Dear SwiNOGers,
the Agenda is almost complete and we’re (almost) ready for the 14th of November.
Below is a preview for the agenda (in random order). You can also let us know what you expect or wish to hear by answering to the mailing list. The Speakers are also listening ;-)
Please register now: https://register.swinog.ch/
30min | AI in Networking | Jörg Ammon (Extreme Networks)
AI is gaining momentum to solve problems that are difficult for humans as it requires analytics of huge amounts of data. This talk discusses attempts to apply similar methodology to problems in networking.
25min | The Future of Passive Multiplexing and Multiplexing Beyond 10G | Wouter van Diepen (Alturna Networks/Solid Optics)
The Future of Passive Multiplexing and Multiplexing Beyond 10G. In the past, it was easy to change your optical network from 1G to 10G by simply changing the transceiver, but what if you want to do more than 10G? What if you want to go beyond 80km? What are your options and why is there no QSFP28-DWDM-ZR? These are the central questions in this presentation. We will cover the 3 “ingredients” of Multiplexing: The Fiber, the Passive Mux, and the Transceiver, and talk about the limitations and possibilities of multiple times 100G over one fiber pair. We will also cover the following topics: The challenges that arise due to attenuation and chromatic dispersion; Different types of Multiplexers - Cascaded TFF and AWG (including Gaussian Fit and Flat Top); ITU Grids such as DWDM and the new LWDM band (often used for 5G deployment); Modulation & Coherent 100G/200G/400G; How to use QSFP28 DWDM PAM4; and what is coming in 2020 - 400G DWDM QSFP-DD. At the end of this talk, you will understand the future of 100G multiplexing and how it can fit into your network.
30min | the complexity of hyper speed transceivers – let’s make it | Thomas Weible (Flexoptix GmbH)
Thomas will describe in detail the structures inside optical transceivers. A Transmitter / Receiver Optical Sub Assembly (TOSA / ROSA) is no longer just a diode in a housing handling the light path to and fro to the fiber. The performance increases from 10G to 100G onwards to 400G - are not only giant steps in bandwidth there are matching leaps in manufacturing.
How did the optical industry players around the globe make it possible to squeeze everything into the tiny form factors we see today? It is all about precision - a microscope with a calm and competent hand is no longer sufficient, now it is about; nano tolerances, testing, complex transceiver firmware and a shed load of money.
This is the high precision optical mechanical engineering revolution which fuels the hyper growth of data centers and optical networking worldwide…
If you face design issues with your current optical network design Thomas will give insights into the latest 40G to 400G transceiver developments (e.g. long distance 80km) which you can expect to see in the upcoming months. Hopefully this might save you some headaches. As a small „one more thing" Thomas will dive into the basics of how FEC compensates for errors caused by PAM4 modulation.
10min | RPKI, a piece of pie | Will van Gulik (Saitis - Nimag Networks / RomandIX)
RPKI is something we hear about everywhere nowadays. Is it hard to deploy?
30min | A new approach to select SIEM Use Cases by avoiding events per second estimations | Pascal Imthurn (ISPIN AG)
Did you ever experience the challenge to identify the adequate SIEM use cases to fulfil not only the compliance driven requirements but also the ability to have a high security detection coverage from day one? How can you ensure you will detect all attacks respectively you collect, and analysis all required events to identify anomalies?
We will introduce a comprehensive approach to directly address the challenge of SIEM use case identification and selection. In addition, we explain the answer of the problem of having a high detection maturity from day one with still a price efficient strategy and the capability to scale easily. Moreover, we present a recommended solution method to respond to attacks immediately, focused to the origin of the attack and to be able to collect all relevant data for additional investigations.
10min | How to build a typical home network | Pascal Gloor (Quickline AG)
beyond and above all expectations
30min | NBIP | Pim van Stam (Infomaniak Network SA)
The director of NBIP would share the experience in seting up a multi-organization not for profit fundation to provide a DDoS mitigation and protection platform for national ISPs.
5min | Rheintal Internet Exchange | Thomas Fritz (Rheintal IX)
Short introduction of the small Internet Exchange in the Rheintal region spread over FL, AT and CH.
30min | Weird and broken BGP on the Internet | Martin Winter (Hurricane Electric)
The presentation gives a quick introduction to the RT-BGP tool (https://rt-bgp.he.net) and then we spend most of the time looking at issues seen with it. An example of few weird and broken BGP announcements as currently seen on the Internet by it are then discussed.
15min | Poor man's explanation why IPv6 is stalling in CH | Jean-Pierre Schwickerath (HILOTEC Engineering + Consulting AG)
As a service provider for SME, we use on default ISP products for internet connectivity. The presentation will provide an overview of our experience with IPV6 on those products and where we believe improvements are (over)due.
20min | IP design and exploitation of Geneva city transport network | Gregoire Huet (TPG)
How the IP network for 700 vehicles has been designed. From hardware constraints to BGP implementation and up to TICK monitoring and alerting.
