Deploy360 Domain Name System Security Extensions (DNSSEC) IETF

NLNOG Day 2016

nlnog_logoWe’ve already reported on bits of this, but Deploy360 was supporting the NLNOG Day 2016. This was the second such event organised by the Netherlands Network Operator Group (NLNOG), and was held on 9 September 2016 in the Podium Mozaïek venue in Amsterdam; an old converted church. This attracted around 150 participants from the national and international Internet community in the Netherlands, who were treated to a programme of interesting presentations on contemporary matters and history mixed with a bit of fun.

The day kicked off with a presentation on pmacct from Paolo Lucent which is open source software that correlates different data sources including BGP, BMP and IGP and builds multiple views of network traffic for analytic, modelling or forensic purposes which can sent to message brokers. This was a similar presentation to that at SINOG 3.0, so check out the report from that meeting.

Our colleague Jan Žorž was on next with a presentation about DANE & TLS testing in the Go6lab. Again this has previously been discussed in previous Deploy360 blogs, but the Netherlands is fortunate to have relatively high deployment of DNSSEC which makes the use of DANE even more practical.


Next up was a presentation on IPv6 deployment by Sky Broadband. Richard Patterson discussed the lessons learned since they started the rollout in July 2015. Although they had to pause the rollout for six months in the fourth quarter of 2016 to ensure their RADIUS authentication and recursive DNS systems were scalable, they have now reached 90% penetration amongst customers and expect to reach 95% by the end of the year. In addition, whilst Sky Broadband experienced a widespread network outage in August, this affected IPv4 but not IPv6 connectivity, demonstrating how dual stack networking is able to function seamlessly.

Following-on was something completely different – an overview of proposed legislation that would enhance the powers of the Dutch intelligence and security authorities to collect and share network traffic, as well as the proposed reform of the European Directive on ePrivacy.

Just before lunch was a presentation from Thijs Alkemade & Christiaan Ottow from CompuTest on the problems with digital certificates used for encryption and verification on the Internet, and the widely varying standards of verification of holders employed by the Certificate Authorities that issues. It highlighted that trust relies on the reliability of the third party CAs that undertake the verification, and compared the methodology of several different CAs. This included StartCom/WoSign which not only has unclear ownership, but has been known to issue improperly validated certificates as well not automatically revoking certificates known to be compromised.

Job Snijders (NLNOG Foundation) continued after lunch with the launch of the NLNOG Infrastructure Platform. This offers free hosting on global infrastructure for Internet community related projects, kindly supported by Leaseweb.

Johan Stokking (The Things Network) then provided a useful technical overview of LoRaWAN (Long Range Wide Area Network) which is a media access control protocol for long range, low power radio networks. These networks use a star-of-stars topology in which gateways forward messages between nodes and applications using different channels and data rates depending on the radio spectrum regulations of specific geographic regions.

We already discussed Ron Broersma’s (SPAWAR-US Navy) back-to-the-future presentation on the ARPANET TCP/IP migration of 1983, whilst Ansible and FENIX were previously covered in our report on SINOG 3.0. That just left time for an appeal from Job Snijders for routing vendors to support the Internet Draft draft-heitz-idr-large-community-04 which is a new type of BGP community attribute permitting 12 bytes for specifying two 4 byte ASNs for routing policy, along with 4 bytes for defining an action.

Rounding off the day was the infamous Merciless NLNOG Quiz that truly tested the knowledge of network engineers and administrators. If you know what ‘gdate -d @0 output’ will output for ‘TZ=Europe/London’ or what the MD5 hash of ‘secret’ is, then this would have been for you. Unfortunately, the Deploy360 representatives didn’t feature near the top of the leaderboard, although Kevin did manage to take the intra-team honours from Jan which if nothing else demonstrates who knows the most pointless information!

Deploy360 Internet of Things (IoT) IPv6

Deploy360 @ NLNOG Day 2016

nlnog_logoThe Deploy360 team will be supporting NLNOG Day this coming Friday, 9 September 2016, which is being organised by the Netherlands Network Operator Group in Amsterdam. There are still some free places available, although you’re encouraged to make a donation when you register.

Our colleague Jan Žorž will be talking about TLS and DANE, including the testing he’s done in the Go6Lab, which will be followed by a mystery talk on TLS by an as yet to be announced speaker.

Jan-Piet Mens will be covering how to automate network configuration with an overview of Ansible, which is an open source software platform written in Python for configuring and managing multi-node software deployment, ad-hoc task execution, and configuration management. For those interested in traffic telemetry, Paolo Lucent ( will discuss pmacct which correlates different data sources including BGP, BMP and IGP and builds multiple views of network traffic for analytic, modelling or forensic purposes. Ondřej Caletka (CESNET) will also discuss the FENIX initiative that aims to build a highly-trusted community of network operators who can communicate via a spoofing-free VLAN in the event of a massive cyberattack.

Worth the (non-)admission price alone though, should be the Final Update on the ARPANET TCP/IP migration of 1983 from Ron Broersma (US Navy); one of the Internet pioneers who was involved in the last big addressing migration from NCP (with its 256 addresses) to IPv4. Richard Patterson (Sky Broadband) will bring things more up to date with the lessons learned from dual stacking broadband subscribers, whilst Johan Stokking (The Things Network) gives a dimension into LoRaWAN, which is the ultra low bandwidth networking that’s important for the Internet-of-Things.

The full programme can be found on the NLNOG website. The event is being held at the Podium Mozaïek in Amsterdam, The Netherlands, and will also be streamed (details to be announced).