User Tools

Site Tools


hackathon2019

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
hackathon2019 [2019/04/13 19:22]
kevo
hackathon2019 [2019/07/19 16:43] (current)
kevo
Line 1: Line 1:
-**Planning ​for Hackathon@2019**+ 
 +**Materials and Schedule ​for Hackathon@2019** 
 ====== Hackathon@AIS 2019 ====== ====== Hackathon@AIS 2019 ======
 ===== Dates - June 19th to 20th 2019  ===== ===== Dates - June 19th to 20th 2019  =====
Line 6: Line 8:
 ===== Venue ===== ===== Venue =====
  
-Kampala, ​Uganda+Sheraton Hotel Kampala, ​Victoria Room, 1st Floor,
  
 +====== Registration ======
  
 +Registration is now closed.
  
  
 ===== Drafts/RFCs To Be Worked On ===== ===== Drafts/RFCs To Be Worked On =====
- 
- 
  
 ==== 1. Network Programmability ==== ==== 1. Network Programmability ====
 Champions: Charles Eckel (from US - Cisco, eckelcu@cisco.com) Champions: Charles Eckel (from US - Cisco, eckelcu@cisco.com)
-  * Relevant RFCs +  * Michelle Opiyo 
-    * YANG: https://​tools.ietf.org/​html/​rfc6020 +  * Isabel Odida
-    * NETCONF: https://​tools.ietf.org/​html/​rfc6241 +
-    * RESTCONF: https://​tools.ietf.org/​html/​rfc8040 +
-    * YANG Catalog: https://​yangcatalog.org/​ +
-    * YANG Models: https://​github.com/​YangModels/​yang +
-  * Self paced online training modules available on Cisco DevNet.  +
-    * Access is free but a DevNet account is required.  +
-    * Login or create an account quickly with this AIS Hackathon specific link https://​developer.cisco.com/​join/​ais18 +
-    * [[https://​learninglabs.cisco.com/​modules/​networking-basics|Networking Basics]] (Module, 3 labs) +
-    * [[https://​learninglabs.cisco.com/​modules/​fundamentals|Intro to Coding Fundamentals]] (Module, 4 labs) +
-    * [[https://​learninglabs.cisco.com/​modules/​intro-device-level-interfaces|Intro to Model Driven Programmability (e.g. NETCONF/​YANG)]] (Module, 4 labs) +
-  * Use OpenDaylight as Platform for Network Programmability +
-  * Use Postman and python for RESTCONF and NETCONF +
-  * Interact with sample network+
  
 +Relevant RFCs
 +  * YANG: https://​tools.ietf.org/​html/​rfc6020
 +  * NETCONF: https://​tools.ietf.org/​html/​rfc6241
 +  * RESTCONF: https://​tools.ietf.org/​html/​rfc8040
 +  * YANG Catalog: https://​yangcatalog.org/​
 +  * YANG Models: https://​github.com/​YangModels/​yang
 +At hackathon we will:
 +  * Have a brief introduction to APIs and how they enable programmability in general
 +  * Review and discuss network programmability concepts and components ​
 +  * Use pyang to interact with YANG models
 +  * Use Python ncclient library to interact with network devices via NETCONF
 +  * Use Postman and Python requests library to interact with network devices via RESTCONF
 +  * Create examples of network automation on a sample network
 +** Prerequisites ** 
 +  * Basic familiarity with a Unix/Linux shell environment ​
 +  * A laptop setup with a development environment for use during the hackathon
 +  * Instructions to setup your development environment
 +    * Access is free but a DevNet account is required
 +    * Login or create an account quickly with this AIS Hackathon specific link [[https://​developer.cisco.com/​join/​ais19]]
 +    * Step by step instructions for [[https://​developer.cisco.com/​learning/​modules/​dev-setup/​dev-win/​step/​1|Windows]],​ [[https://​developer.cisco.com/​learning/​modules/​dev-setup/​dev-mac/​step/​1|MacOS]],​ and [[https://​developer.cisco.com/​learning/​modules/​dev-setup/​dev-centos/​step/​1|Linux (CentOS)]].
 +(Optional) Self paced online training modules available on Cisco DevNet
 +  * Access is free but a DevNet account is required ​
 +  * Login or create an account quickly with this AIS Hackathon specific link [[https://​developer.cisco.com/​join/​ais19]]
 +  * [[https://​developer.cisco.com/​learning/​modules/​rest-api-fundamentals|REST API Fundamentals Learning Module]]
 +  * [[https://​developer.cisco.com/​learning/​modules/​programming-fundamentals
 +|Programming Fundamentals Learning Module]]
 +  * [[https://​developer.cisco.com/​learning/​modules/​intro-device-level-interfaces
 +|Introduction to Model Driven Programmability (e.g. YANG, NETCONF, RESTCONF)]]
 +Join Webex Team Space for Network Programmability:​ https://​eurl.io/#​S1NEG4VkS
 +  * Click on [[https://​eurl.io/#​S1NEG4VkS|URL]] to be invited into “Hackathon@AIS Network Programmability” space
 +  * Use this space to share share information,​ ask questions
 +  * Available during and after hackathon
  
