Full Abstract

This presentation will be useful to network operators and technical decision makers who are embarking upon building segments of their network to superbly run voice products, or want to better support voice customers.

The presentation introduces key VoIP concepts of relevance to operators, and a review of VoIP security techniques.

Speakers
Andy Davidson, NetSumo Ltd
Andy Davidson is director of technology at the British ISP consultancy NetSumo, serves on the board of the LONAP internet exchange, and also the program committee for the UK Network Operators Forum. He has a special interest in IP interconnection techniques and policy.

He has had an interest in voip since 2001, and has built and managed several networks for VoIP service providers.

Full Abstract

The tutorial introduces service providers to some more advanced BGP features and techniques to aid with operating their networks within the Internet. After a recap of iBGP, eBGP and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and examine policy options available through the use of local preference, MED and communities. The tutorial then looks at deployment techniques, including aggregation, announcing and receiving prefixes, pressure points on the routing system, and some of the newer features available.

Speakers
Philip Smith, Cisco Systems
Philip Smith has been with Cisco Systems since 1998 and is based in Brisbane, Australia. He is a Consulting Engineer, part of the Service Provider Architectures Group in Corporate Development. His role includes working with many ISPs in the Asia Pacific region, specifically in network strategies, technology, design and operations, configuration and scaling. As part of an ISP and Internet education initiative, Philip runs several Routing and Internet Technology Workshops in the Asia Pacific region. He also assists as co-instructor at similar events in many other parts of the world. Philip also is closely involved in regional activities, being chair of the APRICOT Management Committee, chair of APOPS, member of the organising and programme committees for SANOG and PacNOG, as well as chair of APNIC's Routing and Internet Exchange Point Special Interest Groups. Prior to joining Cisco, he spent five years at PIPEX (now integrated into MCI's global network business), the UK's first commercial Internet Service Provider. He was one of the first engineers working in the commercial Internet in the UK, and played a key role in building the modern Internet in Europe.

Full Abstract

The tutorial introduces service providers to some more advanced BGP features and techniques to aid with operating their networks within the Internet. After a recap of iBGP, eBGP and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and examine policy options available through the use of local preference, MED and communities. The tutorial then looks at deployment techniques, including aggregation, announcing and receiving prefixes, pressure points on the routing system, and some of the newer features available.

Speakers
Philip Smith, Cisco Systems
Philip Smith has been with Cisco Systems since 1998 and is based in Brisbane, Australia. He is a Consulting Engineer, part of the Service Provider Architectures Group in Corporate Development. His role includes working with many ISPs in the Asia Pacific region, specifically in network strategies, technology, design and operations, configuration and scaling. As part of an ISP and Internet education initiative, Philip runs several Routing and Internet Technology Workshops in the Asia Pacific region. He also assists as co-instructor at similar events in many other parts of the world. Philip also is closely involved in regional activities, being chair of the APRICOT Management Committee, chair of APOPS, member of the organising and programme committees for SANOG and PacNOG, as well as chair of APNIC's Routing and Internet Exchange Point Special Interest Groups. Prior to joining Cisco, he spent five years at PIPEX (now integrated into MCI's global network business), the UK's first commercial Internet Service Provider. He was one of the first engineers working in the commercial Internet in the UK, and played a key role in building the modern Internet in Europe.

Full Abstract

Recent Events, DNSSEC Tools, Analysis

Speakers
Richard Lamb, IANA/ICANN
Rick started performing “IANA functions” in 2007 after escaping from Washington DC where he was Director Global IT Policy at the US Department of State. While there he spent much of his time working to ensure policymakers and other stakeholders understood the technology and philosophy behind the Internet and other information technologies (e.g., VoIP, WiFi, WiMax, open source software, IPv6, Internet censorship) writing position papers and leading the occasional delegation. In return he was indoctrinated into the process of policymaking and international negotiation, learning more than he wanted to know about various acronymatic processes, issues, agencies and organizations (including Internet Governance, Internet censorship, ITU, IETF, WSIS, NGN, APEC, OECD, IMO, IMSO, ITSO, .iq, CFIUS, OFAC, ITAR/DTRA, cable landing licenses, ICANN, NSTAC, DTI, USCG, NTIA, FCC, OSTP, DHS, NIST, USTR, OSD, VOA).

