Full Abstract

This tutorial introduces service providers to some of the features available in BGP to aid multihoming to the Internet. After an explanation of multihoming and the principles being followed in this tutorial, several examples involving different scenarios will be given. Configuration techniques for modifying inbound and outbound traffic flows are covered, as are some examples on how to use BGP communities in inter-AS relationships. The tutorial finishes by covering some common multihoming security issues.

Level: Introductory to Intermediate

Speakers
Philip Smith, Cisco Systems
Philip Smith joined Cisco Systems in January 1998. He is a member of the Service Provider Architectures Group of Consulting Engineering, within Corporate Development. His role includes working with many ISPs in the Asia-Pacific region and the rest of the world, specifically in network strategies, design, technology, and operations, as well as helping with network configuration and scaling. Other areas of interest also include Internet routing, Internet protocols, IPv6, and encouraging the growth of the Internet around the world. Prior to joining Cisco, he spent five years at PIPEX (now part of UUNET's global ISP business), the UK's first commercial Internet Service Provider. He was one of the first engineers working in the UK Internet, and played a fundamental role in building the modern Internet in the UK and Europe.

Philip is co-author of Cisco ISP Essentials, published by Cisco Press. He holds a Doctor of Philosophy and has a First Class Honours Degree in Physics. He lives in Brisbane, Australia.

Full Abstract

Zero downtime is one of the key principles in network design, in particular when building data-centers, where key applications and data need to be accessed at any given time. Content switches have traditionally been used to build scaleable and resilient data-centers offering local load balancing for the data-center front-end and multi-tier architectures. Over the past years enterprises and services providers around the world have started to utilize content switches (often in conjunction with other dedicated GSLB devices) to also provide redundancy across multiple distinct geographic locations. The session introduces Global Server Load Balancing (GSLB) concepts and terminology, like active-standby, active-active, and disaster recovery, before diving into a detailed description of the most common GSLB technologies, including DNS-based solutions, L3-based solutions (Route Health Injection) and HTTP-only mechanisms.

Speakers
Zeeshan Naseh, Cisco Systems
Zeeshan Naseh, CCIE (#6838), is a Technical Leader in Cisco's World Wide Data Center Networking Practice within Advanced Services. His primary responsibility have been supporting Cisco's major customers, including service providers, wireless service providers, large enterprises, and financial institution. As a design consultant, Zeeshan has focused on Content Switching and Data Centers. Zeeshan has authored several white papers and design documents that have been published on Packet Magazine, IETF and on CCO (www.cisco.com). Zeeshan is the author of the data center book titled Designing Content Switching Solutions (ISBN: 1-58705213x).

Full Abstract

Speakers
Philip Smith, Cisco Systems

Full Abstract

Experience with telcos, ISPs, and cable operators, especially rural, has shown a lack of familiarity with ensuring fault tolerance of critical components such as softswitches (Class 5 and 4), remote monitoring and problem intervention for remote sites, quality of service, as well as load sharing and server backup. Drawn from carriers of all sizes, this presentation will discuss requirements checklists and real-world fixes. Some preliminary work on an open source remote management platform will be discused.

Speakers
Howard C. Berkowitz

Full Abstract

• SC Report
  
  • PC and MLC appointment processes
  • Elections process
• PC Report
  
  
• MLC Report
  
  
• Financial Overview - link to presentation
  
  
• Charter Amendment Proposals
  
  
• SC Nominees who wish to speak will have five minutes each
  
  

Speakers
Randy Bush, IIJ

Full Abstract

Agenda ----------- 2:00-2:15 - Topic and Speaker, TBD 2:15-2:30 - Favorite Peering Routers - Discussion Facilitator: Tom Scholl This discussion will enumerate the top reasons Peering Coordinators prefer one router over another for the purposes of peering. We will have microphones circulating around the room so folks can chime in. 2:30-3:10 - The Great Debate - Should Consistent Announcements and a Backbone always be a requirement for multi-site Peering? The two debaters have agreed, regardless of their personal opinions, to present and defend the strongest arguments on both sides: Peter Cohen will be arguing that consistent announcements are indeed a rational requirement for multi-site peering. Aaron Hughes will be arguing that consistent announcements are not a valid peering requirement when peering with content that is duplicated/mirrored across multiple sites. The format is the same as previous debates: 2 minutes for each side to state their case 2 minutes each side to attack the others position and reinforce their position 2 minutes each to sum up their argument We will take an audience vote : Which side made the more compelling case? This will determine the winner of the debate. We will then open the floor to discussion, highlighting points that should have been made during the debate, points or questions that might highlight issues that might sway the audience to vote for which *argument* ultimately is stronger, after the audience discussions is over. We will take a final vote on the issue: "Should Consistent Announcements and a Backbone always be a requirement for multi-site Peering? 3:10-3:30 - Other topics that pop up from the community between now and the meeting and Peering Personals where Peering Coordinators can introduce themselves to the group, with the goal of initiating the peering negotiations.

