Closing plenary

7 November, 2014, at 11 a.m.:

FILIZ YILMAZ: OK, thanks everyone being here in this Friday morning, nice and sharp. You saw the first session and hopefully you will end the RIPE meeting standing.

Before we just start, I want to announce the election results for the PC, we had four candidates, thank you very much for all of the candidates, and that was Leslie Carr, Jaomo Damas, Razvan van Moodi and Marcus and among these four, Leslie and Marcus, they are going to work with the PC in the next two years. So congratulations.

Your work will start immediately, so we will find you just straight after the session.

And now, lets continue quickly, Chris will talk about, give a short report.

CHRIS BUCKRIDGE: Thank you. So there is this is criminally underused name that you have probably never seen before but I nought this case it made a little bit of sense. I am here to talk a bit about a meeting that has been taking place over the last three years and it's the ITU, International Telecommunications Union, Plenipotentiary, and so basically this event is the top decision‑making organ of the ITU. It takes place every four years, it runs for three years, and this most recent one finished about four hours ago in Bruce an, south Korea. So, the ‑‑ there is a long sort of period building up to each of these Plenipotentiary conferences, and we have been involved in that and there has been a lot of discussion in Internet governance circles and in some of the technical community about what some of the decisions might be made by this conference in relation to the ITU and where it sees its role in Internet governance and managing networks generally.

The Plenipotentiaries are a little bit different to some of the other ITU events in that while sector members, of which the RIPE NCC is one, can attend, it's actually only Member States who can participate directly, who can speak on the mic generally. Because this is basically a meeting for those Member States who make up the union, to decide the direction they want the union going. So as I say, we have been there as a sector member. I was there for the first week‑and‑a‑half, and then two of my colleagues, Jessi from our Dubai office and Maxine from our Moscow office, have been attending the rest of the meeting. But we have also had a number of RIPE community people taking part as part of national delegations. So some examples, newer Annie has been there as part of the Swedish delegation, Malcolm Hutty has been there as part of the UK delegation and there are a number of others, and so that meant in working together and coordinating we actually had a bit more of a technical community voice actually as part of the member starts who can directly participate in this meeting.

So the Plenipotentiary basically operates along the lines of having Member States agree over the course of these three weeks to a number of resolutions and there is more than 180 of those resolutions, and other related decisions. And some of those resolutions relate quite specifically to issues pertaining to the Internet and there is a couple of examples here. 101, well, I have got the numbers there on one side and the name of the resolution, so you can see 1 relates to Internet protocol based networks; one is talking about the ITU with regard to international public policy to do with Internet; one is about facilitating IPv4 to v6 transition and there was a new resolution proposed by India which talked about ITU's role in realising secure information society. Which is a pretty vague sort of title, but actually, had some very specific notes about issues that are of interest to this community.

So, we had some very specific concerns going into this event about some of the proposed edits to those four resolutions and some other related resolutions. Some of these are concerns that we have seen discussed, mentioned, at previous ITU meetings, in other circles. They are things that come up and have either receded a little bit or have never really been resolved, so this is a few of them. There is discussion of reorganisating IP address allocation and policies based more around national control. That was part of the Indian proposal and I think one of the Member State delegates, we spoke to was actually already characterising that resolution as an attempt to hit the re‑set button the Internet. There was specific proposals about establishing the ITU as an IP address registry, so as, well, perhaps as a sixth regional registry or more of a global registry. That came from the RCC, which is the group of countries including Russia and a lot of CIS. Developing public policies that dictate IP traffic routing, that was also part of the Indian proposal. A stronger role for the ITU in and governments in establishing guidelines for IXPs. And a stronger role generally for the ITU and the united nations in the Internet governance.

And so basically, now, at the end of this meeting, all of those concerns have been allayed.
So, yes, what is does all mean?

The answer to those three is, yes, yes, and.... There is a lot going on here and this is not something we can straightforwardly say the Internet community, Internet technical community or the RIPE NCC won the argument here, but it is ‑‑ it is a result in having seen all of those resolution ‑‑ those proposed edits to the resolutions taken out in the final document. It is a successful outcome and an outcome that we are very pleased with and so we are looking basically at what lessons we can take away from that and I think the main one is the engagement strategy that we have been pushing, does work, and that is not just ‑‑ well that covers a number of different areas. The first one is developing the relationships with governments in this service region. So that includes the work we do with the CP T, which is the European group of governments, we have been attending their preparatory meetings, building relationships there and talking to them. Also, the RCC group and the Arab group, who we are both starting to be a bit more involved with. And so at the meeting itself, what that engagement resulted in and looked like was, countries from those regions who perhaps wanted to get on the microphone and argue against some of these proposals coming to us and saying we need arguments and we need to have technical background to make the case that we are going to make here for the ITU having a limited role in Internet governance for a multi‑stakeholder model being the model used for Internet governance and we were back to provide some background documents on the role of a IP address registry, pointing out that the bottleneck in IPv6 adoption is not being able to obtain IP addresses from a registry, it's more to do with issues of ‑‑ that require capacity building, that require greater collaboration amongst all stakeholders in all parts of the community.

It's also us working with you, working with your governments, so this is, as I say, having members of the RIPE community as part of these Member State delegations and us being able to talk with those community members and actually Hans Petter Holen was part of the Norweigan delegation and that was a valuable link to have there and that is something we hope to build on again in future big events like this.

And then there is coordination with the other RIRs, other I‑STAR organisations and the technical community more generally and I think this meeting was a good example of all of those technical organisations working together, coordinating, saying OK, this is something directly relating to your area of expertise or your area of authority, you handle that, you lead the discussion and the engagement there. And so, ISOC and a number of others worked those discussions and concerns about IXPs, we focused more on the things about registries and IP addresses.

But the discussion I think is not over. This is, as I say, and outcome we are very pleased with but there are still concerns there. We can't pretend that the governments who put these proposals forward have been convinced that they should just leave this. And I think this is something that is going to continue to require engagement, continue to require us to be involved in forums at the ITU but also elsewhere. Examples like the IGF, OECD, some of the ones that RIPE NCC is very involved in. The final point, as I say, it's not all about us. We can try or pretend to claim credit for all the decisions that came out of this meeting but there is a lot of other stuff going on there, and that's important to understand. There is politics, a number of very hairy political discussions in this about Ukraine and Russia, about Palestine. It's about money. There is a lot of concern in the ITU itself about the diminishing contributions to keep running and there are the occasional technical discussions but all feed into each other and we are working to try and understand all those processes, all of those relationships and communicate that back to you, in the community.

So finally, I am happy to answer any questions briefly about this. I have stolen this photo from Neurani, who posted it towards the end of the conference. And is a very ‑‑ a much more pithy summary of the event that I am up here to give. But yeah, we will send a report of slightly more detailed report to this the Cooperation Working Group and post it on and we are happy to talk to any of us about questions or concerns you might have. So, thank you.

No questions?

JIM REID: I don't have a question. Just speak as an average member of the public. I think to say that just to say thanks to you and all the other guys that are involved from the Internet side in participating in all this stuff around the ITU, you are doing a great job. Keep up the good work, we are very grateful for it.

CHRIS BUCKRIDGE: Thank you very much.

CHAIR: Thank you, Chris. And next up we have three lightning talks which should give you something interesting to think about on the way home. First is Jason Schiller from Google, going to talk about quick UDP Internet connections. So if you are going to see some increase in GDP, Jason is going to tell you why.

JASON SCHILLER: Good morning. I am from Google, I am going to talk about quick. The problem here is really what we want to do is load pages quickly, like under 100 milliseconds or at least about 100 to 300 and the problem is in the modern Internet a typical website is quite large, has 80 or more resources and multiple serves. So, how can you load web pages quickly. Well, the first strategy is to try TCP pipelining and that is a asking for all the elements in the page and getting back all those in a single TCP session. The problem is the questions, the responses come in series, and if one element is slow in loading all the other elements are also delayed. So, the second approach is well, why not try lots of it. CP sessions, and certainly modern web browsers do this, use half a dozen or so individual parallel TCP sessions, but it turns out opening a lot of it. CP sessions is not all that helpful. And that is apparently due to all of the overhead with TCP with SYN, SYN‑ACK, ACK, the TLS, hellos and key exchange and you have to wait for all these individual TCP windows to ramp up and double. So it turns out if you increase just to 10 TCP the overall performance is five percent worse. So clearly lots of parallel sessions is not helpful.

So what else can we try? Well, what if we multiplex sessions over a single TCP session. This allows us to share the TCP overhead, and allows the speed up from the windowing, but the problem is if you do have some packet loss in the Cloud, such as this red packet at the head, when all the other packets get delivered to the host they are going to be queued until that red packet can be retransmitted and all of those can be reassembled to the application in order. So you have got this blocking when you have some packet loss.

Well, what if we could multiplex these sessions over UDP where you don't have all of this connection orientated stuff, and deal with all the TCP connection orientated parts up at the application. So in this case, what a can happen is, when you drop a packet from the stream, the other streams that get delivered completely can be provided to the application, so that way there is no blocking on the one element that is lost from the one stream that is lost, and that can be retransmitted by the application.

So, what we have done is we have implemented QUIC, it's a quick UDP Internet connection, and we are basically multiplexing the transport over UDP, we are doing this to reduce latency and it's an OpenSource development in the chromium project. It has all of the same compatibilities that Speed ED did, it has compression, encryption comparable to TLS, a nuns, it can do packet pacing, it has a depth of con investigation control. And if you have been reading our e‑mail for this entire presentation this is the one slide that you have to pay attention to. The chrome Def channel already supports QUIC and it's going to be moved into the standard chrome release in the future. Many of the Google properties already support QUIC so what you might see in the remainder of this year is a ramp‑up of UDP traffic, and by the end of first quarter, nearly all of Google properties will be QUIC enabled. So what this means, your chrome users when they upgrade to a newer version of Chrome will start using QUIC UDP by default, there is an increase in traffic, think about what that is going to do to your firewalls, NAT boxes, think about what the implications are for path MTU discovery because there is no fall back mechanism that PCP SYN MFS values have. What about QUS, do you do it differently than PCP? If you do, maybe now is a good time to reconsider that. You may also see an increase in IPv6 traffic as well, along with this.

