Saturday, October 22, 2005
Topic/Presenter |
---|
Full AbstractThis tutorial introduces service providers to some of the features available in BGP to aid multihoming to the Internet. After an explanation of multihoming and the principles being followed in this tutorial, several examples involving different scenarios will be given. Configuration techniques for modifying inbound and outbound traffic flows are covered, as are some examples on how to use BGP communities in inter-AS relationships. The tutorial finishes by covering some common multihoming security issues. Speakers |
Full AbstractKnowledge of the amount of traffic between source and destination pairs of a network is crucial to fundamental operational tasks such as capacity planning, traffic engineering, and peering management. Router vendors, third parties, academic researchers, and ingenious network engineers have devised multiple ways of collecting and estimating traffic matrices. This session presents an overview of applications of traffic matrices and operational experiences with the various approaches, including NetFlow-based methods, mathematical estimation models, and MPLS (both RSVP and LDP) methods. Emphasis will be on practical experiences with each method. The tutorial has been slightly revised since its presentation at the Seattle meeting. In LA, there will be less focus on NetFlow (only new advances will be covered), a more detailed description of how to build a traffic matrix from MPLS LDP counters, more coverage of measuring/estimating peering traffic (external in addition to internal traffic matrix), and another 'real-life' example. Speakers |
Sunday, October 23, 2005
Topic/Presenter |
---|
Full AbstractSpeakers |
Full AbstractSpeakers |
Full AbstractThis tutorial discusses some of the scaling considerations in MPLS deployments, concentrating on the tradeoffs between the cost and benefit of creating extra state in the network. In particular, the tutorial will look at how the amount of state (for example LSPs and forwarding state) is affected by different MPLS signaling protocols, features deployed, and network design choices. Furthermore, the cost of this state in terms of both platform resources and operations/management overhead is evaluated (for example, when is it necessary to upgrade a platform or add a new device in the network, or how difficult is it to configure and troubleshoot a particular deployment?). The material presented is vendor-independent. The tutorial is targeted for network engineers and service providers who want to gain a deeper understanding of MPLS networks. Attendees should have a basic understanding of MPLS and BGP/MPLS VPNs. Speakers |
RecordingsFull AbstractWe invite you to join us on Sunday evening from 5:00-7:00, between the tutorials and the opening reception, when the NANOG Steering Committee will hold an open meeting for those interested in discussing general NANOG concerns. The meeting will be broadcast, and a method for external input (e.g. jabber) will be provided.
If you have a flash presentation (five minutes max) you wish to make, please tell us and send a draft of the presentation. Speakers |
|
RecordingsFull AbstractWith the advent of the growing and widespread deployment of IPv6, many familiar operational issues have arisen. Among the current IPv6 "hot topics" are RIR policy (including the HD ratio discussion) and site multi-homing. This BOF focuses on the multi-homing issue, since multi-homing is a one of the significant drivers of the growth and dynamic properties of Default Free Zone (DFZ). In particular, there is concern that the amount of multi-homing will grow beyond the organizations who use it today in the IPv4 Internet and that we need new mechanisms to handle the potential growth (both in terms of the size of the DFZ, and its dynamic properties). The current direction that the IETF is taking is being defined by the shim6 working group. Briefly, shim6 seeks to find a mechanism which provides most the functional benefits of multi-homing while still allowing reasonable scalability of the DFZ. More precisely, shim6 seeks to find scalable solutions that allow sites to multi-home for the purposes of redundancy, traffic engineering, or other policy. However, there has been quite a bit of discussion in various venues as to whether shim6 actually accomplishes what most might traditionally think of as traffic engineering. In particular, traffic engineering can be thought of as the practice and mechanisms needed to place traffic where capacity exists (in contrast to capacity planning, which puts capacity where traffic exists). One can note that in order to accomplish site-wide inbound traffic engineering under shim6, some control mechanism would be required that is capable of causing all of the hosts within the site to change the destination address that their correspondents are using. Some feel that this is overly complex. In the outbound traffic engineering case, a similar capability would require a control mechanism that has knowledge of the site's external routing tables and can affect the destination addresses used by the site's hosts, which has also raised concerns about its potential complexity. The purpose of this BOF for the IAB is to solicit community feedback on the progress and direction of the IPv6 multi-homing work in the IETF, and to help the IAB determine if there is meaningful work that the IETF (and the IAB in particular) can do to address any problem(s) that may be perceived with the current direction. The BOF is IAB-sponsored, and is the first in a series held at the various NOGs (NANOG, RIPE, APRICOT, etc) in support of this effort. A possible outcome might be an IAB workshop on multi-homing in IPv6. Speakers |
