RIPE 82

Daily Archives

RIPE 82
.
Open Source Working Group
.
18 May 2021
.
13:00 (CEST).
.


MARTIN WINTER: It's one o'clock, I think time to start.
.
Welcome, everyone, to the Open Source Working Group. I hope you can all hear me well, so let's just start.
.
We have a very interesting programme again, so a few more details of that in a minute.
.
First thing, housekeeping:
.
If you are joining with Meetecho, that's how you can actually send the audio questions. So we have like the ‑‑ on the top there you will see some of the audio/video queues there, you can put in ‑‑ as I say, the key thing is remember to have your name and affiliation and state it out loud if you are talking. There is also a Q&A window if you'd rather write it and then we will read it out to the speaker and answer it.
.
The sessions are recorded, and the chat logs and all that stuff.
.
With that, I'll hand it over to my co‑chair, Ondrej.

ONDREJ FILIP: Thank you very much, Martin. Please let me introduce the agenda. As usual, we have a very interesting agenda but you know it since it's your favourite Working Group. So we are basically doing the administrative matters, we have three great presentations. First will be from Alexander from Qrator Labs and it's about Mlxtoolkit and it's a very interesting project. So that's presentation number one.
.
The second will be done by Marcos from DE‑CIX, although it's probably on behalf of more organisation, it's an open source tool for IX‑API, which I think was developed jointly by M6 Links (?) and DE‑CIX, this one is python, but again something related to routing switching.
.
And the last one will be presented by Csaba and Frederic from freertr, it's an update since RIPE 71, and this is a project which was already as I said presented, it's written in Jabber and again it's really routing as you like it in open source which those presentations are aren't here very often.

So, with that, I think we can continue with the minutes, unless you have some comment or additions, so do you have any additions? Do you want to change something? I'll wait ten more seconds. And if I don't hear anything, which do not hear, I will pass the mic back to Martin to start with some administrative matters.

MARTIN WINTER: So, I already welcomed you so it's great to have an audience again. I see a bit more than 300 are here. I welcome also the few thousands who will listen to it afterwards in the archive.
.
The agenda, as already mentioned, I am not sure if there are any questions/changes requested for the agenda?
.
I don't see anything, so ‑‑ then we have the minutes from the previous Working Group meeting, as always, they are always posted on the RIPE page, you can always go look at them. There is a wonderful job done to write the stuff up and post‑it there. It probably was mailed out to the list, I'm not absolutely sure on that one, but they are always, like, posted there.
.
Our action list. I don't think there is anything else, if there is anything which should have been there, feel free to speak up, but other than that, I think let's just get ready with the cool talks. And I think I'll give it back so, Ondrej.

ONDREJ FILIP: Thank you, Martin. So, I'd like to welcome Alexander Zubkov from Qrator Labs.

ALEXANDER ZUBKOV: Hello, my name is Alexander, I work in Qrator Labs and today I want to present to you our tool we use to configure Linux which is running if you are not familiar with Switchdev I have written an introduction do it. It's an infrastructure in the Linux Kernel that allows the switch driver to map its on figures to Linux network interfaces, and this process is called the ‑‑ when you use the different tools, this means this configuration is also installed to the hardware of the switch. So you can use basic and common Linux tools like IP route and these to configure your switch and that's great because you also can use any other tool that is available for Linux to ‑‑ on your switch like route and daemon in terms of software.
.
But there is a little issue, your configuration will look like this, you need to configure everything step by step from the lower way by small pieces, and for start‑up of your switch, you can create a big script which will do all that, and if you are accurate, it's somewhat manageable by backend. But of course you want to introduce some changes in your configuration, and of course you surely do not want to reboot your switch every time to apply this configuration. Sometimes you need to review some parts of your configuration for that and that may be complex and you need to be very accurate when you are doing that by hand, so that you shouldn't ruin your configuration badly.
.
And that is not the worse part, I think. If you configure in ACLs or in other filtering, you need to work with TC filters, and here is an example of its output and it was very hard for me to look at it and to try to understand where I should put some changes here, and I was very sad about it, and that's why I wrote a couple of tools that we open‑sourced some time ago, and the MIT licence, as Ondrej said, it's written in Perl, and there are two scripts, mlxrtr, it allows to configure interfaces in routing, and the second one is mlxacl, it allows filtering on your switch. It creates a shared filter on all physical interfaces and allows to define routing, filtering chains per VLAN.
.
So here you can see an example configuration of these scripts. It consists of sections for mlxrtr, you have sections for interfaces, for example, for VLANs and so on, and for mlxacl you see we have sections for UNs and also you have some chains.
.
If you apply ‑‑ if you run mlxrtr with that config, it will generate a set of Linux comments and execute them, and as I said, your configuration needs to be configured step by step and you can see it the same. It configuration various things via Switch with simple interfaces and finally it applies ‑‑ it gets addresses and routes for the switch.
.
And when you want to make some changes, for example, I move to one of the ports from for one to another, and to implement it you again apply the configuration with the tool, and it's ‑‑ it looks that the current state to the desired state and implement it requires changes.
.
For example, here, it needs to ‑‑ interface from current one, it detaches the new bond from the bond, then detaches the interface to the new bond and then reattaches the new bond to the breach again, and it brings the interfaces up.