For the other 20+ years in the networking business Rick created and was CEO at a number of small startups including one acquired by Microsoft for its NAT/firewall technology. The rest of the time he spent on developing protocols and products behind other acronyms such as UUCP, MEP2, MHS, X.25, Bisync, TCP/IP, DECNET, IPX, ISDN, H.323, and yes, DNS. This overlapped with many years of digital and probabilistic signal processing work resulting in a EE PhD from MIT. Before all that, RF hardware design. Currently, as DNSSEC program manager, Rick has helped architect and engineer IANA’s DNSSEC signing system; and develop and coordinate ICANN’s position on DNSSEC for the domain names it is responsible for and for signing the root. He is also responsible for other nascent Internet security infrastructure efforts such as RPKI.

Full Abstract

Provides a thorough understanding of the end-to-end protocol, mechanics and service elements of IP multicast technologies used in IPTV networks. Transit transport design options will be presented. Source and network resiliency will be discussed along with path selection, admission control and channel changing

Speakers
Mike McBride, Cisco Systems
Mike is a SW Engineer in the Multicast Development group at Cisco Systems. His focus is the deployment of Multicast in the Service Provider space.

Full Abstract

Speakers
Steve Feldman, CNET/CBSI
Kris Foster, BitGravity
Philip Smith, Cisco Systems
Donald Welch, Merit Network

Full Abstract

Switch

Full Abstract

The Locator/ID Separation Protocol (LISP) is designed to ease the route scaling problem for both IPv4 and IPv6. This talk describes early practice and experiences deploying LISP on the operational Internet, and describes three independent implementations. It also describes practice and experience with the interworking techniques described in draft-lewis-lisp-interworking-00.txt. The base LISP spec can be found in draft-farinacci-lisp-07.txt, and the LISP control plane spec can be found in draft-fuller-lisp-alt-02.txt.

Speakers
David Meyer, Cisco/University of Oregon
David Meyer is currently a Director in the Advanced Research and Technologies Group at Cisco Systems, where he works on future directions for Internet technologies. He has been a member of the Internet Architecture Board (IAB) of the IETF (www.ietf.org), and is currently co-chair of the SPEERMINT working group. Until recently, he was chair of the MBONED, MSDP, and DNSOP working groups. He is a member of several IETF directorates and IRTF research groups. He is active in the operator community, and was a long standing member of the NANOG (www.nanog.org) program committee. He is also active in other standards organizations such as ANSI T1X1. See http://www.1-4-5.net/~dmm/vita.html for more information.

Full Abstract

An update on recent developments in the IEEE P802.3ba Task Force that is developing the 40 GbE and 100 GbE standards

Speakers
Greg Hankins, Force10 Networks
Greg Hankins is Director, Technical Marketing for Force10 Networks. He is responsible for working with ISPs and IXs around the world as a consulting engineer and product evangelist.

Full Abstract

The point of this survey is to gather useful data to help discover trends or common issues that we can all spend our time focusing on.

Speakers
Tom Scholl, AT&T Labs
Tom Scholl is a Lead New Technology Product Development Engineer at AT&T Labs. In the Global IP/MPLS backbone design & development team, he works on the design of routing architectures for the core network. Additional tasks include network integration of the legacy SBC Internet Services network to the AT&T common backbone. Tom has spent his last several years at SBC and Ameritech working in network engineering roles.

Full Abstract

The Internet was designed in the era when data calls were terminal to computer with one flow each way per person, and a long history of voice calls with one flow per person. Thus it should be no surprise that TCP and the Internet equipment were designed such that when congestion occurred, the result was “equal capacity per flow”. This results from large flows losing more packets than small flows when a queue overflows, which tends to equalize the rates. It was satisfying because this made users equal.

However, today computers generate the flows and they are not restricted to one flow, they can generate thousands of flows if that would improve a data transfer. Unfortunately, it will greatly improve the capacity they can achieve, more or less linearly with the number of flows. P2P discovered this in 1999 and since then it has been able to consume the majority of the pooled capacity made available for large groups of people, both in ISP’s and at Universities. Most P2P users don’t even understand that they are using the capacity paid for or intended for many other users. But the problem is not just P2P. Now that one application has used multi-flows to gain capacity; other applications like FTP are likely to do the same, if just to gain parity. Then HTTP will send each image as multi-flow and the race is on. This will quickly destroy NAT and the problems will multiply.

However, a simple alternative exists, and that is to change the equality rule to the concept of “equal capacity for equal payment”. In many cases this will be equal capacity per user, as was intended originally. This does not differentiate based on application or the data source. It is in fact much less expensive to implement than DPI looking for P2P varieties. It only requires measuring the usage of each user and equalizing their capacity. Once implemented at the network edge, it forever fixes the fairness problem and applications can then concentrate on saving money, not maximizing capacity at the expense of others.

