Open Source Working Group Minutes RIPE 73

Open Source WG RIPE 73
Date: 27 October 2016, 12:00-13:30
WG Chairs: Martin Winter, Ondrej Filip
Scribes: Alun Davies and Anna Reynolds
Status: Final

A. Administrative Matters - Working Group Chairs [5-10 min]

The WG Chairs opened the session.

B. PCAP BGP Parser [15 mins]

Christoph Dietzel, DE-CIX

The presentation is available at:
https://ripe73.ripe.net/presentations/166-e-cd-2016102X-RIPE73-pcap_bgp_praser.pdf

Gert Doering asked whether large communities could do this yet (i.e. 15 hours after it having been deployed). Christoph responded that it doesn't yet.

Peter Hessler made an observation about there not really being a framework in place yet for this to be installed as a system-wide utility. He requested that this be made possible in the future. Christoph was happy to acknowledge the request.

Fillipe Duke (NetAssist) commented that he was happy to know that someone is using such utilities, and offered some advice on Python issues. He was very happy that the presenter had found what he considered the best way to process data, pointing out that the system applies to this condition and any environment, making it easy to cut and analyse data. He recommended that wrapping a C pick up would give even better performance.

Ondrej Filip (CZ.NIC) commented that if anyone has any further features they'd like to suggest, approach us, and we'd be happy to accommodate this.

C. DHCPKit presentation [20 mins]

Sander Steffann

The presentation is available at:
https://ripe73.ripe.net/presentations/100-DHCPKit.pdf

Ondrej Filip asked if it's possible for this server to insert routes into the routing table when assigning a prefix.

Sander Steffann pointed out that you can only insert routes when running as root. So, you'd probably need a separate working process that handles all the routing table updates. But he emphasised that this shouldn't be a problem.

Peter Hessler thanked Sander for considering the RFC prejudice separation and adopting capabilities of this.

Fillipe Duke (NetAssist LLC) thanked Sander for making a flexible BGP server. Commented that he and others had had a problem integrating options such as remote circuit ID and link layer address space. Pointed out that this would be a good replacement.

Sander added that if they could help further with such issues, people should let them know.

D. Automated management of Continuous Integration Jobs

Ondřej Surý, CZ.NIC

The presentation is available at:
https://ripe73.ripe.net/presentations/140-CI-20161027-OS-RIPE73.pdf

Leslie Carr (Clover Health) pointed out that Jenkins can be a little tough to set up the server yourself. But if you're using GitHub, you can also use CI and Travis CI.

No other questions.

E. Lightning Updates [20 mins]

E1. OpenVPN Update: 2.4_alpha2 Release, Overview of New Features [10 min]

Gert Doering

The presentation is available at:
https://ripe73.ripe.net/presentations/164-os-openvpn24.pdf

Ben (surname unknown) thanked Gert for this, adding that he uses it and is happy with it, but is a bit confused by branch 3. Gert replied that this is a separate project. It shares the wire protocol, but it's a complete reimplementation.

Mark Cilissen (Nerdalize) asked if anyone had considered how to interact with stuff like downgrade attacks. Gert responded that he could only touch in this. There are two aspects of cipher negotiation. One – the TLS that is used to negotiate control channel. On the TLS side, the TLS ciphers were changed to be more strict which produced some compatibility issues as expected. He added that the organisation have a couple of good crypto geeks who have assured him that what they're doing is sane.

Another audience member asked whether the pool filter is whitelist-based or purely a blacklist. Gert pointed out that it has a syntax and is quite flexible.

Robert read out a question from Jabber (from Dan) about whether we will be able to push IPv6 DNS servers. Gert said the short answer is not yet and the long answer is that there are many complications that would arise in dealing with this.

Fillip Duke asked if they had support for ASGS if there was any ASNI.

Gert replied that they are using the SSL library that users compile against, so you users use open SSL, you have ASNI and it works as fast.

E2. Bird's Eye: A Simple Secure Micro Service for Querying Bird [10min]

Nick Hillard (on behalf of IXP-Tools-Hackathon team: Matthias Hannig, Michael Cardell Widerkrantz, Barry O'Donovan, Daniel Karrenberg, Daniel Melani, Jan Paul Dekker)

The presentation is available at:
https://ripe73.ripe.net/presentations/168-2016-10-RIPE73-IXP-Tools-BirdsEye-OpenSourceWG.pdf

Gert Doering asked how long the default cache time is. Nick answered that cache time is configurable in code. So the default time is something like a minute or two, but fully configurable. API gives the age of the data, so it is possible to determine how old the data is.

RIPE Forum

The RIPE Forum is an additional way to participate in RIPE community mailing list discussions using a web-based interface rather than an email client.

Check out the forum