Agenda
Click on any talk title in the agenda to view the full abstract and speaker info.
Watch the Webcast Please note agenda is subject to change.
Monday, June 14, 2021
| Topic |
|---|
Full AbstractWelcome to NANOG 82 - Virtual Speakers
|
Full AbstractThe network automation stack at Roblox has grown and evolved over time taking into account several old and new use cases, as well as problems and challenges encountered over time. Quite often, we hear people talking about the amazing work happening in organizations around network automation that aims to solve hard problems and simplify workflows. We don't however, hear much about the problems and challenges that Network Automation teams face with their existing automation stacks on a day to day basis as the network grows and demands increase. Speakers
|
Full AbstractToo many engineers still believe that the only significant advantage of IPv6 over IPv4 is that it is larger. While this is technically true, it is not the whole truth. This presentation briefs explores two difficult business problems and their IPv6-centric solutions, clearly outlining the superiority of IPv6 in certain architectures. The presentation ends with a brief discussion on network automation that relates specifically to these IPv6-centric solutions. Attendees are also given access to professional whitepapers detailing each solution as well as the source code for all automation tools discussed. Speakers
|
Full AbstractPut your NANOG + network engineering knowledge to the test with a round of Kahoot trivia during the last 15 minutes of the break. https://nanog.zoom.us/j/99397289548?pwd=UkdPamx2QkFPeThtSXJTK1RFZi9lZz09 Make sure you open the Kahoot! app or a separate web browser to Kahoot.it to play along! Sponsors: |
FilesFull AbstractAre you a Newcomer to NANOG? Would you like to network with other Newcomers and NANOG veterans? Join us for the Zoom Session! See the attached file for talking points to be used in the breakout rooms. |
|
|
Full AbstractIn this talk, we provide one of the first end-to-end studies of global DDoS traffic. We leverage a unique multi-year collaboration with Nokia CSP customers around the world to trace DDoS traffic from its IPHM hosting and botnet origins through global transit and on to the final consumer and enterprise network intended victims. Our data includes real-time telemetry from several thousand of backbone routers across a geographically and business model diverse set of carriers (i.e global transit, consumer, regional provider, web scale, hosting, etc). In addition, we estimate potential future scale of DDoS attacks using extensive crawling of active IPv4/IPv6 address space to discover potential abuse endpoints as well as packet traces gathered from commercial accounts on the top commercial “booter” services. Our major findings include: Peak daily aggregate DDoS traffic rates have more than doubled over the last year. At the end of 2020, we measured average daily 5min peaks at 1.5 Tbps. In March 20201, the average daily peak exceeded 3 Tbps in transit networks The majority of DDoS (as measured by spoofed pps and number of events) originated in less than fifty IPHM hosting companies and regional carriers. While DDoS traffic reaching victim enterprise / consumer networks peaked at 3 Tbps, we observed spoofed pps origination rates exceeding 50 Mpps and represent a potential 5x or more larger amplified attack potential. We show observed attack bandwidth at destination victim networks remains a fraction of potential due to errors in selection of amplifiers, non-optimal amplifier payload creation and widespread use of rate limiters on peering connections Finally, we evaluate the efficacy of different DDoS mitigation strategies, including open source code and BGP FlowSpec as well as the use programmable router filters. We show recent routers OS / hardware offerings from most vendors can block up to 98% of all volumetric DDoS Speakers
|
Full AbstractDistributed denial of service (DDoS) attacks are at the tipping point of becoming everybody's top concern: (1) the peak capacity of DDoS attacks has been growing exponentially for years, (2) this trend is not slowing down, and (3) most attacks are not yet very sophisticated. While current DDoS protection systems have been able to match the peak capacity of attacks, they are brittle in the face of the increasing sophistication of attacks. In this talk, we introduce Gatekeeper, a DDoS protection system that scales to any peak capacity, delivers unparalleled multi-vector protection and mitigates attacks in seconds. Speakers
|
Full AbstractThe DNS is changing. Current efforts to add privacy through channel encryption in the DNS are just part of a larger picture. Authentication of DNS responses through DNSSEC is also part of the picture, as well as transport layer robustness and the concerns over the continued use of UDP as the common substrate. In addition, we are now adding a rich layer of service rendezvous tools to the DNS through the SVCB and HTTPSSVC records. Taken together, these are a lot of changes to a vital component of common Internet infrastructure and it is reasonable to ask how likely these proposed DNS changes are to see deployment and will the DNS be fundamentally changed along the way? Speakers
|
Tuesday, June 15, 2021
| Topic |
|---|
Full AbstractMeeting Agenda, slide deck, and link to webinar available at |
Full AbstractThis presentation describes recent enhancements to PING and TRACEROUTE as per RFC 5837 and RFC 8335. Speakers
|
Speakers
|
Full AbstractPut your NANOG + network engineering knowledge to the test with a round of Kahoot trivia during the last 15 minutes of the break. Join the Zoom Session as early as 1:30pm EDT. Make sure you open the Kahoot! app or a separate web browser to Kahoot.it to play along! Sponsors: |
FilesFull AbstractWould you like to participate in the WIT Networking Session at NANOG 82? Join us for the Zoom Session! See the attached file for talking points to be used in the breakout rooms. |
|
|
Full AbstractThis presentation discusses applications of Segment Routing Flex-Algo, including (i) path diversity (ii) differential traffic treatment for low-latency vs bulk internet traffic. Also we will show how Flex-Algo is used as a key ingredient in network slicing deployments, and provides a way of coupling telco cloud overlay networks into the desired flavor of colored underlay transport. Finally, we will discuss how colored transport can be extended across multiple ASes using BGP Classful Transport. Speakers
|
RecordingsFilesFull AbstractIn this talk we discuss the security of US "Alerting Authorities" (AA) in the context of web-based communication: we study the domain namespace structure, DNSSEC penetration, and web certificates. We introduce an integrative threat model to better understand whether and how the online presence and services of AAs are harmed. Although we observe partial heightened security relative to the global Internet trends, yet find cause for concern as about 78% of service providers fail to deploy measures of trustworthy service provision. We discuss the causes for the shortcomings and suggest a number of improvements for web-based communication directed at Alerting Authorities and other critical infrastructure providers. Speakers
|
Full AbstractIt is very common to make mistake during configuration of BGP, specially while entering ASN for prepend. Just to find out how bad the problem is I looked up the data from MANRS Observatory [source: bgpstream.com] for last 3 years to check any possible hijack event involving ASN from 1 to 10 and any ASN which doesn't look right e.g. AS1111111. These are mistakes but definitely considered as hijack. In this presentation I will review the data of these year and highlight major incidents. Allegedly, most of these apparent hijacks are caused by Mikrotik boxes running RouterOS, the way they use BGP prepend which causes confusion for network operators. Speakers
|
Full AbstractJoin us for a Virtual Social - a chance to socialize via an informal setting. Join us via a Zoom session! |
Wednesday, June 16, 2021
| Topic |
|---|
Full AbstractCommunity Meeting topics for NANOG 82 include: Speakers
|
Full AbstractSince its earliest inception in 1987, The North American Network Operators’ Group (NANOG) has been committed to the ongoing advancement of an open, secure, and robust internet, by providing a platform that inspires, educates, and empowers our community to meet the ever-changing demands of a global network, in service of building the Internet of tomorrow. NANOG has been a community not only for North America but internationally as well. Given a sense of community, sometimes we need to think locally instead of globally. This talk will address the Why, of starting a local NOG. You'll hear the journey and experiences of CHI-NOG. The benefits of creating a NOG. Ending in a call-to-action, a blueprint of How, to start a NOG. Speakers
|
RecordingsFull AbstractLearn about the most recent hack from Hackathon committee members and participants! They will review the NANOG 82 Hackathon theme, logistics on making a hackathon happen, and what it's like to work on a hack. |
Full AbstractPut your NANOG + network engineering knowledge to the test with a round of Kahoot trivia during the last 15 minutes of the break. Join the Zoom Session as early as 1:30pm EDT. Make sure you open the Kahoot! app or a separate web browser to Kahoot.it to play along! Sponsors: |
Full AbstractBoF Topics for NANOG 82 are: Join us via Zoom! |
|
|
Full AbstractNetwork disaggregation promises great things for carrier networks - more choice, more innovation and lower costs. In this session we hear how Europe’s largest telco has disaggregated its broadband network and turned on IP/MPLS software routing in its IP core. We will discuss what we are trying to achieve, comparisons with traditional router architectures, hardware choices and trade-offs, auto-discovery of fabrics, anycast routing to the backbone, a cloud-native approach to NOS software, how to architect a highly scalable disaggregated BNG, a new set of operational tools and lessons learned. Speakers
|
RecordingsFilesFull AbstractListening to so-called "thought leaders" one might believe that the move to public infrastructure cloud solves all the problems of this world. All of a sudden, the developers are empowered to deploy any application they wish, the networking and security engineers are obsolete, and everything works like a charm. There's a bit of a gap between this rosy picture and the reality. Tenant networking in public clouds is different from what we're used to in the IP/Ethernet world, and it can get ridiculously complex once you start adding network services, inter-tenant connectivity, and direct connectivity to on-premises locations. Not only that, many of the concepts you master while working with one of the big public cloud providers does not apply to any other public cloud provider -- they are all unique. The presentation will focus on three main topics described above: * How is public cloud networking different (and why) We'll wrap up with a few recommendations one could follow when trying to survive this new onslaught of networking madness. Speakers
|
FilesSpeakers
|
Diamond Sponsor:
Platinum Sponsor:
Gold Sponsor:
