Edward Shryane - 25-11-2021 14:28:23
Hi everyone, I'm Ed Shryane from the RIPE NCC. This chat panel is meant for discussion ONLY. If you have questions for the speaker and you want the session chair to read it out, please write it in the Q&A window also stating your affiliation. Otherwise, you can ask questions using the microphone icon.
Please note that all chat transcripts will be archived and made available to the public on https://ripe83.ripe.net/.
The RIPE Code of Conduct: https://www.ripe.net/publications/docs/ripe-766.
Kurt Kayser - 25-11-2021 14:28:53
it's not the bald eagle, rather a bald lion :)
Kurt Kayser - 25-11-2021 14:29:09
Hi Ondrej :)
Ondrej Filip - 25-11-2021 14:29:15
Gert Doering - 25-11-2021 14:30:30
where is the music
Ondrej Filip - 25-11-2021 14:33:28
We solve everything during the meetings. :-)
Shane Kerr - 25-11-2021 14:33:30
Marcos Sanz - 25-11-2021 14:33:45
Kurt Kayser - 25-11-2021 14:36:25
I can see 2 Ondejs :)
Shane Kerr - 25-11-2021 14:36:35
We obviously need to use some deep fake technology as a backup...
Peter van Dijk - 25-11-2021 14:36:39
ceci n'est pas un Ondrej
Kurt Kayser - 25-11-2021 14:36:44
Kurt Kayser - 25-11-2021 14:36:47
Olivia Ruimwijk - 25-11-2021 14:36:49
Martin Neitzel - 25-11-2021 14:36:51
Annika Hannig - 25-11-2021 14:37:15
Didn't nvidia come up with some "deepfake as compression" thingy?
Ondrej Filip - 25-11-2021 14:37:16
I should ask some other Ondrej's to speak....
Jan Zorz - 25-11-2021 14:40:51
Olivia Ruimwijk - 25-11-2021 14:41:12
Kurt Kayser - 25-11-2021 14:41:34
but on the plan ::1 did not mean localhost, right? rather xxx::1 as in first IP in the /64 right?
Jan Zorz - 25-11-2021 14:42:14
virtualbox??? Seriously? :)
Peter van Dijk - 25-11-2021 14:42:17
Kurt, I definitely hope so!
Jan Zorz - 25-11-2021 14:42:34
KVM should be common enough...
Peter van Dijk - 25-11-2021 14:42:55
Jan, on Linux, yes
Brett Carr - 25-11-2021 14:43:19
Vmware Fusion is available on all three platforms
Anders Mundt Due - 25-11-2021 14:43:31
if it's vagrant based, it might be possible to repair it so it uses kvm instead of virtualbox ;-)
Brett Carr - 25-11-2021 14:43:37
But Kudos for using vagrant its a great tool
Brett Carr - 25-11-2021 14:43:49
and it works really well with virtualbox
Anders Mundt Due - 25-11-2021 14:44:18
is virtualbox available on the new mac m1 cpus ?
Brett Carr - 25-11-2021 14:44:28
Brett Carr - 25-11-2021 14:44:48
it only does x86 virtualisation not arm
Kurt Kayser - 25-11-2021 14:44:49
Peter van Dijk - 25-11-2021 14:45:29
Anders, yes, qemu-img is patient generally
Wolfgang Tremmel - 25-11-2021 14:45:48
ttyd rocks - I use it also in my lab
Blake Willis - 25-11-2021 14:45:54
great to see LXD in the wild, it's really easy to use, & getting more powerful with every release
Anders Mundt Due - 25-11-2021 14:46:57
I'm getting a feeling that if a projects need to be cool, it needs a bit of Ondrej :)
Ondrej Filip - 25-11-2021 14:47:11
Ulka Athale - 25-11-2021 14:47:59
The RIPE Labs article that Ondrej wrote: https://labs.ripe.net/author/ondrej_caletka_1/hands-on-learning-how-we-built-the-ipv6-security-course-virtual-lab-activities/
Ulka Athale - 25-11-2021 14:49:24
And the link to the IPv6 Security e-learning course: https://academy.ripe.net/enrol/index.php?id=12
Ruben van Staveren - 25-11-2021 14:49:25
Kurt Kayser - 25-11-2021 14:49:49
Suggestion: provide a Raspi4 along for the Kahoot!-Winners with this package included.
