safnog hero-image

Plenary

Tuesday, 27 August 09:00 - 10:30

0900hrs - 0930hrs: AFRINIC's Numbering Services & Policy Updates
A Presentation from AFRINIC covering, IP Number resources management, IPv4 exhaustion, IP resource transfers, AFRINIC services adoption, IRR, RPKI and DNSSEC, AFRINIC resource Member account management and IP resources policies.

James Chirwa, AFRINIC
 

 
 
0930hrs - 1000hrs: What's Going on in the world of DNS
This is a 20-minute broad overview of the current challenges in the DNS ecosystem for network operators and policy makers. It is intended for a technical audience. It discusses some of the issues surrounding applications doing their own DNS (e.g. DoH), end user privacy issues, the issue of increasing DNS resolver centralization, a brief update on the KSK roll, and it goes over a recent DNS attack that was very interesting called DNSpionage.

David Huberman, ICANN
 

 
 
1000hrs - 1030hrs: Raxio: Uganda's First Carrier-Neutral Data Centre
With the explosion of Internet connectivity in the region, and in particular, eastern and southern Africa, Uganda joins the growing list of African countries as it delivers its first carrier-neutral data centre, Raxio. This talk will brief the SAFNOG community about this exciting project.

Brooks Washington, Raxio
 

 
 

Tutorial

Tuesday, 27 August 09:00 - 10:30

0900hrs - 1030hrs: IPv6-Only With IPv4-As-A-Service Workshop - Broadband & Cellular networks (Part 1)
This tutorial will introduce the different IPv6-only transition technologies that apply to both broadband and cellular networks, comparing them and discussing the required steps to deploy IPv6-only with IPv4-as-a-Service (IPv4aaS) in an ISP/Enterprise network.

The transition mechanisms will include:
  • - Dual-stack.
  • - Tunnelling (6rd, DS-Lite, lw4o6, MAP-E, e.t.c.).
  • - Translation (MAP-T, 464XLAT, NAT64, e.t.c.)

The main effort will be devoted to how to setup NAT64, DNS64 and 464XLAT and the implications for DNSSEC and possible solution approaches, based on IETF work.

This is a hands-on workshop.

Participants need to bring their own laptops. I will provide a router and AP's to connect to the lab network, and we will setup a fully working "ISP" with 464XLAT.

The participants of this workshop need to bring a laptop with complete administrative rights (battery fully charged), even for the BIOS and wireless interfaces. They will need to use a Linux VM (provided during the workshop) with VirtualBox and have about 12GB free disk space

Jordi Palet Martinez, The IPv6 Company
 
 

Tutorial

Tuesday, 27 August 11:00 - 12:30

1100hrs - 1230hrs: IPv6-Only With IPv4-As-A-Service Workshop - Broadband & Cellular networks (Part 2)
This tutorial will introduce the different IPv6-only transition technologies that apply to both broadband and cellular networks, comparing them and discussing the required steps to deploy IPv6-only with IPv4-as-a-Service (IPv4aaS) in an ISP/Enterprise network.

The transition mechanisms will include:
  • - Dual-stack.
  • - Tunnelling (6rd, DS-Lite, lw4o6, MAP-E, e.t.c.).
  • - Translation (MAP-T, 464XLAT, NAT64, e.t.c.)

The main effort will be devoted to how to setup NAT64, DNS64 and 464XLAT and the implications for DNSSEC and possible solution approaches, based on IETF work.

This is a hands-on workshop.

Participants need to bring their own laptops. I will provide a router and AP's to connect to the lab network, and we will setup a fully working "ISP" with 464XLAT.

The participants of this workshop need to bring a laptop with complete administrative rights (battery fully charged), even for the BIOS and wireless interfaces. They will need to use a Linux VM (provided during the workshop) with VirtualBox and have about 12GB free disk space

Jordi Palet Martinez, The IPv6 Company
 
 

Plenary

Tuesday, 27 August 11:00 - 12:30

1100hrs - 1130hrs: Peering Economics
Peering is fundamental to the Internet, but without considering its cost, peering can be expensive and ineffective. This talk looks at the economics of peering and explains techniques for getting the most from your investment.

Susan Forney, Hurricane Electric
 

 
 
1130hrs - 1200hrs: INX-ZA Update
INX-ZA operates 100% community-run IXP's, and have done so, since 1996. In this presentation, Nishal will walk us through some of the changes that they’ve gone through over the past few years to improve and scale their peering fabric.

Nishal Goburdhan, INX-ZA
 

 
 
1200hrs - 1230hrs: NAPAfrica & Africa Cloud Exchange Update
A brief update on the continued growth at the NAPAfrica Internet Exchange Points, including an introduction to new tools available to members. We will also highlight a few operational findings, and cover the adoption of the Africa Cloud Exchange product.

Andrew Owens, Teraco Data Environments
 

 
 

Plenary

Tuesday, 27 August 14:00 - 15:30

1400hrs - 1445hrs: A Potential Solution To The African Crisis
The recent announcement of two major submarine cable initiatives by Facebook and Google - titled Simba and Equiano - have plunged Africa into a crisis with deep divisions on how to react to the OTT's attempts at encircling the entire African continent with their very high fiber-count fiber, which has the potential to destroy the local and regional initiatives in that space. The keynote speech I will deliver will try to dive deep into the real problems facing the African carriers and how to deal with the OTT's from a strategic and economic perspective. I will try to come up with a potential solution to this crisis.

Sunil Tagare, OpenCables Inc.
 

 
 
1445hrs - 1530hrs: The Actual Landscape for Subsea Cables in Africa
  • Overview of the current market dynamics for international connectivity
  • Existing subsea cable infrastructure and its challenges
  • Business Case for new investments in subsea infrastructure
  • Investment structures for current subsea systems, and planned structures for new builds
  • Getting connectivity to more users in Africa


Byron J. Clatterbuck, SEACOM
 

 
 

Plenary

Tuesday, 27 August 16:00 - 17:30

1600hrs - 1630hrs: A New Internet? Introduction to HTTP/2, QUIC, DOH and DOQ
This talk will introduce three basic new protocols (with references to several IETF documents) that are already changing the way Internet works and are very relevant for operators. HTTP/2 was introduced already in 2015, based on the SPDY protocol developed and tested by Google. It allows multiplexing several requests into a single TCP connection, improving performance and avoiding the need to queue those request in the client and blocking among them. During the SPDY development, it was also obvious that TCP is inefficient for most of the actual Internet usages, so this work (IETF QUIC WG) is developing a UDP-based, stream-multiplexing, encrypted transport protocol. Finally, the DNS over HTTPS (DOH) IETF WG, is standardizing the encoding of DNS queries and responses over HTTPS, which will solve certain problems of existing DNS methods. This will avoid that authorities impose traffic discriminations or censorship, as if they wish to do so, with DOH they will need to restrict full access to the web server providing the DOH.

Jordi Palet Martinez, The IPv6 Company
 

 
 
1630hrs - 1700hrs: An Approach to Routing in a Clos
Clos explained and BGP-SPF approach described.

Randy Bush, Internet Initiative Japan
 

 
 
1700hrs - 1730hrs: The Complexity of Hyper Speed Transceivers - Let's make it
Thomas will describe, in detail, the structure inside optical transceivers. A Transmitter/Receiver Optical Sub Assembly (TOSA/ROSA) is no longer just a diode in a housing handling the light path to and from to the fiber. The performance increases from 10G to 100G and onward to 400G - are not only giant steps in bandwidth, they are also matching leaps in manufacturing. How did the optical industry players around the globe make it possible to squeeze everything into the tiny form factors we see today? It is about all precision - a microscope with a calm and competent hand is no longer sufficient. Now it is about; nano tolerances, testing, complex transceiver firmware and a shed load of money. This is the high precision optical mechanical engineering revolution which fuels the hyper growth of data centers and optical networking worldwide. Thomas will also dive into the basics of how FEC compensates for errors caused by PAM4 modulation.

Thomas Weible, Flexoptix
 

 
 

Tutorial

Tuesday, 27 August 16:00 - 17:30

1600hrs - 1730hrs: RPKI Origin Validation In Practice
Learn how to go about participating in RPKI-based route origin validation, from issuing ROA's to selecting and configuring Relying Party software and incorporating the results into an existing routing policy.

Ben Maddison, Workonline Communications
 
 

Plenary

Wednesday, 28 August 09:00 - 10:30

0900hrs - 0930hrs: Introduction to PeeringDB
PeeringDB has been around for 15 years. An entry in PeeringDB is a must-have if you want to interconnect with other networks. There is no other dabatase where you have all the information about networks, Internet Exchange Points and Facilities/Colocation in one place, nicely interlinked. As PeeringDB is so important, a Seattle (US) based association was set up in late 2015. In March 2016 a wholly new version of PeeringDB (PeeringDB 2.0) was released with an intuitive GUI and a powerful API. This presentation gives an overview of PeeringDB, both from an organizational as well as a technical point of view and highlights the latest developments. We also present statistics about the SAFNOG region from a PeeringDB perspective.

Arnold Nipper, DE-CIX
 

 
 
0930hrs - 1000hrs: The IPv6 Journey Of A Growing Provider


Greg Antic, Smart Technology Centre
 

 
 
1000hrs - 1030hrs: Raiders Of The Lost Ark
In search for the lost CE (RFC8585). What are the requirements for IPv6-on and IPv4-as-a-Service CE's (CPE's)?

Jordi Palet Martinez, The IPv6 Company
 

 
 

Tutorial

Wednesday, 28 August 09:00 - 10:30

0900hrs - 1030hrs: Critical Infrastructure vs. Computer Science vs. Software Engineering
To a large extent, the Internet has not been built on formal methods; principles of software engineering. Designers are proud that critical components were deigned on a serviette, and no thought was given to security. We are paying the price for this in a myriad ways.

This depressing, and sometimes terrifying talk, looks at some of the causes and some of the results. It tries to give some clues toward a constructive future.

Randy Bush, Internet Initiative Japan
 
 

Panel

Wednesday, 28 August 11:00 - 12:30

1100hrs - 1200hrs: Diversity In Tech (Panel)
We are closer to understanding Diversity in Tech.

This panel session will cover where we are in our understanding of the concepts of diversity and inclusion in the tech sector, as well as include some information that supports transformation in the workplace. Our panellists will be there to answer questions and share personal experiences of their time in the industry. If you would like to be a part of the conversations happening right now that will improve opportunities for all in ICT, then please attend.

Host: Yolandi Robinson, Teraco Data Environments
 

 
 
Christian Kaufmann, Akamai
 
Isabel Odida, The Network Center
 
Jarred Beckley, Mimecast
 
Janine Lario, Vox
 
Michuki Mwangi, Internet Society
 
Sara Hassan
 

Tutorial

Wednesday, 28 August 11:00 - 12:30

1100hrs - 1230hrs: IRR & RPKI Tutorial (Part 1)
Routing security is vital to the future and stability of the Internet and implementing best available and crucial fixes needed to reduce the most common routing threats is important. Some of the available technologies in achieving this include the use Internet Routing Registries (IRR) and Resource Public Key Infrastructure (RPKI). These technologies assist network operators in the following: - Global Validation: Publish your data so others can validate routing information on a global scale. - Filtering: Ensure the correctness of your own announcements and of announcements from your customers to adjacent networks with prefix and AS_PATH granularity

James Chirwa, AFRINIC
 
 

Plenary

Wednesday, 28 August 12:00 - 12:30

1200hrs - 1230hrs: Spectrum for South Africa And Connecting The Unconnected
The disparity of expensive data for the poor vs. cheap for the rich.

5G will not solve the affordable data issues.

The WAPA & USTDA trial to test commercial viability of TV whitespace in rural and semi rural areas.

Paul Colmer, WAPA
 

 
 

Plenary

Wednesday, 28 August 14:00 - 15:15

1400hrs - 1430hrs: Anatomy Of A Routing Leak
The fundamentals of Internet routing are still largely unsecured. A few recent events showed the fragility of BGP routing and the full scale of impact of a BGP leak. On June 24th, 2019, a large BGP leak disrupted of lot of the Internet traffic worldwide. This presentation will expose basic concepts about route leaks, a bit of history, and then unfold the events of June 24th, with some focus on the Africa continent. What efforts is the industry undergoing to address that systemic issue? What counter-measures are available today to protect your network and your customers?

