Full Abstract

As routing researchers, we frequently hear comments such as:

• Internet routing is fragile, collapsing...
• BGP is broken or is not working well
• Yesterday was a bad routing day on the Internet,
Change X to protocol Y will improve routing

And we often measure routing dynamics and say that some measurement is better or worse than another. But what is 'good' routing? How can we say one measurement shows routing is better than another unless we have metrics for routing quality? We often work on the assumption that number of prefixes, speed or completeness of convergence, etc., are measures of routing quality. But are these real measures of quality?

Perhaps because I am also an operator I think the measure that counts is whether the customers' packets reach their intended destinations. If the customers' packets are happy, the routing system (and other components) are doing their job. Therefore, I contend that, for the most part, we should be judging control plane quality by measuring the data plane. And we have well defined metrics for the data plane: delay, drop, jitter, reordering, etc. We also have tools with which to measure them.

It is not clear that happy packets require routing convergence as we speak of it today. If there is better routing information near the destination than at the source, maybe there is sufficient information near the source to get the packets to the better informed space. This is not that unlike routing proposals, such as Nimrod, where more detail is hidden the further you get from the announcer. If the routing system is noisy, i.e., there is is lot of routing traffic, that may not really be a bad thing.

We know convergence time can be reduced if announcement throttling (MRAI) is lessened. As long as network growth increases load on the routers below Moore's law, it is not clear we are in danger. This talk presents results of six months of measurements using multiple globally widespread streams directed at a multi-homed routing beacon.

Speakers
Randy Bush, IIJ
Randy Bush works as Principal Scientist at Internet Initiative Japan. Previously he spent a bit over a year at AT&T doing research and working on network architecture. He got some operational experience from being on the founding team at Verio, a backbone provider, from which he graduated as VP of Networking after five years. Before that, he was the principal engineer of RAINet, an ISP in Oregon and Washington, which was Verio's first acquisition. As PI for the Network Startup Resource Center, an NSF-supported pro bono effort, he has been involved for some years with the deployment and integration of appropriate networking technology in the developing world.

Tim Griffin, Intel Research
Zhuoqing Mao, University of Michigan
Eric Purpus, University of Oregon
Dan Stutzbach, University of Oregon

Full Abstract

Like the fixed telecom infrastructure that connects most users to the Internet, the international distribution of publicly routed IPv4 addresses (based on the national registration of their originating AS, using partially corrected/updated whois data) is fairly closely predicted by national gross domestic product (GDP). This statistical observation is consistent with well-known facts about the extra-national use (i.e., outside of their country of reported allocation) of IP and AS numbers across highly developed countries because, like "national" IP and AS accounting, "national" GDP calculations implicitly encompass many of the international productive assets of locally incorporated firms. Additionally, inter-domain routing for public Internet services remains highly nation-centric in heavily regulated telecommunications markets. In such cases (still the norm in many parts of the world), the extension of national telecom monopoly control to layer 3 effectively creates national Autonomous Routing Domains (ARDs), with the national telecom monopoly serving as a barrier between domestic and international inter-domain routing. National GDP is not a good predictor of public AS numbers. However, a simple two-variable interaction model using national GDP and national AS numbers very closely parallels the global landscape of publicly routed IP. All things (e.g., GDP, fixed telecom infrastructure) remaining equal, more AS numbers in use by a national economy leads nonlinearly to the accumulation of more Internet resources by those same Autonomous Systems, as measured by public routed IP. One interpretation of this statistical observation is that ASes introduce the element of specialization into the global Internet growth equation. This is intuitively plausible since ASes enable network operators to exercise beneficial control over shared and wholly-owned telecom resources, assembling them into logical systems to achieve specific institutional (usually commercial) goals. The role of specialization, exchange, and competition in facilitating resource accumulation was first observed by Adam Smith in The Wealth of Nations (1776). Smith theorized that systems of specialized, interacting, and competing units constitute a more efficient form of economic organization than unicellular and undifferentiated systems of similar size. This efficiency takes the form of accelerated capital formation and accumulation, which in turn contributes to further innovation and specialization, and to higher standards or living. The global distribution of Internet resources seems to be consistent with Smith's vision of economic organization. A variety of factors may complicate or contradict this finding. For example, the use of IPv4 address and AS number accounting to quantify Internet resource production could be disputed on a variety of empirical grounds (varying national patterns of NAT and IPv6, the existence of ARDs larger and smaller than individual AS numbers, etc.). The author hopes to solicit operationally-grounded comments from the NANOG community to inform ongoing work on a general theory of IP economics.

