Agenda

NANOG 83 Conference Hosted by Kentik

Click on any talk title in the agenda to view the full abstract and speaker info.

Please note agenda is subject to change.

Sunday, October 31, 2021
Topic
Full Abstract

A hybrid format
One week before the hackathon (Friday, October 22nd) we will hold the hackathon welcome, introduction, infrastructure tutorial, idea-pitching, and team-forming session over Zoom; this session will be recorded.
Saturday, October 30th will be the start of the hackathon; this day is all virtual regardless of whether or not you are at the conference venue.
Sunday will be a true hybrid day with people continuing to work virtually as well as dedicated facilities (workspace, wifi, etc) for those at the conference venue.

The Hackathon starts with a brief welcome and introduction, tutorial, and team formation on Friday, October 22 at 4:00pm CDT.

Hacking begins at 1:00pm CDT, Saturday, October 30. The hacking ends at 5:00pm CDT, Sunday, October 31, when the team presentations will begin.

The Hackathon will conclude around 6:00pm CDT Sunday, October 31. A recap session will be recorded between 6:00pm - 7:00pm CDT, followed by an hour long reception.

We have dedicated Support/Help Hours on Saturday from 1:00pm - 4:00pm CDT virtually via Zoom and again on Sunday from 12:00pm - 5:00pm CDT in a hybrid format.

Join us virtually here:
https://nanog.zoom.us/j/87158458997?pwd=TWE0bmdBempaUXBaVHFST3JTZTR4dz09

Monday, November 1, 2021
Topic
Speakers
  • Speaker Vincent Celindro - Juniper Networks
Speakers
  • Speaker Tina Morris - Amazon Web Services
  • Avi Freedman - Kentik
  • Cat Gurinsky - Apple Inc.
Full Abstract

Hear from candidates Christopher Chin, Steven Feldman, Alex Latzko, Brad Raymo, and Dave Siegel as they answer questions asked by Mike Starr from the NANOG Election Committee.

Questions asked are:
1. Given the anticipated limits for many around travel for the next couple of years, how would you guide NANOG to retain and expand community engagement and professional development? What do you envision will be required to foster this sense of community?

2. What should the NANOG board do to ensure the next generation of network engineers see our community as positive, diverse, and inclusive?

3. Strategically, what do you think are the biggest opportunities or challenges for NANOG as an organization?

4. Funding is always an issue with every nonprofit. How can you help NANOG find more revenue sources?

5. What makes you stand out as a potential new member of the NANOG board of directors?

Speakers
  • Moderator Mike Starr - OPAQ
Speakers
  • Speaker Edward McNair - NANOG
  • Ognian Mitev
Full Abstract

Since there have been computer networks there have been network outages. Ask any network operator to conjure up a memorable network outage and it likely won't take them any effort at all. This session looks back at a few noteworthy networks outages from Internet history with individuals who were there to provide a truly unique perspective and look back. Want to hear from one of original AS 7007 operators? Want to know what it was like to coordinate a global response to the Slammer/Sapphire worm? Perhaps you've been reading about governments "shutting down" their Internet, but don't really know what that means or what the effect truly is? If you like a good war story, we have the panel for you. There will be plenty of time for Q&A and a chance for some of you to share your own 30-second war story with the NANOG community.

Featured Panelists: Avi Freedman, Jared Mauch, and Doug Madory. Moderator: John Kristoff.

John Kristoff: John is a network architect in the Information Services division and adjunct faculty in the College of Computing and Digital Media at DePaul University. He is also a PhD candidate in Computer Science at the University of Illinois Chicago studying under the tutelage of Chris Kanich. He also currently serves as a research fellow at ICANN, sits on the NANOG program committee, and operates DataPlane.org.
Speakers
  • Moderator John Kristoff - NETSCOUT
  • Panelist Avi Freedman - Kentik
  • Jared Mauch - Akamai
  • Doug Madory - Kentik
Sponsors:
Full Abstract

