Massimiliano Stucchi
Massimiliano "Max" stucchi is the main person behind Glevia, a Swiss organisation providing training and consulting on networking. In his past, he founded an ISP and WISP in Italy, worked at the RIPE NCC as trainer and subsequently as IPv6 Programme Manager and last at the Internet Society. He is involved in a number of programme committees and helps run a couple of Internet Exchanges. Max also runs his own autonomous systems - AS58280 - for fun, testing and research. He is based in Zurich, Switzerland.
Sessions
The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.
Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will both teach principles and provide opportunity for hands-on operation of the extensive network tools available on OpenBSD and sister operating systems in a lab environment. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.
Topics covered include
The basics of and network design and taking it a bit further
Building rulesets
Keeping your configurations readable and maintainable
Seeing what your traffic is really about with your friend tcpdump(8)
Filtering, diversion, redirection, Network Address Translation
Handling services that require proxying (ftp-proxy and others)
Address tables and daemons that interact with your setup through them
The whys and hows of network segmentation, DMZs and other separation techniques
Tackling noisy attacks and other pattern recognition and learning tricks
Annoying spammers with spamd
Basics of and not-so basic traffic shaping
Monitoring your traffic
Resilience, High Availability with CARP and pfsync
Troubleshooting: Discovering and correcting errors and faults
Your network and its interactions with the Internet at large
Common mistakes in internetworking and peering
Keeping the old IPv4 world in touch with the new of IPv6
The tutorial is lab centered and fast paced. Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.
Participants should bring a laptop for the hands on labs part and for note taking. The format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.
This session is an evolutionary successor to previous sessions. Slides for the most recent version of the PF tutorial session are up at https://nxdomain.no/~peter/pf_fullday.pdf, to be updated with the present version when the session opens.
This tutorial is for those who have not yet jumped on the IPv6 bandwagon.
The goal is for participants to be able to understand how IPv6 works, how an addressing plan could be built for an enterprise network, and how this can be configured on FreeBSD and OpenBSD.
We will also configure services to work on IPv6 and discuss the implications of configuring PF rules for them.
To complete the tutorial, we will configure an IPv6-mostly network, where IPv6 is a first-class citizen and IPv4 is not. This should give participants enough confidence to configure IPv6 in their own environment.
The tutorial is supported by a remote lab where every participant will be given a series of virtual machines to configure following the topics presented in the theory sessions, and will also have to relate to others to complete the required exercises, like setting up web services and interacting with other groups to test their communication on the live internet.