These are unedited transcripts and may contain errors.

Closing plenary

Friday, 18th of October, 2013, at 11 a.m.:

SHANE KERR: If you could come in and take your seats, we are going to start our last session of the meeting here, of the gathering. We are going to start off with another plenary presentation by Andrew Yourtcheno. Take it away.

ANDREW YOURTCHENO: So ?? have some explaining to do later and that is what I just did. So I will have some explaining to do about what I am going to be talking about. I am not going to be talking about the CGN, I am going to be talking about taking the new technologies that are coming there to replace them, and ensuring that those technologies run not on PowerPoint but on real hardware. Before the real hardware hits the shelves of the stores.

So, but before I talk about the practical steps, I will talk a bit more about the technologies themselves that we are talking about.

So post IPv4 technologies, that means that you don't need any stickers from me or I actually took some stickers from him, so I can distribute them in, your access or Core network. That means you have already deployed IPv6 and all of your network supports that. So with that, you can start to think about providing IPv4 as a service on top of v6. And what kind of technologies are there to do that?

So first one, is dual stack LITE. That is already pretty much mainstream technology, almost, so basically you have the CPEs that take IPv4 traffic and encapsulate it and sent it towards the AFTR and that decapsulates traffic and does the CGN on it. So it's great, we get rid of IPv4 on this edge, all in although we still keep a lot of state on the F T R so we have CGN that takes the encapsulated traffic in.

The next step, you know what, we don't want that much state so we will try to push this back where it is currently most of the time, so it is on the CPE so you push the NAT functionality back to the CPEs but the problem and why we started to concentrate the NAT on the CGN is you don't have enough IPv4 address so is you want to share them more effectively. How to do you do? Thank? Simple, you don't give the full address, you give the address and some port range so you give only slice of the full IPv4 address to each CPE so more than one CPE can share the IPv4 address. So some of the CPEs get the same v4 address but different port ranges.

Now it's all great because we have built all this fantastic nice, clean, new address that IPv6 network and then we do this. So, we concentrate on the functionality in the same place. Can we, somehow, reuse the inherent properties of addressing of the v6 network? Well, the ?? there is a way to do that and there is a way to do that to explore it, the natural aggregation of IPv6 routing, so that is called MAP, and how can we do it. Before we go into details, let's return back to the idea of lightweight 4 over 6.

You have the Map on the CPEs and you basically allocate the slices of ports to the CPEs. But you have to keep the knowledge about which slice went to which CPE as a state per subscriber both on the CPE and on the FTR. So in the case of MAP, we replace this knowledge with the algorithm, and when you need to define your IPv4 public address, well you probably have at least for a group of your subscribers you have an IPv4 prefix from which you give the addresses. This prefix itself you can pre?provision to the CPEs because it's the same for all of your subscribers. Then you need a certain number of bits which you can add to this address and you can determine what is the exact public address for the CPE. But also because we are giving out the slices of ports, we need a little bit more bits to determine which slice does the CPE get. So, we effectively need some kind of unique CPE idea that we can put in this bits. Turns out we already have it, and that is the DHCP prefix allocation so the prefixes that you allocate to your CPEs are, by definition, unique. And you can arrange the things in such a way that the difference between the v6 Supernet from which you allocate the prefixes and the actual prefix length, is such that you can use those bits to determine the v4 public address and the port.

So, as an example, you take/42 from which you allocate v6 and this /56 is your prefix allocated to the CPE. So this bits are unique by definition for each of the CPEs.

And you can use them, of course, with the subnets and everything. So, you then take the statically pre?provisioned IPv4 prefix and take the missing bits to determine the v4 public address. The remaining bits go to determine the port set ID.

Now, why are they in the middle of the port number? And they are indeed in the middle of the port number. The reason for that is that you probably don't want to allocate the ports below a certain value, so if Jan gets the port 21 for going out or maybe port 25 for his web browsing, I suspect you won't go very far. How can we solve that? If we take those bits on the most?most side that means that the v6 prefix number 0 cannot be allocated, but that is not good because that means that we deck at a time with our v4 service, we dictate something to v6 addressing. We don't want to do that. So we start to shift those bits up until we hit a position where there is no restriction on the values any more, and then we tell CPE, you know what, you are not going to use the upper bits whenever they are all 0s, so these bits have a restrictions when you allocate the ports, and these bits are constant and these bits you, again, have no restriction. So then it becomes a job of the CPE to select the correct port. As a side effect, you have a fair distribution, so every one of the CPEs gives up a small portion of their port space to contribute to this wasted low port, and those wasted low ports can be reused somewhere else.

So, of course, it's always better to do the hands?on, so that is a slide from a couple ?? a couple of more slides from the presentation that Mark did a couple of RIPEs ago. We have a tool where you can play with various prefixes and see how the allocation works.

Now, after you determine the addresses, you basically did the NAT portion and then the second portion is sending the traffic from the CPE to the BR. This you can do two ways. One of the way is encapsulated, pretty much like you do in case of DS?Lite or lightweight or the other way you can go one to one transformation of IPv4 header into v6 which then travels over IPv6 only network to the BR which does the reverse transformation and sends it to v4 only network. The interesting bi?product is the packet looks pretty much like a real IPv6 traffic, if you see the Skype traffic there, you say Skype supports v6, I hope so, sometimes.

So, there is work in IETF going to make the standards and so on. But really, why I wanted to talk to you about today is running code. So, all the presentations and standards is great, but it's better to have running code.

There was already written and tested by the folks in Brazil, there is an IETF draft describing their experiences so the short summary is that everything you suspected work, does work. Everything you suspected break, does break. So active FTP obviously breaks. But it's on the other hand, 2013, the end of it.

Another thing that we did was, we did an interrupt test with the Cernet code and a couple of my employers' boxes so AS R 1,000 and 9,000 so the 9,000 supports both T and E and one though supports only T when I talk about ASR 1,000 I also mean ?? I tested the MAP T, that is a router you can download today and run on your laptop.

