CSNOG
2025
January 21.-22., 2025
Education Centre UTB
Building U18
Štefánikova 5670, Zlín
Time | Network Management | Legislation and Regulation |
|---|---|---|
09:30 | Registration | |
10:00 | WiFi at the Physical Layer - How do 802.11 Protocols Work?Tomáš Kirnak | NetCore (Unimus) This lecture covers the basics of WiFi at the physical layer. It will delve into physics, modulation schemes, the development of 802.11 family protocols, and their historical evolution. This session provides an essential overview of WiFi operation at Layer 1, preparing attendees for deeper exploration. | |
11:30 | Analyzing network reliability up to 800GThomas Weible | Flexoptix This presentation investigates the proximity to a low Signal-to-Noise Ratio (SNR) threshold that can still maintain a tolerable Bit Error Rate (BER) in 100G / 400G / 800G network links. Additionally, we account for factors such as temperature and cable length to predict the duration for which a reliable network connection can be sustained between transceivers. The analysis, based on data retrieved using a Flexbox, focuses on comparing the reliability of coherent (16QAM) and non-coherent (PAM4) transceivers, with a detailed discussion on the implications of these technologies on network performance. | |
12:00 | Lunch | |
13:20 | Welcome | |
13:30 | Protecting BGP with TCP-AOKateřina Kubecová | CZ.NIC Securing BGP with TCP-AO option. How TCP-AO works, how it differs from MD5 and how to set it up. | CTU Activities in 2025Marek Ebert | Český telekomunikační úřad Jak předseda Rady ČTÚ hodnotí předchozí rok 2024 a jaké aktivity plánuje národní regulátor pro rok 2025? Prezentace se zaměří na hlavní úkoly, které si ČTÚ naplánoval a to jak na trhu elektronických komunikací, tak v rámci nové kompetence digitálního koordinátora podle nařízení DSA. |
13:50 | Pushing the Limits III - Utilizing eBPF/XDP to Optimize the Performance of the Linux Kernel Networking SubsystemJan Kučera, Jan Viktorin | CESNET This lecture follows up on previous parts of the series with the same name. We will focus on the use of XDP to enhance the resilience of web servers against DDoS attacks and will explain how the real limits of the networking subsystem change when applying an XDP program to accelerate the native SYN cookies mechanism available in the kernel. | Detecting Child Sexual AbuseDavid Kovář | ÚSKPV V rámci přednášky budou prezentovány vybrané aspekty sexuálního zneužívání dětí online z pozice Úřadu služby kriminální policie a vyšetřování Policejního prezidia ČR, a to se zaměřením na jeho možnou detekci a spolupráci s ostatními státními orgány či subjekty soukromého sektoru. |
14:10 | Deploying XDP in Knot DNSLukáš Vacek | CZ.NIC We have been discussing XDP technology in Knot DNS for a while, and how we use it in our anycast. Today, we’ll cover how you can deploy XDP in your setup: what to watch out for, prerequisites, configuration, and optimal traffic monitoring when packet inspection through the kernel is not an option. | Securing Email CommunicationJakub Onderka | NÚKIB NÚKIB už v roce 2021 vydal ochranné opatření, které nařizuje správcům e-mailových systémů zavést bezpečnostní technologie SPF, DKIM, DMARC a DANE. S novým ZKB se bude rozšiřovat rozsah subjektů, které se regulací budou muset řídit. Co tato regulace znamená pro poskytovatele internetového připojení? |
14:30 | Updates on DNS Anycast for the National .CZ DomainTomáš Hála | CZ.NIC In 2024, the anycast infrastructure for the .CZ domain was significantly strengthened with the deployment of a 400GE link to NIX.CZ and new locations in the Czech Republic and abroad. How did the process unfold? What challenges are we facing? What is its capacity, and where is it heading in the future? Why did we start using catalog zones? And who else has begun utilizing the anycast network? | NÚKIB PortalTomáš Pekař | NÚKIB V návaznosti na nový zákon o kybernetické bezpečnosti připravuje NÚKIB vlastní Portál, který bude sloužit jako hlavní kontaktní bod v oblasti kybernetické bezpečnosti. Ohlášení regulované služby, hlášení incidentů nebo informace o aktuálních hrozbách. To je jen část nově připravovaného portálu. Jak |
