Sunday, June 2, 2013
Topic/Presenter |
---|
Full AbstractMeet and greet the NANOG community and start socializing! |
Full AbstractVerisign |
RecordingsFull AbstractSpeakers |
RecordingsFull AbstractCommotion (www.commotionwireless.net) is an open-source communication tool that uses mobile phones, computers, and other wireless devices to create decentralized mesh networks. The Open Technology Institute, in collaboration with numerous open source projects from around the globe, is building a new type of tool for democratic organizing: one that uses a distributed mesh infrastructure to provide key enhancements to existing circumvention technologies -- supporting human rights advocates, civil society organizations, and low-cost communications. A distributed infrastructure makes it extremely difficult for a government to completely disrupt communications. In addition, “device-as-infrastructure” networks enhance communications security among their participants by eliminating points for centralized monitoring, enabling direct peer-to-peer communication, and aggregating and securing individual communications streams. Commotion is both an R&D effort -- pioneering numerous innovations in the open source mesh wireless space -- as well as an intervention that supports secure and free communications wherever it's deployed. Speakers |
RecordingsFull AbstractSpeakers |
RecordingsFull AbstractPLXsert (Prolexic Security Engineering and Response Team) is responsible for security research and threat intelligence for Prolexic Technologies. The Distributed Denial of Service outlook definitely took new turn in 2012 and is continuing on that track for 2013. The threat landscape is one that requires two perspectives for a comprehensive view into the tactics of involved malicious actors. On the defensive side of the spectrum, these developments have paved way for creative innovation. Prolexic has been in the unique position to be able to observe this evolutionary process over the years, which has enabled the ability to stay on the forefront of upcoming attack techniques and associated BOTNETs. PLXsert will reveal findings and statistics that can only be collected from that of the defensive side. We will also disclose specific case studies that review some of the highlighted attack campaigns and toolsets behind this ongoing elevated threat within the one hour presentation. Speakers Terrence Gareau, PLXsert |
RecordingsFull AbstractThe pace of optics technology development has been increasing. Some of the advances are similar to past innovation, in particular increases in per lane data rate, for example from 1Gb/s to 10Gb/s to enable increase in link data rate from 1GbE to 10GbE. Other advances are new, for example parallel fiber and wavelength division multiplexing (WDM) that enabled 40GbE and 100GbE. There are future technologies, such as higher order modulation (HOM) which will be combined with the past innovations to lead to future data rate increases to 400GbE and 1.6TbE. Some of these advances are transparent to network operators, like lane rate increase, WDM and HOM. Others like parallel fiber lead to operational changes. The per lane data rate increases will accelerate the shift from copper to fiber because of physics limitations, which will change datacenter cabling. Innovations such as ML (multi-link) pluggable modules, OEs (board mounted optical engines), and new light sources will enable higher density, flatter interconnect, which will require operational changes in breaking out and aggregating individual links. Technology improvements will reduce the energy per bit/sec, however this will not be sufficient to offset the increases in speed and density, and thermal management will become more demanding. Speakers |
Monday, June 3, 2013
Topic/Presenter |
---|
Full AbstractCo-Chairs: Merike Kaeo and Krassimir Tzvetanov. The will revolve around the various vectors for the attack on cloudflare and how to mitigate them (e.g. securing IXes and not routing their address space, open resolvers and other amplifiers, BCP38, etc.). Speakers Krassimir Tzvetanov, Cisco Systems |
RecordingsFull AbstractSpeakers Aaron Hughes, 6connect |
Full AbstractSpeakers |
|
Full AbstractBTI Systems |
RecordingsFull AbstractThe IETF declared IPv6 done in 1998. We've had World IPv6 Day and World IPv6 Launch. But are we really there yet. I'll be talking about what useful progress has been made, all sorts of operational gaps and standards language ambiguities we're hitting now that there are real deployments and what still needs to be done. Yes, you can deploy IPv6 now. Just be sure you're packing all the right stuff. Speakers |
RecordingsFull AbstractThe tutorial introduces service providers to important BGP features and techniques to aid with operating their networks within the Internet. After a recap of iBGP, eBGP and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and examine policy options available through the use of local preference, MED and communities. The tutorial then looks at deployment techniques, including aggregation, announcing and receiving prefixes, and pressure points on the routing system. Speakers |