So, before I take questions, I have a question for the audience, and that is: Do you have concerns about an increase in UDP traffic?

JOB SNIJDERS: Yes. We have some customers that request UDP port 80 is blocked on their links, and I appreciate QUIC from a technological point of view but port 80 UDP is the single most requested port to be fire walled on customer connections and this could be an issue in the deployment of QUIC because port 80 UDP is for some reason a favoured DDoS attracter.

JASON SCHILLER: What about 443?

JOB SNIJDERS: Less so. It's better, yes.

JASON SCHILLER: Let me talk about how the negotiation in the fall back works. In the event had a UDP is blocked, what will happen is the first time a session is made to a web server, it will launch a TCP connection, the web serve, if it is QUIC enabled, will respond back saying yes, I am QUIC enabled try QUIC in the future. The next time it makes a request from that server, it caches that information and it will do a race where it will send a TCP and a UDP QUIC enabled connection. The UDP is typically quicker and QUIC will win, in the case that UDP is blocked, obviously the UDP traffic will be dropped but you are still going to an initial UDP request along with the TCP so there still will be an increase in UDP traffic and things hitting your firewall filters. If the QUIC response does not go through it will mark the server as QUIC enabled but unreachable and there is a back‑off for that, so it won't try again for some period of time.

BENEDIKT STOCKEBRAND: I think you are trying to solve a problem at the wrong layer, actually, because this is a Layer 4 problem not Layer 7 problem. It's a problem in TCP ‑‑ and using it at the application layer basically means you are doing this for one application where there should really be done on a more general case because there are other services that have the same problem.

JASON SCHILLER: I absolutely agree. We should solve this in TCP, we should solve this in TLS, I think that there is ongoing work in these areas to make them more efficient. The problem is that that work is slow, with QUIC we can launch and iterate very quickly, we can bring those capabilities to the user at least for web pages and eventually when we get the support and TCP and TLS I would imagine we would move to that if it's as good. Absolutely we are solving it the wrong place and the reason is because of the timing.

BENEDIKT STOCKEBRAND: On the other hand, the long time you incur quite a price because you will create some sort of legacy thing that will need some support of in the long run and that is basically unnecessary.

CHAIR: Two more questions, please keep it brief.

AUDIENCE SPEAKER: This is Anand Buddhdev RIPE NCC. Daniel J Bernstein also released something called Curve CP some time ago which is trying to do something similar in simulated TCP using encrypted UDP. Are you aware of this work and is there any overlap, any shared ideas between these two projects?

JASON SCHILLER: I am aware of the work but I have not actually done the QUIC development, so I don't know whether or not they use that as a foundation or if they reinvented the wheel. I am sorry, I just don't know.


AARON HUGHES: Limelight Networks. You give things like a browser in a laptop that you use somewhere then you close and you go and go somewhere else and connect to a different network or Chrome in a mobile device. Is there anything signalling between the stack and Chrome so that it's aware that it's actually moved from one network to another so that they actually restarts the discovery again?

JASON SCHILLER: No, this is all done at the application level. So it will discover when it does the TCP handshake if it's QUIC enabled and it will cache that information. If it finds that that is broken, it will back off for a period of time and then it will retry again.

AUDIENCE SPEAKER: You have to go through the rediscovery cycle again, there is no awareness that your address has changed.

JASON SCHILLER: No you have to rediscover again.

PATRIK FALSTROM: Given the amount of attacks we see spaced on spoof source addresses increase the UDP traffic scares the hell out of me.

JASON SCHILLER: I certainly appreciate your second comment. There is no relationship wean this and HTP 2. That is the simple answer.


CHAIR: And the next presentation is from David Freedman. Ignas has gone on a plane and had to go home. But David is going to talk about requirements for BGP modelling.

DAVID FREEDMAN: Ignas can't be with us, he is on his way to the IETF meeting in Hawaii next week, I am giving this presentation imagining that he is here. I am going to talk about something called YANG and I am sure quite a few of you know who this is, a recap and history of how it came to be. That is lightning talk. YANG is a modelling language and at the moment its policemenigation is there to describe a configuration management protocol from NETCONF. NETCONF came to exist as a result of, in the early 2000s people realising SNMP had failed and really there were requirements that operated that were more complex that could be expressed in SNMP and more importanly, something called SMI which is a way of looking at attributes from a higher level and grouping them and modularising them together. There is a lot of stuff going on here and I would recommend that you follow this link to the tourtorial given at the last meaning given about YANG and NETCONF, you can think of YANG as domain specific language, a way of describing configuration elements and attributes for provisioning and the main specific languages are very popular with modern configuration management systems that you might see in systems management environments. I am sure a lot of you have heard of these things, Puppet and Chef and ‑‑ make use of domain specific languages to configure elements and YANG is main specific language of NETCONF and is being seen in the IETF as a way forward for modelling various aspects of device network element configuration.

