https://media.ccc.de/c/denog10 This feed contains all events from denog10 as mp4 see video outro Thu, 23 Jan 2025 18:42:23 -0000 https://static.media.ccc.de/media/events/denog/denog10/logo.png https://media.ccc.de/c/denog10 https://media.ccc.de/v/denog10-47-using-streaming-telemetry-with-prometheus I'll show you how to use state of the art network monitoring with Prometheus using https://github.com/exaring/openconfig-streaming-telemetry-exporter I'll show you how to use state of the art network monitoring with Prometheus using https://github.com/exaring/openconfig-streaming-telemetry-exporter about this event: https://cfp.denog.de/denog10/talk/JLKP9F Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-47-eng-Using_Streaming_Telemetry_with_Prometheus_sd.mp4?1542890975 d6500362-96db-5451-a0db-769560a1624b 2018-11-22T00:00:00+01:00 Oliver 'takt' Herms No denog10, 47 I'll show you how to use state of the art network monitoring with Prometheus using https://github.com/exaring/openconfig-streaming-telemetry-exporter I'll show you how to use state of the art network monitoring with Prometheus using https://github.com/exaring/openconfig-streaming-telemetry-exporter about this event: https://cfp.denog.de/denog10/talk/JLKP9F 00:07:24 https://media.ccc.de/v/denog10-34-denog10-closing TBD TBD about this event: https://cfp.denog.de/denog10/talk/UARWZC Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-34-eng-DENOG10_closing_sd.mp4?1542890671 ba985edd-e53b-588b-9364-87a96fed3255 2018-11-22T00:00:00+01:00 Moritz Frenzel No denog10, 34 TBD TBD about this event: https://cfp.denog.de/denog10/talk/UARWZC 00:05:58 https://media.ccc.de/v/denog10-20-die-geschichte-der-rotierenden-prefixe Customers get dynamic prefixes for outgoing connections and a static one for self hosting. This talk is about how it works and what the practical experiences are. The old project[1] is not dead. Let's talk about the new developments. 1 https://lutz.donnerhacke.de/Blog/Datenschutzfreundliches-IPv6-ueber-PPP-mit-der-FritzBox about this event: https://cfp.denog.de/denog10/talk/QBFXQG Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-20-eng-Die_Geschichte_der_rotierenden_Prefixe_sd.mp4?1542889775 f3c974f2-52c2-54e1-a69a-069c4ffec695 2018-11-22T00:00:00+01:00 Lutz Donnerhacke No denog10, 20 Customers get dynamic prefixes for outgoing connections and a static one for self hosting. This talk is about how it works and what the practical experiences are. The old project[1] is not dead. Let's talk about the new developments. 1 https://lutz.donnerhacke.de/Blog/Datenschutzfreundliches-IPv6-ueber-PPP-mit-der-FritzBox about this event: https://cfp.denog.de/denog10/talk/QBFXQG 00:11:45 https://media.ccc.de/v/denog10-27-a-short-update-on-ssh-security Everybody uses it, the most of them love it. But who really understands SSH security measures? Therefore i will revive these. Starting at publickey security to protocol security. Nowadays, there is often a lack of real understanding of protocols and tools. That is just natural due to the complexitiy of modern systems and the huge amount of parts needed to interact. Since SSH is one of the two most common prototols for transport layer security and used for secure remote shell access it is important to understand it security and weaknesses. To improve the situation the talk will show hints where to look at and why. about this event: https://cfp.denog.de/denog10/talk/EYFVZY Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-27-eng-A_short_update_on_SSH_security_sd.mp4?1542889621 6053cc14-64d3-556e-93e0-543a5458cb29 2018-11-22T00:00:00+01:00 André Niemann No denog10, 27 Everybody uses it, the most of them love it. But who really understands SSH security measures? Therefore i will revive these. Starting at publickey security to protocol security. Nowadays, there is often a lack of real understanding of protocols and tools. That is just natural due to the complexitiy of modern systems and the huge amount of parts needed to interact. Since SSH is one of the two most common prototols for transport layer security and used for secure remote shell access it is important to understand it security and weaknesses. To improve the situation the talk will show hints where to look at and why. about this event: https://cfp.denog.de/denog10/talk/EYFVZY 00:13:15 https://media.ccc.de/v/denog10-44-rpki Resource Public Key Infrastructure (RPKI) is a specialised public key infrastructure (PKI) framework designed to secure the Internet's Border Gateway Protocol (BGP) routing infrastructure. In recent months there has been a lot of traction around this technology, with several organisations ranging from small Dutch hosting providers to one of the largest Content Delivery Networks in the world deploying the technology in production. In the wake of this, NLnet Labs is writing a comprehensive open source toolkit for RPKI Resource Public Key Infrastructure (RPKI) is a specialised public key infrastructure (PKI) framework designed to secure the Internet's Border Gateway Protocol (BGP) routing infrastructure. In recent months there has been a lot of traction around this technology, with several organisations ranging from small Dutch hosting providers to one of the largest Content Delivery Networks in the world deploying the technology in production. In the wake of this, NLnet Labs is writing a comprehensive open source toolkit for RPKI about this event: https://cfp.denog.de/denog10/talk/3ETDM8 Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-44-eng-RPKI_sd.mp4?1542889412 9b14c4bd-ae07-514c-9145-3db405b27a89 2018-11-22T00:00:00+01:00 Martin