Full Abstract

Increasing demands and new service requirements have led to increasing complexity in Internet backbones. This panel will explore emerging concerns about complexity and its effects in production backbones. Topics include the complexity tradeoffs inherent in various backbone engineering and operations activities, such as:

• Traffic engineering techniques
• VPN technologies
• QoS/CoS provisioning
• High availability (HA)
• Layering philosophies
• Layered control planes
• IP multicast

Speakers
Moderator - Dave Meyer, Sprint and the University of Oregon
David Meyer is currently Chief Technologist and Senior Scientist at Sprint. He is also Director of the Advanced Network Technology Center at the University of Oregon. Prior to working at Sprint, he worked at Cisco, where he was involved in software development, working both on multicast and BGP. He is active in the IETF, where he chairs the MBONED and MSDP (Multicast Source Discovery Protocol) working groups. He is also active in ANSI T1X1, among other industry organizations.

Panelist - Randy Bush, IIJ
Randy Bush works as Principal Scientist at Internet Initiative Japan. Previously he spent a bit over a year at AT&T doing research and working on network architecture. He got some operational experience from being on the founding team at Verio, a backbone provider, from which he graduated as VP of Networking after five years. Before that, he was the principal engineer of RAINet, an ISP in Oregon and Washington, which was Verio's first acquisition.

Randy is co-chair of IETF WG on the DNS, and is currently a member of the IESG, serving as co-chair of the IETF Operations and Management Area, mainly covering the operations area.

As PI for the Network Startup Resource Center, an NSF-supported pro bono effort, he has been involved for some years with the deployment and integration of appropriate networking technology in the developing world.

For references cited in Dave Meyer's talk, see:

http://www.maoz.com/~dmm/complexity_and_the_internet/" TARGET="_BLANK">http://www.maoz.com/~dmm/complexity_and_the_internet/

For Dave Meyer's slides, please see:

http://www.maoz.com/~dmm/NANOG26/complexity_panel/" TARGET="_BLANK">http://www.maoz.com/~dmm/NANOG26/complexity_panel/

Vijay Gill, AOL Time Warner
Thomas Telkamp, Global Crossing
Thomas Telkamp is Director of Network Architecture at Global Crossing, responsible for the planning and architecture of Global Crossing's MPLS backbone, Internet services, and VPNs. Before joining Global Crossing in January 1999, he was at AT&T-Unisource Communications Services (now Infonet Europe) and SURFnet. He has also worked as a consultant for several companies, including DANTE and Wunderman Cato Johnson.

Dave Ward, Cisco Systems
Lixia Zhang, UCLA
Lixia Zhang is a Professor in the UCLA Computer Science Department. She received her Ph.D. degree from MIT in 1989. Lixia was a research staff member at Xerox PARC from 1989 to 1995, when she joined UCLA. Her recent research projects have focused on fault tolerance in large-scale systems and network routing protocols.

Full Abstract

Adlex

Full Abstract

The software engineering process lends itself well to large, well-managed, multi-disciplinary teams producing well-defined products in response to detailed requirements analysis. As much fun as that sounds, sometimes what you really need is a short and simple answer to a short and simple question, preferably now.

The business of daily operations at almost every service provider depends on the existence of a herd of small, single-use scripts designed to emulate in a few seconds work that a human operator might take a couple of hours to do. The focus of these tools is usefulness in the hands of a network operator over engineering purity or elegance in design.

Questions that are readily answered by the judicious application of a small pile of scripts include:

• What BGP sessions have gone down in the last hour?
• What routers rebooted in the last five minutes?
• What filters are defined, but not used?
• What filters are used, but not defined?
• What interfaces have been admin shutdown for over a month?
• Who just tripped their maximum-prefix limits?
  
  

This BOF is a place for toolmakers to meet other toolmakers, and to exchange ideas, code, and horror stories.

Speakers
Moderator - Stephen Stuart, ISC

Full Abstract

Speakers
John Curran, ARIN Board Chair
John Curran is the Chairman of Board of ARIN, the American Registry for Internet Numbers. John helped found ARIN five years ago and has served as Chair since its inception. ARIN has over 1800 members and is the Regional Internet Registry managing IP address resources for the North America, South America and the Caribbean region. When not managing ARIN, John is the Chief Technology Officer and Vice President of Engineering at XO Communications, a facilities-based communications provider in Reston, Virginia.