Full AbstractInCNTRE offers the "OpenFlow in a day" workshop. (Which will be condensed to two 90-minute slots for NANOG.) It's a mix of hands-on exercises and lecture. Amazon Web Services VMs are used for the hands-on portion. The slides are are available via a creative commons license (see link below), and the Amazon Machine Image used is public, so you could use the materials to conduct addition workshops. The agenda includes the following topics: OpenFlow use cases OpenFlow's origin ONF overview SDN overview OpenFlow overview OpenFlow (more detail) OpenFlow 1.0 vs. 1.1+ OpenFlow QoS Hands on exericses + learn switch + manual rule insertion + flowvisor virutalzation Speakers |
RecordingsFull AbstractInCNTRE offers the "OpenFlow in a day" workshop. (Which will be condensed to two 90-minute slots for NANOG.) It's a mix of hands-on exercises and lecture. Amazon Web Services VMs are used for the hands-on portion. The slides are are available via a creative commons license (see link below), and the Amazon Machine Image used is public, so you could use the materials to conduct addition workshops. The agenda includes the following topics: OpenFlow use cases OpenFlow's origin ONF overview SDN overview OpenFlow overview OpenFlow (more detail) OpenFlow 1.0 vs. 1.1+ OpenFlow QoS Hands on exericses + learn switch + manual rule insertion + flowvisor virutalzation Speakers |
RecordingsFull AbstractThe tutorial introduces service providers to important BGP features and techniques to aid with operating their networks within the Internet. After a recap of iBGP, eBGP and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and examine policy options available through the use of local preference, MED and communities. The tutorial then looks at deployment techniques, including aggregation, announcing and receiving prefixes, and pressure points on the routing system. Speakers |
RecordingsFull AbstractThe introduction to timing tutorial presents an in depth overview of the history of timing in network and telecom and it's operation. We will explore building integrated timing system(BITS), network timing protocol (NTP) and precision time protocol (PTP) among others. We will examine the core use, theory and practice, as well as operational examples to help show deployment considerations in real-world networks. This tutorial is for those network operators who are new to timing and its application. Speakers |
Full AbstractOperator experience using MPLS RSVP-TE Auto-Bandwidth, the good, the bad, and the ugly. Speakers |
|
Full AbstractService providers are deploying more off-the-shelf hardware to host virtual machines. Applications which run on those machines can make use of topological information to optimize delivery of traffic. Also the network's awareness of the virtual machines can aid in understanding the service topology and redundancy. This talk discusses a possible method using LLDP (Link-Layer Discovery Protocol) to discover edge capabilities and BGP Link-State to distribute these through the network. Speakers |
Full AbstractIf a layer-2 switch running MLD-snooping learns multicast state for IPv6 Solicited-Nodes addresses used by Neighbor Discovery (ND), it may exhaust its multicast state resources and perform in an unspecified or degraded manner. This presentation outlines the problem, test procedure, and possible work-arounds and solutions Speakers |
Tuesday, June 4, 2013
Topic/Presenter |
---|
RecordingsFull AbstractARIN's Public Policy Consultation (PPC) is part of ARIN's recently revised Policy Development Process; it is an open public discussion of number resource policy. Registered NANOG 58 attendees do not need to register to participate in this session. Learn more at https://www.arin.net/ppc_nanog58/. Current policy proposals up for discussion at this consultation are: > Recommended Draft Policy ARIN-2013-1: Section 8.4 Inter-RIR Transfers of ASNs > Draft Policy ARIN-2013-2: 3GPP Network IP Resource Policy > Draft Policy ARIN-2013-4: RIR Principles > Draft Policy ARIN-2013-5: LIR/ISP and End-user Definitions |
Full AbstractIn the style of the highly successful Peering BOF, the Datacenter BOF will explore datacenter topics of interest to the NANOG community, with several goals: - Smaller group than the plenary - Maximum audience participation - Strong educational goal - Rotating moderators after establishment Possible sessions inside the BOF: - Debate: e.g. Wholesale datacenter vs retail colocation (possible debaters: David Roach and Chris Sharp) - Session on PUE and other common data center metrics - Datacenter spotlights - 10 minute sessions from providers on new and under construction facilities - Location Panels - group discussions on particular geographies, such as San Jose, Ashburn, Seattle, Boston, etc. - User feedback panels - Inspired by VERY successful GPF session on "what customers want to see in colocation providers" - Session on how to buy using RFPs - Sessions on green data center technologies Speakers Moderator - Marty Hannigan |
Full AbstractAlcatel-Lucent |
|
Full AbstractSpeakers |
Full AbstractThe Internet2 Network offers a full range of network services tailored to the unique needs of research and education (R&E). This talk looks at some of the needs of the R&E community and how they have driven platform and service choices. In particular, the role of SDN in overall architecture including Layer2 OpenFlow and Non-OpenFlow services as well as Routed services will be discussed. Speakers Chris Spears, Internet2 |