Hoffmann No denog10, 44 Resource Public Key Infrastructure (RPKI) is a specialised public key infrastructure (PKI) framework designed to secure the Internet's Border Gateway Protocol (BGP) routing infrastructure. In recent months there has been a lot of traction around this technology, with several organisations ranging from small Dutch hosting providers to one of the largest Content Delivery Networks in the world deploying the technology in production. In the wake of this, NLnet Labs is writing a comprehensive open source toolkit for RPKI Resource Public Key Infrastructure (RPKI) is a specialised public key infrastructure (PKI) framework designed to secure the Internet's Border Gateway Protocol (BGP) routing infrastructure. In recent months there has been a lot of traction around this technology, with several organisations ranging from small Dutch hosting providers to one of the largest Content Delivery Networks in the world deploying the technology in production. In the wake of this, NLnet Labs is writing a comprehensive open source toolkit for RPKI about this event: https://cfp.denog.de/denog10/talk/3ETDM8 00:08:45 https://media.ccc.de/v/denog10-23-faster-ipv6-network-renumbering- Renumbering of IPv6 clients using DHCPv6 servers without a flag day is highly desired. RFC3315bis describes Reconfiguration mechanism to dynamically renumber IPv6 addresses. Commercially available DHCPv6 servers and clients do not support Reconfiguration feature as specified in RFC3315bis. This talk discusses reconfiguration feature and its implementation on Internet System Consortium (ISC) - KEA DHCPv6 server. Below are the main points and a brief description of each of them which will be presented in the lightning talk. 1. Current IPv6 renumbering methods. - Explain the IPv6 renumbering scenarios and methods for the operators specified in the RFC 6879. 2. Drawbacks of current IPV6 network renumbering methods. - Explain the disadvantages of existing IPV6 network numbering methods and hence motivation of using Reconfiguration feature. 3. Reconfiguration Procedure. - Explain Reconfigure procedure and message exchanges involved. - Explain Motivation for security mechanism in Reconfiguration procedure. 4. Remote Key Authentication Protocol(RKAP):- - Explain how RKAP is used for security in Reconfiguration procedure. 5. Implementation of Reconfiguration Feature in KEA - KEA is an open source implementation of DHCPv6 server by Internet System Consortium. - Project carried as a part of student project for Google Summer of Code 2018 program. - KEA supports reconfiguration of single clients, multiple clients in a single command. - Explain internal working in brief. 6. What the Network Administrator needs to do? - Explain steps involved in the reconfiguration procedure for the network administrator. about this event: https://cfp.denog.de/denog10/talk/XUE3ZP Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-23-eng-Faster_IPV6_Network_Renumbering_sd.mp4?1542889713 68bfa511-4aab-510b-a631-aa515976841e 2018-11-22T00:00:00+01:00 Sunil Mayya No denog10, 23 Renumbering of IPv6 clients using DHCPv6 servers without a flag day is highly desired. RFC3315bis describes Reconfiguration mechanism to dynamically renumber IPv6 addresses. Commercially available DHCPv6 servers and clients do not support Reconfiguration feature as specified in RFC3315bis. This talk discusses reconfiguration feature and its implementation on Internet System Consortium (ISC) - KEA DHCPv6 server. Below are the main points and a brief description of each of them which will be presented in the lightning talk. 1. Current IPv6 renumbering methods. - Explain the IPv6 renumbering scenarios and methods for the operators specified in the RFC 6879. 2. Drawbacks of current IPV6 network renumbering methods. - Explain the disadvantages of existing IPV6 network numbering methods and hence motivation of using Reconfiguration feature. 3. Reconfiguration Procedure. - Explain Reconfigure procedure and message exchanges involved. - Explain Motivation for security mechanism in Reconfiguration procedure. 4. Remote Key Authentication Protocol(RKAP):- - Explain how RKAP is used for security in Reconfiguration procedure. 5. Implementation of Reconfiguration Feature in KEA - KEA is an open source implementation of DHCPv6 server by Internet System Consortium. - Project carried as a part of student project for Google Summer of Code 2018 program. - KEA supports reconfiguration of single clients, multiple clients in a single command. - Explain internal working in brief. 6. What the Network Administrator needs to do? - Explain steps involved in the reconfiguration procedure for the network administrator. about this event: https://cfp.denog.de/denog10/talk/XUE3ZP 00:11:32 https://media.ccc.de/v/denog10-31-presenting-the-powerful-properties-of-packet-processing-with-p4 The next movement in network programmability is the data plane itself. Beyond APIs to the control plane, a domain specific language for data plane programming is emerging as a powerful tool in reasoning about packet networks. Programming network devices has stopped being a responsibility exclusive to the vendors selling them. Today, with control plane standards deployed and evolving, the next evolutionary step in software defining networks is in the data plane. A domain specific language to represent data plane packet processing called P4 has unlocked a wide range of powerful abilities. This talk will give a brief introduction to what P4 is; the motivations behind it's development; and how P4 is being used in networks today. Then, a discussion