Because we are doing everything in the algorithmic fashion, we can do it all pretty quick, because we don't need to send to the big and smart device that figures out which state is this and which session is this, so we can do everything pretty much, so on the newer line cards for the 9K you can do MAP E and MAP T at the line rate. That means that you don't ?? so the process of translation doesn't have an impact of the traffic and capacity?wise you are in pretty good shape. So the 1K figures of course are less, so the one that I have seen was somewhere about 17 gigs by ?? 1K box.

I don't give the exact figure because I don't know what the exact hardware configuration was in that case.

Now the CPE code, thanks to Cernet folks, is on GitHub, so if you can see it you can download the code right now. And I decided to make my own CPE with this code and do some more testing. So, next few minutes I will talk to you about to to make your own CPE.

So first decision, do you use MAP E or MAP T? For me, it was a question of wait. The R on 9K is pretty heavy and I wanted something lightweight and easy to deal with, so I picked this ASR 1K so the choice was easy, so I picked MAP T

The CPE software opened up.

Hardware: These are the platforms that I used. If you want to do it really, really cheaply, you download this, the 1,000 K and run 36 VL, only bits required. At home currently I have a MAP CPE that runs off this one, it's really cool, it has five gigahertz radio which is handy. And for the portable set?up that I made, I actually used the second from the top so it looks like this, it's not too big; it's just around the size of the matchbox. But none of them ?? all of them work fine.

How to to get your build set up, you take the vanilla Linux distribution, Abuntu server, install a bunch of packages so I am not going all of them, wait a little bit, five minutes, and it's all done.

Next thing is you pool the current code of the OpenWRT using it, so you pull the current meeting edge trunk into your build environment. And again in blue, the command to do it.

Then you install all the additional packages that are required for building the OpenWRT because it is made in a nice way that allows you to configure which kind of stuff you in your default build and that is one of the restrictions I put for myself is that I don't want to have to manually fiddle too much and install 15 packages after installing WRT image, so with this configuration system you can fairly easily select what you need and and depending on how big your server is you can take a coffee break or a map because it needs to pull out quite a lot of stuff and compile the compiler that you need to trust as well, and eventually you get a CPE image. So it's all great. But where is MAP in this?

I looked at what was available from the code that AS OpenSource and there is two implementations. So there is one ASA map and the Cernet CPE that I already mentioned. The ASA MAP is distributed as either ? a image or series of patches to the kernel. So, even though I did play a little bit with the kernel but patching the kernel on the OpenWRT that is bit tricky because they can change it and and it's very hard to keep in sync. I took the Cernet code which is distributed as a kernel module that you can build. The provisioning of it is very user friendly. That is here. So of course you need to set a lot of parameters. I said no, in no way I am going to type this manually, that is not the CPE, it's a bit too much hacking involved. So, there is of course a better way, there is a work in progress in IETF which talks about provisioning the map CPEs and in the late revision that is lightweight 4 over 6 using DHCPv6 and basically takes all those values that are static that you need to provide because, remember, I told that everything is static except the embedded other bits or the CPE number, that is taken from the DHCPv6 and a half gets delegated, so you can take a bunch of bits and you can send the blob over the DHCPv6 statically to all the CPEs, so all of this, all of what this draft is about is it talks about how to pack these bits into the blob so that everyone could agree on that.

Hard work.

Now, the client on the OpenWRT that I chose was called OD HCP 6 C, very nice hooks, you plug in the testing scripting so it calls the script whenever it executes, whenever it gets the prefixes so you can put whatever hooks you want and that is what I wanted to do. So it was very easy to do the first implementation, less than one day, a few hours. The problem was that I was doing it on this very, very small box. Its CPU is not very fast and shell scripting, as you know, involves a lot of calls to other programmes and execution and so on. So by the time the calculation of the parameters has finished, the DHCP client turned out. So that didn't work too well. I needed to do a rewrite. So I decided to do it in C, because if you go, go all the way. And again, that is the URL that you can grab the C version of the provisioning tool and what it does, it takes the environment variability and then it speeds out the CLI needed to configure the Cernet CPE so I entirely abstracted all the complicated stuff and reading the manuals into the programme itself.

And the final integration likes like that, then calls my little C thing, which then configures the MAP CPE portions of the MAP, CPE module in the kernel.

The problem with this is that this blue frame is not in the standard package, and remember I said I don't want to have a separate installation and figure with additional packages. So if do you develop the custom stuff, how do you add it to the OpenWRT image? And that is where we are talk about the ways the OpenWRT is in software. So the smallest unit is packaged so that is like any standard software package, it describes how to build the code, how to install it and so on.

It's also very nice in in terms of retrieval, you can store your source anywhere, but the tricky portion is that in this case I needed to have two packages so that is, again, too many changes to do. So that is where I decided to take a different approach and use a feed, so feed is a collection of packages. And the way to add a feed is just by editing one line in the OpenWRT file, in the build environment that tells which feeds you are going to import. So as a result, all you have to do is to add this feed line, fetch the packages, select the check box in the menu and compile and you are done.

So, that is, again, an URL with the feed itself, and it has the instructions on how to add it into the default build of the OpenWRT. I like living on the edge, so this is something you need to test on the latest OpenWRT code if you do.

So with this I was able to build a small demo which I am not going to show you because I don't want to disturb the spectrum too much but I can show you later. So this is the entire configuration on the ASR 1K and this configuration, as you see, we have only /32 of IPv4, I don't have many v4 addresses and the share ratio is 16, so with this config I can support 16 CPEs. If we put the share ratio to 56 then the exact same configuration will support, so if we change the IPv4 prefix, then, again, we can support more CPEs. So that is one of the key principles that your configuration scales with the number of the domains and not with the number of users. So as soon as all the users feed into the same domain, the forwarding, the config is exactly the same. Which is nice. And then with the DHCP, it comes with the allocated prefix so the prefix delegation CIX in and DHCPv6 MAP option which again is a static value so you don't need to modify your serverer it comes with CPE and the CPE configures itself.

