^ Top

NANOG Meeting Presentation Abstract

Tutorial: Implementing a Secure Network Infrastructure
Meeting: NANOG29
Date / Time: 2003-10-19 1:30pm - 3:00pm
Room: Salon F/G
Presenters: Speakers:

Merike Kaeo, None

Merike Kaeo is currently a consultant, focusing primarily on security-related products and network design solutions. She has been in the networking industry for more than 15 years, starting out at the National Institutes of Health in Bethesda, MD, from 1988 to 1993, designing and implementing the original FDDI backbone for the NIH campus using Cisco routers. From 1993 to 2000, Merike was employed by Cisco Systems, Inc., where she worked primarily on technical issues relating to router performance, network routing protocols, network design, and network security. She was a lead member of Cisco\'s security initiative, has acted as a technical advisor for security startup companies, and has been an instructor and speaker at a variety of security-related conferences. Merike is the author of Designing Network Security, published in May 1999 by Cisco Press, with a 2nd edition due out in October 2003.
Abstract: This tutorial provides detailed technical information about security technologies that should be considered when securing any networking infrastructure. Technologies to be covered include S/Key, 802.1x, RADIUS, TACACS+, SSH, SSL, L2TP, and IPsec. We will show specific architectures and configuration examples to effectively secure network infrastructures comprising routers, switches, and firewalls. Configuration examples will be vendor-independent and will include much of the most widely deployed equipment.

The three 90-minute sessions will cover:

  • Security technology details

  • Secure infrastructure architectures

  • Sample configuration scenarios.

Files: youtubeImplementing a Secure Network Infrastructure PART 1
youtubeImplementing a Secure Network Infrastructure PART 2
youtubeImplementing a Secure Network Infrastructure PART 3
pdfMerike Kaeo Presentation(PDF)
Sponsors: None.
Tutorial: Troubleshooting BGP
Meeting: NANOG29
Date / Time: 2003-10-19 1:30pm - 3:00pm
Room: Denver
Presenters: Speakers:

Philip Smith, Cisco Systems

Philip Smith joined Cisco Systems in January 1998. He is a member of the Service Provider Architectures Group of Consulting Engineering, within Corporate Development. His role includes working with many ISPs in the Asia-Pacific region and the rest of the world, specifically in network strategies, design, technology, and operations, as well as helping with network configuration and scaling. Other areas of interest also include Internet routing, Internet protocols, IPv6, and encouraging the growth of the Internet around the world. Prior to joining Cisco, he spent 5 years at PIPEX (now part of UUNET\'s global ISP business), the UK\'s first commercial Internet Service Provider. He was one of the first engineers working in the UK Internet, and played a fundamental role in building the modern Internet in the UK and Europe. Philip is co-author of Cisco ISP Essentials, ISBN 1-58705-041-2, published by Cisco Press. He holds a Doctor of Philosophy and has a First Class Honours Degree in Physics. He lives in Brisbane, Australia.
Abstract: This tutorial covers common problems ISPs have when deploying BGP within their networks. We look at issues with peer establishment, missing routes, inconsistent route selection, and convergence issues. We also examine real-world examples of common errors that are made when deploying BGP, both as iBGP and eBGP, in service provider networks.
Files: pdfPhilip Smith Presentation(PDF)
youtubeTroubleshooting BGP
Sponsors: None.
Tutorial: Deploying IP Anycast
Meeting: NANOG29
Date / Time: 2003-10-19 3:30pm - 5:00pm
Room: Denver
Presenters: Speakers:

Kevin Miller, Carnegie Mellon UniversityKevin Miller i

Kevin Miller is a Network Systems Developer at Carnegie Mellon University, where he is responsible for development and maintenance of campus network services. He holds a Bachelor of Science in Computer Science degree from Carnegie Mellon.
Abstract: IP Anycast is an older technology that has seen a bit of a resurgence in recent months, perhaps encouraged by its use in providing several of the root servers. In designating certain unicast addresses as \'anycast,\' operators configure these addresses on multiple machines, and configure routes to each host. When traffic is directed to an anycast address, routers select one path from potentially several valid paths to forward traffic (thus, no change from traditional unicast forwarding). One server receives each packet and responds to the requester.

In configuring multiple hosts to respond to the same address, stateless protocols such as DNS can be easily scaled. Servers can be located in closer proximity to clients, providing faster responses to queries. In the event of a single host failure, routes can quickly be withdrawn and servers in other locations handle the request traffic, all without any changes to client configurations.