These steps are required because there are some restrictions cannot like add interface to the bond which is attached to the bridge already. So we need to detach them and do all these things and it is hard to do by hand, so this tool is very handy.
.
And here is how mlxacl works. It creates chains that define in configuration with the route and in the main chain it matches VLANs and jumps by code to specific chains.
.
Again, if you wanted to implement some ‑‑ introduce some changes to the configuration, for example I delete one rule, it does it that way, it creates all the affected chains with the new numbers and then rearranges ‑‑ then it adds a new VLAN matches and arranges them drops the old ones, and so it gives you the new configuration. So that's all I want to show you.
.
I hope this tool will be helpful to someone else and ease someone's life too.

ONDREJ FILIP: Thank you very much, Alexander. Are there any questions for Alexander? I guess there is one in the Q&A section.
.
So I will read it:
.
Sia Saatpoor: "Given emerging technologies such as software define and Internet‑based networking where the emphasis is on automation and less human interaction in development, I wonder what is the value of these tools or similar tools?"

ALEXANDER ZUBKOV: Of course there are many tools that allows, like, to make some software defined and programmable like configurations, but I don't know ‑‑ there are still tools that you need to use by hand and you do not need always to use some complex tools to configure maybe one switch.

ONDREJ FILIP: Okay. Thank you. Any other questions? I don't see ‑‑ so I will ‑‑ the fact that I'm here and I can speak, I will ask you, what was the main motivation to write this? Do you use this tool in your ‑‑

ALEXANDER ZUBKOV: Yes, we use it in production. Actually, we ‑‑ the configuration we generated, but, like, we do not have a lot of switches and we still, like, implement configurations manually mostly, and to check that everything is all right. But, of course, if we will have a bit path, we will look to what some more complex automated technologies.

ONDREJ FILIP: Okay. We have a question from Michael Richardson:
.
"When do you use Switchdev, do you see LDP messages in the Linux host?"

ALEXANDER ZUBKOV: Yes, we have all DPD MON running on the switch also, and we use ECPS on the switch valid device.

ONDREJ FILIP: Okay. Thanks. Any other questions? So then one last one, I promise, from me. You know, Alexander, why did you choose Perl?

ALEXANDER ZUBKOV: Because I know it. And I'm not a big like ‑‑ not fond of Python.

ONDREJ FILIP: I see. Okay. Excellent. I don't see any questions. I'm not sure ‑‑ at the discussion, like which will has just mentioned this tool is very valuable and the Linux is ‑‑ so it's probably some good feedback for you. Excellent. Thank you very much.

MARTIN WINTER: There is one more question.

"Do you see the working with other Switchdev targets beside mlx?

ALEXANDER ZUBKOV: I didn't try it. To use ‑‑ if the structure of the configuration and the features supported by other switches are similar, I think there is no problems to use the tool, or it can be adapted to easily ‑‑ there are also not so much switches supported by Switchdev now. I hope that this will change some day.

ONDREJ FILIP: Excellent. So, I think we can move on. Thank you very much. Applause for you.

ALEXANDER ZUBKOV: Thank you.

ONDREJ FILIP: I would like to welcome Marcos from DE‑CIX. Nice to see you Marcos. You have the presentation by IX‑API. So the floor is yours.