And this is a talk about happens when YANG meets BGP. People go off and decide and write drafts about how BGP configuration is modelled. There are two here that I am going to talk about, but there is actually a third that would add too much complexity if I put it in this slide. These two, one of which is in NETMOD Working Group which is the Working Group from where NETCONF and YANG came from, and the other of which is in the IDR Working Group which is the Working Group for which BGP came from.

And NETMOD draft is authored by Cisco and the IDR by a number of authors, Google, AT&T Microsoft, and BT. But both of them are quite low level. I am not sure how well this shows up on the projector but but there are two snippets of the modelling configuration here for attributes of past selection and they look very similar but what they are effectively doing is allowing us to do some low level things in our opinion, akin to say describing policy that you would go and put and configure on the router.

The IDR draft actually contains more operational facets than NETMOD draft does and the IDR draft is the only one that is being discussed and on the agenda for the IDR meeting on Tuesday. The IDR one seems to be progressing and have a bit of operator support.

So what is our point? Well, it's all very nice but we think it's a bit low level, and we can't really use it to describe routing policy, and that's, I guess, really where we feel the advantages of a configuration management automation system would lie. The fact that we can't ask in these proposals for abstracted concepts the way we can in RPSL, how do I exit here and prefer this over that, we think could be an impediment to this work. If YANG is to be considered SDL are we happy can the scope, we think by speaking to some operators at the meeting this week, we possibly need an upper layer which could better describe routing policy which we could use to marshal the specifications that are being discussed here for the configuration. We would like some feedback because we are going to be taking this to the meeting next week. This presentation is to raise awareness of this and get feedback from you guys. Drop an e‑mail if you want to make comments, want to ask any questions or have an opinion about this. But the opinion that we have managed to gauge so far by speaking to people is that it sounds like a it would be a good idea if there was an upper layer to this which we could use to describe routing policy. That is all I have got to say: I have guess we have got a minute or two if anyone wants to ask any questions. If not, please drop me a mail to that address.

CHAIR: Any questions for Dave? Thank you very much. Thank you, Dave.

It sometimes feels like we have a regular programme with Geoff on a Friday. Yours is an interesting presentation, so Geoff is going to give a presentation entitled "who is' watching?"

GEOFF HUSTON: Good morning, all. I am with APNIC. I have got 51 slides and ten minutes, so this is going to be pretty brutally quick. So actually I want to talk about this issue in the post Snowden world of who is looking over your shoulder because quite frankly, there is some weird stuff happening out there. The business of your data is big business, and somewhere in the world right now is some kind of big data conference, and as you sort of look around you find how companies like Walmart massively trawl what you do. Telstra, a large provider in Australia, claims at that thank it wasn't spying on users, it was just looking at the URLs they go to but that is not spying, according to them.

You see, these days, your digital exhaust has a whole bunch of folks sniffing it. Pulling in the fumes and going what exactly are you doing. Because we have managed with this ubiquitous IT to create market segments of one, you, and folk pour over your data. And so everyone observes what you do. Whether it's Facebook, Google or other people, the NSA, perhaps. On‑line data gathering is now massive business. So, some of it we know about; some of it you see ads coming up when you are reading mail whatever, that are just uncannily you, and what appears to be how the hell did they know that, comes through. Other times, it's a little bit more covert. So I was wondering, is it visible? Can you actually see evidence of folk sniffing around the fumes of your digital exhaust pipes? What is going on out there?

Ads truly are amazing, not only do they display what do you but you can use them to measure a whole bunch of things and we have. So I have done presentations about how you can measure DNSSEC and v6 and so on, but one of the ways that we do this is by making sure that every single URL that we deliver via these ads is absolutely unique. Never be repeated again. And so, when you and your browser get this ad, A) don't click because it will cost me a shit load of money and I don't want that. B) let it run. What is going to go on is, you are going to fetch that URL from our server, only you should fetch it, because it's a secret between me and you. So that URL should only be seen once, shouldn't it? Yes? Yes? Yes? No.

Here is what we see. That is a get, someone got that URL at 21 seconds and ten minutes past midnight. Cool, they are in China. Oh look, it happened again. Same URL but at 68 seconds later and it's now GuangDong mobile. Who is that second person? What the hell is going on here? And you go did that happen once or not? How common is this? We have been doing these ads for ages, and so I pulled up all the data across 2014 and for the first 250 days, I saw 123 million unique end user addresses, ads truly are amazing. No matter where you are in the planet, you probably watching YouTube, sooner or later you are going to get an ad and probably one of ours eventually. But, a third of a million came back a second time so. Here is this room here, and probably has been 400 people, you are being stalked. Afraid so. One in 400 have got a digital stalker. That is amazing. It might even be higher than that because of NATS but the level of folk just sniffing around watching, what I thought was my traffic and your traffic, so this idea that, you know, we really have browsers in our infrastructure that is committed to privacy in an open web, that is bullshit, because there is no such concept of on‑line privacy when you are starting to get structural leakage of what I thought and you thought was your own private browsing, one in 400 seem to have attracted some kind of weird digital stalker. So, where do you need to be to have a stalker? If you are in Iran, 104,000 per million is the rate of stalking. You can read this as well as I can. But, you know, the United Kingdom comes in at about number eight, where you are right now. Here. Australia, not to be outdone, is also up there, as is the US. It's a funny old list. But that is an awful lot of folk peering out your shoulder in each of these countries, and some of the stalking rates are really quite dramatic.

