Introduction and Welcome (Main Session)

• Keith Mitchell (UKNOF)

Room: Assembly Hall

A Dragon Has Destroyed the Datacentre (Main Session)

• Brian Nisbet (HEAnet)

Room: Assembly Hall Humans do two things very well; we play games and we tell stories. Indeed, DR/BCP exercises combine both as we roleplay our way through a scenario. Similarly, tabletop Roleplaying games (RPGs). such as Dungeons & Dragons, are all about presenting a scenario to a group of players and seeing how they react. Millions of people play these games every year and this has produced extensive critical analysis and large amounts of material on how to keep players engaged. There are many useful tips and tricks from these games that can be applied to DR/BCP tests, albeit they tend to have fewer dragons and to involve more conventional monsters like power loss, DDoS or floods. Hopefully some of these will not only keep those involved more interested, but can also highlight and exploit some more novel ways of reacting to events.

From Plan A to Plan B - making IPv6 real (Main Session)

• Sam Defriez

Room: Assembly Hall Community Fibre are a growing FTTH provider in London. We have 150kms of fibre in the ground chiefly via PIA, we have passed over 75,000 homes and plan to pass 500,000 homes by the end of 2021. Provisioning of IPv4 public addresses was not scaling well as the network grew and additionally our original distributed DHCP deployment didn't support IPv6 prefix delegation, preventing us from introducing IPv6 to our customers the way we wanted to. We revisited our design and decided to update to a more centralized model, selecting ISC's Kea DHCP from a number of other vendor servers for a rollout of IPv6 to existing clients. This talk is about the transition from where we were to where we are now - having introduced IPv6 to our customer base and now seeing 25% of our total customer traffic running over IPv6. There were some hiccups along the way, so we're going to run through the details of those teething problems, how they were overcome and what we learned from them and then end with our future plans which include migration of IPv4 to join IPv6 on the new Kea servers and improvements to the management, reporting and resilience of our redesigned solution.

Corero Sponsor-led Content - NOC Consideration: Dance of Multi-Vector DDoS Attack (Sponsor-led Content)

• Aseem Sharma (Corero)

Room: Assembly Hall This presentation will provide an insight into the challenges and considerations of ever growing DDoS threat landscape. With the help of data points from a recent DDoS incident, I will do a deep-dive analysis into the attack techniques and discuss mitigations strategies, which organisations can leverage against these attacks.

The complexity of hyper speed transceivers - lets make it! (Main Session)

• Thomas Weible (flexOptix GmbH)

Room: Assembly Hall Thomas will describe in detail the structures inside optical transceivers. A Transmitter / Receiver Optical Sub Assembly (TOSA / ROSA) is no longer just a diode in a housing handling the light path to and fro to the fiber. The performance increases from 10G to 100G onwards to 400G - are not only giant steps in bandwidth they are matching leaps in manufacturing. How did the optical industry players around the globe make it possible to squeeze everything into the tiny form factors we see today? It is about all precision - a microscope with a calm and competent hand is no longer sufficient, now it is about; nano tolerances, testing, complex transceiver firmware and a shed load of money. This is the high precision optical mechanical engineering revolution which fuels the hyper growth of data centers and optical networking worldwide… As a small „one more thing" Thomas will dive into the basics of how FEC compensates for errors caused by PAM4 modulation. presenter: Thomas Weible - Co-Founder and CTO of Flexoptix GmbH. He formerly lead the groundbreaking software development within the company. Thomas has moved more and more towards the field of transceiver technology and his so called „support with no levels and no bullshit“. Enthusiastic in everything he does, he gives realistic and practical answers to get transceivers working and operational. As speaker at several conferences around the globe he is able to target the needs of network engineers.

Deploying 400G single-carrier wavelengths on Janet (Main Session)

• Rob Evans (Jisc)

Room: Assembly Hall This presentation will cover some of the work that we did on the Janet network to deploy single-carrier 400G wavelengths, and why we did it. I'll start off with a very brief description of Janet, explain why we wanted to deploy 400G transmission, then describe where we've deployed it (and why we deployed it there first), talk about the challenges of deploying it, and where we're looking to go next. This will be a modified version of a talk I gave at TNC this year,

PGP Signing Session

• Duncan Lockwood

Room: Ground Floor Exhibition Area Please submit public keys in advance to <pgpsign@uknof.org.uk>

The latest news in the DNS resolution (Main Session)

• Petr Soukenik (Whalebone)
• Robert Šefr (Whalebone)

Room: Assembly Hall DNS resolution is far from being resolved. The latest developments in standards bring not only significant security improvements but also additional configuration and management requirements. This presentation will sum up the latest related challenges and introduce benefits that all network operators can get out of it. - **DNSSEC - challenges and benefits**: - Examples of incidents during DNSSEC introduction and the case study of country-wide DNSSEC introduction from .sk TLD. - DNSSEC as a benefit for the network-manager - DNSSEC can be beneficial not only for the user. It can be a great benefit for the internet provider or network-manager due to the **NSEC3 negative caching**. - **DoH and DoT demystified**. Shall you support DNS over HTTPS and DNS over TLS? A brief but comprehensive excursion to the large topic. - **Advance caching features** for improving service to users. How to reduce the impact or even solve 3rd party authoritative servers' outages: serve stale and prefetching.