Address:
Lumber Exchange Event Center
10 S. 5th Street
Minneapolis, MN. 55402

Walking Directions from Hyatt Regency Minneapolis (approx 16 min walk):

Take Nicollet Mall Street for .6 miles northeast toward the Mall
Turn left onto S. 5th street
Turn right onto Hennepin Ave, destination will be on the right

Tuesday, November 2, 2021
Topic
Sponsors:
Full Abstract

This presentation discusses how control of the internet experience is moving more and more into the hands of browser and phone vendors. The advent of end-to-end encryption, also on control planes and metadata like DNS, means that no one else is able to influence the internet - except in extremely
heavy handed and binary fashion.

This moves a lot of agency to browser and phone vendors, who now can decide if and how they want to help governments and societies, or not. They could also enforce their own vision on what the internet & society should be. If governments don't agree, they have to resort to heavy measures to impose their will, as we've recently seen happening in Russia.

In this talk I show with examples how this is the new reality.

I also place these developments into a historical context -- shifting of control between governments and industry is nothing new. This context may help us ponder what developments are good and which aren't - because there are no easy answers.

(While Bert is a Dutch government/inteligence agency regulator, his presentation does not reflect government policy)

bert hubert: Bert is the founder of PowerDNS, software that powers a significant fraction of the Internet. He also did government cybersecurity work, and co-founded a software company in that field. These days Bert does DNA research and is part of the government board that regulates the Dutch intelligence and security agencies.
Speakers
  • Speaker bert hubert
Recordings
Files
Full Abstract

ARIN's President and CEO John Curran will provide a brief update about recent changes and developments at ARIN that should be of interest to the network operator community in the region.

Speakers
  • Speaker John Curran - ARIN
Full Abstract

The Internet Routing Registry (IRR) has been long been a component of a network operator’s routing security. Internet professionals welcomed a new tool in their quiver that enhanced the security posture of the networks they managed. Operators have the ability to share information about their networks and their customers in a simplified manner across the global ecosystem. But, the IRR is only as good as the objects that exist in the databases. As time has passed and the responsibility for maintaining these records has passed from team to team, the information has become stale, or even worse, fraudulent data has made it’s way into the data stream. Is the information in the IRR ecosystem trustworthy?

We need to understand where we are, discuss the next steps, learn the differences between authenticated and non-authenticated databases, and commit to cleaning up the data. Let’s work together to make the IRR the useful routing security tool it should be.

Brad Gorman: I am the Senior Product Owner for Routing Security at ARIN, setting priorities for RPKI and IRR development. I am also ARIN's external point of contact with RPKI community, and attending industry conferences and events. I have 20+ years experience as a network engineer at ISPs and MSOs. I have worked in the global peering community and for major network hardware/software vendor.
Speakers
  • Speaker Brad Gorman
Full Abstract

NANOG brings the network operator community together to share information and techniques which make the Internet better, and by extension, society as a whole. But our great community is not without its challenges. Some of the things that make NANOG great - the collective intelligence, global reach, lifelong friendships - can be exceedingly intimidating for many. Especially those trying to break into a male dominated industry.

This presentation highlights some of the pioneering women who have helped show women can contribute and succeed in the industry. I would like to show our gratitude for their work paving the way for other women. We will also run an experiment with the audience, through some up front survey work. We want to help carry on and expand the foundation that has been laid, so NANOG will be more accessible to everyone.

Speakers
  • Speaker Jezzibell Gilmore - PacketFabric
Full Abstract

If you are not able to attend in person, we have a networking session available via Zoom!

Join Zoom Meeting
https://nanog.zoom.us/j/88978845443?pwd=dGtpZ3hxTVh6UmVSZHk3YWxZUjNZUT09

Meeting ID: 889 7884 5443
Passcode: 383671
One tap mobile
+13126266799,,88978845443# US (Chicago)
+16468769923,,88978845443# US (New York)

Sponsors:
Recordings
Files
Full Abstract

Changing Internet landscapes should cause us to rethink our interconnection landscape as well. Instead of relying on the existing interconnectivity footprint, we need to match interconnectivity to our customers' demands. After internal study and canvassing the environment, Lumen will begin requiring deeper interconnects with its peering partners next year, which will ultimately help everyone connected to the internet achieve lower latency.