How do you make this option? It's, as I said, a blob of bytes. You can make it by hand and I did that until I got bored, because it's too much typing, so I made a small Java Script as part of the whole software package. Don't look at the so, because I put the comments there with very bad words. So it takes as an input the config of the ?? probably later I might integrate with the six slab gooey but takes the config off there and either the BR address or the direct mapping rule for the MAP?T and outputs either the environment variable, the way the DHCP client will return it or the ISC DHCP ?? server that I use, that you can just copy paste into the ISC configuration and you are done.

So the end result is the DHCP provision MAP CPE, I am not going to show the demo here, if you want that is the URL of the video I did back in June. But that is where we are pretty much at the end of what I wanted to tell you, and probably some of you saw the video that I once made that was intended to be about IPv6 but then everyone took out that have that NATS are good, so here I would like to update the tag line is maps are good from now on, please use that. And there is a MAP TCP or ECP because it also supports MAP E that you can use as a proof of concept device to try out the technology itself, so don't expect huge performance of it because that is at least as far as I know, that was not yet taken into consideration by the Cernet folks, but you can at least get a taste of how it works and if you have any difficulties and you don't want to be bothered with all this compiling and so on, ping me so my user ID is on the very first slide and after at, at Twitter or Cisco or anything. You can find some RFCs which have my phone number. And since a couple of weeks I actually moved full?time to MAP CPE and I am happy to say that there is nothing to report. And again, the reminder is that, yeah, you are free to talk to me or if you cannot do that, so if you need some stickers, I took some stickers so I can give you some more. Thank you.

CHAIR: Thank you, Andrew, for an interesting presentation. Questions? Any questions? No questions. So it seems that there is a question.

AUDIENCE SPEAKER: Blake Willis: So, we had spoken a bit earlier about what to do with the clients behind the CPE in terms of dealing with, you can't expect the use tore turn off IPv4 on the box but either a client with maybe you are going to feed them a dummy DHCP and do some 464 or deal with answering ARP for anything of an unconfigured client in v4 land.

ANDREW YOURTCHENO: I actually thought I should take that controversial topic for separate conversation maybe next RIPE because that is a bit too controversial. You can definitely take that a bit further to the extreme and whereas currently a lot of NATS do the end point independent mapping where if the local host has port thousand 24 then the outside address has port thousand 24, but because you move the translation again close to the host and CPEs, they inherently know how to interact with all the applications and maybe applications will even implement PCP where the translator can say no, no you are not going to get that port, I will give you this port so then probably it can be even, the requirement for ports can be even shrunk down further, so the extreme will be on the number of ports that the browser can open to a single server which I think somewhere Firefox about 20, if I remember correctly. So put a 32 and then, well, yeah. You are going to have quite a few possibilities to have the CPE.

CHAIR: OK, thank you, Andrew.

So, the next presentation is the RIPE meeting technical report by Menno from RIPE NCC.

MENNO SCHEPERS: I am part of the technical team, you have seen these faces probably walking around the place, we have set up the network here before the meeting started, and basically, there is lots of preparations for that going on and that is why you see these guys. There is Colin, Dave, who are new on the team, John is there in the corner, he just recently left the team, he was here until Monday, but he is going to work somewhere else.

RIPE NCC I like I said, there is lots of work involved, prepare a lot in the office in Amsterdam, lots of flight cases with all sorts of material because we do webcast, we do wireless network, but also there is lots of other stuff being shipped, like the give?aways that you find here, like T?shirts and such. But this was two weeks before the meeting, when we shipped, and fortunately, everything arrived properly and everything was working. In the corner on the upper left corner you see the routers that we have been using and there is fibre interconnects between the different rooms and we have put our switches there and, yeah, that is kind of how the set?up looked for us, and we brought a couple of servers there on the left that ran a couple ?? servers providing DHCP and DNS and such. Also on the slide with the routers, you see the Cisco that Andrew and Marco used for the IPv6 experiment.

So the up link was provided, well the fibre provided by Forthnet and GRNET provided the connectivity over it, so very simple set?up, one fibre and a fibre link was gigabit and we used that one the whole week and the other link was 35 Mbit, the backup link but fortunately we didn't have to use it. And well, fortunately, because ?? as you can see, here in the network statistics, we went well over 35 Mbit on average, well during the peaks of the days, and IPv6, the IPv6 graph shows that we had quite some IPv6 traffic and even if you compare it to IPv4 it's getting quite close to match each other, maybe next meeting it will be more than v4, who knows.

There is the DHCP leases from graph, showing that we had around 600 active leases during the meeting days. Yeah, the wireless that you have been using consists of 2.4 gigahertz wi?fi and 5 gigahertz wi?fi. On the 2.4 gigahertz, and we only have three channels available, basically, and you can see that, here, it's channel 1, 6 and 11. Channel ?? the channels in between you can't use them because, as you can see, it overlaps on a couple of channels, so basically you are start with 1, 6 and 11.

On the 5 gigahertz network, you have much more channels available. As you can see here, there is eight in ?? yeah, because of this, the experience you will have on 5 gigahertz is probably much better than on 2.4 gigahertz band. So, yeah, people reporting problems to us mostly were on 2.4 gigahertz band. We have tried our best to provide as good as possible service on 2.4 gigahertz but because it's so many people here downloading a lot of nice things, it was quite busy on that network, too.

Here, we see a distribution of the usage of the wireless and as you can see, it's light blue shows the 5 gigahertz network, that is 11 NA, and dark blue is the 2.4 gigahertz, so it's quite an even split, but on 5 gigahertz, as I said, much more channels available so a nicer experience.

This is a slide showing a bit the client OSes ?? 6 is quite popular here and also the ?? the other Apple products but there is also a lot of Android and Windows of course. The 9% unknown, I don't know what that is. Maybe you guys can tell me. And there is some Linux, of course, as well.

But, yeah, apart from the wi?fi and the network, we also do some other things like we have a presentation system making sure that the presentations are smoothly or that and you don't have to wait for next presenter to be ready. Everything is there. And there is of course, the stenography and we also have support for remote participation over Skype and that is all set up here.

