Deploy360 1 July 2016

SINOG 3.0 in Ljubljana

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

The 3rd meeting of the Slovenian Network Operators’ Group organised by Go6ARNES and LTFE was held on 22 June 2016 at the Brdo Technology Park in Ljubljana. This was held the day after the Slovenian IPv6 Summit and was co-sponsored by the Internet Society; attracting another good audience of around 110 participants.

The keynote was provided by Ivan Pepelnjak (ipSpace) who continued the theme of network automation whereby any well-defined repeatable task can be automated. This is commonly applied to device and service provisioning, as well as VLANs, ACLs and firewall rules, but it can also be used for troubleshooting, consistency checks, routing and failure remediation.

Ivan PepanjakIvan went onto discuss the tools for automated network and service provisioning such as Chef and Puppet, along with automation frameworks such as Ansible, and workflow tools such as Gerrit and Jenkins. Network remediation though, was the holy grail of automation whereby networks could identify faults or degraded performance and have the ability to fix themselves. Nevertheless, development scenarios need to be avoided whereby effort is expended to improve automation, but instead additional time is spent on debugging, rethinking and improving the code to the detriment of the original labour saving reason for doing it.

Anand Buddhev (RIPE NCC) continued the automation theme with his overview of Ansible. This is a open source software platform written in Python for configuring and managing multiple Linux and Windows computers that combines multi-node software deployment, ad-hoc task execution, and configuration management. It utilises a controlling machine, with nodes being managed over SSH using modules that communicate through a JSON protocol.

Anand BuddhevThe RIPE NCC was using it to automate tasks on 585 hosts using a series of ‘playbooks’ written in YAML that provides data-oriented but human readable scripts defining the necessary tasks. It’s a lightweight yet powerful framework which is well documented on the Ansible website. Following the SINOG meeting, Uroš Bajželj also ran a hands-on workshop for those interested in using Ansible.

Tit Petrič and Marko Ambrož went on to to discuss the Docker software containerisation platform. This essentially allows a piece of software to run in a complete filesystem that contains the necessary code, executables, system tools and system libraries and thereby ensures it will run the same regardless of environment. However, Docker containers differ from virtual machines in that they share the same operating system kernel and resources which allows them to make more efficient use of memory and disk resources. Docker containers are based on open standards, enabling containers to run on all major Linux distributions and Microsoft Windows, whilst isolating applications from each other and the underlying infrastructure and providing an added layer of protection.

SINOG roomThere was an interesting presentation on the security implications of the Internet-of-Things from Milan Gabor (Viris). This focused on the vulnerabilities of devices in industrial control systems, vehicles, unmanned aerial vehicles and retail applications which often involves a multiplicity of hardware architectures, operating systems and protocols in often closed systems. There were already examples of everyday ‘intelligent’ systems being hacked such as electronic door locks, toilets, baby monitors and smart lightbulbs, as well as bigger infrastructure that included nuclear reactors and power grids. This leads to the issue of how to secure things that you can’t update, and the ongoing implications of this.

Also worth checking out was the LTE in Public Safety presentation from Maurizio Moroni (Cisco) who discussed the evolution of incompatible narrowband transmission systems used by different public safety organisations (e.g. police, fire and rescue, medical and security services) towards using common LTE based data services. Whilst this is expected to take a number of years, the LTE can offer better use of existing public infrastructure, improved interoperability and quality of service, as well as the ability to use data communication as well as voice.

SINOG PCFinally, for those interested in network traffic telemetry, Paolo Lucente (pmacct) discussed pmacct. This is open source software that correlates different data sources including BGP, BMP and IGP and builds multiple views of network traffic for analytic, modelling or forensic purposes, and which can sent to message brokers. However, this was somewhat hampered by the availability of data and a lack of standardised mechanisms for collecting and aggregating it. He therefore appealed for network operators to take more of an interest in supporting this initiative as it had great potential for traffic engineering, capacity planning, peering and security.

All the presentations from the meeting can be found on the SINOG website.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...