Guy Tal: Guy Tal has worked in Network Operations, Engineering, Architecture, Planning and Product Management for nearly 25 years at ISPs, NSPs, CSPs, DCs and software companies. His work experience gives Guy a complete and unique perspective of the internet landscape, which has allowed him to give dozens of presentations and moderate and sit on nearly as many panels at various conferences around the world on topics such as peering, network troubleshooting, DNS and various training modules. Guy currently works at Lumen Technologies as a senior director on the CDN team and is responsible for Lumen's global peering strategy.
Speakers
  • Speaker Guy Tal
Full Abstract

Automating firewalls is not the easiest task to automate, but once you have done it, the hardest work is now on the users. The users are now expected to have near expert level knowledge of how IP services work within your environment. This is where the Application Dictionary comes in.

The Application Dictionary intends to be the Source of Truth that fundamentally change the paradigm of automating firewalls rules. Allowing application owners to define their application and the requests to be made between applications instead of IP services. This allows application owners to ask simple requests like "provide my application access to Splunk".

This is not just vaporware, there is a live demonstration to show the reimagining of firewall rules from conception to deployment.

Speakers
  • Speaker Kenneth Celenza - Network to Code
Full Abstract

Hosts on the internet are continuously targeted and penetrated by so called scanners which try to automatically break into a system. Network operators apply different techniques to prevent an incident. Blocking traffic from (malicious) IPs has been proven to be successful. This requires a consistently updated and reliable list of the origins of scanning activity.
The consequence is an entire industry which has emerged to provide the best IP blocklist. A typical approach to identify scanners is an infrastructure of honeypots. Such a sensor infrastructure can consist of hundreds of honeypots shared all over the world. The rise of cloud platforms has established a convenient way to deploy honeypots globally.
Research has shown that some scanners target a specific IP address space. This raises the question if cloud-based global diversity is enough to identify the majority of scanners.
We set up a small sensor infrastructure with honeypots not only in cloud-based environments but also in residential areas and campus networks. The resulting data set provides valuable insights in scanning activity aiming at different kinds of networks.
A geographical and temporal analysis delivers indicators that different scanners target different protocols. Further, the results show that certain scanners target specific networks exclusively. Particularly scanners of residential areas are hard to discover with a cloud-only sensor infrastructure. Ultimately, we assess the completeness of the dataplane.org data feeds.

Max Resing: Currently, I am in my Computer Science Master's with a specialization in data science at the University of Twente in Enschede, the Netherlands. Before my master I graduated with cum laude in Computer Science & Engineering at the same university. My bachelor thesis was in the domain of internet measurements and was honored with a best paper award. Before my studies, I did an apprenticeship as a software developer for a medium sized company in Münster, Germany. During my Bachelor I worked as a part-time full-stack developer. My task was to implement a new cloud-operated monitoring software for gas stations and washing streets. After bringing this project into the pilot phase, I searched for a new challenge. Now I work as a DevOps engineer as part of a team which implements a continuous monitoring solution for the compliance of DNSSEC configurations for all DNS records within the European TLDs ".ch" and ".li". The project is implemented on behalf of SWITCH, the Swiss NREN.
Speakers
  • Speaker Max Resing
Full Abstract

The key to optimizing the performance of an anycast-based system (e.g., the root DNS or a CDN) is choosing the right set of sites to announce the anycast prefix. One challenge here is predicting catchments. A naïve approach is to advertise the prefix from all subsets of available sites and choose the best-performing subset, but this does not scale well. We demonstrate that by conducting pairwise experiments between sites peering with tier-1 networks, we can predict the catchments that would result if we announce to any subset of the sites. We prove that our method is effective in a simplified model of BGP, consistent with common BGP routing policies, and evaluate it in a real-world testbed. We then present AnyOpt, a system that predicts anycast catchments. Using AnyOpt, a network operator can find a subset of anycast sites that minimizes client latency without using the naïve approach. In an experiment using 15 sites, each peering with one of six transit providers, AnyOpt predicted site catchments of 15,300 clients with 94.7% accuracy and client RTTs with a mean error of 4.6%. AnyOpt identified a subset of 12 sites, announcing to which lowers the mean RTT to clients by 33ms compared to a greedy approach that enables the same number of sites with the lowest average unicast latency.

