Daily Archives

Gerardo Viviers - 19-05-2021 17:10:17
Hi everyone, I'm Gerardo Viviers from the RIPE NCC. This chat panel is meant for discussion ONLY. If you have questions for the speaker and you want the session chair to read it out, please write it in the Q&A window also stating your affiliation. Otherwise, you can ask questions using the microphone icon.

Please note that all chat transcripts will be archived and made available to the public on

Daniel Karrenberg - 19-05-2021 17:10:29
It was a quick impression. The real problem is also not the EU but the escalation in the sanction business by some states outside our service region who harm the business of you bank in their jurisdiction if the do business they do not like in *other* jurisdictions. That is really hard to deal with.

Alex Le Heux - 19-05-2021 17:11:21
@daniel: I wasn't suggesting that this was a simple problem. But it seems to be increasingly difficult to deal with, so I figured perhaps some more formal investigation/reporting might be useful.

Randy Bush - 19-05-2021 17:13:23
is the ncc planning to migrate k root to the cloud?

Jan Žorž - 19-05-2021 17:13:36
hope not...

Florian Streibelt - 19-05-2021 17:13:49
isn't is already? :)

Jelte Jansen - 19-05-2021 17:13:51

Daniel Karrenberg - 19-05-2021 17:13:57
I happen to know that there has been a lot of energy 'wasted' on this across executive board, managing director, legal, finance, ..... . Even I was consulted about relevant company history when the bank asked questions like 'why are you an association'. We are 'investigating'.

Peter Hessler - 19-05-2021 17:14:06
is anycast considered a cloud?

Jan Žorž - 19-05-2021 17:14:16

Gert Doering - 19-05-2021 17:14:17
if you burn it all, it turns into a cloud

Jan Žorž - 19-05-2021 17:14:38
@peter: if you are anycasting - then no

Daniel Karrenberg - 19-05-2021 17:14:46
I have a T-shirt that says: 'DNS, the original cloud service'.

Jan Žorž - 19-05-2021 17:14:54

Carsten Schiefner - 19-05-2021 17:15:50
@dfk: I have another one stating "DNS is the Root of all Evil". ;-> Thanks to CIRA.

Jelte Jansen - 19-05-2021 17:17:40
i work with several organisations with varying levels of 'clouded-up' services, from 'none-at-all' to 'if it's not cloud it's not real' and i'm far from sure you get more agility from clouding it up (quicker scaling, sure, but new services or large updates? not so much)

Peter Hessler - 19-05-2021 17:17:41
I always get the feeling "wider pool of talent" when it comes to cloud, actually means "less skilled". but maybe I'm just old and bitter.

Sander Steffann - 19-05-2021 17:18:26
peter: yes you are, but you're not wrong ;)

Peter Hessler - 19-05-2021 17:18:35
fair point ;)

Erik Bais - 19-05-2021 17:18:38
Peter .. No that is exactly what it is..

Farzaneh Badiei - 19-05-2021 17:18:46
But talent doesn't have to be skilled, Peter! :)

Erik Bais - 19-05-2021 17:19:06
Similar as with adding more consultants.. if you are not fixing the problem, there is good money to be made in prolonging the problem ..

Carsten Schiefner - 19-05-2021 17:19:12
your definition of talented then, Farzaneh? ;-)

Kaveh Ranjbar - 19-05-2021 17:19:13
@peter, I feel you. On the other hand, if we are in for the long run, we need to make sure in the coming years we can find enough number skilled people to maintain our services and improve upon them. So, there is a good balance.

Job Snijders - 19-05-2021 17:19:25
A challenge with "cloud" is that it requires different disciplines and skills than "traditional" (without judging which one is better). Both approaches are different styles of organizing service delivery. I'm happy to see there is a CCoE - this makes a lot of sense to set up when one explores cloud

Jan Žorž - 19-05-2021 17:19:26
I love cloud - until the cloud is on my disks in my servers inside my datacenter :)

Marco d'Itri - 19-05-2021 17:19:35
@Peter it means "we suck at programming and sysadmining so we hope that Amazon will do some of that or us"

Denesh Bhabuta - 19-05-2021 17:19:45
*until* or "as long as", @Jan?

Jan Žorž - 19-05-2021 17:19:53
as long, yes :)

Denesh Bhabuta - 19-05-2021 17:20:04
Thought so. :-)

Jan Žorž - 19-05-2021 17:20:16
direct translation from my language to english ;)

Denesh Bhabuta - 19-05-2021 17:20:24
I wondered if someone was impersonating you.. not very well.

Farzaneh Badiei - 19-05-2021 17:20:32
talented people grasp the concept quickly, focus on the problem, learn the necessary skills in a short amount of time.

Job Snijders - 19-05-2021 17:20:34
next step, perhaps a Testing Centre of Excellence or Monitoring Centre? :)

Kaveh Ranjbar - 19-05-2021 17:20:42
@job, totally agree with you. The thing is, we like it or not cloud is happening. While we understand our unique role and will never out source our core to some external providers, we need to see where we can utilise new services and be in control.

