
Join us in Hollywood, CA for NANOG 86
Register now for our community-wide gathering, 17-19 Oct 2022.

NANOG 2022 Election Cycle is here!
Your voice. Your vote.
- Events
- NANOG 86

Hollywood, CA | NANOG 86
Our 86th community-wide gathering was 17-19 Oct 2022.

NANOG 86 Keynote Speaker - Harlan Stenn
Tech Pioneer Talks about "The NTP Project" + the Importance of Timekeeping in Tech.
Network Time Protocol (NTP) Project Manager + President of the Network Time Foundation, Harlan Stenn to the NANOG 86 Keynote stage!
Watch Now.
Keynote Talk Title: Me, NTP, The NTP Project, and Network Time Foundation - How We Got Here: Welcome to my Hallucination.
About Stenn: Harlan Stenn is a nearly 50-year veteran of the IT industry. Harlan began programming computers in high school in 1971. He holds a bachelors degree in Business Administration (Accounting) from The Colorado College in Colorado Springs, and an MSE in Computer Science from Washington University in St. Louis.
A well-versed entrepreneur, Harlan has launched several successful businesses and has been a respected, sought-after I/T consultant and contractor for decades who is well known for writing astonishingly portable C code since the early 1980s. To put it another way, if NTP is Dave Mills' edifice, Harlan is its janitor.
In mid-2011 he started Network Time Foundation (NTF), with the mission to provide direct services and support to improve the state of accurate computer network timekeeping. NTF now works with several time-related projects, including NTP, Ntimed, Linux PTP, RADclock, and the General Timestamp API and Library. The GTSAPI is a way to make sure that a timestamp contains enough information to be useful outside of the system on which it was “taken". Several new projects are in the works, including Khronos, and several SyncE packages.
Preface: History of the Network Time Foundation - From the earliest days of human history, people have had a close relationship with time...
Computers aren't intelligent; they keep poor time. So how do global networks track when a transaction happened and the nanoseconds that make up a timestamp count? Learn More
Dates | Member | Non Member | Student | Virtual | |
---|---|---|---|---|---|
Early | 11 JUL 2022 | $675 | $700 | $100 | $100 |
Standard | 08 AUG 2022 | $775 | $800 | $100 | $100 |
Late | 10 OCT 2022 | $875 | $900 | $100 | $100 |
Onsite | 16 OCT 2022 | $1,075 | $1,100 | $100 | $100 |
NANOG hopes everyone who registers for the meeting will be able to attend; however, we know extenuating circumstances do occur.
The NANOG cancellation and refund policies are as follows:
Any registration canceled between 11 Jul to 01 Oct, 2022 is refundable but will incur a $50.00 fee
Registrations canceled on 02 Oct to 15 Oct, 2022 is refundable but will incur a $100.00 fee
Registrations canceled on or after 16 Oct, 2022 will not receive a refund
NANOG Social Event Guest Pass: $50 per guest (purchase separately when you register, limit 2)

The Engineer Approved List of Sightseeing in Hollywood
We have put together a list sure to stimulate the imagination of any tech pro while visiting the city.

Hotel Information:
Headquarter Hotel
Hotel Guest Room Block
Loews Hollywood Hotel
1755 North Highland Ave.
Hollywood, CA 90028

