GRNOG 9

Europe/Athens
Book Castle of the National Library of Greece, at Stavros Niarchos Foundation Cultural Center

Book Castle of the National Library of Greece, at Stavros Niarchos Foundation Cultural Center

Description

GRNOG 9

Time & Place

GRNOG 9 will take place on December 6th, 2019 at the Book Castle of the National Library of Greece, at Stavros Niarchos Foundation Cultural Center. Information about the venue can be found here.

Agenda

The Agenda of GRNOG9 can be found here

Video & Streaming

GRNOG 9 will be recorded and live streamed through “ΔΙΑΥΛΟΣ”.

Registration
GRNOG9 Member Registration
74 / 100
GRNOG9 non Member Registration
Participants
  • Achilleas Lykotsetas
  • Adam Pavlidis
  • Alex Kiousis
  • Alexandros Afentoulis
  • Alexandros Kosiaris
  • Alkaios Koulouris
  • Andreas Kourkovelis
  • Andreas Polyrakis
  • Antonios Chariton
  • Antonios Kontakis
  • Antonis Lioumis
  • Aris Tzermias
  • Dimitrios Katsanikakis
  • Dimitrios Tzaras
  • Dimitris Bachtis
  • Dimitris Bliamplias
  • Dimitris Giannakogiorgos
  • Dimitris Kotsilis
  • Dinos Stamou
  • Dionysis Zapantis
  • Elias Politis
  • Emmanouil Patiniotakis
  • Endri Meto
  • Evaggelos Balaskas
  • Evgenia Provia
  • Faidon Liambotis
  • George Diamantopoulos
  • George Manousakis
  • Giorgos Vogiatzoglou
  • Ioannis Fiorentinos
  • Ioannis Stamatopoulos
  • Irini Fundulaki
  • Konstantinos Fardelas
  • Konstantinos Kalogerakis
  • Konstantinos Koukopoulos
  • Konstantinos Lotsos
  • Kostas Kyriakos
  • Kostas Zorbadelos
  • Lefteris Poulakakis
  • Leonidas Konstantopoulos
  • Marinos Chondrogiannoglou
  • Marinos Dimolianis
  • Michael Triantis
  • Michalis Antonakopoulos
  • Michalis Bersimis
  • Michalis Mamalis
  • Michalis Milaitis
  • Michalis Oikonomakos
  • Myron Lasithiotakis
  • Nikolaos Mavroudis
  • NIKOLAOS NIKALEXIS
  • Nikos Benakis
  • Nikos Kalyvas
  • Nikos Kormpakis
  • Nikos Roussos
  • Orestis Vasileiadis
  • Orfeas Karachalios
  • Panagiotis Chatzigiannis
  • Panagiotis Vavilis
  • Rene Fichtmueller
  • Sotiris Maranis
  • Spyridon Karvouniaris
  • Spyros Danousis
  • Spyros Kakaroukas
  • Stathis Oureilidis
  • Stefanos Livisianos
  • Tasos Karaliotas
  • Tassos Chatzithomaoglou
  • Tassos Georgiou
  • Theodor Kyriakidis
  • Theodoros Polychniatis
  • Vangelis Makris
  • Vasileios Kotronis
  • Vasilis Stavropoulos
  • VASSILIOS MONTI
  • Vassilis Kokoretsis
  • Yannis Korakis
  • Yannis Mitsos
  • Yannis Nikolopoulos
  • Yiorgos Adamopoulos
  • Zenon Mousmoulas
  • Έφη Μουζέλη
  • Μάνος Μαρκατάτος
    • 09:30 10:00
      Registration 30m
    • 10:00 10:05
      Welcome from our host 5m

      Welcome from our host

    • 10:05 10:25
      Welcome to GRNOG9 20m
    • 10:25 10:50
      Latest changes and future work on LIR Portal, RIPE Database, and RPKI 25m

      This talk will focus on front-face changes and developments currently undertaken or in discussion phase within the RIPE community. Examples include: syncing the LIR Portal users with the "default maintainer" in the RIPE Database, an update on the Resource Public Key Infrastructure (RPKI) developments and upcoming changes in the Near Real-Time Mirroring (NRTM) service of the RIPE Database.

      Speaker: Theodoros Polychniatis
    • 10:50 11:15
      NIS compliance, challenges and problems 25m

      NIS compliance, challenges and problems

      Speaker: Panagiotis Vavilis
    • 11:15 11:45
      Towards a programmable automated Traffic Engineering engine 30m

      There are IP networks with many geographically dispersed points of presence (POPs) having multiple transit providers and peers. Could be that there is submarine capacity involved with varying costs. In these environments, optimizing traffic is critical, both from service and financial perspectives.

      ISPs are mostly dominated by incoming traffic and this presentation focuses on manipulation of this type of traffic. Manual handling of BGP configuration is cumbersome and error-prone, so an automated solution can enhance quality and make policy enforcement in real-time a possibility.

      In this presentation I describe the design and implementation of a prototype in lab, BGP based traffic engineering engine for ISPs. The lab simulates an IP/MPLS core with lots of peers and transits. I will mention the overall design and implementation in a Juniper based network and demonstrate a working demo in the lab enforcing policy with a few examples.