Xiao Zhang: Shane (Xiao) ZHANG, is a Ph.D. candidate in Computer Science of Duke University since August 2018. He is co-advised by Professor Bruce Maggs and Professor Xiaowei Yang. He also works with Akamai Technologies on anycast optimization. Mr. Zhang received an M.Eng. degree in computer science at Xi'an Jiaotong University in 2017 and a B.S. degree in computer science at Xi'an Jiaotong University in 2013. He visited The Chinese University of Hong Kong as an exchange student from Jan 2012 to Jun 2012. He received the 2016-2017 IBM Fellowship award at Jan 2016 and visited IBM Research - China as a research intern from July 2015 to July 2018.
Speakers
  • Speaker Xiao Zhang
Full Abstract

If you are not in Boundary Waters AB + Foyer in Minneapolis visiting with Charter Communications, IPv4.Global, and Smartoptics, then be sure to join in a game of Kahoot! with Infinera via Zoom and the Kahoot! App

Join the webinar at 3:45pm CDT here:
https://us06web.zoom.us/j/81540753322?pwd=Z2sxM3cwUHEzSUh5Qk9ZS3J4WTZ6QT09

Full Abstract

The Federal Emergency Management Agency’s (FEMA) Integrated Public Alert and Warning System (IPAWS) is a national system that is used for local alerting. IPAWS provides public safety officials an integrated gateway to send life-saving alert and warning messages to the public through TV and radio via the Emergency Alert System (EAS), mobile phones via Wireless Emergency Alerts (WEA), NOAA Weather Radio (NWR), and other public alerting systems, all from a single interface. Today, over sixteen hundred federal, state, local, territorial, and tribal Alerting Authorities use IPAWS to geographically target critical emergency messages to people in their jurisdictions.

Even though IPAWS currently has comprehensive dissemination channels, technology keeps evolving. Thus, IPAWS needs to continue evolving to prepare for the future. As people are moving their daily activities away from traditional TVs/Radios to Internet connected service/products, IPAWS must be able to deliver alerts to the latest internet connected devices and services. The IPAWS Office wants to expand our dissemination pathways with internet-based services and apps. We’re hoping more Internet connected technologies will deliver public emergency alert and warning messages to Internet end-users. Received alerts, save lives!

Speakers
  • Speaker May Wu
Full Abstract

Internet resources form the basic fabric of the digital society. They provide the fundamental platform for digital services and assets, e.g., for critical infrastructures, financial services, government. Whoever controls that fabric effectively controls the digital society.

In this work we demonstrate that the current practices of Internet resources management, of IP addresses, domains, certificates and virtual platforms are insecure. Over long periods of time adversaries can maintain control over Internet resources which they do not own and perform stealthy manipulations, leading to devastating attacks. We show that network adversaries can take over and manipulate at least 68% of the assigned IPv4 address space as well as 31% of the top Alexa domains. We demonstrate such attacks by hijacking the accounts associated with the digital resources.

For hijacking the accounts we launch off-path DNS cache poisoning attacks, to redirect the password recovery link to the adversarial hosts. We then demonstrate that the adversaries can manipulate the resources associated with these accounts. We find all the tested providers vulnerable to our attacks.

We recommend mitigations for blocking the attacks that we present in this work. Nevertheless, the countermeasures cannot solve the fundamental problem - the management of the Internet resources should be revised to ensure that applying transactions cannot be done so easily and stealthily as is currently possible.