Speakers
Bill Norton, Equinix, moderator
Bill Norton is Co-Founder and Chief Technical Liaison for Equinix. He focuses on research on large-scale interconnection and ISP peering, and in particular, scaling Internet operations using optical networking. Bill has published and presented his research in a variety of international forums. From 1987 to 1998, he served in several staff and managerial roles at Merit Network, directing national and international network research and operations activities and serving as NANOG coordinator. Bill received a B.A. in Computer Science and an M.B.A. from the Business School at the University of Michigan, and has been an active member of the Internet Engineering Task Force for the past 15 years.

Full Abstract

This session covers the functionality of the NetIO stack for Windows Vista and Windows Server Code-Name Longhorn, with a focus on its implications for network infrastructure and network operations. Case studies are presented to illustrate the opportunities and challenges associated with deploying significant new networking functionality, both in a broadly available consumer operating system and in a high volume server operating system. The session closes with some thoughts on improving the evolution of networking functionality through collaboration between software vendors and public network operators.

Speakers
Abolade Gbadegesin, Microsoft
Abolade Gbadegesin doubles as an Architect for both the Windows Networking and Device Technologies Division and the Windows Live Core datacenter architecture team. Most recently, he was responsible for leading the redesign and implementation of the Windows networking stack for Windows Vista, incorporating native support for IPv6, IPSec and hardware offload capabilities.

Full Abstract

Presenting progress on x.509 stuff. There is considerable progress, i.e. running code.

Speakers
Rob Austein, ISC.
Randy Bush, IIJ
Geoff Huston, APNIC
George Michaelson, APNIC

Full Abstract

Speakers
Steve Feldman, CNET

Full Abstract

Prefix hijacking events occur due to both unintentional configuration errors and intentional attacks. The talk introduces the Prefix Hijack Alert System (PHAS). PHAS is a simple, real time notification system that alerts prefix owners if the BGP origin for their prefix changes. The central goal of PHAS is to provide reliable and timely notification of origin AS changes. Although many origin changes are valid, the design of PHAS errs on providing notifications for all the prefix origin changes to maximize users detection power. PHAS notifications follow a standard format and are delivered to multiple mailboxes of prefix owners to maximize delivery reliability even in the face of effective route hijacking. An automated mail reader with a simple filter can quickly capture real route hijacks and ignore the rest messages, providing the network administrator with rapid notification and few (if any) false positives. In addition to origin changes, PHAS also notifies changes in sub-prefix sets and last hop sets. We are in the process of deploying PHAS, and prefix owners can now register their prefixes to receive alarms by email, or check the alarms for their prefixes on the web.

Speakers
Yan Chen, Colorado State University
Mohit Lad, UCLA
Dan Massey, Colorado State University
Lixia Zhang, UCLA
Beichuan Zhang, University of Arizona

Full Abstract

lacing voice traffic on the data network exposes it to the same attacks that plague the existing Internet infrastructure. Traditional perimeter security solutions cannot cope with the complexity of VoIP protocols at carrier-class performance. To be useful and economical for carrier deployments, SIP-based VoIP security solution must process carrier-class call volumes. Equally important, solution elements should scale independently, allowing operators to manage growing demand and manage costs. In a unique collaboration between network operator, vendor, and academia, Verizon Labs, CloudShield, and the computer science team at Columbia University have implemented a large-scale SIP-aware application layer firewall (ALG) combined with Denial-of Service detection and mitigation to provide robust protection of SIP-based VoIP infrastructures. The SIP ALG uses a rule-based approach for rate limiting the signaling channel traffic, and the DoS filtering function discriminates legitimate traffic from attack traffic by enforcing threshold and authentication policies. The developed firewall device was found to exceed testing capacity with SIP traffic filtering managing call volumes exceeding 30,000 concurrent calls, and SIP signal processing of up to 300 calls per second. This presentation will cover the following topics related to this research project - The challenges for carrier-class VoIP infrastructure protection; - Details of the scalable SIP-aware ALG - Details of the SIP filtering solution for detecting and mitigating DoS attacks - The testing and analysis tool and test bed designed to validate the research - Performance testing results of the implementation The net result of this research is that scalable, affordable solutions are possible with commercially available hardware platforms and appropriately architected applications software.

Speakers
David Helms, CloudShield Technologies
David Helms is a Senior Systems Engineer with CloudShield Technologies, Inc. and has led research efforts in applying deep packet inspection technologies in the areas of content monitoring, network security and traffic control. Prior to coming to CloudShield, Mr. Helms held the position of Director of Product Management for BioNetrix Systems, delivering biometric authentication solutions for computer and network security applications. Mr. Helms background also includes technical leadership roles at CheckPoint Software Technologies and Bay Networks, focused on network and security engineering for the enterprise and security provider markets.

