RIPE 84

Daily Meeting Blog

Table of contents


Monday, 16 May 2022: Back to “normal”

For the first time, since RIPE 79, we welcomed attendees back to an onsite RIPE Meeting. This meant that all of us onsite were obliged to get out of pyjamas and be fully presentable (and go beyond our lovely screen selves).

The day kicked off with a tutorial on IPv6 security and the traditional Newcomers’ Introduction session. We’ve summarised the Newcomers’ Intro in case you missed it:
• If you’re new to the RIPE Meeting, there are helpful RIPE NCC staff in red shirts who can help you get acquainted… though we recommend you check whether their shirt actually says “Meet & Greet” to avoid potential embarrassment! Please also note that the decision to go with red shirts should not imply anything about the expendability of these staff or their life expectancy during the meeting ;)
• A shadowy group of individuals has kindly ordered requested a correction to a question in the Newcomers’ Introduction Kahoot! quiz. The quiz appeared to imply that there was such a thing as a “Secret Working Group.” These individuals insist that there is no such group within RIPE. We regret the error.

There was a heartfelt round of applause as Mirjam Kühne opened RIPE 84 – her first in-person meeting since becoming RIPE Chair! Mirjam noted that it was great to see that there was such a strong attendance (with 685 registered to attend on-site and 478 registered to attend remotely). Also noteworthy was the high number of newcomers – showing that the RIPE community is still going strong despite over two years of virtual interaction only. The community also took a moment to recognise the efforts of network operators in Ukraine and elsewhere to keep the Internet connected through the war and the pandemic – and to recognise the lives that have been lost in both.

Dr. Thomas King from DE-CIX (our hosts for RIPE 84) welcomed attendees. He took us down memory lane, showing some old photos and reminiscing about the last RIPE Meeting that was held in Berlin, which was also hosted by DE-CIX.

As the badges and stickers were picked up, and the barista queue grew longer, we thought “We are back to normal, at last!” However, the presentations in the opening plenary were a stark reminder that normalcy is very far away for many members of our community, with the war in Ukraine still ongoing.

    • Emile Aben presented on the resilience of the Ukrainian Internet, noting that it was still going strong through both the human resilience of the network operators working to reconnect damaged infrastructure, and the technical resilience of the Ukrainian network – ranking as fourth in the world in terms of having a distributed market.
    • Rene Fichtmueller gave an update on the Global NOG Alliance’s “Keep Ukraine Connected” initiative, after the first successful shipments of networking gear to Ukrainian operators. Aside from the phenomenal amount of driving (DE-CZ-AT-SLO-AT-CZ-PL-UA-PL-DE in 44 hours!) it also represents the ability of the technical community to quickly organise and make a real-world difference.

After another lovely coffee break (and the first official RIPE 84 Kahoot! later), Constanze Bürger, the Federal Ministry of the Interior and Community of Germany, spoke about the challenges and opportunities of IPv6 deployment in German public authorities. We also learned that Constanze’s first RIPE Meeting was RIPE 56 in Berlin, and having arrived formally dressed in a suit, she went back home and changed into jeans and a t-shirt to blend in. The question that now remains is whether laptop stickers are catching on in German government offices. As far as her talk is concerned, there was general agreement that it’s indeed useful to have a government perspective on these issues.

From IPv6, we shifted gears to RPKI. Massimo Candela, NTT, shared the results of a tool developed by NTT that has helped them reduce RPKI-invalid announcements by 86.84%. Doug Madory, Kentik, then presented some interesting RPKI metrics using NetFlow. The audience was mildly surprised when Doug’s face beamed down from the big screen as he presented remotely. A reminder that this is indeed a hybrid meeting, and normalcy is being redefined.

