Monday 20th May 2019
HANS PETTER HOLEN: So, welcome to RIPE 78, welcome to Reykjavik. It's some years since I had to read Icelandic in school, I forgot honestly, I had forgotten all about that. So, I never know what is on this slide. So first, I have been told we have to do an important play byplay on what happens on Game of Thrones yesterday. Sounds like we don't have consensus for that. Okay. So that will be for another meeting, then. I may have to start to read the presentations before I go up here.
814 registered for this meeting. I was told this was going to be a small meeting because we were going to a small place, far away, very expensive, very cold, actually a lot of light, very long days. Maybe that's why people have come. But Iceland is central place in the world between Europe and US so I guess there is a lot of interesting things to see in this meeting, of course.
Checked insofar, 518, so this is really promising. RIPE meeting principles: This is a meeting that's open to anyone, and we are bringing together people from different cultures, nationalities, beliefs and genders, so it's very important that you all contribute to making this a safe, supportive and respective environment.
We have grown from the 16, 17 people at the first RIPE meeting, until more than 500, more than 800, the playground is quite different. We are not all the same any more, we don't all come from universities, we don't have all the same ground as we used to have so we need to be much more tolerant and clear that we treat each other with respect.
There has been work on a code of conduct, and it basically states that please treat each other with tolerance and respect. And I think that's sort of the short version. You can read the details yourself. And importantly, also, this is not cut in stone, we are working on a version 2 of the Code of Conduct. There is a task force, diversity that has made a new proposal for this, there is a mailing list for this discussion, and there will be a lightning talk later this week on this progress. So, while the community evolves, we are also trying to evolve how we work together.
Now, in the event that you feel that there has been violations to the Code of Conduct we have two trusted contacts, Mirjam Kuehne. She is over there, yes. And then Rob Evans. He is over there. So they are trusted contact and they have received special training in how to handle complaints and they will of course handle everything confidential in the event that you experience something that is not good.
Now, there are a lot of other people that are important to you as well, the RIPE Working Group chairs, you can see a picture of them up here and their names and they all have yellow badges so if you want to talk to any of the Working Group chairs you can easily find them by looking for yellow.
We also have a Programme Committee that's put together the programme for the plenary sessions and you can see all their pictures here, and you will later on, you will meet the chair of the Programme Committee, Benno, who will tell you a bit more about the work of the Programme Committee.
Microphones: There are microphones in the room so if you want to make a contribution or if you have questions after any talks you can walk up to the microphone and when you are given the floor you can ask your question. All the plenary sessions are recorded and webcast and transcribed so what you say will be preserved forever.
Open and transparent: Right, but clearly state your name and affiliation. You may be speaking on your own behalf but it's good to know who you work for and who paid your ticket here because we want to have an open and transparent discussion and you can always approach the presenters afterwards for more information.
Tomorrow, we will do a pilot experiment with the new technology so then there is going to be a use of Slido, it's a sort of a web‑based tool where you can write in your questions to the speakers and then the session chair will read out the questions and you can actually vote on other questions as well so that not everybody has to line up to ask the same question.
That's an experiment, we will see how that works if that will bring out other or more different questions to the microphones.
Looking at the meeting plan, you all have that in your badge, and you can see that Monday and Tuesday there are mostly plenary sessions, Wednesday and Thursday you have Working Group sessions and then some plenary sessions again on Friday.
There is a special Working Group on Wednesday, the RIPE NCC Services Working Group which kind of leads into the General Assembly, there are Services Working Group is open to everybody which is discussing what should the RIPE NCC be doing in the next year and what have they been doing, and then the General Assembly is only for members of the RIPE NCC association, who are actually voting on selecting new board members and changes to various governance documents and so on.
And the charging scheme.
In the evening, you will see some BoFs, so there is a best common operational practice task force tonight, where operators get together to work on best practices. There is also a BoF on RIPE in the big picture, we just need to realise that other societies, or countries, or industries, everything, is now dependent on the Internet. What does that mean for us, what does that mean for RIPE as a community and the RIPE database? So that is a bit open discussion on what does that mean for us and how should we take that further on. If you are interested in those kind of discussions please come. Tomorrow there is also a BoF on the RIPE chair selection process. Socials is probably why some of you come here, next to having the technical discussions of course and we have planned stuff for you most evenings except on Wednesday where you can choose your own adventure. Usually we say do it yourself social but since we are in the island of the ‑‑ this is the adventurous place, right. Diversity, we have a fellowship programme, and RACI programme to brings new voices and voices into the meeting. We have a women in tech session, and we have on site child care and it's fully booked this time which is really great. We also have a monitoring programme and as I already mentioned the RIPE diversity task force.
The RIPE chair selection process, when I was picked as the Rob Blokzijl's successor ‑‑ he said Hans Petter, your first task will be to make sure you have a process to replace yourself. So, what we have been able to do during this five years and this is a discussion that has taken time and the community has needed time for this discussion, is a document that is not published on what is the RIPE chair role and task supposed to be. So we are done with that. Now there are two documents on the table, one is who you to select the chair and vice‑chair that has been the consensus on the mailing list you want to have a ‑‑ and the second document is describing how to select a tomorrow come and basing that on existing technology but then as everything else we take from the IETF we need to operationalise it and make a practical implementation of the standard.
All the documents have been sent to the RIPE chair discuss list so if you are interested in that you can go and read that in the archives and subscribe to that list.
The big picture BoF that I described already, it's at 1,800 today, and it's really about how do we walk into the future, how do we be even more open and welcoming to new parties like law enforcement agencies, like governments, like regulators and how do we make sure that the Internet stays secure and safe and not only think about ourself and our own needs. And this is not a very easy question, I can tell you, and in my work as chief information security officer, I really see that, yes, I would like to really have full access to everything and know everything about everybody, but of course there are privacy concerns and other concerns in that. So this is not an easy discussion to have.
Accountability task force has produced their report which is really good work so I would like to thank the committee and the chair of the committee, William in particular.