So, lets have a look at those stalkers because I am getting really fascinated, do I see the GC HQ here, some kind of security, the NSA, what do I see here? So, I have got 431 million unique URLs, 700,000 repeats, the stalkers are there, 8309 unique subnets are stalkers. So, here they are. Those are the addresses where stalkers come from. It's a lot of China. There is a huge amount of China there.

I don't know if they deserve applause or not. You can see other folk as well, even RIM, the Blackberry is in there in the stalking traffic. So who is doing it? Have these folk corrupted your machine and your machine is actually feeding out this, or is the infrastructure leaking? Have you bought some gear that is completely corrupted and the gear is busy in the network swinging out these URLs to third parties? You can get an indication of this by the stalking delay, because if the URL comes back a second time in precisely 15 minutes, that is a proxy, isn't it? Doing a cache refresh because it's got a timer. So lets have a look at the time lines. This is a logarithmic scale in seconds, stalks happen immediately your machine is feeding out a second URL somewhere, it's your machine that is leaking. But see it peaks further on that appears to be, you know, it's a proxy middle ware or something. So, can I get rid of the proxies? Because proxies are always unhelpful. Don't deploy them. Always unhelpful. So what about I filter out all the stalkers who live in the same AS as you and me, the victims. And so now, I get the different origin AS stalkers, and still an awful lot of China, a huge amount of China stalking. And there is a little bit of Thailand and US stalking in different ASs, but the rest is still China. This is getting really weird.

So lets go further. What about if you are in a different country. So, you know, it's all about the Great Wall of China and the Chinese in looking at the Chinese and OK that is fair enough, as long as the Chinese aren't looking at me, I am fine, you are fine, yes? Or maybe not. So, let's filter that list and now we are looking for the victim in one country and the stalker in another. And lets not worry about where the victims are right now, lets look at the stalkers who look across national boundaries. It's all China. But, you know, that number one is amazing. That is 205,000 hits, the next highest is only 6,000. You know, if there was strong evidence that there is something really weird going on, a smoking gun, I have just found it, that is bizarre piece of stalking that somewhere in backbone, in Guangdong province is this subnet that stalks like a phantom, does it all the time. So what are we seeing here? You have got a few choices, have you been to a US late eon a advice is a waiver card. What can we say about this kind of stalking? What is it looking at. Well, where are the victims? Now, this is really, really good stalking, because quite frankly, although it might be quite easy to find a whole bunch of folk in say Japan or even Kazakhstan, there are some other countries in this list where quite frankly, getting some victims is really very, very challenging, isn't it? Equatorial Guinea, Ghana, Haiti; this guy is actually doing every single country in the world. That is the next list. Is goes on. They are pulling out victims from all over the place. I am trying to think is the far row islands in here. If you live there, you are free, you are OK, lets all go there.

Google ads really do everywhere and that is pretty cool but which country have more of this particular Chinese stalker? Well, if I look at the list again, China Taiwan, Hong Kong, Singapore UK and Vietnam seem to be the hot point where this particular stalker is active. What about if do I it in relative terms. What is your chance that this particular stalker is look at you? If you live in Mcqueue, quite right, Hong Kong, the northern mar can in a islands, what is the hell is going on there. So, I am now saying maybe the time signature has something to do with this. Is this your machine that is being corrupted somehow? The Net delay from access in the URL to being stalked is 74 seconds, but the true distribution is, that that machine in China, that machine comes back in three seconds.

Now, this starts to look like government work, because it's stunningly good, it's really good. Every single country, this is expert stuff, and at the same time, amazingly incompetent because why the hell if you are that good at stalking why you use the same IP address all the time, you sit there, obvious, I am stalking look at me, only government work can that do government work and stupidity at the same time.

