nog.fi meeting 2026.06
Tampere - 16 June 202
VIDEO | RECAP EN / ES / FR | ARCHIVE | PERMALINK
The June 2026 nog.fi meeting brought together operators, researchers, regulators, infrastructure providers, and network automation practitioners for a day of highly operational discussions spanning routing security, IPv6-centric architecture, DNS resilience, subsea infrastructure, AI-driven tooling, and European telecom policy. The event emphasized practical engineering experience, operational resilience, and community collaboration across the Nordic and broader European Internet ecosystem.
Speakers
Speakers: Robert Kisteleki - RIPE NCC; Markus Rautell - VTT; Daniel Wagner - DE-CIX; Tobias Fiebig - TU Wien; Tony O’Sullivan - RETN; Tim Bruijnzeels - RIPE NCC; Nick Bouwhuis - NLNOG; Janne Haatainen - Veeam; Jani Nieminen - FusionLayer; Johannes Brummer - Macronet Oy; Roy Arends - ICANN; Amin Hamidi Younessi - Netrotik Oy; Raymond Jetten - Elisa / RIPE NCC Executive Board; Klaus Nieminen - Traficom; Jaakko Rautanen - rautanen.io; Aleksi Suhonen - nog.fi
Opening and Community Coordination
Robert Kisteleki opened the meeting with logistical updates, sponsor acknowledgements, and community announcements. He highlighted IPv6-enabled conference networking provided by EURO-IX and Elisa, encouraged lightning talk participation, and emphasized the collaborative nature of the Finnish network operator community. The opening session also acknowledged volunteers, photographers, communications staff, and code-of-conduct contacts supporting the event.
Post-Quantum Cryptography and Crypto-Agility
Markus Rautell discussed the growing operational challenge of transitioning toward post-quantum cryptography (PQC). He warned that current public key cryptography systems face future threats from quantum computing, particularly through “harvest now, decrypt later” and “trust now, forge later” attack models. Markus argued that cryptographic transitions historically take decades and that organizations often underestimate the complexity of replacing cryptographic systems at scale.
He presented crypto-agility as a design philosophy enabling organizations to update or replace cryptographic algorithms with minimal operational disruption. Key requirements included maintaining inventories of cryptographic assets, separating cryptographic logic from application code, and centralizing policy management. Markus also highlighted unresolved challenges including fragmented standards, interoperability concerns, increased architectural complexity, and lack of standardized migration methodologies. He recommended operators begin by enabling TLS 1.3 support and preparing infrastructure for future PQC adoption.
IPv4-over-IPv6 Infrastructure with RFC 8950
Tobias Fiebig and Daniel Wagner explored RFC 8950 and the concept of operating IPv4 services over IPv6-only infrastructure using IPv6 next hops for IPv4 routing. Tobias argued that operators should abandon IPv4-centric addressing architectures and instead treat IPv4 as a routed overlay service running across IPv6-native networks.
The presentation demonstrated how IPv4 /32 services can be distributed over fully IPv6-centric infrastructures while preserving end-to-end IPv4 connectivity without NAT. Tobias explained operational advantages including recursive next-hop resolution, improved VM mobility, simplified addressing, and elimination of IPv4 transfer-link overhead. He also reviewed Linux, BIRD, FRR, and Junos implementation details, including several operational caveats involving ICMP behavior and MTU discovery.
Daniel Wagner then examined interoperability challenges at Internet exchange points, where large numbers of routers still lack RFC 8950 support. He described testing conducted through Euro-IX working groups and discussed transition mechanisms intended to bridge between legacy IPv4-only routers and RFC 8950-capable systems.
Building Infrastructure That Survives Failure
Tony O’Sullivan delivered a commercially focused discussion about long-term infrastructure resilience. Drawing from RETN’s operational experience, he examined how subsea cable failures, geopolitical instability, and hidden infrastructure concentration risks repeatedly expose weaknesses in supposedly resilient network architectures.
Using Taiwan as a case study, Tony demonstrated how operators often unknowingly depend on the same cable systems and landing stations despite purchasing services from different providers. He reviewed major 2024 and 2025 subsea outages affecting Taiwan and described how multiple providers simultaneously failed because of shared underlying dependencies. RETN’s own terrestrial Europe-Asia infrastructure became critically valuable during Red Sea cable disruptions, allowing rapid rerouting of traffic across terrestrial paths when multiple submarine systems failed.
