Penguins and Bears

"Iceland! We are going to Iceland! Geysirs, Waterfalls, Datacentres and IPv6 everywhere!" My fellow Linux Penguin was overly excited, and to be honest, so was I. We had heard so many nice things about this country and its modern, state of the art internet infrastructure. Luckily, the first RIPE Meeting of 2019 took place in Reykjavík, Iceland from 20 to 24 May 2019, so we could check it out. Here's our report :-)

Blocked Pipes and IoT

In memory of last years flight chaos, we decided to start our journey early on saturday morning. This turned out to be a brilliant idea, as it left room for some sightseeing prior the RIPE Meeting. We started with the "Golden Circle Tour", passing some of the natural wonders and other attractions around Reykjavík. Some of our expectations might have been a little exaggerated, as some statistics see Icelands v6 adoption rate at only ~50% right now and the big Stóri Geysir has been inactive for several years due to some silicate depositions in it's pipes. But you can't have it all at once, so we enjoyed our ride and watched the smaller Strokkur Geysir, erupting once every ~10 minutes.

At Friðheimar, we learned a lot about sustainable cultivation of tomatoes and fruits under artificial lighting in greenhouses. With the help of heating and electric energy from geothermal springs, tomatoes can be cultivated around the year despite Iceland’s long and dark winters. Not to forget the mighty dutch bumblebees, who are busy pollinating the tomato plants. The IoT (Internet of Tomatoes, as they call it here), controlls temperature, humidity, carbon dioxide and lighting, providing information to it's owners Knútur and Helena, wherever they are. The internet is an amazing thing, isn't it? If you ever visit Friðheimar, try the tomato infused coffee (or one of the other tomato based dishes they serve in the small restaurant inside one of the greenhouses).

Monday

Monday morning started with tutorials on RPKI, IPv6 and OSS for model driven network programming. Roughly 600 attendees from 58 countries checked in, more than a quarter of them beeing newcomers. Thankfully, Hans Petter Holen could resist and didn't spoil the day with GoT details (Penguin and Bear didn't have the chance to see the last episode yet) and Ólafur Guðmundsson could resist talking in icelandic all the way through his talk (although it really is a nice language). He provided some interesting insights about classification and reputation of ip addresses. The rest of the day was filled with good coffee, provided by a local islandic roastery, several talks about EU roaming, streaming telemetry, network monitoring and measuring DNS "without breaking anything". Thanks for that, although I'd personally doubt that anyone would notice. The DNS system has been broken for quite some time and it seems to get worse with every attempt to fix it. Maybe we need some really new ideas in this field.

Tuesday

Unlike the previous days, tuesday started with a little bit of rain. The second day of plenaries circled around DDoS attacks, the DNS root, KSK rollover and related stuff, followed by some rather disturbing topics like Open Source Software for lawful interception and the renewed russian internet regulation. I wonder, where the penguin went ... he left the room mumbling about end-to-end encryption, privacy, Stasi 2.0 and Horst Seehofer.

We met again at "Whales of Iceland", where our tuesday social event took place and the Penguin introduced me to the wonders of the ice cream parlor around the corner :-)

The Whales of Iceland exhibition is really worth a visit: 23 man-made life size models of various icelandic whales are populating a large hall. It's almost like beeing under water and watching these beautiful creatures in their natural habitat. And you can even touch them :-D

Wednesday

As usual, wednesday started with working groups. The Penguin rolled his big eyes and went of to see the Icelandic Punk Museum, while the rest of us had to endure endless policy duscussions around the distribution of some last IPv4-breadcrumbs to IXPs. Lucky penguin. Nikolas Pediaditis noted that the IPv4 pool might not last beyond RIPE 79 in Rotterdam. So, the end is neigh and the four riders of the apocylpse are sliding gratiously through the clouds (most of the current IPv4 transfers appear to have been driven by cloud providers, which might explain a lot about the missing IPv6 Support in most of their services. The funny part: RIPE NCC may be the first RIR to upgrade to another /12 from IANA/PTI. Wait. What? IPv6 is depleted as well? Nope, not quite.

