NetUK1

8 Jul 2024, 12:00 → 9 Jul 2024, 17:00 Europe/London

IET London: Savoy Place

NetUK1 will be held on 8th & 9th of July 2024 in London.

---

NetUK events offer an open environment for anyone within or interested in the Internet Industry. Network with industry colleagues, participate in knowledge sharing and freshen up on best practice around network operations and security.

Monday, 8 July

Doors Open, Registration & Lunch: In-person attendees

NetUK1: Session 1

1 Welcome to NetUK

Welcome to our first meeting under NetUK

We will give a brief overview of our structure and the active volunteers, tomorrow afternoon we will run a feedback session after lunch where we can have a wider conversation with NetUK1 attendees.

Speaker: Dave Pumford (NetUK)

netuk1_intro_main.pdf

netuk1_intro_main.pptx

2 Cyber Threat Intelligence in Policing

UK Policing has an issue with cyber crime, namely how under reported it is. The average member of the public is happy to report not only successful but also failed attempts at other crime. If for example a suspicious person is walking down the street checking for open windows and doors on houses or trying handles on cars in order to find opportunities for crime, they would quickly be reported and the Police would watch that person more closely as well as run a campaign of advice to the public on the importance of locking your doors. In the cyber world however, it is estimated by the Home Office that only 2% of successful cyber crimes are reported to the Police by businesses and almost 0% of failed attempts are reported.

This lack of reporting has several significant effects on Policing. Firstly, they do not understand how businesses and local organisations are being attacked. This makes providing preventative advice campaigns significantly less affective, with the Protect Officers using generic advice from NCSC instead of specific advice for local people. Secondly, no budget is allocated for Police to investigate and combat this crime.

Given its nature, cyber crime is difficult to report. Many businesses are not aware that they come under attack every day or even when those attacks are successful. When they do see the attacks they are worried about reporting them to Police for fear of reputations damage and rarely have time to sit through the 45 minute reporting process of ActionFraud.

This talk will explore the methods and challenges for automatically reporting suspicious cyber activity to Policing and how the new Police CyberAlarm scheme is achieving this and overcoming the challenges. The talk will cover the benefits of crowd sourcing threat intelligence data in near-real-time for Policing purposes and how this data is changing the way cyber policing works.

Speaker: Mr Jonathan Davies (Pervade Software)

PCA NetUK Presentation.pptx

3 PeeringDB update

A short presentation (please plan 10 minutes but tends to take less time and get few if any questions) on changes to the PeeringDB website, API and organisation.

I've attached the slides from the update I gave at the RIPE Meeting a few weeks ago, of course they will be updated with the latest news. This presentation is given around 20 times a year by roughly 5 presenters including me, the content is overseen by Leo Vegoda.

Speaker: Paul Hoogsteder (Meanie)

20240708_NetUK-1_Paul_Hoogsteder (v2).pdf

20240708_NetUK-1_Paul_Hoogsteder (v2).pptx

14:30 30 Minute Break

NetUK1: Session 2

4 "IPv6-mostly" at the edge

This presentation describes some recent protocol features for building "IPv6 mostly" access networks, where clients can selectively opt-out of IPv4 dual stack and run IPv6-only, using 464XLAT to communicate with the IPv4 Internet. This gives an exit strategy from dual-stack at the edge, providing visibility of remaining devices which still require IPv4, and reducing strain on RFC1918 address pools.

Speaker: Brian Candler (NSRC)

ipv6-mostly-candler-netuk1.pptx

5 Going deeper with IX monitoring

Internet exchange points are not like your typical connectivity mechanism, while they present themselves as simple layer 2 broadcast domains, almost all exchanges that do significant amounts of traffic have to utilise mechanisms that allow very subtle and hard to discover faults to appear.

I was hired on contract to build an open source system for an internet exchange to help discover these problems. In this talk I will go and outline what the core problem is that we are looking to detect, how I went about detecting it, and some of the interesting challenges that I encountered along the way.

