I’ve been an active member of the INEX community as a result of my employer BT’s membership of INEX for many years now. Even though it’s no longer a direct responsibility of mine to attend on behalf of our Network Engineering team any longer, I feel it’s an extremely good way of keeping in touch with the networking community in Ireland.
So any time the meetings are held and I can work it into my working schedule without having a clash with other customer meetings etc I make it my business to attend. It’s also a really good way to stay embedded with what’s relevant in terms of technologies in use by Service Providers / Peers in the industry.
This is the September Technical Meeting and we are in Iveagh Garden Hotel. One of the many great things about INEX as an organisation is that they have the single best marketing person I’ve ever had the pleasure to meet in Eileen Gallagher. With Eileen at the helm, you’re always guaranteed that the venue and atmosphere in it will be great and this is no different. Here’s a few pictures below.
Eileen welcomed us all to the news that INEX CORK
will continue to have its free port offer as it has been extended to at least January 2020. Also the fact that Asavie and Cisco are now Full Members. I know an ex-colleague of mine Cathal Mooney was big on getting Asavie peering at INEX. Some news closer to home was that my own employer BT now host the newest INEX PoP at Citywest. There was also some funny updates about the hosting of the EURO-IX
meeting during the summer which was a monumental success by all accounts.
Today, INEX offer up the following speakers and talks which I’ll speak about briefly below;
Speaker Name | Speaker Title | Talk Title |
---|---|---|
Ian Cleary | Head of Interconnection Ireland and other countries at Google | Google's tools for ISPs and an insight to the support for IXPs |
Nick Hilliard | Chief Technical Officer at INEX | Operations Update |
Anne-Marie Eklund Löwinder | Chief Information Security Officer at IIS | Key ceremony for internet root zone and a look at DNSSEC today |
Nigel Bayliff | Chief Executive at AquaComms | The Atlantic - Cables are being built again |
Nicole Starosielski | Associate Professor of Media, Culture, and Communication at NYU | Subsea cables in a cyber terror / war world |
Google’s tools for ISPs and an insight to the support for IXPs
Ian spoke about Google’s desire to get back to being more engaged at IX meetings around the globe including INEX. He sighted that at the bigger IXs such as LINX and AMS-IX (which he name checked) the member meetings are often sparsely populated and furthermore often missing some of the biggest corporations that peer at the exchange. The core of the talk related to their OPEN peering policy and the tools available to peers who have peering with Google. It seems that they have conducted quite a big uplift in their tooling available to monitor peering sessions with them.
- They have an ISP Portal to request new peering
- Performance monitoring
- Capacity forecasting (could be very interesting)
- Self-service peering actions
- Open and manage ticketing
Unsurprisingly Ian asserted their desire to form bilateral peering as opposed to peering via Route Servers and that they’re also keen to form v4 and v6 peerings as a preference - all good stuff really. BT I know are already peering with Google bilaterally at INEX via v4 and v6 as of day 1 of their peering being available as I was the very person who initiated this.
Finally a reminder that the portal address is https://peering.google.com
During the Q&A Ian clarified the services available via the two ASNs which they use for peering. In summary, AS15169 is essentially serving all of Google’s content/services whereas AS36040 is only serving a subset of the most popular applications and services such as YouTube, Google Maps, etc.
INEX Operations Update
Some of the 2018 projects that the team have been involved in so far this year - again including the PoPing of BT Citywest. There’s also been a significant rebuild / uplift of INEX LAN2 from the ground up allowing for 100G ports and many more useful things. A sizeable DWDM uplift across the core to keep up with the growing bandwidth damages happened in conjunction.
Nick mentioned a timeline of the various different media types in use on ports at the exchange over time. UTP through to SMF which is the default today. He feels that there will become a time in the near future that SMF will be the sole media type at the exchange.
HEANet were the first member to use ALL of the various port times Nick reminded us all. Not surprising really considering that they are essentially the provider of Network Services to all of the High Education bodies. This is I guess where you’d expect the cutting/bleeding edge technologies to be deployed first after all.