We then moved on to the very succinctly titled “Properties of Today’s and Tomorrow’s Internet: What Do We Want From Our Networking Protocols?” BoF moderated by Jelte Jansen. It did what it said on the tin – and the discussion explored the many facets of what we mean by the Internet, what government intervention means for the Internet, whether the values of the RIPE community are known to a wider audience, and how to involve a wider audience. Jelte made the ground rules crystal clear, and we would like to state for the record that the throwing of chairs and other physical objects was indeed kept to a minimum.

Meanwhile, in another room, academics, researchers, students and NREN staff came together for some informal networking during the Academic and NREN Reception.

All that hard work has its reward. As is tradition, we wound up the first day of RIPE 84 with a Welcome Reception – with online attendees welcomed back to SpatialChat.

Day One of RIPE 84 in numbers:

Checked in online: 103 attendees
Checked in onsite: 455 attendees
Total participants: 558

The most heard remark in the hallways: “You’re taller (or shorter) than you look on Zoom!”

Our favourite tweets for today

Fact of the day: 52% of German tax declarations are made over IPv6 (thank you Constanze!)

Commending the fantastic efforts of the Keep Ukraine Connected team

Tell me it’s your first RIPE Meeting, without telling me it’s your first RIPE Meeting
(and don’t worry, you’re not the only one)

Tuesday, 17 May 2022: T-shirt madness

Today was the second day of plenary sessions and the most important day of the week as attendees lined up to get the RIPE 84 t-shirt (inspired by Berlin and Mondrian). We’ve never seen the coffee break area so busy, we probably hit peak attendance. If you haven’t picked up your t-shirt yet, you can still claim it at the registration desk.

The first presentation of the day started in true hybrid style with an online speaker. Sankalp Basavaraj, showed how Internet security has evolved with a case study on Log4j, noting a timeline of events, a cat and mouse game between attackers and protectors.

Next up, we heard from Christian Harendt who presented on automating RIPE Database handling with NetBox and not only shared features of a ripe-updater but the fact that he had also uploaded the updater to GitHub.

Switching from the RIPE Database to the wonderful world of RFCs, Tom Strickx heralded the use of documentation when it comes to RFC3849 and RFC5737. He ended his presentation with a Friends meme which got a good laugh from the crowd, asking people to swear to use RFC3849 and RFC5737 prefixes for documentation purposes only.

To round off the session, Maria Matějka, CZ.NIC spoke on BIRD 3, including a development timeline, what works and the upcoming features and changes.

After the coffee break, Chris Adams ran through a whole range of initiatives aimed at cutting carbon emissions across the industry and moving towards a ‘gold’ (green open lean distributed) Internet. The audience were given lots of good reasons to start putting these practices into effect.

The next talk looked at the threats posed by DNS cache poisoning attacks via fragmentation. Running through mitigations against fragmentation, Carsten Strotmann concluded by urging that operators should nip fragmentation in the bud by deploying more BGPSEC rather than trying to deal with the effects.

Dmytry Kohmanyuk gave a moving talk about his organisation’s efforts to keep the UA ссTLD infrastructure resilient through a major DDoS attack and the following military attacks that came with the outbreak of the war in Ukraine. He gave us a detailed account of the decisions made, the costs and lessons learned. Attendees in the room and online came together to applaud this phenomenal effort.

During the lunch break, everyone was invited to attend the Women in Tech session where Lorrayne Porciuncula spoke about the importance of data in building a more diverse and equal world and Shane Kerr shared statistics on women’s participation in previous RIPE Meetings. The audience asked many interesting questions on how to move beyond diversity and ensure inclusion, how to make everyone feel welcome (not just men and women) and how to bring these topics to the Plenary’s agenda. The session was facilitated by Karla Liddle-White who also runs The Women’s Edition podcast.

After lunch, Stephan Schroeder presented on the changing landscape of Content Delivery Networks. He gave an overview of the challenges faced as CDNs are moved more and more to the edge, including challenges related to capacity planning and localisation.

Next up, Matthias Wichtlhuber shared his experience fuzzy testing network devices at DE-CIX to determine spare capacity and bottlenecks in the hardware.

