Registration is open!

Late registration ends June 10th

Register Now

View the NANOG 88 Agenda!

Learn More

Hotel Information

Learn More


Join us in Seattle, WA
for NANOG 88

Our 88th community-wide gathering is 12-14, June, 2023.


Registration is open!

NANOG registration fees are in USD and include the following:
Access to general and breakout sessions, Breakfast Daily, Lunch on the first two days of the event, Entry to all social/networking events.


KEYNOTE | From Data Links to Internets: A Quick Tour

Speaker: Len Bosack

From concept to equipment needs to various attempts to today, Bosack provides insight into the path of getting from the initial data links before the Internet to the commercial Internet the world has come to know.


NANOG 88 Hotel Information

Headquarter Hotel ​

Hyatt Regency Seattle

808 Howell Street
Seattle, Washington  98101


NANOG 88 Peering Forum

Applications will remain open until 20 applications are received or 5-Jun-2023, whichever is first.
The forum provides time for attendees to meet and network with others in the peering community present at NANOG.

Peering Representatives will receive a message from NANOG staff approximately one week before NANOG 88, confirming table assignment and slide deck information. 


Social Events

Our community is what makes NANOG special. Connect + network at these awesome daily social events during NANOG 88!


Can You "Dig" It?

Exploring the Fundamentals of DNS

This 1-Day Course will Explore the history of the Domain Number System (DNS), the original design, how it works, and its evolution. Presented by Eddy Winstead.


Coming to the NANOG 88 Stage in Seattle

The following presentations are just a few of the will take place while NANOG is in Seattle 12-14 June, 2023.

Full Abstract

A 45-60min presentation on AWS Edge Networking - for the first time ever we will pop the hood on some of our own routers and switches and explain whats going on inside, and what value it brings to us and our peers.

Full Abstract

ARIN is a nonprofit, member-based organization that administers IP addresses and ASNs in support of the operation and growth of the Internet. Hear from ARIN's Chief Customer Officer on where the organization sits with IPv6 growth, IPv4 Waitlist and Transfer stats, along with other notable organizational updates.

Full Abstract

One wonders how long it takes for the effect of RPKI changes to appear in the data plane. Does an operator that adds, fixes, or removes a Route Origin Authoriza- tion (ROA) have time to brew coffee or rather enjoy a long meal before the Internet routing infrastructure integrates the new information and the operator can assess the changes and resume work? The chain of ROA publication, from creation at Certification Authorities all the way to the routers and the effect on the data plane involves a large number of players, is not instantaneous, and is often dominated by ad hoc ad- ministrative decisions.

Randy Bush: Randy is a Research Fellow at Internet Initiative Japan, Japan's first commercial ISP. He is also a Member of Technical Staff at the routing platform vendor Arrcus. He specializes in network measurement especially routing, network security, routing protocols, and is guilty of some IPv6 deployment. He was a lead designer of the BGP security effort. Randy has been in computing for over 55 years, and has a few decades of Internet operations experience. He was a founder of Verio, which is now NTT/Verio. He was among the inaugural inductees into the Internet Society Internet Hall of Fame in 2012. He has served as a member of the IESG and in various other roles within the IETF. He was also a founder of the Network Startup Resource Center (NSRC), http://www.nsrc.org/, an NSF-supported pro bono effort to help develop and deploy networking technology in the developing economies. In amongst these activities he helped found a few NOGs is an active researcher, and is co-author of a number of papers; see see https://archive.psg.com/papers.html.
Full Abstract

DNS is known to be one of the most widely abused protocols by
the threat actors to use in unconventional ways to hide under
normal traffic. Apart from threat actors DNS is being actively used
or rather misused by many other service providers, vendors etc. to
provide the intended services. An in depth research of the DNS logs
collected over a long period of time revealed some very interesting
legit use-cases of DNS protocol by the industry, apart from its
normal resolution service. We coined the term “Off label use of
DNS” to represent those use-cases. One of the main reasons DNS is
been used or rather misused for these off-label use-cases is the speed
of data transfer and less overhead in terms of bandwidth. These
off-label use cases of DNS leak very important information about
the clients and software they are running, and can be leveraged
in variety of ways by the network security defenders/analysts to
improve the detection on the network. This presentation will go
over some of those legit off-label use-cases and how they can be
leveraged by the analysts to detect malware trends in the network
and much more just by analyzing DNS logs.

Fatema Bannat Wala: I am a Security Engineer at the Energy Sciences network (ESnet) of DoE, working full time at the Berkeley Lab. I have over 8 years of industry experience working in security and my primary area of expertise is network defense. Apart from being a security engineer, I am a part-time Ph.D. student focusing on security of DNS and it's variants. I am a big advocate of open-source software and also a member of Zeek LT, together with serving on SANS advisory board. I hold a CISSP together with few other GIAC certifications.
Full Abstract

In this talk Jeremy will present MLB's approach to network automation and Infrastructure as Code. This system is used to design, deploy, and validate complex multi-vendor networks, in the presence of on-going design changes. The "prime directive" focuses on validating the expected operational state. Jeremy will discuss the architectural elements and the benefits of this methodology. He will also offer a comparative analysis of traditional configuration-management IaC approaches.

Full Abstract

Stand Up for Your Routes using the Resource Public Key Infrastructure (RPKI)

It’s never a good time for your routes to be hijacked. Whether by human error or deliberate action of a bad actor, the mis-configuration of an Internet connected device could result in a disruption of connectivity, even financial loss for your company. Would you like to limit your exposure to hijacks? Find out how easy it is to strengthen your routing security by using the opt-in RPKI services at ARIN.

Brad Gorman: I am the Senior Product Owner for Routing Security at ARIN, setting priorities for RPKI and all other routing security development. As ARIN's external point of contact for routing security, I attend industry conferences and events speaking and interacting with the RPKI and greater internet community. I have 20+ years experience as a network engineer/architect at ISPs and MSOs. Additional work experience includes participation the global peering community and for major network hardware/software vendor.
Full Abstract

The transition of network traffic from TCP to QUIC is happening extremely fast with measurements across the world showing QUIC has already reached nearly 50% of total traffic, doubling approximately every 18 months. The new protocol stack, comprising QUIC, encrypted over UDP, HTTP/3, DNS over HTTP (DoH) and eSNI/ECH, all over TLS (Transport Layer Security) 1.3, completely obfuscates the traffic between application nodes and simultaneously drives a phenomenal change in traffic flow behaviour with applications now fully in control of how they get delivered to end-users, disintermediating the network in the process. Large Internet & Cloud players and many emerging application players are rapidly adopting the new protocol stack and traditional TCP/IP derived technologies, combined with L4+ monitoring techniques, are proving largely insufficient in keeping up with this evolution. Application detection and visibility is significantly impaired by this stack and the key technological paradigms on which communications service providers have built their network capabilities are now being challenged and obsoleted by these new protocols. In this session, we will show how the new protocol stack is constructed, how it behaves in terms of both visibility and congestion management, the impact it has on infrastructure elements including the RAN (Radio Access Network) - and not only - and an analysis of how much traffic it occupies today in mobile and fixed networks. In addition, we will discuss the techniques Communication service providers can use to evolve their network architecture and services capabilities to keep pace with this evolving protocol stack, enabling better traffic visibility, Quality of Experience and more efficient use of precious 5G spectrum.