Susan Harris, Merit Network
Lucy L. Lynch, University of Oregon
Lucy Lynch is a member of the Univesity of Oregon Computing Center staff. She is part of the Academic User Services team, along with Hans Kuhn and Joel Jaeggli. Her duties sometimes include the management of special projects like hosting a NANOG meeting!

Dave Meyer, Sprint/University of Oregon
David Meyer is currently Chief Technologist and Senior Scientist at Sprint. He is also Director of the Advanced Network Technology Center at the University of Oregon. Prior to working at Sprint, he worked at Cisco, where he was involved in software development, working both on multicast and BGP. He is active in the IETF, where he chairs the MBONED and MSDP (Multicast Source Discovery Protocol) working groups. He is also active in ANSI T1X1, among other industry organizations.

Full Abstract

Speakers
Marc Sachs, Office of Cyberspace Security

Full Abstract

Security incidents are a daily event for Internet Service Providers. Attacks on an ISP's customers, attacks from an ISP's customer, and attacks on the ISP's infrastructure are now one of many "security" NOC tickets through out the day. This increase in the volume and intensity of attacks has forced ISP's to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. The spirit of inter-ISP cooperation exists in the ISP Security ranks, but the problem is that ISP Security Teams from one ISP cannot find their colleagues amongst their peers. This ISP Security BOF models itself on the NANOG Peering BOFs, focusing on building the human Internet of ISP Security Engineers. We solicit ISP Security/NOC Teams (before the meeting), asking them to characterize their security tools and policies in general ways ("always help customers under attack" or "will trace the attack to the source" or "will work with law enforcement" or "black hole violators" or "implement common tools" etc.). From the answers, we will select a set of ISP Security Engineers to present a 5-to-10-minute description of their network, security tools, policies, how they would like to interact with other ISP Security Teams, and the identification/mitigation problems ISPs have had with existing technology/techniques. This presentation puts a face with the e-mail address at the ISP's Security/NOC Team. At the end of the BOF, representatives will have time to speak with ISP Security Engineers at ISPs with which they seek to deepen their interaction and cooperation. The expectation is that these interactions will lead to an effective, Internet-wide security incidence response --- plugging the attacks at their source and perhaps apprehending the perpetrators (using law enforcement to put a dent in the problem).

Speakers
Barry Raveendran Greene, Cisco Systems
Merike Kaeo, merike.com
Merike Kaeo has been in the networking industry for over 14 years. She is a member of the IEEE and is currently the co-chair of the IETF IPPM (IP Performance Metrics) working group. Merike worked at the National Institutes of Health in Bethesda, MD from 1988 to 1993, designing and implementing the original FDDI backbone for the NIH campus using Cisco routers. From 1993 to 2000, Merike was employed by Cisco, where she initially worked primarily on technical issues relating to router performance, network routing protocols, network design, and network security. She was a lead member of Cisco's security initiative and has been a panel member in security-related issues at Interop and The Internet Security Conference (TISC). Merike is currently an independent consultant in the areas of network security, optical networks, high-speed routing and QoS-related performance measurements. Merike authored 'Designing Network Security' in May 1999. She received her BSEE degree from Rutgers University in 1987 and completed her MSEE degree from George Washington University in May 1998.

Full Abstract

The ability of attackers to rapidly gain control of vast numbers of Internet hosts poses an immense risk to the overall security of the Internet. Once subverted, these hosts can not only be used to launch massive denial of service floods, but also to steal or corrupt great quantities of sensitive information, and to confuse or disrupt use of the network in more subtle ways. We present an analysis of the magnitude of the threat.

Speakers
Vern Paxson, ICSI/ICIR
Stuart Staniford, Silicon Defense
Nicholas Weaver, UC Berkeley

Full Abstract

Speakers
Vijay Gill, AOL Time Warner

Full Abstract

During the last five years, the RIPE NCC has been working on two new services for the entire ISP community: TTM or Test Traffic Measurements, and the RIS or Routing Information Service. These projects were presented at the Winter 2000 NANOG meeting, but a large number of new features have been added during the last three years.

http://www.ripe.net/test-traffic/" TARGET="_BLANK">Test Traffic Measurements

The TTM now consists of a network of +/- 70 machines measuring delay and loss between sites all over the world. Since 1999, two new measurements have been added:

• IP delay variations, a.k.a. jitter
• Bandwidth measurements, providing an estimate of the total available bandwidth between sites as well as the unused bandwidth.
  