RecordingsFull AbstractWhen ESnet received the ANI grant to build a new 100GE network, it already had its fourth-generation network in full production, using multiple 10GE links. ESnet4 was comprised of routers from two vendors, used two IGPs (OSPF for IPv4 and IS-IS for IPv6), and had separate infrastructures for production IP traffic and for research traffic (the latter of which could be reserved using OSCARS--an early form of SDN). The ANI 100GE that was constructed used a third vendor, had only one IGP (IS-IS), and promised to consolidate the OSCARS reservation system, with its sophisticated MPLS backend, into a single very-high-speed network. This talk will cover the lessons learned during the daunting task of consolidating the existing ESnet4 and the new ANI networks into a single production network: ESnet5. This talk discusses some of the main issues with the rollout of the new production 100GE network that ESnet has developed in very close partnership with Internet2, and my part will be to discuss mainly Layer-3 issues: Consolidating routing protocols and routers and creating a cleaner and simpler design, while minimizing downtime during the transition. My hope is that this talk will help to answer questions such as: Why is planning doubly-important in major network migrations? Why was it necessary to turn on *OSPFv3* just to migrate from OSPFv2 and IS-IS to IS-IS only? How did you deal with bottlenecks and routing loops? Why did you use the Brady Bunch as a metaphor given that you never liked that show? Speakers |
RecordingsFull AbstractSpeakers |
Full AbstractTerremark |
Full AbstractThere are many new pressures and requirements emerging in today’s home networks: The need for separation of visiting guest users from home users, community Wi-Fi services, smart grid, home automation & security, and an ever increasing number and type of IP enabled devices in the subscriber home are all strong motivations for additional routers and multiple LANs in the home. The emergence of heterogeneous link layer technologies, machine to machine communication, IP & multicast video streaming, video content sharing inside the home, telecommuting and corporate IT requirements, and the possibility of home network multi-homing are all also driving additional complexity and new requirements into home networks. This talk will present a four-phase, incremental approach to solving these emerging home networking issues. This incremental approach includes a novel near-term solution to Home IP networking (HIPnet), which applies many of the tools and protocols within the IPv6 framework in new ways in order to enable a completely self-configuring dual-stack (IPv4 & IPv6) multi-router home network capable of supporting the full range of in-home IP services. This near-term approach leverages the existing Neighbor Discovery and DHCPv6 protocols, making it simple and cheap to implement in the near term while also providing a migration path to more complex long-term solutions utilizing routing protocols to increase the efficiency of home networks where needed. Speakers |
Full AbstractSoftLayer has begun designing a router and server configuration method for our hosting environment which improves IPv4 address conservation. The basic topology of Ethernet to server / dedicated VLAN per customer in a hosting environment includes use of "global gateways" and the shared address pool 100.64.0.0/10 Speakers |
Full AbstractWe present our work on the development of a centralized routing control agent for large-scale data-center networks. The objective is to build a system that enables easy and consistent modification of routing behavior in a data-center network via a simple REST-based API. Major applications include, but not limited to, hitless bypass of network facilities (e.g. links or routers) for the purpose of maintenance; per-prefix unequal-cost load-sharing to compensate for asymmetries in network topologies and automated isolation of “gray” network failures. We demonstrate how the use of centralized agent with full network visibility allows for network updates without creating transient micro-loops. The most prominent feature of our approach is the use of BGP as the signaling protocol for controlling and monitoring network routing state. We compare our approach to more “widely known” OpenFlow models and argue that using BGP allows for low-risk deployment of SDN features. The proposed approach allows us to maintain full backward compatibility with existing routing designs and quick failover in case of unexpected behavior. Speakers |
|
