Introduction and Welcome

• Keith Mitchell (UKNOF)

Room: Broadgate 1 & 2

Building a Greenfield Fixed-line ISP in 2019 (Main Session)

• Richard Patterson (Sky)

Room: Broadgate 1 & 2 An architectural overview of how Sky Italia's broadband network was built, the technologies used, and the decisions made based on previous learnings.

Improving Network Security and agility using 100Gbps SmartNICs (Main Session)

• Ahmad Atamlh (Mellanox)

Room: Broadgate 1 & 2 Mellanox have enhanced their popular ConnectX-5 and Connect-6 High Performance NICs by adding multiple on-board ARM processors and an Open V-Switch to create a hybrid NIC/System on a chip. The ARM cores on these devices can support various Linux distributions allowing some unique use-cases for improving network agility on bare metal servers and adding enhanced security and state-awareness to customer traffic loads. We will cover some examples where this new programmable technology can offer some interesting enhancements to traditional server/network architectures.

RIPE NCC Training and E-Learning (Main Session)

• Sandra Bras

Room: Broadgate 1 & 2 Given the most recent changes and new added services to our Training and E-Learning offer, we would like to update the UKNOF community on what and how they can collaborate with us in 2020.We will cover the plans for Training and E-Learning, introduce the community to the new RIPE NCC Certified Professionals Programme and ask for volunteers to take part in exam questions writing. We will end the talk with a Kahoot quiz about RIPE Database and IPv6.

Trends in Open Optical Networks and the evolution of Embedded Optics (Sponsor-led Content)

• Kent Lidström (Smartoptics)

Room: Broadgate 1 & 2 Presentation about the trends in open optical networks with focus on disaggregation and the open initiatives. Challenges and possibility's to use new highspeed DWDM formats embedded in the host equipment.

Using closed-loop automation based on open-source tools to ease operations tasks (Main Session)

• Karneliuk Anton

Room: Broadgate 1 & 2 One of the most time-consuming tasks in the daily operational job is a standard network rollout or a troubleshooting. Both of these tasks, in a vast majority, is highly standardised in sense of the operations to be performed. Converting this tasks into the code (scripts, programme, *-books) and coupling then with event-driven execution creates the foundation of the closed-loop automation.

What Does A Good Design Look Like? (Main Session)

• James Bensley

Room: Broadgate 1 & 2 Knowing what a "good" design looks like requires more than just raw technical knowledge. This is a talk about how to create designs that successfully implement a technical solution, with years of stressful anecdotes thrown in. Talk length is circa 30 minutes.

A word from the PC - Funding Update, Patronage & Sponsorship

• Fearghas McKay (Flexoptix // UKNOF)
• Chris Russell (UKNOF)

Room: Broadgate 1 & 2

PGP Signing Session

• Duncan Lockwood

Room: Broadgate 1 & 2

OAuth with PeeringDB for Network Operators (Main Session)

• O'Donovan Barry (INEX)

Room: Broadgate 1 & 2 Logging into websites using our Google / Twitter / Facebook / GitHub accounts is a web browsing paradigm most of us are very used to nowadays. The technology underlining the ability to register or login to one site using your account details from another site is OAuth (Open Authorization) - an open standard for token-based authentication and authorization on the internet. PeeringDB has recently completed the development of their own OAuth service. This new feature opens a number of interesting possibilities for network to network ISPs and IXPs to provide their customers with registration-free access to portals and other online services. This reduces the administrative burden on providers and delivers a better user experience for customers. This presentation will discuss OAuth: how it works, is it secure and can it be trusted. We will then review PeeringDB's implementation and how INEX now uses PeeringDB's OAuth service to allow our members access our IXP Manager portal.

Processing BGP updates with RabbitMQ (Main Session)

• Pim van Stam (NBIP-NaWas)

Room: Broadgate 1 & 2 Apart from routing decisions, BGP updates can be used for many purposes like alerting on hijack attemps and for scientific research. At the NaWas we use BGP updates from our customers for purposes like: * alerting our NOC team * add customer based profiles in our devices, based on the customers AS number * dynamically add ACL's in our system for traffic monitoring * update split sflow application, based on destination AS number For our purposes we developed an message queueing infrastructure where BGP updates are transmitted as messages. All kind of tools can use these message to take all kind of actions. The basic infrastructure uses ExaBGP and RabbitMQ. Python is used for building the action tools. The beauty of this solutions is the use of standard open source tools and the seperation of the updates and actions. With this setup any programming language can be used to write your own actions. In the presentation the infrastructure and tools are presented. The set up is open source and is available on github. In a live demo the use of this infrastructure on the full table BGP updates is demonstrated. As examples a full tables as a whole is processed in 2 a 3 minutes and the realtime updates will be shown.