Speakers
Tom Vest, eyeconomics.com

Full Abstract

We present the latest results of our NSF-sponsored research project to extend our existing 1-Gbps PCI-based traffic processing hardware to 10 Gbps. The PCI card has two Ethernet ports and acts as a line speed Ethernet bridge with sub-microsecond latency. The card can be programmed with a large number of predefined stateful signatures that identify which packets are to be captured and/or blocked at line speed. Blocking/monitoring rules (specified as either Snort 2.x rules or BPF expressions) can be uploaded/modified in real-time by the host through the PCI without interrupting the packet flow. The hardware has been designed to easily integrate with existing open source monitoring software. Using our approach, all existing sniffing applications, such as tcpdump, Snort, etc., can transparently benefit from the hardware line-speed acceleration without modification (as they see our hardware as a standard NIC in promiscuous mode). Preliminary data indicates that a 10 Gbps version of our PCI traffic processing hardware (to be built later this year) is feasible at a surprisingly low cost. With our innovative design, the use of a XILINX virtexII-Pro FPGA and existing off-the-shelf components allows processing of approximately 625 Snort-like signatures at 10 Gbps line-speed with sub-microsecond latency. The increase in the number of rules scales linearly with the addition of FPGAs; thus, a 2-FPGA board would hold approximately 2*625 (1250) signatures, etc.. The programmable nature of this hardware technology can easily be adapted, modified and enhanced to accommodate new user-defined functions. An open-source hardware library of line-speed functions (common to both 1 Gbps and 10 Gbps) that go beyond the current capability is currently being worked on by a small research group. We hope to stimulate an exchange of ideas on the subject with the NANOG community. In particular, we hope to find out how to facilitate the adoption of this powerful new concept in an open-source, operational environment.

Speakers
Livio Ricciulli, Metanetworks

Full Abstract

Alcatel

Full Abstract

Security incidents are a daily event for Internet Service Providers. Attacks on an ISP's customers, attacks from an ISP's customer, worms, BOTNETs, and attacks on the ISP's infrastructure are now one of many "security" NOC tickets through out the day. This increase in the volume and intensity of attacks has forced ISP's to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face sync up meeting for the NSP-SEC forum (see https://puck.nether.net/mailman/listinfo/nsp-security" TARGET="_BLANK">https://puck.nether.net/mailman/listinfo/nsp-security)

The agenda for the BOF follows:

• Barry Dykes/Viawest: DOS/Security Incident Handling (~10 minutes)
• Roland Dobbins/Cisco IT: DOS/Security Incident Handling (~10 minutes)
• Michael Bailey & Evan Cooke/UoM: IMS (~15 minutes)
• Blaine Christian/MCI:TTL Filterings (~15 minutes)
• Dave Ward/Cisco: BGP over IPSEC (~15 minutes)
• Wendy Garvin/Cisco PSIRT: TCP Vulnerability (~15 minutes)
• Chairs/Open Discussion: TCP Vulnerability Q & A (~15 minutes)
• Patrick Gilmore/Open Discussion: Responding to Vulnerability Rumors (~15 minutes)
• Open Floor for Discussions

Speakers
Moderator - Merike Kaeo, Double Shot Security
Danny McPherson, Arbor Networks

Full Abstract

Speakers
Steve Feldman, CNET
Steve Feldman has been involved in computer networking since 1978. He has worked in software development and network engineering for Tymnet and MFS/Worldcom, where he was the principal architect for the MAE Internet exchanges. Since then, he has gone on to work for several startups and acted as an independent consultant, and is now a network engineer for CNET Networks. Steve received B.S. and M.S. degrees in Computer Science from the University of California at Berkeley.

Susan Harris, Merit Network
Susan Harris coordinated NANOG meetings on behalf of Merit Network at the University of Michigan. She has been working in IT for 20 years, mostly in telecommunications and network engineering, and is the author of three RFCs.

Duane Wessels, The Measurement Factory
Duane Wessels discovered Unix and the Internet as an undergraduate studying physics at Washington State University. After playing System Administrator for a few years, he moved to Boulder, Colorado, to attend graduate school. In late 1994, he joined the Harvest project, where he worked on searching, indexing and caching. From 1996 until 2000, he was co-principle investigator of the NLANR Information Resource Caching project (IRCache). During this time he and others developed and supported the Squid caching proxy. His second book, titled Squid: The Definitive Guide, is soon to be published by O'Reilly and Associates. Currently, he is co-owner and president of The Measurement Factory, Inc., a company that specializes in evaluating the performance and compliance of HTTP-aware devices.