Jerome Fleury, Cloudflare
 

 
 
1430hrs - 1500hrs : Next Gen Blackholing to Counter DDoS
Network attacks, including Distributed Denial-of-Service (DDoS), continuously increase in terms of bandwidth along with damage (recent attacks exceed 1.7 Tbps) and have a devastating impact on the targeted companies/governments. Over the years, mitigation techniques, ranging from blackholing to ACL filtering at routers, and on to traffic scrubbing, have been added to our toolboxes. Even though these mitigation techniques provide some protection, they either yield severe collateral damage, e.g., dropping legitimate traffic, are cost-intensive, or do not scale well for Tbps level attacks. In this talk we present our Next Generation Blackholing system, developed and deployed at DE-CIX by combining available hardware filters with a novel route server-based signaling mechanism. It builds upon the scalability of blackholing while limiting collateral damage by increasing its granularity. We present the design fundamentals and the building blocks while highlighting implementation challenges and performance evaluation.

Christoph Dietzel, DE-CIX
 

 
 
1500hrs - 1530hrs : Panel: The Relevance Of Speed Tests In 2019
With minimum bandwidth being delivered to service providers, enterprise organizations and home consumers, what is the usefulness of web-based online speed tests to qualifying the quality of one's Internet service?

Host: Donald Jolley, Mitsol
 

 
 
Ben Maddison, Workonline Communications
 
Jan Vermeulen, MyBroadband
 

Plenary

Wednesday, 28 August 16:00 - 17:30

1600hrs - 1630hrs: 4 months in: RPKI Origin Validation In Real Life
A semi-structured collection of experiences, anecdotes, war stories and vendor gripes from the early experiences of deploying RPKI-based route origin validation at AS37271.

Ben Maddison, Workonline Communications
 

 
 
1630hrs - 1700hrs: Routing Security - Why it matters
Routing security is vital to the future and stability of the Internet, but it’s under constant threat. In 2018, more than 12,000 routing outages or attacks – such as hijacking, leaks, and spoofing – led to stolen data, lost revenue, reputational damage and more. Last year, a routing leak by a Nigerian ISP caused some of Google’s traffic to be mis-routed through China, resulting in outages in many parts of the world; and in June of this year, a massive route leak knocked out large parts of the Internet offline for several hours. This presentation will provide an overview of the Mutually Agreed Norms for Routing Security (MANRS) initiative and highlight the reasons why it is increasingly important for Networks in Africa to implement the MANRS actions. The presentation will also demo the MANRS Observatory, a new online tool that measures the level of networks’ compliance to MANRS, a key indicator of the state of routing security and resiliency of the Internet. Finally, the presentation will showcase the MANRS online hands-on training lab and self-paced training materials designed to help train engineers on how to implement the MANRS actions.

Michuki Mwangi, Internet Society
 

 
 
1700hrs - 1730hrs : Netflow Data Analytics With ELK Stack & DDoS Attack Mitigation
NetFlow provides network administrators with a method of letting the administrator determines what passes through the network. The ELK (Elasticsearch, Logstash, and Kibana) stack is a set of tools for ingesting, storing and visualizing massive amounts of data. Putting the NetFlow into ELK, can provide engineers with detailed information on the origin and destination of network packets via visualization tools, costing and usage patterns, and can generate automated alerts on security anomalies. This talk will also describe how we mitigate large-scale DDoS attacks.

C.L. Lee, IP ServerOne Solutions Sdn Bhd
 

 
 

Tutorial

Wednesday, 28 August 16:00 - 17:30

1600hrs - 1730hrs: IRR & RPKI Tutorial (Part 2)
Routing security is vital to the future and stability of the Internet and implementing best available and crucial fixes needed to reduce the most common routing threats is important. Some of the available technologies in achieving this include the use Internet Routing Registries (IRR) and Resource Public Key Infrastructure (RPKI). These technologies assist network operators in the following: - Global Validation: Publish your data so others can validate routing information on a global scale. - Filtering: Ensure the correctness of your own announcements and of announcements from your customers to adjacent networks with prefix and AS_PATH granularity

James Chirwa, AFRINIC
 
 

Secure Your SAFNOG-5 Seat

Get In Touch

Please complete the form below for any queries and we will ensure that you get prompt assistance from one of team members.