Monday, October 24, 2005
Topic/Presenter |
---|
Full AbstractSpeakers |
|
RecordingsFull AbstractSpeakers |
RecordingsFull AbstractThe AS number space uses a 16-bit field. There are 65,536 unique as numbers, of which 64,510 are useable. At present some 38,910 AS numbers have been passed into the RIR system, leaving 25,600 in the unallocated pool. This presentation explores a number of techniques of trend analysis to derive a predictive model of AS number consumption to derive an estimate of AS number exhaustion. The presentation looks at the 4-byte AS number proposal and the associated transition plan, and makes some recommendations as to a schedule for a transition from the 2-byte to a 4-byte AS number. Speakers |
Full AbstractWe studied ASN assignments by the RIRs and the number of unique ASNs seen by routers on the Internet. The (net) growth rate of ASNs assigned by the RIRs is about 260 +/- 30 ASN/month. At this rate, all available ASNs will have been assigned between 2013 and 2016. By comparison, the routing table only grows by about 195 +/- 45 ASN/month. We show that this is due to two effects: (1) ASNs which are assigned based on future plans but never used in practice, and (2) ASNs which are no longer in use but not returned to the RIRs. If all these unused ASNs could be recovered, the pool of ASNs would last until 2025 to 2030. If not, then the ISP community should start to make plans for the deployment of 4-byte ASNs in the near future. We will make some recommendations for ASN policy changes that would allow the RIRs to better allocate ASNs to end users. Speakers |
RecordingsFull AbstractIETF is moving forward with shim6 as the IPv6 multihoming solution. The current focus is on protocol interaction and forwarding plane outage detection. Little work is being pursued on inter-AS traffic engineering.
Speakers |
RecordingsFull AbstractThis presentation takes a look at standard problems encountered during deployment and support of IPv6 in a (tier-1) service provider network. The presentation is not intended to be a discussion of the pros and cons of IPv6, but more a look at the "golden four" problems encountered: decision-making, network, people-and-politics, and systems. Some information is also given about the way that Level3 approached some of these issues. Speakers |
Full AbstractWe inverted DNSRBLs and aggregated them in a database with a real-time BGP feed to compile a "hit list" of potential issues. The reports aided network managers in discovering abuse, compromised systems, and stale DNSRBL listings. The experience continues to be interesting and beneficial. Speakers |
RecordingsFull AbstractAs network operators begin to converge services onto a single ubiquitous IP infrastructure, a renewed focus on infrastructure security and services availability has emerged. This discussion will present the results of a survey conducted earlier this year that explores what threats network operators are facing, the scale and frequency of these threats, as well as the organizational and operational tool sets network operators employ to address these threats. The desire is that the information provided in this survey, which we intend to conduct on a biannual basis, will assist both network operators and their vendors in obtaining a better understanding of trends in the infrastructure security landscape, what tools and techniques are utilized, and where they should be looking to address emerging threats. Speakers |
|
Full AbstractThis informal tutorial is intended for those forming a new relationship with ARIN or new to ARIN meetings. The program provides answers to many questions concerning ARIN's purpose, structure, and activities. In addition, it offers tips on how to get the most from participation in ARIN community activities, such as attending ARIN Public Policy and Members Meetings and participating in ARIN's open, bottom-up policy process. Speakers |
Full AbstractHosts attached to multicast-enabled networks influence and alter multicast forwarding and group state in network devices such as LAN switches and IP routers. In addition, data packets to multicast destinations may be replicated throughout the internetwork, which results in unconventional workloads when viewed in comparison to unicast traffic patterns. Either through suboptimal configuration or malicious intent, excessive or unwanted multicast data traffic and control state can be detrimental to the operation of a network. This is especially apparent in typical network configurations where both multicast and unicast devices co-mingle, resulting in shared fate. This talk describes some of the currently available options that may help mitigate the superfluous traffic and state that often plague multicast-enabled networks. Speakers |
