Saturday, May 31, 2003
Topic/Presenter |
---|
RecordingsFull AbstractThis session covers the protocols and topologies associated with inter-domain multicast routing, including details on the operation of MSDP and MBGP as they relate to PIM. The session also introduces the latest trends in inter-domain multicast routing, PIM Source Specific Multicast (SSM), Multicast VPNs, and IPv6 Multicast. During the tutorial, the basic fundamentals of MBGP and MSDP are covered along with their basic configuration, as well as the use of Anycast RP's. Numerous topology examples with regard to inter-domain multicast using MBGP and MSDP are presented, along with configuration examples for both the provider and customers. Next, the session introduces Source Specific Multicast and shows how this method of inter-domain multicast solves some of the problems associated with traditional inter-domain PIM-SM multicast. Methods to secure a multicast network will also be presented. Speakers |
RecordingsFull AbstractThis tutorial introduces service providers to some of the features available in BGP to aid multihoming to the Internet. After an explanation of multihoming and the principles being followed in this tutorial, several examples involving different scenarios will be given. This includes the options available when multihoming to the same ISP (including RFC2270) and to different upstreams. Configurations for modifying inbound and outbound traffic flows are covered. The tutorial concludes with a case study, and an examination of the use of BGP communities by several ISPs. The configuration examples throughout this tutorial use the Cisco IOS configuration syntax. Speakers |
Sunday, June 1, 2003
Topic/Presenter |
---|
Full AbstractSpeakers |
RecordingsFull AbstractThis tutorial introduces network engineers and service providers to basic and intermediate features and techniques available for building an MPLS network. We will discuss basic topics of how MPLS operates in a service provider network, including terminology, the setup of label-switched paths (LSPs), and LSP maintenance. Both dynamic MPLS signaling options in widespread use today, RSVP and LDP, will be discussed. Throughout the tutorial, Juniper Networks and Cisco Systems routers are used to illustrate important MPLS concepts. Additionally, configuration and troubleshooting examples are provided using CLI commands from both vendors. Speakers |
Full AbstractSpeakers Panelist - Andy Bierman, Cisco Systems |
Monday, June 2, 2003
Topic/Presenter |
---|
Full AbstractSinkholes are a flexible security tool that add a wealth of new capabilities to an ISP's security toolkit. ISPs are using sinkholes to track infrastructure port scanning, identify and classify attacks, packet capture attack flows, trace attacks through their networks, and divert attack flows from the target of the attacks. Sinkholes also enable a variety of new applications brought about through necessity and growing operational experience. Sinkholes go beyond narrowly focused tools like black hole servers, Tarpits, and Honeynets. Sinkholes may be used to perform any or all of these functions, but often incorporate all of these and more. This tutorial will explain how to build a sinkhole, using generalized examples from ISP deployments around the world. Configuration using JUNOS and IOS will be used to demonstrate the various ways trigger routers and target routers in the sinkholes are safely, scalably, and efficiently configured. Architectural considerations relating to network topology and placement of sinkholes in the ISP's network will be covered, along with anycast deployment options. A multitude of tools that can be placed inside the sinkhole will also be discussed. These include a variety of freeware, shareware, home-built, and commercial tools - covering the diversity available to ISPs of any size. This tutorial is recommended to ISP engineers of all experience levels. The source materials are derived from live operational deployments, which can be modified and applied to any large IP transport network. Speakers |
RecordingsFull AbstractAlthough IPv6 has been deployed in a multitude of research and development networks worldwide, commercial deployment is still limited. The need for IPv6 is widely acknowledged in Asia, where IPv4 addresses are increasingly difficult to acquire. In North America, where some 74% of the allocated IPv4 addresses are located, there is not yet the sense of urgency for IPv6 as there is in Asia. Yet even here, there is growing interest and understanding IPv6 will eventually be required. It is therefore important that network operators begin familiarizing themselves with the technical issues surrounding the deployment of realistic IPv6 networks. This tutorial provides a technical overview of the existing state of the three classes of IPv6 transition technologies: dual stacks, tunnels, and translators. Specific technologies within each of these classes are examined. Outstanding transition issues, both resolved and unresolved, are also examined. These issues include multihoming, DNS, and security. Speakers |
Full AbstractArbor Networks |
Full AbstractXML for network management has been a popular topic lately. The large toolset available for manipulating XML encoded data, the text-based nature of the data, and the natural applicability to encoding large sets of hierarchical data make XML a good choice for manipulating data representing network configuration and operational state. This BoF will present several examples of XML-based network management tools. Examples will include tools currently in production use at major ISPs, as well as examples of vendor-specific XML tools such as JUNOScript. Speakers |
Full AbstractSpeakers |
RecordingsFull AbstractSpeakers Val Oveson, State of Utah |
Full AbstractSpeakers |
Full AbstractThere is a conflict between the interests of privacy and the ability of law enforcement to intercept the communications of criminal targets. Yet interception technology is not without its own risks -- it is intended to be used only by authorized parties for lawful interception, but may also be abused by unauthorized individuals. This talk will focus on the technical risks of interception technology and discuss the wisdom of standardizing protocols and technologies to facilitate interception. This is a tricky topic, because one must balance the benefits and risks of privacy versus interception for lawful purposes. We will attempt to stay within the technical realm as opposed to the politics of interception. Speakers |
Full AbstractThe National Information Advisory Council (NIAC) was formed by executive order in September 2002 and is charged with advising the US Department of Homeland Security and the President regarding the security of information systems and networks essential to the nation's critical infrastructure. A key task in front of the NIAC is to provide guidance on disclosing vulnerabilities, and a working group has been created to establish a framework for vulnerability disclosure to include specific recommendations to the President. As part of its outreach and information-gathering efforts, the working group is presenting a brief overview of the project during the Monday morning General Session. Interested attendees are invited to contribute further via a dialog during the ISP Security BOF at 7:30 Monday evening. Speakers Paul Vixie, ISC. |