@Mobile IP, @BGP, @Linux, @Cisco, @NetModule, @Swisscom CNA, @SNMP, @TICK, @Grafana
15min | tbd/Cybersecurity | Levente Dobszay (Electrosuisse)
tbd/Cybersecurity
I like to thank you for our sponsors – without them we would have no SwiNOG !!!
Extreme Networks
ngworx
Alturna Networks
SWITCH
Centurylink
RIPE NCC
Final agenda with Schedule will be published soon. Till then…
Br
Simon
SwiNOG
Hello everyone,
if anyone from SBB reads the swinog ml: it's very cool that you added an
AAAA record to sbb.ch. However it seems that only the HTTP, but not the
HTTPS port is open via IPv6. Logs are attached below.
Best regards from Glarus,
Nico
[20:31] diamond:~% curl -6 -I -v https://sbb.ch
* Trying 2a00:4bc0:ffff:ffff::c296:f58e:443...
* TCP_NODELAY set
* Connected to sbb.ch (2a00:4bc0:ffff:ffff::c296:f58e) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
^C
[20:33] diamond:~% curl -6 -I -v http://sbb.ch
* Trying 2a00:4bc0:ffff:ffff::c296:f58e:80...
* TCP_NODELAY set
* Connected to sbb.ch (2a00:4bc0:ffff:ffff::c296:f58e) port 80 (#0)
> HEAD / HTTP/1.1
> Host: sbb.ch
> User-Agent: curl/7.66.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< Date: Sun, 20 Oct 2019 18:32:39 GMT
Date: Sun, 20 Oct 2019 18:32:39 GMT
< Server: Apache
Server: Apache
< Location: https://sbb.ch/
Location: https://sbb.ch/
< Content-Type: text/html; charset=iso-8859-1
Content-Type: text/html; charset=iso-8859-1
<
* Connection #0 to host sbb.ch left intact
--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
Dear list
SWITCH is organising the 3rd Swiss Web Security Day, together with Swico and SISA.
If you are interested in Web Security join us on October 30th in Bern.
Registration and more Information about the event is available here:
https://www.eventbrite.de/e/swiss-web-security-day-2019-tickets-65098353929
Hope to see you in Bern
Michael
------------------------------------
Michael Hausding,
Competence Lead DNS & Domain Abuse
SWITCH-CERT
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 77, incident phone +41 44 268 15 40
michael.hausding(a)switch.ch
http://securityblog.switch.ch
We currently experience mail delivery issues with bluewin.ch recipients.
> 452 4.1.1 <REDACTED(a)bluewin.ch> requested action aborted: try again later
we have tons of those message since this morning. From time to time mail
can be delivered. Not have them before today
Anyone seeing similar issues with bluewin? Or anyone from bluewin
reading this list (can contact me offlist if desired)?
Thanks for any help with this issue
tobi
Hi All
We are experiencing problems delivering mails for domains having their MX record set to mx-eu.mail.am0.yahoodns.net (for example yahoo.it, yahoo.de, yahoo.co.uk). So far we have figured out that Yahoo’s DNS servers send different responses. Depending on the DNS response we are able to establish SMTP connections. Below example shows 2 servers from their DNS that seems to accept SMTP connections:
[root@x1:~] # dig a mx-eu.mail.am0.yahoodns.net @yf2.yahoo.com +short
188.125.72.73
188.125.72.74
[root@x1:~] # telnet 188.125.72.73 25
Trying 188.125.72.73...
Connected to mtaproxy1.free.mail.vip.ir2.yahoo.com.
[root@x1:~] # telnet 188.125.72.74 25
Trying 188.125.72.74...
Connected to mtaproxy2.free.mail.vip.ir2.yahoo.com.
On the other hand we sometimes get other replies from the “same” (the id.server chaos record tell’s us it’s a different one) DNS server with different A records that do not accept SMTP connections:
[root@x1:~] # dig a mx-eu.mail.am0.yahoodns.net @yf2.yahoo.com +short
188.125.73.87
212.82.101.46
[root@x1:~] # telnet 188.125.73.87 25
Trying 188.125.73.87...
telnet: connect to address 188.125.73.87: Operation timed out
telnet: Unable to connect to remote host
[root@x1:~] # telnet 212.82.101.46 25
Trying 212.82.101.46...
telnet: connect to address 212.82.101.46: Operation timed out
telnet: Unable to connect to remote host
We have so far confirmed this behaviour from different AS (Hetzer, OVH). Does anybody else experiencing the same behaviour?
We have tried to contact their postmaster address and few others we found on the internet. Unfortunately so far no one was really able to help us. The Yahoo Small Business Phone Number that has been posted on this list back in October 2009 seems no longer to be in operations too. Therefore if you know how to get in touch with their technical staff that would be much appreciated.
Best Regards
Dominic Schlegel