RecordingsFull AbstractStager is a web-based application that can display most types of network statistics. It was originally designed for displaying NetFlow-based reports, but its generic and modular design made it easy to add support for other types of statistics. The current version supports NetFlow, SNMP, and round trip measurements. Each backend collects the raw data, processes it, and inserts reports into a database. For NetFlow data, typical reports can be the most commonly used IP protocols, the most commonly used transport layer source port, etc. It is a high-performance application that supports large networks and large databases. The current installation at UNINETT collects NetFlow data from 24 routers with 215 interfaces. At peak hours there are more than 100 new entries in the database every second and the largest tables have more than 300 million entries. The software is released under the GNU General Public Licence and is becoming quite popular with a large user base. Currently more than 100 people have signed up on the public mailing list, and there have been several reports of successful installations. This presentation will be divided into two parts. First a general overview of Stager, its features and design will be given. After that there will be a live demonstration of the software showing the capabilities and limitations. The slides contain several screen shots of Stager and are meant for people who view the presentation without being able to see the live demonstration. Speakers |
RecordingsFull AbstractRecent depeerings by Level (3) (AS3356) of XO (AS2828) and Cogent (AS174) have captured the attention of the network operations community, due to the resulting partitioning of major Internet backbones. The depeerings have also captured the attention of the mainstream press and politicians. Very little of the public commentary, however, has been based on facts regarding the routing. Using a large, globally distributed peerset, we look specifically at the Cogent depeering. We characterize the weight of the 3356_174 edge (in both directions) in terms of prefixes announced and prefixes commonly selected, the single-homed downstreams of each, and try to describe the actual impact of the depeering on Internet accessibility for customers of both networks. Speakers |
|
Tuesday, October 25, 2005
Topic/Presenter |
---|
RecordingsFull AbstractInformation about the geographic locality of IP prefixes can be useful for understanding the issues related to IP address allocation, aggregation, and BGP routing table growth. In this study, we use traceroute data and geographic mappings of IP addresses to study the geographic properties of IP prefixes and their implications on Internet routing. We find that (1) IP prefixes may be too coarse-grained for expressing routing policies, (2) address allocation policies and the granularity of routing contribute significantly to routing table size, and (3) not considering the geographic diversity of contiguous prefixes may result in overestimating the opportunities for aggregation in the BGP routing table. The complete paper is available at http://nms.lcs.mit.edu/~feamster/papers/imc05.pdf">http://nms.lcs.mit.edu/~feamster/papers/imc05.pdf Speakers Mike Freedman, NYU. |
Full AbstractThis research paper examines initial experimental results for BGP mechanisms for dynamically changing BGP AS numbers without dropping the AS connection. The mechanisms proposed have two flavors: Non-Confederation (draft-hares-bose-dynamic_as-02.txt) and confederation-specific (draft-hares-confed-edge-AS-02.txt). The talk will review the real work problems this mechanism tries to solve, the BGP mechanisms, and the experimental results. The initial tests look at small, medium and large numbers of BGP peers into one peer using Dynamic AS. The peers attached to a Dynamic AS renumbering peer are both IBGP and EBGP and IPv4 and IPv6 pathways. The initial tests use both Internet route mixtures and generated routes (LAN routes). Speakers |
RecordingsFull AbstractNetwork operators are routinely confronted with a wide range of anomalies—ranging from abuse-related events (DOS attacks, worms, scans) to maintainance issues (outages, misconfigurations, etc.) to unusual customer behavior (flash crowds, shift in customer demands, etc.). To mitigate their effect, operators need to mine network-wide data for anomalies as they occur, and once detected, classify them in order to select the appropriate response. In this talk, we will present techniques to detect and classify anomalies in network-wide flow traffic data. We will then apply our methods on data collected from two backbone networks, and show that they can: 1) detect a broad set of anomalies, at a low false alarm rate, and 2) automatically classify anomalies into meaningful categories. Speakers |
RecordingsFull AbstractInternet routers require buffers to hold packets during times of congestion. The buffers need to be fast, and so ideally they should be small enough to use fast memory technologies such as SRAM or all-optical buffering. Unfortunately, a widely used rule-of-thumb says we need a bandwidth-delay product of buffering at each router so as not to lose link utilization. This can be prohibitively large. In a recent paper, Appenzeller et al. challenged this rule-of-thumb and showed that for a backbone network, the buffer size can be divided by \sqrt(N) without sacrificing throughput, where N is the number of flows sharing the bottleneck. In this work, we first provide some experimental validation (using data gathered from the Level3 Communications backbone) for the reduced buffer size result. Then, we explore how buffers in the backbone can be significantly reduced even more, to as little as a few dozen packets, if we are willing to sacrifice a small amount of link capacity. We argue that if the TCP sources are not overly bursty, then fewer than twenty packet buffers are sufficient for high throughput. Specifically, we argue that O(\log W) buffers are sufficient, where W is the window size of each flow. We support our claim with analysis and a variety of simulations. The change we need to make to TCP is minimal—each sender just needs to pace packet injections from its window. Moreover, there is some evidence that such small buffers are sufficient even if we don't modify the TCP sources, so long as the access network is much slower than the backbone, which is true today and likely to remain true in the future. We conclude that buffers can be made small enough for all-optical routers with small integrated optical buffers. For details, see the SIGCOMM 2004 paper at http://tiny-tera.stanford.edu/~nickm/papers/sigcomm2004.pdf">http://tiny-tera.stanford.edu/~nickm/papers/sigcomm2004.pdf and the ACM/Sigcomm CCR paper at http://yuba.stanford.edu/~yganjali/research/publications/Small-Buffers-CCR05.pdf">http://yuba.stanford.edu/~yganjali/research/publications/Small-Buffers-CCR05.pdf Speakers Ashish Goel, Stanford University |