      The main components of the solution are unification/standardization of BGP policies based on large communites and configuration management based on Salt/NAPALM.

      Speaker: Kostas Zorbadelos (GRNOG)
    • 11:45 12:15
      Coffee Break 30m
    • 12:45 13:15
      Better WiFi: From your home to our country 30m
      Speaker: Antonis Chariton
    • 13:15 13:45
      What really happens when you type el.wikipedia.org? 30m

      At the Wikimedia Foundation, we are running the world’s favourite encyclopædia and one of the top 10 websites of the Internet. In this talk we will take a tour around Wikipedia’s infrastructure.

      We will explain how requests flow through our systems, and how we manage to serve ~17 bn pageviews monthly with a little over ~1200 servers. Moreover, will go through our history, our transition to service oriented architecture and microservices, and briefly discuss our ongoing journey in migrating to Kubernetes.

      Speakers: Effie Mouzeli, Alexandros Kosiaris
    • 13:45 14:30
      Lunch Break 45m
    • 14:30 14:55
      Auto-configuring BGP monitoring and hijack detection tools in real time 25m

      In this presentation, I would like to describe the challenges of configuring BGP monitoring and hijack detection tools (such as ARTEMIS, BGPalerter, BGPmon-like tools etc.) and provide two possible approaches on how to automate the generation of the needed configuration files to e.g., detect BGP hijacks in real time, focusing on the ARTEMIS use case.
      Why is keeping this conf file up-to-date useful? The configuration file contains aggregated AS-level BGP information, useful for BGP monitoring and incident detection tools in general.
      Why is it hard? The network operator has to manually fill in and update the
      configuration file for every change in network topology and/or routing policy.
      This is not practical for large networks, with complex policies (MOAS, rich peerings, etc.). Even if we "extract" this information from public sources (such as some tools do), it is not reliable, and still needs manual verification from operators every time something new is observed.
      How could automation work? I will present one prototype approach based on Ansible (router-specific, polling-based approach), and one based on trusted local BGP feeds (passive, async approach).

      Speaker: Vasileios Kotronis (FORTH)
    • 14:55 15:25
      Scaling to support thousands of BGP peerings in a SaaS environment 30m

      When analyzing peering traffic and identifying DDoS attacks, BGP provides valuable additional insight to supplement Flow information. In this talk we'll go over the different challenges, actions and learnings from the past four years to enable the support of thousands of peerings in a multi-tenant SaaS platform.

      Kentik utilizes multiple auxiliary sources, such as SNMP, DNS, RADIUS or Streaming Telemetry, to enrich the ingested flow. The most prominent of these sources though, is BGP. With BGP data, Kentik is able to produce BGP-related analytics such as peering analytics and in addition, utilize the peering bidirectionally to enable DDoS mitigation capabilities such as RTBH and Flowspec.

      In this presentation we'll start with a short introduction on how Kentik uses BGP, in order to define the technical requirements for the setup. We'll then overview the different generations of the setup through the years:
      1. 1 active node (2 nodes in active-backup) - ucarp
      2. 4 active nodes with mask-based hashing - RTBH functionality is introduced, exabgp is introduced
      3. 10 active nodes with full-tuple hashing and support for balancing IPv6 (current setup - slowly getting deprecated) - Flowspec is introduced
      4. 16+ nodes with IPVS+keepalived and easy pooling/depooling setup (now in testing)

      With the requirement being that the external customer service needs to remain stable and not require any reconfiguration, for each phase we'll illustrate the challenges, examine the options available to Kentik engineers, explain the choice that was made and describe the outcome, leading Kentik to be able to support more than 4000 peerings across 16 nodes today.

      Speaker: Konstantinos Fardelas
    • 15:25 15:55
      Call to action for Routing Security 30m

      In this talk, I will deepdive into what problems we face with BGP, how vulnerable we are for hijacks and what to do against them.
      Although I work for Juniper Networks the presentation is vendor agnostics and focusses on the state of routing security.
      Currently, it is strongly focussed on RPKI but I can include more general filtering methods as well.

      Speaker: Melchior Aelmans (Juniper Networks)
    • 15:55 16:10
      Flashtalk: Being a good netizen 15m

      A flashtalk about how GRNET is being a good netizen

      Speaker: Antonis Lioumis
    • 16:10 16:40
      Coffee Break 30m
    • 16:40 17:25
      Encrypted Uncensored DNS 45m

      How I Learned to Stop Worrying and Love: DNS over HTTPS and DNS over TLS.
      (presentation/demo)

      Speakers: Dinos Stamou (LibreOps), Nikos Roussos (LibreOps), Evaggelos Balaskas (LibreOps)
    • 17:25 17:45
      DoH/DoT/Do* - Flashtalk & Open Mic 20m

      A flashtalk on DoH/DoT/Do*, followed by some intriguing questions towards the audience.

      Speaker: Antonis Chariton
    • 17:45 18:00
      Closing GRNOG9 15m