RIPE 72

Thursday, 26 May 2016
11:00 - 12:30
WG Chairs: Martin Winter, Ondrej Filip
Scribe: Ferenc Csorba
Status: DRAFT

A. Admin matters

The working group chairs, Ondrej Filip and Martin Winter, welcomed the participants. The agenda was reviewed, there were no comments on the minutes of the WG session of RIPE 71.

B. High-Speed Network Traffic Monitoring and Troubleshooting Using ntopng


Luca Deri, Simone Mainardi

The presentation is available here:
https://ripe72.ripe.net/presentations/140-ntopng_RIPE-short.pdf

An attendee asked if they supported ER Span (encapsulated packets over Jori).

Luca replied that it is supported on the probe but not on ntopng. They could support it in future if there was interest.

Kostos Zorbadelos, OTE SA, asked if they were dependent on the driver, if they utilised the network card and asked about performance.

Luca replied that there were two options: Kernel module or their modified drivers for extreme speed.

Philippe Duke, NetAssist, asked how ntopng worked with multicore systems.

Luca replied that there was one core and one interface.

No further questions.

C. Ideas and Challenges on Testing a Routing Protocol:Experiences Testing Quagga

Martin Winter

The presentation is available here:
https://ripe72.ripe.net/presentations/138-Ideas_and_Challenges_testing_Routing_Protocol.pdf

Ondrej Filip, WG Chair, asked how much money was spent on commercial equipment, are they in an open source programme so the normal price is applicable?

Martin replied that he sees huge value in it but part of it is having limited resources. He said he'd love to use open source tools, but the problem is some things just don't exist and he doesn't have resources to develop it on his own. He said the commercial equipment helps a lot, especially if you're a non-profit. He added that he'd love to see more non-profit private options too and that there is more on BGP if you want to use it.

Martin Levy, Cloud Flare, thanked Martin for the years of work on this. He asked how different Quagga was compared to how it was when he started.

Martin replied that the best results come out of compliance tests and from building on different platforms. In the beginning, Quagga was built on Ubuntu but it was a pain to get things on other distributions. Now anyone who submits something to the Quagga community gets an email report back within an hour and get informed immediately if something is broken. The second thing that is much better is the compliance. He added that the RFCs are not simple yes/no binary so it's open to interpretation which can be a challenge.

Gert Döring, speaking with his open source hat on, remarked that he had a similar experience with the open VPN project. They have a build forum with different BSDs, Linuxes, Solaris. Every time something is committed, it gets built and tested on all those platforms. They look at the patch, review it, everything looks like it's working on Linux and then on the BSCs explode because the routing table interactions that open BGP has to do are system specific. It wasn't malicious or negligence from the contributors, it was just that too many operating systems were supported.

Martin commented that there are big differences even between Ubuntu versions.

Gert replied that it affects flow through the test system and that this was hard to test.

D. Honeypot as a Service

Bedrich Kosata

The presentation is available here:
https://ripe72.ripe.net/presentations/135-HaaS-RIPE_72-2016-05-26.pdf

Peter Hessler asked to talk offline with Bedrich about possibly integrating the data he was seeing about the attackers with the system that Peter was running.

An attendee asked whether a man in the middle proxy was a possible DDoS point to the server.

Bedrich replied that it was possible and that they limit the number of connections to the central server.

An attendee complimented the work and said he'd enable it on his Turis later. He added that he liked open data but is a bit worried about publishing IP addresses of compromised hosts so he hopes Martin will take care of that.

Bedrich replied that it is a problem and this is something we should take care in future work. He added that the data might be interesting even if it's not specific IP addresses.

The attendee asked if he was only collecting data right now or if he was also working with abuse groups to try and take down the command and control centres.

Bedrich replied that they are directly connected to the national research team and they bring the data to them to cooperate. They tried to go through ISPs when they saw larger BotNets but mostly go through the CSIRT team and use the data to protect Turis users.

Carlos Martinez , LACNIC, asked if they could integrate data fills from other sources. He said he would like to cooperate.

Bedrich replied that they don't use other data at the moment but maybe in the future.

E. Open Source Lightning Talks

E1. ARPA2 Project - Sara Dickinson

The presentation is available here:
https://ripe72.ripe.net/presentations/142-RIPE72_ARPA2_LighteningTalk_OS_WG.pdf

Shane Kerr, Beijing Internet Institute, asked if it was intended to run in the hosting environments and if it was for regular clients.

Sara replied that it is going to be client and service side and they're going to package it for end user use.

E2. Changing the Open Source License on BIND - Jeff Osborn

The presentation is available here:
https://ripe72.ripe.net/presentations/150-Relicensing-BIND.pdf

Joao Damas, APNIC, commented that the original IC license was good for its purpose when it needed to be that way. He added that the goal was to preempt the development of proprietary non-standard DNS software and that perhaps people didn't realise that doing it that way required substantial funding with no guaranteed return. Everything's evolved since then and there are more open source implementations now. He added that the change made sense today and that BIND will still be able to achieve its goals. He agreed with the presenter that the relicensing makes sense.

Benno Overeinder, NLnet Labs, commented that they were in a similar situation. They love the permissive license at BSD but funding is needed. But they also need to consider the lack of proxy-arp license for BSD. He said it's an ongoing discussion and that they are also reviewing their open source license scheme.

Andrej added that the discussion was going long and perhaps should be continued on the next WG agenda.

Shane Kerr said he supported the change and said that a GPL-style license that requires people to contribute changes back is a great idea.

Peter Hessler, Open BSD, said that their primary license template is the ISC license and they strongly like it and have no intention of changing it. He added that it is a requirement for software to have an ICS or IMTO BSD license to be included in open BSD.

G. Closing Remarks

The WG Chairs thanked everyone for taking part and closed the session.

 

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum