Minutes | ENOG 8

Minutes

9 September, Baku, Azerbaijan

The Eurasia Network Operators’ Group (ENOG) is the regional forum in which experts concerned with the core operational issues of the Internet can share knowledge and expertise on issues unique to the Russian Federation, the Commonwealth of Independent States (CIS), and Eastern Europe.

The ENOG 7/RIPE NCC Regional Meeting took place on 9 September at the Marriott Absheron Baku Hotel in Baku, Azerbaijan. A total of 109 attendees from 17 countries participated in the meeting, including 28 from Azerbaijan.

 

Opening Plenary, 9:00-11:30

ENOG 8 Welcome

Paul Rendek, RIPE NCC
Elmir Velizadeh, Deputy Minister of Communications and High Technologies of the Republic of Azerbaijan
Andrei Robachevsky, ENOG Programme Committee

Mapping the Digital Silk Road

Jim Cowie, Renesys/Dyn

This presentation is available at:
https://www.enog.org/presentations/enog-8/313-Jim_Cowie_Mapping_The_Digital_Silk_Road_ENOG_8.pdf

Jim put forth the idea that the Silk Road, rather than the Internet, may have been the first “network of networks”. He pointed out that today’s Internet submarine cable map nearly follows the ancient Silk Road terrestrial trade routes. He argued that while the Internet is not political, cable routes are tied to energy, which is often a political issue. In today’s world, the countries around the Caspian Sea are going to be pivotal, he said, just as they were in ancient times.

Renesys is actively measuring connections and Internet infrastructure throughout this region. He said that distances are deceiving on the Internet, because packets don’t take the shortest (physical) route. Jim showed average round-trip times (RTTs) from Baku to different regions around the world, and the different paths the packets take. He highlighted how performance depends on peering relationships and interconnections, and the huge impact those can have. He showed how better connections are needed in order to improve RTTs around the world.

Jim showed statistics on different countries’ ASNs per million people, which tends to increase as a nation’s Internet infrastructure grows. He examined whether Istanbul is still growing as a regional hub, and said there are some concerns about this, while Iran’s connections to surrounding areas are smart and adaptive. He also mentioned TASIM, the Trans-Eurasian Information Super Highway, which aims to connect the entire European and Central Asian region.

He highlighted that connections are constantly changing depending on shifting relationships, which affect entire areas, saying, “The Internet never evolves according to plan.”

Securing CDN Traffic at CloudFlare

Martin J. Levy, Network Strategy, CloudFlare, Inc.

This presentation is available at:
https://www.enog.org/presentations/enog-8/304-ENOG8_Baku_-_Surviving_a_DDoS_Attack_-_Securing_CDN_traffic_at_CloudFlare.pdf

Martin showed how Internet attacks have increased in recent years, and explained the technical aspects of how DDoS attacks work. He argued that the Internet being open and innovative is one of its strengths, but is also what makes such attacks possible. He also showed how IP address spoofing can – and should – be avoided, but how many ASes remain “spoofable”.

Martin explained how Twitter can be a useful tool for network operators in discovering problems and troubleshooting issues. He also showed how much traffic can be generated by taking advantage of NTP and SNMP protocols. He gave an overview of CloudFlare’s security measures and how they monitor for attacks, and showed that with anycasting, the network can handle hundreds of gigabytes of traffic by spreading it out.

He urged network operators to think about how to protect against attacks themselves with tips like not running DNS on the same IP address space they use for their website, and thinking about routers and load balancers and infrastructure in general so that they keep the right kind of traffic on the right kind of device. He also said it’s a good idea to know who to call when issues do arise by forming good relationships with suppliers.

Plenary, 12:00-13:30

RIPE NCC Report

Paul Rendek, RIPE NCC

This presentation is available at:
https://www.enog.org/presentations/enog-8/311-Paul_Rendek-ENOG8-RIPE_NCC_Mission_and_Services.key

Paul gave an overview of the RIPE NCC’s mission and services. He explained the RIR’s history and service region. He also gave an overview of the RIPE NCC’s services, including training courses (both in person and online); Resource Certification (RPKI); the IP Analyser, which can help members organise their allocations and assignments; reverse DNS and K-root server operations; RIPE Labs, a blog with articles and analyses on technical topics; RIPEstat, the RIPE NCC’s “one-stop shop” on IP address space information; and RIPE Atlas, a global active Internet measurement network measuring reachability and connectivity.