on how network operators and designers of nearly any scale can wield the power of the language to model and reason about their networks -- even with their existing (fixed function) networks right now. about this event: https://cfp.denog.de/denog10/talk/TUCRVR Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-31-eng-Presenting_the_Powerful_Properties_of_Packet_Processing_with_P4_sd.mp4?1542889201 36f3330d-6ed9-5f33-9a32-a2897c1c7631 2018-11-22T00:00:00+01:00 Aaron A. Glenn No denog10, 31 The next movement in network programmability is the data plane itself. Beyond APIs to the control plane, a domain specific language for data plane programming is emerging as a powerful tool in reasoning about packet networks. Programming network devices has stopped being a responsibility exclusive to the vendors selling them. Today, with control plane standards deployed and evolving, the next evolutionary step in software defining networks is in the data plane. A domain specific language to represent data plane packet processing called P4 has unlocked a wide range of powerful abilities. This talk will give a brief introduction to what P4 is; the motivations behind it's development; and how P4 is being used in networks today. Then, a discussion on how network operators and designers of nearly any scale can wield the power of the language to model and reason about their networks -- even with their existing (fixed function) networks right now. about this event: https://cfp.denog.de/denog10/talk/TUCRVR 00:26:28 https://media.ccc.de/v/denog10-40-evpn-to-the-host In a typical Openstack or KVM deployment scenarios an overlay network is built between hypervisors to provide an L2 domain over an IP-fabric. An overlay network allows (live) migration of VMs and multi-tenancy in infrastructure. Unfortunately, with typical setups, the physical underlay network infrastructure is ignored. This talk will discuss a solution for these issues by using EVPN on a host. In a typical Openstack or KVM deployment scenarios an overlay network is built between hypervisors to provide an L2 domain over an IP-fabric. An overlay network allows (live) migration of VMs and multi-tenancy in infrastructure. Unfortunately, with typical setups, the physical underlay network infrastructure is ignored. This deployment scenario has multiple downsides: - Current overlay implementations in Openstack are not based on standardized protocols. If integration with the underlay network is necessary, the network vendor has to develop support to integrate with the Openstack overlay (e.g OVSDB, OVN, ML2). - For example, It can cause inefficient traffic routing through a network node, adding additional latency and a point of failure. With EVPN-VxLAN (RFC8365 with multiple additions), integration with the physical network is much easier given the use of a standardized protocol. Also, the additions of the distributed routing functionality in EVPN allows for the possibility to have a distributed routing setup in Openstack that prevents traffic tromboning. EVPN VxLAN is implemented in the FreeRangeRouting project. In combination with the Linux VRF implementation. An Openstack hypervisor can become a VxLAN VTEP and have the EVPN functionalities directly available on the host. about this event: https://cfp.denog.de/denog10/talk/KY7N3J Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-40-eng-EVPN_to_the_Host_sd.mp4?1542886955 7c795e89-1cb5-500e-9299-c2896391959f 2018-11-22T00:00:00+01:00 Attilla de Groot No denog10, 40 In a typical Openstack or KVM deployment scenarios an overlay network is built between hypervisors to provide an L2 domain over an IP-fabric. An overlay network allows (live) migration of VMs and multi-tenancy in infrastructure. Unfortunately, with typical setups, the physical underlay network infrastructure is ignored. This talk will discuss a solution for these issues by using EVPN on a host. In a typical Openstack or KVM deployment scenarios an overlay network is built between hypervisors to provide an L2 domain over an IP-fabric. An overlay network allows (live) migration of VMs and multi-tenancy in infrastructure. Unfortunately, with typical setups, the physical underlay network infrastructure is ignored. This deployment scenario has multiple downsides: - Current overlay implementations in Openstack are not based on standardized protocols. If integration with the underlay network is necessary, the network vendor has to develop support to integrate with the Openstack overlay (e.g OVSDB, OVN, ML2). - For example, It can cause inefficient traffic routing through a network node, adding additional latency and a point of failure. With EVPN-VxLAN (RFC8365 with multiple additions), integration with the physical network is much easier given the use of a standardized protocol. Also, the additions of the distributed routing functionality in EVPN allows for the possibility to have a distributed routing setup in Openstack that prevents traffic tromboning. EVPN VxLAN is implemented in the FreeRangeRouting project. In combination with the Linux VRF implementation. An Openstack hypervisor can become a VxLAN VTEP and have the EVPN functionalities directly available on the host. about this event: https://cfp.denog.de/denog10/talk/KY7N3J 00:32:05 https://media.ccc.de/v/denog10-9-traffic-engineering-sr-spring-networks-using-open-source-tools Building on top of the Segment Routing Talk from DENOG8 we showcase what multi vendor Traffic Enginneering options are available using Open Source Tools The DENOG 8 Talk "Next-Generation Traffic Engineering with SPRING" introduced the building