User Tools

Site Tools


hackathon2019

Materials and Schedule for Hackathon@2019

Hackathon@AIS 2019

Dates - June 19th to 20th 2019

Full days

Venue

Sheraton Hotel Kampala, Victoria Room, 1st Floor,

Registration

Registration is now closed.

Drafts/RFCs To Be Worked On

1. Network Programmability

Champions: Charles Eckel (from US - Cisco, eckelcu@cisco.com)

Relevant RFCs

At hackathon we will:

  • Have a brief introduction to APIs and how they enable programmability in general
  • Review and discuss network programmability concepts and components
  • Use pyang to interact with YANG models
  • Use Python ncclient library to interact with network devices via NETCONF
  • Use Postman and Python requests library to interact with network devices via RESTCONF
  • Create examples of network automation on a sample network

Prerequisites

  • Basic familiarity with a Unix/Linux shell environment
  • A laptop setup with a development environment for use during the hackathon
  • Instructions to setup your development environment

(Optional) Self paced online training modules available on Cisco DevNet

Join Webex Team Space for Network Programmability: https://eurl.io/#S1NEG4VkS

  • Click on URL to be invited into “Hackathon@AIS Network Programmability” space
  • Use this space to share share information, ask questions
  • Available during and after hackathon

2. Intelligent Transportation Systems (IPWAVE)

Champions: Prof. Nabil Benamar (From Morocco - School of Technology Meknes, University of Moulay Ismail)

The main goal of this track is to see how IPv6 will work in vehicular environment, namely through the IEEE802.11-OCB frame (OCB, earlier “802.11p”).

  • In this track, we will try different OCB cards and different drivers for Linux.
  • ath9k driver on OCB mode in linux, recompiling the Kernel and test IPv6 connectivity over OCB mode.
  • ath10k driver on OCB mode in linux.
  • Testing new WiFi cards like 802.11ac at 5.9GHz, and then the IPv6 connectivity.

Prerequisites:

  • Basic IPv6 and Neighbor Discovery Protocol
  • Linux (Command ligne and Kernel compiling)

—-

3. Measuring DNS and DoH

Champions: Willem Toorop - (NLNET Labs) - Jasper den Hartog - (RIPE NCC)

Generic resources
  1. We have setup a Slack channel for discussion within this track. Please Signup for the hackathon channel here
  2. Linux command line available with VM on NUC accessible with OpenSSH or putty

Motivation

Encryption everywhere. It’s an initiative in the technical community that started as a reaction to Edward Snowden’s revelations about the NSA’s widespread surveillance and pervasive monitoring. All of these efforts are aimed at protecting the complete path between the user and the service. This means authentication and encryption should start at the edge of the network, with the end user. As just about any interaction on the Internet starts out with a query for a domain name, it puts the DNS at the core of achieving this ultimate goal.

The IETF has developed two methods for providing privacy for DNS:

Mozilla recently announced that they have implemented DNS over HTTPS in Firefox and would like to deploy it by default for their users (Mozilla announcement). They intend to select a set of Trusted Recursive Resolvers (TRRs) that will be used for DoH resolution. Requirements for TRRs are published here. Currently there is a single TRR in Firefox: Cloudfare's 1.1.1.1.

Also DNS-over-TLS currently is mostly available trough cloud provided DNS services, like: Cloudflare's 1.1.1.1, Google's 8.8.8.8, and Quad9's 9.9.9.9.

Within this hackathon track we will address the following questions:

  1. How would centralized cloud provided DNS resolvers impact Internet in the African region?
  2. Does it have performance implications?
  3. Does it have other implications? (Political?)
  4. Is it beneficial and achievable to provide local DoT or DoH resolvers?
  5. How can this best be achieved/realized?

Optimal DNS Latency

To address the question of performance and latency we will utilize RIPE Atlas, a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices that measure Internet connectivity in real time. We will do measurements from RIPE Atlas probes in the Africa region to measure the latency from them to the cloud provided DNS services and compare that to the network provided resolver.

The density of RIPE Atlas probes in the Africa region is still quite low (see https://atlas.ripe.net/results/maps/density/ ), which we can hopefully improve a little during the hackathon by handing out RIPE Atlas probes for people to connect in their own network.

RIPE Atlas resources:
  1. RIPE NCC provided a voucher providing 5,000,000 credits. The voucher code will be provided during the hackathon, and can currently also be found in the Slack Channel. (Thank you Lia!)