MARCO SANZ GROSSÓN: Thank you very much. Can you hear me?
.
Let me share the screen.
.
I am here today to talk about open source for the IX‑API. My name is Marcos, I am the head of software at DE‑CIX, but as already said, this is not just the work of DE‑CIX; this is the work of three three organisations and I am standing here representing the work of these three organisations.
.
Open source for the IX‑API. So what is the IX‑API? Let me recap a bit on that to start with.
.
So the IX‑API, it's a joint effort of AMS‑IX, DE‑CIX and LINX and they said that there was a need to create an industry standard for an API to provision and configure inter‑connection services.
.
So, they started already in 2019, was introduced at the European forum in that year, and, afterwards, was presented at RIPE 79. And I remember that one because it was one of the last physical ones I was able to attend. It was Thomas King presenting the IX‑API at the Plenary.
.
So if you want to know, learn more been IX‑API, that's the website of the project and kindly take a look at that.
.
What has happened since then?
.
Well, what we presented back then was the Version 1 of the API, and, since then, this is a new API Version 2, which was introduced in September 2020. While the v1 concentrated on peering features, the peering product, the new Version 2 has extended and has now Cloud connectivity, so it offers Cloud connectivity products, private VLANs, point to point, and also point to multipoint or multipoint to multipoint, what we call the closed user groups. And while doing this, while introducing this new product and features, we realised we had to break a bit with the way that this was designing in v1, and introduce a new abstraction layers and new modularity in the standard to be able to deal with this and be able to extend in the future.
.
So, unfortunately, V2 is not backwards compatible to v1 but has all the features that v1 has, so peering is included there. If you want to try it, I really recommend you go directly for V2. But what I'm especially proud of and what I think is that these people had done a really excellent job is it's offering these products ‑‑ offering to Cloud connectivity in a Cloud provider independent way. It encapsulates in way all the details and the work flows of different Cloud provider, whatever it is, you name it, all the specialities are encapsulate and abstracted away so that you can programme your code in a provider independent way, and as far as I know, to my knowledge, this hasn't been done before.
.
So it's a good standard.
.
Moving on. What's deployment status?
.
Well, the incumbents are deploying this, obviously, also Intel connection providers like Epslion or Interaction are users. NetNod is also very well known as well. But not only companies coming from the industry of interconnect activity, but, for instance, last week we just got Daimler, the German car maker, on board to start using IX‑API so they could provision automatically the Cloud circuits via the DE‑CIX offer.
.
So that's the status of deployment.
.
Now, just as a last note, the DE‑CIX portal, we have a web portal for our customers built on top of IX‑API implementation. What I want to highlight is it's a good API and it's possible to build a fully responsive and interactive web portal just using the primitives that the IX‑API offers.
.
But, what I want to talk here with you is about open sourcing in Python, which is better than Perl, by the way. Okay. So that's the URL of the project at GitLab and it's not just one project, it's eight projects and everything is public so you can access directly publicly so it's the schema of the standard are there. The test suite that determines whether you are compliant or not to the standard. The reference client, which is being used in the test switch to run all the tests. We have a Sandbox ‑‑ actually two Sandboxes, and a Sandbox is like a kind of an IXP emulator that you can set up and start running and then you can use your client's toolbox or check with for compliance of your end code towards that Sandbox.

