NetActuate and NETINT Deliver Global VPU-Accelerated Infrastructure
Explore
NetActuate and NETINT Deliver Global VPU-Accelerated Infrastructure
By clicking "Accept all" you allow cookies that improve your experience on our site, help us analyze site performance and usage, and enable us to show relevant marketing content. You can manage cookie settings below. By clicking “Confirm selection” you agree with the current settings.
I spent a very full week in Edinburgh for DNS-OARC 46 and RIPE 92. Having both events in the same city made the trip intense, but also useful. DNS-OARC focused on the operational details of DNS, while RIPE widened the lens to routing, policy, infrastructure, and community process.
The two events are different, but the same theme kept showing up: the odd edge cases matter a lot more when they touch critical infrastructure.
DNS-OARC started Saturday with exactly the kind of practical DNS content I was hoping for. A lot of the discussion came back to the places where DNS gets messy in the real world: fragmented ownership, registrar and registry workflows, resolver behavior, DNSSEC deployment, anycast measurement, and the tooling operators need when simple diagrams stop matching production networks.
Andreas Taudte's "What Keeps Enterprises Up at Night" was a good reminder that enterprise DNS problems are often not just protocol or product problems. They are ownership problems, visibility problems, and operating-model problems. Someone has to know who owns a zone, who can change it, who is watching it, and what breaks when the answer is unclear.
David Redekop's "The Underminr - abusing CDN Shared Infrastructure" was another practical talk, focused on finding hidden destinations behind shared CDN infrastructure. It fit the broader theme of the day: the hard part is often not that a system exists, but that the dependency chain is not obvious until someone goes looking for it.
Jens Hoffrichter's "DNSSEC at Scale: Enable Signing Across 5500 Domains in the Real World" hit a similar operator nerve. DNSSEC at that size is not just signing zones. It is registrar support, DS record workflows, TLD-specific tooling, timing, rollback behavior, and manual steps that become operational risk when they are multiplied across thousands of domains.
There was also a practical NetActuate reason for being in the room. Customer needs do not always show up first as clean requirements. Sometimes they show up as patterns across talks, hallway conversations, and questions people are starting to ask each other. DNS-OARC was valuable because it put those patterns close together.
Sunday kept that DNS thread going. Liwen Xu's "Demystifying Resolver Work: A Formal Perspective on DNS Resolver Performance Vulnerabilities" was a good example. Resolver behavior has real cost, and "how much work does this query cause?" is a question worth asking directly. That kind of framing helps move resolver performance and abuse discussions from vague concern into something operators can reason about.
Peter Thomassen's "Bitflipping root-servers.net" was one of the talks that stuck with me most. I had not spent much time thinking about bitflips around root server identifiers before, and the talk was a useful reminder that tiny corruption modes get more interesting when they touch resolver priming and bootstrap state. The point was not that root hijacking is widespread. It was that this is a new failure mode worth adding to the mental model.
Remi Hendriks' DNS-OARC talk on measuring anycast routing was also a good NetActuate-relevant thread. Catchment is useful, but it does not tell the whole story. Operators still need to know whether the path is good, and whether another PoP or a different routing decision would actually help.
Monday was the start of RIPE 92, and it was my first RIPE Meeting. The newcomer session was genuinely useful and gave me a better appreciation for how much of RIPE's process is built around making the community understandable to people who are new to it. I would love to see more of that structure show up in other operator communities.
The Monday tutorial, "VXLAN and EVPN on Linux (with BIRD)," was a practical start to the week and close to the tools we already know. Maria Matejka presented in person, and Ondřej could not attend, so he was humorously represented by a duck. That detail got exactly the amount of conference mileage it deserved, which is to say more than zero.
The Lord Provost of Edinburgh spoke during the opening session, and then Sasha Romijn's "Manipulating RPKI (and more) with marquees in TLS certificates (and more)" set the technical tone for RIPE in a very memorable way: funny, technically weird, and serious underneath. The `<marquee>` joke kept coming back all week, but the operational point was not really about the tag. It was about trust boundaries. Fields that feel like harmless display text can end up rendered inside systems with much more meaningful authority. As an operator, that lands differently when the affected systems include routing, registries, dashboards, and customer-facing tools.