Recursive DNS clients built into many of today\'s operating systems deal rather poorly with a failure of their primary recursive server. Of eight operating systems evaluated in a recent survey, seven kept no history of failed servers, trying each DNS query against the first server and waiting for a response before moving to secondary servers. Using anycast, service is maintained even in the face of a single or multiple host failure. This substantially reduces resolution delays due to server failure.

DNS will serve as an example of successful anycast use, but the strategies described are also applicable to other stateless protocols.
Files: pdfKevin Miller Presentation(PDF)
Sponsors: None.
Tutorial: MPLS Applications Overview
Meeting: NANOG29
Date / Time: 2003-10-19 7:30pm - 9:00pm
Room: Denver
Presenters: Speakers:
Ina Minei, Juniper.
Abstract: This tutorial provides an overview of some of the applications enabled by MPLS. The session is a high-level, vendor-independent tutorial targeted at network engineers and service providers who are not familiar with MPLS applications. It is a follow-up to Salt Lake City\'s Introduction to MPLS tutorial, which discussed basic MPLS building blocks and signaling protocols. Our goal is to provide the audience a high-level view of the applications where MPLS is used. Topics covered will include: traffic engineering, protection and restoration, MPLS VPNs, and pseudo-wires.
Files: pdfIna Minei Presentation(PDF)
youtubeMPLS Applications Overview
Sponsors: None.
VeriSign\'s Wildcard Record: Effects and Responses
Meeting: NANOG29
Date / Time: 2003-10-20 9:15am - 9:45am
Room: Salons A-E
Presenters: Speakers:
Mark Kosters, VeriSign.
Matt Larson, VeriSign.
Suzanne Woolf, ISC.
Abstract: This discussion highlights VeriSign\'s September 15 addition of a wildcard A record to the .com and .net zones, the user-visible (network- and sysadmin-visible) effects, and some of the responses, particularly the change ISC\'s BIND patches made possible within the DNS.
Files: pdfMark & Matt's Presentation(PDF)
pdfSuzanne Woolf Presentation(PDF)
youtubeVeriSign's Wildcard Record: Effects and Responses
Sponsors: None.
Update on Anomalous DNS Behavior
Meeting: NANOG29
Date / Time: 2003-10-20 9:45am - 10:30am
Room: Salons A-E
Presenters: Speakers:

Duane Wessels, Measurement Factory/CAIDA

Duane Wessels discovered Unix and the Internet as an undergraduate studying physics at Washington State University. After playing System Administrator for a few years, he moved to Boulder, Colorado, to attend graduate school. In late 1994, he joined the Harvest project, where he worked on searching, indexing and caching. From 1996 until 2000, he was co-principle investigator of the NLANR Information Resource Caching project (IRCache). During this time he and others developed and supported the Squid caching proxy. His second book, titled <I>Squid: The Definitive Guide</I>, is soon to be published by O\'Reilly and Associates. Currently, he is co-owner and president of The Measurement Factory, Inc., a company that specializes in evaluating the performance and compliance of HTTP-aware devices.
Abstract: Abuse of the DNS at the root-server level is well documented by studies of packet traces taken from root servers. For example:



We expect that similar abuse exists for top-level domain servers as well. However, in many cases the causes of such abuses are unknown. Studying packet traces from root servers presents only a part of the picture.

We use simulations based on DNS software implementations (BIND8, BIND9, windows*, djpdns) to enhance our
understanding of the client-side of DNS transactions. Our lab setup models the typical DNS architecture with root, TLD, SLD, and caching nameservers. We replay a large trace file with different caching software and different network environments. The results advance our understanding of nameserver selection algorithms and the level of DNS traffic injected into the Internet for a given client-side workload.
Files: pdfDuane Wessels Presentation(PDF)
youtubeUpdate on Anomalous DNS Behavior
Sponsors: None.
Panel: Watching Your Router Configurations and Detecting Those Exciting Little Changes
Meeting: NANOG29
Date / Time: 2003-10-20 11:00am - 11:45am
Room: Salons A-E
Presenters: Moderators:

Randy Bush, IIJ

Randy Bush works as Principal Scientist at Internet Initiative Japan. Previously he spent a bit over a year at AT&T doing research and working on network architecture. He got some operational experience from being on the founding team at Verio, a backbone provider, from which he graduated as VP of Networking after five years. Before that, he was the principal engineer of RAINet, an ISP in Oregon and Washington, which was Verio\'s first acquisition. Randy is currently a member of the IESG, serving as co-chair of the IETF Operations and Management Area, mainly covering the operations area. As PI for the Network Startup Resource Center, an NSF-supported pro bono effort, he has been involved for some years with the deployment and integration of appropriate networking technology in the developing world.