 +[[https://​hackathon.internetsummitafrica.org/​lib/​exe/​fetch.php?​media=ais-hackathon-network-programmability.pdf|Learning Materials]] presented during course of hackathon.
 +
 +Results presentations
 +  * {{ :​programmability.pdf |}}
 +  * {{ :​creating_additional_scripts_to_configure_bgp_with_the_cisco_nxos_yang_model.pdf|Creating Additional Scripts to Configure}}
 +  * {{ :​egeru_joseph_hackathon_ais_network_programmability.pdf|Network programmability,​ Overcoming Common error with postman}}
  
 ---- ----
  
  
-==== 2. IPWAVE ==== +==== 2. Intelligent Transportation Systems (IPWAVE==== 
-Champions: Nabil Benamar (From Morocco - University of Moulay Ismail) +Champions: ​Prof. Nabil Benamar (From Morocco - School of Technology Meknes, ​University of Moulay Ismail) 
-  *  IPWAVE - https://datatracker.ietf.org/wg/ipwave+  * Manhal Mohammed 
 + 
 +Materials 
 + 
 +The main goal of this track is to see how IPv6 will work in vehicular environment,​ namely through the IEEE802.11-OCB frame (OCB, earlier "​802.11p"​). 
 +  IPWAVE - https://tools.ietf.org/html/draft-ietf-ipwave-ipv6-over-80211ocb-45 
 +  * In this track, we will try different OCB cards and different drivers for Linux. 
 +  * ath9k driver on OCB mode in linux, recompiling the Kernel and test IPv6 connectivity over OCB mode. 
 +  * ath10k driver on OCB mode in linux. 
 +  * Testing new WiFi cards like 802.11ac at 5.9GHz, and then the IPv6 connectivity. 
 + 
 +**Prerequisites**:​ 
 + 
 +  * Basic IPv6 and Neighbor Discovery Protocol 
 +  * Linux (Command ligne and Kernel compiling) 
 + 
 +** Presentations**:​ 
 +{{ :​ipwave_presentation.pdf |}}  
 + 
 +   
 ---- ----
  