Tony also described operational challenges during the war in Ukraine, including repeated fiber cuts, missile strikes, and power instability. He emphasized that long-term resilience depends not only on physical infrastructure but also on operational control, spare capacity, engineering relationships, and industry cooperation during crises.
ASPA and BGP Path Validation
Tim Bruijnzeels introduced ASPA (AS Provider Authorization) as the next major step in RPKI deployment beyond route origin validation. ASPA allows ASNs to declare which upstream providers are authorized to provide transit on their behalf, enabling detection of certain route leaks and implausible AS paths.
Tim explained how ASPA evaluates provider relationships within BGP paths and classifies paths as plausible or implausible rather than requiring full cryptographic validation of every route. He demonstrated how ASPA can identify route leaks violating valley-free routing assumptions while still supporting gradual deployment. Operational examples included issues involving AS6939 transit relationships and use of AS0 declarations for Tier-1 or transit-free networks.
The presentation also covered ASPA deployment tooling within RIPE NCC systems and the practical realities of integrating ASPA validation into production routing environments.
NLNOG Tools and Distributed Operational Visibility
Nick Bouwhuis presented an overview of NLNOG’s community infrastructure and operational tooling. He reviewed the history of NLNOG from a simple mailing list into a formal organization operating several annual events and technical services.
The presentation focused heavily on the NLNOG Ring, a globally distributed troubleshooting platform where operators contribute nodes in exchange for diagnostic access across hundreds of participating networks. Nick demonstrated distributed tools including:
ring-ping
ring-trace
ring-http
ring-sqa
These tools enable distributed latency testing, traceroute visualization, HTTP verification, and routing change monitoring from hundreds of locations worldwide. The Ring now spans more than 700 nodes across approximately 550 ASNs in 60 countries.
IRR Data Quality and Routing Security
Daniel Wagner returned to present research into the global Internet Routing Registry (IRR) ecosystem. He examined how operators and IXPs continue relying heavily on IRR data for BGP filtering and route server policy generation despite widespread data quality problems.
The research analyzed authoritative RIR IRRs alongside fourteen third-party IRR databases. Daniel showed that many third-party databases contain large volumes of stale, orphaned, duplicate, or conflicting routing objects. Approximately one million problematic ROUTE objects were identified during analysis.
The study compared IRR data against actual default-free-zone routing and found that authoritative RIR databases generally aligned more closely with real routing behavior. Daniel argued that operators should increasingly prioritize authoritative IRRs and RPKI while reconsidering dependence on legacy third-party databases.
AI Tooling and the Veeam MCP Server
Janne Haatainen introduced the Veeam MCP Server, an open-source project enabling AI agents to interact with Veeam infrastructure through the Model Context Protocol (MCP). The platform supports integration with Veeam Backup & Replication, Veeam ONE, and the Veeam Service Provider Console.
Janne emphasized that the platform is intentionally read-only, avoiding concerns about AI agents making destructive changes. He demonstrated how operators can use natural language queries to gather operational data, build reports, and perform troubleshooting across distributed backup environments. The system supports multiple AI platforms including Claude, Copilot, ChatGPT, and local models.
The presentation highlighted growing interest in combining infrastructure observability with LLM-based interfaces for operational support and incident analysis.
Access Network Evolution and AI Workloads
Jani Nieminen discussed changing requirements for access networks as AI-powered applications increase demand for uplink performance, low latency, and bidirectional communication. Traditional access network optimization focused primarily on downstream video delivery, but newer workloads require different architectural priorities.
Jani compared fiber, satellite, and mobile access technologies while discussing the investment challenges operators face when balancing urban and rural deployments. FusionLayer has developed machine-learning-driven planning tools that help operators evaluate network upgrade options and identify cost-effective deployment strategies.
GPU Virtualization Challenges
Johannes Brummer delivered a highly practical discussion on the operational difficulties of virtualizing GPUs at scale. He reviewed the evolution of GPUs from graphics accelerators into specialized compute devices optimized for AI workloads and low-precision numerical processing.