Henry Kilmer, Terrapin Communications

You can view Henry Kilmer\'s slides at: <A HREF=\"http://www.shrubbery.net/rancid/NANOG29/\">http://www.shrubbery.net/rancid/NANOG29/</A>
John Heasley, Verio.
Danny McPherson, Arbor Networks.
Abstract: Network catastrophes are as easy as paste-o\'s. Recovery should be as well, and is, if operators have adequate network documentation and monitoring.

Whether it be hardware cooked to a golden brown, undesired or malicious configuration help, naughty s/w upgrades, or automation gone biblical, a hardware and software configuration repository and audit trail are essential to timely recovery.

We will present tools that make this, plus more, possible.
Files: pdfDanny McPherson Panel Presentation(PDF)
youtubePanel: Watching Your Router Configurations and Detecting Those Exciting Little Changes
Sponsors: None.
Building a Web of Trust
Meeting: NANOG29
Date / Time: 2003-10-20 11:45am - 12:00pm
Room: Salons A-E
Presenters: Speakers:

Joe Abley, ISC

Joe Abley works for Internet Software Consortium, a not-for-profit company based in California that produces free reference implementations of Internet standard protocols.
Abstract: Despite the wide availability of both free and commercial software which allows data to be signed and encrypted using PGP, a convincing web of trust in the larger community of network operators has yet to form: it is frequently possible to find PGP keys for random people that you need to communicate with, but it is still unusual to find a key with a signature trail that allows it to be used with any real confidence.

This brief presentation describes how a web of trust between network operators can be useful, and outlines the mechanics of key signing both at the Monday night key signing party, and also in corridors around the meeting using the \"I sign keys\" indicator on attendee badges.
Files: youtubeBuilding a Web of Trust
pdfJoe Abley Presentation(PDF)
Sponsors: None.
Panel: Simple Router Security, What Every ISP Router Engineer Should Know and Practice
Meeting: NANOG29
Date / Time: 2003-10-20 2:00pm - 3:00pm
Room: Salons A-E
Presenters: Moderators:

Randy Bush, Randy Bush

Randy Bush works as Principal Scientist at Internet Initiative Japan. Previously he spent a bit over a year at AT&T doing research and working on network architecture. He got some operational experience from being on the founding team at Verio, a backbone provider, from which he graduated as VP of Networking after five years. Before that, he was the principal engineer of RAINet, an ISP in Oregon and Washington, which was Verio\'s first acquisition. Randy is currently a member of the IESG, serving as co-chair of the IETF Operations and Management Area, mainly covering the operations area. As PI for the Network Startup Resource Center, an NSF-supported pro bono effort, he has been involved for some years with the deployment and integration of appropriate networking technology in the developing world.

Rob Thomas, Cisco/Team Cymru

Rob Thomas is a researcher at Cisco Systems, as well as the lead researcher for Team Cymru. Rob studies a wide variety of network security issues, including malware analysis, DDoS, and trends. Rob is a Liaison Member of FIRST and an ISC Fellow. Prior to working for Cisco Rob worked as a network architect, an engineer, and is a recovering UNIX kernel developer.

Neal Ziring, NSA

Neal Ziring is a Defense Intelligence Senior Level computer scientist with the NSA. He joined NSA in 1989, and has spent his time there mostly in security evaluations. Since 1996, he has worked in network and protocol security, and is editor of NSA\'s Router Security Configuration Guide. Prior to joining NSA, Neal worked on software tools at AT&T Bell Labs. He has an MS in Computer Science and a BS in Electrical Engineering, both from Washington University in St. Louis.