Tianxiang Dai: Tianxiang Dai is a research associate in ATHENE Center and Fraunhofer SIT in Germany. His research interests are in network security including DNS security, IP security and firewall security.
Philipp Jeitner: Philipp Jeitner is a Security Researcher and PhD student at Fraunhofer SIT since 2019. His research is focused on attacks against network applications, mostly using DNS-based attack vectors. Currently, he's looking into finishing his PhD thesis in early 2022. LinkedIn: https://www.linkedin.com/in/philipp-jeitner/ Google Scholar: https://scholar.google.com/citations?user=cJ86ZpMAAAAJ
Speakers
  • Speaker Tianxiang Dai
  • Philipp Jeitner
  • Haya Shulman
  • Michael Waidner
Full Abstract

In this presentation we will explore how Quantum Key Distribution (QKD) works and how it can be leveraged in existing security mechanisms. Before diving into QKD we will first look at some of the quantum terminology and principles. We will also explore what a Quantum Network and/or Quantum Internet is.

Speakers
  • Speaker Melchior Aelmans - Juniper Networks
Full Abstract

Since the early days of the Internet (Arpanet in 1970), the topic of Routing Protocol Convergence Time has been a top-of-mind issue. A number of protocols and technologies have been developed and deployed at a large scale with the objective of improving overall network reliability. Although such approaches have dramatically evolved, they all rely on a reactive approach: upon detecting a network failure, the traffic is rerouted onto an alternative path. In contrast, a proactive approach would rely on a different paradigm consisting in rerouting traffic before the occurrence of a predicted failure onto an alternate path that meets application Service Level Agreement (SLA) requirements.

Years of research led to the development of the first Predictive Engine for the Internet. Millions of paths and thousands of SP networks have been analyzed in depth leading to deep modeling of path characteristics at all layers. Machine Learning and Statistical have been developed to perform predictions of potential SLA violations and thus proactively routing thanks to trusted automation. In this short talk, such analysis of the Internet characteristic along with the promising avenue of a predictive Internet will be presented.

Speakers
  • Speaker JP Vasseur
Wednesday, November 3, 2021
Topic
Full Abstract

World IPv6 Day was in 2011, World IPv6 Launch in 2012. We will briefly reflect on the status of IPv6 deployment across eyeball and content networks ~10 years later. We will take a look at statistics across a wide range of public and private (cited) sources. In 2021 the cost of IPv4 address acquisition is increasing, dramatically. We will take a close look at what has worked and what has not, across the board, focusing on what the next 10 years of IPv6 needs to look like to not just increase adoption, but to increase bonafide end to end usage.

John Jason Brzozowski: An industry veteran with over 25-years of industry experience leading large scale, transformational infrastructure, and platform initiatives. John’s areas of expertise span a wide range of disciplines including networking (service provider and home), cloud, software development, and embedded systems to name a few. His leadership and execution have had the most substantive impact across cable it’s diverse ecosystem encompassing voice, video, and Internet products and services. His numerous contributions and accomplishments have fueled innovation and scale for one of the largest residential broadband networks in the world. John seamlessly introduced support for IPv6 to over 100MM consumer facing devices, the majority of which were migrated to IPv6 only. This in turn produced what is perhaps today the world’s largest fixed line broadband IPv6 deployment. Most recently, John leveraged his expertise to incubate and develop an enterprise scale, global wireless IoT platform where he was responsible for product engineering and infrastructure.
Speakers
  • Speaker John Jason Brzozowski
Full Abstract

IPv6 Extension Headers (EHs) allow for the extension of the IPv6 protocol, and provide support for core functionality such as IPv6 fragmentation. However, common implementation limitations suggest that EHs present a challenge for IPv6 packet routing equipment and middle-boxes, and evidence exists that IPv6 packets with EHs are intentionally dropped in the public Internet in some network deployments. This presentation summarizes the operational implications of IPv6 extension headers, and attempts to analyze reasons why packets with IPv6 extension headers are often dropped in the public Internet.