The report was published last week so I haven't had time to study it in detail, I follow the work of course but I haven't really done that and I think that all of you deserve the opportunity to read that report and read the suggestions on the improvements we should make, so I foresee a process that we after this meeting, I will study the report and discuss it with Programme Committee and come up with an implementation plan, some things we might have in progress already like the RIPE chair implementation process. Other things may be simple and others require a bit more work. We need to as the community decide on what to implement from this report and actually do the work to implement it.
There is a networking app so you can connect to each other without meeting each other face‑to‑face (app) so if you want to be virtual you can do that or this is a tool to actually meet physically and interact you find that in the App Store and can install it on your mobile devices. This meeting wouldn't happen, well, for you guys, without you it wouldn't be a meeting but we also need the sponsors that have generously helped out with the meeting, and then I will hand over the floor to first Orn Orrason from one of the hosts.
ORN ORRASON: Thank you. So, I would like to welcome you to this RIPE meeting on behalf of Farice, so very proud to host this first RIPE meeting in Iceland. I am told there are about, well I wrote 750 and he said 813, I guess that is quite large meeting and from there are about 50 people from Iceland. So I am going to tell you a little about ourselves, FARICE, what we do. So, we are basically provider of international connectivity in and out of Iceland, so we operate two submarine cables and we have a network around Europe, and now we are planning to have a third cable into Ireland, so test working name of ‑‑ Iceland, Ireland, there is already a third cable now into Canada through Greenland which is owned by teleGreenland, it's not on the picture. So the company was started 17 years ago to build the first cable FARICE 1, and in 2009 built the second cable when an older cable went out of service. We are offering mainly to service providers, so we are kind of on a wholesale market, both circuits and IP transit services. Then we also are servicing the data centre market which is a growing industry in Iceland. At just, I went back 15 years ago and see what the prices were then, and we sold things like STM 1, that was a big number one, more than 55, so that was for one provider and the same provider can today buy four times 10 gig for the same price so it's a very dynamic environment with regard to growth and pricing so it's not so stagnant.
So this was interesting, and I was a bit surprised when I actually saw this. So here is ‑‑ here are some slides from pictures from the data centres. Not all of them, this is an example. So the one on top is being built or was built in far north, and tomorrow is our formal opening of that 40 megawatt site. It has been running for a few months with a customer. We have one data centre and on the right there is a data centre. These two are close to the airport so you might see this, you will see both if you drive to the airport, if you just keep your eyes a little open and turn your head. So this is on, if you drive to the airport, this is on ‑‑ to the east, so to the left. And the other one is very close to the airport. So, and this is, all kinds of industries here, we can see some good uptake from the financial sector and automotive sectors.
Now, the reason, you know, they come to Iceland, I think I can go back ‑‑ is of course we have only clean energy, green energy and it's at a very competitive price. So it's good for the environment to calculate in Iceland. So, more about the environment here in Iceland. We are kind of early adopter of fiber to the home, we can say that started like 20 years ago and, today, Reykjavik is almost completed with fibers overall in Iceland about 80% of households will have fiber by the end of this year, and it is expected by 2025 that all remaining houses will be connected in the small towns around Iceland. Then there is a special programme funded by the government to connect the rural areas and the farmers, all the masts for the mobile stations, and by 2021 that programme will end, meaning everybody will be connected in the rural parts. So, some farmers will be ahead of some towns, probably.
So, what does that mean? It means that the ‑‑ technology is not for me. So there was a certain Tim Wattenberg who must be here, he went out ‑‑ he is there, hi, I stole your tweet, sorry. He was driving around and he found out you always had LTE connectivity in this very rural country, only 2.3 persons per square kilometre. He comes from Germany and where he probably can compare. So, this is not a coincidence, we have always been kind of ‑‑ we just want to have good services here, so and I was once in this mobile build up and probably when too far for the small customer base. And here are some numbers from speed test. We are number 2, sorry, we are number 2, Norway is number 1 in fixed mobile. This is mobile, Norway is number 1, we are number 2 and we are number 2 in fixed connectivity behind Singapore. So I think our networks are quite good.
So here is a kind of slide about our ICT status. This is done at ITU every year and we are number one so I am bragging a little. And this measures connectivity and computer literacy among individuals mostly. So we are number one. We have always been in top four here in the recent years.
Now, final slide, so a little bit you are here and here is the Icelandic weather. It's okay. It will be calm through the week. We are used to have a lot of wind here, there will be very little wind so it's nice to walk outside, just put a coat on and it's fine. It's not for T‑shirt. So stay around 10 degrees, some rain. It's considered good weather in this time of the year. We are not in Spain, okay?
So, finally, when you go down town and have a pub ‑‑ have a beer in one of the pubs, I assume some of you will do, don't calculate the price. Not your currency. And it will be much more enjoyable. So we will have T‑shirts here at ‑‑ in the coffee break, nice T‑shirts. I am wearing one of those. See you then. Thank you.
HANS PETTER HOLEN: Thank you very much, so I will hand over the floor to the next local host, Jon Ingi Einarsson.
JON INGI EINARSSON: Thank you very much and thank you for the invitation. I am the general manager of RHnet, the Icelandic NREN and I will be briefly mentioning matters within the networks.
This company was established in 2001 and I was asked to run it and we are also affiliated with in order you net the company that actually connects the NRENs in the Nordics, like Denmark, Finland, SUNET in Sweden and UNINET in Norway. And this company is a small one, I am the only employee, but we have a couple of assist ants, my network manager who has been working with me since the, he is one of those guys that work with three companies and has done that now for 20 years. And we have our five persons on the governing board that represents the shareholders. In the beginning, we really wanted to have fiber, all fiber. We didn't have money to plough it down so we were able to lease it, thankfully, and having fiber we really wanted to raise the connectivity of the Icelandic research and educational networks, and so we decided to offer only one gigabit in the beginning, which actually meant they would have to buy new equipment so they could connect to us because the connectivity was at least 100 times bigger than they had previously, at least.
Most of the problems that we had in the beginning were related to the "Huston we have a problem", meaning that we had only one fiber optic cable connect in the country and as already mentioned, STM 1 was very, very expensive.