George Jones, MITRE

George Jones is a Lead Information Systems Engineer for the MITRE corporation. Previous positions included work as a senior network security engineer for UUNET, where he was responsible for securing datacenter and routing infrastructure; Bank One, where he was a member of the Information Security team and helped establish the internal CERT TEAM; and Compuserve Network Services, where he was a network security engineer. George is the author of the Router Audit Tool (RAT) and Benchmark for Cisco IOS, a free tool and configuration guide published by the Center for Internet Security. He holds a B.S. in Computer and Information Science from The Ohio State University. George is currently editing an IETF draft, draft-jones-opsec-01.txt, on operational security requirements for IP network infrastructure devices.
Abstract: Who Really Owns Your Routers?, by Rob Thomas
The underground continues to abuse and trade compromised routers for a variety of reasons. In this presentation, the history of the ubiquitous compromise of routers will be detailed, along with the present-day picture of how routers are compromised, traded, and abused. The motivations behind this activity will be presented, thus giving the listener a frame of reference for this and many hacking activities.

Router Security - Approaches and Techniques You Can Use Today, by Neal Ziring
Today\'s routers have substantial features for protecting themselves and the networks they support. This talk will present a simple conceptual framework for router security, and describe several important security techniques and technologies you can use right now. The talk will be non-vendor-specific.

Knobs, Levers, Dials and Switches: Now and Then, by George Jones
Have you ever encountered a device that had well-known default passwords, did not do any logging, was open for use as a smurf amplifier, and had 25 open ports out of the box, including an HTTP management interface using in-the-clear password authentication ? Then this talk is for you.

We will present a very brief overview of a list of generic features that are needed to be able to deploy a device securely as part of an operational network. It is drawn from the IETF draft draft-jones-opsec-01.txt, \"Operational Security Requirements for IP Network Infrastructure.\" Areas covered will include Device Management, In-Band Management and OOB Management, User Interface, IP Stack, Rate Limiting, Basic Filtering Capabilities, Packet Filtering Criteria, Packet Filtering Counters, Event Logging, AAA, and Layer 2 issues. The \"Now\" portion covers \"Best Current Practices.\" The \"Then\" portion covers security features that are not current, but should be. Come prepared to share your own wish lists and war stories.
Files: pdfGeorge Jones Presentation(PDF)
pdfNeal Ziring Presentation(PDF)
youtubeSimple Router Security, What Every ISP Router Engineer
Sponsors: None.
AOL Backbone OSPF-ISIS Migration
Meeting: NANOG29
Date / Time: 2003-10-20 3:00pm - 3:30pm
Room: Salons A-E
Presenters: Speakers:
Vijay Gill, AOL Time Warner.
Jon Mitchell, AOL Time Warner.
Abstract: This talk describes the AOL backbone network conversion from a multi-area OSPF IGP to IS-IS. Topics covered include reasoning for the migration, implementation, verification, and deployment of IS-IS in a live network with no visible impact to the service.
Files: youtubeAOL Backbone OSPF-ISIS Migration
pdfVijay Gill Presentation(PDF)
Sponsors: None.
Research Forum: Passive Internet Health Monitoring With BGP
Meeting: NANOG29
Date / Time: 2003-10-20 4:00pm - 4:45pm
Room: Salons A-E
Presenters: Speakers:

Dennis McGrath, Dartmouth

Dennis McGrath is a senior research engineer at the Institute for Security Technology Studies (ISTS) and the Thayer School of Engineering at Dartmouth College. His research interests include interdomain routing measurement, Internet health data correlation, and real-time simulation of cyber attacks. He earned his B.S. and M.A. degrees from Rutgers University.
Abstract: BGP enables interdomain routing, but it can also serve as an indicator of Internet health. Just as blood pressure and pulse rate are indicators of biological distress, metrics derived from BGP observation can be used as Internet \"vital signs.\" Since BGP traffic is erratic and prone to localized bursts of activity, BGP from multiple sources (geographically and topologically dispersed) is required to make intelligent inferences. We have developed metrics for measuring routing stability, flapping, reachability, and backbone churn. The global instability index (GII), for instance, is a single indicator fused from multiple sources that strongly indicates global Internet distress while damping localized instability. We will present measurements made during the Slammer worm and during the instability in the wake of the July 2003 IOS patch frenzy.
Files: pdfDennis McGrath Presentation(PDF)
youtubeResearch Forum: Passive Internet Health Monitoring With BGP
Sponsors: None.
The Blaster Worm: The View From 10,000 Feet
Meeting: NANOG29
Date / Time: 2003-10-20 4:45pm - 5:00pm
Room: Salons A-E
Presenters: Speakers:

Jose Nazario, Arbor Networks

Jose Nazario earned a Ph.D. in Biochemistry from Case Western Reserve University in 2002, where he also applied these analysis techniques to the spread of Internet worms. Nazario is a security analyst and software engineer for Arbor Networks in Ann Arbor, MI. He has recently finished a book on worm history, detection techniques, and defense measures to be released in late 2003 through Artech House publishing.
Abstract: A globally unused /8 network was monitored using a packet capture and analysis system to measure the introduction and spread of the Blaster worm. This worm was able to quickly affect over 250,000 systems in the one week period following its August 11, 2003, introduction onto the Internet.

