RIPE Database and how it could help serve the needs of law enforcement.

In the DNS Working Group sessions, Anand Buddhadev, RIPE NCC, introduced zonemaster as the new DNS checker tool for the creation of domain objects. Vespa Manojlovic, RIPE NCC, reported on the success of the recent DNS Measurements Hackathon held in Amsterdam. There was a discussion on the different types of violations in the DNS protocol after the presentation from Ondřej Surý, CZ.NIC. Jerry Lundström, DNS-OARC, and Pieter Lexis, PowerDNS.COM, presented tools to replay DNS traffic for better analysis and a tool for protecting your infrastructure from DDoS attacks, respectively.

In the second IPv6 Working Group session IPv6-WG Jan Zorz, ISOC, and Sander Steffann, SJM Steffann, talked about their tool that tests websites for NAT64 brokenness and asked for volunteers to develop it further. Jan then presented the current version of the BCOP document “IPv6 prefix size for end customers”. They will issue a last call for feedback before this document will becomes a RIPE Document and urged everyone to send comments ASAP. Martin Levy, Cloudflare, presented a plan to remove the feature from all Cloudflare sites to switch off IPv6. This was applauded but some people asked for more data to be collected about why people are trying to switch off IPv6.

Jordi Palet Martinez, Consulintel, talked about “464XLAT Residential Networks”. After the talk it was suggested that more modern research is needed to compare of various transition technologies as most studies are pretty old by now.

The evening’s BoFs included OpenBMP Project Overview led by Randy Bush, IIJ, and a BoF focusing on regional outreach by Alexander Isavnin.

The day’s events finished with a fantastic RIPE 74 Dinner across the Danube at the breathtaking Hungarian National Gallery. RIPE NCC sponsored the dinner in celebration of their 25th anniversary.

Friday, 12 May

The last day of RIPE 74 kicked-off with a presentation from the group that was examining the diversity of RIPE Meetings. There were a range of issues discussed, including ideas such as arranging childcare for meeting attendees or ensuring that a prayer or meditation room was available. These will all be considered further. The group received a lot of positive comments and ideas from community members in the following discussion.

After the break, Christoph Loibl from next layer looked at BGP Flow Specification Interoperability. This was followed by three lightning talks: Filiz Yilmaz from ASO AC Chair/Akamai Technologies gave an update from the ASO AC, Evgeny Uskov from Qrator Labs presented on a new denial of service vulnerability, and Paul Thornton from PRT Systems shared some interesting challenges he had came across in digital archaeology, including mice.

Razvan from the RIPE NCC gave the technical update, explaining the differences in the setup for this meeting including the new WiFi routers that were being used for the first time.

Hans Petter closed the meeting with some final remarks and presented the PC with presents in recognition of their hard work. There was a quick update on the progress of the Internet of Things BoF from earlier in the week that had decided to form into a working group. They had a list of principles that they would use to develop a charter, and would discuss this further with the community. Hans Petter said he would make sure they reserved space on the agenda for the group at RIPE 75, whether it went on to become a working group or not. Hans Petter also spoke about the RIPE community’s values of openness, transparency and inclusiveness. These were tied in with the community’s diversity efforts. He also announced the end of Last Call on the RIPE Accountability Task Force’s draft scope, which was now considered accepted. The group would now move forward on developing a work plan and timeline with feedback from the RIPE community.

Meeting Statistics:

  • 629 attendees checked in
  • 145 first-time attendees
  • Attendees from 60 countries
  • 112 presentations
  • 1,805 ratings for presentations submitted

RIPE Programme Committee Changes

  • Outgoing PC member – Shane Kerr
  • New PC Members – Fanziska Lichtblau and Benno Overeinder (re-elected)

Thanks for making this such a great meeting – see you all at RIPE 75 in Dubai from 22-26 October 2017 (Sunday-Thursday).