But when we started out, if you look back, this is the day after RHnet was formed, we had 45 megabit and NORDUnet was actually starting to upgrade its network to 2.5 gig to POPs in Oslo, Copenhagen, Helsinki and Stockholm and the work went couple of months later, went very well and you can also see here the rest of Europe, the connection between the NRENs there was 155 megabit, trans European network but later on that year GEANT was formed and Europe got very nice connectivity actually in the forefront of everyone in the world. We of course 45 megabit were way too little for us so we were always complaining, we really needed more, NORDUnet tried to provide this, we got an STM 1 link couple of years later and bit later we got two and then in the end we got three but in 2008 and we already knew this was too little so we really needed something more. We got two new fiber cables in 2009, and NORDUnet was actually able to procure 10 gigabit on one of those for us and 2.1 on other ‑‑ sorry, that was ‑‑ and 4 gig. Getting to the GEANT, my time is running out, of course everything was growing very, very fast. We always got better and better networks. This is a picture a recent one, we have 100s of gigs or tons. NORDUnet is of course also the same but in the couple of years we have been really working to lower the cost of the networks and make it also more resilient meaning earlier we are always thinking about two connections per point but now we said three at the minimum which was very good and this looks very promising for us but not Iceland because we still have just two. Still, this is an overview of our network. It has not really changed much since the beginning only the speed has gone up. We established a ring which is a bigger one here and a bit later another one and we have also connected to universities in the western part of Iceland, they got the fiber okay in 2005. And as you see, things are looking very nice, this is connected to the international connectivity, and things are really looking very good for us. And has been running on this network has actually been a very nice experience for me and I hope also for my network manager. Thank you.
HANS PETTER HOLEN: Thank you very much. And the next speaker, we have a very special guest this time, the president and CEO of the Internet Society, Andrew Sullivan, welcome to the stage. Internet Society has been an organise that has been close to our heart for the RIRs, for IETF and everything and I know it's going to be interesting to hear what Andrew has to tell us about the Internet Society.
ANDREW SULLIVAN: Thank you very much. For those of you who know me I don't have my glasses on so I can't see you and what that means of course is that I haven't said hello, I apologise.
I'm very grateful to be here and to be invited this time to talk for just a minute, I won't go on and on and on but I did want to talk bit about what the Internet Society is doing and what we are planning to do, so I thought I would talk a little bit about this: What it is that we exist to do. The reason that I am talking about this right now is we just had some consultation with our own community, with members and chapters and so on, but of course also with all of you, to talk about a sort of longer term plan for what the Internet Society is going to do, what we are going to try to do over the next few years and what this means is that we need to have something crisp that tells you why it is that you have an Internet Society and why anybody cares that there is an Internet Society at all and it's this: Because to my way of thinking we need to have a very clear statement of why the Internet Society acts. What is it that we do? We want to build the Internet of course because we think the Internet is good and we want to promote the Internet model and we want to defend this global infrastructure, this global infrastructure that is I think right now under terrible attack. So we have these two priorities, we are concerned about trust, we want people to trust the infrastructure, to believe in the infrastructure to think that it's valuable, this infrastructure that so many of you are working so hard to make sure continues to work reliably it's a marvellous thing, we have built this out of unreliable parts, we should continue to trust that thing. And also, we want to make sure that people who don't have access to it now have access to it, we just saw this presentation about this country very sparsely populated in a lot of ways, fantastic access. He have been in the world deserves that. I think it's fantastic. So what is it that we are trying to do? We are trying to get a strategy for 2025, and the reason we want to have something like that is partially because by 2025 somebody else will have my job, no. The reason that we want to have that is because it's nice to have some sort of picture into the future and yet at the same time I don't really want to make long‑term predictions about the Internet because if somebody had told me this is what the Internet was going to look like when I started using it I would never have believed it. We have got a Horizon that we can kind of understand and some high level plans. We want to build the Internet and make sure that we are extending the Internet to communities that don't have it, I come from Canada, there are lots of places in Canada that don't have the Internet, don't have reliable access to it, we want to make that possible. We want to promote the Internet, the model of the Internet, this way of building networks. The network of networks strategy is the best thing the humans have ever invented in my opinion and you should take a lot of credit and pride in building that. I want to make sure that that continues to be the model that people are promoting when they try to build a network because there are lots of people who are promoting other models and I don't think that those models are good ones. And finally we want to defend the Internet because it's under attack, all the time by private actors, by very large corporations that want to own big parts of it and by governments and not just governments ‑‑ now we have got our closest friends who are telling us this Internet thing is not such a good idea. I want to make sure they understand how much baby there is in that bath water they want to throw out. That is a wonderful thing that we have that we built and we built it for all humanity and we want to make sure remains for everybody. We have to deal with the problems on the Internet, they are real ones but that doesn't mean we should stop it. We need to make sure the Internet is for everyone. I hope we will find that we are supporting you and a reliable and useful partner for everybody in this room and for the RIPE NCC and for RIPE the organisation as well, that we continue to work together because I think we have a strong partnership and I hope that we have another long, strong partnership into the future. Thank you so much for having me today.
BENNO OVEREINDER: Thank you. Yes, plenary starts. Before we start, I want to tell a little bit about the Programme Committee, very briefly. Maybe something about myself, now we introducing each other. During the newcomers' meeting one of the questions was: Who is the RIPE PC chair? It's not ‑‑ she'll be the next ‑‑ not the friendly German guy, I am the friendly Dutch guy, remember that, with hair. Okay. It's not important who I am, it's important to remember who are the PC members here. Again, if these are the people who work very hard for the plenary programme and the BoF and the tutorials in the morning. It's important also that if you have any ideas or feedback, to improve the programme for this week and for the next RIPE meeting, contact one of us. The other thing I want to mention is we have every RIPE meeting and election ‑‑ two seats, of this group are up for re‑election. So, there will be emails and some, every session will be closed with a call for nomination, nominate yourself if you want to contribute to this great plenary programme we organise every RIPE meeting. And the other thing I want to mention is, no, that is actually everything, to keep things brief, this is what we do, you know that probably already. Important, rate the talks. It really helps us. Rate the talks. It really helps us and in how well we are doing the job and what is your interest. And for the RIPE PC elections, these are important time and dates to remember. Nominate yourself before 3:30 tomorrow, you can present yourself at 4 /KHRO*BG at the start of the session, then we will do the voting, and Friday morning we will make known who are the two new PC members. Okay. Thank you. This is my part and I want to invite Olafur Guomundsson to give his presentation, what we do about IP addresses. Olafur is from Iceland. And I challenge Olafur to speak some Icelandic or some ‑‑ during the presentation. We will see if you take the challenge.
