View Source

Table of content

Participants

Name	Short	Organisation	Comment
Stefan Liström	SL	NORDUnet
Jani Sirpoma	JS	Funet
Teemu Kiviniemi	TK	Funet
Vegard Vesterheim	VV	UNINETT
Marius Olafsson	MO	RHnet
Jonny Lundin	JL	NORDUnet
Jörgen Qvist	JQ	NORDUnet	Present the first half of the meeting
Fredrik Pettai	FP	NORDUnet	Only present during his presentation of DNS

Agenda

Introductions and setting the agenda
NREN Operational updates
- NORDUnet - JL
- SUNET - JL
- UNINETT - VV
- RHnet - MO
- Funet - TK
NREN development update
TF-NOC update - SL
Break for Lunch
DNS reflection - FP
Enterprise Architecture discussion - VV
Time to discuss other service operation
AOB and next meeting

Minutes of meeting

Introductions and setting the agenda

Following additions to the agenda was made
Jörgen will give an update from the service forum
Pettai will talk about DNS and reflection attacks

NREN Operational updates

NORDUnet - JQ
- Network upgrades
  - Preparations have been made for 100G in core
    First 100G on "pure" dark fiber will be setup between the two sites in Stockholm as a test after the T4000 upgrade.
  - There are plans to extending the fiber footprint
  - There are plans to do a tender for optical equipment as a framework via Dante
    Other NRENs can indicate an interest to participate in the framework
  - Upgrades from MX80 to MX480 in Amsterdam and London are done
  - Surfnet had some problem that made us wait with our upgrades to T4000
    We know what the problem was now and it should not affect us, but we are waiting on SURFnet to successfully upgrade their network before upgrading completely to T4000
    Stockholm and Copenhagen will be upgraded to T4000
  - Telia changing peering policy, the effects of this is that we move the peering from SUNET to NORDUnet.
  - MX480 installed in Luleå will make it possible for NORDUnet to peer with Telia in Luleå and also connect CBF with Funet. UNINETT CFB reconnected to Luleå too. There are redundant paths from Luleå (within SUNET) back to Stockholm.
  - MX480s deployed in Oslo and Helsinki to allow redundant MPLS connections
- Fibercut in Denmark
  Big impact on the IP services we provide.
  Connections to Amsterdam and London were affected
  Manual traffic engineering, and rerouting of US traffic using transit instead helped mitigate the situation. Transit providers were however also affected with congestion in their networks
  A meeting with fiber provider to figure out why the routes were not as redundant as expected will be done. A proposal will then be discussed for a new setup within 8 weeks that will give NORDUnet the expected redundancy.
- New NOC manager
  Jonny Lundin has been hired as a new NOC manager for NORDUnet.
SUNET - JL
- SUNET DCN network unstable, looking at redesigning the DCN network
- Testing MPLS connections as a compliment to pure IP
- eduroam extension outside campuses almost done, now eduroam is available at Swedish airports, major railway stations and many city hotspots in university cities.
  More info on meta.eduroam.se
  The setup is done using an IP tunnel to controller, back to Radius and DHCP (within SUNET) and onwards to the Internet
- New project model developed for SUNET services
  http://www.sunet.se/Om-sunet/Strategiskt-arbete.html
- The SUNET sync service (Box) is now in production.
- Survey service tender is completed and the installation of the service has started.
UNINETT - VV
- Olaf Schjelderup is leaving for position as technology director with
  Norsk Helsenett. Vidar Faltinsen taking over Olafs position from dec. 1st.
- The Norwegian Health Network (Norsk Helsenett) is owned by the
  Ministry of health and care services. Approximately 100 employees and
  our headquarters are located in Trondheim, with branch offices in both
  Oslo and Tromsø.
- System Services
  - SIP
    UNINETT SIP telephony infrastructure rollout continuing: 5 new
    institutions, 18.000 numbers ported since june, UiO the biggest with
    14.500 users. 37% of total customers numbers now on SIP.
  - NAV
    Employed new NAV-developer John Magne Bredal working
    together with Morten Brekkevold. Presenting NAV at workshop at The
    Academic and Research Network of Slovenia (ARNES) late november.
  - RIPE news
    The policy for handling of legacy internet resources
    is about to be posted in its second and more polished version.
  - Monitoring for hosts/system services
    Evaluating replacement systems for our host/service monitoring system (hobbit).
    Looking at icinga(nagios) and zabbix.
  - Configuration management for host/system services
    Evaluating replacement systems for cfengine2, looking at puppet.
- Network
  - NyÅlesund cable project
    Still some tender work (round 2 with suppliers), new survey needed to "sysselmannen".
    UNINETT seeking government support for financing of 2 cables. Olaf is heavily involved
    and will continue running this project in agreement with his new employer.
  - Continuing rollout of 10 gig to customers and in core
  - Running 100Gig in production, trondheim-oslo
  - Work started on new fibre-ring (CWDM) in Trondheim (Frode)
  - Collection of IPv6 trafic stats implemented, from Juniper og ASR9k-routers
  - Finished renumbering and securing the core with ipv4 and ipv6 filters.
    Work that started when Kaisa visited from FUNET (Rune S)
RHnet - MO
- Secondary schools have been connected to RHnet, which gives a lot more customers and connected institutions.
Funet - TK
- CBF to Luleå completed, BGP sessions setup yesterday.
  Not using the connections yet, internal routing changes needs to be done before the third connection is put in use
- 100Gb testing between Espoo <-> Oulu and in Helsinki metro network
- CPE routing service is getting more popular
- Internal documentation tools being updated
  NORDUnet NI considered, but the evaluation showed to much adaptation needed.
  Building a database with datamodelling for services and datacomponents (network inventory).
  Goal to have it operational spring next year.
  It will also have links to other systems CSC is using.
  AP Teemu, send Stefan their datamodel