Andreas Enotiadis: Andreas Enotiadis is the CTO for global mobility sales @Cisco. In his 25 years there he has built and supported a number of innovative solutions, especially in the service provider space, such as orchestration systems, early SD-WAN systems, SDN Controllers and others. His current interests and work center around encrypted flow analysis and management as well as virtual routing and forwarding, especially as applied to mobility but not only. Andreas holds a PhD in Fluid Mechanics & Combustion from Imperial College and lives in Athens, Greece with his family enjoying the unique combination of mountains and sea in the country.
Full Abstract

DDoS attacks are back in the headlines and disrupting businesses across the globe. Though these threats aren’t new, they are evolving and increasing in size, complexity, and frequency. During this session, we will start by setting the context of the most recent trends, discuss the pro-Russian hactivist group "Killnet" and their cyberattacks on western critical infrastructure, and introduce the new generation of modern VPS-based botnets that are capable of launching hyper-volumetric DDoS attacks exceeding 71 million rps (the largest in history) with a fraction of the bot fleet previously needed.

We will then review the lessons learned from a real-world example from a Fortune Global 500 company that operates critical infrastructure and was targeted by Ransom DDoS attacks.

Join Omer Yoachimik, Senior Product Manager for DDoS Protection at Cloudflare to learn about the threat landscape and how to prepare.

Omer Yoachimik: Omer Yoachimik has over 13 years of experience in Cyber Security from enterprise, start-up, and military backgrounds. He started his career in the Israeli Military Intelligence reaching Lieutenant rank and focusing on tactical cybertech for special forces. Omer is based out of London, where he has been leading Cloudflare’s industry-leading DDoS protection service for 4 years.
Full Abstract

Over three years ago, the Global Cyber Alliance (GCA) established a worldwide honeyfarm, with hundreds of sensors, to collect IoT attack traffic for analysis. GCA now has terabytes of data, with over a million hits a day on the honeyfarm sensors. If nothing else, it clearly communicates that the Internet is full of a lot of unwanted traffic, hammering unrelentingly on unsuspecting devices. GCA’s interest is in using this project to help protect (IoT) devices and networks from such bad actors. The open question is: how to reduce the amount and impact of such unwanted traffic, without building IP block lists or otherwise unwittingly carving up the Internet?

This presentation will review some of the data from the honeyfarm collection, giving a sense of what we have learned, and some of the surprises along the way (e.g., 5 IP addresses that spewed MIRAI at GCA’s sensors every single day for over 2 years). More importantly, it will raise a series of questions about what can be done to address the level of unwanted traffic on the Internet, in ways that are consistent with a continued free and open Internet.

Full Abstract

The networking industry has built sophisticated multilayer networks over the decades to deliver IP and optical services. These networks often operate in silos with its own network elements, tooling, operations, lifecycles and organizational structures. There are growing demands to simplify the network to reduce the cost and increase sustainability. Recent advances in coherent optics, routing silicon, and automation software have made convergence of IP and optical layers a reality. Because the adoption journey toward convergence often begins with a set of use cases, this session will dive deep into the convergence through the lens of a practical deployment use case. Specifically the use case will look into a detailed set of steps to achieve IP and optical convergence, such as migration of transponders into digital coherent optics. Attendees will walk away with a good understanding of what IP and optical convergence means and how to begin such a journey through practical considerations such as outlined in this session.

Randy Zhang: Randy Zhang, PhD and CCIE 5659 (Lifetime Emeritus), is a principal architect at Cisco Systems. Randy is a well-recognized IP and optical expert in the industry. He is an author of two books, BGP Design and Implementation (Cisco Press 2003; China Post and Telecom Press, 2012) and Optical Networking Systems IP Management Solutions (Cisco Press 2007), published extensively in peer-reviewed journals, industry magazines, and Cisco.com, and is a frequent speaker in industry conferences, including being recognized as Distinguished Speaker by CiscoLive. Randy is an inventor of 3 issued patents and is passionate about technology innovation. He is a recipient of the Cisco Services Excellence Innovation award and a semi-finalist of Cisco's Innovation Everywhere Challenge. Additional details are available from https://www.linkedin.com/in/randyzhang/

Connectivity Sponsor


Diamond Sponsor


Platinum Sponsors


Gold Sponsors