OLAFUR GUOMUNDSSON: (Icelandic) thank you, Benno. It gives me great /PHRAOURB to have a RIPE meeting here, I grew up within two /KHROPL /TEFRS this /HROERBGS one of my first professional job was in a building behind the hoe /TEFPLT welcome to Iceland, I hope you all enjoy it and this is a wonderful opportunity.
Here I am going to talk about a topic that is maybe a little bit strange when you read the title but I will explain where I come from. I work for Cloudflare, we are a big computer security company and we get a lot of connections coming in. So we are thinking about when a packet comes to our network, the first thing we see in it is the IP addresses. And sometimes we make decisions based on these addresses. There are lots of others that make decisions based on the IP addresses when the packets come in and I am going into what these decisions are, whether they make sense, whether they don't make sense and for you ‑‑ each one of you to start thinking more about can you use that as a decision point or not. But first, let's look at ancient history. Well, the Internet as we know it using TCP/IP started on January 1st 1983. It went through rapid evolution to something in the first, in the '80s and giving out addresses in the beginning, you wrote an e‑mail, you got it, no big deal. But what did you get? Well, this was the original architecture for allocating addresses. They were basically boundary of 8 bits. So we ended up with lots of big blocks and a few big blocks and some medium‑sized and because of that shall a design mistake we ended up with a small fraction of these IP space that is unusable because it was designated for research and development and lots of operating systems that have code in them says they will not accept any packets in that range.
When I got on the Internet, a few years ago, we could easily make this statement, an address is a host. In those days, every computer had one public address and one 27.0.01, local host. Every computer that was on the Internet was on it and we could say an address was an identity but it was not of a user, it was an identity of a host, because in those days, computers were very expensive so there were hundreds, maybe thousands of people using each host. Internet kept growing exponentially in the late '80s, early '90s, we ended up with this realisation around 1990 the address scheme was wrong, the blocks are too big or too small and we ended up with lots of usage and a very low utilisation so new technology called CIDR was invented based on every bit boundary /8 to /24. Over the years, we have got all kinds of things showing up that affects how we think or use addresses. This is the things are in black are probably the ones I personally consider good and the ones in red are maybe not a good factor, but others probably disagree with me. This evolution from when you could already almost all the host names in the Internet until the day when it's totally impossible, is difficult.
Okay. So where are we going? Well, because of this rapid growth, we have ended up with an understanding of the addresses that is extremely diverse. What you know based on what you do or have done or what you have learned in school. Cloudflare operates, for example, an Anycast only network, that means all of our addresses are advertised in every location we have, all 170‑plus. At the last fall, Internet measurement conference, some of my colleagues that were attending it got very annoyed at some of the presentations there that people were not taking into account the affects of Anycast on their research. So during the poster session they went around and asked all the presenters there how Anycast affected their measurements and the results. The result was 75% could not answer those questions completely. Or correctly. Think about it. In the universities and others are not teaching us correctly how we are operating the Internet today. This is scary. So basically when you hire somebody out of college or university, or off the street, they are likely to have an incorrect understanding of the Internet and need to be educated on the fly.
That brings up the next question: What do we want to know about addresses? Well, that bit depends on your perspective. What you do, how you are operating, what is is it that you want to maximise? Address is just an identifier, it helps the routing system to move packets back and forth. You look up addresses in the DNS and that just tells you where there is the nearest location. All kind of attributes can be attached to IP addresses. Here are some. But at the same time we can also look at what are the networks that we are talking about, what kind of networks are, do the networks, the traffic is coming from affect how we treat it? Are there implications from the networks that we need to take into account when servicing them? Location. He have been would like to know where we are, how many people here are seeing on their devices that they are in Amsterdam? How many are seeing you are in Reykjavik? We have, the RIPE network is a network that moves from one location to another when there is a meeting so many of these addresses providers ‑‑ address location providers so some meetings behind. And there are all kinds of sites that think they should be doing things based on your location. Sometimes it's a good thing like when they are trying to find the resource that is really close to you so sites load faster and sometimes they to the wrong thing. So, we end up with this crap‑timization last week I was ‑‑ it's quite useful if I want to walk out in a street and go to a store, I have no idea why somebody showed it to me in Australian dollars. My browser says that I have Icelandic and English as my preferences. Why are they showing me something in Thai? IP address is not necessarily a good indicator of what the user can see. When I started Cloudflare and I went on news Yahoo, I got the Hong Kong edition in Chinese and when we dug into why that was, it was registered from APNIC and somehow this place thought APNIC was in Hong Kong. It gets better. Then of course, when you get in addresses, different regions have different rules about how you can treat people from their region, EU has the GDPR, China says all logs have to be kept in China, etc.. and yeah, there are all kinds of issues that relate to that. From a Cloudflare perspective one of the things we are dealing with is how do we move track /STPHARPBD so we have 170‑plus POPs and if we turn off advertisement for some addresses in one location where does it move to? If that location is not on where does it then go, so this is an illustration of a graphical tool we are playing with to figure out how to do this. And yeah, address reputation, well, some people decided that some addresses are good and some addresses are bad, how do they make those decisions? It depends on what they consider bad. If an address in spam, that means it's bad for mail providers. Does that mean it's bad for DNS provider? I don't know. And there are all kinds of lists being sold about the quality or reputation of addresses. Always keep in mind usually there is a question about how relevant it is today because it may have been bad yesterday. Okay. There is a whole industry that are trying to figure out who is the user behind the visit to the site. Address identifies a device, or does it? Well, in the old days it did. Then we invented NAT, then we invented carrier grade NAT. Then we invented mobility. Yes, you all have a cellphone, I assume? Does any of you know how many IP addresses that device had in the last four days? Okay, how many do you guess? Somebody is saying two. Well that is probably the current address, IPv4 and IPv6. No, it's probably more in the 10, 20 addresses. Because you have gone from your home, you have gone on to cellular network and you have gone into the airport and you have gone on the airplane and the cellular network here in Iceland and now you are on the RIPE network and will give you one or two addresses, every devices that sold today can use IPv6, right? So addresses, how long does a device have an address? Well, some of you have paid up extra so the ISP you have at home will give you the same address for a long time. Most of us get dynamic addresses at some extreme, it could be hours, days, until the next power cut. It doesn't matter. And in your home, how many devices do you have? 10? 50? I don't know. I counted the other day in my devices at home, how many devices have connected to my, the network in the last seven years, and it was well over 100, and why is that? Well, it's because my kids have given out my network code to their friends when they came to visit. And I have had visitors, etc.. so it is a really high number. Oh, the address information, yes. You see this address here, it's Anycasted around the world but still a number of providers that provide IP addresses say it's in Australia. Why? Because that is where APNIC is located. My other resolver address, 1.0001, that one is actually has a physical address in Australia, in south Australia, and APNIC is not in south Australia, as far as I know. Threat information and other stuff tells you how to deal with the addresses, lots of governments tell ISPs block addresses, etc., etc.