There is webcast, didn't change much from the last time, we provide an RTSP stream and flash RTMP stream and of course it's available through v6 and v4.

Yeah. That is what I had to say about the technical report. Thank you.

SHANE KERR: All right. That was the last of our normal presentations, we have got a couple of lightning talks to finish up the session here before we end the plenary part. Will, do you want to start?

WILL HARGRAVE: Good morning. I am technical director at LONAP and I am just going to present quickly about a little trick we have used to reduce the impact on maintenance on Internet Exchanges. So let's start with some basic stuff, what is an text, most of you know this stuff, a switch fabric for interconnecting networks, what is the control plane, how ?? it's actually BGP in there, it's not a great protocol for this, when you think about it, this is what is in there. Let's look at what happens to production traffic when you do maintenance on the Internet Exchange. Now, we are engineers and we love diagrams so you are gong to have a diagram now. Basically, you have a bunch of switches at the top, you have some routers at the bottom on this diagram, you have a BGP session between the two routers. I am going to do some maintenance on one of the switches in my Internet Exchange, maybe I need to reboot it for software upgrade. I have stood on one of the switches, what happens next? Well, the two routers at each location they sit there, they can't reach each oh they sit there and say where is is my peer, the other end of my session? The traffic is not being sent anywhere. And we are waiting for the BGP whole timer to tear down the session. 90 to 100 seconds later the whole timer expires and we stop black?holing the traffic. For that period of time we have dropped this traffic on the floor, that is actually not great. That makes for bad Internet. So, actually we are doing this wrong, we need to turn this around. What we need to do is tear down the control plane at the start of our maintenance window, stop the traffic flowing and then we do the XIP maintenance. Now we don't have access to the routers that the service providers run, so, how do we do that? Actually, we can put layer 4 ACL on Internet exchange port, a slightly disgusting idea. Let's take a look. Here is some ?? this is a fix stream X OS. We have basically the source address of the peering LAN, TCP 179, we all know that, we basically drop it on the floor and apply at the start of the maintenance window we wait for the traffic to go away, and then we do the reboot to the maintenance. And that is basically it. And obviously, you do this for v6 as well as v4 on the ACL there. You need to block the BGP traffic in both directions because otherwise the session will re?establish in the other direction because there are two active peers and they are talking to each other and that is why there is two standards in the ACL there. And obviously you need to do this for v6, too.

That is basically it. We tested this during two recent LONAP maintenances and we believe we have reduced the badness that is caused to the Internet and I would like to ask you if you have any comments or questions on this idea.

SHANE KERR: I would have a quick question, I think it's a really cool idea, did you actually monitor the sessions to actually watch them drop and everything?

WILL HARGRAVE: Yes. So what we did is, we have a collector, we have some route server and traditionally when you are an XIP operator you do something complicated with tearing down the different route server sessions, in reality this technique is even easier than doing that. And yeah, we look at the sessions going down and also we just look at the live traffic and you see the traffic drop off to zero bits.

RUEDIGER VOLK: Deutsche Telekom. I am not quite sure whether I think this is so cool. As a purist, one might ask, do we really want to have layer violations.


RUEDIGER VOLK: Kind of very short two questions. Well, do we have any idea whether BFD would help to do exactly what is needed there? Second question: Why is it not used more?

WILL HARGRAVE: Reason ?? BFD would be great on Internet Exchange and it would solve lots of other problems too. The reason why it hasn't been deployed, people are lazy and the platforms suck. And I can see from your response you know that.

So, being a practical person, I am an XIP operator and I just want to make a better Internet and this is what I have been doing.

AUDIENCE SPEAKER: Blake: I think this is a really good idea especially given the majority of exchange members probably don't have things like vast external fall?over configured, they don't have BFD. For the ones that do, it's probably a lot slower than just dealing with vast external fall over, if you were going to hit the port, rather than waiting for TCP to time out, it's certainly better than the alternative, control planes working and forwarding planes not, while it's booting up but it does break fast external fall over.

WILL HARGRAVE: Yes, the problem is it's asymmetrical, you have multiple switches and you turn off one but not both ?? both peers don't have a full view of the situation from a link down.

AUDIENCE SPEAKER: What I maybe should have said was maybe an acceptable alternative would be some kind of scripted or net conf that would chill all the edge ports first.

WILL HARGRAVE: The problem is you have a complicated XIP and you have multiple switches so multiple sites and you only do the maintenance in one site normally. You don't reboot your RXP at once normally.

JEN LINKOVA: I definitely don't want any H port going down or BGP session going down without maintenance because I receive an alert and I have to investigate what is going on. I personally prefer to get traffic way on my site so I make sure that after your maintenance, my session is up, is not affected every 90 seconds because of some issues on the fabric.

WILL HARGRAVE: Yes, I think you might be an example of a diligent person and most network operators are just lazy so they don't bother to read maintenance notifications or do any work here.

CHAIR: A comment from myself, that this also applicable to other areas, not only in XIPs, where there is a carrier network and wants to make maintenance there?

WILL HARGRAVE: I think it's less useful for that, because in that case you control the equipment. The situation I have here is that I don't control the service provider routers, it's run by some other people.

CHAIR: In our case, for example, the other side is the customer routers and there is a carrier network in between, so we have exactly the same situation as in an XIP.

WILL HARGRAVE: If you are running a Layer 2 network, yes. I agree. OK.

CHAIR: Thank you very much.

And the next lightning talk is from Gordon Lennox.

GORDON LENNOX: Good morning. This is not my first RIPE meeting, in fact I think I am in my second decade of RIPE meetings. I used to work for the European Commission so policy, blah?blah?blah, or Peter would say la la la. I retired from the Commission over a year ago but somehow I keep being dragged back into policy discussions. So this morning, I am going to tell you what the Internet is. No, I am not going to do that.

What I am going to do is a lot of what other people do here, I am going to share a problem I had with you, and then share my response to that problem and then see whether that makes sense to you, like ?? I need feedback OK. This is defining the public Internet for other policy folks, not for you guys.