Two versions: V1 for the old version and the standard V2. And obviously all the rest. So even the website is open source and you can go there and download everything.
.
Licence: Apache 2.0. Python, Django and Django REST. Useful words in there. It's a restful API. Open API documentation. JSON and YAML and you can download statistics on it.
.
I want to focus a bit on the client because I am going to make use of that one today, okay. So it's a Python client and it only supports V2, but it's very powerful. And what I would like to do now is to take the client out of the box, I downloaded it and I want to live provision a live circuit that was productive DE‑CIX environment just in front of you.
.
So, as I highlighted before, what I'm doing is completely IXP independent, you can do it towards any IX‑API implementation, and I am I am using AWS because I am familiar with it but you can use it with any other Cloud provider supported.
.
A bit of the framework or the setup what I'm doing for people that maybe are not that familiar with virtual circuits and so on. Okay, so so I am the customer, okay, and I have my customer router, which has a physical connection to one IXP Layer2 network, in this case the DE‑CIX one. And they are sharing an NNI, as it's called in the standard with the Cloud service provider. Some of them are dedicated and shared, in this case it's shared. And what I'm going to establish with IX‑API is one virtual circuit from the left to right connecting directly my router to the Cloud provider because I don't know, because maybe I know that my computing power is at some region and I want to have a dedicated circuit.
.
So, this is what I'm going to do. Since this is rest, then those are the steps I'm going to follow. Okay. First, I am going to correct to the provider. I am going to ask what are the possibilities that you can offer me as a provider to connect to the AWS Cloud. This is what we get a get on the product offerings, and look at the offerings, I choose the one I like. Then I issue a post to create a resource that didn't exist before and this is step 2, with step 2 I have already created a virtual server and then afterwards it's possible to create configurations on the virtual circuit. So you can create a VLAN, Q‑in‑Q, different providers offer for different possibilities just for the sake of completeness I will create a Dot1q VLAN.
.
So at this point in time I am going to switch my screen to be shared, and I hope you can see that one and it's readable.
.
Okay. I hear confirmation. That's excellent. So, you know, what, this is empty, so I am going to download the client, and the client is ‑‑ this is the client, and let's clone it and let's get it here and then you go and now we have it. I go in there, I say it's very well documented, it has a beautiful with me and I am going to tell what they are telling me, maybe to create a virtual environment first. Afterwards, should activate your virtual environment. And finally you install the requirement and this looks nice. This looks as it works.
.
Yeah, then actually I can start the interactive client now, and this is what I'm doing. And I'm using ‑‑ as you see, I am connecting to the productive API of DE‑CIX, this is the Euro, API 2, and I am using my test account because it's a productive test account using an API secret that is told you once you have a contract with the provider.
.
So, there we go. I am also in interactive mode. So I can take a look now at my connections. My connections list ‑‑ sorry ‑‑ I hit too soon the connections, the lists, and I have to parse the session, so those are the physical accesses that I have as a customer of the provider and this one, remember that one, the one we had identifier, just the one I have in Frankfurt, a real one, and I'm going to use that one to connect to the Cloud.
.
But ‑‑ this was just taking a look, if there is ‑‑ if the connection is correct. What I'm going to do now is take a look at the prototype catalogue.
.
As I said before, we maybe have some requirements. Like, I know I want to have a handover to the Cloud, and I want to have a bandwidth of 50ms per second, what can you offer me, provider? Finally, I know you have my computing power, those are the denominations of the Cloud provider for the different regions.
.
So I take a look at that and this is the product catalogue. This is what I'm getting. I have different possibilities. I have a POP ‑‑ following my requirements, and I have a POP in Madrid, I have another in Frankfurt, APNIC's and other Interaction. And, you know what, I'm going use the one in direction and this is the identifier, both the ‑‑ of that product offering. And I am going to create the virtual circuit now. So what I am doing is getting that one and placing the command here.
.
So those are details of my account since I know it's a productive account and I know which is the billing ID, and so on and so forth, but the important things here, this is the product offering that I chose, and the Cloud key. And the Cloud key is my account ID at the Cloud provider, in this case it's AWS, and I know the Cloud key by heart. So, let's issue that command. And it says 201 resource has been created. I have an ID, this is 1317, and yeah, it looks like it works. Do you know what? Let's actually ask for the status of that.
.
So, let's see what it says. And it says it's okay, please accept the Cloud connection with your Cloud provider. And obviously this is not ‑‑ this is not something that DE‑CIX can do for you, okay. So this is like you have ordered something at DE‑CIX and now you have an account at your Cloud provider and then you go there and you confirm that it was you. So this is what I'm going to do.
.
I go to the management console. This is my customer account, and I come here and I take a look and my direct connect and my connections and let's see? There you go. This one has just been created an interaction for a v6. This is the one. And I am going to say this one, let's take a look at it, accept t, because it was really mean the one for ‑‑ do you really want to confirm? I confirm. And that's it. Okay. So, it's in pending status, okay, that's t that's everything I had to do to confirm this, and then you have the last thing just for the sake of completeness is, I'm going to configure the VLAN, okay. I'm going to configure it and this is the command ‑‑ just a sec ‑‑ here you go.
.
So, you see this is connection system 34, that's the identifier of the physical access I have in Frankfurt, okay, so that's my part of the connection. And there we go. This is the identifier, 1317, this is schema here, and this is 1320, and finally a few details of the VLAN config, I am doing Dot1q, and since we're in RIPE 82 I am using VLAN ID 82 and then I hit 'enter'. And you know what? That has been created. Everything is up and running, and now if I provision my router correctly, I have a VLAN directly to the Cloud.
.
So, that was what I wanted to show you. And as I said, I did something which is completely agnostic about the Cloud provider and also being able to deal with different work flows. Some Cloud providers require you go first to the portal that create something there, like Asia, for instance, then you get a key, then you go to the API, all these work flows are encapsulated away for you and modelled as well.
.
Okay. I thank the demo gods that this worked, and yeah... what is coming?
.
So we are in the middle, and what we are looking for in the next six months is to deal with a bit of a lower layer, okay. Those connection management aspects like ordering ports, working with the ports, aggregating them into a LAG. This is something that is coming in the Version 2.X, and also sitting on Cross‑Connects, based on those different work flows, I already mention, and maybe afterwards, Version 3‑ish, it's having insights, insights on, you know, the traffic, on the statistics, monitoring what is going on at the IX point with your traffic. And obviously whenever we do anything like this, it's more open source for that.
.
So, I think this is a great job. I just joined DE‑CIX a couple of months ago. This is not my work, this is the work of the people that was preceding me and I am so proud to be able to present this to you. Thank you very much. And that's it. Do you have any questions?

MARTIN WINTER: Okay. Thank you very much. So do we have any questions? While we wait for the question, I can introduce the next speaker, the next topic. We had a talk before some RIPE back, figures out the project for all the ones, like myself and Ondrej here, that is only like FRRouting and Perl, OpenBGP, is there actually a cool open source project and FRRouting is less well known but still a very interesting and I think an amazing job. So I don't see any questions for you mark os, so I think thank you very much. I assume you will hang out in the SpacialChat afterwards. So if people have questions, find him there and ask all the questions you want.

MARCO SANZ GROSSÓN: My pleasure, thank you very much.

MARTIN WINTER: So we get to the next part. We have Frederic, who is talking about it for the presentation, and he will give us an update what all has changed since the last RIPE meeting. And potentially there is a bit of an introduction, about the free router so you know about some other cool open source router projects. Okay, with that, Frederic, it's up to you.

