Net Eng Skills Gap Redux: Entry Routes into Network Engineering

While I was recently at the LINX meeting in London, I ended up having a side-discussion about entry routes into the Internet Engineering industry, and the relatively small amount of new blood coming into the industry.

With my UKNOF Director’s hat on for a moment, we’re concerned about the lack of new faces showing up to our meetings too.

Let me say one thing here and now:

If you work in any sort of digital business, remember that you are nothing without the network, nothing without the infrastructure. This eventually affects you too.

Yes, I know you can just “shove it in the Cloud”, but this has to be built and operated. It has real costs associated with it, and needs real people to keep it healthily developing and running.

I’ve written about this before here, almost 3 years ago. But it seems we’re still not much better off. I think that’s because we’ve not done enough about it.

One twitter correspondent said, “I didn’t know the entry route, so ended up in sysadmin, then internet research, and not netops.”

This pretty much confirmed some of my previous post, that we’d basically destroyed the previous entry route through commoditisation of first-line support, and that was already happening some time around 1998/1999.

It’s too easy to sit here and bleat, blaming “sexy devops” for robbing Net Eng and Network Infrastructure of keen individuals.

But why are things such as devops and more digital and software oriented industries attracting the new entrants?

One comment is that because a large number of network infra companies are well established, there isn’t the same pioneering spirit, nor the same chance to experiment and build, with infrastructure compared to the environment I joined 20 years ago.

My colleague, Paul Thornton, characterised this pioneering spirit in a recent UKNOF presentation titled “None of us knew what we were doing, we made it up as we went along” – note that it is full of jargon and colloquialism, aimed at a specific techie audience, but if you can excuse that, it really captures in a nutshell the mid-90’s Internet engineering environment the likes of he and I grew up in.

Typing “debug all” on a core router can liven up your afternoon no end… But I didn’t really know what I wanted to do back then, I was green and wet behind the ears.

Many infrastructure providers are dominated by obsessions with high-availability, and as a result resistance to change, because they view a stable and available infrastructure as the utopia. An infrastructure which is being changed and experimented upon, by implication, is not as stable.

do-not-touch-any-of-these-wires
DO NOT TOUCH ANY OF THESE WIRES

Has a desire to learn (from mistakes if necessary!) become mutually exclusive from running infrastructure?

In many organisations, the “labs” – the development and staging environments – are pitiful. They often aren’t running the same equipment as that which exists in production, but are cobbled together from various hand-me-down pieces of gear. This means it’s not always possible to compare apples with
apples, or exactly mimic conditions which will exist in production.

Compare this to the software world, where everything is on fairly generic compute, and the software is largely portable from the development and staging environments, especially so in a world of virtualisation and containerisation. There’s more chances to experiment, test, fail, fix and learn in this environment, than there is in an environment where people are discouraged from touching anything for fear of causing an outage.

This means we Network Engineering types need to spend a lot of time on preparation and nerves of steel before making any changes.

Why are the lab environments often found wanting? Classically it’s because of the high capital cost of network gear, which doesn’t directly earn any revenue. It’s harder to get signoff, unless your company has a clear policy about lab infrastructure.

I’m not saying a blanket “change control is bad”, but a hostile don’t touch anything” environment may certainly drive away some of the inquisitive folks who are keen to learn through experimentation.

Coupled with the desire of organisations to achieve high availability with the lowest realistically achievable capital spend, it means that when these organisations hire for Network Engineering posts, they often want seasoned and experienced individuals, sometimes with vendor specific certifications. You know how I hold those in high esteem, or not as the case may be, right?

So what do we need to do?

I can’t take all the credit for this, but it’s partly my own opinions, mixed in with what I’ve aggregated from various discussions.

We need to create clear Network and Infra Engineering apprenticeship and potential career paths.

The “Way In” needs to be clearly signposted, and “what’s in it for you” made obvious.

There needs to be an established and recognised industry standard for the teaching in solid basic network engineering principles, that is distinct from vendor-led accreditations.

In some areas of the sector, the “LAIT” (LINX Accredited Internet Technician) programme is recognised and respected for it’s thoroughness in teaching basic Internet engineering skill, but it’s quite a narrow niche. Is there room to expand the recognition this scheme, and possibly others have?

A learning environment needs to exist where we enable people to make mistakes and learn from them, where failure can be tolerated, and priority placed on teaching and information sharing.

