ixp manager sponsors’ report for year end 2017 · 2018-05-21 · ixp manager sponsors’ report...
TRANSCRIPT
IXPManager
Sponsors’Report
ForYearEnd2017
Thisisthepublicversion.Theonlydifferencestothesponsors’versionisthatwehaveremovedbankstatementsandsummarisedtheincome/expendituretables.
BarryO’Donovan,NickHilliard
Revision1.1,October2017
ExecutiveSummaryInearly2016,INEXrealisedthattofullydevelopIXPManagerintowhattheorganisationhopeditcouldbe,amoresustainablefundingmodelandafulltimedeveloperwererequired.Acallforsponsorship1waspublishedinseveralindustryforumsandweweredelightedwiththeresponse:threeplatinumsponsorsandtwobronzesponsors,whichmet91%oftheprojectedyearonerequirements.
Thesesponsorsare:
Name
InternetSociety
Netflix
SwissIX
NIX(UniversityofOslo)
GRNET
Total €60,240
TheCallforSponsorshipdocumentoutlinedhowwewouldstructuretheprogram,thebudgetrequired,projectoversight,projectmanagementanddevelopmentplans.
Thisdocument,the2017Sponsor’sReport,providesadetailedlistofactivitiesundertakeninthelastyear,andshowsfullcompliancewiththeproject’sdevelopmentplans.
Tosummarise,wehavemetthefollowingmilestonesinthelastyear:
• KnownnumbersofIXPsusingIXPManagerhasgrownfrom26to45knowninstallations.Wefeelthatthisisthebestpossiblepositiveindicatorfromyoursponsorshipandweareproudofthisincrease2.Someofthenewerusershaveallowedustodroppinsinourusers’mapinAsia(ChinaandThailand),CanadaandseveralmoreinAfricaandEurope.
• AfulltimedeveloperwashiredinDecember2016.Thefinancialperiodcoveredbythisdocumentincludessomeexpenditureincurredin2016inadditiontoallexpendituretodatein2017.
• Officialreleaseofversion4(taggedasversion4.5)andafurtherpointrelease,v4.6.• Weexpecttwomorereleasesbeforeyearend2017.• Anewdedicatedwebsite:https://www.ixpmanager.org/.• Anewautomateddocumentationframework:http://docs.ixpmanager.org/.• Newroutermanagementandconfigurationgenerator.
1https://www.ixpmanager.org/sponsorship.php2https://www.ixpmanager.org/users.php
• Patchpanelmanagement,LoAgeneration.• Layer2/MACaddressmanagement.• ReleaseofGrapher,anewgraphinggenerationandmanagementmechanism.• Bespokelookingglassforroutecollectorsandrouteservers.• ContinuedmigrationofcodefromtheendoflifeZendFrameworktoLaravel,a
modernpopularPHPapplicationframework.• Continuedoutreachthroughpresentationsandmailinglists.• Anewlogo.
SponsorshipExpenditureTheintellectualpropertyrightsandcopyrighttoIXPManagerareownedbyINEX(InternetNeutralExchangeAssociationCompanyLimitedbyGuarantee),anot-for-profitindustry-ownedcompanyregisteredinDublin,Ireland.INEXownsandoperatesInternetExchangesinDublinandCork.
Aswedetailedinthecallforsponsorshipdocument,projectdevelopmentforIXPManagerishandledbyIslandBridgeNetworksLimited,acompanyregisteredinDublin,Ireland.ThedirectorsandsoleownersofthiscompanyareBarryO’Donovan,theIXPManagerleaddeveloper/projectmanagerandNickHilliard.BothBarryandNickseparatelycontracttoINEXinoperationalroles.
DevelopmentofIXPManagerishandledonanon-profitbasisbyIslandBridgeNetworksLtd.AllrightstotheIXPManagercodedevelopedunderthissponsorshiparrangementaretransferredbyIslandBridgeNetworksLtdtoINEX.
ThisarrangementisstructuredinthiswaybecauseINEXisanInternetExchangeAssociationandhasnoin-housesoftwaredevelopmentexpertise.Duetoitsconstitutionalneutralityandnot-for-profitcorporatestructure,itisanappropriateorganisationforholdingtheintellectualpropertyandcopyrightownershipofthisopensourceproject.
Underthesponsorshiparrangementasoriginallyproposed-IslandBridgeNetworksLtd:
• RecruitedandhiredasuitablePHPdeveloper.• Providesofficespaceandasuitableworkingenvironmentforthedeveloper.• Handlesallemployeearrangementsincluding:contracts,pay,tax,insurance,other
financial,taxandlegalobligations,annualleave,etc.• Maintainsadedicatedbankaccountforallfinancialmattersrelatingtothisproject
(statementsincludedatendofthisdocument).• Invoicedallsupportingorganisationsonanpre-agreedbasis.
Theyearoneprojectedbudgetagainstactualexpenditureisasfollows:
Budgeted ProjectedY/E2017
Total €65,325 €56,448
Somenotesonthetableabove:
• WehiredYannRobin,thedeveloper,inmid-December2016.Thisincurredsomeexpenditurein2016suchasrecruitmentcosts,logocostsandacoupleofweekssalary.Thefigurespresentedaboveincludethesebutotherwiserelatetothecalendaryear2017projectedtoDecember31st2017.
• Inouroriginalbudget,wedidnotincludearecruitmentfeebutwedidstate:“arecruitmentfeemayalsobenecessaryifitprovesimpossibletofindasuitablePHPdeveloper.HoweverwewillendeavourtodothisthroughlocalPHPusergroupsandthenetworkingcommunity”.Intheend,weusedarecruitmentwebsite.Duringthehiringprocess,offersweremadetotwootherdevelopersbuttheydeclinedtheposition.
• Yanndidnottravelthisyearbutitisintendedthathewilltravelin2018.• WewereabletodefraycloudservicecostsasIslandBridgeNetworkshadaspare
DropboxlicenseandwewereabletogetbywithoutaddingYanntoourZendeskaccount.Ifcircumstanceschange,thisexpendituremaybenecessaryinfuture.
• IslandBridgeNetworksoffersallemployeeshomebroadband.Thiswasaccidentallyomittedfromtheoriginalbudget.
IncomeversusExpenditure
Throughthegenerosityofoursponsors,wehaveraisedatotalof€60,240inourfirstyearofsponsorship.Whenweexcludecapitalexpenditureandotheroneoffcosts,weexpecttheyeartwobudgettobeapproximately€61,000.
Ifourcurrentsponsorsmaintainfunding,ifwetakeintoaccountanexpectedfundingreductionfromISOC,andcarryovertheyearoneexcess,weexpectfundingtobreakevenforyeartwo.
Wewill,however,continuetotrytoattractmoresponsorshiptoreducetheburdenonourexistingsponsorsandtoensureawiderbaseofsponsorsshouldweloseany.Additionally,wewillalsotryandattractsponsorshipfrommoreInternetExchangesusingIXPManagerasitiscriticalforustohaveuserbuyin.
YearOneAchievementsWesetoutthefollowingspecificyearoneachievementsaswellasalongertermthree-yearview.
Notethatwehaveonlybenefittedfromanestimated7.5monthsofproductiveworkingtimefromYann,ourdeveloper,ashestartedmid-Decemberbuttooktwo-weeksunpaidleaveduringtheChristmasperiodandthenrequiredtimetoimmersehimselffullyintotheproject.Weestimatethatthisrepresentsapproximately70%FTEfrommid-December2016tomid-October2017.
Wehavealsopostponedsomeoftheimmediategoalstoachieveothermorepressingandtopicalissues(detailedaftertheinitiallistbelow).
• Installationandupgradeimprovements.DONE:ImprovementsmadetoourVagrantinstallationanddocumentation.Additionally,ascripthasbeencreatedandreleasedwhichfullyinstallsIXPManageronacleanUbuntuinstallation.WewillcontinuetoworkonmakingIXPManagereasiertoinstallandupgrade.
• Dedicatedwebsite.DONE:seehttps://www.ixpmanager.org/
• Newlogo.DONE:visibleontheprojectwebsiteandalldocumentation,includingthecoverpageofthisdocument.
• CompleteandreleaseIXPManagerversion4.DONE:ReleasedinMay2017asv4.5.
• Writewell-structuredanddetaileddocumentation.
DONE:see:http://docs.ixpmanager.org/(andongoing).
• Layer2ACLs–mostIXPsaremovingtowardsstaticL2ACLsratherthandynamicportsecurity.WewantIXPManagertoprovidedatabasemanagement,auser-interfaceforupdatingthem—includingmemberfacingforrouterchanges—andzerotouchprovisioningtoourswitches.DONE:Layer2ACLswerereleasedaspartofv4.5.
• Augmentresellerfunctionalitytoalsoallowfortrunkports(“p-tags”)whichalsorequiresgraphingupdates,peertopeerupdatesanddatabaseschemaconsiderations.WenotethatasmallpartofthisworkwasfundedbyaseparatebountyprojectrequestedandkindlyfundedbyDE-CIX.PARTLY-DONE:Graphingupdatescomplete.
• Patchpanel/crossconnectmanagement.DONE:Releasedastheheadlinefeatureofv4.5andYann’sfirstmajorcontributiontotheproject.Thiswasamilestoneprojectforusandisasignificantpieceofwork,bothinscopeandutilityforInternetExchanges.Detailsandscreenshotsareavailableonthedocumentationwebsite:http://docs.ixpmanager.org/features/patch-panels/
• AddRESTAPIendpointsformembers(e.g.accesstotheirportandpeertopeergraphsprogrammatically).DONE:(andongoing).
• Usethenewdevelopertoprovidefrontlinesupportonthemailinglisttogethim/herfullyimmersedintheproject,itsusersandtheiruserexperienceissues.DONE:(andongoing).
Fromthebroaderthreeyearoutlookwealsoachieved:
• BetterintegrationwithtoolssuchasSmokeping.• Built-inlookingglassforroutecollectorsandrouteservers.• Multiplesecurityauditanalysisfixes
Theaboverepresentsapproximately75%ofourY1plannedgoalsonthebasisofapproximately70%ofadeveloperFTE(full-timeequivalent).Webelievethatthisisanexcellentachievementanddemonstratesstrongcompliancewiththeprojectsponsorshipgoals.
UnannouncedDevelopmentsWehavetwoasyetunannounced/unreleaseddevelopmentsubprojectsthatarebroadlycompletedbutawaitingcodereview,documentationandminortidy-up:
1. Corebundles:MostIXPshavemorethanoneswitchandIXPManagerhaspreviouslynotincludedfunctionalityformanagingthelinksbetweentheseswitches.Yannhasdevelopedcodetosupportthisinfrastructureinthedatabase.ThefeatureallowsIXPstocreateLayer2and/orLayer3internalinfrastructuresandthefunctionalityallowsIXPstoimplementadvancednetworkautomation,internalgraphingsupport,monitoringandalertingsupport,inadditiontoautomatedgenerationofIXPnetworkdiagramsandweathermaps.
2. IXPAutomation:IXPManagercanusethisinformationgeneratethenecessarydatarepresentationsforanIXPtocreateacompleteconfigurationoftheswitchinglayer.CandidateautomationimplementationswillbeprovidedundertheopensourceGPLv2licensebyINEXtointegrateIXPManagerwithNAPALMandtheSaltStackautomationsystem,initiallytargetingAristaandCumulusplatforms.
ThisfunctionalitywillbereleasedinproductionversionsofIXPManagerbytheendof2017.
PublicityIXPManagerhasbeenorisscheduledtobeheadlinedatthefollowingconferencepresentationsbetweenOctober2016andOctober2017:
• IXPManagerWorkshop,Euro-IX28,Luxembourg,April2016• “IXPFlowTelemetryviaIXPManager”,RIPE73,Madrid,October2016• “IXPFlowTelemetryviaIXPManager”,Euro-IX29,Krakow,November2016• ISOCIXPWorkshop,Skopje,Macedonia,November2016• OperationsUpdate,INEXMembers,Dublin,March2017• “IntroductiontoIXPs”,IXPformationmeeting,Beirut,March2017• “CrossConnect/PatchPanelManagement”,Euro-IX30,Spain,April2017• “IXPManagerUpdate”,GPF12.0,NewYork,USA,April2017• “AutomationwithIXPManager”,NLNOG2017,Amsterdam,September2017• “AutomationwithIXPManager”,INEXMembers,Dublin,September2017• “AutomationwithIXPManager”,Euro-IX31,Bratislava,October2017• “AutomationwithIXPManager”,RIPE75,Dubai,October2017
DevelopmentGoals–YearTwoAswellascontinuingworkonautomationandcompletingallremainingactionpointsfromyearone,thefollowingsetsoutwhatweaimtoachieveinyeartwo:
CompletionofMigrationtoLaravelFramework
Underthehood,IXPManagerv4stilldependsonanPHPframeworkcalledZendFrameworkV1,whichwasdeclaredend-of-lifein2016.AnarchitecturaldecisionwasmadetomigratetheapplicationtotheLaravelframeworkinordertoensureIXPManager’slongtermdevelopmentviability.
AllcodewrittenundertheIXPManagersponsorshipprogramhasbeenLaravelcompatible,andworkcontinuestomigratetherestoftheapplication.HoweverasubstantialquantityofolderZendFrameworkcodestillremains.
Weplantocontinuethismigrationand,oncecompleted,releasethisasIXPManagerversion5.
EndUserFacingPortal
WhileIXPManagerhasgainedanlargeamountofIXPoperatorfunctionality,theend-user/end-networkareashaveremainedrelativelyunchangedinseveralyears.
WeintendtocompletelyredesignandrefreshthisareawithamorestructuredUIandUXplanwhichistoinclude:
• Restructuringoftheuserauthenticationmechanismtomaketheuserexperiencesimpler.
• Betterlayoutofusefultoolsincludingtherouteserverprefixanalysistoolandthelookingglass.
• Astatusreportshowinganyissueswhichistoinclude:o errorcountersonpeeringports;o routecollector/server/AS112serviceBGPsessionsdown;ando advertisedprefixcountvsmaxprefixsettingthresholds.
• Amoreintuitiveviewofgraphs.• Abilitytoupdateallaspectsofcustomerinformationincludingbillingdetails,
peering,NOCdetails,portMACaddresses,etc.• IntegrationofIXPmembernews,Twitterfeeds,BlogorLinkedInnewsfeeds,etc.
AuthenticationRedesign
AuthenticationiscurrentlyhandledbyZendFramework.Weneedto:
• MovethistoLaravel.• Removetheusernameandinsteadkeyuniquelyfromemailaddress.• Allowenduserstobeassociatedtomorethanonenetwork(manyengineersare
contractors,andworkformorethanonenetwork).• AllowOAuthauthenticationagainstservicessuchasGoogle,Facebook,Twitter,
LinkedInandGitHub.• BuildaOAuthservicetoworkwithPeeringDB.• Addtwofactorauthentication.
RouteServerPrefixAnalysisTool
Therouteserverprefixanalysistoolisaninvaluableservicewhichhelpsmemberstoidentifyprefixeswhichareblockedbythestrictprefixfilteringmechanismoftherouteservers.
Currentlythistakesaviewfromasinglerouteserverviaascriptthatrunsacoupleoftimesaday.WewanttointroducelargeBGPcommunitytaggingontherouteserversto:
• provideaviewofallrouteserversonallLANs;• highlightwhyprefixesarefiltered(RFC1918,norouteobject,IPv4prefix</24,IPv6
prefix</48,etc);• integratethisfunctionalityintotheBirdsEyelookingglassratherthanastandalone
tool.
AdvancedP2PFunctionality
IXPManager’speertopeergraphingfeatureisoneofitsmostpopularend-userfeatures.Wewouldliketoadvancethisfunctionalitytouseatime-seriesdatabasebackendandpresentmoreuseful,real-timeinformationtoourmembers.
Thisincludestasksandfeaturessuchas:
• SelectionofanappropriatetimeseriesdatabasefromcandidateswhichincludeCarbon(ofGraphite),InfluxDBandOpenTSDB.Theinitialgoalwillbetosupportthe
scalerequirementsofamedium-sizedIXP,andthemechanismwillbeprogrammedtobeabletoeasilysupportotherbackends.TheexistingRRDbasedbackendwillbemaintained.
• Additionoffunctionalitytoprovidemorestructureddataratherthanjustunorderedpeertopeergraphs:toptenpeers,combinedgraphs,unusualtraffic,etc.
• Attempttoautomatetheselectionofsampleratesforportswithlowtrafficratestomoreaccuratelyrepresenttheirtraffic.
• useofpeertopeerinformationtocalculateandgraphoverallpeeringtrafficratherthanjustrelyonportstatistics.
Thisactionitemiscarriedoverfromthepreviousyearonegoals.
InstallationandUpgradeEase
Weplantocontinueworkonsimplifyingtheinstallationandupgradeprocedurethroughtheuseofaweb-basedinstallationwizardtoaskrelevantquestionsandhandlemostofthetasksautomatically.
SomeprogresstowardsthishasalreadybeenmadethroughtheuseofVagrantforsettingupfullyfunctionaldevelopmentboxeswithjustthreecommands,andafullyautomatedinstallationscripttoinstallIXPManageronabarebonesUbuntudistribution.
DevelopmentOutlookOutsideoftheimmediateyeartwogoalsmentionedabove,wehaveplansthatwewouldliketoachieveoveralongertimeline,whichinclude:
• ContinuedintegrationofIX-FMemberSchematargetingexporttoIX-FIXPdatabaseandPeeringDB.
• CompletionofHelpdeskintegration.• Intelligentstream-linedprovisioningofnewportsandupgrades.Thisislessabout
automationandmoreabouttheend-userrequestandfulfilmentexperience.• Continuetoworkoncollateralsuchasrecordedtutorialvideos,in-person
workshops,continuationandimprovementofIXPManagerdocumentation.• Developon-demandprovisioningviaqueuingmechanisms.Thismeans,forexample,
ratherthanhavingtowaitforabatchjobtorunatdesignatedtimestohavenewrouteserversessionsprovisioned,theycanbeprovisionedondemand.
• FurtherdevelopmentMyPeeringManagertoincluderouteserversessionmanagement,forexampleallowingmemberstooptin/outofpeeringwithcertainothermembersontherouteserverswithouthavingtorelyoncommunitytagging.
• EmbarkonprojectssuchasmoreintelligentmonitoringofcustomerpeeringsessionsviaservicessuchasRIPEAtlas.
• Customeraudit–automatedreviewofacustomer’sservicesandhighlightissuessuchasporterrors;inactiveBGPsessionswithroutecollector/routeserver/AS112,etc.;portsspikingathighutilisationrates;missingsessionswithpeerswithopenpolicies,etc.
• Internationalisationandlocalisationofthecustomerfacingareas.WhileEnglishmaybethepredominantlanguageinthenetworkingindustry,endusersofIXPManagershouldbeabletointeractintheirownlanguage.
AccountingLedgerandBankStatementsWhatfollowsistheaccountingledgerforyeartodatewithprojectedvaluestoyearend2017.
Thefollowingnotesaccompanytheledger:
• Alldocuments,invoicesandbankstatementsrelatingtothisareavailabletothesponsorsonrequest.IslandBridgeNetworksLimitedmaintainsadedicatedbankaccountforthisprojectandcansharealldocumentsviaDropbox.
• Allofficeexpenditurefigureswhichmention“20%”relatetothefactthatYannis1of5peoplebasedinIslandBridgeNetworks’offices.ThispercentagewilldecreaseifIslandBridgeNetworkshiresadditionalstaff.
• InIreland,allemployersareobligedtoremitEmloyers’Pay-RelatedSocialInsurancetotheIrishtaxauthorities.Employer’sPRSIisleviedatvaryingrates(8.5%and10.75%forPRSIClassAemployees),isleviedontopoftheemployee’sgrosssalary,andisseparatetoEmployee’sPRSI.FurtherinformationaboutEmployer’sPRSIcanbefoundonthewebsiteoftheDepartmentofEmploymentAffairsandSocialProtection.
Omittedfrompublicversion,availabletosponsors.