FREDERIC LOUI: Hello, everyone. I am working for freertr, and we have a set of slides with Csaba Mattia from the Hungarian NRN and we are both working on the project which is a European project and we are very excited to present you today free router, that's since RIPE 71. If I recall correctly, RIPE 71 was in Bucharest in 2015, so basically you can imagine that, in six years, we had a lot of things to share with you and basically, the main thing that I would say ‑‑ that is that has very huge mark in our case is that the RARE project had been initiated in 2009 and the relation between freertr, because that has been selected as the control plane of the RARE project. If you allow me an analogy, the RARE/freertr project can be compared to I would say ‑‑ in the project and Linux is the kernel chosen.
.
In that case a RARE/free router has a very ‑‑ a tremendous ‑‑ provides a tremendous opportunity to look ahead and see how we can do networking better than it is today. And the good news is that in our case, what we are feeling is that we should really focus on provide a familiar platform, a routing platform, that would be able to instant show multiple solution and each solution would be a virtual address, research and education use case. We can saying research and education simply because research with a project started early in 2019 and under the umbrella of the European Commission within the JN4 programme, which is a European education and resource project.
.
What we are talking about is to consider the free component of a routing stat which is the control plane. We have the possibility to consider multiple dataplanes in this case and what is important is to write an interface that would help both of the above components, control plane and data plane to communicate and the idea is that we'd have multiple solutions that have multiple dataplanes able to address multiple solutions simply by providing simple data plane able to run a different language. And the net result is that you can have, I would say, DIY hackable, extensible router, if there was a bit of a slang, I would say the word 'hackable', but this gives you the idea of how cannot rate an RFP ‑ Request for Improvement ‑ and avoid this RFP being implemented but what you can do is you can simply get the ‑‑ it's a French translation, direct French translation, then you can put your router itself.
.
Just to give you an example. In the freertr channel, when a user simply connected and suggested to have a specific here comment and it was a brilliant, really a brilliant suggestion, and two days later we have it in freertr, which is great.
.
Now, at least we are talking about control plane independence especially in the RARE project and obviously freertr has been selected for values. The first is that a freertr, we have the developers... which gives the whole process ‑‑ development process very fast.
.
The second thing is that we wanted to create a ‑‑ what we wanted to have is to really provide a routing platform, not a router that would be able to run on the data centre or exchange point specifically. In our case, we really would like to have ‑‑ to provide a routing platform as we know in the NRN landscape. So this is very important.
.
What I mentioned about control plane independence is that we have a data plane, we values of the data plane and the good news is that as soon as you are able to API message, you can even use your own data plane in order to benefit from ‑‑ your own control plane in order to benefit from the data plane you have implemented. So I'm saying something stupid, for example. Let's imagine that you are the lead developer of FRRouting and you want to hook your control plane to the data plane. With a little bit of adaption by writing this interface, you can get this data plane on your own.
.
You will see that later.
.
If ‑‑ the presentation is not very high level. If you want to take ‑‑ we can take a deep ‑‑ all the technical questions, the deep technical questions in the mailing list. I would invite you to do that.
.
So, moving forward. In our case, we have free target. In the data plane that means that each target is a data plane. So, we have used the p4 language to use our virtual data plane, which is using the BNV2 virtual software.
.
We have various algorithm within ‑‑ but we got confident that we have, I would say, a rubbish by plane, we ported everything into the barefoot... What does it mean? It means that from that point we are able to manipulate a packet at 100 gig ‑‑ with 100 gig port. So we have 6.4 terabits per second of switching traffic per second at the data plane level with freertr, which is tremendous because we were really locked by the ‑‑ the Linux user and we have also considered FPGA but we did not manage to get a hand on the specific card with a specific p4 compiler in order to compile our code. But we are pretty confident that it will work flawlessly.
.
In our quest to provide a solution for every use case, of course some schools or small institutions wouldn't have the possibility to buy the p4 switch because for the simple reason it's too big for these type of sites. So what we imagine with Jabber during our reflection, we started by implementing an optimised software data plane based on DPDK, so if you are using TCP it is the data plane that is forwarding the packet you are using this library, and then we started looking at DPDK. It has a very interesting story. But in the end, we managed to created an emulation of our p4 software that basically provides DPDK functionality. So, as soon as you have, I would say, a couple of 10G connection or a couple of 100‑gig with DPDK you can provide a reasonable provider as router able to act as a VPNG or ‑‑ and provide you a very interesting way to do things.
.
In the study ‑‑ sorry, in the process of discussing Broadcom in order to able this with NPL, so basically you will have access to every switches that are tried for MPU, simply because NPL is only available for the new switches.
.
How do we check that everything is working as expected? Because remember, every router is able to provide a complete routing stack like OSPF, ASS, segment routing etc. How do we manage to make sure that everything is working as expected? So in our case, what we have deployed is a p4 switch that is scattered around Europe and we have reached the US recently, we are planning to reach Asia and Australia soon. The idea would be to have a very representative idea of what can be done geographically and this is how we are working with our stack, so everything is working well.
.
One thing that is really interesting is that actually simple for any scientist, so what can be done is that we can do any arbitrary topology, as you might already know from RIPE 71, every router is using a free based sly way of slicing the network. What does it mean? It means that the ‑‑ in the same box we can have 1,000 BGP process, that is activated on all of this box, and we can have 1,000 topology, that is simply as simple as that.
.
Moving forward, we have a lot of new things. I will be honest with you. Every line can be a two‑hour session discussion. It's very interesting, so, what you have to know that we have specifically added new configuration upshot here. Here we have RPL. This is the very friendly and good way to ‑‑ how can we say that? ‑‑ to manipulate route. Policy‑based routing, auto wrote is simply the possibility at the node level to take into account to inject in the routing the internal in the routing table.
.
So, moving forward. Here in this slide, we have new CLI options. It's quite interesting because it has ‑‑ it brings a lot of added value. If you remember correctly, in the ‑‑ in Junos, you have the possibility to extract configuration, show via the set, etc., and actually what you have to know is that, in freertr, everything is an object that can be colourised, tabbed and we have a different display. So we have show/watch. Watch gives you an updated visualisation of the CLI, of the counter, that is a bit in the realtime. Display gives you a buffer. So, like in VI, you can navigate inside. Diff will give you to see how it compares between the two.
.
So this is a very tremendous option and a way to configure freertr and, if you want to know more, we have a blog where we have written an article on it, so feel free to read it. It's very interesting.
.
We have a new address family in BGP, and not fairly new, but you have now BGP FlowSpec, which is the most important one, alongside with Multicast and Anycast. The most important thing here is that you have a lot of additional sub‑address family. So everything related to RVPN, or VPN UNI stands for ‑‑ it's a very different name ‑‑ everything related to 6 VP. So 6 VP, 6 VP formal T cast, 6 VP with OpenFlow, and so on. So I invite you to read the test. I will be honest with you, I did not actually do everything at home because I am using this routing stack at home.
.
And these are imaginary router processes. So, the idea between imaginary router processes is that we have specific watching table that are ‑‑ that are rarely used, usually fine in Juniper, you are using RIB group in the...... you have RPF ‑‑ you have the RPF every time. In that case, somebody decided to create a routing table convenient that comes often, and where you can ‑‑ where you can manipulate easily the route, control the distribution easily in a very easy fashion without doing any mystical like ‑‑ redistributing the RIB group and so on, without knowing what you are doing.