Our data shows the breadth of the affected systems as well as the rate of the worm\'s spread. Overall, the global Internet community was able to respond and contain the worm\'s spread. Despite this reaction, several thousand Blaster hosts remain on the Internet.
Files: pdfJose Nazario Presentation(PDF)
youtubeThe Blaster Worm: The View From 10,000 Feet
Sponsors: None.
ISP Security and NSP-SEC BOF IV
Meeting: NANOG29
Date / Time: 2003-10-20 7:30pm - 9:00pm
Room: Salon F
Presenters: Moderators:
Barry Raveendran Greene, Cisco Systems.
Merike Kaeo, None.
Abstract: Security incidents are a daily event for Internet Service Providers. Attacks on an ISP\'s customers, attacks from an ISP\'s customer, worms, BOTNETs, and attacks on the ISP\'s infrastructure are now one of many \"security\" NOC tickets through out the day. This increase in the volume and intensity of attacks has forced ISP\'s to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face sync up meeting for the NSP-SEC forum (see https://puck.nether.net/mailman/listinfo/nsp-security).

The general theme for this BOF is the \"Worms of August.\" We will select a set of ISP Security Engineers to present a 5-to-10-minute description of their networks, anti-worm security tools, policies, how they mitigated the worms, and what they are doing to prepare for the next worm.
Files: pdfBarry Raveendran Greene Presentation(PDF)
pdfSean's Presentation(PDF)
pdfTeam Cymru's Presentation(PDF)
Sponsors: None.
Fast IP Convergence
Meeting: NANOG29
Date / Time: 2003-10-21 9:00am - 9:30am
Room: Salons A-E
Presenters: Speakers:
Clarence Filsfils, Cisco Systems.
Abstract: This presentation reviews protocol and implementation optimizations, as well as design and deployment guidelines, which should be considered for sub-second ISIS convergence in an ISP backbone. We will share the details of our test methodology and results.
Files: pdfClarence Filsfils Presentatiojn(PDF)
youtubeFast IP Convergence
Sponsors: None.
A Systematic Approach to BGP Configuration Checking
Meeting: NANOG29
Date / Time: 2003-10-21 9:30am - 10:00am
Room: Salons A-E
Presenters: Speakers:

Nick Feamster, MIT

Nick Feamster is a graduate student in the Networks and Mobile Systems group at the MIT\'s Computer Science and Artificial Intelligence Laboratory (formerly LCS) under the supervision of Professor Hari Balakrishnan. He is interested in wide-area networking, network measurement, and security. His current research focuses on verification techniques for BGP and interdomain traffic engineering. He is an NSF Graduate Research Fellow and the recipient of the Best Student Paper awards at the USENIX Security Symposium in 2001 and 2002. Nick received his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively.
Hari Balakrishnan, MIT.
Abstract: Several recent studies have indicated that human configuration error is a leading cause of network downtime. Network operators need better verification techniques to ensure that routers are configured correctly. Distributed dependencies in wide-area routing cause small configuration mistakes or oversights to spur complex errors, which sometimes have devastating effects on global connectivity. These errors are often difficult to debug because they are sometimes only exposed by a specific message arrival pattern or failure scenario.

The state-of-the art for router configuration checking typically consists of logging changes to the configuration and rolling back to a previous version in the event that a problem should arise. This approach is inadequate because (1) it assumes that the previous configuration was correct in the first place and (2) it relies on the coincidence of configuration change and the appearance of an anomaly, rather than a systematic cause-and-effect analysis. In an effort to develop more systematic techniques for validating BGP configuration, we propose a systematic approach to configuration checking that is based on verifying conformance to the following set of high-level properties:

  • Validity: Are bogus paths being advertised?

  • Visibility: Is BGP advertising every path that it should be?

  • Safety: Will BGP converge to a unique, stable answer?

