Conference Schedule

Attending the EuroBSDcon 2013 Conference Tracks requires prior registration.

Keynote Abstracts and Speaker Bio’s

Y2038: Going long long on time_t to cope with 2,147,483,647+1 by Theo de Raadt

Abstract: The rollover of time_t on 19 January 2038 will be much more serious than the Y2K problem. Y2K was largely isolated to databases with dates stored visibly (often in ASCII), but Y2038 will involve deeply internal time representations which need to be audited very carefully. All solutions and workarounds presented on the web thus far fail to comprehend the scale of the audit effort this will require.

A few projects have started transition towards ‘long time_t’ — hoping to be somewhat ready on 64-bit machines. Even on 64-bit machines, the solutions are sadly incomplete. Furthermore if 32-bit Unix machines remain in embedded roles as we approach Y2038, we may be in real trouble. The lessons of the past teach us that this is likely.

This keynote discusses the implications of switching to “long long time_t” as a solution, so that we have an easier time biting the bullet well before 2038.

About the Speaker: Theo is the founder and long time contributor to the OpenBSD project.

Failures of Shallow, Inconsisten & Incomplete Security by Landon Curt Noll

Abstract: With a number of best security practices, great security concepts and sincere security implementations, why do security systems fail? Many fail because the security is shallow, inconsistent and/or incomplete.

Shallow security may be ridiculed as being useless. Inconsistent security may be blamed on logic faults, or on the poor implementation of a sound idea. But of the three, it is the incomplete security flaws that are often the hardest to identify and most difficult to fix. Worse still, attacks on systems with incomplete security often produce the most devastating results.

We will look at security failures, from the historic to the modern, for examples of the shallow, inconsistent and incomplete security: with takeaway lessons that will help you avoid repeating those mistakes. Applying these lessons to your own engineering work will help you craft systems with an increased degree of reliability, availability and integrity. Moreover, as a consumer of services, these lessons will help you become a more discriminating consumer and observer, security wise.

About the Speaker: Landon Curt Noll has over 39 years of Internet, Unix, and System security experience. Among his several areas of specialization are security risk evaluation, Unix system and infrastructure hardening, Linux firewalls, security incident response, and cryptographic security. Landon’s underlying philosophy of security is that it is an enabler.

By day his Cisco responsibilities encompass high-performance computing, security analysis, and standards. By night he serves as an Astronomer focusing on our inner solar system, as well as the origins of solar systems throughout our Universe.

Landon Curt Noll is the ‘N’ in the widely used FNV hash. He is also the founder of the International Obfuscated C Code Contest. He was a member of working group that developed the IEEE POSIX standard. He serves as the Chair of the Co-operative Computing Award advisory panel to the Electronic Frontier Foundation, advising them on awards for the discovery of astronomically large prime numbers.

As a mathematician, he developed or co-developed several high-speed computational methods and as held or co-held eight world records related to the discovery of large prime numbers. He is credited in Wikipedia as the co-inventor (with John Horton Conway) of a system for naming numbers of any size. Landon has made astronomical observations during total solar eclipses from every continent and from every ocean on Earth. He served as the expedition scientist for a team that searched for meteorites in the Antarctic ice and near the South Pole for a number of years. Landon graduated from Linfield College with a BA in Math/Physics. He is a member of the American Mathematical Society and is an associate of the American Astronomical Society.

Presentations Track #1 Abstracts and Speaker Bio’s

Modernizing and Improving the Buffer Cache and VFS Midlayer in OpenBSD by Bob Beck

Abstract: This talk goes through the details of the OpenBSD midlayer and how the OpenBSD kernel is being changed to support a larger, dynamic buffer cache, along with changes to related subsystems (vnodes, name cache, etc.). We discuss some of the interesting bugs and challenges found along with way in the process of modernization.

About the Speaker: Bob Beck is a long time OpenBSD developer, Director of the OpenBSD Foundation, who works as a private consultant for a living. He has been involved in many OpenBSD related projects.

SCSI Multipathing in OpenBSD by David Gwynne

Abstract: SCSI multipathing is the ability to utilise multiple paths between a host and a logical device to increase performance and redundancy. This has traditionally been the only available with high end infrastructure, i.e. very proprietary SAN arrays with Fibre Channel switches plugged into multiple controllers in each host. However, with multipathing now part of the SCSI standards and technologies like iSCSI and SAS becoming less expensive and more commonplace, having support for multipathing becomes more useful and relevant.

This talk describes the design and implementation of OpenBSD’s multipathing stack and related software and drivers.

About the Speaker: David is a recovering kernel hacker who is struggling with a life of abstinence and occasionally falls off the wagon in between work and kids. He works as an Infrastructure Architect within the Faculty of Information Technology and Electrical Engineering at the University of Queensland in Brisbane, Australia. His major responsibility is the design and operation of the faculty’s entire IT infrastructure.

David’s work within the OpenBSD project has varied from the development of drivers, to the major restructuring of the SCSI midlayer, to rewriting and optimising portions of the network stack, to replacing inetd daemons with webscale alternatives. He likes cats.

SATA, SAS, SSD, CAM: The Block Storage Subsystem in FreeBSD by Alexander Motin

Abstract: The talk includes a review of the FreeBSD block storage subsystem from the block devices in devfs at top to the SCSI/ATA controller drivers at bottom. It includes the review of such parts of stack as disk KPI, CAM (classical SCSI and recent ATA), legacy ATA stack and reasons of its removal, benefits of the new CAM-based ATA stack, GEOM (gpart, graid, gmultipath, etc). It will also include some benchmarking results, showing different benefits, bottlenecks, and results of the work done recently.

About the Speaker: Alexander Motin is a 34 years old FreeBSD developer from Ukraine, working for iXsystems, Inc. He has 15 years of FreeBSD experience, last 6 years as active src committer.