Third in line, Tom Strickx talked about the June 2019 route leak which impacted Cloudflare and other CDNs. He provided a background on the “bolted on” security model for BGP and other network protocols, and the long and ongoing prominence of routing hijacking attacks.

After the coffee break, the plenary sessions resumed with a very musical presentation “Stairway to Anycast” by Sander Steffann who detailed his experiences with anycast. In the end, they managed to make the .ua TLD work. On the same theme, Remco van Mook presented how he did Internet-wide measurements in “For Those About To Anycast”. He compared anycast to a Formula 1 car and the need for specialised tools to make it happen. There was support from the audience for designing anycast networks with whiskey.

His talk was followed by RIPE Labs Article Competition winner Pavlos Sempresis, who presented on bias in measurement infrastructure, and Aaron Glenn, who presented on P4 and closed the plenary sessions for the day.

Finally, (for those who didn’t drop out due to fatigue or yesterday’s welcome reception), the day ended with a Best Current Operational Practices (BCOP) Task Force session and a Code of Conduct Team Recruitment BoF.

Day Two of RIPE 84 in numbers:

Checked in online: 544 attendees
Checked in onsite: 138 attendees
Total participants: 682

Overheard in the hallways: “WiFi is really bad in the toilets.” Sorry about that, we will get to the bottom of it.

Our favourite tweets for today

We know our classics.

Indeed, even if the network does not work very well from the loo (allegedly).

Wednesday, 18 May: Working Groups Begin (dun-dun-dunnn)

Wednesday = two parallel tracks of RIPE Working Group Sessions. Here’s some non-exhaustive notes on what transpired.

IoT

IoT kicked off with a talk on security for client-to-client communication in LwM2M. Leandro Lanzieri ran through some of the experimentation that he and the team have been carrying out and benefits they uncovered for C2C. Tommy Haga gave a fascinating talk about maintaining various IoT devices – freezers for storing viruses, uniform dispensers, x-ray machines – used in hospitals. Jad El Cham asked the room for feedback on whether RIPE NCC training on IoT would be a good idea – the audience was divided on this point. In the close of the session, Constanze Dietrich announced she’ll be stepping down as IoT WG Chair and welcomed Peter Steinhäuser, who’ll take over her role from RIPE 85 (does this means no more custom cartoons?!)

Address Policy WG (1)

Over in Address Policy, Erik Bias was selected for another term as Co-chair of the Address Policy WG. Sander Steffann gave a report from the Number Resource Organization Number Council (NRO NC) which, as we all know, goes by the alternative moniker of Address Supporting Organization Address Council (ASO AC) when we’re talking about the nebulous microcosm that is ICANN. TL;DR: everything is basically ticking along as normal, though noteworthy is that Christian Kaufmann has been selected to fill Seat 10 on the ICANN board. Gert Doering, Kurt Kayser and Sander Steffann reported back on their investigations into the goals of the RIPE community’s IPv6 policies, which generated an active discussion at the mic.

Open Source WG

From the first two talks in Open Source we could compare different approaches to open-sourcing code important for routing: FRR was open from the start, and the five-year celebration was presented in a very detailed technical way; this contrasts with the RIPE NCC’s RPKI ten-year-old code-base, which was open sourced in 2022 to provide greater transparency.

The third talk was an update on a project that was announced at RIPE 76 in Marseilles — Peering Manager. A lot of gratitude expressed for the developers and the software itself. The author of this summary liked this quote: “Documentation is the code.”

Address Policy WG (2)

After the break, Marco Schmidt reported back from the RIPE NCC’s Registry Services Department. Looking ahead, it’s a projected eighteen month wait if you want a /24 IPv4 block from the waiting list folks, so it might be good to consider that in before you open your Nth additional LIR. And why not leave some for the newcomers anyway? Marco was followed by two presentations about potential policy proposals (which is good practice: better to get feedback on your idea before putting pen to paper and formally starting the PDP!)