My big problem is in the rest of policy land, there are other policy folk and they want to make rules for the public Internet. Luckily, they all understand the Internet, because the Internet is so easy, right? And I was surprised to find out that apparently it weighs as much as a large strawberry, it's on the Internet, it has to be true. I still need, when I am having discussions, simple definitions, simple non?confusing analogies, simple concepts, I cannot refer these people to RFCs, they are not going to read them, so I need something a bit more robust.

Anyway, the Internet. Global network, computer networks, we use the Internet protocol. We are cool. And all of those networks are private and have five alls and access controls and so on and so on. So what is the public Internet? That is the thing we are trying to play with? What is the public Internet? Now, in the discussion about neutralitying, people came up with easy definitions, the public Internet is the Internet. Easy. As part of that discussion someone else said, network neutrality is the five 0s, all origins, all destinations, all ports, all protocols, all content. No, I am not very comfortable with that. In another discussion, the public Internet is publicly accessible, electronic communication network networks, Internet access, publically available electronic communications services. That is language from the EU regulatory community, and, somehow, despite having been on the Commission, I am a little bit nervous about regulators defining what things about the Internet. Because they are not here for the most part. A few are here but not always that many.

So it's not that good.

So, how to talk about public Internet. Inspiration from old ideas, being here for a long time, software problem, another layer of indirection. Security problem, pretend there is a global PKI. Draw up a layer? So, I have got suggested definition of what the public Internet is. It's not a network, it's not a network of networks; it's services. The public Internet consists of the services that others make available across the Internet. Those services may be freely accessible, the DNS is an amazing example, require registration or identification or require payment but they are the services that others make available.

I like this definition myself because I think consumers can understand it, they probably refer to it as Google, Skype, Twitter, blah?blah?blah. I think lawyers can deal with it because they don't have to go into the technology and they can discuss whether it available or not. I think even more importantly, it recognises the autonomy of those who run other networks. Those your access provider does not have contracts with and probably never will. It also provides a basic product definition, best effort access to the public Internet if, the public Internet those services. So the final question is, are you happy?

Thank you.

SHANE KERR: Well, are you happy?

AUDIENCE SPEAKER: I am happy but I have a question. Andrei, Internet society. So one thing that kind of worries some of you, is that lawyers and public policy folks, they tend to think in terms of jurisdictions and national borders. And the thing is what I am missing in your definition is this sense of globality, that those services not necessarily originate in this particular jurisdiction we are talking about, be it European Union, Russia or the United States, but those services can appear anywhere, and still be accessible from anywhere, so, what do you think about kind of underlying this fact?

GORDON LENNOX: I think we are still struggling with this, everyone is struggling with it. At one level, yeah, you are a jurisdiction, the boxes are in certain jurisdictions, services, even the DNS, much more diffuse, and we all use the DNS, so I think this has to be augmented with other things, but the discussions I was having, as I said, nobody around me was going to read an RFC, nobody was going to read another big public ?? but if you start with that, and then try and bring in your concerns, which I share with you, then maybe we can move forward. I just wanted to get away from the idea that the public Internet was about certain networks and not others. You know, if you keep the public Internet, at the network level then you get this contradiction, declaring something public which is private. The services, I have a network in my company and I make certain services available over ?? to others. That is the public Internet and I think people away from this room can relate to that, and maybe people here. We are not trying to define the public Internet in terms of networks, we are defining it in terms of services. That is all. And then we bring in the other stuff about consumer protection and data protection and everything else.

SHANE KERR: So I am going to say that, this is a lightning talk, and I see about 45 people standing up at the queues here, so if everyone wants to talk, you have got no more than 30 seconds, all right. Is that cool with everyone?

MALCOLM HUTTY: This seems to be an attempt to focus on outcomes and remove the regulatory language for the means of definition. I don't think that is going to be attractive to people that want to talk about things like network neutrality and critical infrastructure and so forth. I am not sure this is going to fly.

AUDIENCE SPEAKER: Perhaps you can go back to the slide of your definition because one thing that I am missing there is the ability for future services and the freedom for people to develop future services that don't exist yet. If you only focus on what services exist now, then we are not talking neutrality.

GORDON LENNOX: I think over ten years ago, I was asked to write a little bit of text for a colleague who was writing a regulation. It may have been on universal service. And I put in functional Internet access. What was nice about that was everybody talked about functional, they accepted the Internet access. What functional has meant over the years has changed. Back then it was ISDN, since then it's modified. You can still look today and find people referring in the legislation to functional Internet access. I don't think I am saying the services that make available today, I am saying the services people make available: If in a year's time the definition still runs. I agree, it's not hard legal language, and I take the comments earlier. It's for softer policy discussions, to get people moving on to something they can talk about. I say the definitions I was hearing earlier, no, they weren't helpful. I'd like to get a more useful definition. That is all.

AUDIENCE SPEAKER: Very interesting, Gordon.

SHANE KERR: Who are you?

NIGEL HICKSON: ICANN. Your definition, I do find it very interesting, and I wonder, though, whether it takes into account that the Internet is a global Internet or under your definition, can we have multiple Internets as some people sort of starting to talk about now? Multiple public Internets?

GORDON LENNOX: I think we could put down in the second bullet that some of the services are restricted regionally. We already know this. You try to do certain things and you find you can't do it because the originator of the service has decided it's not available in your region. Every now and again I go to a video, it says sorry, you are in the European Union, you don't get this video. I think it's the originator who has got the first say on whether it's available or not, but we have local legislation to say certain other things. Maybe we put into the second thing, the service that is offered may have regional constrictions but that is the difference. But a lot of stuff we are talking about is global anyway. And I don't see why it should not be global, a lot of the stuff.

AUDIENCE SPEAKER: Martin NIX.CZ. I am not really very satisfied with this definition because it doesn't say a word about the ?? people, so if I follow your definition, the service provider offer in the end might say, hey, it's available for ?? terminate people ?? might discriminate, might put conditions so the neutrality is not there at all, so I think it's a little bit losing some other definition of availability.