Fernando Gont: Fernando Gont is Director of Information Security at EdgeUno (https://www.edgeuno.com). Gont specializes in the field of communications protocols security, and has worked for private and governmental organizations from around the world. His work experience inclues a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security, resulting in a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and the first thorough security assessment of the IPv6 protocol suite. Gont has participated in several working groups of the Internet Engineering Task Force (IETF) for the last 15 years, and has published over 35 IETF RFCs (Request For Comments) and more than a dozen IETF Internet-Drafts. Gont has also developed the SI6 Network’s IPv6 Toolkit – a portable and comprehensive security toolkit for the IPv6 protocol suite – and the SI6 Networks’ IoT Toolkit – a portable security toolkit for IoT evices. Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, FIRST Technical Colloquium 2005, ekoparty 2007, Kernel Conference Australia 2009, DEEPSEC 2009, HACKLU 2011, DEEPSEC 2011, Hackito Ergo Sum 2012, H2HC 2017, H2HC 2019, Troopers 2019 and Hack In Paris 2018. Additionally, he is a regular attendee of the Internet Engineering Task Force (IETF) meetings. More information about Fernando Gont is available at his personal web site: <https://www.gont.com.ar>.
Speakers
  • Speaker Fernando Gont
Full Abstract

In scenarios where network configuration information related to IPv6 prefixes becomes invalid without any explicit and reliable signaling of that condition (such as when a Customer Edge router crashes and reboots without knowledge of the previously employed prefixes), hosts on the local network may continue using stale prefixes for an unacceptably long time (on the order of several days), thus resulting in connectivity problems. This problem was recently documented by the IETF in RFC8978 (published in March 2021), but IETF work continued in order to devise solutions to the aforementioned problem

In this presentation, Fernando Gont (co-author of both RFC8978 and RFC9096) will present the upcoming RFC9096 on "Improving the Reaction of Customer Edge Routers to IPv6 Renumbering Events", with recommendations for Customer Edge Router, and configuration advice for administrators/operators of such devices.

Fernando Gont: Fernando Gont is Director of Information Security at EdgeUno (https://www.edgeuno.com). Gont specializes in the field of communications protocols security, and has worked for private and governmental organizations from around the world. His work experience inclues a number of projects for the UK National Infrastructure Security Co-ordination Centre (NISCC) and the UK Centre for the Protection of National Infrastructure (CPNI) in the field of communications protocols security, resulting in a series of documents with recommendations for network engineers and implementers of the TCP/IP protocol suite, and the first thorough security assessment of the IPv6 protocol suite. Gont has participated in several working groups of the Internet Engineering Task Force (IETF) for the last 15 years, and has published over 35 IETF RFCs (Request For Comments) and more than a dozen IETF Internet-Drafts. Gont has also developed the SI6 Network’s IPv6 Toolkit – a portable and comprehensive security toolkit for the IPv6 protocol suite – and the SI6 Networks’ IoT Toolkit – a portable security toolkit for IoT evices. Gont has been a speaker at a number of conferences and technical meetings about information security, operating systems, and Internet engineering, including: CanSecWest 2005, FIRST Technical Colloquium 2005, ekoparty 2007, Kernel Conference Australia 2009, DEEPSEC 2009, HACKLU 2011, DEEPSEC 2011, Hackito Ergo Sum 2012, H2HC 2017, H2HC 2019, Troopers 2019 and Hack In Paris 2018. Additionally, he is a regular attendee of the Internet Engineering Task Force (IETF) meetings. More information about Fernando Gont is available at his personal web site: <https://www.gont.com.ar>.
Speakers
  • Speaker Fernando Gont
Full Abstract

The traditional design principle for Internet protocols indicates: "Be strict when sending and tolerant when receiving" [RFC1958], and DNS is no exception to this. The transparency of DNS in handling the DNS records, also standardised specifically for DNS [RFC3597], is one of the key features that made it such a popular platform facilitating a constantly increasing number of new applications. An application simply creates a new DNS record and can instantly start distributing it over DNS without requiring any changes to the DNS servers and platforms. Our Internet wide study confirms that more than 1.3M (96% of tested) open DNS resolvers are standard compliant and treat DNS records transparently.