Okay. Who owns IP addresses? Well, some of you think you own them. I think it is the same as the DNS names, you rent them. There is a shortage of IPv4 addresses, we have been fighting since the 1990s, last decade we started having a market, it's a very healthy market and it is so healthy that it has become lucrative to abuse it. This article showed up the other day about ARIN revoking lots of addresses because of criminal gathering of addresses. I have not seen anything similar come out of RIPE but I would not be surprised if that happens. Some people ask me once in a while should we borrow addresses and lend out addresses? The answer is always no. Well, I said I work for Cloudflare and we care about addresses but do we care the same way about every address? No, different services have different needs and different implications. So, there is no one contest of what we want to do with an address when it shows up.
And then I am going to give you here an idea of how many different dimensions there are in classifying addresses for various systems. What is, for example, if we look here in the category disagreeable, well you can extend that list even further. We have all kinds of decisions being made on the value of the address so if you are visiting some site with Icelandic address probably higher value advertisement than you visit from the RIPE network or if you are coming from a network in Thailand so people make decisions on buying ads on the places you visit based on where you are coming from. What message you see depends on your locations, I was really, really annoyed at one point when I kept seeing advertisements for the political elections in the next state over where I lived, not where I was living. So, the thing I want to leave you all with is, think about IP addresses as a temporal thing. It has certain value judgement related to it. If you are in the filtering business, think about temporal correctness, let's keep the Internet open and trustworthy.
AUDIENCE SPEAKER: I work for the RIPE NCC, but I am here as the chat monitor and I have a question from a remote participant. Cynthia Mya Redstrom, speaking in her personal capacity is asking, she says "I have a question regarding ownership of legacy resources, for example if a university has a /16 does the university own it or does the RIR who has the Whois information own it?
OLAFUR GUOMUNDSSON: Really good question, without seeing the registration and given I am not that much in the address registration politics I gracefully ask not to answer that question.
GEOFF HUSTON: I actually wonder what makes you more scared, it's true we have fragmented the address space really badly, and perhaps the best description of an address these days is an ephemeral session token that I borrow when the session is over other folk use it. So that's scary.
OLAFUR GUOMUNDSSON: Why?
GEOFF HUSTON: It's not the way we thought addresses were ever worked. Let me ask you which is worse: The only thing holding the Internet together right now is the name space. Is that more scary?
OLAFUR GUOMUNDSSON: I ‑‑ can I add a third scary thing? Governments insisting that every DNS answer will be unique so they can track every citizen, yeah, addresses and names are abused and used for various different purposes, and it's only if we look at it in a holistic way that we can start seeing it. For example, I recently became aware of, there are devices that are being sold to various ISPs and Internet providers that by default send out what is called a client subnet in DNS on /32 when the specification says you should never make it smaller than /24. That's scary. That basically they are trying to broadcast exactly who asked that question.
BENNO OVEREINDER: NLnet Labs. Thank you. You mentioned at the very end that people can learn ‑‑ people in the filtering business can learn from this. Do you know operators or maybe Cloudflare categorise IP addresses and have kind of a policy‑based filtering or...?
OLAFUR GUOMUNDSSON: We have some policies based on, for example, addresses that have been sending us lots of traffic, and we know it's not forged, how we use it I can't talk about. But, yes, in the last few years there has been a significant change from forged attack traffic at layer 3, 4, to SYN attacks at Layer 7, and because the attackers have realised there is nothing we can do if somebody starts using your security camera to attack various providers around the world, they can't turn you off because that would deprive them of the enlarged user base. Yes, it's a difficult problem that the NATS give us.
RANDY BUSH: IIJ. So, I am wearing my research hat. Doing Internet measurement research, there is no shortage of amomlies, what there is a severe shortage of is insight in constructive ways to go from here, and I was wondering if you had any hints for us?
OLAFUR GUOMUNDSSON: Randy really knows how to put me on the spot. Yes, I would say, realise address is not equal to device, equal is not equal to user and address is move around, people move around, it is a very temporal and transient world.
DANIEL KARRENBERG: Internet citizen. What strikes me is, having heard the presentation from the president and CEO of the Internet, and this one, is that I think ‑‑
OLAFUR GUOMUNDSSON: President of the Internet, we have one.
DANIEL KARRENBERG: That was the Internet Society. I think the Internet Society and you would do good in cooperating and actually documenting this in a document somewhere, because it's one of the things that those people attacking the Internet are using as misunderstanding about what an address is, so enlightenment in that area would be really, really good.
JAN ZORZ: We have BCOP task force, do we? You are welcome to document this there.
OLAFUR GUOMUNDSSON: Thank you.
DAVID LAURENCE: If you to make such a document add also the risk of a misattribution, we have plenty of evidence people who happen to leave near the geographic centre of a region, and Kansas or London, end up being harassed by all manner of bill collectors and police authorities and so on because they are IP address and their location has shown up as being the source of some problems so that really needs to be called a lot of attention to, at least as far as educating the people who would otherwise be responsible for bothering these people.