This means changing how we approach running the network. Proper labs. Proper tooling. Proper redundant infrastructure. No hostile “change control” environment.

Possibly running more outreach events that are easier for the curious and inquisitive to get into? That’s a whole post in itself. Stay tuned.

What’s next for Open-IX?

I’ve recently returned from the NANOG 61 meeting in Seattle (well, Bellevue, just across the lake), a fantastic meeting with well over 800 attendees. It was good to meet some new folk as well as catch up with some industry contacts and old friends.

One of the topics which came up for discussion was the activities of the Open-IX association. This is a group which exists to promote fairness and open competition between Internet Exchange and Co-location operators in the US, and thus improve the competitiveness of the market for the users of those services, such as ISPs and content providers.

It was originally set-up to address what was something of a market failure and a desire by a number of US network operators to encourage organisations that run Exchange facilities (such as Equinix) to have more transparent dealings with their customer base, such as fair pricing and basic expectations of service level. This is something that is more common in Europe, where a large majority of Internet Exchanges are run as non-profits, owned and steered by their participant communities.

To do this, the Open-IX Association don’t actually plan to own or operate exchanges, but instead act as a certification body, developing a set of basic standards for exchange companies to work to. It’s somewhat succeeded in it’s initial goals of correcting the market failure. New IXP entrants in the shape of the three large European IXPs have entered the North American market, and co-location operators who were previously less active in the interconnection market have become more engaged.

So, one of the questions asked is what next for Open-IX?

(Indeed, my former boss, LINX CEO John Souter even ventured to suggest it’s “served it’s purpose” and could be wound up.)

There has been questions from some smaller IXPs, they can’t meet all the criteria laid down in the OIX-1 standard (and possibly don’t wish to or have means of doing so). Does this some how make them a “less worthy” second-class IXP, despite the fact that they serve their own communities perfectly well?

In particular, both the Seattle Internet Exchange and Toronto Internet Exchange currently can’t comply with OIX-1, but at the same time it’s not important for them to do so. The difference being these are member-driven exchanges, more along the lines of the European model. Their members don’t require them to provide the services which would allow the organisations to confirm to OIX-1.

I don’t think anyone would venture to suggest that the SIX or TorIX are in some way “second class” though, right? They are both well run, have plenty of participants on the exchange fabric, and respected in the IX community.

This is a key difference between these exchanges and commercial operations such as Equinix: The member-driven IXPs such as SIX and TorIX don’t need an Open-IX to set standards for them. Those local communities set their own standards, and it’s worked for them so far.

And maybe that’s where the opportunity lies for Open-IX: To act like this “conscience” for the more commercial operators, in the same way as the members steer the non-profits?

UKNOF 29 Tech Recce – Belfast

Assembly Buildings Belfast - Main Hall

The venue for UKNOF 29 and ISOC’s ION Belfast meeting to be held in September this year is currently looking like another great place for UKNOF to meet – it’s the Assembly Buildings, right in the middle of the city, easy to get to, and a good choice of hotels (from budget options such as Travelodge through to mid-range Jury’s Inn, and the higher end Europa and boutique Fitzwilliam) all less than 2 minutes’ walk away. There’s also some smashing restaurants and bars for the all important networking we come to do at UKNOF.

Don’t be put off by the theatre seating above – this was for the event occurring the next day – we’re looking at either cabaret or classroom seating for our event, there will be somewhere to put your laptops!

We decided on this venue not just because of it’s central location, but the high specification of the AV and technical support provided in house. The home of the General Assembly of the Presbyterian Church in Ireland, the 109 year old building recently benefitted from a massive refurbishment, including a serious tech upgrade.

It has a Gig of bandwidth to the building. The UKNOF connectivity will use this as the transport to bring in our own Internet Access (over a tunnel) with no NAT and native IPv6, provided as usual by Tom at Portfast.

I recently visited to check this all works as anticipated, and it seems to work just fine. The tunnel to Portfast’s Docklands router came up just fine, and 80-90Mb (this being constrained by the router in use as the tunnel endpoint) was achieved with no issues.

The resident IT guys are super-helpful, and have even offered the use of their existing Aruba wifi platform for distributing the UKNOF wifi network in the building. If this works, it will mean that UKNOF doesn’t have to ship a load of access points out to the venue. Our testing revealed some limitations in the current Aruba setup, such as IPv6 RAs and ND apparently being blocked in the current config. Fixing this is on the list of things to do, as they don’t natively run v6 yet as part of their day to day operation so haven’t been concerned about it (until now).