Daniel Karrenberg - 19-05-2021 17:20:52
@alex: what I try to get at that there are no easy solution to this sanction mess. it is a global trend that even transcends jurisdictions. so escaping by moving to another jurisdiction is not likely a solution.

Erik Bais - 19-05-2021 17:20:54
Jan Zorz : Synology Cloud doesn't apply here ;)

Kaveh Ranjbar - 19-05-2021 17:20:55
@job and the KPI dashboard will come up :)

Jan Žorž - 19-05-2021 17:21:17
@Erik: :) :) :)

Job Snijders - 19-05-2021 17:21:17
RIPE's KPI dashboard... RKPI *brain hurts*

Gert Doering - 19-05-2021 17:21:22
@kaveh that is just not correct. Yes, people do cloud, but the conclusion "so all we do has to be in the cloud as well" is not true

Kaveh Ranjbar - 19-05-2021 17:21:30
@erik, as long as it is someone else's machine, it is cloud in my book :)

Alex Le Heux - 19-05-2021 17:21:47
@daniel: and what I'm trying to get at is that it might be worth looking into this more deeply, instead of relying on gut-feeling

Peter Hessler - 19-05-2021 17:22:02
when did GCP get IPv6? I thought that was only available in their load balancer cost centre

Kaveh Ranjbar - 19-05-2021 17:22:23
@gert, I did not say so we have to be there as well at all. to the contrary, there are a lot of opportunities and we will need to be able to asses and use them, where they can be beneficial

Andreas Härpfer - 19-05-2021 17:22:46
@Peter: Still only available for global LBs in GCP. No IPv6 in VPCs.

Gert Doering - 19-05-2021 17:22:54
@kaveh well, you said "it is happening, like it or not"

Gert Doering - 19-05-2021 17:23:11
that sounds a bit like inevitable fatalism

Peter Hessler - 19-05-2021 17:23:16
@Andreas that's what I thought was the case

Marco d'Itri - 19-05-2021 17:23:27

Florian Streibelt - 19-05-2021 17:23:35
and you just hope that the cloud provider knows all the databases insuide out and your applications and can tune them to RIPE NCCs needs.... I am not... convinced

Jan Žorž - 19-05-2021 17:23:43
no IPv6 as a basic requirement for cloud selection? :)

Kaveh Ranjbar - 19-05-2021 17:23:47
@gert sorry for not clear language. What I am saying, the world around us is changing anyways and if we can take advantage of these changes, we should.

Kaveh Ranjbar - 19-05-2021 17:24:21
and yes, I am a bit fatalist in my world view :) happy to discuss that wrt cloud.

Gert Doering - 19-05-2021 17:26:09
indeed, IPv6 should be a hard criterium

Jan Žorž - 19-05-2021 17:27:35
I did not see it on the list...

Sander Steffann - 19-05-2021 17:28:03

Erik Bais - 19-05-2021 17:28:15
Any requirement if the Cloud provider is actually going to be present in the next 10 years with the service ...

Jim Reid - 19-05-2021 17:30:24
@gert Suppose the choice is between a Chinese v6 provider or a European v4-only one. Then what? I agree v6 provision is very important but there could be other icky trade-offs.

Sander Steffann - 19-05-2021 17:30:59
@jim: I don't think that that's a realistic example…

Gert Doering - 19-05-2021 17:31:06
@jim but it isn't. There is enough providers in EU mainland that offer a) cloud and b) IPv6

Sander Steffann - 19-05-2021 17:31:18
IPv6 is available in enough cases

Christian Bretterhofer - 19-05-2021 17:33:09
vote for hard Ipv6 requirement

Jim Reid - 19-05-2021 17:33:27
Sander, I wasn't saying this was an actual example - just that there *could* be other factors which make it difficult to pick a v6 provider.

Nicola von Thadden - 19-05-2021 17:33:27
Yes, the not was too much

Peter Hessler - 19-05-2021 17:33:27

Daniel Karrenberg - 19-05-2021 17:34:08
RIPE Atlas Data in Google Big Query is not what I would call a 'core service' ..... yet. Also the data is available in other ways, just not as conveniently.

Jan Žorž - 19-05-2021 17:36:09
@Jim: with IPv6 and in EU :)

Gert Doering - 19-05-2021 17:36:21
@jim in 2021 we should not be willing to accept excuses to not-deply v6. The NCC has been tasked with "provide IPv6, always" by the members 10+ years ago.

Jan Žorž - 19-05-2021 17:36:35

Dmitry Kohmanyuk - 19-05-2021 17:37:10
to be fair, I bet the contract signed with Amazon and Google would be with their Irish subsidaries, which are EU-based.

Sascha Lenz - 19-05-2021 17:37:17
I'd call RIPE Atlas the most important service the RIPE NCC provides for my daily operational work ;->

Dmitry Kohmanyuk - 19-05-2021 17:37:46
essential or important? the sublety of NIS2…

Daniel Karrenberg - 19-05-2021 17:37:49
@dimitry based != controlled.and where do they pay their taxes these days ...... .