GORDON LENNOX: I think this is one brick, there is others bricks necessary and other things have to come in, I agree totally. It's just that I was dealing with one particular problem, and I have got an idea how to deal with that but next we have to talk about the things you are talking about. Thank you.

SHANE KERR: So, I think the gentleman at the back was microphone first.

AUDIENCE SPEAKER: My big problem with this one it seems to be framing the Internet ??

SHANE KERR: Who are you?

Daniel Karrenberg from the RIPE NCC but I don't think I can speak for them, just me. My big problem with this you are framing the Internet as a collection of big service providers talking to consumer?type people. It's completely ignoring the concept of peer to peer and bit more and I think that is important.

GORDON LENNOX: I totally agree. And what we haven't said who are the service providers, one of the things I want in the future is to be my own service provider. I am increasingly frustrated by the fact we have this split between consumers and business, when as we saw with the, one of the talks earlier, you want to access your home network, you have got stuff at home, you have been providing service to yourself or family but you are also service provider. So I am not saying strictly as only Google and me, I am saying lots of other things, the parliament provides services, your local health clinic provides services. It's all those other ones. In particular, the ones that your access provider does not have a contract with. It's a summing?up of the Internet we all use.

AUDIENCE SPEAKER: That makes perfect sense, I think you need to identify what service provider is in that case.

SHANE KERR: So I am going to be a bit rude here and I am going to ask Desiree and Ruediger, I don't think we have time, actually, so I hesitate but I am going to give Jim the last word here.

JIM REID: Just another ?? I like this definition, I think it's very subtle because it really is expressing what the interest in the Internet appears to be to most of the population and it might be her see for most of the people in this room because it's not talking about infrastructure of routers and lines and DNS servers and I think that is a very good thing.

SHANE KERR: OK. Well, thank you very much, I really appreciate it. It seems like you triggered a lot more interest than you hoped for.

So, just a quick announcement before, I have been asked to mention we have about ten at lass probes left out of 290 which are gone. There are still a few available. And Andreas has asked to say one quick word, we are at the end of our plenary session so thank everyone and Andreas

CHAIR: I would like to take this opportunity for a last thank you to all you guys that travelled to Athens to attend the RIPE 67 meeting. You have been a great guests, it was our pleasure and honour to have you here. I hope you had productive meeting and, at the same time, you enjoy our wonderful city. Thank you so much for being here. And I cannot forget to thank also RIPE NCC for organising another great meeting. Thank you so much.
And having said that, Rob.

ROB BLOKZIJL: The very last bit of this RIPE meeting. We had two days of plenary programme and two days of Working Group sessions. Out of the Working Group sessions, there are two items that I want to report here. The first place, the EIX Working Group met and I would like to invite Bijal, who was chairing that Working Group, to give a short report. For those of you who were not at that Working Group, the Working Group decided to dissolve itself, Working Groups are created by the plenary session, so it's only fair that the plenary session is informed of this.

BIJAL SANGHANI: As Rob mentioned, I chaired the EIX Working Group yesterday, and there was some concerns from the Working Group on the actual charter, so, I mean, EIX has been running for a very long time and it's been a great success and you have seen the formation of Euro?IX and EPF from that. The original scope was more about Internet exchanges but the community and the Working Group felt that we needed to broaden the scope.

So, there was a proposal during the Working Group to dissolve the EIX Working Group and there was a consensus in the Working Group to dissolve the EIX Working Group and create a BoF. So, I think we should say a really big thank you to the EIX Working Group Chairs, to Fearghas McKay and Andy Davidson.

I don't know if Fearghas is actually in the room. No. OK. And with that, the ?? we are going to behaving an interconnection BoF during, at RIPE 69 and the organisers of the BoF are /R*EPB, /PHAUR row, Edwin, Martin and Nenagh. And with that, I would like to invite marrow to give a give update on the connection BoF.

MA U R O: Thanks. Very quickly, the name of the BoF is Connect, and the idea is to have a kind of a twofold purpose for this. First of all, to try to put together a charter for the future Connect Working Group, and try to create something which is a bit broader than what EIX was before. Of course, we would like to feed this also with some new stuff to be kept in the scope of this Working Group.

Tiny font here is required because at the end of the day really, we want to have this a little big and the idea is to feed this BoF with a lot of new ideas and things that we haven't discussed in the EIX Working Group so far. Actually, we know that at the end of the day, putting together stuff like IP with GRX and ITE interconnection, new development in the exchange world but not so much really that to marketing and attempt into the room and any other stuff which really related to data centres, to interconnection, best practices and other things. So this can be really great.

And of course, the first concern we have and we are currently going to take care in the future, is and preparing for the BoF is to manage overlaps with other Working Groups which are already existing.

So, this is the mailing list, it has been just created so I believe it's working already, some has already got the confirmation, so please join us and give us support. Thank you.


ROB BLOKZIJL: Right. Before we close this part, is Fearghas in the room? He left. Well, that was a quick visit. OK. The RIPE NCC had prepared a small gift, a gift for Fearghas because he not only missed a flight coming here and then found out that his Working Group had disappeared, but on a happier note, earlier this week he had his birthday and we wanted to give him a little birthday present but I am sure the RIPE NCC will find a way to convey this to Scotland.

Next point on my little agenda is the best practices documentation BoF proposal to create a Working Group. Jan, you have one minute and 23 seconds to introduce this. Or Benno.

JAN ZORZ: Hello good people from RIPE community. I am Jan, I work for Internet society and I am also ?? both of us are members of Programme Committee. We had two BoFs already, first one was in Dublin, next one was here on Monday. On BCOP, best current operational practices about how to document all these practices. The last BoF was run by Benno and me and I will leave to Benno to share with you the outcome of the BoF.