Gaston Ormazabal, Verizon Labs
Gaston Ormazabal is a Distinguished Member of the Technical Staff at Verizon Laboratories. He holds a B.A from Harvard University and M.A., M. Phil., and Ph.D. degrees from Columbia University, all in Physics. While at Columbia he conducted research in particle physics at both the Fermi and Brookhaven National Accelerator Laboratories. Gaston has held positions at Bell Communications Research and was one of the founding members of NYNEX Science and Technology. He is presently responsible for Network Security Systems Integration and Testing, concentrating in areas of VoIP Security Protocols for SIP over FTTP and IP Multimedia Subsystems; and has been also involved in designing a Security Management Infrastructure for the Next Generation Network (NGN). Dr Ormazabal has previously managed other University Research Programs both at Columbia University (Softswitch technologies) and at the Center for Advanced Technology in Telecommunications (CATT) at Polytechnic University (Intelligent Automation tools for SS7 Quad Interoperability Testing) where he has been a regular featured speaker at the annual CATT Research Day, most recently on “Post 9/11 Security Strategies”. Dr Ormazabal has also been a participant in standards activities in ANSI committees and has nine patents (pending) on VoIP security.

Somdutt B. Patnaik, Columbia University.
Henning Schulzrinne, Columbia University
Prof. Henning Schulzrinne received his Ph.D. from the University of Massachusetts in Amherst, Massachusetts. He was a member of technical staff at AT&T Bell Laboratories, Murray Hill and an associate department head at GMD-Fokus (Berlin), before joining the Computer Science and Electrical Engineering departments at Columbia University, New York. He is currently chair of the Department of Computer Science. Protocols co-developed by him, such as RTP, RTSP and SIP, are now Internet standards, used by almost all Internet telephony and multimedia applications. His research interests include Internet multimedia systems, ubiquitous computing, mobile systems, quality of service, and performance evaluation. He is a Fellow of the IEEE

Eilon Yardeni, Columbia University

Full Abstract

Botnets---networks of (typically compromised) machines---are often used for nefarious activities (\eg, spam, click fraud, denial-of-service attacks, etc.). Identifying members of botnets could help stem these attacks, but {\em passively} detecting botnet membership (\ie, without disrupting the operation of the botnet) proves to be difficult. This paper studies the effectiveness of monitoring lookups to a DNS-based blackhole list (DNSBL) to expose botnet membership. We perform {\em counter-intelligence} based on the insight that botmasters themselves perform DNSBL lookups to determine whether their spamming bots are blacklisted. Using heuristics to identify which DNSBL lookups are perpetrated by a botmaster performing such reconnaissance, we are able to compile a list of likely bots. This paper studies the prevalence of DNSBL reconnaissance observed at a mirror of a well-known blacklist for a 45-day period, identifies the means by which botmasters are performing reconnaissance, and suggests the possibility of using counter-intelligence to discover likely bots. We find that bots are performing reconnaissance on behalf of other bots. Based on this finding, we suggest counter- intelligence techniques that may be useful for early bot detection. The paper referenced in the talk is available at: http://www.cc.gatech.edu/~feamster/papers/dnsbl.pdf" TARGET="_BLANK">http://www.cc.gatech.edu/~feamster/papers/dnsbl.pdf

Speakers
David Dagon, Georgia Tech University
Nick Feamster, Georgia Tech University
Nick Feamster is an assistant professor in the College of Computing at Georgia Tech. He received his Ph.D. in Computer science from MIT in 2005, and his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively. His research focuses on many aspects of computer networking and networked systems, including the design, measurement, and analysis of network routing protocols, network security, anonymous communication systems, and adaptive streaming media protocols. His honors include award papers at SIGCOMM 2006 (network-level behavior of spammers), the NSDI 2005 conference (fault detection in router configuration), Usenix Security 2002 (circumventing web censorship using Infranet), and Usenix Security 2001 (web cookie analysis).

Full Abstract

It's well known that the rise of peer-to-peer applications have had a major impact on the unprecedented increase in the Internet traffic worldwide. This phenomenon is very much particular in Japan due to popularity of fiber access services. An analysis was done on few interesting incidents that were observed in the past 6 months at JPNAP, a major IX in Japan. Before dawn on January 7 2006, a decline in aggregated traffic of about 20% at JPNAP was observed. We considered that quite a number of peer-to-peer windows machines rebooted automatically due to the emergency release of a Windows Update at that time. As a result a temporary traffic drop happened at JPNAP without any network troubles. Also, few interesting incidents happened at FIFA World Cup in June 2006. We could detect an anomalous traffic decline and recovery during World Cup matches in which the Japanese team was playing. These traffic trends were reported at the major ISPs' backbones in Japan, also. This phenomenon indicates that application behaviors of P2P machines and human activities in major social events could cause a huge impact on the Internet traffic. What does this mean to us network operators? There is a need to consider the possibility that such events could happen when we do network designs or scheduled maintenance work. If possible, we'd like to survey and compare the traffic statistics of other regions at the time of such events and to discuss the issue with operators.

Speakers
Yukiyasu Tarui, Internet Multifeed Co. / JPNAP
Yukiyasu Tarui is a network engineer at Internet Multifeed Co. In there, he has been developing and operating JPNAP service since 2000. He is responsible for a backbone architecture and traffic analyses of their networks. He's also involved as part of program committees at JANOG meeting.

Full Abstract

Speakers
Philip Smith

Full Abstract

Speakers
Anton Kapela

Full Abstract

Speakers
Geoff Huston

Full Abstract

Speakers
Alex Pilosov
Adam Rothschild

Full Abstract

Speakers
Larry Blunk

Full Abstract

Speakers
Peter Schoenmaker