Registration is open!

Full Abstract

A 45-60min presentation on AWS Edge Networking - for the first time ever we will pop the hood on some of our own routers and switches and explain whats going on inside, and what value it brings to us and our peers.

Full Abstract

ARIN is a nonprofit, member-based organization that administers IP addresses and ASNs in support of the operation and growth of the Internet. Hear from ARIN's Chief Customer Officer on where the organization sits with IPv6 growth, IPv4 Waitlist and Transfer stats, along with other notable organizational updates.

Full Abstract

One wonders how long it takes for the effect of RPKI changes to appear in the data plane. Does an operator that adds, fixes, or removes a Route Origin Authoriza- tion (ROA) have time to brew coffee or rather enjoy a long meal before the Internet routing infrastructure integrates the new information and the operator can assess the changes and resume work? The chain of ROA publication, from creation at Certification Authorities all the way to the routers and the effect on the data plane involves a large number of players, is not instantaneous, and is often dominated by ad hoc ad- ministrative decisions.

Full Abstract

DNS is known to be one of the most widely abused protocols by
the threat actors to use in unconventional ways to hide under
normal traffic. Apart from threat actors DNS is being actively used
or rather misused by many other service providers, vendors etc. to
provide the intended services. An in depth research of the DNS logs
collected over a long period of time revealed some very interesting
legit use-cases of DNS protocol by the industry, apart from its
normal resolution service. We coined the term “Off label use of
DNS” to represent those use-cases. One of the main reasons DNS is
been used or rather misused for these off-label use-cases is the speed
of data transfer and less overhead in terms of bandwidth. These
off-label use cases of DNS leak very important information about
the clients and software they are running, and can be leveraged
in variety of ways by the network security defenders/analysts to
improve the detection on the network. This presentation will go
over some of those legit off-label use-cases and how they can be
leveraged by the analysts to detect malware trends in the network
and much more just by analyzing DNS logs.

Full Abstract

In this talk Jeremy will present MLB's approach to network automation and Infrastructure as Code. This system is used to design, deploy, and validate complex multi-vendor networks, in the presence of on-going design changes. The "prime directive" focuses on validating the expected operational state. Jeremy will discuss the architectural elements and the benefits of this methodology. He will also offer a comparative analysis of traditional configuration-management IaC approaches.

Full Abstract

Stand Up for Your Routes using the Resource Public Key Infrastructure (RPKI)

It’s never a good time for your routes to be hijacked. Whether by human error or deliberate action of a bad actor, the mis-configuration of an Internet connected device could result in a disruption of connectivity, even financial loss for your company. Would you like to limit your exposure to hijacks? Find out how easy it is to strengthen your routing security by using the opt-in RPKI services at ARIN.

Full Abstract

DDoS attacks are back in the headlines and disrupting businesses across the globe. Though these threats aren’t new, they are evolving and increasing in size, complexity, and frequency. During this session, we will start by setting the context of the most recent trends, discuss the pro-Russian hactivist group "Killnet" and their cyberattacks on western critical infrastructure, and introduce the new generation of modern VPS-based botnets that are capable of launching hyper-volumetric DDoS attacks exceeding 71 million rps (the largest in history) with a fraction of the bot fleet previously needed.

We will then review the lessons learned from a real-world example from a Fortune Global 500 company that operates critical infrastructure and was targeted by Ransom DDoS attacks.

Join Omer Yoachimik, Senior Product Manager for DDoS Protection at Cloudflare to learn about the threat landscape and how to prepare.

Full Abstract

Over three years ago, the Global Cyber Alliance (GCA) established a worldwide honeyfarm, with hundreds of sensors, to collect IoT attack traffic for analysis. GCA now has terabytes of data, with over a million hits a day on the honeyfarm sensors. If nothing else, it clearly communicates that the Internet is full of a lot of unwanted traffic, hammering unrelentingly on unsuspecting devices. GCA’s interest is in using this project to help protect (IoT) devices and networks from such bad actors. The open question is: how to reduce the amount and impact of such unwanted traffic, without building IP block lists or otherwise unwittingly carving up the Internet?

This presentation will review some of the data from the honeyfarm collection, giving a sense of what we have learned, and some of the surprises along the way (e.g., 5 IP addresses that spewed MIRAI at GCA’s sensors every single day for over 2 years). More importantly, it will raise a series of questions about what can be done to address the level of unwanted traffic on the Internet, in ways that are consistent with a continued free and open Internet.

Full Abstract

The networking industry has built sophisticated multilayer networks over the decades to deliver IP and optical services. These networks often operate in silos with its own network elements, tooling, operations, lifecycles and organizational structures. There are growing demands to simplify the network to reduce the cost and increase sustainability. Recent advances in coherent optics, routing silicon, and automation software have made convergence of IP and optical layers a reality. Because the adoption journey toward convergence often begins with a set of use cases, this session will dive deep into the convergence through the lens of a practical deployment use case. Specifically the use case will look into a detailed set of steps to achieve IP and optical convergence, such as migration of transponders into digital coherent optics. Attendees will walk away with a good understanding of what IP and optical convergence means and how to begin such a journey through practical considerations such as outlined in this session.

Full Abstract

The transition of network traffic from TCP to QUIC is happening extremely fast with measurements across the world showing QUIC has already reached nearly 50% of total traffic, doubling approximately every 18 months. The new protocol stack, comprising QUIC, encrypted over UDP, HTTP/3, DNS over HTTP (DoH) and eSNI/ECH, all over TLS (Transport Layer Security) 1.3, completely obfuscates the traffic between application nodes and simultaneously drives a phenomenal change in traffic flow behaviour with applications now fully in control of how they get delivered to end-users, disintermediating the network in the process. Large Internet & Cloud players and many emerging application players are rapidly adopting the new protocol stack and traditional TCP/IP derived technologies, combined with L4+ monitoring techniques, are proving largely insufficient in keeping up with this evolution. Application detection and visibility is significantly impaired by this stack and the key technological paradigms on which communications service providers have built their network capabilities are now being challenged and obsoleted by these new protocols. In this session, we will show how the new protocol stack is constructed, how it behaves in terms of both visibility and congestion management, the impact it has on infrastructure elements including the RAN (Radio Access Network) - and not only - and an analysis of how much traffic it occupies today in mobile and fixed networks. In addition, we will discuss the techniques Communication service providers can use to evolve their network architecture and services capabilities to keep pace with this evolving protocol stack, enabling better traffic visibility, Quality of Experience and more efficient use of precious 5G spectrum.