Speakers
Lawrence Roberts, Anagran
Dr. Roberts is currently Founder, Chairman and Chief Architect of Anagran Inc. Anagran is currently manufacturing flow rate management network equipment, the first major improvement in packet network technology in the 40 years since Dr. Roberts designed and managed the first packet network, the ARPANET (now the Internet). At that time, in 1967, Dr. Roberts became the Chief Scientist of ARPA taking on the task of designing, funding, and managing a radically new communications network concept (packet switching) to interconnect computers worldwide. The first for nodes of the ARPANET were installed in 1969 and by 1973 when Dr. Roberts left ARPA to become CEO of Telenet (now part of Sprint), the concept of packet switching had been well proven to the world and the ARPANET had grown to 52 computers including a packet radio subnet and a satellite extension to Europe. Dr. Roberts has BS, MS, and Ph.D. Degrees from MIT and has received numerous awards for his work, including the Secretary of Defense Meritorious Service Medal, the L.M. Ericsson prize for research in data communications, in 1992 the W. Wallace McDowell Award, in 1998 the ACM SIGCOMM Award, in 2000 the IEEE Internet Award, in 2001 the National Academy of Engineering Draper Award, in 2002 the Principe de Asturias Award, and in 2005 the NEC Computer and Communication Award.

Full Abstract

Many Service Providers are migrating to a converged infrastructure capable of offering multiple services including Residential Triple Play and Business VPN Applications. While this reduces infrastructure costs, ensuring service quality and security becomes more complex. Proactive network monitoring using standards based protocols can be used to study traffic patterns, identify top talkers, monitor service quality, and detect anomalies in such networks. The presentation provides solutions for monitoring residential services like video, voice and HSIA, and business services like Layer 2/Layer 3 VPNS.

Speakers
Rahul Vir, Foundry Networks

Full Abstract

Speakers
Richard Steenbergen, nLayer Communications
Richard Steenbergen is the founder of nLayer Communications, where he has served as Chief Technical Officer since 2003. In a past life, he served as a Sr. Network Engineer for some large NSPs, and was a Sr. Software Engineer responsible for the development of optimized routing technologies at netVmg.

Full Abstract

Speakers
Betty Burke, Merit Network

Full Abstract

Speakers
Patrick Okui
Duane Wessels, The Measurement Factory

Full Abstract

Widespread use of "Trust-on-first-use" (tofu) host authentication, most commonly associated with protocols like SSH and SSL with self-signed certificates, demonstrates significant demand for a host authentication mechanism that is low-cost and easy to deploy. While tofu applications are a clear improvement compared to completely insecure protocols, they can leave users vulnerable to even simple network attacks. Our system, Perspectives, thwarts such attacks using a network overlay that observes a server’s public key via multiple network vantage points (detecting localized attacks) and keeps a record of the server’s key over time (recognizing short-lived attacks). Clients that receive an unauthenticated key can contact this overlay and check the key against these records, detecting many common attacks. The Perspectives design explores a promising part of the host authentication design space: tofu applications gain significant attack robustness while retaining the basic ease-of-use that makes "Trust-on-first-use" so popular. We present a full network overlay and client design, analyze the security provided by the system, and describe our experience building and deploying a publicly available implementation.

Speakers
David Anderson, Carnegie Mellon
Adrian Perrig, Carnegie Mellon
Dan Wendlandt, Carnegie Mellon
Dan recently finished his third year s a PhD student at Carnegie Mellon University. He is generally interested in networks and security, particularly as they relate to economics. Sor far, he has mainly worked on routing security, host authentication, and DDoS. He is currently on a leave of absence working at Nicira Networks in Palo Alto, C A

Full Abstract

In this paper, we introduce a novel approach for profiling and classifying endpoints, i.e., IP addresses. We implement and deploy a Google-based profiling tool, which accurately characterizes endpoint behavior by collecting and strategically combining information freely available on the web. Our 'unconstrained endpoint profiling' approach shows remarkable advances in the following scenarios: (i) Even when no packet traces are available, it can accurately predict application and protocol usage trends at arbitrary networks; (ii) When network traces are available, it dramatically outperforms state-of-the-art classification tools; (iii) When sampled flow-level traces are available, it retains high classification capabilities when other schemes literally fall apart. Using this approach, we perform unconstrained endpoint profiling at a global scale: for clients in four different world regions (Asia, South and North America and Europe). We provide the first-of-its kind endpoint analysis which reveals fascinating similarities and differences among these regions.

