Developer days presentations

• Who: Linux netdev/netfilter developers.
• When: From 23th to 26th of June. From 9 am to 4 pm. Lunch break from 12.45 pm to 2 pm.
• Where: Hungarian NREN (Victor Hugo street).

Remember that we have meeting at the lobby by 8:15 am to depart together to the workshop venue.

Tuesday 23th

NREN/NIIF welcome

• Who: Mohácsi János
• What: Short intro on the Hungarian NREN from host institution.

Welcome

• Short introduction round

Netfilter updates

• Who: Pablo Neira
• What: A short summary on the Netfilter kernel changes since the last workshop.
• Estimated time: 20 minutes

ipset

• Who: Jozsef Kadlecsik
• What: Updates on ipset.
• Estimated time: 15min

Flow/Route based tunneling/encapsulation - Open design challenges

• Who: Thomas Graf
• What: Discuss final steps for lightweight flow/route based encapsulation for VXLAN/MPLS/Geneve/...
• Estimated time: 20min

ebtables/bridge netfilter problem statement

• Who: Florian Westphal
• What: features we have in bridge netfilter, why call-iptables is a PITA, what do to about it
• Estimated time: 15min

Stack performance challenges

• Who: Jesper Dangaard Brouer (+ Hannes and Florian)
• What: Where lies the performance challenges in the kernel network stack, and what can we do about it?
• Estimated time: 45 minutes
• Slides avail here and here Media:Net_stack_challenges_100G_NFWS2015.pdf

Making ipvs work for Facebook

• Who: Alex Gartrell
• What: Things we've had to do to make ipvs work that should go upstream and additional changes that are probably a good idea.
• Estimated time: 15-30 minutes

bpf in tracing and user space tools update ?

• Who: Alexei Starovoitov
• What: Update on bpf in tracing, user space tools and bpf in networking use cases
• Estimated time: 15min

Accelerate NFT with BPF JIT ?

• Who: Alexei Starovoitov
• What: Discuss feasibility of using BPF JIT to accelerate NFT processing in some cases. Pros/Cons.
• Estimated time: 20 minutes

Wednesday 24th

Connection tracking performance

• Who: Joe Stringer
• What: Benchmarking how conntrack performs today in various configurations, then where to next?
• Estimated time: 15 minutes

Multipath Routing

• Who: Ulrich Weber
• What: Current solutions for IPv4/IPv6 multipath routing, challenges and possible improvements.
• Estimated time: 20 minutes

xt_cgroups

• Who: Daniel Borkmann
• What: How to move forward with enabling xt_cgroup (resp. cgroups for nft) for input path (http://thread.gmane.org/gmane.comp.security.firewalls.netfilter.devel/56864/).
• Estimated time: ~15 minutes

Firewalld

• Who: Thomas Woerner
• What: What is firewalld and why does it exist. The way it is using netfilter - the good, bad and ugly things. Also the expectations from nftables and the issues I discovered so far with tests for nftables support in firewalld. Additionally about the wish list to have a better integration with netfilter and also nftables.
• Estimated time: ?

nftables, what's next?

• Who: Pablo
• What: Ongoing works and pending stuff regarding nftables
• Estimated time: 20 min

Thursday 25th

• Hacking days.

Friday 26th

• Hacking days.