Connect WG

Pascal Gloor, Init7, spoke about his experiences upgrading their service to 25Gig Fiber to the Home (FTTH). Leo Vegoda, EURO-IX asked the WG to provide some feedback on their IXPDB. There was also a lightening talk about the (lack of) future for the Peering Manager role and other developments within the peering field.

MAT WG

Leslie Daigle of the Global Cyber Alliance discussed approaches to detect and classify bad, unwanted traffic on the Internet, with a view to coming up with a community consensus on defining bad traffic and working out how to stop it. The students from Hogeschool Utrecht explained their anomaly detection project, which provides more value to RIPE Atlas anchor hosts using anchoring measurement results to provide a monitoring dashboard – great to see the next generation getting stuck in! Stephen Strowes and Massimo Candela introduced themselves as MAT’s two new WG chairs, joining Nina Bargisen and replacing Brian Trammel, whose term has ended.

RIPE NCC Services WG

Every year, the chairs of the RIPE NCC Services WG throw down the gauntlet and assert that they are everyone’s favourite WG. It’s a bold claim, and one has to wonder if they’re waiting for someone to call them out on this. Kurt Lindqvist has been co-chairing the RIPE NCC Services WG since it started in 2003. The chairs (including Kurt) have gone to great lengths to say that anyone is welcome to volunteer to co-Chair. So, if you’re interested in a position as an apprentice WG Chair, everyone’s (ahem) favourite WG wants you!

Hans Petter had a surprise in store at the end of his presentation, and needed a little help from Daniel Karrenberg to travel back to the early days of the RIPE NCC. The RIPE NCC’s thirty years also mark 30 years of Daniel Karrenberg’s service. Daniel shared some memories of the old days, and confirmed to everyone’s delight “That it is still fun!”

The rest of the RIPE NCC Services had a much more solemn tone, with weighty issues such as the impact of sanctions, the operational issues
and ticketing system and cloud all getting their moment in the spotlight. The Services WG wound up with a Kahoot! quiz on the RIPE NCC, and the ritual emptying of the room to prepare for the members-only General Meeting.

While the GM is technically not a part of this blog, this author heard from a source that chooses to remain anonymous: A certain faction of the membership attempted to table a resolution to establish whether it’s time EB Chairman Christian Kaufmann should get a haircut – we might have to wait for the voting results to know what the GM decided!

Here’s some tweets we liked:


Thursday, 19 May: Celebrations

On the fourth day, we continued with two parallel tracks of RIPE Working Group Sessions and we ended with a Community Plenary.

Anti-Abuse

Kicking off Thursday morning, the Anti-Abuse Working Group started with an update on the RIPE NCC’s efforts to develop an Abuse Handling Training webinar, and a new tool being launched by the ​​DNS Abuse Institute, Net Beacon, which will provide a centralised online resource for DNS abuse reporting. Matthias Wichtlhuber from DE-CIX also presented a new approach to develop Access Control Lists (ACLs) for blackholing traffic, the results of which are available on Github. Jeroen Leendertz closed the session with a report on an approach to blocking unwanted traffic.

Routing

Ben Cartwright-Cox started by introducing bgp.tools, he noted that the initial goal had been to provide debugging tools that were more convenient and had a better user experience than telnetting into a route server. Ignas Bagdonas explained why BGPsec implementations can’t use the speedups provided by modern computer architectures because of low-level factors such as memory alignment. Afterwards, Mikhail Puzanov introduced the “publish in parent” service that is under development at the RIPE NCC, which allows delegated RPKI certification authorities (CAs) to run the CA software without needing to host the (critical) repositories themselves. In the third RPKI related presentation, Job Snijders gave an overview of the implementation of RPKI objects. During the final full presentation, Alexander Zubkov introduced an (open source) toolchain that operators can use to generate BGP prefix lists for the BIRD routing daemon. As time started to run out, Tim Bruijnzeels gave a Lightning Talk about rpki-rs, a rust library that parses various RPKI objects.