Paul also gave an overview of the RIPE NCC Survey 2013, in which members stated they wanted more regional presence, more language support, more local training, more IPv6 case studies, and more local engagement from the RIPE NCC. He explained the measures the RIPE NCC has taken to provide these services, including hiring two new Russian-speaking staff members who are based in Moscow. He highlighted some of the regional meetings the RIPE NCC has planned throughout Central Asia, including ones in Georgia and Armenia in 2015.

Paul showed some statistics about the growth in the RIPE NCC membership, the growth in IPv6 among members, the RIPE NCC Charging Scheme, and the result of the RIPE NCC Executive Board elections and other General Meeting outcomes.

Alexander Isavnin, Tech.S.A., asked about what the new staff members hired in Moscow will be doing. Paul responded that their activities have been outlined in the RIPE NCC Activity Plan and Budget 2015 and that this will be published in the next few months.

Internet Governance Update

Maxim Burtikov, RIPE NCC

This presentation is available at:
https://www.enog.org/presentations/enog-8/310-Maxim_Burtikov_-_ENOG_8_-_Internet_Governance_Update.key.zip

Maxim gave an overview of the RIPE NCC’s activities in the Internet governance sphere. He asked who in the room knew of the IANA oversight functions issue, and many responded that they did. Maxim explained that the RIPE NCC is working to ensure that things don’t change for network operators and that the Internet remains open, transparent and multi-stakeholder in nature.

Maxim explained that the IANA oversight functions have been performed well so far, and that the RIRs already play a role, because the RIRs are the ones who develop policy via their regional communities. He said the NTIA never interfered with this process, which is good. He also explained how the community can give input going forward, as proposals for a new process are being discussed, including discussions via the RIPE Cooperation Working Group Mailing List, at RIPE Meetings, ENOG Meetings, MENOG Meetings and other RIPE NCC Regional Meetings, and in the IANA Stewardship Transition Coordination Group. Maxim also pointed out the RIPE Policy Development Process as an important tool in contributing to Internet policy.

Michael Yakushev, ICANN, explained the structure of the ICANN accountability review process and different groups, including the ICANN Accountability Working Group and the ICANN Accountability & Governance Coordination Group.

Alex Semenyaka gave an overview of the IGF 2014 in Istanbul that took place from 1-5 September. He said that many different groups and stakeholders participate in the IGF and that it’s important for the technical community to contribute to the discussions to ensure that their expertise is heard and that their needs are met.

Alexander Isavnin, Tech.S.A., asked about what the RIPE NCC can do to send people to events like the IGF. Paul Rendek, RIPE NCC, responded that the RIPE NCC sent several RIPE community members to the IGF and that there is funding to send up to 10 people. He also said there are other regional events that the RIPE NCC can help send people to as well.

There was a question about the process for contributing to the IANA oversight transition process and whether it should be made at the ICANN level rather than via the RIRs, as it can be confusing not having a central place to channel feedback. There was also a question about ICANN financing and a final question about the difference between the IGF and the ITU.

Maxim explained that the process is designed to make sure all voices are heard.

Michael Yakushev, ICANN, said there are always budget concerns and that he believes there has been good oversight lately.

There was also a question about ICANN accountability and whether there is any arbitration process in place. Michael answered that there are plans to develop this kind of process.

Policy Making: A Powerful Tool

Marco Schmidt, RIPE NCC

This presentation is available at:
https://www.enog.org/presentations/enog-8/296-PolicyMaking_ENOG8.key.zip

Marco said that fewer than 15 people participated in a new policy that changed the minimum allocation size for IPv4 address space, which affects everyone. He urged everyone to get involved in the RIPE Policy Development Process and gave an overview of the current policies under review.