So what is very important is that in the process within the project, the software router. So we put in place a self‑test framework. What does it mean? Is means that in 2015, in RIPE 71, we had maybe 2,000 tests. Now, we have 2,300, but the good news is that now we can run the test every hour and we have 2,300 tests in total. So, everything is triggered by a change in the code. So the net result is that when you are downloading the code and you are installing it in your router, you have a non‑regular test already validating everything, and this is available for every data plane we have provided. We have 300 data planes tested for p4.
.
We have also done a lot of code refactoring and optimisation, and the test shows that we managed to reach a 13 seconds time duration in order to really develop the routing table. So this is very interesting to see that, in six years, you could see a lot of innovation. For those who are fond of Multicast, we have also BIER, NSH for those who would like to do some training and using the NSH header. For those who are IPv6 fun, we have SRv6. And tunneling related OpenVPN and so on. And we have more tunnelling modes like GRE or MACsec or other types. And I invite you to read the testing things where you will find all the examples on the website.
.
One thing that is really interesting is also the fact that everything is deployed with security in mind. In that case, when we are talking a data plane, we have a specific data plane, we have a mechanism like control plane policy or RACL. I suggest you have a very good look at it offline. It's something that you are familiar with, well known. It will ring a lot of bells in your brain, and also the possibility to associate a script with with a protocol.

In the management ‑‑ in the network management field, what is interesting is that now everything related to automation can be possible using netconf and REST API, and I mentioned before that everything was in the tabular can be an object, so that's the reason why we can have different output, tabular form and so on. This gives us the responsibility to define what we call censor and the sensor object we define ‑‑ we characterise an object that can be exposed to an interface. In that case we can have streaming compatible with Cisco ways of doing it, we have a permits use agent that is able to ‑‑ to answer permits use server queries and an NPRE agent if you have a BNP server, in your entire domain, whatever you have 1,000, 2,000, 1 million, BGP routers, and NRP will be able to tell you what's happening and alarm you ‑‑ provide you an alarm whenever you have an issue with your peer.
.
So, I would invite you to look at the log or the test ‑‑ I will give you here a very bad example that I am using at home is that it's not written in the test suite, but in my case, I have activated a UPnP server. What is that? Is that when you have a device or that is using DLNA Alliance behaviour, everything is assumed to be in the VLAN. And when you have a layer for at home, you can't see your TV, you can't see everything. So at freertr, at the router you have the possibility to implement this UPnP server that will simply listen to every UPnP broadcast and relate to every listening UPnP client, which is great because now I can just simply listen to my music with a layer free network. I know this sound crazy, but I just want to give you an example of some feature that is not listed in the test tube.
.
So I won't go into detail here. You have a lot of things available at the data plane level. It means that you can work at COPP and multiple one 100 gig if you have a p4 data plane.
.
I will spend a bit of time in this slide because this is one of the most interesting, I guess, for you. You have that is composing the routing stack here. The first thing here is the data plane. And you have freertr. How communication is achieved between the two? We have a data link layer where all the events are transferred back and forth from the data plane. If I receive a ping, it will go via here, and then we will be able to receive it. So the reply will go back from freertr to the control plane all the way to the egress port. So this is as simple as that, so one link for the inbound path. Here, we have a JRPC link. In the context of the project, with a p4 uplink. Where actually it is possible to ‑‑ this link is actually used to programme the entry at the data plane level. So what does it mean? It means, for example, I want to programme if you receive a packet come from which and which IP address, IP sub‑net, you go to the specific port you go via that way and that's it, this is the link that is used to programme entry on the table. So of course in the data plane, the data plane we will have IPv4 table, IPv6 table and BLS available, VLAN available and so on and so forth. I urge you to read it.