Full Abstract

It is now common knowledge that locally well defined BGP routing policies can interact to produce unexpected routing anomalies globally. We introduce a new class of such problems, called BGP Wedgies. A BGP Wedgie is defined as a policy interaction where (1) there are multiple solutions (routings) at the AS level, (2) some solutions are intended, while others are not, (3) getting stuck in an unintended solution requires resetting BGP sessions to "kick the system" back to an intended solution, (4) no one group of network operators has control over the set of sessions that needs to be reset, and (5) no one set of network operators has enough global knowledge to know what is happening. In such a situation the routing is "wedged" into a local optimum that is very difficult to change. Realistic examples will be given.

Speakers
Randy Bush, Presenter
Tim Griffin, Intel Research, author

Full Abstract

This presentation will cover the use of L2/L3 technologies with the ultimate goal of providing transit service for IP traffic. Specific reference will be made regarding the use of Frame, ATM, and MPLS L2 technologies as well as the use of BGP, IGP, and ECMP. The technologies will be contrasted in such a fashion as to provide a view of how the interaction of these technologies can help and/or hinder a network. Detail will be shared regarding some of the problems experienced with the various traffic management methods and some solutions.

Speakers
Blaine Christian, MCI
Blaine Christian currently manages the IP transit team for MCI under the umbrella of global data network management. He is responsible for the day-to-day management of the ~2k network devices that make up the domestic AS701 backbone. He has been with UUNET (now known as MCI) since 1997 and has served in his current position since 1999. Prior to MCI he served a tour of duty in Japan with the AirForce, majored in Electrical and Computer Engineering at George Mason University, and ran a small network consulting company.

Full Abstract

Speakers
Joe Abley, ISC

Full Abstract

The http://www.ietf.org/" TARGET="_BLANK">Internet Engineering Task Force is making standards for the Internet. It is not always clear that these standards are improving the situation for those who run the Internet infrastructure. This session gives you a chance to tell some of the people who run the IETF what you would like to see the IETF do in order to make the Internet work better.

Speakers
Harald Alvestrand, Cisco Systems
Harald Alvestrand was born in Norway in 1959, and graduated from the Norwegian Institute of Technology in 1984. He has worked for Norsk Data, UNINETT (the University Network of Norway), EDB Maxware and, since 2000, for Cisco Systems. His current title is Cisco Fellow. Harald has been active in Internet standardization since 1991, and has written a number of RFCs. He has been an area director of Applications and of Operations & Management in the IETF, as well as a member of the IAB, and is currently serving as IETF Chair.

Alex Zinin, Alcatel
Alex Zinin currently works at Alcatel as a Principle Engineer in the Office of the CTO NA, helping the company with IP routing. Before Alcatel, Alex worked for Nexsi as a routing software architect, and for Cisco as a routing escalation engineer in the ISP team, helping US service providers. Before Cisco, he worked as a consulting engineer and instructor at AMT Group, Russia, and as a lead engineer at Center Group, Russia. Alex has been active in the IETF since mid-90's, with a primary focus on routing, and has authored several RFCs. Since 2002, Alex has been working as the IETF Routing Area co-Director. He was also a co-director of the Sub-IP area.

Full Abstract

This talk discusses several currently deployable methods designed to improve the security of a service provider's router infrastructure, and outlines their operational implications. Many of these methods have been implemented on the Sprint IP network, which will be used as a case study. For example, one such method that Sprint has implemented is to remove the more specific routes to the /30 networks between Sprint and its customers. Sprint also plans to remove the more specific routes to its intra-router /31 networks as well. This talk will discuss the motivation behind these changes, how they were made, and most importantly, their operational impact.

Speakers
Ryan McDowell, Sprint
Ryan has a BS in Computer Science and an MS in Information Systems. He has worked for Sprint for the past five years in various engineering and operations roles.

Full Abstract

Current interdomain routing policies are based on information local to each ISP and optimized for the benefit of that ISP. It is known that this combination can to lead to sub-optimal Internet paths and even unpredictable results. Paths can be sub-optimal because decisions that appear locally sound may have adverse global effects, such as when early-exit routing sends packets further from the ultimate destination. Behavior can be unpredictable because the actions of one ISP can have an unintended influence on the other and vice versa, and in the worst case cycles of influence can lead to oscillations as traffic is re-routed. Today, these problems are resolved by operator intervention, not by protocols. We present work that examines whether two neighboring ISPs can benefit by using automated negotiation to determine the paths of traffic that they exchange. There is an incentive to negotiate only if both ISPs benefit relative to making independent decisions. To see if this is so, we simulated ISP routing choices driven by latency reduction and hotspot avoidance over sixty measured ISP topologies with a variety of traffic models. We find negotiation most valuable as a means of avoiding hotspots. It also provides a modest decrease in latencies, which suggests that the "price of anarchy" is low in terms of path length with real ISP topologies, even though it can be substantial in the theoretical worst case. Interestingly, we also find that global optimization (which treats both ISPs as a single larger ISP) is undesirable in the sense that in some cases one ISP can suffer to benefit the other. We also describe our first steps towards a practical negotiation protocol. ISPs can already influence each other's routing decisions to some extent (e.g., via MEDs and AS-path prepending), but this influence is mostly indirect, coarse, often governed by trial-and-error and supplemented by out-of-band agreements between operators. Our intent is to help operators by relieving them of the bulk of the tedious and error-prone task of responding to traffic engineering problems, such as an overloaded peering link, while allowing them to maintain control over the result. It accommodates competitive concerns by revealing little ISP-internal information and independent ISP management by allowing different optimization criteria. We find that it selects routing strategies that realize most of the potential benefits identified in our study. We are particularly interested in operator feedback on the need for, requirements, and utility of this kind of mechanism.

Speakers
Thomas Anderson, University of Washington
Ratul Mahajan, University of Washington
Ratul Mahajan received a B.Tech. degree from the Indian Institute of Technology, Delhi, India, and an M.S. degree from the University of Washington. He is currently pursuing a Ph.D. degree at the University of Washington. His research interests span the entire range of internetworking-related topics. His past work includes a study of global routing configuration errors and discovering Internet topology and routing policies.

David Wetherall, University of Washington

Full Abstract

There is a need for a systematic approach to verifying router configurations before they are deployed. In this work, we develop a static analysis framework for configuration checking and use it in the design of rcc, a "router configuration checker." rcc takes as input a set of router configurations and flags anomalies and errors based on a set of well-defined correctness conditions. We have used rcc to check BGP configurations from nine operational networks, testing nearly 700 real-world router configurations in the process. Every network we analyzed had configuration errors, some of which were potentially serious and had previously gone unnoticed. Our analysis framework and results also suggest ways in which BGP and configuration languages should be improved. rcc has also been downloaded by 30 network operators to date.

In this talk, I will:

• Provide a survey of the BGP-related problems that have been discussed on the NANOG mailing list over the last 10 years
• Discuss the framework we have developed for static analysis of BGP configurations.
• Present a summary of the configuration errors we found in the ASes we have surveyed thus far.
• Ask for more cooperation from the NANOG community. In particular, we would greatly benefit from having more people test out the tool, suggest additional features and checks, and let us know the types of errors that they have turned up in their configurations.

Speakers
Nick Feamster, MIT
Nick Feamster is a graduate student in the Networks and Mobile Systems group at the MIT's Computer Science and Artificial Intelligence Laboratory (formerly LCS) under the supervision of Professor Hari Balakrishnan. He is interested in wide-area networking, network measurement, and security. His current research focuses on verification techniques for BGP and interdomain traffic engineering. He is an NSF Graduate Research Fellow and the recipient of the Best Student Paper awards at the USENIX Security Symposium in 2001 and 2002. Nick received his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively.

Full Abstract

In the first part of 2004, Tufts University planned and implemented a new naming methodology to be used across all network devices and interfaces. During the planning discussions, the group came up with several interesting guidelines and methodologies for creating an extensible, comprehensible, and self-documenting network naming scheme. We have since changed over to the new naming scheme, and have already seen productivity benefits. Topics to be covered in the talk include a summary of the problem, methodology, results, and lessons learned.

Speakers
Matthew F. Ringel, Tufts University
Matthew F. Ringel is currently a Senior Network Engineer for Tufts University. His group is responsible for the care and feeding of all network devices over several campuses, as well as network design and planning. In the past, he has worked at Akamai Technologies as a network engineer, and at Navisite as the systems manager for its NOC. One of Matthew's current interests in the networking realm is the theory of network operations, and the analysis of best current operational practices as they fit into a larger theoretical model. He graduated with a B.S. in Computer Science from Columbia University in the City of New York.