-==== 3. Measurements using RIPE Atlas ==== +==== 3. Measuring DNS and DoH ==== 
-Champions: Willem Toorop - (NLNET Labs) +Champions: Willem Toorop - (NLnet Labs) - Jasper den Hartog - (RIPE NCC
-  *  ​+  * Jasper van Hertog 
 + 
 +Materials 
 + 
 +  * {{ ::​20190619_ais19_measuring-dns-and-doh.pdf |Introduction presentation}} 
 + 
 +== Generic resources == 
 +  - We have setup a Slack channel for discussion within this track. Please Signup for the hackathon channel [[https://​join.slack.com/​t/​hackathonais2019/​shared_invite/​enQtNjY4OTIwMDEyNzQzLTQ2NTZjZjk3MTU0ZDg2ZjExNjM3MWIyZGFlOTNjOTE0ZDI5ODBmNWQ4NjBlM2I3YmQxYjkyYzhiOTllOGY4NWM|here]] 
 +  - Linux command line available with VM on NUC accessible with OpenSSH or [[https://​www.chiark.greenend.org.uk/​~sgtatham/​putty/​|putty]] 
 + 
 +=== Motivation == 
 + 
 +Encryption everywhere. It’s an initiative in the technical community that started as a reaction to Edward Snowden’s revelations about the NSA’s widespread surveillance and pervasive monitoring. 
 +All of these efforts are aimed at protecting the complete path between the user and the service. This means authentication and encryption should start at the edge of the network, with the end user. As just about any interaction on the Internet starts out with a query for a domain name, it puts the DNS at the core of achieving this ultimate goal. 
 + 
 +The IETF has developed two methods for providing privacy for DNS: 
 +  * DNS-over-TLS (DoT): [[https://​tools.ietf.org/​html/​rfc7858|RFC7858]] and [[https://​tools.ietf.org/​html/​rfc8310|RFC8310]]. 
 +  * DNS-over-HTTPS (DoH) as specified in [[https://​tools.ietf.org/​html/​rfc8484|RFC8484]]. 
 + 
 +Mozilla recently announced that they have implemented DNS over HTTPS in Firefox and would like to deploy it by default for their users ([[https://​mailarchive.ietf.org/​arch/​msg/​doh/​po6GCAJ52BAKuyL-dZiU91v6hLw|Mozilla announcement]]). They intend to select a set of Trusted Recursive Resolvers (TRRs) that will be used for DoH resolution. Requirements for TRRs are published [[https://​wiki.mozilla.org/​Security/​DOH-resolver-policy|here]]. Currently there is a single TRR in Firefox: Cloudfare'​s 1.1.1.1. 
 + 
 +Also DNS-over-TLS currently is mostly available trough cloud provided DNS services, like: [[https://​developers.cloudflare.com/​1.1.1.1/​dns-over-tls/​|Cloudflare'​s 1.1.1.1]], [[https://​developers.google.com/​speed/​public-dns/​docs/​dns-over-tls|Google'​s 8.8.8.8]], and [[https://​www.quad9.net/​faq/#​Does_Quad9_support_DNS_over_TLS|Quad9'​s 9.9.9.9]]. 
 + 
 +**Within this hackathon track we will address the following questions:​** 
 +  - How would centralized cloud provided DNS resolvers impact Internet in the African region? 
 +  - Does it have performance implications?​ 
 +  - Does it have other implications?​ (Political?​) 
 +  - Is it beneficial and achievable to provide local DoT or DoH resolvers?​ 
 +  - How can this best be achieved/​realized?​ 
 + 
 +=== Optimal DNS Latency === 
 +To address the question of performance and latency we will utilize [[https://​atlas.ripe.net/​|RIPE Atlas]], a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices that measure Internet connectivity in real time. We will do measurements from RIPE Atlas probes in the Africa region to measure the latency from them to the cloud provided DNS services and compare that to the network provided resolver. 
 + 
 +The density of RIPE Atlas probes in the Africa region is still quite low (see https://​atlas.ripe.net/​results/​maps/​density/​ ), which we can hopefully improve a little during the hackathon by handing out RIPE Atlas probes for people to connect in their own network. 
 + 
 +== RIPE Atlas resources: == 
 + 
 +  - High level overview: https://​atlas.ripe.net/​landing/​about/​ 
 +  - To get started with RIPE Atlas: https://​www.ripe.net/​support/​training/​webinars/​webinar-recordings/​webinar-ripe-atlas 
 +  - RIPE NCC provided a voucher providing 5,000,000 credits. The voucher code will be provided during the hackathon, and can currently also be found in the Slack Channel. (Thank you Lia!) 
 + 
 +During the Internet Measurement Workshop this weekend we scheduled i.root-servers.net A query measurement to: 
 +  - 1.1.1.1 - https://​atlas.ripe.net/​measurements/​22015773/​ 
 +  - 8.8.8.8 - https://​atlas.ripe.net/​measurements/​22015800/​ 
 +  - 9.9.9.9 - https://​atlas.ripe.net/​measurements/​22015801/​ 
 +  - Local resolver - https://​atlas.ripe.net/​measurements/​22015822/​ 
 +  - Local resolver - https://​atlas.ripe.net/​measurements/​22015846/​ 
 + 
 +To determine if DNS is hijacked: 
 +  - schedule ''​whoami.akamai.net A''​ to 8.8.8.8 
 +  - Returned IP's should be in [[https://​developers.google.com/​speed/​public-dns/​faq#​locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries|this]] list 