14:50 | Measuring the Performance of DNS Zone TransfersPetr Špaček | Internet Systems Consortium How can we measure the performance of DNS zone transfers? What are the differences between cases involving a single small zone, a large zone (TLD), or numerous small zones? What is the impact of data transfer security on performance? How does DNS-over-TLS scale? | New Cybersecurity LawMartin Švéda | NÚKIB Příspěvek shrne aktuální stav návrhu zákona o kybernetické bezpečnosti, který se v návaznosti na směrnici NIS2 dotkne tisíců českých firem a organizací. Připomeneme si také nejpodstatnější části navrhovaného zákona. |
15:10 | Coffeebreak | |
15:40 | A Quarter Million PrefixesMaria Matějka | CZ.NIC | BIRD The size of the IPv6 table is slowly approaching a quarter-million entries, and IPv4 is nearing the magical one-million mark. Can we improve hardware performance by aggregating prefixes with the same nexthops? | Measurement Tools and Procedures for Monitoring the 5 GHz BandMiroslav Krýza | Český telekomunikační úřad Pásmo 5GHz je široce využíváno pro bezdrátové komunikace jako jsou WiFi sítě, přístupové body, SRD a další technologie. Proto se Český telekomunikační úřad intenzivně věnuje nejen monitoringu, ale i dohledávání zdrojů rušení tohoto pásma za využití moderních technologií i vlastních SW nástrojů. |
16:00 | Documenting the CESNET3 Network with NetBoxLadislav Loub | CESNET High-quality documentation is crucial for the efficient operation of large-scale networks today. This presentation will showcase the approach we chose for the new CESNET3 network. We will demonstrate how we use NetBox, how we enhanced it with custom extensions, and how it is becoming a "source of truth" for the gradual implementation of automation. | Panel Discussion: Vision for 2030Jan Kolouch | CESNET Panelová diskuze se zaměří netradičním způsobem na výhled České republiky v digitální oblasti do roku 2030, přičemž bude reflektovat různé perspektivy zúčastněných panelistů, jak ze státní správy (ČTÚ, NÚKIB), tak i soukromého sektoru. |
16:20 | How to Implement Central Log ManagementLukáš Macura | CESNET The lecture will describe how to set up central log management in a network. It will not focus on a specific solution but rather on the journey and the challenges that may arise along the way. Additionally, it will include practical advice on potential problems and what to avoid. | |
16:40 | Stepping out of the IDS Stereotype: Applying Suricata’s Full PotentialLukáš Šišmiš | Cesnet Suricata is known for its role as an IDS/IPS, but its capabilities go much further. This session will explore how Suricata can be used for network troubleshooting, as a cybersecurity library, and even as a web application firewall in AWS, unlocking its full potential for various network operations. | |
17:00 | Code of Conduct: Yesterday, Today, and TomorrowMaria Matějka The CSNOG website contains a paragraph about how participants should treat each other. This paragraph has been in place since CSNOG's inception, and now it is time to look back and assess whether we are satisfied with this setting. | |
17:10 | End of Day 1 | |
19:00 | Social Event |
Time | Network Management | Network Management |
|---|---|---|
09:30 | Registration | |
10:00 | Updates and Plans for Network Monitoring with ipfixprobeKarel Hynek | CESNET The ipfixprobe tool, developed by CESNET, enables monitoring of network traffic on various devices—from home routers to high-performance servers monitoring 100GE links. The lecture will present the latest features, including DPDK support for commodity network cards and monitoring support for 400GE links. | Innovations in Practical Teaching – Virtual Labs at NetLAB FEL CTUMarcel Poláček | Fakulta elektrotechnická ČVUT NetLAB představuje revoluční přístup k praktické výuce a výzkumu v oblasti informačních technologií. Díky vzdálenému přístupu nabízí studentům i vědcům snadný přístup a prostor pro výuku, simulaci, návrh a testování moderních scénářů nejen ze světa sítí, ale i kyberbezpečnosti a operačních systémů. |
10:20 | How we built sFlow visualization tool (open source)Blažej Krajňák | Energotel When it comes to parsing, storing and visualizing network telemetry data for hundred gigs networks, many open source tools stop to be sufficient. This presentation describes how we built lightweight but powerful internal tool using GoFlow2 - Clickhouse - Grafana stack. | |