blocks of Segment Routing as a new MPLS signaling protocol. Traffic engineering capabilities were allready built into the protocol, but next to no implementations were present. After a short recap of the general SR/SPRING information we will show a demo implementation of a Traffic Engineering controller. We build a showcase traffic Engineering Controller based on Open Source Tools: - Streaming Telemetry for real time Traffic insight into the network - BGP-LS into ExaBGP streaming into a redis storage - netconf calls for information enrichment - Web UI to display a topology view of the network - e.g. check real time traffic via Grafana integration - select a new network path for a given prefix via WEB-Ui - signal Traffic engineering Path to the network via BGP-LU from exaBGP The Controller works against a test network running Arista and Juniper Devices. about this event: https://cfp.denog.de/denog10/talk/T3YFH8 Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-9-eng-Traffic_Engineering_SR_Spring_networks_using_Open_Source_Tools_sd.mp4?1542884401 3e78ee5a-a099-558e-8ad1-bb2202ed73b5 2018-11-22T00:00:00+01:00 Tobias Heister No denog10, 9 Building on top of the Segment Routing Talk from DENOG8 we showcase what multi vendor Traffic Enginneering options are available using Open Source Tools The DENOG 8 Talk "Next-Generation Traffic Engineering with SPRING" introduced the building blocks of Segment Routing as a new MPLS signaling protocol. Traffic engineering capabilities were allready built into the protocol, but next to no implementations were present. After a short recap of the general SR/SPRING information we will show a demo implementation of a Traffic Engineering controller. We build a showcase traffic Engineering Controller based on Open Source Tools: - Streaming Telemetry for real time Traffic insight into the network - BGP-LS into ExaBGP streaming into a redis storage - netconf calls for information enrichment - Web UI to display a topology view of the network - e.g. check real time traffic via Grafana integration - select a new network path for a given prefix via WEB-Ui - signal Traffic engineering Path to the network via BGP-LU from exaBGP The Controller works against a test network running Arista and Juniper Devices. about this event: https://cfp.denog.de/denog10/talk/T3YFH8 00:28:20 https://media.ccc.de/v/denog10-38-sdn-control-of-disaggregated-optical-transport-networks Software Defined Networking (SDN) is offering greater operational efficiency and automation by turning the transport network into a programmable resource. Several competing data models for disaggregated and partially disaggregated optical networks currently being developed and proposed by research and standardization are presented and their strengths and challenges discussed. A key use case of SDN for optical transport networks (Transport SDN) is multi-vendor network and service management. The requirement for interoperability drives open and standardized interfaces. This talk will introduce the data models currently being discussed as contenders for application programming interfaces (APIs) of disaggregated and partially disaggregated optical networks on device and network level. In case of fully disaggregated networks, each device is directly controlled by an SDN controller; in case of partial disaggregation, an optical line system (OLS) is operated as a complete system, and the transponders at the edge are operated independently from the OLS and can be directly controlled. The strengths and weaknesses of the two disaggregation models and the considered APIs, including OpenConfig, OpenROADM, IETF TEAS, and ONF Transport API, are discussed in the talk. Current results from ongoing interop events, field trials, and research projects are presented to highlight challenges and solutions for the SDN control of (partially) disaggregated optical networks. about this event: https://cfp.denog.de/denog10/talk/HGNLHC Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-38-eng-SDN_control_of_disaggregated_optical_transport_networks_sd.mp4?1542882901 2a6a17cc-cd0b-5611-8a92-deefe870677f 2018-11-22T00:00:00+01:00 Achim Autenrieth No denog10, 38 Software Defined Networking (SDN) is offering greater operational efficiency and automation by turning the transport network into a programmable resource. Several competing data models for disaggregated and partially disaggregated optical networks currently being developed and proposed by research and standardization are presented and their strengths and challenges discussed. A key use case of SDN for optical transport networks (Transport SDN) is multi-vendor network and service management. The requirement for interoperability drives open and standardized interfaces. This talk will introduce the data models currently being discussed as contenders for application programming interfaces (APIs) of disaggregated and partially disaggregated optical networks on device and network level. In case of fully disaggregated networks, each device is directly controlled by an SDN controller; in case of partial disaggregation, an optical line system (OLS) is operated as a complete system, and the transponders at the edge are operated independently from the OLS and can be directly controlled. The strengths and weaknesses of the two disaggregation models and the considered APIs, including OpenConfig, OpenROADM, IETF TEAS, and ONF Transport API, are discussed in the talk. Current results from ongoing interop events, field trials, and research projects are presented to highlight challenges and solutions for the SDN control