Service forum update

Lots of talk on procurement, specially services that we do not produce ourselves.
NORDUnet going to rerun the mobile and desktop synchronization tender on behalf of SUNET, UNINETT, Funet and possibly Deic.
It was discussed how we put a framework in place for running these procurements, lots of legal aspects and how do we create a generic model that works for all Nordic countries, how do we handle software development for services (e.g. connecting the federations)? These topics will be continually discussed in the service forum.
Roundtable on the service outlook for respective NRENs:
RHnet - only network
UNINETT - more services are being developed, offered and used by customers
Vegard think it would be useful with more coordination or discussion between the respective NRENs about the service operations
Funet - also seeing more services (other than network) being relevant
E.g. Filesender service in production and use

NREN development update

Splunk - there is a model for doing it collaboratively. Fairly simple but expensive, however there will approximately be a 50% gain when doing it together.
NORDUnet will write some information and a proposal that will be circulated to the NRENs.
NORDUnet is putting NCS in production to automate filter (AS-path and prefix) updates on routers
Funet use scripts for AS-path and to mass configure core routers

TF-NOC update - SL

Last meeting in Ireland in June
Developers from Icinga and Cacti presented
Teemu presented how Nagios at Funet were used
Next meeting 12-13 December in Poland
Topics are among other things project NOCs & ticket systems
Jonny asked about which ticket systems are used in the respective NRENs
RT in UNINETT, Funet and RHnet. Redmine also used in UNINETT

DNS reflection - FP

There have been some DNS and reflection attack recently against Swedish government organistions and banks
Reflection attacks are "powerful" but relatively few. It is possible to amplify the traffic by easy means of using a reflection attack.
Pettai will start patching the DNS (authorative name servers) servers in SUNET and NORDUnet to limit the possible
amplification achieved with reflection attacks. Pettai recommended the other NRENs to do the same.

Enterprise Architecture discussion - VV

UNINETT has recently started looking into "Enterprise
Architecture", partly based on ideas from TOGAF. One aspect of this is
the concepts of "service lifecycles", ie the processes for establishing,
maintaining, and decommissioning services, and the different roles
involved in the different phases. Related to this again are the
procedures for service operations, where of course the UNINETT NOC
plays a central part. UNINETT has started using BPMN (Business Process
Modelling Notation) for describing processes, and Håvard Kusslid and Vegard have
been responsible for drawing processes related to Operations. They have
tried to reuse some concepts from ITIL in their work. This work is
ongoing, but they are curious about whether other Nordic NRENs have done
any similar work.
Stefan - SUNET have looked at simliar things but to a very small extent
Teemu - Finish universities build their own enterprice architecture
AP Vegard - send example processes and datamodel

Time to discuss other service operation

VV - Would be interesting to discuss the different datamodels (over email or at next meeting)

AOB and next meeting

F2F meeting in Copenhagen, late March or early April
AP Stefan - setup doodle for next meeting