10:40 | Rise of the Merchant SiliconPatrick Prangl | Arista Networks Merchant silicon got more popular over the last years as the capabilities and use-cases have increased significantly. This talk will show the evolution and differences of merchant silicon. | |
11:00 | Root cause analysis - benefits of having Flow data right beside SNMP, OTel, and other logsMatěj Pavelka | FLOWCUTTER Presentation discusses why it is beneficial to have multiple datasources in one’s disposal when one is dealing with Root cause analysis. The main use case focuses on analysing Flow data right beside SNMP, OTel, and other logs in open-source Grafana stack. Presentation is product agnostic. | |
11:20 | Coffeebreak | |
11:40 | SDN at L0 with Open HardwareMichal Hažlinský | CESNET Learn how SDN-based optical transmission system allows network operators to use the familiar, DevOps-focused control plane to operate a DWDM network and deliver an expanded service portfolio over the existing fiber footprint. | |
12:00 | Evolution to SRv6 – Theory and ApplicationLuboš Gazdík | ALEF NULA The development of transport technology from MPLS LDP, RSVP TE, through Segment Routing MPLS and SR-TE to SRv6. Basic principles of operation, comparisons, advantages, limitations, and a configuration example. | |
12:20 | Automation of Data Center Configuration at ČRA - Ansible, Git, CI/CD, ARISTAVojtěch Setina, Radim Roška | ALTEPRO solutions This lecture introduces the automation of ČRA data center configurations using Ansible AVD, Git/GitLab, and CI/CD pipelines. We will demonstrate how scripts manage networks, migrate services, and edit configurations based on the Source of Truth model, deployed via the ARISTA CloudVision Portal. | |
12:40 | Timeseries Troubles: How (Not) to Calculate StatisticsMarian Rychtecký | NIX.CZ "Timeseries Troubles: How (Not) to Calculate Statistics" reveals the most common mistakes when working with timeseries databases. You will learn how to avoid errors in calculating operational statistics and receive tips for proper analysis of time series. | |
13:00 | Automated DNSSEC Management – Enhance the Security of the Czech Internet!Zdeněk Brůna | CZ.NIC The CZ.NIC Association has supported DNSSEC in the .CZ domain registry since 2008 and enabled its deployment via CDNSKEY records since 2017. Support for simplified management of higher DNS security is also available in KNOT DNS. | |
13:20 | Closing | |
13:30 | Lunch |
Registration
Register early, as the number of spots is limited!
The price for a two-day ticket is 2,000 CZK, including VAT, and covers access to the conference and refreshments throughout the event.
Registration is available through the registration form of the CZ.NIC Academy, operated by the CZ.NIC association.
Accommodation
The organizers of CSNOG 2023 do not provide accommodation.
For event participants, a limited number of rooms have been reserved at the Interhotel Zlín.
Single room:
2 050 CZK/night including breakfast and VAT
Double room:
2 260 CZK/night including breakfast and VAT
Please make your accommodation reservation via email at recepce@interhotelzlin.cz.
In the email subject line, please indicate the information about CSNOG 2025, and in the email, please provide:
- the dates of your stay
- the names of the guests
- billing details (if you require an invoice for your company)
Social event
The event will take place on January 21 at 7:00 PM at the café of the Baťa Institute.
14|15 Baťa Institute, Vavrečkova 7040, Zlín (map).
Entrance through the library on the ground floor between buildings 14 and 15.
The event will also include an opportunity to visit the Princip Baťa exhibition at the Museum of Southeastern Moravia (located in the Baťa Institute buildings). A guided tour will be held before the event, requiring prior registration. Individual exhibition visits will also be possible during the evening.
Program:
Princip Baťa (Bata principle)
The exhibition is divided into several sections:
Guided Tour of the Exhibition
Before the evening social event, a guided tour of the Princip Baťa exhibition will take place from 6:00 PM to 7:00 PM. Prior registration is required for this tour.