Like last time, I took part in a UKNOF event/conference. Usual interesting stuff, here's the talks I found interesting.
Apparently there's a 5th network operator in the UK! Vodafone, EE, Three, O2, and Telet. I had no idea. Telet “focuses on areas ‘left behind’ by major projects” - a nice goal. They've also architected around small deployments rather than large towers. Something I think most people would prefer. I certainly don't like towers, and I have no problem sticking something on my roof. After all, I've had a double discone antenna for SDR up there for years. A Stand alone 5G deployment uses HTTP/2 for signalling. It might be a good fit? I don't really know. HTTP becoming the lingua-franca makes me uneasy. Their (Telet's) core uses Kamailio. I'm a little surprised they'd use Kamailio - it's a really great bit of free software, but I see a lot of businesses around ourselves (in the VoIP space) using dedicated equipment like Cirpack.
An interesting interface/service built on Kibana/Elastic. A flow monitor exports data on traffic and connections passing through a router to a collector. Nimbus ‘enriches’ the data passed in, adding ASN and reputation data provided by Team Cymru. I could see it being very useful. More interesting that Nimbus is UTRS - the Unwanted Traffic Removal Service. Which seems to be a community-centric project for distributing blackhole routes. You peer with Team Cymru and share attacker's addresses, other people peer with Team Cymru and share their attacker's addresses, and Team Cymru themselves share a single unified list of these malicious addresses/ranges to everyone they peer with.
Route leaks suck. I've suffered only one before - that larger leak from an ISP in Brazil last year. It didn't cause a massive issue, but I probably lost some hair over it. Route hijacking I've not seen in person. I've certainly seen address spoofing - sipping-raw only works because it's possible, and I've done worse. Anyway, the MANRS project is a general concerted effort to push forward best practices for network operators. Interesting stuff, but there's not much to say on it. For me it was more of an update on the rollout of things like RPKI.
In general, these services developed to help maintain the global internet are amazing. MANRS Observatory and RIPE Stat/Ripe Atlas are far better (and useful) than I'd have expected from a free service.
Somehow I missed the term XDP. I knew about eBPF. I'd thought about whether it would be worth looking into writing a Cillium module to properly apply policy to SIP in a Cillium deployment. I doubt anyone else is going to write it, given the state of UDP support in the Kubernetes landscape. My understanding is that eBPF is what you use around the socket, whereas you'd use XDP for something closer to the interface / lower down. Or potentially where you'd be doing things with tc? They're not the same sort of thing, but they're in a similar position.
RedHat have a decent page on getting started here, but the presentation was otherwise a lovely introduction to using XDP in the context of augmenting a DNS service. I could see myself using it at some point in the future.
Man, Aaron Turner is great. His presentation was around how Dark Halo was used and deployed against western businesses and organisations in regards to Office 365 SSO. I wasn't surprised to hear that people should be using 2FA hardware tokens instead of, say SMS. The mess that is SMS security isn't a new thing. The whole thing was riveting, really. I'd love to see him come back to a future UKNOF.