So, you know, they are good. They are good. Are they really that good? What sort of user agent string is the stalker? Only one. They are using Maxon so, that doesn't tell me an awful lot. What about the victims? Well now the victims start looking really interesting. There is a huge amount in Windows, a huge amount in Windows so maybe it's virus ware. Interesting. I look over there and it looks like Chrome. At this point the Google guy should be starting to get worried, this could be a possibility that Chrome and Windows is starting to get absolutely corrupted but I don't think so. Relax, Jason, it's OK. Truly, no cause here. Because there is something else here at the end of that string: There is that little thing called meta SR, if you look closely at user agent strings that says that it's Sogou Explorer which is uses Cloud but the thing about it is that it's one of the few browsers that use the Chinese script Pinion as input. It seems this particular explore lives like a sieve, it's Cloud mania, or is it? Because I can't help thinking that if you really want to know what your ex pats are doing as they travel the world, the best way of doing it is to give them a browser that operates in your language, that reports back home all the time. And so I really do wonder if it isn't just Cloud mania, but a certain amount of something else that sits in this area of either commercial data collection or even stat state based espionage through corrupted software. So that is only a tiny part of what we see. The larger world is truly, truly weird, because cyphering off your data to third parties is just common place. Selling it off for profit is what we do these days. Are we comfortable with that? Is that really the world we want to live in. I have no idea because there is enough of it to really get concerned. So thanks to the folk who actually pulled all this data, George and Byron at APNIC, and Warren Camary at Google, who got worried when the signpost for Chrome being corrupte were awfully obvious and for that, I think I have just done ten minutes. Thank you very much.

CHAIR: Thank you, Geoff. I do have time for one or maybe two questions, if you are brief, thanks.

PATRIK FALSTROM: Maybe I am Jim. Or Warren. Will you continue to look at this data to see if the behaviour changes?

GEOFF HUSTON: I am certainly continuing to look at this data because I am actually interested in the numbers 2, 34, 5 and 6. This one stood was like an absolute sore thumb, it was a very, very large signal but as I collect more data with these unique URLs the other bits and pieces of stalking also become visible. And quite frankly I think we all should be concerned about whether the software we are using is reporting home to some value of home that we are not quite sure about. And I think it's important to understand that we can see this and be able to make intelligent choices about what software we use. So yes, I will keep looking at it and it's fun.

JIM REID: Speaking for myself again. Geoff, great talk as always. This is very interesting stuff. If your theory is this is perhaps the Chinese government trying to watch what their citizens are doing when they go abroad. Have you correlated that data you found there with emigration statistics? I know in the UK there is discussion that Chinese citizens have problems getting visas coming into the UK and that is why they are tending to go to Chinese countries because it's easier for tourism and business and I am wondering if the UK's high on that list of countries it might not be talk behaviour you are talking about there is potentially not that many citizens coming to the UK as rest of Europe.

GEOFF HUSTON: Or it could be tourism and a whole bunch of Chinese coming here because London is a wonderful place when it's not raining.

JIM REID: London is not a nice place at all.

AUDIENCE SPEAKER: I kind have idea what is happening, it's basically Solgou is part of largest Chinese Internet company and another company you probably missed it, it's called Swiss 60, the author of a similar browser and it's kind of installing every Chinese computer, it's kind of default software when they have a computer, and that software was doing this for years, actually, so it's not like unknown of, like it's ‑‑ kind of related to government but mostly for company internal use as well.

GEOFF HUSTON: It's my browsing history that that machine is leaking to someone else. That seems like an awfully big liberty with my data and I must admit if I was using that this browser I wouldn't any more. And I would advise anyone else who values personal privacy that that would be a bad choice of browser if personal privacy is what they value.

AUDIENCE SPEAKER: The last was 360 million, that is accounting about 95% of Chinese Internet users and the reason why, basically you have a ‑‑ what the most country have Chinese speaker there, that is kind of leads to that, that is why you have that least. And UK apparently have most Chinese living compared to all the rest of European countries that is why it's up in the top. That is it.

GEOFF HUSTON: Thank you. And thank you.

CHAIR: Thank you very much, Geoff.

So I can see that the wi‑fi seems to be working, which moves us swiftly on to the RIPE meeting technical report.

MENNO SCHEPERS: Good morning, I am part of the technical team who set up the conference here. We were here already on Thursday and started working on Friday, Saturday and Sunday to make sure that all of this is working Monday morning, and well, I think it was working pretty well. Here you see this screen being set up by the AV guys from EMS Events and we, the tech team, have been working mostly on setting up all the network equipment, the access points, the router, the switches and such.

Yeah, EasyNet is the provider of up‑link, it was convenient because they already do the uplink for the hotel. We just used part of it, so we shared it with the hotel, and that is the wi‑fi you are on now is provided by easy net.

We have set up the access points, this is a map showing this room and the side room where we have put the access points, and we have also put a couple of access points downstairs in the smaller rooms. We have had over, I think over 40 access points installed.

The set‑up was mostly done for five gigahertz, and with five Ghz in mind we deployed the access points. We have used 16 channels in the five Ghz band, you see them here on this picture. The ones ‑‑ this shows the per channel at that moment, how much there was and it's just a snapshot of, I think, Monday somewhere afternoon.

Here we see the 2.4 gigahertz spectrum, where we used 3 channels instead of 16. Lots of noise overlapping from other channels. We don't know exactly what it is; it's probably ‑‑ it's most likely not wi‑fi, but other stuff, could be the kitchen next door, I don't know.