RecordingsFull AbstractSpeakers |
|
RecordingsFull AbstractThis is a personal view of the next three to five years for the Internet industry, looking at the world from the perspective of the Carrier ISP. The presentation explores some of the common perceptions about value propositions for the industry and makes some predictions concerning future sustainable business models. Speakers |
Full AbstractIn this presentation, we examine facts and fiction of the filtering of peering sessions in the Internet core. Large networks have traditionally not filtered peering sessions, preferring instead to trust their peers to correctly filter all customer connections. Although several incidents have caused network operators to reexamine this approach, few have been willing to attempt to filter all peering sessions due to the perceived difficulty of building and deploying the necessary prefix filters. We present a novel technique for generating prefix filters in the absence of up-to-date IRR data, including an analysis of the accuracy that may be possible using the new technique. We also look at the operational impact and performance of using this technique on real-world infrastructures. Speakers Tom Scholl, SBCIS Todd Underwood, Renesys Corporation |
Full AbstractRecently, peer-to-peer (P2P) networks have emerged as an attractive solution to enable large-scale content distribution without requiring major infrastructure investments. While such P2P solutions appear highly beneficial for content providers and end-users, there seems to be a growing concern among ISPs that now need to support the distribution cost. In this work, we explore the potential impact of future P2P file delivery mechanisms as seen from three different perspectives: i) the content provider, ii) the ISPs, and iii) individual content consumers. Using a diverse set of measurements, including BitTorrent tracker logs and full-payload packet traces collected at the edge of a 20,000 user access network, we quantify the impact of peer-assisted file delivery on end-user experience and resource consumption. We further compare it with the performance expected from traditional distribution mechanisms based on large server farms and Content Distribution Networks (CDNs). While existing P2P content distribution solutions may provide significant benefits for content providers and end-consumers in terms of cost and performance, our results demonstrate that they have an adverse impact on ISPs' costs by shifting the associated capacity requirements from the content providers and CDNs to the ISP itself. Further, we highlight how simple "locality-aware" P2P delivery solutions can significantly alleviate the induced cost at the ISPs, while providing an overall performance that approximates that of a perfect world-wide caching infrastructure. Speakers Konstantina Papagiannaki, Intel Research. |
Full AbstractAn ISP's business revolves around traffic but traffic behavior is very difficult to extract from a network. SNMP MIB interface counters can give a link's loading but offer no clue as to why it's loaded. NetFlow collectors give a detailed source/destination breakdown of the traffic on a link but the data is so voluminous that it's difficult even to acquire, much less analyze, categorize and correlate across an entire topology. Although we have lots of traffic data, little useful information gets extracted from it. Route/flow data fusion—combining flow measurements (NetFlow, sflow, MPLS tunnel counters, sniffer traces, etc.) with IGP and BGP routing data—makes it possible to construct tools that show, in real time, where traffic is distributed across a topology. Unlike a simple traffic matrix, this analysis can show not only what are the ingress to egress loads but also how loaded are the intermediate links, who loaded them, and why. Route/flow fusion is scalable and doesn't require much effort to set up: since routing transforms a flow measurement made at a point to flow along an entire path, flows only need to be collected on customer and peering links. Since the meta information needed to classify and aggregate the flow data is already in the routing data (e.g., address-to-prefix mappings, prefix-to-AS, and prefix-to-community mappings) the tools can almost entirely self-configure. This talk will describe algorithms and give examples of how to fuse flow and routing data and how to analyze and visualize the results. Examples will use real flow and routing data from a large ISP and emphasize solving real operational, engineering and business problems. Speakers Bruce Mah, Packet Design |
Full AbstractFor network operators engaged in peering, an accurate analysis of their traffic is essential for:
Some example uses include:
Speakers |