Full days

Sheraton Hotel Kampala, Victoria Room, 1st Floor,

Registration is now closed.

Champions: Charles Eckel (from US - Cisco, [email protected])

• Michelle Opiyo
• Isabel Odida

Relevant RFCs

• YANG: https://tools.ietf.org/html/rfc6020
• NETCONF: https://tools.ietf.org/html/rfc6241
• RESTCONF: https://tools.ietf.org/html/rfc8040
• YANG Catalog: https://yangcatalog.org/
• YANG Models: https://github.com/YangModels/yang

At hackathon we will:

• Have a brief introduction to APIs and how they enable programmability in general
• Review and discuss network programmability concepts and components
• Use pyang to interact with YANG models
• Use Python ncclient library to interact with network devices via NETCONF
• Use Postman and Python requests library to interact with network devices via RESTCONF
• Create examples of network automation on a sample network

Prerequisites

• Basic familiarity with a Unix/Linux shell environment
• A laptop setup with a development environment for use during the hackathon
• Instructions to setup your development environment
  • Access is free but a DevNet account is required
  • Login or create an account quickly with this AIS Hackathon specific link https://developer.cisco.com/join/ais19
  • Step by step instructions for Windows, MacOS, and Linux (CentOS).

(Optional) Self paced online training modules available on Cisco DevNet

• Access is free but a DevNet account is required
• Login or create an account quickly with this AIS Hackathon specific link https://developer.cisco.com/join/ais19
• REST API Fundamentals Learning Module
• Programming Fundamentals Learning Module
• Introduction to Model Driven Programmability (e.g. YANG, NETCONF, RESTCONF)

Join Webex Team Space for Network Programmability: https://eurl.io/#S1NEG4VkS

• Click on URL to be invited into “Hackathon@AIS Network Programmability” space
• Use this space to share share information, ask questions
• Available during and after hackathon

Learning Materials presented during course of hackathon.

Results presentations

• programmability.pdf
• Creating Additional Scripts to Configure
• Network programmability, Overcoming Common error with postman

Champions: Prof. Nabil Benamar (From Morocco - School of Technology Meknes, University of Moulay Ismail)

• Manhal Mohammed

Materials

The main goal of this track is to see how IPv6 will work in vehicular environment, namely through the IEEE802.11-OCB frame (OCB, earlier “802.11p”).

• IPWAVE - https://tools.ietf.org/html/draft-ietf-ipwave-ipv6-over-80211ocb-45
• In this track, we will try different OCB cards and different drivers for Linux.
• ath9k driver on OCB mode in linux, recompiling the Kernel and test IPv6 connectivity over OCB mode.
• ath10k driver on OCB mode in linux.
• Testing new WiFi cards like 802.11ac at 5.9GHz, and then the IPv6 connectivity.

Prerequisites:

• Basic IPv6 and Neighbor Discovery Protocol
• Linux (Command ligne and Kernel compiling)

Presentations: ipwave_presentation.pdf

—-

Champions: Willem Toorop - (NLnet Labs) - Jasper den Hartog - (RIPE NCC)

• Jasper van Hertog

Materials

• Introduction presentation

1. We have setup a Slack channel for discussion within this track. Please Signup for the hackathon channel here
2. Linux command line available with VM on NUC accessible with OpenSSH or putty

Encryption everywhere. It’s an initiative in the technical community that started as a reaction to Edward Snowden’s revelations about the NSA’s widespread surveillance and pervasive monitoring. All of these efforts are aimed at protecting the complete path between the user and the service. This means authentication and encryption should start at the edge of the network, with the end user. As just about any interaction on the Internet starts out with a query for a domain name, it puts the DNS at the core of achieving this ultimate goal.

The IETF has developed two methods for providing privacy for DNS:

• DNS-over-TLS (DoT): RFC7858 and RFC8310.
• DNS-over-HTTPS (DoH) as specified in RFC8484.

Mozilla recently announced that they have implemented DNS over HTTPS in Firefox and would like to deploy it by default for their users (Mozilla announcement). They intend to select a set of Trusted Recursive Resolvers (TRRs) that will be used for DoH resolution. Requirements for TRRs are published here. Currently there is a single TRR in Firefox: Cloudfare's 1.1.1.1.

Also DNS-over-TLS currently is mostly available trough cloud provided DNS services, like: Cloudflare's 1.1.1.1, Google's 8.8.8.8, and Quad9's 9.9.9.9.