Here we see the clients per OS, and we see that Apple is very popular amongst you, but there is of course Android and Windows, 7%, and unknown. I don't know what that is. You can tell me about it, I don't know. It's probably Linux but, yeah, it can be PSD, who knows.

Here we see the DHCP active leases during the week. We see a peak of 700. I have to compare it with last RIPE meeting if this is a record, but it's quite high. Here we see the amount of clients active on the network. You see these peaks and during lunchtime you see the dips but it's, yeah, it's also hit over 600 concurrent active clients on the wi‑fi.

Here is a picture showing the traffic we have had. It's v4 and v6 combined. V4 is still the most used. IPv6 is just over 10, I see here on this picture, 10 Mbit and I think the v4 is sitting just over 100, 120 on Tuesday.

We also have hidden Atlas probe somewhere in this room, connected to a Magmenie and again connected to the wi‑fi and we were monitoring the first hop out of the Magmenie so that is ‑‑ our router, and to see if the, yeah if the uses of the wi‑fi during the day and at night, if it would make any difference, but this graph over the last couple of days shows there is not much difference, so either that mag mean knee we have hidden is sitting on an access point on its own or it's used a lot and our network is just very good.

Here, we have some numbers from the, yeah, the uses of RIPE Stat during this meeting and these are requests done from this network we have here. The nice thing is we have a dual stack network and we can see that only 1.8% of the requests was done via IPv4, so most of you used dual stack and used IPv6 to do the requests. In that table you see a cut down of the resource types that were used.

Apart from the network, we do lots of other stuff, we have the presentation system with the Mac Meanies, we have a webcaster making sure the webcast runs, we have cameras installed so that not only the presenter is on the screen but also the people asking the questions, and there is an IRC server that is being monitored so people can remotely participate. There is stenography of course, there is for the webcast and archive that we try to immediately update after a presentation, it should be immediately downloadable or viewable from the website. All that stuff we do together with all the departments and also together with staff from LINX who helped out us also during set‑up weekend and getting the connectivity to run. But it all worked out very well, I think.

There was a lot of stuff going on during the meeting here. Fortunately we didn't have big problems. But in our office on Wednesday, back in Amsterdam, there was a power outage; it was a partial power outage. It affected unfortunately our server room in the office. It's an old building, but we have a UPS system there that was taking over the power during the power cut. But because of this, we, on Wednesday, also people here from the tech team, including myself, were also working with the people in the office trying to minimise the impact, and I think that you shouldn't have noticed anything from that, and also the people in the office, some of my colleagues couldn't work because their office was without power, but all the servers that we run, most of it runs outside of our office anyways, but we have some stuff running there. We kept it running and we moved some is it stuff from the office to over to the data centres. But everything went pretty smooth there and I hope you didn't notice anything of that.

That is the end of my presentation. Any questions?

DAVID FREEDMAN: From Claranet. I noted earlier in the week, I was with Andrei Robachevsky, we encountered a strange issue where IPv6 with destination options didn't apeer to be allowed to leave the network. Did you figure out the cause of that?

MENNO SCHEPERS: No, I got the script that Andrei was using. I am going to do some tests on that later from the office. We used the exact same access points that we have here in the office, and ‑‑ but I am ‑‑ we have the meeting kit, we have it running in a smaller set‑up between meetings, and I am going to test it when we are back in the office and see what was going on there.


AUDIENCE SPEAKER: Previously ‑‑ at previous meetings you used to show graphs showing how much ‑‑ how much of the traffic was done over IPv4 and IPv6. Do you still have those numbers?

MENNO SCHEPERS: Well this slide that I showed, it combines both in one, but I don't know if the ‑‑ if you can see it clearly here but the peaks, the large graphs are IPv4. The smaller are IPv6. If you come closer to the screen you can see it or else on the slides.

AUDIENCE SPEAKER: Just a small recommendation. It would be nice if we could follow from meeting to meeting ‑‑

MENNO SCHEPERS: From the previous meeting and current one.



CHAIR: Thank you very much.

Well, I suppose the final part of the closing plenary. Hans Petter Holen, the RIPE chair.

HANS PETTER HOLEN: We have come to the last item on the agenda today, and this meeting ‑‑ remember my notes as well ‑‑ this meeting has been the largest meeting ever.

You don't want a number before you are applauding? 609 participants.

And if you look at the history here, you see that we have had some bumps in this growth but it's definitely a graph up and to the right for those looking for those graphs.

68% returning, so we have very good number there, and 32% newcomers. So we are still recruit to go this community and I think that is very good.

So if you have any feedback you want to give to the meeting team, there is going to be a survey here, there is a URL here that you can go and click and give your evaluation and there are actually one or two Amazon gift vouchers to be had that we draw from those who go in here and give feedback. So please remember to do that.

If you look at the composition of the countries, it's good to see that the US is not the biggest country in Europe; the UK is slightly bigger but I guess we can try to recruit some more from other continental Europe rather than this big island out in the west.