OLAFUR GUOMUNDSSON: Yes, I am glad you brought that up. Recently it was brought to my attention that an unnamed government blocks addresses based on unacceptable political opinions being expressed and once a domain gets on that blacklist, any address that domain has gets added to their blacklist. And what has started happening is, people who want to get those addresses blocked in that country, they have started buying domains that have expired and are on the blacklist. So they can have their competitors' addresses blacklisted.
AUDIENCE SPEAKER: Mike Burns from IP Trading. We are brokers and all those different classifications of addresses impact the value of the addresses, and what I'd like to say is, the last thing you mentioned about the temporal nature of filters address blocks move around now, whereas they hadn't in the past, they changed locations, they changed registries and a lot of things, and sometimes static blacklist don't keep up. So, you know, this is just a call for anybody who has blacklisted a particular country in their router or a particular location, to understand that those things are no good any more, they really need to be dynamic and changeable. That's all I want to say. Thanks.
JAN ZORZ: Are there any other questions? You can ask in Icelandic language but then you will have to translate. No? Okay. Thank you very much.
All right. Hello everybody, I will take care of the rest of this session as usual. I am glad to see this huge A people in the room, this room is getting bigger from meeting to meeting. So, not to waste any more time, let's listen to Ali Safari Khatouni on implications of roaming in Europe. So please, the stage is yours.
ALI SAFARI KHATOUNI: I would like to thank RIPE academy cooperation initiative which helps me to be here to present my work in such a great opportunity. So, the title of the talk is about implications of the roaming in Europe, and here, I am going to first presenting my ‑‑ the team that I was in, so I was involved in MONROE project and I was working in Polytechnic but now, I am a post dock researcher. This is outline of my talk. First I am trying to present our motivation, why we did this research. Then some background about the roaming practices that exist in the mobile network. Then, I am presenting our measurements set up which we call MONROE‑Roaming because we actually replicate the MONROE system for this measurement because it's open source so we try to use it and replicate it in a way we wanted to use it for roaming. Then I present our measurements and some results, basically I try to keep it shorter to be not to be boring so I present some parts of the results but if you are interested in more detail we can talk off‑line or read the paper if you like. And at the end I am presenting some experience ‑‑ my experience ‑‑ I mean our experience and conclusion. Here I am presenting also some difficulties about coordination that we had, it's not all technical.
So, let's start with motivation. Basically, our motivation comes from the time that EU decided to remove the extra cost for the roaming. Here, basically, says that you can use the same service and offer that you have in your home country, all over Europe. And you get the same quality in the visited country. So we started to see how this ecosystem which is called roam like home initiative is taking place, and what are the ‑‑ what are the main ‑‑ I mean, how they deploy in their network and at the end, what is the implication on the user when they are using this ‑‑ when they are roaming to another country.
So, the background: Basically, I try to present ‑‑ this is the ‑‑ let's say crowded figure but the main point that I want to present is that what is the main differences when you are ‑‑ or at home country. If you are at your home country and you want to connect to the network basically you are passing through your operator and access to the Internet. But in case that you are in roaming you are in another country, after you are connecting to the serving gateway you might ‑‑ I mean the traffic could be tunnelled to your home network and you have access to the Internet, which we call it home roaming and then the other solution is ‑‑ it would be that when you are connected to the first ‑‑ the serving gateway, you can use the same network that provide access to the ‑‑ to you, and the other solution would be that you pass through the ‑‑ you can pass through the third operator and gives ‑‑ then they provide access to the Internet. So, we wanted to see which of the operators are using which of the solutions and what are the implication on the user, experience. So, let's move to the experimental set‑up that we have. Here, as I mentioned, we call it MONROE‑Roaming because it's a kind of valuation of the roaming ‑‑ MONROE, sorry. Here what we have is we are using MONROE nodes which is basically specific device which is a kind of, lets us assume if you are familiar with Raspberry ‑‑ and each device has two modems, that can concurrently use these two modems at the same time, it's a multi‑homing St. So we are distributing this node in six country that we have partnered, the names you have seen at the beginning of my presentation, these are colleagues that helps us to make this research happen, and here as you can ‑‑ okay, here we have six countries, we have two nodes in each country so we can evaluate four operators at each time. So we have Spain, Italy, Germany, UK, Sweden and Norway. So, then be sited MONROE nodes that we have, we are also using back end that we design and we keep track of all the experiments that we are doing and also the data collected and then we run our analysis on this server. Then, what we have is that we are ‑‑ we deploy a server at each country that we have, we have six servers in each country that in the following slide I am showing the result on why we have these kind of servers. And then at the end we have MONROE‑Roaming schedule letter which is a replication of the MONROE scheduler, we use for the MONROE experiment that we are doing this work.
Okay. These are the operators that we run measurement on. So we have six countries, and in each country we have at least two operators, in some countries you can see that we have more than three operators. These are the countries that the MONROE platform were deployed before our measurements. So we are using also these operators.
The data sets. We have three months of data which is collected in 2017 and 2018, and we have 12 nodes distributed in six countries, two nodes for each country. We have 16 operators, 12 of them are ‑‑ we did experiment in roaming, four of them didn't consider in roaming scenario. And we collected more than 20,000 measurements.
Okay. So, what we have is that we measure each operator at the same time in all six countries that we have and in case that it was possible, we also measured the visited network. Let me just describe my terminology here. Okay, let's assume that we are measuring an operator from Germany which registered in Germany with a specific data plan and we distribute the same, not the same SIM card, the same operator SIM card through the all six countries and run the measurement at the same time. Okay. Let's look at here how we did it. Basically, these, as I mentioned, each node has two slots for the ‑‑ modem for the SIM card. When we run measurement in the example that I have Vodafone Germany, in Germany, the node in Germany has just one, and we ‑‑ Vodafone SIM card and we put it on all nodes that we can measure this one and the other slot we put the operators that provides service to the roaming SIM card. For instance, here in this Vodafone from Germany, in Sweden has access to the Telenor so we put Telenor SIM card on the second mode and we run measurements and all the measurements results are collected in our back end and then we run analysis on top of it.