In the open source wg, Wolfgang Tremmel and Sander Steffann presented their respective works on using virtualization frameworks and containers for the ad hoc creation of routing labs for education. Max Rottenkolber talked about "Vita", a high performance site-to-site encryption implemented in snabb and lua on X86_64. We are living in an interesting world, that's for sure. And last, but not least, Mirjam Kühne and Charles Eckel talked about hackathons, organized by RIPE and IETF.

Meanwhile, the penguin had returned and followed some of the discussions about hate speech and mitigation thereof, practical implications for corporate censorship, etc in the cooperation working group. Since he had covered this rather political part of the evening, I joined a tech-meeting at Nauthólsvík Geothermal Beach to improve my networking skills. The geothermal beach offers 39°C geothermal water and swimming in the North Atlantic at 8°C - side by side - accompanied by lots of discussions about IXPs, PNIs, BGP, etc.

Thursday

While the penguin followed the Anti-Abuse, Routing and Database Workinggroups, I decided to entertain some IPv6 and IoT topics instead: Geoff Huston presented his findings regarding IPv6 reliability and came to a simliar realization as Enno Rey, who shed some light to the current status of IPv6-only Wi-Fi networks. Summary: FOSDEM does it with thousands of participants, Troopers and other conferences do it (and you should just try it as well). With 464XLAT, IPv6-only is as usable as any legacy NATed Network, but you get rid of the maintenance burden for dualstack networks and their bugs. Wifi-Networks are really easy in this regard, as most mobile devices supoort 464XLAT out of the box. More than that: As Geoff Huston points out: Those Networks which have successfully deployed NAT64 and 464XLAT, succeed, whereas dualstack will only carry you half way and happy eyeballs is covering up for it...

In the IoT Workinggroup, Mirjam Kühne presented about ethical, security and legal aspects of running an IoT network like the RIPE Atlas System. RIPE Atlas is a fine example, how IoT devices in the field can be managed successfully and responsibly. It is well structured and has been maintained for years. I wonder, if projects like the Barebox Bootloader, PTXdist, the lightweight RAUC Remote Updating Framework or the Testlab Automation with Labgrid could contribute to further development of the RIPE Atlas Ecosystem.

Matthias Wählisch gave a short report for the 2018 RIOT summit in Amsterdam and Jan Žorž asked: "Building a Smart House and You Want to Do It Yourself?", presenting his home as playground for all the IoT stuff you might want to have...but then you learn about the cold truth: The IOT world is a wild west and most of it is based on legacy stuff, so Jan decided to develop and build his own POE powered IPv6 sensor. That's the spirit!

And then ... there was Ice and the RIPE Dinner.

Friday

An update on the IANA Review Committee followed by an update from the ASO Address Council followed by an update by ... I honestly forgot. Did you know how hard it is to keep track of day and night considering the midnight sun in iceland? There was the nice RPKI Waybackmachine, The General Meeting voting results and some talk about good peering. I can relate to that ;-)

Thanks for all the interesting conversations about IoT (be it the Internet of "Things", "Tomatoes" or "Tux"). Although the RIPE community may not be the right place to discuss some of the regulatory issues, the IoT is definitely of operational concern and the networking community needs to be involved in any solution to the raising problem of untrusted or outdated devices with direct or indirect internet access. At RIPE76 and RIPE78, we have seen some approaches to mitigate DDOS Attacks by automatically quarantaining possibly compromised customer devices on the provider side, effectiveley taking the customer offline. But this is only a reaction to the imminent thread of high-volume DDOS Attacks, run by a growing army of well-connected, but outdated devices. We need to think way beyond the current thread structure, as quarantaining remote controllable devices may render whole industrial infrastructures useless: You don't want to quarantaine an industrial customer, causing effective DOS, just because the customers traffic pattern changed suddenly. Instead, the coming IoT infrastructure needs to be built on reliable, public reviewed open source software. We can help you with that.

Waiting for your flight back is hard. This country is so boooo... OH! Wait! A lava tunnel! ... And a geothermal RIVER :-) ... And these beaches filled with black lava stones. I am in heaven!

Thanks to everyone for making RIPE78 such a great meeting!