Introduction and Welcome (Main Session)

• Keith Mitchell (UKNOF)

Room: Charter 1, 2 & 3

I have pre-emptively replaced you with a small shell script (Main Session)

• Peter Stevens (Mythic Beasts)

Room: Charter 1, 2 & 3 Mythic Beasts maintains a large number of managed services for a large number of customers with a small team. This talk covers the multiple layers of automation,, we write code to create config that feeds code that automates customer deployments and automates our auditing. This includes automating the auditing of acquisitions and how we (have merged|are merging) them into Mythic, and how to choose when to automate versus when to throw staff time.

Peering Economics 101 (Main Session)

• Susan Forney (Hurricane Electric)

Room: Charter 1, 2 & 3 Peering is fundamental to the Internet, but without planning, it can be expensive and ineffective. This talk looks at the basic economics of peering and explains techniques and strategies for getting the most from your investment.

Control the Kraken - Being a more efficient NOC (Sponsor-led Content)

• Mike Powell (Corero Network Security)

Room: Charter 1, 2 & 3

Ultrafast and 5G update (Main Session)

• Neil McRae (BT)

Room: Charter 1, 2 & 3 Lightning talk on G.FAST and deployment feedback, also update on 5G mmwave trials and how useful this technology might be to connect customers in a fixed wireless access scenario.

Office 365 Deployment - How NOT to do it (Main Session)

• Andrew Ingram (High Tide Group)

Room: Charter 1, 2 & 3 Recently called into a client who where in the process of adopting Office 365 and experiencing large performance issues. It appears no one read the Microsoft networking best practice. Internal politics and old fashioned view on security made the implementation more complex than it needed to be. The presentation covers the key issues and some of the most creative work arounds i have ever had to implement.

PGP Signing Session

• Ondrej Sury (Internet Systems Consortium)

Room: Charter 1, 2 & 3

Potential ISP challenges with DNS over HTTPS (Main Session)

• Andy Fidler (BT)

Room: Charter 1, 2 & 3 The future introduction of DNS over HTTPS (DoH), defined in RFC8484, presents a number of challenges to network operators. BT, Comcast, Deutsche Telecom, OpenXchange and others have prepared an Internet Draft to present at the March IETF in Prague. The objective was to document the problem space and make suggestions that could help inform network operators on how to take account of DoH deployment. The document also identified topics that may require further analysis. This presentation will provide an overview of these challenges, report on the outcome of the IETF meeting and provide an opportunity for the wider UK operator community to engage with the proposal.

How we made DNSSEC Simple(r) (Main Session)

• Brett Carr (Nominet)

Room: Charter 1, 2 & 3 DNSSEC Can be complex to deploy and operate. Nominet changed their DNSSSEC Infrastructure to make it simpler and less stressful. This presentation is about what we did and how we did it.

BIND - making a modern DNS server (Main Session)

• Ondrej Sury (Internet Systems Consortium)

Room: Charter 1, 2 & 3 What we did in the past year and what we are planning to do with BIND this year to make it up-to-par with modern standards and modern Internet

Anycast in the Cloud (Main Session)

• Brett Carr (Nominet)

Room: Charter 1, 2 & 3 Nominet have recently expanded their Auth DNS Infrastructure into the "Cloud" this talk is aimed at talking about how we did that and the challenges we came up against during the project

None of us knew what we were doing, we made it up as we went along - Part 3 (Main Session)

• Paul Thornton (PRT Systems Ltd)

Room: Charter 1, 2 & 3 Dusting off the old hard drives again, and forcing them to give up some more old history. This time with some interesting tales from around the turn of the millennium in the middle of the dot com bubble and beyond.

Journey from Service Provider to Infrastructure Player (Sponsor-led Content)

• Richard Shaw (Zen)

Room: Charter 1, 2 & 3

NAT64Check v.2 tool (Main Session)

• Jan Zorz (Internet Society)

Room: Charter 1, 2 & 3 As many mobile operators were moving to IPv6 only which is incompatible with IPv4 on the wire, it’s necessary to employ transition mechanisms such as 464XLAT or NAT64. When using NAT64 there are many things that need to be checked to ensure they work correctly. NAT64check has therefore been developed to allow websites to be checked for consistency over IPv4, IPv6-only and NAT64, as well to compare responsiveness using the different protocols. This allows network and system administrators to easily identify anything is ‘broken’ and to pinpoint where the problems are occurring, thus allowing any non-IPv6 compatible elements on the website to be fixed. For example, even if a web server is not running IPv6 (why not?), hardcoded IPv4 addresses can cause NAT64 to fail. After quite successful first version of the tool we decided to build version 2, a complete rewrite, built on different, distributed architecture and platform. NAT64Check v.2 tool is published, so we'll discuss mainly new version of the tool. Jan Zorz from ISOC will give an insight and discuss some issues that he found while testing NAT64/DNS64 technology in real life scenarios and use-cases.

Psychology of IPv6 (Main Session)

• Veronika McKillop (UK IPv6 Council)

Room: Charter 1, 2 & 3 Thoughts about the human side of IPv6 deployment which has often an underestimated and unexpected influence on the progress of your IPv6 project. It is a humorous and serious look at what really prevents/makes IPv6 deployments happen based on my experience over the years in various companies and the UK IPv6 Council.

IPv6-only Remote Access VPN - a road less travelled (Lightning Talks)

• Zsolt Horvath (Microsoft)

Room: Charter 1, 2 & 3 You may have heard that the road towards an IPv6 only network is a really bumpy one, probably that is why it is not taken that much. To stay with the analogy, in this presentation I will cover how it felt for Microsoft CCE (formerly known as Microsoft IT) to drive their Next Generation Remote Access VPN service down that route. We haven’t arrived yet, but along the way we have already passed several points of interest that are worth telling about not only to family but also to the friends from the industry.

Scanning IPv6 Address Space… and the remote vulnerabilities it uncovers (Main Session)

• Marek Isalski (Faelix Limited)

Room: Charter 1, 2 & 3 During some research which found CVE-2018-19298 (MikroTik IPv6 Neighbor Discovery Protocol exhaustion), I uncovered a larger problem with MikroTik RouterOS’s handling of IPv6 packets. This led to CVE-2018-19299, an unpublished and as yet unfixed (despite almost one year elapsing since vendor acknowledgement) vulnerability in RouterOS which allows for remote, unauthenticated denial of service. Unpublished… until UKNOF 43!

Wrap-up, UKNOF44 (Main Session)

• Keith Mitchell (UKNOF)

Room: Charter 1, 2 & 3