of (partially) disaggregated optical networks. about this event: https://cfp.denog.de/denog10/talk/HGNLHC 00:28:30 https://media.ccc.de/v/denog10-13-bgp-communities-101 One of the most important but also least trained aspect of BGP is "BGP communities" - why do I want them, what typical problems can I avoid using BGP communities, and how do I configure them nicely on typical platforms. Mini-Tutorial with a number of typical use cases and a few config examples Slides will be ready in time. about this event: https://cfp.denog.de/denog10/talk/GJHDUT Thu, 22 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-13-eng-BGP_communities_101_sd.mp4?1542880956 b05a50fb-0f40-52a1-8f39-ebbca73564c2 2018-11-22T00:00:00+01:00 Gert Döring No denog10, 13 One of the most important but also least trained aspect of BGP is "BGP communities" - why do I want them, what typical problems can I avoid using BGP communities, and how do I configure them nicely on typical platforms. Mini-Tutorial with a number of typical use cases and a few config examples Slides will be ready in time. about this event: https://cfp.denog.de/denog10/talk/GJHDUT 00:31:37 https://media.ccc.de/v/denog10-8-400g-don-t-get-confused-with-this-transceiver-generation Modulation PAM4 and newly introduced formfactors are the key player here. Transmission speed of 400G is becoming a reality, with new challenges for optical and electrical components in high speed systems emerging as well. PAM4 modulation is one key component for 400G transmission with transceivers following Ethernet IEEE 802.3bs, this talk will be a show and tell into PAM4. With this knowledge, the design decisions behind the new formfactors OSFP, QSFP-DD, SFP56-DD and µQSFP are easier to understand. This talk will help you to: * Design / build new kind of applications or connections with your networking gear in the field * Avoid pitfalls when designing your racks * Be aware how power consumption and new plugs will be part of the new world of 400G transceivers. about this event: https://cfp.denog.de/denog10/talk/HPQVBM Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-8-eng-400G_-_dont_get_confused_with_this_transceiver_generation_sd.mp4?1542822815 8340fbc9-2735-5560-b3f4-ac36f8f5a35d 2018-11-21T00:00:00+01:00 Thomas Weible No denog10, 8 Modulation PAM4 and newly introduced formfactors are the key player here. Transmission speed of 400G is becoming a reality, with new challenges for optical and electrical components in high speed systems emerging as well. PAM4 modulation is one key component for 400G transmission with transceivers following Ethernet IEEE 802.3bs, this talk will be a show and tell into PAM4. With this knowledge, the design decisions behind the new formfactors OSFP, QSFP-DD, SFP56-DD and µQSFP are easier to understand. This talk will help you to: * Design / build new kind of applications or connections with your networking gear in the field * Avoid pitfalls when designing your racks * Be aware how power consumption and new plugs will be part of the new world of 400G transceivers. about this event: https://cfp.denog.de/denog10/talk/HPQVBM 00:23:29 https://media.ccc.de/v/denog10-14-peeringdb-update PeeringDB has been around since 14 years. And an entry in PeeringDB is a must have if you want to interconnect with other networks. There is no other DB where you have all the information about networks, Internet Exchange Points and Facilities/Colocation at one place and nicely interlinked. As PeeringDB is so important an Seattle (US) based association was set up in late 2015. In March 2016 a wholly new version of PeeringDB (PeeringDB 2.0) was released with an intuitive GUI and a powerful API. This presentation gives a quick overview on PeeringDB, both from organisation as well as from a technical point of view and highlights the latest developments. This is a draft presentation and will be updated with latest before the meeting. PeeringDB is ongoing work and driven by the community. Although there was a presentation on PeeringDB at last DENOG meeting, it absolutely makes sense to let the audience know about latest developments. about this event: https://cfp.denog.de/denog10/talk/AXR3TB Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-14-eng-PeeringDB_Update_sd.mp4?1542822060 b327ff44-652e-5810-9d9f-1c950412d450 2018-11-21T00:00:00+01:00 Arnold Nipper No denog10, 14 PeeringDB has been around since 14 years. And an entry in PeeringDB is a must have if you want to interconnect with other networks. There is no other DB where you have all the information about networks, Internet Exchange Points and Facilities/Colocation at one place and nicely interlinked. As PeeringDB is so important an Seattle (US) based association was set up in late 2015. In March 2016 a wholly new version of PeeringDB (PeeringDB 2.0) was released with an intuitive GUI and a powerful API. This presentation gives a quick overview on PeeringDB, both from organisation as well as from a technical point of view and highlights the latest developments. This is a draft presentation and will be updated with latest before the meeting. PeeringDB is ongoing work and driven by the community. Although there was a presentation on PeeringDB at last DENOG meeting, it absolutely makes sense to let the audience know about latest developments. about this event: https://cfp.denog.de/denog10/talk/AXR3TB 00:09:41 https://media.ccc.de/v/denog10-16-ipv6-ibm-an-enterprise-journey An overview of enabling IPv6 inside a large, global enterprise network. Includes planning aspects, aspects of technical testing, roll-out tracking and lessons learnt so