Within this hackathon track we will address the following questions:

1. How would centralized cloud provided DNS resolvers impact Internet in the African region?
2. Does it have performance implications?
3. Does it have other implications? (Political?)
4. Is it beneficial and achievable to provide local DoT or DoH resolvers?
5. How can this best be achieved/realized?

To address the question of performance and latency we will utilize RIPE Atlas, a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices that measure Internet connectivity in real time. We will do measurements from RIPE Atlas probes in the Africa region to measure the latency from them to the cloud provided DNS services and compare that to the network provided resolver.

The density of RIPE Atlas probes in the Africa region is still quite low (see https://atlas.ripe.net/results/maps/density/ ), which we can hopefully improve a little during the hackathon by handing out RIPE Atlas probes for people to connect in their own network.

1. High level overview: https://atlas.ripe.net/landing/about/
2. To get started with RIPE Atlas: https://www.ripe.net/support/training/webinars/webinar-recordings/webinar-ripe-atlas
3. RIPE NCC provided a voucher providing 5,000,000 credits. The voucher code will be provided during the hackathon, and can currently also be found in the Slack Channel. (Thank you Lia!)

During the Internet Measurement Workshop this weekend we scheduled i.root-servers.net A query measurement to:

1. 1.1.1.1 - https://atlas.ripe.net/measurements/22015773/
2. 8.8.8.8 - https://atlas.ripe.net/measurements/22015800/
3. 9.9.9.9 - https://atlas.ripe.net/measurements/22015801/
4. Local resolver - https://atlas.ripe.net/measurements/22015822/
5. Local resolver - https://atlas.ripe.net/measurements/22015846/

To determine if DNS is hijacked:

1. schedule whoami.akamai.net A to 8.8.8.8
2. Returned IP's should be in this list

Tools for “advanced” scheduling of RIPE Atlas measurements

1. CLI: https://ripe-atlas-tools.readthedocs.io/en/latest/
2. Python library: https://ripe-atlas-cousteau.readthedocs.io/en/latest/
3. API: https://atlas.ripe.net/docs/api/v2/reference/

A considered measurement has to take along the deployment properties of the network provided resolvers we are comparing with. Are they optimally close to the probes? The IXP Country Jedi is a project that shows if the Internet traffic paths within a country stay within that country. As an example, here are the IXP Country Jedi results for South Africa: http://sg-pub.ripe.net/emile/ixp-country-jedi/latest/ZA/ixpcountry/index.html The Resolver Jedi will build upon this idea and show if the DHCP configured resolver on Atlas Probes are within the same country and also the path towards that resolver.

1. Github repository: https://github.com/emileaben/ixp-country-jedi

For performance and or political reasons it can be desirable to run your own DoH server. This can be done in different ways. For example DoH on the same server that runs an website might provide better privacy properties.

For optimum performance we also have to consider:

• TLS Session Resumption
• TCP Fast Open

Investigate and create instructions for setting up a DNS over HTTPS (DoH) service. Either shared with a regular website and/or offering it as a standalone resolver service.

Try to get a client setup and working:

• Enable DoH in firefox: https://www.bleepingcomputer.com/news/software/mozilla-firefox-expands-dns-over-https-doh-test-to-release-channel/
• Enable DoH in bromite: https://github.com/bromite/bromite/wiki/Enabling-DNS-over-HTTPS
• Overview of DoT and DoH clients: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients

Test if it is working:

• https://1.1.1.1/help

Setup server software on a VM on the NUC:

• At the last RIPE meeting (78) Carsten Strotmann gave a very nice overview presentation on the current state of the software ecosystem for DoH and DoT.
• His full list of client and server DoT and DoH implementations van be found here: https://doh.defaultroutes.de/implementations.html
• Very recently at the DNSHeads meeting in Vienna, the people from the Applied Privacy Foundation gave an presentation on their operational experience providing DoH service. Their presentation is available for download here: https://appliedprivacy.net/files/2019-06-12_DNSheads_Vienna_DoH_Server_Software_Experiences.pdf

Providing unhinderable undetectable DNS service is one of major motivations behind DoH, but there is the other use case: providing full DNS access to web applications. Regular DoH (as defined in RFC8484) delivers DNS messages in “wire” format with media type `application/dns-message`, which is impracticable for web applications to manage.