NANOG 86 Health + Safety
The health and safety of meeting attendees are very important to us. We believe the most effective way to ensure the safety of all attendees is to be fully vaccinated against COVID-19 . Please note that proof of vaccination will not be required to attend NANOG 86. Be aware that while NANOG will make every effort to reduce the risk of COVID-19 transmission on site, it is possible that you may come into contact with people that carry the virus through your travels.
Be Aware. Any company offering to sell you the NANOG 86 Attendee list is fraudulent.
Coming soon to the NANOG 86 Stage
Full AbstractNANOG Jeopardy is back with better software, better buzzer, and fun new topics! |
Full AbstractThe 50th anniversary of Ethernet technology is this year! "The History and Future of the Ethernet" This talk will be a retrospective for Ethernet as a technology as the birth of Ethernet was back in May 22, 1973, when Bob Metcalfe wrote a memo to the PARC management explaining how Ethernet would work. Ethernet has come a long way since then and May 22 2023 Ethernet will celebrate 50th birthday. The talk will look at what Ethernet was back in 1973, what it is today and where the technology is heading. |
Full AbstractWe need to build optical networks in multiples of 400G lanes – 400G/800G/1200G and so on – to transport data center traffic that is growing in multiples of 400GbE. The presentation shows how the industry is leveraging progress in DSP technology to create two complementary types of 0dBm transceiver solutions to meet different needs: 1) proprietary capacity-reach optimized transceivers that maximize channel capacity for any distance, including regional coverage 800G and short haul 1200G in 2023, and 2) standard cost-power optimized transceivers that provide strong enough performance for most metro applications, including 400G in 2023 and 800G in 2024. The presentation also shows how these solutions can operate together on the same fiber using a rational 75GHz/150GHz channel plan. |
Full AbstractAre you struggling with load balancing in your on-premises Kubernetes cluster? Do you wish to have the same level of automation and experience as the Public Cloud? Look no further! In this presentation, we will guide you through defining your own on-premises Kubernetes LoadBalancer service using BGP through the Datacenter Fabric and bringing true load balancing across the leaf switches with ECMP. |
Full AbstractThere are two major well known BGP collection projects out there, RIPE RIS and the University of Oregon Route Views. But did you know there is a 3rd one that bgp.tools operates? In this talk I will show bgp.tools runs it's 1000+ session BGP collector, and how the rest of the site works, what it can do, and what bgp.tools is doing to come closer physically to networks for route collection where possible! |
Full AbstractBGP and it's implementations are very sensitive places to find bugs, During validation testing for one the products I was working on I ended up discovering a bug in a vendors BGP implementation, that inspired me to explore the entire bug class on all of the other vendors. What I found was a large range of problems that ultimately could be used to partition large sections of the internet. Join me in finding out what these bugs are, why they are so deadly, and how I found them! |
Full AbstractThe Border Gateway Protocol is vulnerable to IP prefix hijacks, enabling a range of attacks. The Resource Public Key Infrastructure (RPKI) was introduced to tackle the security problems of BGP with attestations on the valid ownership of IP resources by Autonomous Systems (ASes). |
Full AbstractThe Border Gateway Protocol (BGP) serves as the backbone of the internet, yet it's not without its security concerns. This talk introduces the Resource Public Key Infrastructure (RPKI), a solution addressing these vulnerabilities. We'll delve into RPKI's basics, its workings, and its adoption rates within the RIPE NCC area. By also spotlighting statistics from North America, we'll offer a broader view of RPKI's significance in bolstering global routing security. Join us to understand how RPKI is reshaping internet safety. |
Full AbstractThis presentation will be an update of what's been going on at Network Time Foundation in general, and a status update for its NTP, LinuxPTP, libptpmgmt, Khronos, and SyncE Projects. |
Full AbstractEngineering Teams have always struggled to create meaningful hardware-based infrastructure lab environments for such tasks as mocking up networks and simulating design changes, practicing major migrations before touching production networks, or training new users with hands-on experiences that emulate their own networks. These hardware-based labs are expensive to build up and difficult to maintain. In addition, with a push for learning Network Automation and new Cloud-Based Management Solutions, a dev-ops environment to experiment with these tools against infrastructure is a must. While simulated network tools have been around for quite some time, I'd like to share some my recent experience and success in utilizing an easy to implement and low-cost tool to provide a simulated sandbox environment for some of the above initiatives. Some of the referenced initiatives have been geared toward internal engineering teams, while others have been customer facing for training and Proof-of-Concept initiatives. Michael Carey, a Senior Solutions Architect, will present on some of what has been learned along the way utilizing this tool, EVE-NG, to show how to easily get this tool up and running in various environments, provide some ideas for where to start with the vendor emulation environments, and discuss some of the benefits this environment can provide to your engineering staff and/or customers. |