RecordingsFull AbstractIn this talk, we introduce Segment Routing, a simple breakthrough in network engineering technology that may add benefit to IP and MPLS network operations. Segment Routing (SR) works by encoding a path across a network as an ordered list of segments, which may be links, multi-hop tunnels between nodes, and more. SR uses today's dataplane technologies without any modification, supports MPLS, IPv4 and IPv6, and requires only very modest changes to existing routing protocols. SR is also fully documented in IETF drafts with both multi-vendor and multi-operator contribution, thereby increasing the likelihood of interoperable implementations. Segment Routing allows operators to program new service topologies without the traditional concerns around network state explosion. Using SDN procedures, the head end can program a ordered list of segment identifiers (MPLS labels, IPv6 routing headers) that enable explicit source routing. This can allow for service level differentiation, potentially providing new enhanced service offering opportunities for operators. SR can be introduced slowly into a network without any flag day events, thereby minimizing disruption. Speakers |
Full AbstractPeeringDB is a unique source of user submitted peering information! But is it worthy of the operator's trust that automated tooling requires? Based on novel research performed with various data sources, this quantitative analysis sheds light on how we must view PeeringDB and its role in the peering ecosystem. Speakers |
Wednesday, June 5, 2013
Topic/Presenter |
---|
Recordings |
Full AbstractSpeakers |
|
|
Full AbstractSpeakers |
Full AbstractSpeakers |
|
RecordingsFull AbstractConventional wisdom says network operators must buy IPv4 addresses or deploy CGN as long as content and electronics are IPv4-only. But as long as ISPs buy IPv4 addresses or use CGN, there's little reason for content or electronics to support IPv6. Using game theory, Lee Howard presents a decision tree allowing companies in each segment of the industry to figure out when they need IPv6. Speakers |
Full AbstractEquinix |
Full AbstractThis presentation will present architectural considerations for deploying Carrier Grade NAT into an existing network. Considerations include IPv4 depletion, reduction of impact to existing customers, dealing with the new architectural needs of CGN and IPv6 current/future operation. The talk would be based in principle on information documented in "draft-ietf-opsawg-lsn-deployment" and operational experience using this architecture. The talk will present BGP/MPLS IP VPNs as a solid technological framework which could be used to safely and adequately implement an overlay CGN infrastructure. A comparison would be made to other generic options with advantages and disadvantages noted. Speakers |
RecordingsFull AbstractThe relative value of working from home has been discussed intensely in the media recently. We do a somewhat systematic review of the data, such as it is, to attempt to understand who is working from home, what is going well for them and what is not. Working from home ends up damaging or sidelining careers and salary and harming creativity while boosting productivity and certain kinds of satisfaction. It's a wash. Speakers Todd Underwood |
Full AbstractA technique is presented in which network service definitions such as line services or LAN services are used to create, modify, and delete optical and packet paths dynamically. This coupling of packet and optical paths to Service definition can improve network utilization at both layers and improve the power efficiency of the network overall. Speakers |
Full AbstractThe BGP Flow Specification described in RFC 5575 defines a new BGP Network Layer Reachability Information (NLRI) format that can be used to distribute traffic flow specification rules. The flowspec matching criteria applied to IP traffic include source and destination prefix, IP protocol, source and destination port numbers, TCP flags, and other packet fields. RFC 5575 itself describes an application of flowspec to automate the distribution of traffic filtering rules from a single point of control for the mitigation of DDoS attacks. This flowspec application has been implemented in routers and mitigation appliances, and is a valuable tool used today in the protection of network resources against DDoS attacks. Nevertheless, with the rise of more sophisticated application layer DDoS attacks, a significant portion of DDoS attacks cannot be effectively mitigated only by the application of L3/L4 traffic filtering rules, and require a more sophisticated DPI-capable DDoS mitigation appliance that can detect and filter attacks at the application layer. These application-layer DDoS mitigation appliances capable of performing “surgical mitigations” are usually shared resources that require the diversion of attack traffic to designated locations where this traffic can be scrubbed and reinjected in the network later. This traffic diversion is performed using BGP prefixes (IPv4/IPv6 NLRI), and it usually requires careful planning of the route announcements in the routing domain, followed by a planned reinjection of this traffic back to its intended destination, in order to avoid loops and/or drops of legitimate traffic. This article describes a solution for the “surgical diversion” of traffic to the mitigation appliance using BGP flowspec. Traffic diversion using BGP flowspec intends to provide a traffic redirection solution that is simpler to design, less intrusive to the routing domain, and more granular in its control, ultimately providing a better optimization of the shared mitigation capacity available. Speakers |