There is another media type (`application/dns+json`) defined in RFC8427 which delivers DNS messages in a new web applications friendly “JSON” format.

• Are there DoH server solutions that support the new media type?
• Is it possible to modify or extend one of the DoH server solutions?
• If so, this would be a great hackathon project too!

• Your own laptop
• Good knowledge of Linux and how to administer software with it
• For doing and processing RIPE Atlas measurements, Python is a big plus!

Champions: Loganaden Velvindron (AFRINIC) & Jeremie Daniel (University of Mauritius and cyberstorm.mu)

• Christer Weinigel
• Jeremie Daniel

Materials

• NTS interop
• https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/
• NTS measures are to enable NTP entities to cryptographically identify their communication partner, to ensure authenticity and integrity of exchanged time synchronization packets, and to provide replay protection.

Requirements: laptop with latest ubuntu with latest wireshark.

Presentations

1. Johnson Haguma and Mohammed Sultan Khamis ntp_presentation.pdf

Champions: Fred Baker and Stephen Honlue (AFRINIC)

• Brice Abba

Materials

• Relevant RFCs
  • IPv6 Specification: https://tools.ietf.org/html/rfc8200
  • ICMPv6: https://tools.ietf.org/html/rfc4443
  • NDP over IPv6: https://tools.ietf.org/html/rfc4861
  • IPv6 Addressing Architecture: https://tools.ietf.org/html/rfc4291
• At the hackathon we will:
  • Have a brief introduction to IPv6 functions and features
  • Do an overview of Linux kernel and APIs
  • Wireshark displays of what sessions look like
  • Get some IPv4-only open source application (not yet identified) to be IPv6-only, or dual stack.
• Prerequisites
  • Read the above RFCs
  • Basic familiarity with a Unix/Linux shell environment
  • A laptop setup with a development environment.
    • Install virtualbox: https://www.virtualbox.org/wiki/Downloads
    • Install Wireshark: https://www.wireshark.org/download.html
  • Knowledge of programming in C/python…
  • Likely program to work on: https://github.com/brouberol/myip
  • Wambui's myip in Python: https://gist.github.com/wambu-i/047175fca861714563ad39ab46798519

—-

  Wednesday, June 19th
      08:00: Room opens 
      09:00: Introduction and Opening
      10:00: Teams break out. Led by project champions.
      10.30: Break
      12:30: Lunch Break
      15:30: Afternoon break
      18:00: End of Day 1
  
  Thursday, June 20th
      08:30: Room opens and Teams break out. Led by project champions.
      12:30: Lunch Break
      16:00: Hackathon ends
      17:00: Tear down complete - End of Day 2

• Remote access equipment within CISCO network
• PCs
• ATLAS Probes (https://atlas.ripe.net/)

• Introduction to NTP Protocol
• Introduction to Network Programmability
• WireShark intro
• Intro to Linux/BSD
• Webinars to introduce participants to various tools* Familiarity with the IETF prior to the event (http://ietf.org) and RFCs (https://www.ietf.org/rfc.html)
• Familiarity with GitHub prior to the event would be useful to have (http://github.com)
• Online course on NTP and Networking will be made available to participants prior to the event

• Projector
• Internet connectivity
• Virtual Box (on trainees laptops)
• Server for virtualization - used an Intel NUC
• VMs to be using Ubuntu LXCs with Python pre-installed
• LibreOffice - useful for editing all document versions (especially PDFs!!)

• Comfortable programming in C and Python (other languages are also a bonus)
• Experience working with the UNIX/Linux Shell
• Familiarity with IPv4 and IPv6
• Understanding of Networking and Client - Server architecture
• Prior experience with UNIX and Linux system administration would be a bonus
• Knowledge of WireShark and its plugins

• Bring a laptop on which you are comfortable developing software
• You may be required to install additional software
• Anything else that is required will be provided, such as Virtual Machines if needed
• Installing and becoming familiar with VirtualBox or something similar will help
• Wireless access to the Internet will be provided
• Team ethic (working as a team to solve a problem)

• Guidance on how to organize similar hackathons
• More TBD

Cisco DevNet

To see the 2017 Hackathon click here: https://hackathon.internetsummitafrica.org/doku.php?id=hackathon2017

To see the 2018 Hackathon click here: https://hackathon.internetsummitafrica.org/doku.php?id=hackathon2018