Kurt Kayser - 25-11-2021 14:52:10
Ruben van Staveren - 25-11-2021 14:52:18
there is a qemu for M1 macs with a friendly frontend https://mac.getutm.app
Ruben van Staveren - 25-11-2021 14:52:21
Blake Willis - 25-11-2021 14:52:46
in the mean time, there are relatively inexpensive raspi-sized amd64 boards & appliances available
Brett Carr - 25-11-2021 14:52:52
Thanks Ruben I'm getting a new macbook pro in December
Blake Willis - 25-11-2021 14:53:03
:clap::clap::clap: thanks great project
Blake Willis - 25-11-2021 14:55:11
coincidently, Alice is my partner's alter ego: https://photos.app.goo.gl/ZTnSpvJXZDdaibxY9
Gert Doering - 25-11-2021 14:55:31
@ruben that one actually works nicely, but for emulation of x86 binaries it is slllowwwww
Gert Doering - 25-11-2021 14:56:02
(for giggles I tried to install an AMD64 FreeBSD inside qemu on MBA M1 - it worked, but took its time)
Gert Doering - 25-11-2021 14:56:19
OTOH win11/arm emulation for x86 is amazingly fast
Wolfgang Tremmel - 25-11-2021 14:56:22
well, a few .001€ you can always spin up a VM at your Cloud Provider
Ruben van Staveren - 25-11-2021 14:56:45
yes, it won't be stellar performance I'm afraid Gert
Kurt Kayser - 25-11-2021 14:57:19
Another idea: stock a set of 10 small sized hardware components that could be sent along with training material to LIR candidates that wish to get certified? They have to return it back and saves a lot of time.
Wolfgang Tremmel - 25-11-2021 14:57:37
(my lab is way less sophisticated - I only provider an Ansible playbook to install it on an Ubuntu server)
Ruben van Staveren - 25-11-2021 14:57:46
it is weird because I didn't mind when mac was PPC, with virtualpc being bog slow but it feels I do mind when they switched to ARM
Vesna Manojlovic - 25-11-2021 14:59:03
(with my hat as a Community Builder) YAY! the alice-project started at this hackathon!! https://labs.ripe.net/author/becha/ixp-tools-hackathon-results/
Ruben van Staveren - 25-11-2021 14:59:18
(so I have this hot 2019 i9 mbpro instead)
Blake Willis - 25-11-2021 14:59:50
Vesna really cool thanks
Marcos Sanz - 25-11-2021 14:59:54
ah, Madrid... *sigh*
Shane Kerr - 25-11-2021 15:03:10
Fixing linter errors is truly noble work!
João Luis Silva Damas - 25-11-2021 15:03:13
on the M1 Macs just use UTM, it works (with perhaps the occasional crash which is being worked on)
João Luis Silva Damas - 25-11-2021 15:04:14
https://mac.getutm.app (GitHub or ig you want something ready to use and support the people doing the work then use the App Store)
Gert Doering - 25-11-2021 15:04:44
did so (paid via App Store). But it is still slow for x86 VMs :-)
Ruben van Staveren - 25-11-2021 15:05:01
support the project, buy it in the mac app store (I did)
Simon Leinen - 25-11-2021 15:07:13
Solution: Write all your code in Perl^H^H^H^HLisp, and be immune to frequent changes of coding fashion :-)
Gert Doering - 25-11-2021 15:07:29
Andreas Wittkemper - 25-11-2021 15:07:47
Simon Leinen - 25-11-2021 15:08:07
More seriously, this looks like a very useful project, thanks for working on this Annika!
Gert Doering - 25-11-2021 15:10:28
Vesna Manojlovic - 25-11-2021 15:10:34
Vasilis & Aninka, do you want to work on this project on the next hackathon ??
Ruben van Staveren - 25-11-2021 15:10:38
Blake Willis - 25-11-2021 15:10:44
Annika this is super helpful & much appreciated
Ruben van Staveren - 25-11-2021 15:10:44
Ruben van Staveren - 25-11-2021 15:11:00
(need to get one of these)
Kurt Kayser - 25-11-2021 15:11:03
Vesna Manojlovic - 25-11-2021 15:11:12
Vasilis . - 25-11-2021 15:11:13
Catalin Trif - 25-11-2021 15:11:18
Simon Leinen - 25-11-2021 15:11:31
On the question about a catalogue of looking glasses... http://traceroute.org/#Looking%20Glass has a ton of links, and some of those even still work, but I doubt that this is still being maintained (check with Thomas Kernen, who used to maintain it...).