In terms of the DWDM works INEX team have now deployed the initial N*200G into the core as of Feb 2018 and by year end the design goal shall be reached and the network will be at it’s final state in the core in terms of design.
Kit wise, the guys have started running Mellanox SN2100 for their routing requirments in combination with Cumulus Linx. A really cool thing is that they’ve provisioned (publicly) their provisioning templates on GitHub - nice one guys - some more learning for me when I get some spare time. They have VxLAN and other cool stuff running to create the core infrastructure. The edge devices, the exchange is running some Edge Networks X6072. INEX LAN 1 is now running on Arista 7280SR devices.
Nick also had an interesting example of why buffering is important in some instances to consider, especially relevant for those that run their INEX ports hot a lot. It looks like the network design will be transitioning to a spine and leaf architecture in 2019 which will mean big spending on vendor hardware. Chosen vendor for this seems to be Arista also. INEX CORK is getting an uplifting too.
Finally, back to a BT related topic, it seems that the INEX PoP at BT Citywest will be cut into the rest of the metro network on October 5th for a 24 hour period.
RIPE - Route objects information (out of region) - to be updated
www.manrs.org
Key ceremony for internet root zone and a look at DNSSEC today
Anne-Marie explained a bit about DNSSEC and what it’s for - thankfully I’m already aware myself. One interesting thing that I wasn’t aware of was that Sweden was the very first TLD to implement DNSSEC in 2005 - over 13 years ago!!! A bit like IPv6 it has a long history of being available to use as a standard yet very few have implemented it on their domains. It wasn’t until July 2010 that ICANN signed the internet root zone. We were brought through the concept of TCR or Trusted Community Rep - loosely meaning people of trust and integrity within the various internet communities. Anne-Marie is one of these such people owing to her extensive work and respect in all things DNSSEC since 1999. It was very amusing listening to the comparisons of El Secundo’s DC versus the one that Anne-Marie is aligned to based in Virginia. Seems to be the heart of Trump Land. Some pictures in the slides of the key signing procedures and physical infrastructure were astonishing. (to be linked when shared)
icann.com/kskroll https://dnssec-name-and-shame.com
The Atlantic - Cables are being built again
Bulk of investment and spending in the business of subsea cable landing is done well in advance of there being anything remotely like a cable in the sea. Huge time is spent surveying the water system from shipping patterns to seismic activity to fishing and a whole host of other environmental checks to determine the most optimum path on which to lay the cable. Anything down as far as 5km from the sea level is surveyed.
Enough power is available at either end of a subsea cable to power the whole system if required such is the level of power resiliency. That’s to say if the whole of Killala’s power/backup power/diesel backup power/etc was to fail or become unavailable for some reason, the whole subsea cable could be powered from the other side of the cable in the Hampton’s on Long Island in New York!!!
Between 2015 and 2020 there shall be 6 brand new cables built between Europe and America. After a question I asked of Nigel about the re-use of some of the existing 19 cable paths, he confirmed these will be almost entirely new paths such is the difference in thinking in terms of diversity design. Seemingly there are currently 7 of the pre-existing 19 that were built around 1999 and subsequent years, land onshore in Cornwall in a less than 30 km section along the beach. There was a recent event of a ships anchor deploying in error in the region of Cornwall that took out 3 cables in one go.
Apparently a subsea cable repair vessel are rented at approx. £100k per day. Time to build a cable repair ship maybe ;) Some of the cable recovery ropes aboard these vessels can be 7km long which is utterly amazing to me. Some of the joints used to repair the fibre breaks can cost £150k.
Subsea cables in a cyber terror / war world
Nicole is an academic herself based in NYU. Some really interesting anecdotes about various methods of cable tapping during the cold war.
Seems the conclusion is very much that the “moment in time security measures” to try and ensure cable systems are protected and filled with folly. It is simply the case that environmental risks are much more apparent and pose a far greater risk to cable systems than the likes of perceived threats from co-ordinated cable tapping.
Next meeting will be on 13th December at the IAA Theatre