Full AbstractRouting security is a foundational aspect of maintaining a stable and secure Internet infrastructure. Within this context, the IRR data plays a critical role in managing routing information. However, the presence of stale and incorrect data in unauthenticated IRR databases introduces significant challenges to routing security. Stale data in IRR db refers to routing information that is outdated or no longer valid. It can arise due to delays in updating or purging obsolete route announcements. The consequence of stale data can be lead to mis origination accepted as valid, causing traffic to take inefficient or insecure paths, which could have serious implications for network performance and security. We are going to explore some data related to ARIN allocations in RADb, one of the major IRR db service available, addressing concerns such as inaccurate/stale data is a complex endeavour. Solutions include the adoption of Resource Public Key Infrastructure (RPKI) but we don't have enough uptake to completely replace IRR. We are not suggesting a single step to resolve everything, lets look at the data and find out how it can be resolved collectively. |
Full AbstractFor the past 20 years, Internet telescopes have been a de facto standard for large-scale measurement of adversarial behavior on the Internet. However, as service deployment continues to concentrate on public clouds, and as adversaries become more sophisticated, conventional darknet telescopes can miss traffic phenomena, reducing situational awareness and putting services at risk. In response to the changing Internet landscape, we build DScope, a cloud-native Internet telescope. DScope works by leveraging cloud provider IP address pools, meaning it is located in-situ with the valuable targets for adversaries. DScope’s IP address footprint changes constantly, preventing attackers from identifying and avoiding the telescope. Finally, DScope IP addresses are backed by compute that allows for interactivity. DScope uses Linux Netfilter to NAT traffic to a transport-layer honeypot across all TCP ports. Fundamentally, DScope aims to achieve quality (representativity of traffic) over quantity (total number of telescope IPs). In so doing, we challenge two long-held assumptions in the Internet measurement community: (1) that scanning is random, and so large darknet telescopes have good coverage, and (2) that IPs must be held for long durations to achieve high coverage of phenomena. To evaluate these assumptions, we compared DScope against Merit’s ORION darknet telescope, finding a broad class of cloud-targeted (non-random) traffic that is invisible to these conventional techniques. We also found surprising evidence that optimal measurement actually holds IP addresses for a relatively short time (8 minutes on AWS), as opposed to holding IPs for a long duration. We are making DScope’s data available to researchers and practitioners to improve situational awareness about emergent threats, as well as to enable improvements to the security of deployed services. We are also soliciting collaboration with network operators and security practitioners towards expanding DScope’s vantage point. |
Full AbstractARIN is a nonprofit, member-based organization that administers IP addresses and ASNs in support of the operation and growth of the Internet. Hear from ARIN's Chief Customer Officer on where the organization sits with IPv6 growth, IPv4 Waitlist and Transfer stats, along with other notable organizational updates. |
Full AbstractIn this talk, we describe procedures that make use of Autonomous System Provider Authorization (ASPA) objects in the Resource Public Key Infrastructure (RPKI) to verify the Border Gateway Protocol (BGP) AS_PATH attribute of advertised routes. This type of AS_PATH verification provides detection and mitigation of route leaks and improbable AS paths. It also to some degree provides protection against prefix hijacks with forged-origin or forged-path-segment. |
Full AbstractThe attacks on critical infrastructure like a service provider network have been increasing more than ever along with their level of sophistication. Attackers are not just targeting the product, but the infrastructure and tools used to build the end products are also being attacked. With the dynamic ever-changing threat landscape in service provider networks, it's important to look at security from ground-up. No amount of software security features will come to our rescue if the hardware itself has been compromised. Attendees of the session will benefit from understanding the various threats to a network device and how each of them can be addressed at every layer. In addition to ensuring the integrity of the network device, the session also focusses on the operational security aspects to ensure the security posture of the entire network is stronger. Lastly, the session also introduces the impact of Quantum Computing on network security and the possible solutions to handle this threat. |
Full AbstractRouting matters to the DNS, especially the security of routing. DNSSEC permits a receiver to validate responses, but this can't happen if the query is not delivered to an appropriate server. This study is a measure of RPKI deployment by DNS operators, analyzed according to the DNS division of labor. Deployment in the top of the global public Internet's names, the root zones, the top-level domains, and the RIR reverse map zones is measured, as well as deployment by names registered within selected top-level domains. Surprisingly, there are starkly different deployment rates of this routing security mechanism within the different DNS environments. |