far. How do you embrace IPv6 in a global enterprise, with tens of thousands of network devices, delivery teams all around the globe and no real shortage on IPv4 space? This presentation will talk about the introduction of IPv6 inside IBM’s own network over the past few years, the challenges we’ve seen and some outlook for the road ahead of us. As enterprises in general seem to be more behind IPv6 than ISPs or carriers, this session is aimed to help those who still need to build a case within their own company. about this event: https://cfp.denog.de/denog10/talk/EVVTPA Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-16-eng-IPv6_IBM_-_An_enterprise_journey_sd.mp4?1542821701 95aab8ea-e8ec-539f-9e96-b31da306f682 2018-11-21T00:00:00+01:00 Andy Mindnich No denog10, 16 An overview of enabling IPv6 inside a large, global enterprise network. Includes planning aspects, aspects of technical testing, roll-out tracking and lessons learnt so far. How do you embrace IPv6 in a global enterprise, with tens of thousands of network devices, delivery teams all around the globe and no real shortage on IPv4 space? This presentation will talk about the introduction of IPv6 inside IBM’s own network over the past few years, the challenges we’ve seen and some outlook for the road ahead of us. As enterprises in general seem to be more behind IPv6 than ISPs or carriers, this session is aimed to help those who still need to build a case within their own company. about this event: https://cfp.denog.de/denog10/talk/EVVTPA 00:28:48 https://media.ccc.de/v/denog10-22-opnsense-the-open-firewall-for-your-datacenter OPNsense is an open source and easy-to-use FreeBSD based firewall and routing platform. In this talk Werner will give an insight into the features and architecture of this firewall, which is being developed with a strong focus on security and code quality. OPNsense has started in January 2015 as a fork of pfSense® and m0n0wall. Now - almost four years later - OPNsense brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. It's feature list ranges from basic features like the Stateful Firewall and Caching Proxy, over Unified Thread Management functions (Suricata-based IDS/IPS, Virus Protection, VPN, ...) up to enterprise features like High Availability clustering or an API for automation purposes. A modern and intuitive web interface makes configuring firewall rules also for beginners funny. In this talk, Werner Fischer will outline OPNsense's FreeBSD/HardenedBSD-based architecture and how you can take advantage of additional features using OPNsense plugins. He will also show how to initially setup an OPNsense firewall, and how you use datacenter-features like High Availability & Hardware Failover or Dual Uplinks. Open (source) makes sense - also for your firewall :-) about this event: https://cfp.denog.de/denog10/talk/QFEHTJ Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-22-eng-OPNsense_the_open_firewall_for_your_datacenter_sd.mp4?1542820800 e323a8be-0bc6-553f-b54b-2ffc0b226c12 2018-11-21T00:00:00+01:00 Werner Fischer No denog10, 22 OPNsense is an open source and easy-to-use FreeBSD based firewall and routing platform. In this talk Werner will give an insight into the features and architecture of this firewall, which is being developed with a strong focus on security and code quality. OPNsense has started in January 2015 as a fork of pfSense® and m0n0wall. Now - almost four years later - OPNsense brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. It's feature list ranges from basic features like the Stateful Firewall and Caching Proxy, over Unified Thread Management functions (Suricata-based IDS/IPS, Virus Protection, VPN, ...) up to enterprise features like High Availability clustering or an API for automation purposes. A modern and intuitive web interface makes configuring firewall rules also for beginners funny. In this talk, Werner Fischer will outline OPNsense's FreeBSD/HardenedBSD-based architecture and how you can take advantage of additional features using OPNsense plugins. He will also show how to initially setup an OPNsense firewall, and how you use datacenter-features like High Availability & Hardware Failover or Dual Uplinks. Open (source) makes sense - also for your firewall :-) about this event: https://cfp.denog.de/denog10/talk/QFEHTJ 00:10:28 https://media.ccc.de/v/denog10-19-nd-spoofing-for-fun-and-profit-distributing-server-farm-traffic-efficiently A server farm in a single broadcast domain should use a shortest way to the next router minimizing inter-switch traffic. Faking Neighbor Discovery messages direct each server to the right router. Application servers often need to communicate to each other in a common layer2 area. If such an area spans multiple networking devices, the data flow is likely to be inefficient. Various methods exist to solve this problem including expensive SDN technology. This talk focuses about the low budget solutions. Starting from different static routes per server over partially broken networks (filtering ND and FHRP on the inter switch links) up to faking the whole Neighbor Discovery in the Layer 2 area. about this event: https://cfp.denog.de/denog10/talk/ZML88Q Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-19-eng-ND_Spoofing_for_Fun_and_Profit_Distributing_server_farm_traffic_efficiently_sd.mp4?1542820740 34449bcc-efc3-5c53-8723-887ae2c632a8 2018-11-21T00:00:00+01:00 Lutz Donnerhacke No denog10, 19 A server farm in a single broadcast domain should use a shortest way to the next router minimizing inter-switch traffic. Faking Neighbor Discovery messages direct each