Simon Leinen - 25-11-2021 15:11:44
(If this is was the question was about, not sure)
Vasilis . - 25-11-2021 15:12:12
@Simon thx! This is pretty outdated unfortunately.
Simon Leinen - 25-11-2021 15:12:52
Yeah, looks like it. I posted it mainly in the hope that someone responds "you fool, **this** is where you should go there days: <URL>" :-)
Vasilis . - 25-11-2021 15:13:02
It will be really if there was a community project to collect/test looking glasses servers.
Elmar K Bins - 25-11-2021 15:14:54
You guys know about the collection at http://www.bgplookingglass.com/ ?
Elmar K Bins - 25-11-2021 15:15:11
(I'd be more interested in a working list of ssh/telnetable routeservers)
Annika Hannig - 25-11-2021 15:15:37
PeeringDB could be such a place maybe...
Simon Leinen - 25-11-2021 15:15:51
Ah, PeeringDB! That also has a field for Looking Glass URLs, and ISP folks (AS holders) can keep it up to date themselves.
Blake Willis - 25-11-2021 15:15:56
there's a github page with a community-maintanable list of NTP servers: https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94b0453 such a thing could be done for LGs if one were similarly motivated...
Vesna Manojlovic - 25-11-2021 15:15:59
On the question about a catalogue of looking glasses... https://stat.ripe.net/widget/looking-glass
Wolfgang Tremmel - 25-11-2021 15:16:31
There is also a list on bgp4.net (but it seems they forgot to renew their https cert) https://www.bgp4.net/doku.php?id=tools:ipv6_looking_glasses
Vasilis . - 25-11-2021 15:16:57
Neat, thx for all the links.
Elmar K Bins - 25-11-2021 15:18:05
garf: That seems a bit unmaintained... last change... 2017...
Blake Willis - 25-11-2021 15:18:10
perhaps the most actionable takeaway from this discussion is a page made with the PeeringDB API to show all the looking glasses listed there in one place
Vasilis . - 25-11-2021 15:18:46
I will be happy to work with you to update/fix a better LG server list. I made some notes on how to find LG servers notes but mostly a manual process looking into Censys or Shodan datasets.
Elmar K Bins - 25-11-2021 15:19:09
The ones on the link that I sent above seem quite current, maybe talk to those guys
Elmar K Bins - 25-11-2021 15:19:50
(Because somebody will have to maintain that list...unless we find a way to either engage people in doing this themselves (wiki-like), or to automate that (like pulling from pdb, maybe other sources))
Annika Hannig - 25-11-2021 15:20:40
I definitely have to look into that xdp tcp stack.
Blake Willis - 25-11-2021 15:20:54
F-Stack is another interesting example of an accelerated TCP stack: http://www.f-stack.org/ (FreeBSD tcp ported to DPDK)
Shane Kerr - 25-11-2021 15:21:01
DNS developers are used to protocols with lots and lots of RFCs. :-D
Kurt Kayser - 25-11-2021 15:21:32
nice slide.. how true.
Elmar K Bins - 25-11-2021 15:22:05
So, Shane, you mean this is the best of both worlds: All the TCP RFCs *and* all the DNS RFCs :-)
Sebastian Wiesinger - 25-11-2021 15:22:08
You can see performance measurements done by the KNOT DNS Server here, XDP really makes a difference: https://www.knot-dns.cz/benchmark/
Annika Hannig - 25-11-2021 15:22:11
I recently explored xdp a bit but at some point it was: ok grab structs and start calculating checksums... etc...
Ondrej Filip - 25-11-2021 15:23:21
@Shane - sadly true
Vesna Manojlovic - 25-11-2021 15:23:30
@Elmar: "(Because somebody will have to maintain that list...unless we find a way to either engage people in doing this themselves (wiki-like)" i support the wikipedia or GitHub as a centralised location, that most people know about, and can be crowdsourced / maintained by multiple people in a decentralised way.
Kurt Kayser - 25-11-2021 15:23:31
wow. these graphs are really powerful.
Kurt Kayser - 25-11-2021 15:23:47
Elmar K Bins - 25-11-2021 15:24:29
Knot has come a long way. Congrats. I would alas like to see UDP numbers in those graphs (esp. for the root, we mostly see UDP)
Ondrej Filip - 25-11-2021 15:24:51
Yes, it accelerated a lot. We saved some money as we can build our nodes with a lot less HW.