FLASH: High Speed and High IOP Data Storage Options by Warner Losh

Abstract: Trends in Storage use flash to make things faster. This talk focuses on current trends in data storage towards using flash memory to speed up storage. The evolution of storage towards flash, and the different types of flash cards and drives today will be discussed. An overview of the current technology spectrum will be presented, with advise on how to match your needs to a particular portion of the spectrum. Simply replacing spinning disks with SSDs will be presented, along with ways to optimize your technology to make full use of high end flash and similar devices on the market today. Use of flash drives to cache hot data from larger data sets, as well as hybrid drives will be discussed. A section on flash reliability will also be presented. An overview of published benchmarks may be offered.

About the Speaker: Warner Losh has been interested in computers since a very early age. He got his degree from a small school in the middle of New Mexico where he used 4.2BSD on the VAX 11/750. He’s done a little GUI work, and a lot of kernel work in BSD, Solaris and even Linux. He became interested in the MIPS architecture when he was given a Deskstation rPC44 in 1994 and has wanted a FreeBSD MIPS port ever since then. In the mean time, he’s amused himself and his employers by writing or improving FreeBSD’s PC Card, CardBus, USB, SD/MMC, PCI and device configuration subsystems. He has embedded FreeBSD into products for the past 9 years. He served on the FreeBSD core team mostly sorting out the complexity of open source software licensing. He has worked in the high precision time and frequency domain and delivered systems that are used to montior the cesium clocks at NIST and USNO; used to recover UTC from GPS satellites; and used to synchronize digital video broadcasting stations. Since the past few years he works for FusionIO, a maker of high end PCIe flash cards.

Open ZFS: Upcoming Features and Performance Enhancements with Illumos and FreeBSD joining Forces by Matthew Ahrens and Martin Matuška

Abstract: The Open ZFS project will provide a common development hub for all platforms working with open source ZFS code. Currently, it is easy to pull changes from Illumos into FreeBSD, but it is more difficult to submit changes from FreeBSD to Illumos. This talk will discuss how Open ZFS will enable ZFS code and ideas to flow easily between the Illumos, FreeBSD and ZFS on Linux communities. In addition, we will present several important features and performance enhancements that were developed in Illumos and ported to FreeBSD, and also discuss forthcoming enhancements that are in the planning phase.

About the Speakers: Matt Ahrens co-founded the ZFS project at Sun Microsystems in 2001, designed and implemented major components of ZFS, including snapshots and remote replication, and helped lead Sun’s ZFS team for 9 years. Matt is now a software engineer at Delphix, where he works on ZFS for Delphix’s database virtualization appliance. He continues to improve ZFS, most recently working on I/O performance, as well as coordinating open-source ZFS development across companies and platforms. He writes about ZFS at blog.delphix.com/matt/

Martin Matuška is a member of the FreeBSD ZFS team and focuses on porting ZFS changes from illumos to FreeBSD. He works as a systems architect and systems administrator. Martin maintains several FreeBSD ports and has founded the mfsBSD and VX ConnectBot open source projects. He writes at blog.vx.sk.

Deploying Secure NFS v3/v4 in a Large Enterprise by Moritz Willers

Abstract: This talk shares our experience of deploying Secure NFS v3, Secure NFS v4, as well as just NFS v4 throughout a large enterprise with hundreds of NAS appliances and thousands of hosts. Whilst the NAS appliances are NetApp filers and the clients are mainly RedHat Linux systems, the problems encountered with the NFS v4 protocol and managing the Kerberos credentials for thousands of non-interactive service accounts running business applications are not Operating System specific. In particular, the latter point is something which we need to solve and are solving across all UNIX flavours.

About the Speaker: Moritz Willers earned a degree in theoretical physics at the University of Berne. He has worked for nearly two decades as engineer in the financial industry covering Operating Systems, NAS Storage and Identity Management.

Automated Deployment of FreeBSD/PCBSD Systems by Kris Moore

Abstract: In PC-BSD 9.x every installation is fully-scripted, due to the pc-sysinstall backend. This backend can also be used to quickly automate the deployment of FreeBSD servers and PC-BSD desktops using a PXE boot environment. In PC-BSD 9.1 and higher, this functionality is easy to setup and deploy using the utility. This utility handles the initial setup of PXE on the host system, and provides a framework to manage client installation configurations.

About the Speaker: Kris Moore is the founder and lead developer of the most popular BSD based desktop, PC-BSD. He has authored several unique tools for the desktop, including the PBI package management format, and the Warden, a BSD Jails management utility. He resides in the Knoxville area of East Tennessee with his wife and 4 children.

Nginx: Architecture, Performance and Future Enhancements by Igor Sysoev

Abstract: nginx architecture, features, taken decisions, drawbacks, portability, lessons learned during the development and future development directions.

About the Speaker: Igor Sysoev, the author of nginx, a high performance HTTP and reverse proxy server. Founder, principal architect and CTO of NGINX, Inc. Graduated from Bauman Moscow State Technical University. Worked in several companies as system administrator. Currently lives in Moscow and works at NGINX, Inc.

Varnish Cache: High-Performance Reverse HTTP Server Offloading by Poul-Henning Kamp

Abstract: Varnish is a HTTP server accelerator/cache which has rapidly become the new black in the WWW business. This talk is about why Varnish works, from architecture to kernel interface.

About the Speaker: Poul-Henning Kamp has been committing to the FreeBSD project for most of its duration. He is responsible for the widely used MD5 password hash algorithm, a vast quantity of systems code, including the FreeBSD GEOM storage layer, GBDE cryptographic storage transform, part of the UFS2 file system implementation, FreeBSD Jails, malloc library and the NTP timecounters code. He is the lead architect and developer for the open source Varnish cache project, a HTTP accelerator.

The new LAMP: Powering a Global Top100 Site with Varnish, Nginx, Redis, PHP, and NodeJS by Eric Pickup

Abstract: Varnish, Nginx, PHP, NodeJS, Redis. It needs a vowel to be catchy but is superior across the board. It is THE open source stack for developing the next generation web for high traffic.

About the Speaker: Eric has spent the last 5 years building, supporting and improving high traffic websites. His current project is one of the global top 100 on the internet in terms of traffic. he loves the constant challenge.

Running the Netflix Video CDN on FreeBSD and Handling 30% of all US Internet Traffic by Alistair Crooks

Abstract: An operational talk in-depth about the tweaks we’ve made to drivers, VM, and other parts of the system to support our operational environment. Also about tracking 9.x (and soon, HEAD) in a real-world production environment. There are benefits to staying on the bleeding edge that far outweigh the risks of falling behind on old branches.

About the Speaker: Alistair has an honours degree in Computing Science from Glasgow University. He first used Unix on a V6 PDP-11, and BSD on a 4.1c VAX. He has worked for investment banks, insurance, and credit card companies, but has managed to retain a conscience. He was responsible for systems and storage security at Yahoo!. For the last 18 month he has been responsible for packaging software on the Netflix OpenConnect Applicance. He has designed and implemented two packaging systems, PSF, for Amdahl’s UTS in 1995, and pkgsrc, based on FreeBSD ports in 1997. He continues his involvement with pkgsrc to this day, but also has considerable experience with Linux packaging systems and with FreeBSD’s ports system for his work with Netflix.

Relayd: Improved High Availability Load-balancing and Connection Proxying by Reyk Floeter

Abstract: relayd first appeared in OpenBSD 4.1, formerly called hoststated, to provide a service that helps Server Load Balancing (SLB) with OpenBSD’s PF. It was written by Pierre-Yves Ritschard and Reyk Floeter. The daemon initially provided health checking capabilities of monitored backend servers and the ability to dynamically load PF tables and “rdr” L3-redirections based on the configuration and active hosts. It has been extended with support for L7-relaying of various protocols including TCP, UDP, HTTP, DNS, and SSL with optional transparent proxying capabilities and evolved into an Application Level Gateway (ALG). This talk introduces some of the latest enhancements with a focus on the redesigned filtering subsystem for relays and integrated SSL inspection or “SSL Man-in-the-middle (MITM)” support.

About the Speaker: Reyk Floeter is the founder of Esdenera Networks GmbH from Hannover, Germany, where he develops OpenBSD-based networking and security products for cloud-based and software-defined networks. As a member of the OpenBSD project, he contributed various features, fixes, networking drivers and daemons since 2004, like OpenBSD’s ath, trunk (a.k.a. lagg), vic, hostapd, relayd, snmpd, and iked. For more than nine years and until mid-2011, he was the CTO & Co-Founder of vantronix where he gained experience in building, selling and deploying enterprise-class network security appliances based on OpenBSD.

Mitigating and Isolating DDoS at Layer7 using Global Server Load Balancing with gdnsd on FreeBSD by Allan Jude

Abstract: An overview of our production implementation of the gdnsd DNS server on FreeBSD 9.x as a Global Server Load Balancer. We discuss how the GSLB can be used to mitigate and isolate distributed denial of service attacks without requiring extensive network infrastructure, cooperation from your transit providers, or BGP/Anycast. Coverage of the types of DDoS attack as well as the prevention and cleanup/prosecution steps. The talk will cover a number of different defensive techniques and then detail our solution using our GSLB.

About the Speaker: Allan Jude is VP of operations at Scale Engine. He is the on air host of the popular security podcast “TechSnap” on JupiterBroadcasting.com. He taught FreeBSD and NetBSD at Mohawk College in Hamilton, and has 12 years of BSD unix system administration experience.

Realtime Distribution of Anti-Spam Black and White Lists using BGP by Peter Hessler

Abstract: In the battle against Spam, many mail server admins collect and distribute IP addresses of systems that send them Spam. However, distribution of these lists are traditionally limited to 2 methods.

is periodically downloading this list from a source, usually a web server often causing massive load and slowness at the top of the hour. is a real-time lookup against an external provider (such as dns-rbls) so your response time is dependent on how fast they respond or timeout.

This talk suggests and discusses a 3rd solution: using BGP to distribute the IP addresses in a real-time manner.

About the Speaker: Peter Hessler is 32 and lives in Zurich, Switzerland. Originally from San Francisco he has an interest in how things work. An OpenBSD user since 2000, and an OpenBSD developer since 2008, he moved to Germany in 2008 and then to Switzerland in 2013. In his spare time, Peter enjoys drinking beer and bad puns.

Presentations Track #2 Abstracts and Speaker Bio’s

PostgeSQL 9.3: Upcoming Features by Magnus Hagander

Abstract: This talk will take a look at some of the things that are already available in what will eventually become PostgreSQL 9.3.

About the Speaker: Magnus Hagander is a member of the PostgreSQL Core Team and a developer and code committer in the PostgreSQL Global Development Group.

Magnus is one of the original developers of the Windows port of PostgreSQL, and currently a part of the team that maintains it. These days, he mostly works on other parts of the PostgreSQL backend, recently with a focus on security features, monitoring and backup/replication interfaces and tools.

He is also one of the core members of the postgresql.org infrastructure team, maintaining the servers that power the project, and one of the maintainers of the postgresql.org website. He also contributes to pgAdmin and other related projects.

He’s been a PostgreSQL user since version 6 (with some non-serious use of Postgres 95 before that), and currently serves on the Core Team and as President of the Board for PostgreSQL Europe.

To pay the bills, he is a PostgreSQL and open source software consultant at Redpill Linpro in Stockholm, Sweden, where he works on consulting, support and training services, as well as custom development work.

From Bsdtar to Tarsnap Building an Online Backup Service by Colin Percival

Abstract: How tarsnap is designed and how all the pieces fit together:

splitting data into chunks

avoiding to create lots of new chunks if data is shifted

variable-length chunks with context-dependent splitting

encryption and cryptography of chunks and entire backups

About the Speaker: Dr. Colin Percival is a Security Officer Emeritus of the FreeBSD Project and the founder of the Tarsnap online backup service. In his spare time he attempts to improve the use of cryptography in software, both through novel cryptographic research and by attempting to educate the software developing public about the proper use of cryptography.

Bacula: The Networked Backup Open Source Solution by Dan Langille

Abstract: Nobody ever regretted making a backup, including:

overview of Bacula: client, storage, director

the various retention settings and how they affect your catalog

which database is best for use with Bacula

About the Speaker: Dan has been using FreeBSD since 1998 and almost immediately he started documenting his experiences. This online journal eventually became The FreeBSD Diary. Along the way, he founded a couple of conferences and created a few other websites. He is very good at describing the step-by-step procedures to perform a wide variety of tasks, from changing your prompt to creating and maintaining jails.

NPF: NetBSD Packet Filter Design, Features, Performance, and Latest Developments by Mindaugas Rasiukevicius

Abstract: NPF – is a NetBSD packet filter introduced with the NetBSD 6.0 release and significantly improved with the recent NetBSD 6.1 release. During the talk we will overview the rationale behind developing a new packet filter, we will discuss the NPF design, key features, aspects of performance and we will take a look into the recent additions in the 6.1 release.

The presentation will continue covering the latest developments in the NetBSD -current branch, such as new extensions, BPF just-in-time (JIT) compiler support, NAT64 and NPTv6. Finally, the talk will conclude with the future directions for NPF.

About the Speaker: Mindaugas Rasiukevicius is a member of the NetBSD project since 2007, focusing on the kernel development, primarily such areas as threading, virtual memory, synchronisation, IPC and various others. The author has a particular interest in multi-threading, high performance and real-time computing. He currently has a consulting company – Nox Technologies Ltd.

Firewalling and Security in an IPv6 World by Massimiliano Stucchi

Abstract: With IPv4 depletion approaching at a fast rate, it’s vital for any sysadmin to start getting hold of what the situation around firewalling and security mechanisms is in the IPv6 side of the world.

In this tutorial we will introduce key concepts around key features of IPv6 with an eye on security considerations, looking into best practises for firewalling and preventing security breaches.

Configuration examples for PF and ipfw will be shown, with the intent to involve the audience in a discussion about the future developments in the field.

About the Speaker: Massimiliano Stucchi is a trainer at the RIPE NCC. In his position he travels around the RIPE region to perform trainings on how to better use the resources assigned by his employer. In his past life he was CTO, founder and owner of an ISP/ITSP/WISP and also a consultant with experience ranging from web technologies to carrier-grade networking topics. He is vice president of the Italian FreeBSD Users Group (GUFI), and in his spare time likes running and hiking around any possible mountain.

Kuya: Automated Software Testing Framework on NetBSD by Julio Merino

Abstract: Kyua is an automated software testing framework. The Kyua package includes libraries to write tests in C, C++ and shell and a tool that implements the runtime engine for the tests, collects the results into a historical database, and generates user-friendly reports.

In this talk, I will present the design goals of Kyua (and, in particular, how it improves upon the older ATF) and describe the internal architecture of Kyua, and 3) explain how Kyua integrates into NetBSD to provide a test suite for the whole OS that is available out of the box. I will emphasize how this makes the development of NetBSD itself more agile, how it has helped the project catch regressions early on, and how it allows system administrators to validate the behavior of a production machine.

About the Speaker: In his daily job, Julio Merino takes care of the lower layers of the storage stack at Google in his Site Reliability Engineer position in the New York office since 2009.

Regarding NetBSD, Julio has been an official developer of the project since 2002. In this time, his duties in the project have fluctuated from being the maintainer of the Spanish translation of the web site, then being the owner of the Gnome 2.x packages for several years, then developing the tmpfs file system and the testing framework in the base system, and later by serving the Board of Directors from 2011 to 2013.

Finally, regarding his studies, he got his masters in Computer Architecture, Networks and Systems in 2007, and his bachelor’s degree in Computer Science in 2006.

ESO Extremely Large Telescope: Real Time Control for Adaptive Optics with FreeBSD by Poul-Henning Kamp

Abstract: Force Inc. and Poul-Henning Kamp have delivered a prototype compute cluster for ESO’s ELT telescopes adaptive optics. This talk shows how a vanilla FreeBSD kernel was turned into a high performance deterministic real-time computer, delivering 250GFLOPS with 20 microseconds jitter.

About the Speaker: Poul-Henning Kamp has been committing to the FreeBSD project for most of its duration. He is responsible for the widely used MD5 password hash algorithm, a vast quantity of systems code, including the FreeBSD GEOM storage layer, GBDE cryptographic storage transform, part of the UFS2 file system implementation, FreeBSD Jails, malloc library and the NTP timecounters code. He is the lead architect and developer for the open source Varnish cache project, a HTTP accelerator.

Zero-Copy Socket Splicing in the OpenBSD Kernel by Alexander Bluhm

Abstract: In OpenBSD relayd can be used to terminate and forward TCP connections, while checking the content of the stream. To increase performance, the new functionality socket splicing has been added to the OpenBSD kernel.

Socket splicing allows to move the data portion of TCP streams or UDP packets from one socket to another. Unlike IP forwarding, the whole mechanism is controlled by the process that owns the file descriptors of the sockets.

The talk will introduce how mbufs and socket buffers work. Based on that, the implementation and API of socket splicing gets explained. Finally it is demonstrated how relayd uses the API.

About the Speaker: Alexander finished his studies of mathematics at the University of Leipzig in 2001. Since then he works for genua, a German company that builds firewalls based on OpenBSD. In the year 2007 he got his OpenBSD developer account. His major projects were the IPv6 fragment reassembly code in pf and socket splicing for zero-copy data transfer.

Netmap: The Fast Network Packet I/O Framework by Luigi Rizzo

Abstract: In this talk we will give an overview of how the netmap framework has evolved in the past two years, and the lessons learned from it.

netmap was designed in 2011 as a simple OS-bypass solution for fast network I/O. It brought impressive performance improvements to basic packet processing applications. Since then, we have explored extensions to the framework, trying to apply its performance enhancement techniques to virtual switching and virtualization, and making it useful for more general applications within the OS.

We have used the netmap API to create an in-kernel software switch, called VALE, which can connect virtual machines at tens of millions of packets per second. VALE has been then extended to attach to physical interfaces and to the host stack, providing a functional replacement for FreeBSD and Linux native bridges, with much higher performance. More recently, the VALE switch has been integrated with OpenvSwitch, adding a flexible control plane to its high performance data plane.

Using VALE as an interconnect between virtual machines helped us get a better understanding of the dynamics of device emulation at very high speeds. In the process, we managed to improve QEMU and adapt device drivers to a VM environment, reaching a throughput of millions of packets per second even with conventional NIC emulation. Matching bare-metal speeds, we have made virtual machines a useful environment for performance testing of the OS.

We are now working at using the netmap API in more places within the OS network stack, and at the same time extending the API itself to support features such as split buffers, widely used in the stack.

About the Speaker: Luigi Rizzo is an Associate Professor of Computer Engineering at the Universita` di Pisa, Italy.

His research focuses on computer networks and operating systems. In particular, he has done some highly cited work on multicast congestion control, FEC-based reliable multicast, network emulation, and more recently on packet scheduling, fast network I/O, virtualization. Much of his work has been implemented and deployed in popular operating systems and applications, and widely used by the research community. His contributions include the popular dummynet network emulator (a standard component of FreeBSD and OSX, and now also available for linux and windows); one of the first publicly available erasure code for reliable multicast; the qfq packet scheduler; and the netmap framework for fast packet I/O.

Luigi has been a visitor at several industrial and research institutions, including ICSI (UC Berkeley), Intel Research Cambridge (UK), Intel Research Berkeley, and recently Google Mountain View. Luigi has been General Chair for SIGCOMM 2006, TPC Co-Chair for SIGCOMM 2009, and TPC member/reviewer for many networking conferences and journals.

Traffic Deep Inspection: Realtime Traffic Analysis at 20Gbit/s using Netmap on FreeBSD by Fabrizio Invernizzi

Abstract: A number of DPI (Deep Packet Inspection) commercial solutions exists with main area of application laying in legal interception, ISP traffic profiling, statistic data collection, security and more. Even if often based on open platforms like Linux and BSD family operating systems, commercial solutions lack the flexibility needed to implement custom and very specific traffic analysis use cases that can be required in order to profile specific services or traffic anomaly, as, for example, traffic caching potential (video, file sharing, P2P), user QoE indexes, content popularity, and more.

In order to cover these specific needs, Telecom Italia LAB, in the context of the Mplane EU founded project (www.ict-mplane.eu), is working on a FreeBSD based DPI solution named DATI (Deep Application Traffic Inspection) that, leveraging on open source technologies like NETMAP and REDIS, offers the flexibility of building specific and complex traffic analysis associated with the scalability of real-time traffic capacity in the order of 20 Gbs.

This presentation will introduce the current state of the implemented architecture and will share with the BSD community learned lessons and open issues of a BSD based DPI solution.

About the Speaker: Fabrizio Invernizzi received the Dr. Ing. degree in Telematics Engineering from Politecnico di Torino, Italy, in 1999, contributing with his degree work to the first Italian IPv6 experimental service provider (NGNET, Telecom Italia). He joined Telecom Italia R&D in 2001 where he contributed to research projects in the area of IPv6 deployment and co-authored some “on-field” IPv6 projects like the introduction of IPv6 in Telecom Italia Sparkle network. He worked on the NATO project INSC (Interoperable Network for Secure Communications) supporting the Italian Department of Defence in the definition of the architecture of a new secure multinational military network. Currently his work is mainly focused on innovative solutions for passive traffic analysis.

The Surprising Complexity of TCP/IP Checksums by Henning Brauer

Abstract: TCP and IP have well known and well understood checksum mechanisms. The actual checksum math is easy and, from a performance standpoint, so cheap that it can be considered free. In the process of improving the use of hardware checksum offloading engines, recalculating the IP checksum has been found to be essentialy free. However, that is not the case for the TCP and UDP checksums, which was partially expected. On further inspection a surprising complexity in dealing with the protocol checksums has been found. We’ll look at how these checksums are calculated, where the complexity comes from, how an ancient BSD performance hack made it into hardware offloading engines, the stack interaction and issues with hardware offloading engines.

About the Speaker: Henning Brauer is 34 and lives in Hamburg, Germany. He is running the Internet Service Provider “BS Web Services” there, and has done so for about 15 years. He joined OpenBSD in 2002 and has been working on many things, most network related, since. He started OpenBGPD and OpenNTPD, the framework he has written for bgpd is used by almost all newer daemons in OpenBSD. He has been working on the OpenBSD packet filter, pf, from the beginning and has architected and written a very large fraction of today’s pf. When he’s not hacking you can find him mountain biking, traveling and hiking or in one of the many bars in his neighborhood with his friends, enjoying brewer’s art and often playing tabletop soccer.

Reaching 40Gbit/s and beyond with the FreeBSD Network Stack and Driver Interface by Navdeep Parhar

Abstract: how the FreeBSD kernel utilizes modern NICs:

description of the path of data from userspace to the wire (sosend to the driver’s if_transmit) and the path from the wire to userspace (driver interrupt to soreceive). “Expensive” operations along the way will be called out.

brief overview of how a driver exposes its capabilities (IFCAP_xxx) and the “simpler” ifnet capabilities — checksumming, VLAN tag extraction/insertion.

discussion of ifnet TSO and LRO capabilities.

other common hardware assistance: tx and rx multiqueues, multiple rx interrupts (MSI-X), interrupt mitigation, etc.

discussion of stateful TCP offload (IFCAP_TOE) and the TCP_OFFLOAD implementation in the kernel: where the various driver hooks are, how they are supposed to work, etc.

Zero copy: sendfile, hardware TOE tx zero copy, hardware TOE direct data placement on receive.

About the Speaker: Navdeep is the author and maintainer of the FreeBSD cxgbe(4) driver that supports 10G and now 40G Ethernet adapters from Chelsio Communications. He maintains the slightly older cxgb(4) driver too. He’s also responsible for the current state of the TOE total TCP offload support (TCP_OFFLOAD) to the network card in the FreeBSD kernel.

Extending the FreeBSD Kernel to Netflix Video CDN Scale by Scott Long

Abstract: Modern I/O scheduling has to consider SSDs vs. HDDs, better integrating I/O scheduling in CAM, and evaluating the modern usefulness of the legacy bioq_disksort() scheduler, along with compare/contrast with Luigi Rizzo’s GEOM scheduler framework. Additionally extensions to the AIO and sendfile APIs have been made to support more concurrent disk->net I/O under heavy load at Netflix.

About the Speaker: Scott is with Netflix since 2012 as a OS engineer and FreeBSD evangelist. He’s working on OpenConnect.netflix.com. Prior to that he spent 5 years at Yahoo keeping YBSD running and moving from FreeBSD 4 to FreeBSD 9. He was the FreeBSD release engineer from 2002-2006, committer since 2000, and a user since the 386BSD days in 1992. He has a bachelor of science degree in aviation and did a brief stint as an airline pilot while at Yahoo.

Highly Parallel, lock-less, user-space TCP/IP Stack based on FreeBSD by Michael Dubiel

Abstract: Continuously increasing throughput and connections per second demands of web services providers poses great challenges on TCP/IP stacks. New solutions emerge, which attempt to eliminate bottlenecks of traditional stacks by exploiting multi-core nature of modern chips.

This paper presents how the FreeBSD TCP/IP stack has been used as a zero-copy, lock-less, highly parallel user-space stack running on 36-core Tilera TILE-Gx 8036 chip.

Of the main topics included, it describes and justifies design decisions, which enabled effective parallelisation, elimination of locks inside the stack and utilisation of the platform’s hardware features. It also elaborates on FreeBSD TCP/IP stack’s flexibility and adaptivity to be used as a high performance networking solution on many-core architectures.

About the Speaker: Michal Dubiel graduated in 2009 from the faculty of Electrical Engineering, Automatics, Computer Science and Electronics of AGH University of Science and Technology in Kraków. Throughout his career he worked for ACK Cyfronet AGH on hardware-accelerated data mining systems and later for Motorola Electronics on DSP software for LTE base stations. Currently he is working for Semihalf on embedded systems software development. He is mainly interested in the computer science, especially the operating systems, programming languages and digital signal processing.

Presentations Track #3 Abstracts and Speaker Bio’s

Towards a BSD Licensed and GPL-free Toolchain for NetBSD by Jörg Sonnenberger

Abstract: Over the last two years, NetBSD and pkgsrc have received a lot of attention for supporting Clang. More recently, the infrastructure for building and using libc++ as well as the MCLinker project has been put in place. This presentation covers the status of the various pieces, a few common failures to look for as well as what still needs to be done to finally remove GCC and binutils from the toolchain.

About the Speaker: Joerg Sonnenberger is studying mathematics and working as contract developer for German federal agencies. He is an active NetBSD and pkgsrc developer. His interests span topics from power-management, the compiler toolchain to networking and mathematical optimization.

Towards modern IAA Facilities in UNIX: Redesigning Identity, Authentication and Authorization by Dag-Erling Smørgrav

Abstract: After decades of shoehorning new IAA technologies into the same old model and API, it is time to wipe the slate clean. We investigate the requirements for a modern IAA framework for Unix OSes and attempt to sketch out an API and architecture.

About the Speaker: Dag-Erling Smørgrav is a software engineer and system administrator at the University of Oslo and a member of the UiO CERT. He has been a FreeBSD committer since 1998 and is the author of OpenPAM.

ASR: New Asynchronous DNS Resolver Implementation for OpenBSD by Eric Faurot

Abstract: We present a completely new implementation for the resolver in OpenBSD, based on an asynchronous core API.

The classic resolver interface, as found in the standard C library, is blocking, which makes it impractical in cases where the program wants to keep running while a resolution process is performed. This is especially true for network deamons. Other heavy resolver users, such as web browsers, try to alleviate this problem by using a thread pool. This is especially sub-optimal in OpenBSD, since the resolver has long relied on an internal lock, making it useless in this case.

Along with the standard resolver functions, the new implementation provides an alternate asynchronous API. This API allows to perform resolution without making any blocking call. It only deals with file descriptors, and it does not rely on threads, external programs or signals.

The asynchronous implementation was first integrated into the OpenSMTPD daemon for handling all DNS lookups. It has now moved into libc, as the core for the new resolver. The API is very easy to use within an event loop, or with any event-based framework, such as libevent.

About the Speaker: Eric Faurot received a Ph.D. in Computer Science from the University of Caen, France. He is currently working as an R&D Software Engineer for a telecom company.

He has been using OpenBSD for many years and started contributing as a developer in 2007. He is the author of the ASR resolver, and one of the lead developers for the OpenSMTPD project.

Packages on FreeBSD: Back to the Present by Baptiste Daroussin

Abstract: Packages experience used to be stuck in the 90’s on FreeBSD, last year pkg 1.0 has brought it back to 2000, how pkg 1.1 and next version will try to getting the package experience back to the present time: upcoming new features, bug fixes and innovations.

This talk will also explain how vendors can easily embrace pkg, building their own package repositories, creating their appliances using pkg.

About the Speaker: Baptiste is System Engineer, FreeBSD ports committer for 3 years and src committer for 2 years. Member of the port management team. Author and lead developer of the new package management tool for FreeBSD. Author and co-developer of poudriere.

Ports and Packages in OpenBSD: Refactoring an Existing Tool Base by Marc Espie

Abstract: The ports and package system in OpenBSD is no longer experimental. After a few good years of steady changes, it has reached a somewhat stable state. The most important new challenge is to keep things fresh: as with all software systems, adding new features can become increasingly difficult.

Experience will be taken from:

major improvements to the distributed ports builder: better performance, smarter repartition on clusters. Bringing tests in. Concurrency issues.

newer package building issues. Refactoring the infrastructure on an 8000+ ports tree

package installation: incremental updates, etc

About the Speaker: Marc Espie is a former alumnus of ENS Ulm. He holds a Phd in computer science (combinatorics). His day job involves teaching systems programming and computer security to graduate students. He’s been a long time contributor to the OpenBSD project over the past ten years. He is the chief architect of the OpenBSD ports and package system, and maintainer of make, m4, sqlite, and makewhatis in openbsd.

Porting Modern KDE4 to OpenBSD: A Success Story by Vadim Zhukov

Abstract: Porting modern KDE to OpenBSD began a few years ago. Although there is a working port of KDE3 for quiet a long time, KDE4 experienced many problems and was plain broken for many years. The talk is about the whole set of steps done: from messing with kdelibs internals through patching CMake scripts to tweaking ksystemlog log files paths and names. There were some interesting parts, e.g. finishing up “libexec” directory support, making KSharedDataCache work on OpenBSD and so on.

Currently, there is a working collection of ports, including not only KDE4 SC but many other applications: Digikam, KMyMoney, Kdenlive etc. And only a few steps are going to be made to enable building KDE4 as a part of official packages, mostly related to OpenBSD packages build system itself. Also, there is already a framework to support multiple KDE4 SC versions in tree.

About the Speaker: Vadim is a 28 years old sysadmin and programmer from Moscow, Russia. He works in IT for more than 10 years, and his first BSD-related job was at a web hosting company about 8 years ago. Currently he’s working most of the time on a security systems company. He also works as a CS teacher sometimes, giving mostly talks about different OSes and wrote a small learning guide for Moscow Technological Institute that they use on their courses.

Vadim started using OpenBSD a bit earlier, since 3.7 release, while actively contributing to the project for a few last years, becoming a committer at end of 2012. He has many different interests in *BSD, but most time now he spends on hacking KDE and other “heavy” ports.

Porting Firefox to *BSD: How to Keep Up with Fast Moving Projects and Upstream Patches by Landry Breuil

Abstract: Maintaining the port of Firefox to OpenBSD is an interesting challenge, since the web and its related technologies are evolving faster and faster, and third-party OS are struggling more and more to keep up the pace with a fast-moving target such as Mozilla. I’ll explain how I got caught into this by accident in the beginning of 2010, what are the key things to know about Mozilla development when coming from another big OSS project, how to properly cooperate with upstream, and how I managed to wrap up a workflow that eases the port updates at each new Mozilla release.

About the Speaker: Landry is an OpenBSD developer since 2007, working mostly on ports. He started with Xfce (the desktop environment), and got (almost by accident) maintainership of all the mozilla ports in 2010. Since then he’s improved the situation wrt upstream push-back. In his day-to-day job he works on GIS data.

Introducing the 64bit ARMv8 Architecture by Andrew Wafaa

Abstract: The ARM architecture is widely adopted with more than 10 billion processors shipped annually by ARM partners. These have primarily been into mobile and micro-controller markets; however, with power consumption becoming more critical ARM is entering new segments such as data-centre and networking infrastructure equipment for example. ARMv8 launched about a year ago as its new version of the architecture to support 64bit platforms, this is the biggest addition ARM has done to its architecture in recent years and will enable partners to target a new range of devices and platforms in new segments. This talk will present features introduced by ARMv8 and how they can be used with OSes like BSD.

About the Speaker: Andy has been involved in Open Source for over 10 years, working with a variety of industry leaders like Sun Microsystems and Fujistsu. Andrew’s responsibilities cover Linux and Open Source activity at ARM, working with ARM partners and Open Source communities to enable the use of Linux and Open Source technologies with ARM technology and products.

NetBSD on Marvell Armada XP System on a Chip by Zbigniew Bodek

Abstract: This talk covers the recent work on design and implementation of the NetBSD operating system port for Armada XP, the cutting edge, ARM based, System-On-Chip from Marvell.

Armada XP (Extreme Performance) is the industry’s first ARMv7 quad-core processor designed for enterprise-class cloud computing applications. With its rich set of peripheral interfaces including Gigabit Ethernet ports, SATA, PCI-express and security engines, Armada XP addresses the needs of many emerging server and networking markets.

The primary focus of the talk is to describe the challenges of developing NetBSD port for modern ARM platform, intended for professional and commercial use, thus standing out from other similar. The material briefly describes the porting process starting from low-level system abstracts, through the peripheral devices and special, Armada XP-specific features support and evaluation, ending with the integration to the mainline NetBSD source repository.

The talk also elaborates the implementation of the networking driver for NETA – the on-chip network accelerator, using Armada XP generic abstraction layer.

Finally the talk takes the opportunity to confront the NetBSD support for Armada XP with the equivalent FreeBSD port including comparison of the supported features, overall system performance and portability.

About the Speaker: Zbigniew Bodek is an embedded systems engineer in Semihalf. He is involved in BSD and Linux operating systems development for ARM and PowerPC based, embedded platforms.

Zbigniew has finished Electronics and Telecommunication at the AGH University of Science and Technology in Cracow. He is mainly interested in computer science, microprocessor technology, embedded operating systems and kernel development.

Porting FreeBSD/ARM to new SoC’s and Boards by Andrew Turner

Abstract: FreeBSD is starting to support more ARM platforms. With the armv6 project branch now merged FreeBSD is able to run on modern ARM CPUs, however the process of getting FreeBSD running on a new chip can be difficult.

This talk will explain the common boot method most consumer development boards use. I will go on to give details on how FreeBSD fits into this process. Finally I will describe a few methods to figure out why FreeBSD is failing to boot, even without a working console.

About the Speaker: Andrew started with FreeBSD on ARM by porting it to the Samsung CPU within the OpenMoko phones. After receiving a FreeBSD commit bit he started to update FreeBSD to work with the ARM EABI.

When not hacking on FreeBSD Andrew works as an Embedded Software Engineer. He has worked with many ARM CPUs, from deeply embedded devices with a few kB of RAM, to systems with multiple DSPs and FPGAs controlled by a central ARM board. Recently Andrew has been working for a semiconductor company making sure Multimedia works as expected on devices containing their chips.

Porting NetBSD to the AVR32 Architecture by Tomás Niño Kehoe and Leandro Santi

Abstract: In this talk we walk through the experience of producing a NetBSD port to the AVR32 platform from scratch. Special attention is given to the techniques involved in managing the complexity of this process, which we believe is a key factor enabling undergraduate students with general background in computer systems architecture to engage and fulfill such task (this project is in fact the main subject of one of the speaker’s engineering thesis). We also revisit some of the main technical details of the port, aiming to provide to the audience proper understanding of our work.

Brief outline of the talk

Introduction

Motivation

The AVR32 architecture

Sources of inspiration

Walkthrough Preliminars Bootstrapping the kernel Porting pmap, take 1: kernel VM Basic trap support: kernel related page faults Ticking the clock Switching LWPs Basic hardware support Porting pmap, take 2: user VM System call emulation stubs Traps, take two: user VM and exception handling Hello World! Signals System calls, continued Running the shell

Conclusions and outlook on future projects

About the Speakers: Tomás Niño Kehoe is an Engineering student and a Teacher Assistant at the University of Buenos Aires, Argentina. He works developing software for a high performance distributed system related to the stock exchange. His interests include Computer Architecture, application development and Agile methodologies.

Leandro Santi is Jefe de Trabajos Prácticos, or head of the TA teams at the University of Buenos Aires. He also is an IT manager in a multinational telecommunications company. He has contributed patches to several Open Source projects including the Postfix MTA and the MySQL database. He obtained an Electrical Engineering degree with specialty in signal processing, and telecommunications Masters, both from the University of Buenos Aires.

FreeBSD BHyve Hypervisor hosting Other Systems by Peter Grehan

Abstract: The bhyve hypervisor was initially developed and debugged with FreeBSD as the guest operating system due to the developer’s familiarity with FreeBSD internals. However, a hypervisor that can only host a single operating system is of limited use. This talk will discuss the work involved in getting non-FreeBSD operating systems to work under bhyve (OpenBSD, NetBSD, Linux, Windows). The differences in boot loaders, quirks in accessing hardware, and the ability to debug with varying levels of access to custom builds and source code (or lack thereof) will be examined.

About the Speaker: Peter Grehan is a FreeBSD committer who has been using BSD-derived operating systems in some form since the days of DEC Ultrix. He co-developed the bhyve hypervisor with Neel Natu.

Virtualization on Intel Itanium by Klaus Brandstätter

Abstract: We present the details of a virtualization emulation for Intel Itanium based on FreeBSD we are developing in-house.

About the Speaker: Klaus Brandstätter was born 1954 in Nuremberg, Bavaria, Germany. He studied electrical engineering at the Friedrich-Alexander University of Erlangen in Germany between 1974 and 1980. In 1981 he founded HOB Germany serving as CEO and CTO. In the beginning he focused on software and hardware for IBM mainframes (3270 terminals), working with SNA and X.25 protocols. More recently he develops remote desktop, RDP, VPN, SSL, IPsec, and security software in mostly in Java.

Security Infrastructure in the FreeBSD Kernel by Kirk McKusick

Abstract: The FreeBSD security model has been developed over thirty years of evolving consumer needs. Many of the key developments have come from the contributions of an active security research community. This talk describes the underlying model and its practical implementation, from its origins in the UNIX process model and file permissions, to more recent additions: the Capsicum capability model, lightweight Jail virtualization, Mandatory Access Control, and security event auditing. These elements combine to meet the requirements of diverse systems ranging across hand-held computing devices, network devices, storage appliances, and Internet service-provider’s large-scale hosting environments.

About the Speaker: Dr. Marshall Kirk McKusick’s work with Unix and BSD development spans over four decades. It begins with his first paper on the implementation of Berkeley Pascal in 1979, goes on to his pioneering work in the eighties on the BSD Fast File System, the BSD virtual memory system, the final release of 4.4BSD-Lite from the UC Berkeley Computer Systems Research Group, and carries on with his work on FreeBSD. A key figure in Unix and BSD development, his experiences chronicle not only the innovative technical achievements but also the interesting personalities and philosophical debates in Unix over the past thirty-five years.

Presentations Track #4 Abstracts and Speaker Bio’s

Short talks in the FreeBSD Developer Summit Track #4 on Saturday are only selected a few days before the conference and will be announced on-site.

Presentations Track #4 Abstracts and Speaker Bio’s

Short FreeBSD Developer Summit Talks by various Speakers

Abstract: Various people from the FreeBSD Developer Summit present their completed and in progress works. The short talks and presentations will be announced shortly before the conference. More information can be found in the FreeBSD Developer Summit Wiki.