We also need to investigate operating separate 2.4Ghz and 5Ghz wifi SSIDs, they are currently set up single SSID with bandsteering, so we may want to set up with specific radio heads as 5Ghz only.

This is all stuff to work on and resolve with their tech folks in the next few weeks.

Even if we decide we’d rather run our own access points because of the high client density at our meetings, this should be relatively simple and not require transporting lots of kit. The main hall can be covered by 4-6 access points, and there is plenty of structured cabling.

Assembly Buildings MixerAudio isn’t a problem. A rather nice Allen & Heath desk is permanently installed, and the standard rig includes plenty of radio handheld and lapel mics, and sidetone/foldback is provided for the presenter. On the day desk will be looked after by a professional sound engineer.

The venue even has it’s own permanently installed video system, comprising four HD pan-tilt-zoom cameras with video switching, that can provide an SDI out. Hopefully the folk over at Bogons who support UKNOF with webcasting can ingest this, and avoid having to bring their own camera.

If the big stage and stained glass window backdrop hasn’t scared you off yet, the Call for Presentations is open, and our regular Programme Committee has been strengthened by the addition of David Farrell from Tibus and Brian Nisbet of HEAnet for this meeting to help us find interesting local content.

The RIPE NCC will be holding their Basic and Advanced hands-on IPv6 training courses in the same venue (just a slightly smaller room!) on the Wednesday, Thursday and Friday of the same week.

We’re really looking forward to September, and welcoming Internet Operations folk from the whole of Ireland (both The North and The Republic), the UK mainland, and elsewhere to Belfast.

(It may even be the easiest UKNOF so far for the folk on the Isle of Man to get to?)

“Ambassador, with these Atlas probes, you’re really spoiling us…”

Okay. So I only expect the Brits to get the title of this. Though if you’re desperate to be in on the “joke”, watch this YouTube video of an old British TV ad for some chocolates.

One of the things I do for the community is act as a “RIPE Atlas Ambassador” – that’s someone who helps distribute RIPE Atlas internet measurement probes into the wider Internet community. The Measurements Community Builders at the RIPE NCC send me a box of Atlas probes, I go to conferences, meetings and other get togethers and I give them out to folk who would like to host a probe, along with answering any questions as best I can.

Recently, Fearghas McKay of the IX Scotland steering group asked me if I had any data from the Atlas project on internet round-trip time for probes located in Scotland, to get to services hosted in Scotland, and if I could talk about it at a meeting of IX Scotland participants.

This is a fairly similar exercise to the one I did for Northern Ireland.

One of the challenges I was faced with was the distinct lack of source data. Firstly, there weren’t that many Atlas probes in Scotland to begin with, and those which are there are mostly located in the “central belt” – around Glasgow and Edinburgh. The furthest North was a single probe in Aberdeen, and Scotland is a big country – it’s around 300 miles from the border at Gretna to Thurso, one of the most northerly towns on the Scottish mainland, as far again as it is from London to Gretna. That’s not even counting the Orkneys, Shetlands or Hebridean Islands, which have their own networking challenges.

The second problem was that of those probes, only three at the time were on an ISP connected directly to IX Scotland, and one of those was down! The majority were on consumer broadband providers such as BT and Virgin Media, which aren’t connected to many regional exchanges.

I saw attending the IX Scotland meeting as a good chance to redress the balance and extend the usefulness of the Atlas platform by distributing probes to networks which could improve the coverage.

This has resulted in what is currently the most Northerly probe in the UK being brought online in Dingwall, not far from Inverness, thanks to the folk at HighNet. They’ve also got a few other probes from me, so expect to see more in that area soon.

Most Northerly Probe in the UK
Most Northerly Probe in the UK

HighNet aren’t connected to IX Scotland yet, but maybe now they’ve got access to this instrumentation it might help them make a business case to follow up on that.

I also issued a number of probes at UKNOF in Manchester last week and I’m looking forward to seeing where they turn up.

I’d really like to get some of the community broadband projects in the UK instrumented, such as B4RN and Gigaclear. These bring some of their own challenges, such as issues with equipment at the customer premises that can actually handle the available bandwidth on the connection! It would also be great to be able to draw comparisons in performance between the community fibre service and the slower ADSL service provided over long copper tails in those areas.

Reflections on UKNOF 27

UKNOF 27 - Manchester Central
Our name in lights!

What a week it’s been!

My week started in Manchester, where it was the warm up for what turned out to be the largest UKNOF meeting so far – UKNOF 27. In this case the “warm up” was the IX Manchester meeting, facilitated by LINX (who operate IX Manchester).

This is, I think, the first time that UKNOF and one of the regional interest groups in the UK have teamed up and worked to co-locate their distinct, separate meetings on adjacent days in the same venue. It might have been a bit of an experiment, but I hope everyone agrees it was a successful one and we’re able to co-operate again this way some time in the future.

Talking of the venue… what a venue!

UKNOF attendance has been growing of late, and so to protect ourselves against ending up somewhere that couldn’t cope, we eventually chose Manchester Central Convention Complex.

I remember going to help scout the venues for this meeting earlier this year. We looked at various places, small and large. Remember that last time we were in the North West (back in 2010 thanks to the kindness of Zen Internet) only 65 people attended. Even the most recent non-London UKNOF in January 2013 couldn’t break the 100-barrier (and that was with Tref hosting!).

But, during 2013 we’d also had two bumper meetings at 15Hatfields in London and could see that we are definitely growing as a community, so we had to think big, and so we went with the venue that we felt could cope best with the unpredictability.

Initially, we were somewhat awestruck, maybe even a little bit nervous, when choosing a venue like this. It hosts massive conferences, trade shows and events. It’s a serious venue.

But we needn’t have worried, it turns out we’d made the right decision, and the space happily scaled up from a 60-odd person IX Manchester meeting to the 200+ person UKNOF the following day.

UKNOF 27 turned out to be our biggest meeting so far.

…and not in London!

We had over 250 people register. Around 25 cancelled their attendance in the week leading up to the meeting, and around a further 20 no-showed on the day. We’d ordered catering for 210, a good guess I think!

I’ve honestly not heard a bad comment about UKNOF 27. We had some fantastic, interesting and original content delivered by our speakers from within the community. I can’t thank them enough. Without them, without you, there is no UKNOF.

The audio and visual support seemed to work well, but we also learned a thing or two which will be brought to bear at future meetings. The Internet access was nice and stable: we brought our own wifi infrastructure for the meeting, and used Manchester Central’s great external connectivity to Metronet as a “backhaul”. 8 wireless access points were used to provide adequate coverage across the rooms, where most meetings previously got by on two. As usual, fantastic support from Tom at Portfast for the connectivity, and Brandon from Bogons.net for our webcast, along with Will and Kay who do connectivity for large events such as CCC who helped set up the additional access points.

Why was UKNOF 27 so successful?

Er, good question.

It was certainly a very easy venue to get to, regardless of how you wanted to get there. Plenty of parking space, easy access to public transport and an international airport just a short train ride away. Possibly even easier than a London venue?

Did the simple act of holding UKNOF in a serious venue such as Manchester Central raise the profile of the event with those who were sat on the fence?

There’s no doubt that the content itself was attractive, especially if (the lack of) bandwidth use was anything to go by.

The food offering from Manchester Central’s own in-house kitchens I thought to be superb, hope others agreed! All prepared from scratch in-house, even the biscuits for the coffee breaks, a definite cut-above a shipped-in offering. I felt you could taste the difference.

Maybe the co-location with the IX Manchester meeting meant that some folk stuck around for the extra day (and vice-versa)?

There seems to be renewed activity in the Internet engineering arena in the North of England at the moment – partly touched on by Mike Kelly’s participation in a panel at the meeting, discussing the relevance of regional infrastructure and it’s role in balancing the distorted London-centric infrastructure that has long characterised the UK’s Internet development…

…maybe there really are more Internet geeks in the North than the South these days?

Or if we’re going to have that level of influence, it’s just that our thrice-yearly get-together of Internet geeks is coming of age.

That said, I promise that we’ll stay true to our mission of “distribution of clue” and keep our focus on grass-roots Internet engineering and development.

Thanks to everyone who attended, sponsored, spoke, asked questions, or helped us in any way to make UKNOF 27 the success it was.

For those of you who enjoyed us being in Manchester, the good news is that we’re looking at a potential return there in 2015.

For peering in New York, read New Amsterdam

Dutch East India Company Logo
It’s colonialism all over again. Just not as we know it…

Last week, there was this announcement about the establishment of a new Internet Exchange point in New York by the US arm of the Amsterdam Internet Exchange – “AMS-IX New York” – or should that be “New Amsterdam”… 🙂

This follows on from the vote between AMS-IX members about whether or not the organisation should establish an operation in the US was carried by a fairly narrow majority. I wrote about this a few weeks ago.

This completes the moves by the “big three” European IX operators into the US market, arriving on US shores under the umbrella of the Open-IX initiative to increase market choice and competitiveness of interconnection in the US markets.

LINX have established LINX-NoVA in the Washington DC metro area, and AMS-IX are proceeding with their NY-NJ platform, while DECIX have issued a press statement on their plan to enter the NY market in due course.

One of the key things this does is bring these three IXPs into real direct competition in the same market territory for the first time.

There has always been some level of competition among the larger EU exchanges when attracting new international participants to their exchange, for instance DECIX carved itself a niche for attracting Eastern European and Russian players on account that many carrier services to these regions would hub through Frankfurt anyway.

But each exchange always had it’s indigenous home market to provide a constant base load of members, there wasn’t massive amounts of competition for the local/national peers, even though all three countries have a layer of smaller exchanges active in the home market.

Now, to some extent, they are going head-to-head, not just with US incumbents such as Equinix, TelX and Any2, but potentially with each other as well.

The other thing the AMS-IX move could end up doing is potentially fracture even further the NY peering market, which is already fractured – being served by three, maybe four, sizeable exchanges. Can it sustain a fifth or sixth?

Is it going to be economical for ISPs and Content Providers to connect to a further co-terminous IXP (or two)? Can the NY market support that? Does it make traffic engineering more complex for networks which interconnect in NY? So complex that it’s not worth it? Or does it present an opportunity to be able to more finely slice-and-dice traffic and share the load?

Don’t forget we’re also in a market which has been traditionally biased toward minimising the amount of public switch-based peering in favour of private bi-lateral cross-connects. Sure, the viewpoint is changing, but are we looking for a further swing in a long-term behaviour?

We found out from experience in the 2000s that London can only really sustain two IXPs – LINX and LONAP. There were at least 4 well-known IXPs in London in the 2000s, along with several smaller ones. (Aside… if you Google for LIPEX today, you get a link to a cholesterol-reducing statin drug.)

Going to locations on the East Coast may have made sense when we sailed there in ships and it took us several weeks to do it, but that’s no reason for history to repeat itself in this day and age, is it? So why choose New York now?

Will the EU players become dominant in these markets? Will they manage to help fractured markets such as NY to coalesce? If they do, they will have achieved something that people have been trying to do for years. Or, will it turn out to be an interesting experiment and learning experience?

It will be interesting to see how this plays out over time.

Blast from the BBNPlanet past…

While doing a bit of technical research (read: running traceroute) for the post on IX Scotland, I came across this blast from the past…

bbn-scotlandSo, not only do we have a bit of a blast from the past in the reverse DNS, but does this really make it look like Scotland is behind a L(3) (ex-BBN/Genuity) Fast Ethernet port?

Actually, it’s more of a testament to how infrequently ISPs check and update their reverse DNS zones, and sometimes how infrequently networks change their transit providers.

The “scotland” referred to here is actually going to be Brightsolid (the former Scotland On-line – changing it’s name more often than changing it’s upstream!), and if you look carefully at the latencies between the highlighted hop 5 and the previous hop 4, you’ll see that hop 5 isn’t actually in Scotland, but will be very close to hop 4 – so actually in Manchester itself. Hop 6 is actually the first hop in Scotland, 14 ms away.

Reverse DNS zones – that’s IP address to hostname lookup, rather than the other way around, which is more common – are notorious for being neglected, containing stale data or sometimes scarcely being populated at all.

Yet, they provide important diagnostic information. For instance, it’s not just the domain and customer info which is out of date, but I suspect the interface information is as well. It’s unlikely to be a Fast Ethernet port in this day and age.

Sadly, the situation seems to be even worse with IPv6. With those awkward long addresses, some just seem to be “not bothering” with reverse entries at all.

If you run a network, reverse entries are really useful tools to both your own netops folk and to your customers and peers, and deserve to be maintained.

Anyway, just a bit of trivia that caught my eye…