Speaker: Ben Cartwright-Cox (bgp.tools)

NetUK - Going deeper with IX monitoring.pdf

NetUK - Going deeper with IX monitoring.pptx

16:00 15 minute comfort break

NetUK1: Session 3

6 Sponsor Presentation 1 - Digital Realty

Speakers: Alex Shepley (Digital Realty), Darren Chan (Digital Realty)

Digital Realty _Net Plus 8th July.pdf

Digital Realty _Net Plus 8th July.pptx

7 Sky UK - IPv6-only with IPv4aaS (MAP-T)

5 years ago Sky launched a greenfield fixed-line broadband network in Italy; starting from scratch with zero IPv4 addresses, we were forced to implement IPv4 address sharing, for which we selected to use the relatively new IPv4aaS technology called MAP-T.

Now 5 years later we've taken the learnings from Italy and are ready to apply them to our brownfield network in the UK.

This talk will go over the architectural differences with our UK MAP-T deployment, the challenges we faced and how we overcame them.

Speaker: Richard Patterson (Sky UK)

Sky UK MAP-T NetUK July 2024.pdf

8 Towards a higher throughput media CDN

The BBC runs its own in-house media CDN called BIDI which serves a large proportion of BBC iPlayer's video traffic. At the heart of this is a distributed fleet of caching servers dotted around the UK internet. Historically these have been based on x86_64 CPUs where peak capacities have plateaued at around 70 GBit/s. With 200 and 400 GBit/s links and NICs becoming increasingly common, we have been exploring how ARM-based servers could help us break through the CPU bottleneck. In this talk we explore how the rules of the game change in this new world, now dominated by memory bandwidth. In particular, we describe the difficulties of realising the potential of high speed NICs and recreating realistic loads in the lab.

Speaker: Jonathan Heathcote (BBC Research and Development)

heathcote_media_cdn_throughput.pdf

Social Event

Tuesday, 9 July

Doors Open & Registration: In-person attendees

NetUK1: Session 4

9 ThousandEyes BGP monitors

At Cisco ThousandEyes, we are currently deploying a real-time BGP monitoring infrastructure developed originally by Code BGP, a company Cisco acquired in 2023. In this presentation, we discuss the motivations for developing our own BGP monitoring infrastructure, outline the challenges encountered during the process, and explain the solutions implemented to address those challenges.

Speaker: Lefteris Manassakis (Cisco ThousandEyes)

ThousandEyes BGP Monitors.pptx

10 BGP Routing Security- Hijacks vs RPKI

The Border Gateway Protocol (BGP) serves as the backbone of the internet, yet it's not without its security concerns. This talk introduces the Resource Public Key Infrastructure (RPKI), a solution addressing these vulnerabilities. We'll delve into RPKI's basics, its workings, and its adoption rates within the RIPE NCC area. By also spotlighting statistics from North America, we'll offer a broader view of RPKI's significance in bolstering global routing security. Join us to understand how RPKI is reshaping internet safety.

Speaker: Alastair Strachan (RIPE NCC)

10-11-NetUK_Strachan_Bgp_Routing_Security_v2.pptx

NetUK_Strachan_Bgp_Routing_Security v2.key

NetUK_Strachan_Bgp_Routing_Security v2.pdf

11 NetUK Management Committee Update

An update from the NetUK Management Committee.

Speaker: Mr Richard Irving (LONAP)

NetUK 1 Richard Irving V2.pdf

NetUK 1 Richard Irving V2.pptx

11:15 30 Minute Break

NetUK1: Session 5

12 Secure by Design - Lessons from the nuclear industry

The UK has a long nuclear history stretching back to the late 1940s, when the world was a more innocent place and the worst we had to worry about was Soviet spies. Since then, there has been a proliferation of threats to nuclear safety and security, as well as the introduction of programmable electronics and computers into nuclear processes. Traditionally, the management of risks arising from the use of Operational Technology (OT) has fallen to IT and OT departments, and there has been little opportunity to tackle the process vulnerabilities giving rise to these risks.