IPv6

Over in the IPv6 Working Group session, Wilhelm Boeddinghaus started with an in-depth analysis of how IPv6 is handled by the Windows 10 Defender Firewall. Next, Paolo Volpato presented on the status of IPv6 deployment around the world, pointing out how the statistics needed a more refined interpretation to approach a true status. Justin Lurman provided a good look at how IPv6 packets using Extension Headers are processed or dropped on the public Internet. Matthias Scheer closed the session with a presentation on the challenges of routing IPv6 within VPNs.

DNS

Congrats to the DNS WG which celebrated 30 years! (A lot of that going on this week!) .IE even provided a Raspberry Pi to mark the occasion. Sara Dickinson, Sinodun started with an overview of QUIC – a secure protocol, which reduces latency, improves error detection and maintains connection even as endpoints change IP addresses. Next, following the EU’s call for DNS4EU, Joao Damas and Geoff Huston, APNIC, set out to understand what resolvers people use. Their findings show that most consumers simply follow the ISP provider’s default settings. However, there is an undeniable issue about the emergence of aspects of centrality in the DNS. Joao asked the WG if they should establish a common set of operational practices for operators of DNS resolvers in all their forms. Afterwards, Adiel Akplogan, ICANN, presented KINDNS – an initiative to follow the evolution of the DNS protocol and promote DNS operational best practices for better security and more effective operations. Finally, Florian Obser gave an RIPE NCC DNS update highlighting K-root and AuthDNS developments since RIPE 83.

Database

The session began with Maria Stafyla who presented a RIPE NCC legal review of NWI-2 (historical data) and NWI-13 (geofeed data). She was followed by Database WG Co-Chair Denis Walker who gave an update on all the NWIs and suggested another way forward as some of these proposals had been dragging on for years. He suggested that being on holiday, on a beach with a nice glass of wine in one hand and a mobile phone in the other, was a great time to consider improvements to the RIPE Database. The session continued with an operational update from Ed Shryane and Denis returned to the stage to present his recent draft proposal on personal data. There was also talk of making the fax number mandatory in the RIPE Database – but we’re not sure whether this was a real proposal or not.

Cooperation

There was a Cooperation WG panel discussion on Network Neutrality based on the EU Commission’s plans to make large content platforms contribute to the cost of the European digital infrastructure that carry their services. Maarit Palovirta talked about ETNO’s recently published report supporting the EU’s position. Other panellists like Thomas Lohninger, epicenter.works, Alex de Joode, AMS-IX, Fredy Künzler, Init7, as well as several audience participants expressed their disagreement with the proposal and their deep concern for the consequences such a proposal will have on net neutrality and the Internet. Government representatives Frode Sørensen, NKom and Klaus Nieminen,Traficom, welcomed further participation from the technical community in government fora.

Konstantinos Komaitis talked about the EU’s plans to fight child sexual abuse by introducing obligations for tech companies to detect, report, block and remove CSAM. The plans included scanning for markers of illegal content undermining end-to-end encryption.

RIPE Community Plenary

The RIPE Community Plenary gave RIPE Chair Mirjam Kühne the chance to explain all the great things that are happening in RIPE and what her and Vice Chair Niall O’Reilly have been doing to try to improve the visibility of the RIPE community. RIPE NCC CCO, Hisham Ibrahim stuck to that theme, explaining the many things the RIPE NCC is doing for the community and he drew a clear link from the overall strategy to the work that’s taking place across the service region. Hans Petter Holen, RIPE NCC Managing Director, explained the work of the NRO and the RIPE NCC’s part in that work.