Full Abstract

Routing instability has been one of the most interesting topics for both network operators and researchers for years. While many efforts have focused on inter-domain routing instability, studies of intra-domain routing are quite limited. Most network operators still do not have enough knowledge about how frequently intra-domain routing instability can occur on their networks, and how the instability can affect the networks.

This presentation aims to help network operators get a clearer understanding of intra-domain routing instability. Firstly, we present the results of two case studies. By analyzing routing messages collected on two networks, the WIDE Internet and the APAN Tokyo-XP, over a three-year period, we will show that although network operators hardly notice, intra-domain routing instability can occur, sometimes frequently, on service networks. Following the statistical results, we estimate the impact that such instability brings to the network and summarize the causes found to account for the observed instability. We will also show a self-developed monitoring system (will be released in May 2004) which can be used for detecting routing instability in real-time.

The second part of this talk focuses on troubleshooting routing instability problems. As most routing flaps occur intermittently, finding the right causes has been a hard task for network operators. We propose a method of collecting data for troubleshooting which is based on an event-driven model. We will show what kind of data is useful for troubleshooting and how to use the collected data to isolate root causes of the detected instability.

We answer the following questions in this presentation.

1. What is intra-domain routing instability like?
2. How frequently can intra-domain routing instability occur on a service network and affect the network?
3. How can one efficiently detect routing instability with our monitoring system?
4. What are the most likely causes of routing instability?
5. How can one troubleshoot routing instability problems?
   
   

We would also like to ask more network operators to analyze their own networks with our system and give us more feedback.

Speakers
Zhang Shu, Nat'l. Institute of Information and Communications Technology, Japan
Zhang Shu is a researcher at the National Institute of Information and Communications Technology, Japan. He received a B.E. degree from Waseda University in 1996, and M.E. and Ph.D. degrees from Nara Institute of Science and Technology in 1999 and 2003, respectively. His research interests include routing, MPLS, and network management. He used to be one of the operators of the WIDE Internet and now is contributing to the operation of the APAN Tokyo-XP network. He is a member of the WIDE Project.

Full Abstract

Diagnosing performance faults on Internet paths is a difficult and time-consuming task for which there is little operational support, especially when the paths cross multiple ISPs. Standard tools such as traceroute test connectivity but do not pinpoint the lossy or congested segments of the path; performance tools such as pathchar are often bandwidth-intensive or inaccurate over long paths.

In this talk, we describe tulip, a new tool to diagnose performance problems on Internet paths from the host running the tool to arbitrary IP destinations. Like traceroute, tulip requires no special privileges at the routers along the path. It uses two prevalent but little exploited router features: ICMP timestamps and IP identifiers. ICMP timestamps yield remote timing information that enables the location of congestion to be estimated. IP identifiers yield remote ordering information that enables the location of loss and reordering to be estimated. On most paths we have measured tulip can narrow the region of loss and reordering to within three hops and congestion to within four hops.

We are particularly interested in better understanding the operational needs for diagnostic support and the utility of tools such as tulip to ISPs. As an example of the possibilities in this space, we will describe simple, backwards-compatible changes to routers that enable more efficient and more accurate diagnostic tools that our work on tulip helped to identify.

The tulip tool and a research paper describing our work can be found at:

http://www.cs.washington.edu/research/networking/tulip/" TARGET="_BLANK">http://www.cs.washington.edu/research/networking/tulip/

Speakers
Thomas Anderson, University of Washington.
Ratul Mahajan, University of Washington
Ratul Mahajan received a B.Tech. degree from the Indian Institute of Technology, Delhi, India, and an M.S. degree from the University of Washington. He is currently pursuing a Ph.D. degree at the University of Washington. His research interests span the entire range of internetworking-related topics. His past work includes a study of global routing configuration errors and discovering Internet topology and routing policies.

Neil Spring, University of Washington.
David Wetherall, University of Washington

Full Abstract

At the April 2004 ARIN meeting in Vancouver, there was a discussion of how ARIN and other Regional Internet Registries could provide near-real-time data on which netblocks have been allocated to help enable network and service operators to filter traffic coming from unallocated space. ARIN would like more participation and input from NANOG on how such a service should be implemented.

Speakers
Leo Bicknell, ARIN Advisory Council
Leo Bicknell is an ARIN Advisory Council member and currently works for Abovenet as a Network Engineer and Peeering Coordinator. He has been with Abovenet since 1998.

Cathy Wittbrodt, Daydream Imagery.