Key takeaway:
.
We are ready for production. And we are striving to go into production state. So what does it mean? It doesn't mean that we would replace everything tomorrow. It simply means that we are ready ‑‑ we would like to reach production status and we are ready to have a real production instance able to run 24 hours by 7. For my case, I am using freertr at home with a BGP and... did establish over the last two years and it works flawlessly. I am monitoring everything that one hope from his routing, which is very cool.
.
So, we have ‑‑ we have a third party parent that we are using in order to establish our performance test, which is great because we can validate that, we are inter‑operable, which we are doing already before we had 2m300 tests in the previous slide.
.
There is a specific thing related to p4 data plane. Simply because which p4, imagine that you are able to do ‑‑ to switch packet at 6.4 terabits per second and I think it's already there, you can switch packets at 12.8 terabits per second. So what does it mean? It means that like you are driving a Formula 1. When you are driving a Formula 1, you don't have much space. You don't have a train with a lot of space you have to calibrate and specifically make sure that all the packet you are receiving can be processed at speed. And this is the aim of the profile in p4.

In DPDK we don't have this issue, we are running in software with a lot of RAM and in this case we don't have this profile issue. And as an example in the university of measures a we have a freertr instance running for the last three years and in KIFU I think it's since 2010 we are running a huge BGP route reflector, and I really invite you if you are interested just to contact and join us and try to see how it can fit your uses.
.
Some useful link.
.
We have more information on the data plane. Here is the links. If you want to know a lot more. Just look at the blog, you can find interesting use case where I describe, for example, the router. I have deployed at home. It's a router that has a 100‑gig uplink with six 100‑gig port at home, which is great. And I have a high pressure with my family, with my kids playing their games. So they are a really demanding customers.

I have to comply with the policy. We...... question, discussion, go to this mailing list. And if you want to use us, just this is the discussion. If you want to develop with us, go to this link. We have a Twitter account for those who want to follow us. This is where we put new blog articles, new events, new achievements. And, last but not least, the code. Feel free to check out the code. Of course, the excellent freertr data control plane. You will be able to check out the p4 code. Again, I would like to thank those who published it as an open source project.
.
If you are interested in learning you can use p4 PNV2 target, which is great for leaning purpose because you have the whole possibility of simulating a whole network on one lap with freertr of course. And if you are interested to deploy for example small box, which is the case for example in France you have huge connecting all the schools, especially with this Code of Conduct context through the education and resource network, you have the possibility to buy very cheap ‑‑ not very cheap, it's 100 bucks, capable to switch 600 gig ‑‑ sorry, 6 gig ethernet traffic, and with DPDK. So this is really an opportunity for us.
.
And I would like to thank the European Commission and GEANT for believing us in our idea, letting us express ourselves. Again, this could not have happened with all without all the great technologies like p4, we had a very warm welcome from the p4 group, a lot of help from the DPDK documentation, and also from Intel who helped us to work with Tofino. A huge thanks to APS network for giving us access to some hardware. Last but not least all the very great open source project like Linux, Open JDK where without these companies, nothing would have happened so I would really like to thank you. This is the point of open source.
.
Thanks.

ONDREJ FILIP: Thank you very much. Impressive work. Thank you. We have some questions in the queue so I'll read it for you.
.
Alexander Zubkov from Qrator Lapse asks: "Do you have your own implementation of things like OpenVPN and WireGuard?".

FREDERIC LOUI: Yes. We had an implementation of open DPN and WireGuard and if you look at the blog link that is on the slide, I invite you to read it. The last article I wrote was how to create between 2004 and freertr. So, the code is there. Feel free to check out and give us feedback.

ONDREJ FILIP: Thank you. And one more question, Wolfgang Tremmel is asking: "Can you please make the freetr.net website more eye‑friendly?

FREDERIC LOUI: Sorry, I could not ‑‑ maybe I should look at the question.

ONDREJ FILIP: I think Morgan doesn't like the design of your weapon page. It should be more eye‑friendly.