A key part of the session was a talk with Göran Marby, the CEO of ICANN. Göran started the discussion with a simple statement – The Internet is doing very well. This kicked off a really useful discussion that focused mainly on how RIPE and ICANN can work together to make sure it continues to do well. And while many could agree that the plumbing was fine, the discussion mainly focused on what RIPE and ICANN could do together to make sure that governments understood what they were doing when they legislated around the Internet. Goran ended his talk with a message everyone in the audience could fully get behind – I’m looking forward to the t-shirt!

The session continued on an uplifting note as Gert Döring was presented with the Rob Blokzijl Award for his contributions to the Internet over the past 26 years. There was a standing ovation, beautiful speeches and Gert said that he would be contributing part of his prize to the Keep Ukraine Connected initiative. In his speech, Gert revealed his age, but you will have to watch the video in the meeting archives to find that out ;)

Finally, there was a surprise for the RIPE Chair as she was presented with flowers and cake to celebrate her [no age provided] birthday.

Here are some tweets we liked:


Friday, 20 May 2022: See you in Belgrade!

And that’s it! RIPE 84 has come to its end. For the first time after 2.5 years, we met both online and offline. It quickly felt so normal to shake hands, hug, talk to friends, and finally see those who we only met on Zoom. We ran out of green stickers very quickly because we’ve missed human interaction so much (of course, still being careful)!

Plenary

The final day of the meeting started with the Plenary. Jaromír Talíř gave a talk about digital identity (eId) on behalf of the REGEid project. He concluded that eIDAS does not yet provide a generally usable solution without any caveats, but it can still be useful if you accept the limitations.

Marcin Nawrocki from Freie Universität Berlinis started his presentation by stating that latency is the new currency of the internet, and for faster content delivery we need a better protocol like QUIC. They conclude from their research that the design goals for QUIC have not been met. They found that half the servers return more than the maximum data allowed, and almost all handshakes require multiple round trips.

Geoff Huston from APNIC talked about certificate revocation as a “sanction”. He concludes that the certificate infrastructure is not working, and instead suggests DNS is the answer. You can put keys in the DNS and use TTL to control the caching lag of the information. There was a good discussion after the presentation.

In the morning announcement of the GM results, Christian Kaufmann said that he would be stepping down from the RIPE NCC Executive Board this year, following his appointment to Seat 10 on the ICANN Board by the NRO NC.

Closing Plenary and the Espresso Record

The closing plenary started with Christer Weinigel from Netnod presenting on “NTS (NTP with security) in an FPGA”… Take pity on your poor scribe who understood little of the content and can simply remark that this seemed to generate some interesting discussion!

Following Christer’s presentation, the RIPE NCC Teach team presented the Tech Report. According to the official report of the Coffee Statistics group, 46 kg of coffee beans were used to meet your caffeine demand. We’ve heard someone had 10 shots of espresso a day (we still need to find this record breaker… and possibly ask if they need medical assistance)!

Sjoerd Oostdijck also reported that on average, 120 Mbit was used during the meeting – well within limits as we received two 10Gbit from Deutsche Telecom. Probably, because we missed each other so much, we didn’t really need the Internet!

Great news IPv6 was doing really well during the meeting, and especially during the RIPE Dinner!

Welcome new PC members!

Welcome to our new PC members Massimiliano Stucchi and Wolfgang Tremmel and thank you to outgoing PC member Peter Hessler!

Mirjam Kühne proposed to dissolve the Diversity Task Force but maintain the mailing list, which remains open to everyone who would like to contribute. She also welcomed new WG chairs and thanked the outgoing chairs. The RIPE 85 location was also revealed. We’ll meet each other in Belgrade in October!

Tip from the hosts: try Serbian Sliwowica from a special glass made for it.

The meeting was then hijacked by a mysterious group of individuals…

RIPE 84 in numbers

Total checked-in attendees 769 (589 onsite, 180 online)
Viewers per day 211 (on average)
Newcomers 228 (179 onsite and 46 online)
Childcare 1 child onsite and 8 online

Tweets we’ve liked

The only important stats
Some people (we’ve heard) were staying up all night long!