Sebastian Wiesinger - 25-11-2021 15:25:36
@elmar the Benchmarks are UDP except for the last two
Elmar K Bins - 25-11-2021 15:25:49
Ah, I thought that was comparing to TCP. Cool
Anand Buddhdev - 25-11-2021 15:25:55
Thumbs up for Knot DNS :)
Sebastian Wiesinger - 25-11-2021 15:26:26
you can klick on the "Deployment" Tabs to switch between measurements
Jelte Jansen - 25-11-2021 15:26:36
Kurt Kayser - 25-11-2021 15:26:48
Libor: this is really important work. I love the effort of the cz.nic team with regards to knot DNS. Very, very valuable!
Marco d'Itri - 25-11-2021 15:26:48
Is Knot a good choice for the "many low traffic zones" workloads or is it designed more for TLDs?
Tom Hill - 25-11-2021 15:26:50
Tom Hill - 25-11-2021 15:27:09
It's like it's just begging for an Open eXchange implementation :p
Kurt Kayser - 25-11-2021 15:27:47
Gert Doering - 25-11-2021 15:27:59
Marco: Knot does "lots of low traffic zones" just fine for us
Blake Willis - 25-11-2021 15:28:00
Ruben van Staveren - 25-11-2021 15:28:06
Anand Buddhdev - 25-11-2021 15:28:08
Marco d'Itri: Knot works well for both large TLD zones, as well as lots of smaller zones
Sebastian Wiesinger - 25-11-2021 15:28:16
@marco does both I guess. The measurements have TLD szenario (one zone, many delegations), Hosting (many zones), root (one zone, some delegations, many NXDOMAIN)
Vesna Manojlovic - 25-11-2021 15:28:43
Annika Hannig - 25-11-2021 15:29:30
Hmm can't ask a question in the QA, so: is this tcp stack standalone or is it coupled to the knotdns code?
Tom Hill - 25-11-2021 15:29:37
This is really cool work. Thanks for presenting on it, Libor :clap:
Marco d'Itri - 25-11-2021 15:29:40
Looks like it's time to try it again then...
Gert Doering - 25-11-2021 15:29:54
Annika: you need to fill in the affiliation before you can send the Q
Annika Hannig - 25-11-2021 15:30:01
Vesna Manojlovic - 25-11-2021 15:30:11
Vesna Manojlovic - 25-11-2021 15:30:21
Sebastian Wiesinger - 25-11-2021 15:30:26
@marco I switched to KNOT for DNSSec-Signing, it makes it really easy to do key rollovers etc. there was much improvement in the last few years
Peter van Dijk - 25-11-2021 15:30:28
Tom, I see what you did there
Blake Willis - 25-11-2021 15:30:49
Benno Overeinder - 25-11-2021 15:30:50
Thank you Vesna
Kurt Kayser - 25-11-2021 15:30:52
Gert Doering - 25-11-2021 15:31:02
I notice that OS WG chairs have little hair
Tom Hill - 25-11-2021 15:31:08
Ondrej Filip - 25-11-2021 15:31:12
Luuk Hendriks - 25-11-2021 15:31:25
Nice work Libor! :clap:
Ruben van Staveren - 25-11-2021 15:31:39
XDP seems to be a summer of code project for FreeBSD but not merged yet... :(
Benno Overeinder - 25-11-2021 15:32:45
Just to be complete, the researchers augmenting DNS with XDP are Luuk Hendriks, Willem Toorop and Tom Carpay
Marco Prause - 25-11-2021 15:34:20
Annika Hannig - 25-11-2021 15:34:24
Gert Doering - 25-11-2021 15:34:29
Vesna Manojlovic - 25-11-2021 15:35:05
Thank you all! :clap::clap::clap:
Annika Hannig - 25-11-2021 15:35:15
See you next time! :)
Daniel Karrenberg - 25-11-2021 15:35:18
Blake Willis - 25-11-2021 15:35:24
Annika Hannig - 25-11-2021 15:35:25
Edward Shryane - 25-11-2021 15:35:27
This session has now ended. The next session is DNS and it will start at 16:00. More info on the RIPE 83 meeting plan: https://ripe83.ripe.net/programme/meeting-plan/