In this work, co-authors Philipp Jeitner and Haya Shulman show that this `transparency' introduces a severe vulnerability in the Internet: we demonstrate a new method to launch string injection attacks by encoding malicious payloads into DNS records. We show how to weaponise such DNS records to attack popular applications. For instance, we apply string injection to launch a new type of DNS cache poisoning attack, which we evaluated against a population of open resolvers and found 105K to be vulnerable. Such cache poisoning cannot be prevented with common setups of DNSSEC. Our attacks apply to internal as well as to public services, for instance, we reveal that all eduroam services are vulnerable to our injection attacks, allowing us to launch exploits ranging from unauthorised access to eduroam networks to resource starvation. Depending on the application, our attacks cause system crashes, data corruption and leakage, degradation of security, and can introduce remote code execution and arbitrary errors.

In our evaluation of the attacks in the Internet we find that all the standard compliant open DNS resolvers we tested allow our injection attacks against applications and users on their networks.

Philipp Jeitner: Philipp Jeitner is a Security Researcher and PhD student at Fraunhofer SIT since 2019. His research is focused on attacks against network applications, mostly using DNS-based attack vectors. Currently, he's looking into finishing his PhD thesis in early 2022. LinkedIn: https://www.linkedin.com/in/philipp-jeitner/ Google Scholar: https://scholar.google.com/citations?user=cJ86ZpMAAAAJ
Speakers
  • Speaker Philipp Jeitner
  • Haya Shulman
Speakers
  • Speaker Kendra Pignotti - DE-CIX
Full Abstract

With the growing number of containerized Network Operating Systems grows the demand to easily run them in the user-defined, versatile topologies.
Unfortunately, container orchestration tools like docker-compose are not a good fit for that purpose, as they do not allow a user to easily create links between the containers which comprise a topology.

Containerlab provides a Command Line Interface for orchestrating and managing container-based networking labs. It starts the containers, builds a virtual wiring between them to create topologies of user's choice and manages lab's lifecycle.

Having a strong focus on the containerized Network Operating Systems, containerlab also has support for running traditional VM-based networking products in the same container-like fashion. That makes it a universal tool for deploying network topologies, encompassing both legacy VM based systems and containerized products.

By being open source, lightweight, fast and having multivendor support, makes containerlab a perfect tool to deploy network topologies for lab exercises, network testing and CI.

Roman Dodin: Roman Dodin is a Product Line Manager at Nokia and a vivid member of various communities built around network automation. He is an active contributor to the open source projects in the field of network programmability and a maintainer of the containerlab project. At Nokia Roman is governing the evolution of Nokia SR Linux NetOps Development Kit and is busy building communities revolving around SR Linux programmable interfaces.
Karim Radhouani: Karim Radhouani is a Network Automation engineer at Nokia and an active contributor to multiple open source projects. At Nokia Karim builds network automation tools used both inside and outside of Nokia.
Speakers
  • Speaker Roman Dodin
  • Karim Radhouani
Full Abstract

This will an introductory session on Network Automation using Ansible. Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code. Ansible provides a simple way to manage network devices like routers, switches, firewalls etc.
This talk will focus on how Ansible can be used to manage configuration data for network devices using network_cli/netconf/httpapi/restonf connection plugins and access the operational state data and easy to understand YAML format. Further, it will discuss how to work with Ansible network collections and extend its capabilities by writing Ansible plugins.

Ganesh Nalawade: Works for RedHat as Principal Software Engineer for Ansible engineering team.
Speakers
  • Speaker Ganesh Nalawade
Speakers
  • Speaker Ognian Mitev

The NANOG 83 Network Lounge is located in Boundary Waters C and sponsored by Console Connect.

Platinum Sponsors

Image Description
Image Description

Gold Sponsor

Image Description