Marco said that monthly policy proposals are now being sent in Russian to the ENOG Mailing List, to give everyone in the ENOG region a chance to learn about what’s happening and how to get involved in the process. He also said that new channels, such as Twitter, are being used more and more, and that the RIPE Meetings remain another place where discussions take place and everyone has a chance to ask questions and get involved.

Practical Tips to Start IPv6 Deployment

Marco Hogewoning, RIPE NCC

This presentation is available at:
https://www.enog.org/presentations/enog-8/309-Marco_Hogewoning_-_Practical_Tips_to_Start_IPv6_Deployment.key

Marco gave an overview of how network operators can educate themselves about, plan for, test and deploy IPv6. He urged engineers to think about this now and ensure they’re buying IPv6-capable equipment and not wasting money on IPv4-only equipment, to use tunnels to test an IPv6 network (or start testing at home), and use all the resources available to learn from others, such as RIPE Labs, RIPE Meetings and regional meetings such as ENOG Meetings, the IPv6 Working Group Mailing List, and others.

Plenary, 15:00-16:30

Creating an Enabling Environment for the Internet: Role of IXPs

Maarit Palovirta, Internet Society (ISOC)

This presentation is available at:
https://www.enog.org/presentations/enog-8/302-Maarit_Palovirta_ISOC_Baku_090914cl.ppt

Maarit gave an overview of ISOC’s mission to enable access to the Internet for all people. She explained that ISOC is involved in technical, economic, political and societal activities, focusing on the technical arena during her presentation. She reviewed the current connectivity of the Eurasian region, saying the main challenge is a lack of international infrastructure and low international bandwidth.

Maarit gave some background on different efforts in the region, including World Bank technical assistance, UNESCAP fiber mapping, private sector investment and support from the EU for regional demand. She said that ISOC’s main activities have to do with Internet Exchange Points (IXPs), which ISOC has helped set up in Africa and is now helping to set up in Latin America and other areas. She said the main role of an IXP is to keep local Internet traffic within local infrastructure, which reduces costs and improves the quality of Internet services, driving demand. She also noted that IXPs tend to attract key Internet infrastructure, expertise and innovation.

Maarit showed that only half the countries in the world have an IXP, and these vary greatly in size. She stressed that setting up IXPs are 20% about technical engineering and 80% about human relationships.

Internet Exchange as a Key Internet Component

Eugene Morozov, MSK-IX

This presentation is available (in Russian) at:
https://www.enog.org/presentations/enog-8/295-MSK-IX_ENOG8_BAKU.pdf

Eugene asked network operators in the audience whether they are connected to IXPs and said he would give suggestions about the different options operators in the Azerbaijan region have for connecting.

Eugene gave a history of IXP development, including the first one established in Amsterdam (AMS-IX) in 1994, followed by London (LINX) the same year, then Germany (DE-CIX) and Moscow (what is now MSK-IX) in 1995. He showed that AMS-IX is the largest, but that MSK-IX has by far the largest number of unique networks.

Eugene gave an overview of the economics of IXPs and the way that peering audiences at IXPs have changed over time, from educational networks in the 1990s, to content providers like Google and social media platforms in the 2000s, to corporate networks and cloud services more recently. He also gave an overview of the services that IXPs, and in particular, MSK-IX, provide for their customers, including public and private connections and the technical details involved in each.

Eugene answered several questions about how different networks can connect to MSK-IX.

Routing Resilience Manifesto: Collective Responsibility and Collaboration for Routing Resilience and Security

Andrei Robachevsky, Internet Society (ISOC)

This presentation is available (in Russian) at:
https://www.enog.org/presentations/enog-8/301-201409-ENOG8-Routing_Resilience.pptx

Andrei discussed ISOC’s goal of developing Mutually Agreed Norms for Routing Security (MANRS). He said that these norms need to be developed, and it requires the collective effort of the Internet community. He said there are both technical and social aspects to this initiative, because operators need to connect with one another and communicate about these issues.