Speakers
Aleksandar Kuzmanovic, Northwestern University
Antonio Nucci, Narus
Supranamaya Ranjan, Narus
Dr. Supranamaya Ranjan is a Senior Member of Technical Staff in the Office of CTO at Narus, Inc. He obtained his PhD in Electrical Engineering in 2005 from Rice University. His interests are in designing solutions for detecting and preventing all things malicious in the Internet including Worms, Distributed Denial-of-Service attacks (DDoS), Botnets and Prefix Hijacking attacks.

Ionut Trestian, Northwestern University
Ionut Trestian is a 2nd year PhD graduate student at Northwestern University, Evanston. He is advised by Prof. Aleksandar Kuzmanovic. His interests are broadly in the areas of network measurement, network security and social networks.

Full Abstract

Speakers
Peter Cohen, Switch and Data

Full Abstract

Speakers
Moderator - Brokaw Price, Yahoo!
Panelist - US, AP & EU Participation Solicited

Full Abstract

Speakers
Brokaw Price, Yahoo!

Full Abstract

Alcatel-Lucent

Full Abstract

This presentation will include:
* description of the features of the service, and the technologies involved.
* the multicast landscape in the UK
* JANET, the UK's academic network
* getting it working (or, rather, "it just worked...")
* inter-as multicast
* QoS (or, what's really needed to make IPTV work)
* problems we've hit, and how we overcame them (or ignored them...)
* VoD and network scaling issues
* Where next? (International plans, etc)

Speakers
Simon Lockhart, Bogons, Inuk Networks
Simon Lockhart is Technical Director at Inuk Networks, where he is responsible
for technical architecture and infrastructure, as well as R&D. Prior to Inuk
Networks he worked for over 10 years at the BBC developing and building its
Web and Streaming infrastructure. He is currently a Non-Executive Director
of the London Internet Exchange (LINX).

Full Abstract

In order to provide a technology demonstration, IANA has prepared a secure, trustable, and accountable DNSSEC signing infrastructure to sign the zones for which IANA is responsible. This presentation will provide an overview of the design goals, discuss the architecture and implementation, and discuss the next steps needed to be undertaken to facilitate greater DNSSEC deployment.

Speakers
Richard Lamb, IANA/ICANN
Rick started performing “IANA functions” in 2007 after escaping from Washington DC where he was Director Global IT Policy at the US Department of State. While there he spent much of his time working to ensure policymakers and other stakeholders understood the technology and philosophy behind the Internet and other information technologies (e.g., VoIP, WiFi, WiMax, open source software, IPv6, Internet censorship) writing position papers and leading the occasional delegation. In return he was indoctrinated into the process of policymaking and international negotiation, learning more than he wanted to know about various acronymatic processes, issues, agencies and organizations (including Internet Governance, Internet censorship, ITU, IETF, WSIS, NGN, APEC, OECD, IMO, IMSO, ITSO, .iq, CFIUS, OFAC, ITAR/DTRA, cable landing licenses, ICANN, NSTAC, DTI, USCG, NTIA, FCC, OSTP, DHS, NIST, USTR, OSD, VOA).

For the other 20+ years in the networking business Rick created and was CEO at a number of small startups including one acquired by Microsoft for its NAT/firewall technology. The rest of the time he spent on developing protocols and products behind other acronyms such as UUCP, MEP2, MHS, X.25, Bisync, TCP/IP, DECNET, IPX, ISDN, H.323, and yes, DNS. This overlapped with many years of digital and probabilistic signal processing work resulting in a EE PhD from MIT. Before all that, RF hardware design. Currently, as DNSSEC program manager, Rick has helped architect and engineer IANA’s DNSSEC signing system; and develop and coordinate ICANN’s position on DNSSEC for the domain names it is responsible for and for signing the root. He is also responsible for other nascent Internet security infrastructure efforts such as RPKI.

Full Abstract

Speakers
Majdi Abbas, Highwinds Network Group

Full Abstract

While it's understood that each network will make its own decisions in deploying IPv6, there hasn't been much dialog on the overall coordination of expectations between networks that is necessary to maintain "one connected Internet" during this transition. In this talk, John will cover one possible timeline and set of expectations which could be used to coordinate overall transition to IPv6.

Speakers
John Curran, ServerVault Corp/ARIN
John Curran is the Chairman of Board of ARIN, the American Registry for Internet Numbers. John helped found ARIN five years ago and has served as Chair since its inception. ARIN has over 1800 members and is the Regional Internet Registry managing IP address resources for the North America, South America and the Caribbean region. When not managing ARIN, John is the Chief Technology Officer and Vice President of Engineering at XO Communications, a facilities-based communications provider in Reston, Virginia.

