Full Abstract

Speakers
Moderator - Dave Ward, Cisco
Panelist - Ron da Silva, AOL Time-Warner
Panelist - Sean Doran, Ebone
Panelist - Ted Seely, Sprint

Full Abstract

Cisco Systems

Full Abstract

Now more than ever, Internet Service Providers are focusing on ways to increase the resiliency of their networks and, if at all possible, reduce their operating costs at the same time. Past research (Peering Decision Tree, presented at NANOG 19, and A Business Case for Peering) demonstrates the economic tradeoffs of peering and highlight the simple but challenging first step: How to know who to talk with at an ISP to get peering set up?

This Peering BOF focuses on this first step using "Peering Personals." We solicit Peering Coordinators (before the meeting), asking them to characterize their networks and peering policies in general ways ("content heavy" or "access (eyeball) -heavy," "Multiple Points Required" or "Will Peer anywhere," "Peering with Content OK," etc.). From the answers we will select a set of ISP Peering Coordinators to present a 2-3 minute description their network, what they look for in a peer, etc., allowing the audience to put a face with the name of the ISP. At the end of the Peering BOF, Peering Coordinators will have time to speak with Peering Coordinators of ISPs they seek to interconnect with. The expectation is that these interactions will lead to the Peering Negotiations stage, the first step towards a more fully meshed and therefore resilient Internet.

At the first NANOG Peering BOF I volunteered to maintain a Peering Contact Database (as an Excel Spreadsheet) that I e-mail out about every six weeks to participating Peering Coordinators. If you are a Peering Coordinator and would like to be listed in the PCD and get a copy of the PCD, send a note to [email protected] with Subject: PCD. I maintain this as a community service and is completely separate from my role at Equinix.

------

NOTES:

Date: Mon, 29 Oct 2001 10:03:33 -0800
From: William B. Norton
Subject: Peering BOF IV Meeting Notes

Hi all -

Here are my notes from the Peering BOF IV - NANOG 23.

We started at 7:30 PM Monday evening with the intention of pulling the
peering community together through introductions. We had about 20 Peering
Coordinators step up to the mike, introduce themselves, say a word or two
about their network, peering policy and what they are looking for in a peer
network. This allowed the audience to put a face to a name for
conversations afterwards. Another 10 that didn't pre-register for this
stepped up and chimed in as well. From about 8:30 til almost 10PM the
community stuck around to talk and I'm told that *dozens* of peering
sessions (Yahoo!, Akamai, Carrier1, SBC, etc.) will be set up as a result.
Highly successful NANOG for this segment of the population.

Several folks asked for a list of those who stood up to talk about their
peering policy, and here is what I have:

BBC Internet
Simon Lockhart
[email protected]

Digital Island
Mitchell Rose
[email protected]

DoubleClick
Alex Ng
[email protected]

TELUS
Clinton Work
[email protected]

France Telecom/Open Transit
Vincent Gillet
[email protected]

Globix
Steven J. Schecter
[email protected]

WINFirst
Hansel Lee
[email protected]

4CNet
Brian Court
[email protected]

Akamai
Rachel Warren
[email protected]

Patrick Gilmore
[email protected]

Hostcentric
Charlene Wang
[email protected]

Japan Telecom
Seiji Kuroda
[email protected]

Adelphia
Joe Klein
[email protected]

Earthlink
Jeb Linton/Josh Fleishman

Yahoo!
Jeffrey Papen
[email protected]

SBC
Ren Nowlin
[email protected]

Carrier1
Eric Troyer
[email protected]

ESNet
Joe Metzger
[email protected]

Velocita
Brian Dickson
[email protected]

I want to thank these folks for volunteering to share their info and hopefully this led to some sessions coming up.

Speaking of which, if Peering Coordinators would like to participate in the Peering Contact Database and receive a copy once a month or so of the Peering Contact Database, send e-mail to [email protected] and I'll return the template to fill out. So far we have about 150 Peering Coordinators listed.