Andrei explained that the main points of MANRS focus on preventing the distribution of incorrect routing information, preventing traffic with fake IP addresses, and strengthening information exchange. He said the main goals of MANRS are to provide a clear definition of the issues and to demonstrate that the Internet community is capable of resolving complex issues like these on their own.

Andrei said that the MANRS document was circulated and that ISOC is now collecting feedback and working on the final version. After that point, he said, they will ask network operators whether they want to sign the manifesto.

Plenary, 17:00-18:30

Measurement Activities at the RIPE NCC

Kaveh Ranjbar, RIPE NCC

This presentation is available at:
https://www.enog.org/presentations/enog-8/312-Kaveh_Ranjbar_-_Measurement_Activities_at_the_RIPE_NCC-_ENOG8.key.zip

Kaveh gave an overview of RIPE Atlas, the RIPE NCC’s active Internet measurements network. He explained that the network is made up of more than 6,000 probes installed in volunteers’ home and data networks all over the world, and that the data collected about the Internet’s reachability and connectivity is made available to everyone via Internet traffic maps and an API. He also showed how volunteers who host a probe can use the network for their own customised measurements that can give them valuable information about their own network.

Kaveh highlighted some of RIPE Atlas’ newer features, including anchors, which act as powerful probes as well as cooperating regional targets; the Seismograph, an interactive overview of ping measurements, and Status Checks, which allow networks operators to use the entire RIPE Atlas network as targets in their own existing monitoring systems, such as Nagios and Icinga.

Lightning Talks

IPv6 in Russian Web Resources

Alexander Isavnin, Tech.S.A

This presentation is available (partly in Russian) at:
https://www.enog.org/presentations/enog-8/307-IPv6_in_Russian_Web_Resources_092014.pptx.pdf

Alexander gave an overview of his experience using different measurement platforms, including RIPE Atlas, to look at .ru statistics, including how many sites hosted on .ru were available over IPv6, which leapt to nearly 7.5% in recent months.

Hosting an L-root Instance

Patrick Jones, ICANN

This presentation is available at:
https://www.enog.org/presentations/enog-8/297-Lroot-ENOG-Sept2014.pptx

Patrick gave an overview of the geographical diversity of the L-root name server, which has a presence in 150 countries. He invited those interested in hosting an instance to reach out to ICANN to learn more about the process.

TASIM Role in the New Geopolitical Reality

Zaur Hasanov, Trans-Eurasian Information Super-Highway (TASIM)

This presentation is not available online.

Zaur gave an overview of the TASIM project, the Trans-Eurasian Information Super Highway, which aims to connect the entire European and Central Asian region. He stated that the initiative was proposed by the Government of Azerbaijan in 2008 and was endorsed by the UN General Assembly. He explained that the route is the shortest possible between Europe and Asia, and largely bypasses Russia.

Using NTP Servers at IX Points

Dmitry Kovalenko, Technical Center of Internet

This presentation is available at:
https://www.enog.org/presentations/enog-8/314-NTP-enog8-kovalenko.pdf

Dmitry gave an overview of NTP performance, and included some highlights, including creating a patch when a leap second was added to universal time at the end of June in 2012. He urged network operators to keep their NTP internal and behind access lists.

Network Health and Collective Security

Alex Semenyaka, Highload Lab

This presentation is available (in Russian) at:
https://www.enog.org/presentations/enog-8/303-140909_ENOG9.pptx

Alex showed traffic data trends for the Central Asian region. He looked at Azerbaijan’s 40 ASes and transit operators, and explained that Azerbaijan still represents a relatively small segment of the region’s traffic, but that the issues it faces go beyond the local region and that there are things transit operators can do now to help improve delays.

Closing Remarks

Paul Rendek, RIPE NCC

Paul thanked all the ENOG 8 sponsors and the ENOG Programme Committee. He urged those interested to participate on the ENOG Programme Committee, particularly those in Azerbaijan. There were a total of 109 participants at ENOG 8, including 28 from Azerbaijan.

Paul invited everyone to attend the ENOG 9 Meeting in Kazan, Russia from 9-10 June 2015, and the next RIPE Meeting at RIPE 69 in London from 3-7 November 2014.