server to the right router. Application servers often need to communicate to each other in a common layer2 area. If such an area spans multiple networking devices, the data flow is likely to be inefficient. Various methods exist to solve this problem including expensive SDN technology. This talk focuses about the low budget solutions. Starting from different static routes per server over partially broken networks (filtering ND and FHRP on the inter switch links) up to faking the whole Neighbor Discovery in the Layer 2 area. about this event: https://cfp.denog.de/denog10/talk/ZML88Q 00:10:47 https://media.ccc.de/v/denog10-18-how-to-operate-a-vxlan-network I operate a VXLAN based network spread across multiple data centers which provides IP- and Ethernet-services for our customers. I will explain our design, how we integrate it into our VPLS based ISP network and what we (don't) like. What I will be talking about: * Planning a DC environment * Different methods to connect a customer * Setting up automation and your network * Documenting what you and your automation did * Practical VLAN/VXLAN Mapping (overlapping VLAN ranges) * Troubleshooting and mistakes not to make (again) about this event: https://cfp.denog.de/denog10/talk/LGPWXJ Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-18-eng-How_to_operate_a_VXLAN_network_sd.mp4?1542820475 c8f76b25-20e6-5083-9cc0-ca99eec81eb6 2018-11-21T00:00:00+01:00 Nicola von Thadden No denog10, 18 I operate a VXLAN based network spread across multiple data centers which provides IP- and Ethernet-services for our customers. I will explain our design, how we integrate it into our VPLS based ISP network and what we (don't) like. What I will be talking about: * Planning a DC environment * Different methods to connect a customer * Setting up automation and your network * Documenting what you and your automation did * Practical VLAN/VXLAN Mapping (overlapping VLAN ranges) * Troubleshooting and mistakes not to make (again) about this event: https://cfp.denog.de/denog10/talk/LGPWXJ 00:24:22 https://media.ccc.de/v/denog10-43-vxlan-101 This talk provides a condensed overview on VXLAN on a protocol level to give an understanding what VXLAN is, where it can be used and how it works. Virtual Extensible LAN (VXLAN) is an encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. But what does that actually mean and how does it work? What does VXLAN mean for the service-provider? A lot of questions, which will be answered in a strict, condensed talk. about this event: https://cfp.denog.de/denog10/talk/HN3LMD Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-43-eng-VXLAN_101_sd.mp4?1542815675 535ef03a-4e9c-5364-8a9c-60cd995b7067 2018-11-21T00:00:00+01:00 Florian Hibler No denog10, 43 This talk provides a condensed overview on VXLAN on a protocol level to give an understanding what VXLAN is, where it can be used and how it works. Virtual Extensible LAN (VXLAN) is an encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. But what does that actually mean and how does it work? What does VXLAN mean for the service-provider? A lot of questions, which will be answered in a strict, condensed talk. about this event: https://cfp.denog.de/denog10/talk/HN3LMD 00:11:12 https://media.ccc.de/v/denog10-25-bio-routing-a-versatile-fast-and-reliable-open-source-routing-daemon-in-golang BIO routing is a project to create a versatile, fast and reliable routing daemon in Golang (BIO = BGP + IS-IS + OSPF). Why did we start the project, what is it and what did we achieve yet? We would like to present the current state of the BIO routing project. The talk should cover the following key points: * who are we? * why another routing daemon? (what's the problem with bird, FRR, OpenBGPd, etc.) * why did we choose golang as the programming language? * key concepts and focus of BIO * current feature set of BIO (maybe a short live demo) * using BIO as library to implement specific tools like route injectors * what's planned for the future * what did we learn while implementing * how to contribute This should give the audience a pretty good understanding of the project and how they can benefit from it. It would be wonderful to get people interested in using BIO or even join our team and help implementing features. We are confident with what we achieved in the last 6 months and would love to share our enthusiasm with other people :) Source code is available at: https://github.com/bio-routing/bio-rd BIO used as library for a route injector: https://github.com/czerwonk/bioject about this event: https://cfp.denog.de/denog10/talk/TPNXPX Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-25-eng-BIO_routing_-_a_versatile_fast_and_reliable_open_source_routing_daemon_in_golang_sd.mp4?1542814456 627f23ef-8a06-5f84-acef-a3065a315957 2018-11-21T00:00:00+01:00 Daniel Czerwonk, Oliver 'takt' Herms No denog10, 25 BIO routing is a project to create a versatile, fast and reliable routing daemon in Golang (BIO = BGP + IS-IS + OSPF). Why did we start the project, what is it and what did we achieve yet? We would like to present the current state of the BIO routing project. The talk should cover the following key points: * who are we? * why another routing daemon? (what's the problem with bird, FRR, OpenBGPd, etc.) * why did we choose golang as the programming language? * key concepts and focus of BIO * current feature set of BIO (maybe a short live demo) * using BIO as library to implement specific tools like route injectors * what's planned for the future * what did we learn while implementing * how to contribute This should give the