 + 
 +Tools for "​advanced"​ scheduling of RIPE Atlas measurements 
 +  - CLI: https://​ripe-atlas-tools.readthedocs.io/​en/​latest/​  
 +  - Python library: https://​ripe-atlas-cousteau.readthedocs.io/​en/​latest/​ 
 +  - API: https://​atlas.ripe.net/​docs/​api/​v2/​reference/​ 
 + 
 +=== Resolver Jedi === 
 +A considered measurement has to take along the deployment properties of the network provided resolvers we are comparing with.  Are they optimally close to the probes?  
 +[[https://​www.ripe.net/​analyse/​internet-measurements/​ixp-country-jedi|The IXP Country Jedi]] is a project that shows if the Internet traffic paths within a country stay within that country. ​ As an example, here are the IXP Country Jedi results for South Africa: http://​sg-pub.ripe.net/​emile/​ixp-country-jedi/​latest/​ZA/​ixpcountry/​index.html 
 +The **Resolver Jedi** will build upon this idea and show if the DHCP configured resolver on Atlas Probes are within the same country and also the path towards that resolver. 
 + 
 +== Additional Resolver Jedi resources: == 
 +  - Github repository: https://​github.com/​emileaben/​ixp-country-jedi 
 + 
 +=== Run your own DoH and/or DoT server === 
 +For performance and or political reasons it can be desirable to run your own DoH server. 
 +This can be done in different ways.  For example DoH on the same server that runs an website might provide better privacy properties. 
 + 
 +For optimum performance we also have to consider: 
 +  * [[https://​tools.ietf.org/​html/​rfc5077|TLS Session Resumption]] 
 +  * [[https://​tools.ietf.org/​html/​rfc7413|TCP Fast Open]] 
 + 
 +Investigate and create instructions for setting up a DNS over HTTPS (DoH) service. ​ Either shared with a regular website and/or offering it as a standalone resolver service. 
 + 
 +== DoH resources == 
 + 
 +Try to get a client setup and working: 
 +  * Enable DoH in firefox: https://​www.bleepingcomputer.com/​news/​software/​mozilla-firefox-expands-dns-over-https-doh-test-to-release-channel/​ 
 +  * Enable DoH in bromite: https://​github.com/​bromite/​bromite/​wiki/​Enabling-DNS-over-HTTPS 
 +  * Overview of DoT and DoH clients: https://​dnsprivacy.org/​wiki/​display/​DP/​DNS+Privacy+Clients 
 + 
 +Test if it is working: 
 +  * https://​1.1.1.1/​help  
 + 
 +Setup server software on a VM on the NUC: 
 +  * At the last RIPE meeting (78) Carsten Strotmann gave a very nice overview presentation on the [[https://​ripe78.ripe.net/​archives/​video/​127/​|current state of the software ecosystem for DoH and DoT]]. 
 +  * His full list of client and server DoT and DoH implementations van be found here: https://​doh.defaultroutes.de/​implementations.html 
 +  * Very recently at the DNSHeads meeting in Vienna, the people from the [[https://​appliedprivacy.net/​|Applied Privacy Foundation]] gave an presentation on their operational experience providing DoH service. Their presentation is available for download here: https://​appliedprivacy.net/​files/​2019-06-12_DNSheads_Vienna_DoH_Server_Software_Experiences.pdf 
 + 
 +=== The `application/​dns+json` media type for DoH services === 
 + 
 +Providing unhinderable undetectable DNS service is one of major motivations behind DoH, but there is the other use case: providing full DNS access to web applications. 
 +Regular DoH (as defined in [[https://​tools.ietf.org/​html/​rfc8484#​section-6|RFC8484]]) delivers DNS messages in "​wire"​ format with media type `application/​dns-message`,​ which is impracticable for web applications to manage. 
 + 
 +There is another media type (`application/​dns+json`) defined in [[https://​tools.ietf.org/​html/​rfc8427#​section-7.1|RFC8427]] which delivers DNS messages in a new web applications friendly "​JSON"​ format. 
 + 
 +  * Are there DoH server solutions that support the new media type? 
 +  * Is it possible to modify or extend one of the DoH server solutions?​ 
 +  * If so, this would be a great hackathon project too! 
 + 
 +=== Prerequisites === 
 + 
 +  * Your own laptop 
 +  * Good knowledge of Linux and how to administer software with it 
 +  * For doing and processing RIPE Atlas measurements,​ Python is a big plus! 
 + 
 +=== Results presentations === 
 + 
 +| Team           ^ Members ​        ^ Presentation ​      | 
 +^ Shadow Hunters | Bukola Oronti, Jerry Vance, Ishimwe Joseph,\\ Gregory Toskin, Lunghe Yedidya, Shadrach Ankrah,\\ Valery Bishala, Willem Toorop & Gervin Kahunde | https://​bit.ly/​2X4SHsq | 
 +^ Just DoH it!   | Philippe Muziko, Yazid Akanho, Angela Natlapeng,​\\ Jasper den Hertog, Jasper Mangwana & Samuel Ochola | {{ ::​doh-dot-team.pdf |pdf}}, {{ :​doh-dot-team.pptx | pptx}} | 
 +^ How do you DoH | Amreesh Phokeer & Malick| [[https://​github.com/​AFRINIC-Labs/​dns-measurements|Work in Progress]] |
  