BENNO OVEREINDER: The BoF was quite successful on Monday evening, about 60, 70 people attended in the other room, so there were not people fall asleep in the previous sessions, they went over deliberately. It was an intentionally run as a Working Group already but with three presentations, discussions on the microphone, we run out of 15 minutes into the social, most of the people stayed. But the question was, what is the next step? How do we proceed? How can we go forward? And one way to go forward is to create a Working Group, Operations Working Group. And you can find a charter here of things we are thinking ?? good steps to take in a Working Group. Discussion operational issues among operators and document them. Provide a way to public them review them, of course, for example, publish them as a RIPE document series, people can find them, they know they have equality, have been reviewed more, it's not a single solution for one single operator, more operators have reviewed this document and say this is valuable for running a network. And it can also ?? I got your attention, sorry ?? and provide a platform for, to speak out new needs with not technical solutions yet and maybe channel them up to the process like the IETF.

We definitely ?? the intent of the Working Group is about existing working it's not new work. New work is taking place in other Working Groups. And should be taken there and discussed there. If necessary, we intend to or we definitely collaborate with the other Working Groups, but in case of irresolvable conflicts, we can discharge the Working Group and proceed as a task force. The main thing is to get the work done, get current best ?? good operational practices documented, make them available and that is our intention. OK. So it's up to the room now.

ROB BLOKZIJL: Are there any comments?

BRIAN NISBET: From HEAnet. A lot of what you are talking about doing is very good stuff, and I think it needs to be done. As I have discussed this with both of you during the week, I can't understand how Working Group is the right way to go about doing this. I think starting with the biggest and most fixed structure that this community has seems like a very strange way of starting this work, starting with the task force seems like a much better way to me of doing this, to try and figure out even what documents you are going to do and things like that, and I just ?? there seems to be so many conflicts with existing Working Groups that are out there because all of these practices will be there, we have processes from the point of view of RIPE documents on how to create these documents so we can look at how that is but we don't need to define one. My take, there is definitely some work there that needs to be done but I don't see that a Working Group is the right way to go about this.

RANDY BUSH: IIJ. Brian, that is indeed true, and I'd go more strongly: If you had so much copious free time on your hands, instead of creating a bureaucracy, why don't you create a document or two, actually produce work?


AUDIENCE SPEAKER: Warren Kumari, Google. Pretty much every meeting I have been to recently I have been hearing about the BCOP stuff but I haven't seen the documents or seen very few.

JAN ZORZ: Were you at the BoF?

AUDIENCE SPEAKER: For a short bit, I was at the previous BoFs. Right the documents and then we will a have a look at them and see if it makes sense to form structure and stuff.

JAN ZORZ: So, to address the comment from Brian, actually, really good comment. We considered the ?? we considered this, but I think that the Working Group is the right platform to get enough operators in the room to talk to each other. Every other way of structure this is too lightweight and we actually need people in the room that talks to each other, and starts to work.

ROB BLOKZIJL: May I comment? I think the structure should not be an essential part of producing results, and I think we should be as practical as possible. So, if the feeling from the comments so far is that a Working Group might be a far too heavy beast and the comments so far is great idea, the work programme, start lightweight with the task force. Okay, we collect some more comments here.

AUDIENCE SPEAKER: Rob Evans from JANET. Again, I have discussed this with you guys, with Jan at least across the week, and we have the people in the room, we have the people in the room in the Working Groups. It doesn't really need a ?? in my opinion, I think it doesn't need a Working Group for people to talk about what documents to write. Get some ideas, submit them to the place where the people with the relevant experience are and we are happy to help write documents.

MARCO HOGWONING: Working Group chair of the Working Group ?? IPv6 related work to our Working Group. We can produce documents there. Thank you.

ROB BLOKZIJL: OK. The the idea is that I summarise this. You presented it to the plenary session, the various people have given their comments. This is not the place to discuss the merits of ?? yeah. My proposal is the following: I have concluded from the comments received that what you actually want to do has the full support. People have right or wrong doubts about the methodology you want to use, so, let's take one step back and agree that we have a task force and when the task force has been working and producing results, we can revisit the question whether it should be turned into a Working Group and not using the word "elevated," because that is ?? it looks like we have a bureaucratic structure. Let's remain practical.

BENNO OVEREINDER: That is fine with us, get the work done, indeed.

ROB BLOKZIJL: And also, I think getting the work done will also give us some better understanding how the interaction with the existing Working Groups is. Is that all right?

JAN ZORZ: So this should be Work Acceleration Task Force?


JAN ZORZ: Thank you.

ROB BLOKZIJL: This morning, we had elections for a seat on the NRO number council, which also functions as the ICANN Address Council. This is the NRO Numbers Council, so I ask one of the board members of the NRO present here to announce the results. Axel, please.

AXEL PAWLIK: Thank you very much. So, the result of the Athens elections for the NRO numbers council are: We had three candidates, Alain Bidron 17 votes; Sander Steffann, 37 votes, and Filiz Yilmaz, 37 votes. Thank you for this. We wanted to make this really quick so there is no real process for this and I thought we could do a coin toss. And I have seen that before when the coin went behind the stage and under it so that was messy, I am not doing this. We have prepared to do a draw. We have tossed the 74 individual things back into the box and with your permission, Sander and Filiz, I would ask Brian, as our lady luck today, to show us what he has up his sleeves.

AUDIENCE SPEAKER: Is that ?? are we drawing between the ballots of the leading two candidates or all three?

AXEL PAWLIK: The tied candidates, Filiz and Sander. The coin might go away, that is no good. Look at that, so the result of the elections, Filiz, congratulations.

And many thanks to Sander and to Alain as well for standing. That was exciting.

ROB BLOKZIJL: Thank you. While we have the attention of Filiz, I would ask her to come on stage as chairman of the Programme Committee and invite all the other members of our Programme Committee present in the room to come on stage, please. To remind you, the role of the Programme Committee is to organise about half of this RIPE meeting, all the plenary sessions, lightning talks, BoFs, tutorials, whatever, is being organised by a Programme Committee. And the current Chair is Filiz and I think I can speak on behalf of all of you that we give a great thanks and we have prepared a little token of our appreciation. Filiz, you as the Chairwoman, I thank you and the whole Programme Committee.