FREDERIC LOUI: Okay. First things first, I'm not the freertr lead developer and we are not ‑‑ and there are not that many people in order to provide such a very Swiss army knife network. And what we are planning to do in our case is to provide more documentation around the freertr, but for now I presume that the core initial original freertr would be really strictly at its minimum, and I will be honest with you, even if it is a bit reluctant at first, when you get used to it, you'll see that it has everything needed in order to kick start your work. The only thing is that of course you don't have this shiny documentation around it. This is what we are working on here now. And I hope to have the help from people from the community who would like to use it and assist simply because in the freertr project we are only four people working and we are not full‑time on it.
.
The idea would be that if you are have had, we are ready interested to cohort with any control plane project, additional proposal plane project, our word is not to replace everything and claim that we are the only solution, the valid solution. The history of the past lessons lender showed us that having the choice is good. If you remember in 2010, there was an event, a breakage in the Internet with BGP attribute that with a well‑known vendor, and the next year it was the turn of the other vendor where another BGP attribute induce a breakage. And this is ‑‑ I think that is why my point of view is that we are here to complement to each other and to learn. If one project is learning one lesson, we can learn from the other, and this is the idea of the approach of our work, and again, freertr is kind of a data plane and control plane independent. It means that you want p4 data plane, just feel free to each reach us and we'll try to make it work with your control plane and vice versa.

ONDREJ FILIP: Thank you. That was a very wide answer to the question.
.
Daniel Karrenberg from RIPE NCC would like to ask: "How can I install freertr on UBN key router hardware in my house? If not, which hardware would be suitable for a home with two 500 megs external connections?"

FREDERIC LOUI: I have a series that I started in my blog called a Small Office, Home Office and in freertr 101. Feel free to look at this and you will see the whole solution. I have implemented a router that I'm using right now, and this router has FTTH 100 gig link. I think it will fit your need totally and I am able to run multiple ‑‑ with my office and OpenVPN BGP in a specific over all the network or the N42. It's great. It's working great. I forgot to say one thing: It's IPv4 and IPv6 compliant. So, that's very important. And it's working better with IPv6, so everything at my home like a wi‑fi is v6 compliant.

ONDREJ FILIP: We wouldn't expect anything else, to be honest. But is the ‑‑ the first part was, is the UBM Ubiquiti network router supported ‑‑

FREDERIC LOUI: Sorry, I don't know what that stands for.

MARTIN WINTER: The Ubiquiti router.

FREDERIC LOUI: If you are okay, we can take this offline and we can ‑‑ I can learn about your stuff. But actually if it's Linuxed‑based, we are good to go. For the URL ‑‑ the URL is a blog.freertr.net. All the links are in the slide.

ONDREJ FILIP: Thank you.

MARTIN WINTER: We are a bit over time. But I still want ‑‑ I was looking at the website and I couldn't find any description of the licence of freertr. I didn't find anything in the source code and I didn't see anything in the website. Can you clarify?

FREDERIC LOUI: Sorry. So freertr is using, I would say, an MAT like licence, it's freertr licence, okay. So maybe Csaba can elaborate more on that. In our, case everything related to what we did in 2019 is released on the Apache licence.

MARTIN WINTER: Any chance that that could be clarified on the web page and put in the source code files but I didn't find anything there?

FREDERIC LOUI: You mean at the control plane level or at the data plane level?

MARTIN WINTER: At the control plane level, basically. If I go to the freertr, basically, web page and I look at the source code, I do not find any licence description anywhere, and that I think will make a lot of people scared to use the code.

FREDERIC LOUI: Okay. So it's ‑‑ I'm talking in the ‑‑ about the control, but I think that it's a licence so feel free to ‑‑ but I will relay this suggestion to him, so that he can add this licence point.

MARTIN WINTER: In general, a lot of people may want to see that on the web page and those that are in the code there, that would be a licence file which makes it very clear.

FREDERIC LOUI: I think that in the code that it is there. I think. The control plane ‑‑

MARTIN WINTER: Okay.

FREDERIC LOUI: I am pretty sure at least in the package I am creating for DBN and Linux, we have done this licence. You have this licence file that is merged.

MARTIN WINTER: Okay. Thanks. I think that's it. I don't see any further questions.

ONDREJ FILIP: No. Me neither.

MARTIN WINTER: Okay. So I think that's it for the Working Group. So we have maybe ten minutes over. You get a shorter break. For you, Frederic, thanks a lot for your presentation, it's also great to hear about special projects, that's where my heart S so I am always happy to hear about stuff like less well known. And anyone else there, if you have some other less well known open source projects you are using, please contact us, that talks that we would really like to see at the RIPE conference, or if you are just using a very good open source project, something you really like which we never talked about it, that also we'd be very ‑‑ appreciate that if you'd mention it maybe we'll get somebody to talk about it.
.
And with that, I think that's it for the end of it.

ONDREJ FILIP: Thank you very much. If you have any suggestions, don't forgot to contact us and also, please, you can talk to the presenters in the SpacialChat, and thank you very much and enjoy the rest of RIPE 82.

MARTIN WINTER: And don't forget to rate the slide and the presentations.
.
(Coffee break)