 ---- ----
  
 ==== 4. Secure NTP ==== ==== 4. Secure NTP ====
-To be confirmed + 
-Champions: Loganaden Velvindron (AFRINIC) +Champions: Loganaden Velvindron (AFRINIC) & Jeremie Daniel (University of Mauritius and cyberstorm.mu
-  *  ​+  * Christer Weinigel 
 +  * Jeremie Daniel 
 + 
 +Materials 
 + 
 +  *  NTS interop 
 +  * https://​datatracker.ietf.org/​doc/​draft-ietf-ntp-using-nts-for-ntp/​ 
 +  * NTS measures are to enable NTP entities to cryptographically identify their communication partner, to ensure authenticity and integrity of exchanged time synchronization packets, and to provide replay protection. 
 +Requirements:​ laptop with latest ubuntu with latest wireshark. 
 + 
 +Presentations 
 +  - Johnson Haguma and Mohammed Sultan Khamis {{ :​ntp_presentation.pdf |}} 
  
 ---- ----
Line 58: Line 227:
  
 ==== 5. IPv6  ==== ==== 5. IPv6  ====
 +
 Champions: Fred Baker and Stephen Honlue (AFRINIC) Champions: Fred Baker and Stephen Honlue (AFRINIC)
-  *   +  * Brice Abba
- +
-----+
  
 +Materials
  
 +  * Relevant RFCs
 +    * IPv6 Specification:​ https://​tools.ietf.org/​html/​rfc8200
 +    * ICMPv6: https://​tools.ietf.org/​html/​rfc4443
 +    * NDP over IPv6: https://​tools.ietf.org/​html/​rfc4861
 +    * IPv6 Addressing Architecture:​ https://​tools.ietf.org/​html/​rfc4291
 +  * At the hackathon we will:
 +    * Have a brief introduction to IPv6 functions and features
 +    * Do an overview of Linux kernel and APIs
 +    * Wireshark displays of what sessions look like
 +    * Get some IPv4-only open source application (not yet identified) to be IPv6-only, or dual stack.
 +  * Prerequisites ​
 +    * Read the above RFCs
 +    * Basic familiarity with a Unix/Linux shell environment ​
 +    * A laptop setup with a development environment.
 +      * Install virtualbox: https://​www.virtualbox.org/​wiki/​Downloads
 +      * Install Wireshark: https://​www.wireshark.org/​download.html
 +    * Knowledge of programming in C/python...
 +    * Likely program to work on: https://​github.com/​brouberol/​myip ​
 +    * Wambui'​s myip in Python: https://​gist.github.com/​wambu-i/​047175fca861714563ad39ab46798519 ​
 +----
 ===== Draft Agenda ===== ===== Draft Agenda =====
  
Line 76: Line 265:
     ​     ​
     Thursday, June 20th     Thursday, June 20th
-        ​09:00: Room opens and Teams break out. Led by project champions.+        ​08:30: Room opens and Teams break out. Led by project champions.
         12:30: Lunch Break         12:30: Lunch Break
         16:00: Hackathon ends         16:00: Hackathon ends
Line 87: Line 276:
   * Remote access equipment within CISCO network   * Remote access equipment within CISCO network
   * PCs   * PCs
-  * ATLAS Probes (https://​atlas.ripe.net/​+  * ATLAS Probes (https://​atlas.ripe.net/​)
   *    * 
  
Line 108: Line 297:
   * Virtual Box (on trainees laptops)   * Virtual Box (on trainees laptops)
   * Server for virtualization - used an Intel NUC   * Server for virtualization - used an Intel NUC
 +  * VMs to be using Ubuntu LXCs with Python pre-installed
   * LibreOffice - useful for editing all document versions (especially PDFs!!)   * LibreOffice - useful for editing all document versions (especially PDFs!!)
  
Line 127: Line 317:
  
  
-===== Post Hackathon Activities ===== +===== Post Hackathon Activities ===== 
-  * Applicants from the African region who have participated in or organized Hackathons and similar outreach activities in the region are highly encouraged to apply for ISOC's IETF Fellowship Program and indicate this information which will strengthen their application. ​+
   * Guidance on how to organize similar hackathons   * Guidance on how to organize similar hackathons
-  * More to be determined+  * More TBD 
 + 
 + 
 +===== Sponsors ===== 
 + 
 +Cisco DevNet  
  
-===== Sponsorship ​=====+===== Previous Events ​=====
  
-Open - kindly contact chege@isoc.org+To see the 2017 Hackathon click here: https://​hackathon.internetsummitafrica.org/​doku.php?​id=hackathon2017
  
 +To see the 2018 Hackathon click here: https://​hackathon.internetsummitafrica.org/​doku.php?​id=hackathon2018
  
  
hackathon2019.1555172575.txt.gz · Last modified: 2019/04/13 19:22 by kevo