Over the last decade, the industry has been steered by our regulator into adopting a "Secure by Design" approach to new nuclear facilities and major projects. This talk discusses what secure by design means to the UK nuclear industry (informed by Government-funded research undertaken by Rolls-Royce), how we are applying the principles to the design of the Rolls-Royce SMR, and lessons that we have learned along the way.

Speaker: Rob Barnes (Rolls-Royce SMR Ltd)

20240705-NetUK-Secure_by_Design-Lessons_from_Nuclear-Barnes_R.pdf

20240705-NetUK-Secure_by_Design-Lessons_from_Nuclear-Barnes_R.pptx

13 Sponsor Presentation 2 - ZPE Systems

Speaker: Rene Neumann (ZPE)

NetUK Speaking Slot Presentation 2024.pptx

12:35 Lunch Break

NetUK1: Session 6

14 NetUK Feedback Session

This is the feedback session for you to tell NetUK what worked for you at NetUK1 and what you would like to see in the future.

It will be led by members of the PC & the Management Committee.

Speaker: Andy Davidson (ASK4)

2024-07-09 Feedback session.pptx

15 Kriten - An Open Source Automation Platform

Kriten is an open-source project which allows network engineers to publish their scripts, playbooks and programs. Consumers can run the code by making a REST API call. The URL and API code is managed by Kriten, so the developer can easily make code available and concentrate on the business logic.
Authentication and authorisation are built in, and consumers have no access to the source code or any secrets.

Speaker: Steve Corp (Evolvere Technologies Limited)

Kriten - v1.2.pdf

Kriten - v1.2.pptx

15:15 30 Minute Break

NetUK1: Session 7

16 Design Driven Infrastructure Automation

Building and managing Infrastructure has always been driven by architecture and design but surprisingly these concepts aren't easy to integrate into the toolset that makes it possible to manage networks and infrastructure in general with automation.

In this presentation we'll discuss how to manage a network with a Design first approach, based on Infrahub a new open-source Infrastructure management platform.

In a second part, we'll explore Infrahub itself, and how it's taking a different approach to Infrastructure automation by bringing the best of infrastructure as code and data management together.

Speaker: Pete Crocker (OpsMill)

NetUK Design-Driven Automation.pdf

NetUK Design-Driven Automation.pptx

17 The sunset of port-43 Whois in the gTLD space

Whois has been an essential part of the network engineer's toolkit since the 1980s, as it provides access to information about domain names, IP address allocations and autonomous system numbers.

However, from January 2025, gTLD registries and registrars will no longer be required to operate a port-43 whois service. This may have an impact on anyone or anything that depends on Whois.

This presentation will describe (a) the timelines of events leading up to the Whois Sunset Date, (b) RDAP, the replacement for Whois, (c) the clients, tools and services available for RDAP, and (d) how to report problems with RDAP responses to the registry, registrar, and ICANN.

Speaker: Mr Gavin Brown (ICANN)

netUK1 Whois sunset-3.pdf

18 Black hole detection in packet networks

This presentation discusses blackhole detection in packet networks. Such blackholes are typically difficult to detect, and even working out on which router the blackhole is occurring can be difficult. We discuss two methods for detecting blackholes: indirect detection and direct detection. We describe a method for a router to report packet drops due to blackholes via IPFIX, including the reason for the drop and associated metadata. This makes the existence of a blackhole much more apparent to the operator and the control systems, thus greatly reducing the detection time. The scheme is equally applicable to IP, MPLS and Layer 2 traffic.

Speaker: Julian Lucek (Juniper Networks)

Blackhole-NetUK-Lucek-v1.pdf

Blackhole-NetUK-Lucek-v1.pptx