During the Internet Measurement Workshop this weekend we scheduled i.root-servers.net A query measurement to:

To determine if DNS is hijacked:

  1. schedule whoami.akamai.net A to 8.8.8.8
  2. Returned IP's should be in this list

Tools for “advanced” scheduling of RIPE Atlas measurements

Resolver Jedi

A considered measurement has to take along the deployment properties of the network provided resolvers we are comparing with. Are they optimally close to the probes? The IXP Country Jedi is a project that shows if the Internet traffic paths within a country stay within that country. As an example, here are the IXP Country Jedi results for South Africa: http://sg-pub.ripe.net/emile/ixp-country-jedi/latest/ZA/ixpcountry/index.html The Resolver Jedi will build upon this idea and show if the DHCP configured resolver on Atlas Probes are within the same country and also the path towards that resolver.

Additional Resolver Jedi resources:

Run your own DoH and/or DoT server

For performance and or political reasons it can be desirable to run your own DoH server. This can be done in different ways. For example DoH on the same server that runs an website might provide better privacy properties.

For optimum performance we also have to consider:

Investigate and create instructions for setting up a DNS over HTTPS (DoH) service. Either shared with a regular website and/or offering it as a standalone resolver service.

DoH resources

Try to get a client setup and working:

Test if it is working:

Setup server software on a VM on the NUC:

The `application/dns+json` media type for DoH services

Providing unhinderable undetectable DNS service is one of major motivations behind DoH, but there is the other use case: providing full DNS access to web applications. Regular DoH (as defined in RFC8484) delivers DNS messages in “wire” format with media type `application/dns-message`, which is impracticable for web applications to manage.

There is another media type (`application/dns+json`) defined in RFC8427 which delivers DNS messages in a new web applications friendly “JSON” format.

  • Are there DoH server solutions that support the new media type?
  • Is it possible to modify or extend one of the DoH server solutions?
  • If so, this would be a great hackathon project too!

Prerequisites

  • Your own laptop
  • Good knowledge of Linux and how to administer software with it
  • For doing and processing RIPE Atlas measurements, Python is a big plus!

—-

4. Secure NTP

Champions: Loganaden Velvindron (AFRINIC) & Jeremie Daniel (University of Mauritius and cyberstorm.mu)

Requirements: laptop with latest ubuntu with latest wireshark.


5. IPv6

Champions: Fred Baker and Stephen Honlue (AFRINIC)

—-

Draft Agenda

  Wednesday, June 19th
      08:00: Room opens 
      09:00: Introduction and Opening
      10:00: Teams break out. Led by project champions.
      10.30: Break
      12:30: Lunch Break
      15:30: Afternoon break
      18:00: End of Day 1
  
  Thursday, June 20th
      08:30: Room opens and Teams break out. Led by project champions.
      12:30: Lunch Break
      16:00: Hackathon ends
      17:00: Tear down complete - End of Day 2

Infrastructure


Participant Preparation

  • Introduction to NTP Protocol
  • Introduction to Network Programmability
  • WireShark intro
  • Intro to Linux/BSD
  • Webinars to introduce participants to various tools* Familiarity with the IETF prior to the event (http://ietf.org) and RFCs (https://www.ietf.org/rfc.html)
  • Familiarity with GitHub prior to the event would be useful to have (http://github.com)
  • Online course on NTP and Networking will be made available to participants prior to the event

Venue Requirements

  • Projector
  • Internet connectivity
  • Virtual Box (on trainees laptops)
  • Server for virtualization - used an Intel NUC
  • VMs to be using Ubuntu LXCs with Python pre-installed
  • LibreOffice - useful for editing all document versions (especially PDFs!!)

Participant Skill Requirements

  • Comfortable programming in C and Python (other languages are also a bonus)
  • Experience working with the UNIX/Linux Shell
  • Familiarity with IPv4 and IPv6
  • Understanding of Networking and Client - Server architecture
  • Prior experience with UNIX and Linux system administration would be a bonus
  • Knowledge of WireShark and its plugins

What you will need to participate

  • Bring a laptop on which you are comfortable developing software
  • You may be required to install additional software
  • Anything else that is required will be provided, such as Virtual Machines if needed
  • Installing and becoming familiar with VirtualBox or something similar will help
  • Wireless access to the Internet will be provided
  • Team ethic (working as a team to solve a problem)

Post Hackathon Activities

  • Guidance on how to organize similar hackathons
  • More TBD

Sponsors

Cisco DevNet

Previous Events

hackathon2019.txt · Last modified: 2019/06/18 23:21 by willemt