Update on DoH and emerging IETF / IRTF standards (Main Session)

• Andy Fidler (BT Plc)

Room: Assembly Hall A UK ISP perspective on the current status of DNS over HTTPS across the end to end ecosystem, covering an overview of IETF discussions, browsers, mobile applications, customer premise equipment, operator core networks, customer experience and regulatory aspects. Combined with a beyond DoH view on wider IETF and IRTF activities that may be of interest to ISPs/network operators, such as the evolution of DoH to mobile applications and IoT and the opportunities and risks created by ESNI, TLS1.3 and QUIC.

Panel: Operational Considerations of DoH Deployment (Panel)

• Keith Mitchell (DNS-OARC - Moderator)
• Andy Fidler (BT Plc)
• Roy Arends (ICANN)
• bert hubert (PowerDNS)
• Robert Sefr

Room: Assembly Hall This panel will focus on the operational and UK-specific aspects of DoH, including: - what will DoH deployment break ? - is centralisation of DNS services good engineering practice ? - what happens if ISPs try to work around/block this ? - GDPR considerations - UK-specific content filtering considerations - what features would ISPs like to see from browser/cloud DoH vendors to ensure the best user experience ? - performance considerations - impact on enterprise networks

Time Management for Technical People (Lightning Talks)

• Donal Cunningham (HEAnet)

Room: Assembly Hall This is a 10-minute talk on time management for technical people. Slides based, but with very few bullet points - see attached. Covers using tech tools to manage your time as well as paper-based ones. Warning: contains at least one cute cat picture. Talk was presented in its first form at iNOG in Dublin; Brian Nisbet can confirm same and whether talk would be of interest to UKNOF members.

IXP Route Servers with RPKI (Main Session)

• Barry O'Donovan (INEX)

Room: Assembly Hall Most route server instances at internet exchanges (IXPs) perform prefix filtering based on route/route6 objects published by internet routing registries. The data quality of these IRRDB objects is often poor, with problems relating to missing, stale and incorrectly duplicated information. Resource holders often have difficulty correcting this information due to the object sets being decoupled from the RIR resource assignments. RPKI is a public key infrastructure framework designed to secure the internet's routing infrastructure in a way that replaces IRRs with a database where trust is assigned by the resource holder. There are still issues: the database has only a fraction of the prefix coverage as IRR databases do and there is no implemented support for features such as AS-SETs. We are now in a multi-year transition from IRR to RPKI while these issues are solved. In the presentation, we propose a best-practice integration of RPKI into the current IX route server context which still includes IRR support. We will present the development work we have completed with IXP Manager to support RPKI and discuss our experiences at putting this live at INEX.

The 5 Ws of Network Monitoring for SDN-based IDPS (Main Session)

• Sandra Scott-Hayward (Queen's University Belfast)

Room: Assembly Hall With the introduction of software-defined networks (SDNs) and network function virtualization (NFV) come opportunities for efficient network threat detection and protection. SDN’s global view and NFV service distribution provide a means of monitoring and defence across the entire network. However, with distributed attacks involving high traffic volumes, network monitoring is a challenging task. In this talk, we will discuss our lessons learned and recommendations for efficient and proportionate network monitoring; the Who, What, When, Where, and Why (5 Ws) of network monitoring for SDN-based intrusion detection and prevention systems.

NetNI - A group for networkers in Northern Ireland (and beyond) (Lightning Talks)

• David Farrell (NetNI)
• Ray Belshaw (NetNI)

Room: Assembly Hall Quick overview of the group, the reasoning behind it, the first meeting the progress and challenges so far. Shouldn't take more than 5 minutes, lightning talk style. I expect we'll reuse some of the content from the meeting Denesh made it to in Belfast. We've had challenges building momentum so we hope to use this as an opportunity to reboot NetNI and start the community growing again, raising awareness through the lightning talk.

Wrap-up, Annual Meeting, UKNOF45 (Main Session) Room: Assembly Hall The UKNOF Annual Meeting is open to all interested parties and will take place in the UKNOF44 venue at 10am on Wed 11th Sep. UKNOF45 will take place in London on 15th January.

UKNOF Annual Meeting 2019

• Keith Mitchell (UKNOF)
• Denesh Bhabuta (UKNOF)

Room: Boardroom An update from the UKIF Board and UKNOF Crew of the current state of running UKNOF, including Financial reports, Governance status, Strategy, and future plans. Members of UKNOF's Committees are specifically invited, and the meeting is open to all interested UKNOF Participants. Remote participation will be available via Zoom.