Deploy360 19 October 2017

ENOG 14 in Minsk

By Kevin MeynellFormer Senior Manager, Technical and Operational Engagement

The 14th Eurasia Network Operator’s Group (ENOG 14) that was held on 9-10 October 2017 in Minsk, Belarus featured 234 participants from the host country, the Commonwealth of Independent States and Eastern Europe who came together to discuss operational issues and share expertise about evolving the Internet in the region. This was the second event of the year and was supported by the Internet Society, the RIPE NCC and, with participation from our Deploy360 colleague Jan Žorž.

The first morning featured a couple of useful tutorials – one in Russian on DNSSEC operations that was led by Philipp Kulin and Dremuchij Les, and the other on Best Practices in IPv6 BGP led by Nathalie Trenaman and Massimiliano Stucchi (RIPE NCC).

The opening trio of talks focused on network security, starting with a general overview of how to operate a secure network from Ignas Bagdonas (Equinix). Kirill Malevanov (Selectel) then offered up his experiences of IPv4 prefix hijacking whereby network traffic is erroneously routed due to incorrect BGP announcements that are advertised either accidentally or deliberately. Alexander Azimov (Qrator Labs) followed-up with an overview of BGPsec that has recently been published as a RFC standard, and which aims to provide cryptographic verification of route announcements. In fact, we recently covered this in another Deploy360 blog.

The second session had Jan presenting his NAT64/DNS64 experiences, as well as the NAT64check tool developed by the Internet Society, Go6, SJM Steffann and Simply Understand. This allows you to enter the URL of a particular website, and then run tests over IPv4, IPv6 and NAT64 in order to check whether the website is actually reachable in each case, whether identical web pages are returned, and whether all the resources such as images, stylesheets and scripts load correctly.

Christian Teuschel (RIPE NCC) also provided his usual overview of Internet usage in the host country and comparison with neighbouring countries in the region. In particular, the number of Internet users (6.4 million representing 67% of the population), IPv4 depletion, registered IPv6 resources, estimated growth, and network performance in Belarus.

The day was rounded off by an Internet-of-Things BoF (in Russian) and the initiatives that RIPE is taking to address some of the issues around these new developments. Carsten Bormann (Universität Bremen TZI) continued this discussion the following day, expanding on some of these issues, classifying device types and deployment models, and identifying potential weaknesses in the IoT ecosystem.

Martin Levy (CloudFlare) also covered pretty much all the Deploy360 topics for the price of one presentation, providing an update on how CloudFlare is rolling out IPv6, DNSSEC and CA certs. And if SDN is your thing, Anton Makarov ( proffered an update on some lessons learned in the telco transport space.

The fourth plenary session was devoted to Internet blocking and deep packet inspection issues, and the fifth plenary session to peering matters. A lot of content worth taking a look at if any of these things interest you.

Finally, there were a couple of other interesting developments worth mentioning. Firstly, a tool developed by Alexander Azimov (Qrator Labs) to compare reachability and latency across different regions from different ISPs. This aims to offer some qualitative indications for those needing to access or provision cloud services rather than just requiring IP transit.

Secondly, an update from Oleg Muravskiy (RIPE NCC) on the RIPE Routing Information Service. This utilises a global network of BGP collectors that have been collecting and storing BGP updates and routing table dumps for more than 15 years. This can be used by network operators and researchers to find out what is happening and what has happened, with the purposes of gaining a better understanding of the architecture and functioning of the Internet.

All the presentations from the meeting can be found on the ENOG website. The dates and venues for the ENOG meeting have yet to be announced, but will likely be around May 2018.

Following ENOG 14, Jan also presented on DNSSEC/DANE and TLS at the Eastern European DNS Forum that was held on 12-13 October 2017 at the same venue in Minsk. That presentation doesn’t seem to be available online yet, but please see the similar presentation that was given at APRICOT 2017.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...