  

We also present the new CDMA-based version of the measurement device. CDMA is a 3rd generation mobile telephony standard that, as a side effect, produces a timing signal. This timing signal can be used to measure the performance of both IPv4 and IPv6 networks down to the 10-microsecond level, anywhere when one can use a mobile phone, without the need for an expensive and hard-to-install GPS system.

http://www.ripe.net/ris/" TARGET="_BLANK">Routing Information Service

The RIS is now collecting BGP information from nine sites world-wide, with collectors in North America, Europe and Asia. Some 200 ISP's are participating by providing a BGP feed. New applications of the data since the project was presented at the winter 2000 NANOG include:

• Daily lists of hot-spots with the most active prefixes
• Analysis of flaps in the routing table.
• Detection of AS's and prefixes announced by ISP's but not properly registered in the whois database and/or not assigned to them.
• Multi-homing effects.
  
  

The talk gives a short overview of the various services and how they can be used in daily ISP operations, using the shutdown of a major European backbone provider that recently went bankrupt as an example.

Speakers
Henk Uijterwaal, RIPE-NCC
Henk Uijterwaal is the manager of the New Projects Group at the RIPE-NCC. Since joining the RIPE-NCC in 1997, he has divided his time between the Test Traffic Measurements, the Routing Information Service (described above) and the DISI project on DNSSEC deployment.

Full Abstract

CAIDA is continuing efforts to analyze DNS root server performance. We are characterizing DNS clients that send large numbers of queries to root servers. Analysis of trace data from the two F root servers shows a number of interesting things. Most of the high-rate queries exhibit the strange behavior of only using 25% of the query ID range. A number of sources also transmit each query two or three times. We also notice hourly spikes in the number of clients contacting the root servers. The talk will include results of analyses of which applications/configurations are broken, and how to fix or upgrade them.

Speakers
Duane Wessels, The Measurement Factory/CAIDA
Duane Wessels discovered Unix and the Internet as an undergraduate student studying physics at Washington State University. After playing System Administrator for a few years, he moved to Boulder, Colorado to attend graduate school. In late 1994, he joined the Harvest project, where he worked on searching, indexing and caching. From 1996 until 2000, he was co-principle investigator of the NLANR Information Resource Caching project (IRCache). During this time he and others developed and supported the Squid caching proxy. He has written a book, titled Web Caching, published by O'Reilly and Associates. Currently, he is co-owner and president of The Measurement Factory, Inc., a company that specializes in evaluating the performance and compliance of HTTP-aware devices.

Full Abstract

Despite BGP's critical importance as the de-facto Internet inter-domain routing protocol, there is little understanding of how BGP actually performs under stressful conditions when dependable routing is most needed. In this paper, we examine BGP's behavior during one stressful period, the Code Red/Nimda attack on September 18, 2001. The attack was correlated with a 30-fold increase in BGP update messages at a monitoring point that peers with a number of Internet service providers. Our examination of BGP's behavior during the event concludes that BGP exhibited no significant abnormality, and that over 40% of the observed updates can be attributed to the monitoring artifact in current BGP measurement settings. Our analysis, however, does reveal several weak points in both the protocol and its implementation, such as BGP's sensitivity to transport session reliability, its inability to avoid the global propagation of small local changes, and certain implementation features whose otherwise benign effects are only amplified under stressful conditions. We also identify areas for improvement in the current network measurement and monitoring effort.

Speakers
Randy Bush, IIJ
Allison Mankin, USC/ISI
Daniel Massey, USC/ISI
Dan Pei, UCLA
Lan Wang, UCLA
Felix Wu, UC Davis
Lixia Zhang, UCLA
Xiaoliang Zhao, USC/ISI

Full Abstract

BGP Route Oscillation Reduction and Deployment Considerations, by Enke Chen

In this presentation we analyze several cases of BGP persistent route oscillation, and identify the unnecessary route withdraw as the primary contributor to these cases. We present a revised approach of advertising the best external route that can be used to reduce route oscillation. Finally, we present recommendations on route oscillation detection and outline deployment considerations that would help reduce/avoid persistent route oscillations using route reflection or confederation.