FILIZ YILMAZ: Keep up good content, that is how we keep this as good a programme as you like.

ROB BLOKZIJL: Now we have done with most of the official part of our week of meetings, I have an announcement to make.

Next Monday is my birthday and I turn 70. Thank you all for your good wishes.

Next year, May, it is 25 years ago that I chaired the first RIPE meeting. These two round numbers made me think that maybe I have done enough, so, after consultation of a few of my friends and colleagues, I have decided that 25 years is probably enough. So I will resign as chairman of RIPE at the end of the next RIPE meeting, which is all very good and very fine, especially for me personally.

It leaves one little problem to solve, and I went through all our, the whole of our library of documents and procedures. We don't have a procedure ? well, that makes life easy, so I invented one. And I appointed a successor. It is my great pleasure to introduce to you Hans Petter Holen.

Hans Petter, as of today, is the deputy chairman of RIPE. You should get used to that, because we never had a deputy chairman. And he will take over at the end of the next RIPE meeting.

A few words on the procedure. We have procedures of electing Chairs of Working Groups, programme committees, Address Councils and whatever. We don't have one for a succession of the RIPE chairmanship. I decided that that could be a very complicated round of discussions to agree on one, and I don't want to spend my last six months in office to be involved in that. So, if the community feels that there is a need for such an instrument, please take it up in a year's time from now with Hans Petter.

A few words of introduction. Many of you old?timers know Hans Petter very well. He has been around for, I don't know, donkey's years ?? 20ish years. He has been an extremely efficient and successful chairman of what is now the Address Policy Working Group, in its early days. He has been 12 or 13 years on the numbers council of the NRO, you might think, what is that, but that also acts as the Address Council of ICANN, and that is a whole different universe, I can tell you. We ?? as this community doesn't have direct dealings with ICANN, but as an organisation, especially the RIPE NCC, we do have dealings with ICANN, so having an experience with ICANN, I think, is a very valuable attribute of a chairman of RIPE.

So, without further ado, I am the chairman, Hans Petter is the deputy chairman, and in the coming six months we will gradually shift workload from me to Hans Petter and the handover will be at the end of the next RIPE meeting, which you may go and sit, Hans Petter. Thank you.

By the way, I won't disappear after the next RIPE meeting; you will see me around.

Right. This brings me to a couple of words of thanks, and I think we have a slide or two, which I seem to be able to control here. How many people are here? Well, we had 523 people, but we had a lot of NCC staff, so we had 421 active participants. Well, that doesn't mean that RIPE NCC staff is not actively participating. And that, I think, is a success. And we had 116 people who came for the first time, and we also count people who come from the first time, no, is it their last time, almost one?third of people who come for the first time we will see them as regular participants in the future.

As you can see here.

We have a feedback forum, which you are invited to have a look at and give your feedback. Your feedback helps us in organising future meetings, and in order to encourage you, there will be a prize draw and the two lucky winners will get an Amazon gift voucher.

Where are you all coming from? Well, I don't think you can read it but you can see it's blobs, many blobs, many different sizes. You come from 46 different countries, this time, which means that this is an international gathering and, as usual, my observation is that there is a large blob that says United States, which is, I find, very encouraging to notice, given the fact that we have an E in our name for Europe, and there is also a large blob of people who have problems remembering what their home base is. But then, some of you travel so much and so often that it is, I understand this problem.

Type of organisations: No surprises there. There are ?? the biggest segment is the industry, which is healthy. But we do have people from educational institutions, which I always appreciate as a former researcher myself. We have government participation and various other associations.

So, we thank our host and sponsors, I think especially our local host, GRNET has done an incredibly good job. You may think, I didn't notice that. Well, exactly. You should not have noticed it. Everything went very smooth and not only the network facilities but everything else as well, the whole set?up, choosing the venue, installing all the facilities which you use without thinking, really, that somebody should have installed them. Thank you very much GRNET. And Forthnet, which, as you saw earlier, provided the external link. The various social events were made possible by Netnod, GCCIX, Hilco, AMS?IX and Compass, thank you for your contributions there. I think I didn't forget anybody there. So thank you all.

Prize draw, we have our prodigsal prize draw, if you are for the first time here I will explain to you. The RIPE NCC organising these meetings and running the registrations appreciates it very much if people as early as possible register for a meeting because that gives an indication of the size we should plan for. So in order to stimulate that, we have traditionally prizes for the first three people who register. And if you ?? and the rules are that if you are not here, you don't get your prize. So... but the first one on my list has registration number 2. 1, that is on my thing but that doesn't count, it's hard?coded in the registration database. Number 2, Serge, I think it's not the first time. The next one is Ondrej Filip from the Czech Republic. Is he here? No. Dave Wilson? Yeah.

And the next one is Jaromir Talir? Daniel Stolpe here? OK.

Before handing over to some mysterious people and I don't want to forget to say a great thank you to our stenographers because what happens on these two screens is produced by real people, so I know from many of you this is highly appreciated. So...

Thank you. Now ??

AUDIENCE SPEAKER: May I, Niall here in front of you.

NIALL O'REILLY: I thought I had just one question but in fact there is an announcement I have been asked to make as well. One of the team of people who got left out of the thanks is the Batista team.

And if people would like to throw something into a hat for them, Randy is holding the hat.

And the question I had to ask is whether at the next RIPE meeting registration number 2 will also be reserved?

ROB BLOKZIJL: We will have an executive directors ?? Chair meeting soon and this will be put on the agenda.

Secret Working Group.

ROB BLOKZIJL: As per our long?standing tradition, the last word of ?? words of wisdom were delivered to you by the secret Working Group. The last words of wisdom traditionally were delivered to you by the secret Working Group. There is nothing left for me to add to it except to remind of the next RIPE meeting, so see you all in May in Warsaw. Have a nice time in Athens if you are staying longer, and for of you have a nice flight home. Thank you for coming and this meeting is over.