audience a pretty good understanding of the project and how they can benefit from it. It would be wonderful to get people interested in using BIO or even join our team and help implementing features. We are confident with what we achieved in the last 6 months and would love to share our enthusiasm with other people :) Source code is available at: https://github.com/bio-routing/bio-rd BIO used as library for a route injector: https://github.com/czerwonk/bioject about this event: https://cfp.denog.de/denog10/talk/TPNXPX 00:16:58 https://media.ccc.de/v/denog10-37-openbgpd-gotta-go-fast- Status update about current work done on OpenBGPD and how this can be used as a route-server alternative at internet exchange points. OpenBGPD was started in 2003 and became quickly popular in many smaller networks and also as route-server at many IXPs. Over the years the requirements for running BGP -- especially route servers at exchange points -- has changed but OpenBGPD did not keep up with some of them. Thanks to the RIPE NCC Community Projects Fund and donations by various IXPs a lot of improvements are currently done. This presentation is an update what was achieved until now and what will come. One of the show cases is how OpenBGPD can be used together with arouteserver -- a config generator -- to build secure route-servers for IXPs. about this event: https://cfp.denog.de/denog10/talk/HNTNLT Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-37-eng-OpenBGPD_gotta_go_fast_sd.mp4?1542814414 b69e946a-8b47-5e04-ab20-e761f1ce9450 2018-11-21T00:00:00+01:00 Claudio Jeker No denog10, 37 Status update about current work done on OpenBGPD and how this can be used as a route-server alternative at internet exchange points. OpenBGPD was started in 2003 and became quickly popular in many smaller networks and also as route-server at many IXPs. Over the years the requirements for running BGP -- especially route servers at exchange points -- has changed but OpenBGPD did not keep up with some of them. Thanks to the RIPE NCC Community Projects Fund and donations by various IXPs a lot of improvements are currently done. This presentation is an update what was achieved until now and what will come. One of the show cases is how OpenBGPD can be used together with arouteserver -- a config generator -- to build secure route-servers for IXPs. about this event: https://cfp.denog.de/denog10/talk/HNTNLT 00:12:45 https://media.ccc.de/v/denog10-26-probing-your-network-and-only-your-network-with-mpls-and-gre-packets Blackbox network testing with GRE and MPLS. Modern switches and routers allow to decapsulate GRE and switch MPLS packets in hardware. I will show how EXARING AG successfully blackbox tests their network including all switches and any link, including peering and transit links, using stacked IP/GRE/MPLS packets. about this event: https://cfp.denog.de/denog10/talk/VBFUZS Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-26-eng-Probing_your_network_-_and_only_your_network_-_with_MPLS_and_GRE_packets_sd.mp4?1542814176 c7ce944c-dedc-55b0-b5fa-8f3ca1236695 2018-11-21T00:00:00+01:00 Oliver 'takt' Herms No denog10, 26 Blackbox network testing with GRE and MPLS. Modern switches and routers allow to decapsulate GRE and switch MPLS packets in hardware. I will show how EXARING AG successfully blackbox tests their network including all switches and any link, including peering and transit links, using stacked IP/GRE/MPLS packets. about this event: https://cfp.denog.de/denog10/talk/VBFUZS 00:30:34 https://media.ccc.de/v/denog10-12-on-observability Observability is the current buzzword in tech, but, as always, there's a kernel of truth. What is observability, how does apply to modern engineering, and why is this relevant to the networking sector? Key takeaways & learnings: * What is observability * Why are metrics, traces(not network traces), and logs the three golden types of data to monitor? * How should you define what you monitor? I.e. what is a "service" for you? * What should I monitor to run these services? about this event: https://cfp.denog.de/denog10/talk/DWYUPV Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-12-eng-On_Observability_sd.mp4?1542814021 24242b48-1ca9-5a40-92bb-2db5e6021cfb 2018-11-21T00:00:00+01:00 Richard "RichiH" Hartmann No denog10, 12 Observability is the current buzzword in tech, but, as always, there's a kernel of truth. What is observability, how does apply to modern engineering, and why is this relevant to the networking sector? Key takeaways & learnings: * What is observability * Why are metrics, traces(not network traces), and logs the three golden types of data to monitor? * How should you define what you monitor? I.e. what is a "service" for you? * What should I monitor to run these services? about this event: https://cfp.denog.de/denog10/talk/DWYUPV 00:25:38 https://media.ccc.de/v/denog10-33-denog10-opening TBD TBD about this event: https://cfp.denog.de/denog10/talk/RFT8PZ Wed, 21 Nov 2018 00:00:00 +0100 https://cdn.media.ccc.de/events/denog/denog10/h264-sd/denog10-33-eng-DENOG10_Opening_sd.mp4?1542811235 5d933306-725a-5f63-be49-1a763b722af2 2018-11-21T00:00:00+01:00 Moritz Frenzel No denog10, 33 TBD TBD about this event: https://cfp.denog.de/denog10/talk/RFT8PZ 00:11:03 media.ccc.de / RSS 0.3.1 CCC media team media@c3voc.de CCC media team No CCC Congress Hacking Security Netzpolitik A wide variety of video material distributed by the CCC. All content is taken from cdn.media.ccc.de and media.ccc.de A wide variety of video material distributed by the Chaos Computer Club. This feed contains all events from denog10 as mp4