Full AbstractAllocation of the global IP address space is under the purview of IANA, who distributes management responsibility among five distinct Regional Internet Registries (RIRs). Each RIR is empowered to bridge technical (e.g., address uniqueness and aggregatability) and policy (e.g., contact information and IP scarcity) requirements unique to their region. Despite the critical policy and technical importance of IP address allocation, little systematic effort has analyzed fine-grained geographic registration information, much less its accuracy. In this work, we examine all IPv4 address information across all five RIRs to characterize where addresses are physically registered and the extent to which these registrations cross RIR region boundaries. We then perform an active measurement IP geolocation study to validate registration geo-information accuracy -- in essence an ``audit'' of the registries. While we find the registration locations to largely be consistent with our geolocation inferences, we show that some RIRs have a non-trivial fraction of prefixes that are used both outside of the RIR's region and outside of the registered country's region. Such discrepancies may warrant further investigation. |
Full AbstractThis tutorial explores the fundamentals of optical networking technologies, terminology, history, and future technologies currently under development. Example topics include: * How fiber works (the basics, fiber types and limitations, etc) |
Full AbstractWi-Fi is one of the most popular Internet access methods. Monitoring Wi-Fi networks to ensure their normal operation is essential. WiFiMon ([1], [2]) is a GÉANT service offering open-source tools for efficient Wi-Fi network performance monitoring. The purpose of WiFiMon is to assist administrators in identifying underperforming segments within their networks and optionally enhance performance, for example, by installing more Access Points (APs). WiFiMon combines various data sources, including WiFiMon Software Probes (WSPs) and WiFiMon Hardware Probes (WHPs). WSPs deliver crowdsourced measurements by reporting performance as experienced by end users roaming the Wi-Fi network, whereas WHPs trigger equivalent measurements from fixed network positions. WHPs complement WSPs by facilitating baseline performance comparisons, hence WHPs are integral to WiFiMon’s operation. WHP measurements mainly rely on Raspberry Pi devices, although any Unix-based device may be used. Optionally, in IEEE 802.1X networks WiFiMon may leverage on RADIUS and DHCP logs to enrich monitoring options, e.g. by reporting throughput per network Access Point. In this presentation (attached), we provide an overview of WiFiMon and its architectural components, outline its fully automated installation procedure and report recent efforts on facilitating the distributed configuration and control of our WHPs. [1] WiFiMon Homepage, https://wiki.geant.org/display/WIF/WiFiMon+Home |
Full AbstractInternet routing is a key building block of the Internet’s infrastructure that remains vulnerable to attacks. Resource Public Key Infrastructure (RPKI) has emerged as the leading strategy for securing BGP routing, though uptake has been uneven across the world. |
Full AbstractAutomattic (AS2635) operates an Anycast CDN utilizing common internet transit links for datacenter interconnection (DCI) duties. Availability is handled by having a large variety of DFZ connections at each datacenter. A huge issue with this strategy is the propensity for the internet to fail in ways that are not immediately obvious due to the heavy utilization of multi-pathing (ECMP, LACP, etc) technologies that can hide congestion and errors in the aggregation of many links by network service providers. To find and visualize these issues, Automattic has designed and deployed internet monitoring software that successfully enumerates ECMP links on the open internet and allows us to find and quantify single-link failures deep within NSP networks. We have been using this software for some time to work with NSP's to aid them in more rapidly remediating their networks. This presentation will present the basics of Anycast CDN operations, give a refresher on router flow-hashing and ECMP path selection and then delve into several case studies showing how Automattic's PINGO system is able to visualize ECMP failures deep inside the internet. We'll present several failures and show how we're able to track these issues down before the NSP's themselves. |
Full AbstractThe delivery of high quality streaming video via the Internet presents serious challenges for Content Providers, Content Delivery Networks and Internet Service Providers. This presentation will cover industry trends in streaming media, how Verizon has traditionally received streaming traffic, the efforts within industry organizations to improve the streaming video experience through Open Caching and the results seen at Verizon from deploying Open Caching at a nationwide scale. Measurements will be presented for buffering, video start failures and other key metrics from a production streaming video service. |

Apply for the Peering Coordination Forum
The Peering Coordination Forum is a 90-minute session to be held on 17 OCT during the NANOG 86 conference. The forum provides time for attendees to meet and network with others in the peering community present at NANOG. NANOG 86 Peering Coordination Forum applications will remain open until we have 20 applications or 10 OCT.