ARTEMIS: an Open-source Tool for Detecting BGP Prefix Hijacking in Real Time (Main Session)

• Petros Gigis (UCL)

Room: Broadgate 1 & 2 ARTEMIS is a defense approach against BGP prefix hijacking attacks. It is (a) based on accurate and fast detection operated by the AS itself, by leveraging the pervasiveness of publicly available BGP monitoring services (such as RIPE RIS and RouteViews), and it (b) enables flexible and fast mitigation of hijacking events. The open-source tool provides the following services to an operational network that deploys it: 1. Real-time monitoring of BGP updates, using BGP streaming services from the RIPE NCC's Routing Information System (RIS) (RIS live), RouteViews and CAIDA BMP feeds, as well as monitors that are deployed locally in the network that ARTEMIS protects (e.g., using exaBGP interfaces to the network's BGP border routers). 2. Accurate and comprehensive detection of BGP prefix hijacking attacks, within seconds from their initiation. 3. Flexible and automated mitigation of BGP prefix hijacking attacks, using practical mechanisms (such as prefix de-aggregation), within seconds to minutes from the initiation of the attacks. Users can choose to enable only some of these services (each requiring the previous one to be enabled). ARTEMIS contributes to a more secure Internet, since: 1. It offers a network operator an easy-to-use open-source tool to detect and counter, in real-time, BGP hijacking attacks (e.g., sub-prefix, fake origin) against its own prefixes. 2. It is complementary to RPKI. By working in concert, the two approaches can offer more complete proactive (RPKI) and reactive (ARTEMIS) protection against BGP prefix hijacking attacks. 3. It surpasses the state of the art (i.e., third party detection services) in terms of detection speed, comprehensiveness, and accuracy, by leveraging both global (BGP monitors) and local (network operator contextual knowledge) information and scalable architectures for collecting and analysing incoming BGP feeds. In this talk, we provide a presentation of ARTEMIS tool and a demo (slides/video) on the practical operation of ARTEMIS. ARTEMIS website: https://www.inspire.edu.gr/artemis ARTEMIS GitHub repository: https://github.com/FORTH-ICS-INSPIRE/artemis

Fantastic People and Where to Find them (Main Session)

• Julia Freeman

Room: Broadgate 1 & 2 Making layers 8 and 9 work for you.

Observations from BT & DT Encrypted DNS experiments (Main Session)

• Andy Fidler (BT Plc)

Room: Broadgate 1 & 2 This presentation will provide an overview of early observations from BT and DT Encrypted DNS experiments and trials. Key insights to aid standards and industry alliance discussions will also be highlighted.

DoH in Chrome

• Kenji Baheux (Google)

Room: Broadgate 1 & 2

Mystique: A Fine-grained and Transparent Congestion Control Enforcement Scheme (Main Session)

• Posco Tso (Loughborough University)

Room: Broadgate 1 & 2 TCP congestion control is a vital component for the latency of Web services. In practice, a single congestion control mechanism is often used to handle all TCP connections on a Web server, e.g., Cubic for Linux by default. Considering complex and ever-changing networking environment, the default congestion control may not always be the most suitable one. Adjusting congestion control to meet different networking scenarios usually requires modification of TCP stacks on a server. This is difficult, if not impossible, due to various operating system and application configurations on production servers. In this talk, I will introduce Mystique, a light-weight, flexible, and dynamic congestion control switching scheme that allows network or server administrators to deploy any congestion control schemes transparently without modifying existing TCP stacks on servers. We have implemented Mystique in Open vSwitch (OVS) and conducted extensive test-bed experiments in both public and private cloud environments. Experiment results have demonstrated that Mystique is able to effectively adapt to varying network conditions, and can always employ the most suitable congestion control for each TCP connection. More specifically, Mystique can significantly reduce latency by 18.13% on average when compared with individual congestion controls.

Wrap-up, UKNOF46

• Keith Mitchell (UKNOF)

Room: Broadgate 1 & 2