Full Abstract

In "Stealing the Internet" Kapela and Pilosov will describe a method where an attacker exploits the BGP routing system to facilitate transparent interception of IP packets. The method will be shown to function at a scale previously thought by many as unachievable. The talk highlights a new twist in sub-prefix hijacking that we demonstrated at Defcon 16: using intrinsic BGP logic to both "attract" network traffic and simultaneously create a 'feasible path' towards the target network. This method will be shown to preserve end-to-end reachability while creating a virtual 'wire tap' at the attackers network.

Speakers
Anton Kapela, 5Nines Data
Anton Kapela is a co-owner and partner at 5Nines Data, a Datacenter and IT solutions company in Madison, Wisconsin, where he is responsible for the architecture and implementation of network services and datacenter facilities. Prior to 5Nines Anton actively consulted with several network, wireless, and communications industry companies. His most memorable clients have been Redline Communications, Motorola's Canopy Wireless division, and a subsidiary of Research In Motion known as 'Slipstream.' More recently he consulted on Internap Networks' acquisition and integration of VitalStream - a Content Delivery Network.

Anton is actively involved in the Internet operations and research community and has been a frequent presenter at numerous Operators Group meetings on a variety of topics.

Alex Pilosov, Pilsoft

Full Abstract

Internet pioneers Van Jacobson, Lixia Zhang, Danny Cohen, Bob Braden, and Paul Mockapetris will share their recollections of the "behind the scenes" discussions that went on in the "early" days, some 15 or 20 years ago, and you may be surprised at how they mirror the very same threads currently being seen on message lists in our community.

These key players were in the original discussions about addressing, and even then struggled with the looming challenge of address exhaustion. You won’t want to miss this chance to examine the current addressing crisis through the lens of experience.

Speakers
Moderator - Bob Hinden, Nokia
Bob Hinden is a Nokia Fellow and works for Nokia in Mountain View, California, USA. Nokia Fellow is the highest level of recognition given by Nokia for outstanding research and development. He was previously Head of Standards at Nokia Enterprise Solutions, Chief Internet Technologist at Nokia Networks, and Chief Technical Officer (CTO) at the Nokia IP Routing Group.

Bob Hinden was one of the early employees (i.e., employee number 4) of Ipsilon Networks, Inc. Ipsilon was acquired by Nokia on December 31, 1997. He was previously employed at Sun Microsystems where he was responsible for the Internet Engineering group that implements internet protocols for Sun's operating systems. Prior to this he worked at Bolt, Beranek, and Newman, Inc. on a variety of internetwork related projects including the first operational internet router and one of the first TCP/IP implementations.

Bob Hinden was co-recipient of the 2008 IEEE Internet Award for pioneering work in the development of the first Internet routers.

Bob Hinden has been active in the IETF since 1985 and is is the author of thirty-six RFCs. He was recently appointed to a position on the IETF Administrative Oversight Committee (IAOC) and co-chairs the 6man working group. Prior to this he served on the Internet Architecture Board (IAB), was Area Director for Routing in the Internet Engineering Steering group from 1987 to 1994, and chaired the IPv6, Virtual Router Redundancy Protocol, Simple Internet Protocol Plus,the IP over ATM, and the Open Routing working groups. He is also a member of the RFC Editorial Board.

Bob Hinden holds an B.S.E.E., and a M.S. in Computer Science from Union College, Schenectady, New York.

Panelist - Bob Braden, ISI.
Panelist - Danny Cohen, Sun
Danny led many projects that pioneered the use of packet networks for realtime applications (like flight simulation, voice, video, and teleconferencing) He participated in the InterNet Working Group that among other things defined IP and many 3-letter acronyms such as TCP.
He opposed the fix length addressing of IPv4. His failure then to convince the INWG to adopt a variable length addressing is blamed for the need to have IPv6.

Panelist - Van Jacobson, PARC
Van Jacobson did some networking stuff a long time ago. These days he spends most of his time chauffeuring a grumpy teenager & a loud seven year old. Occasionally he gives talks for people who are too busy doing real work to talk about it.

Panelist - Paul Mockapetris, Nominum.
Panelist - Lixia Zhang, UCLA
Lixia Zhang is a Professor in the UCLA Computer Science Department. She received her Ph.D. degree from MIT in 1989. Lixia was a research staff member at Xerox PARC from 1989 to 1995, when she joined UCLA. Her recent research projects have focused on fault tolerance in large-scale systems and network routing protocols.