Speakers
Moderator - Sue Hares, NextHop
As founder and CTO of NextHop Technologies, Sue Hares leads the company's technology qualification, development, and strategic planning functions. Prior to launching NextHop, Sue spent 13 years at Merit Network, Inc., where she most recently directed the Merit GateD Consortium. She was also a senior engineer at both Allen-Bradley Corp. and ADP Inc. An active participant in the design, specification and implementation of routing protocols, Sue co-chairs the IETF Inter-domain Routing working group, which is standardizing BGP. She is also a member of the NANOG program committee. Sue holds a B.S. in Computer Engineering from the University of Michigan.

Panelist - Enke Che, Redback
Enke Chen is currently a principal engineer and technical leader in IP routing software development at Redback Networks. Previously he was a senior software engineer working on BGP at Cisco. He also worked on the design and engineering of the Internet MCI backbone network at MCI, and the NSFNET backbone at Merit. Enke Chen holds a Ph.D. in Electrical Engineering: Systems from the University of Michigan, Ann Arbor.

Panelist - John Scudder, Cisco Systems

Full Abstract

We present Scriptroute, a new system that allows network operators and researchers to make measurements from remote vantage points.

Existing systems such as NIMI, the National Internet Measurement Infrastructure, provide much of the needed functionality, but not all. NIMI provides the advantages of dedicated hardware that can be used for a wide range of network measurements. In return, users must possess credentials, which creates a barrier that limits access to a small community of users trusted by the administrator. Thus these systems do not help unaffiliated users like a network operator trying to debug poor network performance.

The popularity of Web-accessible traceroute servers offers a different solution. Several hundred public traceroute servers are available, constituting the largest de facto Internet measurement facility. These servers are typically used to debug two-way connectivity problems, providing indirect benefit to the traceroute server host. They are also easy to secure, because they provide only limited functionality and local administrators retain control to deny access to abusive users. As a result, many network operators now contribute traceroute servers.

However, traceroute servers provide limited functionality -- only a hop-by-hop TTL test -- and have significant drawbacks when used as a measurement system. They are difficult to coordinate, as they were not designed with programmed access in mind. More importantly, there are many non-intrusive performance tests that are not supported by traceroute servers, such as available bandwidth, capacity, and congestion. In short, it is clear that a much richer diagnostic and measurement capability would be possible with a general-purpose tool.

Our goal is to combine the best of both worlds: the flexibility to run a wide variety of different measurement tools with the general availability of traceroute servers. We begin with the safety properties of traceroute servers: we design the system to prevent misuse, even at the cost of disallowing some kinds of useful measurements. We call our system Scriptroute. We use scripting for flexibility, both to make it easy to implement measurement tools and to coordinate measurements across multiple servers. For security, we use sandboxing and local control over resources to protect the measurement host, and rate-limiting and filters that block known attacks to prevent misuse of the network. Further, because network measurements often send probe traffic to random Internet hosts and administrators sometimes mistake measurement traffic for an attack, we provide a mechanism for sites to block unwanted measurement traffic.

We have implemented the Scriptroute design and deployed it on servers across 33 PlanetLab sites. The Scriptroute code is available and can be used for local measurement script development or for participation in the global system. We have used the system to measure routing trees around the destination. Early experience suggests that our system will be flexible enough to implement a variety of new measurement tools despite its security restrictions, that access to many remote vantage points makes the system valuable, and that scripting is an apt choice for expressing and combining measurement tasks.

For more information, see:

http://www.cs.washington.edu/research/networking/scriptroute/" TARGET="_BLANK">http://www.cs.washington.edu/research/networking/scriptroute/

Speakers
Tom Anderson, Department of CSE, University of Washington.
Neil Spring, Department of CSE, University of Washing
Neil Spring is a graduate student at the University of Washington, focusing on techniques for measuring network link and path properties. The latest project for Neil and his colleagues is Rocketfuel, an ISP toplogy mapping engine.

David Wetherall, Department of CSE, University of Washington.