  • Determinism: Do the best routes that BGP selects depend on the order in which routing messages arrive?

  • Information-flow control: Is BGP leaking \"private\" information to other ASes?

For each property, we determine the aspects of configuration that affect these high-level properties, and define rules that can be checked against router configuration using static analysis techniques.

We present a tool that network operators can use to test BGP configuration for some common, elusive, and catastrophic errors. The tool checks configuration on an AS-wide level against a set of rules. These rules statically analyze the router configuration files and verify that specific constraints are satisfied. While the rules that the tool tests are by no means exhaustive, we have designed our tool in a way that allows for easy extensibility. We hope that the NANOG community will apply the tool to their own configuration files and suggest new rules and features that should be incorporated.

While static analysis can catch many configuration errors, simulation and emulation are typically necessary to determine the precise scenarios that could expose runtime errors. Based on these observations, we propose the design of a BGP verification tool that uses a combination of static and dynamic analysis, present examples where it could be applied in practice, and describe future research challenges.
Files: youtubeA Systematic Approach to BGP Configuration Checking
pdfNick Feamster Presentation(PDF)
Sponsors: None.
BGP: Good MEDs Gone Bad!
Meeting: NANOG29
Date / Time: 2003-10-21 10:00am - 10:30am
Room: Salons A-E
Presenters: Speakers:
Danny McPherson, Arbor Networks.
Abstract: This presentation provides an overview of the BGP MED attribute:

  • What are MEDs?

  • Potatoes (cold, hot, mashed)

  • Deriving MED values

  • Why MEDs break with aggregation

  • MEDs from different ASes

    • Different policies

    • Different IGPs

    • Implementation caveats

      • No MED v. MED 0

      • MEDs with confeds

      • To advertise or not to advertise (BGP spec adv. rules)

  • MEDs and persistent route oscillation (RFC 3345)

  • The effect of MEDs on BGP updates

    • IGP link flap = MED churn, domino effect

  • Effects of attributes on BGP update packing and convergence

Files: youtubeBGP: Good MEDs Gone Bad!
pdfDanny McPherson Presentation(PDF)
Sponsors: None.
GBIC Interface Standards Support in the Telecommunications Industry
Meeting: NANOG29
Date / Time: 2003-10-21 11:00am - 11:30am
Room: Salons A-E
Presenters: Speakers:

Dave Wodelet, Shaw Communications

Dave Wodelet is the Chief Network Architect for Shaw Communications. He is responsible for IP backbone architecture and deployment throughout Canada, the United States and Europe.
Abstract: There has been quite a disturbing development in the telecommunications industry during the past few months. More and more vendors seem to be abandoning the use of standard gigabit interface converters (GBICs). The GBIC interface standards were developed to allow mass production, greater quality control, and lower cost interfaces for a wide range of multi-vendor telecommunications equipment. The success of the existing GBIC deployment indicates this has worked very well to date. Basically, all of the mainstream network equipment vendors don\'t even make their own GBICs. They simply re-market a standard GBIC produced by one of the handful of GBIC manufacturers. Mixing and matching of these standardized GBICs between multi-vendor equipment is prevalent in the industry today.

However, the new smaller form factor SFP GBICs have introduced a new \"Vendor ID\" field on the EPROM. Some mainstream equipment vendors are now starting to use this field to ensure that only the GBICs they re-sell are used in their network equipment. If another GBIC is used, the GBIC port will be disabled even though the GBIC you insert is identical (from the same OEM and production run) as the GBIC that is being re-marketed by the equipment vendor. This has potentially huge cost and support issues for our industry. This is especially true if equipment vendors decide not to grandfather the unrestricted use of the older existing GBICs -- which at least one vendor is planning.

This talk presents a brief history and summarizes the current state of GBICs, and the GBIC standard, in the industry.
Files: pdfDave Wodelet Presentation(PDF)
youtubeGBIC Interface Standards Support in the Telecommunications Industry
Sponsors: None.
Route Views Update
Meeting: NANOG29
Date / Time: 2003-10-21 11:30am - 11:40am
Room: Salons A-E
Presenters: Speakers:
John Heasley, None.
Abstract: For presentation slides, see:

Files: youtubeRoute Views Update
Sponsors: None.
Overview of the Global IPv6 Routing Table
Meeting: NANOG29
Date / Time: 2003-10-21 1:30pm - 2:00pm
Room: Salons A-E
Presenters: Speakers:
Gert Doering, SpaceNet AG, Munich, author.