Several suggestions were made for the next time:

- Include a "Peering Contracts Required" icon and

- "Make it easy for folks to step up later along with Icons" and

- "Include e-mail addresses"

We're going to try and factor in these suggestions for the Peering Personals at the next Gigabit Peering Forum which is held Dec 3rd in San Jose. If you are a Peering Coordinator and would like an invite to this let
me know.

For those who could not attend due to travel restrictions or whatever I'd be happy to e-mail the slides with the peering icons and ISP names etc.

Hope this helped -

Bill

Speakers
Bill Norton, Equinix

Full Abstract

Speakers
Wes Hardaker, NAI Labs

Full Abstract

Speakers
Susan Harris, Merit Network
Tom Herbst, Cisco Systems

Full Abstract

After the horrific attacks of September 11, Matrix.Net was asked by the Office of the President to track the effects on the Internet and to examine past records for any unusual incidents. Salus presents data, maps, and graphs for Internet performance on September 11 and during earlier disruptive events.

Speakers
Peter H. Salus, Matrix
Peter H. Salus is Chief Knowledge Officer of Matrix.Net in Austin, TX. He is the author of A Quarter Century of UNIX (1994), Casting the Net (1995), and several other books, and has conducted The Bookworm in ;login: for over a decade. Peter has written for and edited Matrix News since 1994.

Full Abstract

Using details gathered from both small and larage providers in New York, the rest of the USA, and overseas, Donelan discusses the events and aftermath of September 11 from an operators' point of view.

Speakers
Sean Donelan, Donelan.com

Full Abstract

On the morning of September 11, 2001, after the terrorist attacks in New York and Washington, many Internet users tried to get news and information over the Internet, only to be met with sluggish performance or unavailable websites. These problems were compounded for users in New York because of the general unavailability of terrestrial broadcasts after the structural failure of the World Trade Center. By contrast, multicasting, which was designed to deal with sudden audience spikes, did not suffer any known outages, and multicast video audiences increased to unprecedented levels. At Networld+Interop in Atlanta, which was ongoing at the time of the attacks, "the crowds around the one [multicast] display had grown so large as to constitute a fire hazard, [while] all the major news web sites had completely melted down."

The events of 9/11 show that multicasting is a robust, real-world product capable of performing well under difficult conditions. Multicasting is robust to increased traffic loads, both because it limits the bandwidth being consumed, and because the control traffic is robust under packet loss. This robustness will considerably increase with the adoption of Single Source Multicast (SSM), which significantly reduces the amount of required control traffic.

Multicasting is sensitive, of course, to degradation in the underlying Internet infrastructure. While this was not a problem on 9/11, it was a problem in the days afterwards, as data exchange facilities near the World Trade Center found it hard to stay in service. For the most part, any outages were sporadic and quickly routed around.

Multicast video was a major source of news on 9/11, with a video audience of 2000+ receivers, and undoubtedly a considerably larger number of viewers. The increased traffic lasted for much of the rest of the week. This shows that multicasting can be used to disseminate information under trying conditions, and that a critical mass of people is able to receive this information. Multicasting would thus seem to be an obvious adjunct to the existing Emergency Alert System (EAS).

This presentation will focus on the observed multicast traffic on and after the attacks on 9/11, how the multicast Internet behaved under stress, and what these observations imply about multicast security and robustness.

Speakers
Marshall Eubanks, Multicast Technologies
Marshall Eubanks, CTO at Multicast Technologies Inc., since its founding in 1999, develops multicast applications for broadcasting, content delivery, and one-to-many file transfer. He is also responsible for multicast monitoring at Multicast Technologies and in the effort to protect multicast against denial of service attacks.

Rich Mavrogeanes, Vbrick
Prashant Rajvaidya, UC Santa Barbara

Full Abstract

This talk highlights recent trends in denial of service attack technology from the perspective of CERT's analysis of the continued development, deployment, and use of denial of service attack tools by intruder communities.

The speaker has co-authored this paper on DOS attack trends.

Speakers
Kevin Houle, CERT

Full Abstract

Speakers
Barry Raveendran Greene, Cisco Systems

Full Abstract

This talk provides an overview of CAIDA's analyses of http://www.caida.org/research/security/code-red/" TARGET="_BLANK">Code Red and other recent worms

Speakers
David Moore, CAIDA.

Full Abstract

This presentation takes a real-world look at DoS attacks, concentrating on those launched in relation to Internet Relay Chat (IRC). We will cover the psychology of those who launch DoS attacks, the tools and methods they use, and our successes with tracking and prosecution of these individuals. Additionally, we will cover our tried-and-tested methods of observing, tracking, and defending against these attacks. Finally, we will focus on the effects of these attacks on nearby machines and network infrastructure.

Speakers
Karthik Arumugham, Global NAPs
Karthik Arumugham has been a Network Engineer at Global NAPs in Quincy, MA for one year, and has been with the company as a Systems Engineer and Software Developer for two years. He has several years of experience in Unix administration, system and network security, and software development.

Steven Schechter, Globix
Steven Schecter has been a Backbone Engineer at companies such as AboveNet Communications (MFNX), and now presently Globix Corporation in New York City. Previous to that he spent two years working as a Network Engineer and Systems Administrator for Net Access Corporation.

Jason Slagle, Toledo Internet Access
Jason Slagle has four years experience as Network Administrator at Toledo Internet Access in Toledo, OH. Currently holding his CCNP/CCDP certifications, he is seeking his CCIE and Cisco specialization in security.

Full Abstract

Network engineers have been known to use diversion to blackhole DDoS attacks. This technique may divert and blackhole legitimate traffic. We present a method that provides availability under DDoS attacks by combining different diversion methods with a mechanism that sieves the "bad" packets and forwards the "good" packets to the intended victim. The method minimizes demand on router resources and does not introduce additional elements on the normal data path.

The diversion method allows a sieving mechanism to process only the victims' traffic. The system is employable on a provider's backbone, preferably at the peering points. Furthermore, since diversion is done on demand for different targets at different periods of time, the solution can be shared by a large number of potential victims and can protect any element in the provider's backbone. This method can also be applied on egress traffic, thus enabling a service provider to clean attack traffic generated within its own network. Various alternative methods of transparently diverting a victim's traffic and returning its legitimate traffic will be presented.

Speakers
Yehuda Afek, Tel-Aviv Univ. & WANWall
Yehuda Afek is a Professor in the School of Computer Science at Tel-Aviv University, and the CTO of WANWall Inc. Currently his research focuses on efficient forwarding and routing algorithms for IP networks, and methods for traffic engineering to stop DDoS attacks. Prior to joining Tel-Aviv University in 1989 he spent four years in AT&T Bell Laboratories. He received his M.Sc. and Ph.D. in Computer Science from UCLA in 1985 and 1983, respectively.

Anat Bremler-Barr, Tel-Aviv Univ. & WANWall
Hank Nussbacher, WANWall
Danny Touitou, WANWall

Full Abstract

In this talk, we explore the degree to which commercial strategies, peering disputes, network failures, misconfiguration, and occasionally, malicious intent, lead to a partitioning of Internet topology. Specifically, we present a three-year study of the differences in Internet provider reachability. We focus on "dark address space," or the range of topology accessible from one provider, but unreachable via one or more competitor networks. We present active and passive measurements of these differences on time scales ranging from several seconds to multiple months.

Speakers
Abha Ahuja, Merit Network/Arbor Networks
Craig Labovitz, Merit Network/Arbor Networks
Presented by Rob Malan, Arbor Networks

Full Abstract

This talk will present our measurement and analysis of multiple origin AS (MOAS) conflicts in observed BGP updates, as well as a proposal for use of a community attribute and DNS to decrease risk in cases where MOAS conflicts may cause significant Internet routing disruption. Examples of such disruption include the AS8584 case in April 1998, and the instabilities generated by C&W peering changes in June of this year.

Seen in BGP routing table views, MOAS conflict is the case where a particular prefix originates from more than one AS. Using BGP routing tables from multiple views over 1279 continuous days, we analyzed total numbers of MOAS conflicts, duration of the conflicts, and relation to prefix length. We also classified the conflicts by the congruence of the multiple AS paths and analyzed the potential causes for the conflicts. These include intended uses to meet legitimate operational needs (multi-homing without BGP, private AS number substitution at egress, exchange points, anycast practices) and faults.

Both the total numbers of MOAS conflicts and the distribution of conflict duration suggest that MOAS due to faults represents a significant operational concern, even with the filtering lessons learned from AS8454 and similar events before and after. When a MOAS conflict occurs, we would like to enable routers to distinguish intended MOAS cases from route flapping or blackholing. Proposed solutions so far include the use of DNS (Bates/Bush1998) and uses of routing registries, including full-blown certifications (SBGP). In this talk we propose a much simpler and incrementally deployable approach using a new community attribute and DNS, which can provide adequate protection against faults from MOAS conflicts.

Speakers
Allison Mankin, USC/ISI
Dan Massey, USC/ISI
Dan Pei, UCLA
Lan Wang, UCLA
S. Felix Wu, UC Davis
Lixia Zhang, UCLA
Xiaoliang Zhao, NCSU

Full Abstract

While it is well-known that BGP is vulnerable to simple, accidental misconfigurations that can cause widespread loss of connectivity, most of the evidence is anecdotal. Routing configuration errors have received less attention than more popular threats to connectivity, such as denial-of-service, and CAIDA's BGP analyses and Merit's IPMA project provide some of the only data available.

We present initial results of a new study of BGP configuration errors based on publicly available routing table snapshots and looking glasses. We quantify the kind and extent of configuration errors, as well as their impact on backbone connectivity. In this talk, we focus on announcements with incorrect origin AS and partial connectivity.

We find that there are a significant number of questionable routing announcements, but the majority of these have only a slight impact on connectivity. Of the roughly 2% of the prefixes per day that are not announced with consistent origins, O(100) prefixes are subject to AS-path stripping and potential address space hijacks, while the other fluctuations are more benign. We also analyze partially connected address space (that is reachable only from some parts of the Internet) to expose route filtering and damping practices that are limiting connectivity. We find that 1-2% of the address space exists in a persistently partially reachable state at any given time.

Speakers
Tom Anderson, University of Washington
Ratul Mahajan, University of Washington
David Wetherall, University of Washington

Full Abstract

We analyze the BGP messages collected by the RIPE-NCC Routing Information Service. The data has been collected for about two years. It is much richer than the daily snapshots often used in analysis and helps us address more detailed questions than simply table size growth. For example, we can show the effectiveness of CIDR aggregation, or account for multi-homing and inter-domain traffic engineering more accurately.

In short, we find that the routing table size growth is not exponential, CIDR is doing very well, and churn is decreasing. Most of the churn is due to the loss and re-establishment of BGP peerings, as well as policy misconfigurations (leaking routes, etc).

Speakers
Cengiz Alaettinoglu, Packet Design
Cengiz Alaettinoglu is a member of the Technical Staff at Packet Design. His current work includes analysis of and enhancements to BGP and IGP scaling and convergence properties. He was previously at the USC Information Sciences Institute, where he worked on the Routing Arbiter project. Cengiz co-defined the Routing Policy Specification Language along with the protocols to enable a distributed, secure routing policy system.

Full Abstract

Service providers have expressed a need for a simple, standard method of building tools for network management and provisioning. The Extensible Markup Language (XML) provides a straighforward means by which these needs can be met. Using standard tools, XML can be easily parsed, stored, retrieved, debugged, and documented. XML's ASCII encoding lends itself well to scripting and provisioning (it's easy to write, and easy to debug), and its ability to provide forward and backward compatibility makes it a robust choice for building network management tools.

This talk will include a very brief introduction to XML, a description of areas of network management to which XML is applicable, and examples of using XML and XML-based tools to wrangle operational and configuration data from a network.

Speakers
Rob Enns, Juniper
Rob Enns works on user interface and network management software at Juniper Networks. Prior to Juniper Rob worked at Berkeley Networks and FORE Systems.