Peter Hessler - 19-05-2021 17:38:06
the US government doesn't care if the contract is signed with a subsidary, which is the core to sander's point.

Dmitry Kohmanyuk - 19-05-2021 17:38:23
they pay their (quite low) taxes in EU, using double Dutch sandwich with a slice of money repatration

Daniel Karrenberg - 19-05-2021 17:38:28
@sascha: the big query service?

Sascha Lenz - 19-05-2021 17:39:40
@daniel nah, not that, mind the smiley that was just a nod to the service in general sorry for the confusion

Daniel Karrenberg - 19-05-2021 17:39:56

Piotr Strzyżewski - 19-05-2021 17:40:55
Thanks. Well said!

Daniel Karrenberg - 19-05-2021 17:43:19
It is so wrong to make this a confrontation between community engineers and RIPE NCC engineers. The RIPE NCC engineers are professionals. We should frame this around *requirements* and not solutions. And always keep in mind the cost of each requirement.

Rüdiger Volk - 19-05-2021 17:43:34
@Job: "RIPE's KPI dashboard... RKPI *brain hurts*" better call it NCC's KPIs - disambiguates from "R" - also ask "have we defined KPIs for RIPE?"

Job Snijders - 19-05-2021 17:44:13

Brian Nisbet - 19-05-2021 17:45:00
What about RIPE's RPKI KPIs?

Jan Žorž - 19-05-2021 17:46:28

Brian Nisbet - 19-05-2021 17:47:25
Realising repeatedly RIPE's RPKI KPI capability... I'll stop now.

Jan Žorž - 19-05-2021 17:47:35
for clarification: I think that RIPE TAL must never go to the cloud...

Job Snijders - 19-05-2021 17:47:46
I would love to spend some time in a focus group to explore/define RPKI KPIs, I mailed a few ideas already to routing-wg@ in the last few weeks

Job Snijders - 19-05-2021 17:48:34
@Jan - the TAL is hosted on your local hard disk, it is not distributed through the cloud but through software packages suck as 'apt install rpki-trust-anchors'

Job Snijders - 19-05-2021 17:49:09
The TA (the .cer file the TAL points to) can be hosted anywhere that is up: cloud, premise, floppy disk, the transport does not matter. As long as the RP can easily reach it - so anycasted rsync or CDN for RRDP makes sense

Gert Doering - 19-05-2021 17:49:48
CDN actually sounds like a good way to make the distribution DDoS-resilient

Job Snijders - 19-05-2021 17:49:51
However, the RIPE HSM probably should not go in the cloud

Sander Steffann - 19-05-2021 17:49:59
gert: +1

Sander Steffann - 19-05-2021 17:50:05
job: +99999

Niall O'Reilly - 19-05-2021 17:50:22
@Sander: five nines!

Nathalie Trenaman - 19-05-2021 17:50:27
Job, I really would like to discuss the RPKI KPIs with you.

Nathalie Trenaman - 19-05-2021 17:50:49
and there is currently no discussion about bringing the HSMs to the cloud

Dmitry Kohmanyuk - 19-05-2021 17:51:09
so then we need to have a hard list of things to be kept on-prem always

Sander Steffann - 19-05-2021 17:52:11
I'd think that would be a no-brainer, but yeah, writing it down can't hurt :)

Erik Bais - 19-05-2021 17:52:46
Nathalie : I see a cup of coffee to be scheduled.. Let me know if I can join ...

Peter Hessler - 19-05-2021 17:52:50
writing it down makes it clear. and so my no brainer agrees with your no brainer :)

Marco d'Itri - 19-05-2021 17:52:52
I think that the community was clear on the main requirement: NCC should not use any cloud service which causes lock-in

Dmitry Kohmanyuk - 19-05-2021 17:54:32
i think all cloud services have some lock-in. this is all pretty young tech, there is no IETF work on cloud standartization yet

Erik Bais - 19-05-2021 17:54:40
Kurtis : We need to wrap up.. time for a short break and move to the GM ..

Kurt Erik Lindqvist - 19-05-2021 17:54:55
I know...

Kurt Erik Lindqvist - 19-05-2021 17:55:11
it wouldn't be NCC SErvices if we didn't overrun...

Dmitry Kohmanyuk - 19-05-2021 17:55:34
so RIPE better define its “virtual cloud” and maybe shake its own operations to be compliant with it. Ok, TTYL

Erik Bais - 19-05-2021 17:55:49
Thanks for the info Kaveh.

Brian Nisbet - 19-05-2021 17:56:04
Can't overrun any more, too many people logging in from around the world...

Gert Doering - 19-05-2021 17:56:18
I am not going to candidate for NCC services chair :-) - it's more fun to bash the NCC as a regular wg member

Gerardo Viviers - 19-05-2021 17:56:21
This session has now ended. More info on the RIPE 82 meeting plan: