CSNOG

2025

January 21.-22., 2025

Education Centre UTB

Building U18

Štefánikova 5670, Zlín

Programme

Time

Network Management

Legislation and Regulation

09:30

Registration

10:00

WiFi at the Physical Layer - How do 802.11 Protocols Work?

Tomáš Kirnak | NetCore (Unimus)

This lecture covers the basics of WiFi at the physical layer. It will delve into physics, modulation schemes, the development of 802.11 family protocols, and their historical evolution. This session provides an essential overview of WiFi operation at Layer 1, preparing attendees for deeper exploration.

PDF | Video

11:30

Analyzing network reliability up to 800G

Thomas Weible, Gerhard Stein | Flexoptix

This presentation investigates the proximity to a low Signal-to-Noise Ratio (SNR) threshold that can still maintain a tolerable Bit Error Rate (BER) in 100G / 400G / 800G network links. Additionally, we account for factors such as temperature and cable length to predict the duration for which a reliable network connection can be sustained between transceivers. The analysis, based on data retrieved using a Flexbox, focuses on comparing the reliability of coherent (16QAM) and non-coherent (PAM4) transceivers, with a detailed discussion on the implications of these technologies on network performance.

PDF | Video

12:00

Lunch

13:20

Welcome

13:30

Protecting BGP with TCP-AO

Kateřina Kubecová | CZ.NIC

Securing BGP with TCP-AO option. How TCP-AO works, how it differs from MD5 and how to set it up.

PDF | Video

Measurement Tools and Procedures for Monitoring the 5 GHz Band

Miroslav Krýza | Český telekomunikační úřad

The 5 GHz band is widely used for wireless communication, such as WiFi networks, access points, SRD, and other technologies. Therefore, the Czech Telecommunications Office intensively focuses on not only monitoring but also locating interference sources in this band using modern technologies and proprietary software tools.

PDF | Video

13:50

Pushing the Limits III - Utilizing eBPF/XDP to Optimize the Performance of the Linux Kernel Networking Subsystem

Jan Kučera, Jan Viktorin | CESNET

This lecture follows up on previous parts of the series with the same name. We will focus on the use of XDP to enhance the resilience of web servers against DDoS attacks and will explain how the real limits of the networking subsystem change when applying an XDP program to accelerate the native SYN cookies mechanism available in the kernel.

PDF | Video

Detecting Child Sexual Abuse

David Kovář | ÚSKPV

The lecture will present selected aspects of online child sexual abuse from the perspective of the Criminal Police and Investigation Service of the Czech Republic. It will focus on detection methods and collaboration with other state authorities and private sector entities.

PDF | Video

14:10

Deploying XDP in Knot DNS

Lukáš Vacek | CZ.NIC

We have been discussing XDP technology in Knot DNS for a while, and how we use it in our anycast. Today, we’ll cover how you can deploy XDP in your setup: what to watch out for, prerequisites, configuration, and optimal traffic monitoring when packet inspection through the kernel is not an option.

PDF | Video

Securing Email Communication

Jakub Onderka | NÚKIB

In 2021, NÚKIB issued protective measures requiring email system administrators to implement security technologies such as SPF, DKIM, DMARC, and DANE. With the new Cybersecurity Act, the scope of entities subject to these regulations will expand. What does this regulation mean for internet service providers?

PDF | Video

14:30

Updates on DNS Anycast for the National .CZ Domain

Tomáš Hála | CZ.NIC

In 2024, the anycast infrastructure for the .CZ domain was significantly strengthened with the deployment of a 400GE link to NIX.CZ and new locations in the Czech Republic and abroad. How did the process unfold? What challenges are we facing? What is its capacity, and where is it heading in the future? Why did we start using catalog zones? And who else has begun utilizing the anycast network?

PDF | Video

NÚKIB Portal

Tomáš Pekař | NÚKIB

In connection with the new cybersecurity law, NÚKIB is developing its own portal, which will serve as the main contact point for cybersecurity. Reporting of regulated services, incident notifications, or information on current threats—these are just some of the features of the new portal.

PDF | Video

14:50

Measuring the Performance of DNS Zone Transfers

Petr Špaček | Internet Systems Consortium

How can we measure the performance of DNS zone transfers? What are the differences between cases involving a single small zone, a large zone (TLD), or numerous small zones? What is the impact of data transfer security on performance? How does DNS-over-TLS scale?

PDF | Video

New Cybersecurity Law

Petr Kopřiva | NÚKIB

The presentation summarizes the current state of the proposed cybersecurity law, which builds on the NIS2 directive and affects thousands of Czech companies and organizations. We will also highlight the most essential parts of the proposed legislation.

PDF | Video

15:10

Coffeebreak

15:40

A Quarter Million Prefixes

Maria Matějka | CZ.NIC | BIRD

The size of the IPv6 table is slowly approaching a quarter-million entries, and IPv4 is nearing the magical one-million mark. Can we improve hardware performance by aggregating prefixes with the same nexthops?

PDF | Video

CTU Activities in 2025

Marek Ebert | Český telekomunikační úřad

How does the Chairman of the CTU Council evaluate the previous year (2024), and what activities does the national regulator plan for 2025? The presentation will focus on key tasks that the CTU has planned, both in the electronic communications market and within its new competencies as the digital coordinator under the DSA regulation.

PDF | Video

16:00

Documenting the CESNET3 Network with NetBox

Ladislav Loub | CESNET

High-quality documentation is crucial for the efficient operation of large-scale networks today. This presentation will showcase the approach we chose for the new CESNET3 network. We will demonstrate how we use NetBox, how we enhanced it with custom extensions, and how it is becoming a "source of truth" for the gradual implementation of automation.

PDF | Video

Panel Discussion: Vision for 2030

Jan Kolouch | CESNET

This panel discussion will take an unconventional look at the outlook for the Czech Republic in the digital domain by 2030, reflecting various perspectives from the participating panelists, including representatives from public administration (ČTÚ, NÚKIB) and the private sector.

Video

16:20

How to Implement Central Log Management

Lukáš Macura | CESNET

The lecture will describe how to set up central log management in a network. It will not focus on a specific solution but rather on the journey and the challenges that may arise along the way. Additionally, it will include practical advice on potential problems and what to avoid.

PDF | Video

16:40

Root cause analysis - benefits of having Flow data right beside SNMP, OTel, and other logs

Matěj Pavelka | Flowcutter

Presentation discusses why it is beneficial to have multiple datasources in one’s disposal when one is dealing with Root cause analysis. The main use case focuses on analysing Flow data right beside SNMP, OTel, and other logs in open-source Grafana stack. Presentation is product agnostic.

PDF | Video

17:00

Code of Conduct: Yesterday, Today, and Tomorrow

Maria Matějka

The CSNOG website contains a paragraph about how participants should treat each other. This paragraph has been in place since CSNOG's inception, and now it is time to look back and assess whether we are satisfied with this setting.

PDF | Video

17:10

Is network engineering at a standstill?

Tomáš Hlaváček

PDF | Video

17:15

Implementation of RFC 8950

Marian Rychtecký | NIX.CZ

Video

17:20

End of Day 1

18:00

Baťa Principle

19:00

Social Event

Time

Network Management

Network Management

09:30

Registration

10:00

Updates and Plans for Network Monitoring with ipfixprobe

Karel Hynek | CESNET

The ipfixprobe tool, developed by CESNET, enables monitoring of network traffic on various devices—from home routers to high-performance servers monitoring 100GE links. The lecture will present the latest features, including DPDK support for commodity network cards and monitoring support for 400GE links.

PDF | Video

Innovations in Practical Teaching – Virtual Labs at NetLAB FEL CTU

Marcel Poláček, Jaroslav Burčík | Fakulta elektrotechnická ČVUT

NetLAB represents a revolutionary approach to practical teaching and research in information technologies. Thanks to remote access, it provides students and researchers with easy access and space for learning, simulations, design, and testing of modern scenarios in networking, cybersecurity, and operating systems.

PDF | Video

10:20

How we built sFlow visualization tool (open source)

Blažej Krajňák | Energotel

When it comes to parsing, storing and visualizing network telemetry data for hundred gigs networks, many open source tools stop to be sufficient. This presentation describes how we built lightweight but powerful internal tool using GoFlow2 - Clickhouse - Grafana stack.

PDF | Video

10:40

Rise of the Merchant Silicon

Patrick Prangl | Arista Networks

Merchant silicon got more popular over the last years as the capabilities and use-cases have increased significantly. This talk will show the evolution and differences of merchant silicon.

PDF | Video

11:00

Stepping out of the IDS Stereotype: Applying Suricata’s Full Potential

Lukáš Šišmiš | CESNET

Suricata is known for its role as an IDS/IPS, but its capabilities go much further. This session will explore how Suricata can be used for network troubleshooting, as a cybersecurity library, and even as a web application firewall in AWS, unlocking its full potential for various network operations.

PDF | Video

11:20

Coffeebreak

11:40

SDN at L0 with Open Hardware

Michal Hažlinský | CESNET

Learn how SDN-based optical transmission system allows network operators to use the familiar, DevOps-focused control plane to operate a DWDM network and deliver an expanded service portfolio over the existing fiber footprint.

PDF | Video

12:00

Evolution to SRv6 – Theory and Application

Vladimír Bureš | ALEF NULA

The development of transport technology from MPLS LDP, RSVP TE, through Segment Routing MPLS and SR-TE to SRv6. Basic principles of operation, comparisons, advantages, limitations, and a configuration example.

PDF | Video

12:20

Automation of Data Center Configuration at ČRA - Ansible, Git, CI/CD, ARISTA

Vojtěch Setina, Radim Roška | ALTEPRO solutions

This lecture introduces the automation of ČRA data center configurations using Ansible AVD, Git/GitLab, and CI/CD pipelines. We will demonstrate how scripts manage networks, migrate services, and edit configurations based on the Source of Truth model, deployed via the ARISTA CloudVision Portal.

PDF | Video

12:40

Timeseries Troubles: How (Not) to Calculate Statistics

Marian Rychtecký | NIX.CZ

"Timeseries Troubles: How (Not) to Calculate Statistics" reveals the most common mistakes when working with timeseries databases. You will learn how to avoid errors in calculating operational statistics and receive tips for proper analysis of time series.

PDF | Video

13:00

Automated DNSSEC Management – Enhance the Security of the Czech Internet!

Zdeněk Brůna | CZ.NIC

The CZ.NIC Association has supported DNSSEC in the .CZ domain registry since 2008 and enabled its deployment via CDNSKEY records since 2017. Support for simplified management of higher DNS security is also available in KNOT DNS.

PDF | Video

13:20

Closing

13:30

Lunch

Partners

Hosts

Gold partners

Silver Partners

Coffee Partner