Okay. Our measurements: First, we decided to understand what is the roaming set‑up and what is the performance implication for the user. And I present this part first. Okay. We collect some met data information, this metadata information that we get from the modem which operator we are connected, which cell, all this data can help us to understand which operators are providing service to us. Then, we run trace route to understand what is the path that we are going through when we run measurements. We also run for DNS for the other services and this we chose to do for ad providers because typically every page that you open is full of advertisement that can affect the user experience. And then we do some also simple curve performance to see what is the performance of the simple browsing.
Let's move to the results section for the first measurements. As I mentioned, we have six countries and each has a specific server for this measurement, with the well‑connected connection. And let's assume that we are measuring a SIM card which is from Germany in Germany and we run measurement toward the server that we have here in Germany and we ‑‑ and we repeated this experiment at the distribution of that and here in the Y axis you can see the empirical cumulative distribution function and the X Axis shows the round trip time in milliseconds. And, for instance, here, this 120, this curve shows that most of the people has the round trip time less than 120 seconds. Then, we try to see, okay, let's ‑‑ when we repeat the same experiment to other server which is located in UK, how this distribution changes. Basically, it's obvious since somehow obvious when you reach to the longer distance, the round trip time could be longer. Here it was something that it's well now. So, but the other scenario that we can see there, since we are analysing the roaming, let's assume that one user from UK is travelling to Germany and runs some measurements and ‑‑ his own country. And what we experience is that we have seen that, here, this curve shows that when ‑‑ the user with the UK SIM card do the measurements, it has a slower experience, which shows that we did an experiment that the GPRS tunnel is slower than native Internet. When you use Internet you are faster, this measurement shows that.
Okay, the other measurement that we tried to do is that we tried to run measurement from this SIM card to this server in Germany. So what we have seen is that the traffic goes back to UK and back ‑‑ and goes and back to UK and Germany. So what we have seen is that, here, we have seen the longer roundtrip time and the difference is huge and significant, as you can see, and here is the delay penalty that we pay because all operators that we have seen that they are using home routing solution, it means that all the traffic goes to your home network wherever it is, and you have access from that network to the Internet.
Okay. The other measurement we have done, as I mentioned, it was DNS request and response, so, we tried to see how this time ‑‑ how different they are. So what we did is that we compute the query time from the time between request and response in the DNS query, and here, we have the Italian SIM card in Italy and that is distribution in the box as you can see. And all other are the same SIM card in the roaming scenario. As you can see here, the average for the home user is much, much less than the, let's say, significantly less than the roaming user. It is because of, again, the time that you back home and then access to the Internet. So, then what we have is that we try to do some measurements for checking the VoIP of our IP application. Here, we wanted to make sure that this application are reachable. I mean, you can make a call and we also considered the performance changes in terms of bandwidth rate and inter‑packet arrival time that may affect the voice quality and also checking for some content discrimination. We considered that, because maybe when you are at your home country you have access to some content which is allowed in your country but in the second country that you are visiting it's not allowed. We wanted to see if it's the case or not, which is the rule that you are using the country. So, at the first measurement, as I mentioned, we are analysing the traffic measurement using three, let's say, popular applications: Face Time Facebook Messenger and Whatsapp, we tried to make a call and repeated the same call for couple of times, with TCP replay to make sure the bit rate on the inter‑packet arrival time complies and what we experience is that we do not observe any traffic differentiation, basically you have the similar experience with a little bit of changes but it's not significant, then we use only web connectivity test to see if there is a content discrimination and if you are also restricted to your home country or visited country consent access that ‑‑ since all the operators are using the home routing, we haven't seen any content discrimination and you can see the content at your home for instance, if you are in Italy and you have access to live channel, you have access it when you travel in Europe. So finally, some experience ‑‑ some results.
Basically, some of the experience that I'm presenting here is not technical but more let's say logistical. It was really different to coordinate between six countries, not time zones but national holiday and different limitation. And the other interesting part is we reuse the MONROE software and adopt it for our use. And dealing with some kind of custom hardware that is not really tested in, let's say, extreme scenario, we had some difficulties to make it work.
The final conclusion that we have is that we notice that all the operators that we tested at the time, 2017 and 2018, were deploying the home routing, and the ‑‑ there is a delay penalties for the user since all the traffic goes back and forth. And no traffic differentiation on content discrimination, we noticed here. And what we are actually doing right now, we are trying to understand what is implication of web quality of experience so we are trying understand if it affects the quality of experience for the web browsing we consider some famous metrics like page load time, first byte, and try to understand how this affects and this is the work that we are doing. We also want to repeat the same experiment to understand if the operators still using the same, let's say, approach for the roaming because it was close to the time that it took place, we thought maybe they didn't find any other solution, they stick to the simplest one. We believe that the only reason that the operator only use this approach is they have better accountability so they can control the user and they can control the services that you are using. That's it. Thank you for your time and enjoy your roaming. I think you come from Europe, you are still using roaming.
JAN ZORZ: Any questions?
AUDIENCE SPEAKER: Mark Tinka, SEACOM. I know you are just doing mostly the measurement and I know you did partly touch on what I was going to ask about but do you think the reason you are still seeing tunneling back to the home network is mainly a billing issue because as far as I recall a couple of years ago the GSMA did specify mechanisms for billing for local break out with roaming, considering that the EU has some kind of framework around maximum pricing for roaming for data, is there still a valid reason why you are not seeking local break out? I mean, I get it for the rest of the world, I have to tunnel back to South Africa just to roam here. But in Europe, if there is a framework legally around that, is that still really the only issue or are the NMOs just lazy?
ALI SAFARI KHATOUNI: That is an interesting question. First of all, the point is that in Europe still the price is different, I mean the offer that you get in your home country, it could be in Italy is different from France and Germany, the price can be different, and we also contacted some operators that we have connection, we wrote them and asked them why did you chose this approach? We haven't got feedback from them. And this is our, let's say, the conclusion that we could come up. We are not sure why they are using. And the other answer would be, since it was close to the, let's say, roam like home, it was 2017, maybe they couldn't ‑‑ it was the easiest way to implement it. But I'm not sure exactly why.