Monday's program also had two talks I want to keep in the NetActuate follow-up pile: "Route Filtering at Scale" and "Anycast in underserved regions." Route filtering tied routing security back to AS-set quality, IRR hygiene, RPKI, ASPA, and generated filters. The anycast talk reinforced a point that matters for global edge work: anycast follows routing policy, interconnection, and local infrastructure, not just geography.
Tuesday was more of a routing, measurement, and scale day in the program. Some of the material I want to keep reviewing includes DDoS scrubbing visibility from BGP routing data, route collector signal, IPv6 measurement, and large-network architecture talks. The recurring operator question was practical: what can we actually measure, and does that measurement give us a decision we can act on?
That is also where the NetActuate thread from DNS-OARC and RIPE started to connect more clearly. Edge performance, routing hygiene, and resilience are connected work, not separate projects. The anycast talks were about where users land and whether the path is any good. The route filtering work was about whether the routing-policy data underneath the automation can be trusted.
Wednesday had two of the RIPE talks I am most likely to keep referring back to.
Maria Matejka's "How much of BIRD is vibecoded" was one of the better AI talks I have heard in an operator setting. It was not a generic "AI bad" talk. It was a maintainer talk. For routing software, the expensive part is not typing code. It is knowing whether the code is right, reviewing it properly, understanding the design intent, and keeping enough context for the next person.
The RIPE NCC Services session tied the week back to the larger operational picture. The "RIPE NCC Strategy 2027-2031" discussion and "Rebuilding Our Technical Infrastructure" were not just abstract planning. Registry accuracy, routing security, resilience, infrastructure control, and geopolitical risk all showed up as linked problems. The strategy is still a draft pending RIPE NCC Executive Board approval, so I would not treat it as final, but the direction was useful.
The infrastructure talk especially stood out because it treated geopolitics as an operational input, not background noise. European organizations are thinking more seriously about cloud dependency, jurisdictional exposure, vendor dependency, and control of critical services. That does not mean every service comes home or every cloud decision was wrong. It does mean resilience planning now has to include who runs the infrastructure, where it runs, and what assumptions sit underneath it.
Thursday brought the DNS thread back into focus through the broader RIPE program. Ondřej Surý's "DNS, Transitive Trust and How Many is Many" was a good example of the kind of DNS operational question that sounds simple until you start counting all the dependencies. A single lookup can hide resolver work, CNAME chains, delegation choices, and cross-domain trust relationships.
That tied back nicely to DNS-OARC. The same pattern kept appearing: DNS and routing problems are often not isolated technical problems. They are dependency problems, ownership problems, and visibility problems.
My favorite accidental cross-conference thread was the bitflip theme. Peter Thomassen's DNS-OARC talk on "Bitflipping root-servrs.net" and Warren Kumari's RIPE lightning talk, "BitSquatting... ...or the infinite monkeys theorem...," almost formed a two-conference bitflip mini-track. It was funny, but it also fit the week: small, odd failure modes can matter when they land on naming, routing, or bootstrap infrastructure.
Friday also gave the week its closing rhythm: a few final technical talks, the RIPE tech report, and the sense that everyone was starting to run on conference coffee and stubbornness.
I came home with a longer follow-up list than I brought, which is usually the sign of a worthwhile conference week. DNS-OARC gave me sharper DNS and anycast questions. RIPE gave me a wider view of routing security, registry stewardship, infrastructure independence, and community process.
Holding the two events back-to-back in Edinburgh was a good move. The schedules were dense, the hallway tracks were useful, and coffee did more operational work than some monitoring systems would care to admit.
Reach out to learn how our global platform can power your next deployment. Fast, secure, and built for scale.
%20(1).svg)
.png){kind=icon}
.png)
.jpg)