Looking at different type of organisations, slightly less than 50% is commercial and then we have associations, educations and even 5% governments and I think that is really good. And of course, some RIR stuff. And there is 19% who don't know who they are working for or what kind of organisation it is, that is also interesting.

Then I have some small updates from the Working Groups. In the IPv6 Working Group, there has been a change of Chairs, so Benedikt, Jen and Dave, are you here? You can stand up and wave. Our new Chairs of the Working Group so thank you very much to Marco and Shane and David who stepped down at the last meeting.

At the measurement Working Group, Richard has stepped down so we now only have one Chair there, Christian Kaufmann. If you are interested there I am sure you can contact Christian and volunteer yourself on the mailing list.

And then we have some ‑‑ one very rare event, the ENUM Working Group. Anyone remember the ENUM Working Group? OK. Three, four, five people. It's not been active for the last couple of meetings so the proposed decision is then to close it down. Hearing any objections? No. Good. This Working Group is closed down. If this topic becomes interesting again it's possible to start a BoF and see if there is interest in bringing this back. Thank you very much to Carsten and Niall for running this Working Group.

And then we have the database Working Group, and we have two new co‑chairs, Job and Piotr. Are you here? And Nigel is staying on as co‑chair there and then we have a big thanks to Wilfried who has been running this Working Group single handed for many, many years and he is actually partly to blame for bringing me up here, because at my first RIPE meeting he put me to work in the database Working Group as scribe and since then I haven't escaped. So Wilfried, thank you very much for your contribution.

So, looking out and beyond our community, there is something going on at the ICANN IANA NTIA level. There was a presentation in the collaboration Working Group by Chris and the background for this is that the NTIA has announced its intention to start a transition for ICANN, so in order to fill our part in this, the RIRs agreed to set up a team, a CRISP team, to consolidate a proposal from the five RIRs, and the agreement then was to put three members in from each of the RIRs, two community members and one from staff, and then work together with the names people and protocol people, give this input to another team, a coordination group at the ICANN level which will then forward proposals to the NTIA. So we asked for candidates to come forward to take part on this team, and there were exactly two candidates who volunteered themselves, Neurani and Andrei, and I guess they are both well‑known in the community. Neurani has spent last weeks at the ITU meeting on the Swedish delegation so she is very involved already in Internet communications. And Andrei as, you know, has also spent a lot of time lately in the Internet society, also working across our community and the rest of the world. So, it was an easy task for me to pick those two members from the two volunteers, and then from the RIPE NCC staff it will be Paul Rendek, so we now have a very good team of three to participate in this. So I would like you to confirm these candidates.

Thank you. And so, over to the fun part. We really immediate to thank our host and sponsors, so Greghana, where are you? You are hiding behind me. Do we have a representative from the local host here? Oh, here you are. Trying to hide at the back but it didn't work. Well, thank you very much for hosting us here.

Speaker: It's been an absolute privilege to have everybody in London, hope you have really enjoyed it, even November we have managed not to have too much rain, and if you want to come back in about a week and a bit's time we have got a LINX meeting on 17/18 of November, EGM, if you can't get enough of London, come back then. Thanks for coming.

HANS PETTER HOLEN: And there is another group who has done a great job in putting together a programme for us, so Programme Committee. Can you please come up on the stage.

So this is the group who put together the excellent programme that we have had for all of this week, and for this, they deserve both a gift from the RIPE NCC and from all of us. And please give them a big hand.

FILIZ YILMAZ: Thanks everyone, and just one thing, I mean you guys submit that great material to us, and we are thankful for that. This meeting was great in that sense, please keep up that interest so we can eventually make this happen. It doesn't happen just without it; it happens all together. And my last remark is for Job and Will, they are our leaving members, those two. If we can also give them an extra hand. Thank you.

MEREDITH WHITTAKER: Just one note while I am here. I lost my phone, if anyone sees it, Nexus 5 with a red sticker on the back, it has all the photos from the BoF yesterday which I was looking forward to reviewing. So thanks.

HANS PETTER HOLEN: OK. And then to the most exciting part here, we always draw some winners from the ones that registered first. So first one out this time is Nick Hilliard. Nick, are you here?

Second one out is Brian Nisbet. He has gone. The rules is that he won't get a prize. So next one out is Peter Koch. He is also gone. Sad for him. Nat Morris. Don't they know they have to stay to the end of the meeting. Raymond Jettens.

And Andrei...

Thank you to the stenographers. It's really good.

I was going to say it's really good to have you here, when I don't understand what I have said I can turn around to figure out.

And last but not least, we have technical staff here, please stand up and the meeting staff, did you run away Greghana. If everybody from the RIPE NCC who contributed to put this meeting together, you have done a great job to put this meeting together. Without you it wouldn't have happened. Thank you.

And then, next meeting is in Amsterdam in May, 11 to 15th. See you all there. Oh, no, I forgot something.

(Secret Working Group)

HANS PETTER HOLEN: So, thank you everybody. And then I can finally close this meeting and wish you all a safe trip home and see you all in Amsterdam. Thank you.