AUDIENCE SPEAKER: Livio Morina, Airbeam, from Italy. I saw the way you collected data, as you plan to use the same SIM card for the same operator all over the Europe, but I didn't get the point about the servers, so the layer 3 to the serves can impact the data you collected so you could have different ‑‑ different results or measurements from the SIM card of the local operator and the remote roaming operator, because they are following two layer 3 paths different to reach the server so datas could be not really 100 percent true.
ALI SAFARI KHATOUNI: Basically it's a good point. One of the reasons that we chose to have our dedicated server because if you want to use access to some services, let's say Google, Google will decide where my traffic will be forwarded so we decided to have a specific server in the network of the university, which is different from the operator network. I assumed that the question is that, for I mean your question is to tell if we access inside the operator network because it would be treated differently but if we connected to outside, it was to us it was the closest to the reality.
AUDIENCE SPEAKER: Yes, it could be related to the entire one that supplies that operator, yes. So it would be ‑‑
ALI SAFARI KHATOUNI: We tried to ‑‑ I mean, we tried to find the best solution for that.
AUDIENCE SPEAKER: SIS net. I have a question about the logistics of this measurement, the question is simple: Is it possible somehow to share the SIM card over the Internet so you could have all the SIM cards in one place and just run the measurement from over the Internet, it would make much more sense for me?
ALI SAFARI KHATOUNI: Sharing the physical SIM card it wasn't difficult. When you want to run testing Italian Vodafone, everybody should switch, put the SIM card inside the MONROE, it's not technical but it was, let's say, really annoying for us.
AUDIENCE SPEAKER: That's why it should be one SIM card somewhere in one central point and somehow sharing ‑‑ the connection SIM card sects to the GSM modem could be ‑‑ over the Internet, something like that. It should work.
ALI SAFARI KHATOUNI: The point is someone should physically enter the SIM card into the modem. It was problem, actually.
AUDIENCE SPEAKER: Florian Streibelt, MPI. One question: Did you record why or which technology your radio was connected, was it LTE or GPRS?
ALI SAFARI KHATOUNI: The metadata that I mentioned, it reports the technology that we are using and we noticed that if the operators promise that the home country to provide 4G. In the roaming you get 4G, it wasn't the case.
AUDIENCE SPEAKER: Did you record any specific differences, I know the operators are running completely parallel infrastructure for the different kinds of technology because they have legacy hardware which are replacing ‑‑
ALI SAFARI KHATOUNI: Not in that detail, what we noticed we checked that if we are measuring 4G all the nodes has access to the 4G at the same time when we run the measurements.
AUDIENCE SPEAKER: Ella Titova, MTS Armenia. I have a question relating to QS. When you are roaming and the data is going to the home network maybe there is some DPI or some quality of service implementation in the home network.
ALI SAFARI KHATOUNI: So the point is that ‑‑ I mean ‑‑ continue.
AUDIENCE SPEAKER: Ella: When the traffic is going directly in the country where you are, there is no any kind of speed limitations, but when the traffic is going to your home network maybe have some speed limitations for you and it is implemented in the home serve gateway or in the home DPI.
ALI SAFARI KHATOUNI: We couldn't find such ‑‑ I mean, from the measurement that we have done what we have seen at the end it was that the difference between the roundtrip time and we also make sure that the data is forwarded to the home network, but from the policy that you are mentioning, I am not sure if they have it or not.
AUDIENCE SPEAKER: Maybe it can be checked because every operator has its own policies in the network. And it is implemented on the different ‑‑ that is why the traffic is going from the roaming to your home network, in order to implement this, quality of service or some other policies.
ALI SAFARI KHATOUNI: So basically what we came up with, a thought that it is the main reason that the traffic forwarded to the home country.
AUDIENCE SPEAKER: Thank you.
JAN ZORZ: I have a question now from this side. So you measure the roundtrip times. Did you measure it on IPv4 or IPv6 or on both?
ALI SAFARI KHATOUNI: IPv4.
JAN ZORZ: What about IPv6.
ALI SAFARI KHATOUNI: Because the providing providing IPv4 to this modem.
JAN ZORZ|: I would like to add my experience, and maybe you should add this measurement to your future work if you are willing to continue this, because I see this is good platform. I am testing the SIM cards from one of our Slovenian providers providing dual stack on mobile and it works in majority of European countries quite well, no problems whatsoever but when I came here and connected to one of the mobile networks, I got the IPv6 address, I got the IPv4 address, so dual stack PDP contacts was established but I experienced significant problems with path MTU discovery so lots of packets didn't go through because this was a problem on path MTU discovery, and operators are enabling IPv6 on their mobile access and it would be quite useful if you would also measure this additional parameters, not just send the ICMP packet and see if it works because I experienced lots and lots of problems and I am afraid to admit I had to disable IPv6 on my mobile phone. Yes, I know. I know. It's that bad. But if I wanted to use the Internet on my mobile phone, I had to actually disable it, and I think your platform is the first one that I see that is actually enabling testing in a wider scale. So thank you for this.
ALI SAFARI KHATOUNI: You are welcome. Thanks ‑‑
JAN ZORZ: With that, any other questions?
ALI SAFARI KHATOUNI: Just one thing about your comment. Basically we are doing ‑‑ about the IPv6/4, we didn't limit ‑‑ the modem, whatever operator provide to us we used that one and in these experiment they just provide IPv4 and we didn't run experience in Iceland so I am not sure about here. We are running quality of experience, in measurement which means the ‑‑ it opens and we measure all this stuff to see what is the feeling of the user based on the classical metrics.
AUDIENCE SPEAKER: There is a project called off mow ‑‑ you can divide the SIM card and where it's used, if ‑‑
ALI SAFARI KHATOUNI: I will check that, thanks.
AUDIENCE SPEAKER: I would share my we have telecom SIM card if you need my SIM card in another place for testing, give it logically.
JAN ZORZ: Thank you.
ALI SAFARI KHATOUNI: All the data and code open to the community, please, check it and if you have any comments and discussions we can have off‑line.
JAN ZORZ: Thank you very much.
We will now break for coffee. Be back in half an hour at 4 p.m. UTC. In the evening we have the BCOP task force with two excellent documents. And future of the Internet BoF. Be back.
LIVE CAPTIONING BY AOIFE DOWNES, RPR