Johannes described numerous operational problems including:
PCIe topology instability
Firmware incompatibilities
BIOS updates breaking device mappings
VFIO initialization issues
GPU passthrough complications
Remote management conflicts
He explained how recent Linux kernels significantly improved GPU initialization performance but emphasized that GPU virtualization remains operationally fragile, especially in bleeding-edge AI infrastructure environments.
DNSSEC and the 2026 Root KSK Rollover
Roy Arends presented operational guidance for the upcoming 2026 DNS root KSK rollover. He reviewed ICANN’s DNSSEC key management ceremonies and the staged process used to rotate the DNS root trust anchor.
Roy revisited lessons learned from the delayed 2017–2018 rollover, where inconsistent resolver behavior complicated telemetry collection and deployment planning. He stressed the importance of ensuring resolver trust anchors remain current and encouraged operators to validate their DNSSEC configurations before the 2026 rollover begins.
Network Automation Beyond Vendor Lock-In
Amin Hamidi Younessi focused on vendor-independent network automation techniques using REST APIs and RESTCONF across MikroTik and Cisco IOS XE platforms. He argued that operators should focus on underlying concepts such as HTTP, JSON, YANG, and API workflows rather than becoming dependent on vendor-specific tooling.
The presentation demonstrated automated BGP provisioning, NTP deployment, and operational data collection using Python and REST APIs. Amin stressed that automation scales best when operators understand shared protocol concepts rather than relying solely on proprietary abstractions.
RIPE 92 Executive Board Report
Raymond Jetten summarized recent RIPE NCC Executive Board developments and outcomes from RIPE 92. He thanked the Finnish community for supporting his re-election and reviewed decisions adopted during the RIPE NCC General Meeting, including the charging scheme.
Raymond also addressed concerns about continued RIPE NCC support for NOG communities and reaffirmed the organization’s commitment to supporting local and regional technical communities. He concluded with a tribute to the late Fergus McKay, recalling his extensive participation across the global NOG ecosystem.
Digital Networks Act and Fair Share Regulation
Klaus Nieminen discussed European policy debates surrounding the proposed Digital Networks Act and “fair share” discussions affecting IP interconnection. He explained that while explicit fair-share language does not appear directly in the proposal, several provisions indirectly expand interconnection obligations to include information society services and non-public networks.
Klaus reviewed proposed ecosystem cooperation mechanisms involving BEREC and national regulators, warning that voluntary coordination frameworks could eventually evolve into mandatory regulatory obligations. He expressed concern about regulators becoming too deeply involved in operational and commercial interconnection practices while acknowledging that political momentum behind such proposals remains strong.
Network Automation Forum Framework
Jaakko Rautanen introduced the Network Automation Forum (NAF) and its Automation Framework. Rather than prescribing a rigid reference architecture, the framework provides a shared vocabulary and evaluation model for assessing network automation systems.
The framework defines modular building blocks for automation systems along with “must,” “should,” and “may” requirements covering areas such as intent management, infrastructure interfaces, APIs, and operational workflows. Jaakko encouraged operators to use the framework as a tool for comparing automation approaches and identifying gaps in existing systems.
Local Root DNS Operations
Roy Arends returned for a second DNS-focused session discussing “local root” operation — maintaining a local copy of the DNS root zone directly on recursive resolvers.
Roy reviewed potential advantages including:
Reduced root query latency
Increased resilience during outages
Reduced dependency on external infrastructure
Improved privacy
Lower root server traffic
However, he also highlighted operational drawbacks including synchronization challenges, stale data risks, reduced visibility for root server operators, and the limited applicability of the approach beyond the root zone itself. Roy also described the enormous volume of malformed and nonsensical traffic routinely observed by root server operators.
Closing Remarks and Community Growth
Aleksi Suhonen closed the meeting by thanking sponsors, volunteers, photographers, organizers, and attendees. He highlighted attendance growth compared to previous years and encouraged broader community participation in communications, photography, volunteering, and future program committee work.
Aleksi also reiterated that the nog.fi code of conduct remained in effect during evening social activities and emphasized the importance of maintaining a welcoming and collaborative operator community.