RecordingsFull AbstractAbilene, the Internet2 backbone, has been running dual-stack on its backbone routers for over a year. In this talk, we discuss experiences with both the Cisco GSR and Juniper T640 platforms on issues ranging from IGP and BGP to monitoring and performance. Speakers |
Full AbstractIn November 2002 and again in February 2003, an international team of scientists from Caltech, SLAC, and LANL in the U.S., CERN in Switzerland, and NIKHEF in Amsterdam broke the Internet2 TCP land speed record (i.e., the product of the bits/s times the distance) not once but twice. They achieved 923Mbits/s with an end-to-end application-to-application single TCP stream from Amsterdam to Sunnyvale (10,619 Tbit-meters/s) over a 1Gbit/s bottleneck, 8.6 Gbits/s between 10 machines in Sunnyvale and 10 machines in Baltimore over a 10 Gbits/s bottleneck, and 2.38 Gbits/s with a single TCP stream from Sunnyvale to Geneva over a 2.5 Gbits/s bottleneck. The records were broken with commercial off-the-shelf components, and demonstrate that TCP can scale from the original 56kbits/s Internet of the 1980s to tomorrow's multi Gbits/s rates. The talk will address the questions of: who did it; what exactly was done; how was it done (including descriptions of the testbeds, the challenges, the effects of various solutions, and gotchas); what was special about this; why it is important; and what's next? Speakers |
|
Full AbstractRecently the security of BGP has been called into question by the government, security experts, and the media. Perhaps by assuming that a compromise of the Internet routing infrastructure would be relatively trivial to accomplish, most of the recent attention has focused on replacements to BGP rather than ways we can do the best with what we have. Because any possible replacement for BGP will not be widely deployed in the near-term, an understanding of the key threats and mitigation techniques against current BGP deployments needs to be better understood. Furthermore, since most of the existing work related to BGP vulnerabilities is largely theoretical in nature, any new effort should be based in real testing on implementations that are commonly deployed by ISPs. This talk presents the results of research in the area of BGP attacks. This research includes three main areas. First, specific attacks as outlined in the BGP Attack Tree draft were tested against lab networks to gauge attack results, difficulty, and the availability of best practices which mitigate the attack's effects. Where appropriate, these attacks were done against multiple BGP implementations to measure variations in response. Second, multiple implementations were tested using a BGP malformed message generator in an attempt to measure the resilience of BGP implementations against unexpected input. Third, the prevalence of generally accepted best practices on the Internet was measured by querying a representative set of the Internet's BGP routers on key management interfaces. Analysis of this data will be useful for operators looking to improve the security of their BGP networks today and to evaluate potential improvements to BGP in the future, especially given the challenge of balancing scalability and ease of deployment with security in any future "secure BGP." Speakers Matthew Franz, Cisco Systems |
Full AbstractSpeakers |
RecordingsFull AbstractThe increasing economic importance of IP networking, combined with a sharp increase in the frequency and sophistication of attacks, has made security of critical importance for IP data networks. In response to this need, a group of service providers and vendors, operating as part of the Network Reliability and Interoperability Council (NRIC), has developed a set of best practices for enhancing data network security. This talk will give a short overview of NRIC and of the best practices for security. We will give an example of how best practices can be useful in stopping attacks such as the slammer/sapphire worm, and will provider pointers to more information on NRIC and the NRIC best practices for security. Speakers |
|
Full AbstractThe members of ARIN instituted a policy to curb lame DNS delegations within ARIN's scope in the in-addr.arpa domain. The staff of ARIN has begun implementing the policy and has already witnessed a reduction in lame delegations. This presentation will outline the ARIN policy, results from early tests, and explain how ARIN is interacting with registrants and other registries on this issue. Speakers |
Tuesday, June 3, 2003
Topic/Presenter |
---|
RecordingsFull AbstractThe 16-bit AS number field in BGP has 64,510 available values to use in the Internet's public routing space. Since some 30,000 AS numbers have already been assigned by the regional registries, the BGP protocol field will be exhausted at some point in the future. The solution, as outlined in www.merit.edu/internet/documents/internet-drafts/draft-ietf-idr-as4bytes-06.txt, is to use a 32-bit field for this value. Both the problem and the solution are discussed further in this presentation. Speakers |
RecordingsFull AbstractWe present various MPLS-based methods to enable a service provider to divert traffic of specific destinations to a centralized scrubbing and inspection facility. The traffic may be diverted from several locations, such as peering points, to the central processing facility. This technique differs from the sinkhole approach, in which the traffic does not come out of the sink and thus does not reach the intended destination. Here, after being processed, the traffic is sent back to the network on its way to the intended destination. This facilitates scalable, focused, and targeted filtering and processing of different customer traffic for on demand tasks such as, reverse proxy (ala Hardie & Wessels, see Bellwether - Surrogate Services for Popular Content," NANOG19), traffic examination, or DDoS attack filtering. The experience of a successful real-life deployment in an ISP environment will be reviewed. Speakers Roy Brooks, Cisco Systems |
RecordingsFull AbstractSpeakers |
|
RecordingsFull AbstractThis presentation outlines some of the technical concerns and other issues that came up during deployment of the @Home Network. Speakers |
Full AbstractThis presentation will describe a technology intended to detect faults in the bidirectional path between two forwarding engines, including interfaces, data link(s), and, to the extent possible, the forwarding engines themselves, with potentially very low latency. The technology operates independently of media, data protocols, and routing protocols. We will also discuss scenarios of applicability and deployment. Speakers |
RecordingsFull AbstractSpeakers |