Cathy Wittbrodt, presenter

Cathy Wittbrodt is currently on the ARIN Advisory Council and acts as a consultant. She was previously at Packet Design, where she was responsible for operational aspects of Internet scaling projects. During her four years at @Home Network she was responsible for routing and IP addressing. Cathy began her career at Merit, where she worked on the NSFNET Backbone. Also while at Merit she built CICNet, a network that connected the Big 10 Universities. Following Merit, Cathy designed and implemented OSI/CLNP support for the Energy Sciences Network. Although OSI/CLNP was never widely deployed, the experience has given greater insight into addressing and scaling issues. Cathy also spent three years in the engineering group of the Bay Area Regional Research Network, BARRNet.
Abstract: This talk describes the dimensions of the global IPv6 routing table.
Files: pdfGert Doering Presentation(PDF)
youtubeOverview of the Global IPv6 Routing Table
Sponsors: None.
Scaling Network Management Tools
Meeting: NANOG29
Date / Time: 2003-10-21 2:30pm - 2:00pm
Room: Salons A-E
Presenters: Speakers:

Olav Kvittem, UNINETT

Olav Kvittem is Director of Experimental Networks at UNINETT, the Norwegian Research Network. He has been active in academic networking since 1987, and his main fields of interest are network management, traffic measurement, mobility, and QoS.
Abstract: UNINETT, a distributed academic research network in Norway, has created its own set of network management tools. We are focusing on automated statistics-gathering and presentation for proactive problem solution and customer information.

Our tools\' most unique features are listed below, with toolnames in parentheses:

  • Autozooming geographic network map and info system (possibly the first and only).

  • Animation on map of any measured parameter, such as link and CPU load, packet loss and delay, or network flow parameters (Nemo)

  • Automated, scaled, link statistics gathering (zino)

  • Network status monitoring tool with precise link failure statistics (zino)

  • Aggregation with Web-based trend graphs and sorted tables for all statistics

  • Round trip measurements for IPv4/IPv6 with statistical parameters (mping)

  • Netflow collection (flow-tools), aggregation and presentation

  • Passive monitoring data collection system (Scampi)

  • Campus network management system with automated topology discovery and statistics, shadow suppression alarms, load map, and mac-address tracing (Nav)

Files: pdfOlav Kvittem Presentation(PDF)
youtubeScaling Network Management Tools
Sponsors: None.
Student Desktop TV: Safe and Secure Video Over IP
Meeting: NANOG29
Date / Time: 2003-10-21 3:15pm - 3:35pm
Room: Salons A-E
Presenters: Speakers:

Tim Ward, Northwestern University

Tim Ward is Associate Director of Telecommunications and Network Services, part of Information Technology at Northwestern Universtiy. He manages staff that provide and maintain the operational integrity of the voice, video, data and radio frequency infrastructures and services at Northwestern. Tim has been working in information technology for 11 years, and for seven years in telecommunications and network engineering. A long-time advocate of IP multicast for video delivery, he has been a member of the Internet2 Multicast Working Group since its inception.
Abstract: Even without CATV wiring in their dorm rooms, Northwestern University students can watch 23 television channels on their computers in their dorm rooms. Northwestern University Information Technology and NU Student Affairs use technology developed by Video Furnace LLC to provide NUTV to students.

Several issues had to be addressed during the development of this service. The data network had to be configured to allow a fixed number of users to connect to the service. Content providers had to understand this distribution mechanism so that they could pay their licensing fees to the content owners. Attention had to be paid to the number of MPEG2 software decoders in use by the service so that those fees could be paid appropriately. A mechanism insuring legal clients were viewing the material had to be developed. And then there was the question of recording... A follow-on service with CSPAN and CSPAN2, in which the license to redistribute comes from the content owner itself, had its own unique challenges.

NUIT will demonstrate how NUTV works, how these copyright issues were dealt with, and the futures for this now one-year old service.
Files: youtubeStudent Desktop TV: Safe and Secure Video Over IP
pdfTim Ward Presentation(PDF)
Sponsors: None.
Stress Testing to Validate Router Readiness for Deployment
Meeting: NANOG29
Date / Time: 2003-10-21 3:35pm - 4:05pm
Room: Salons A-E
Presenters: Speakers:

Shankar Rao, Qwest

Shankar Rao is a member of the Technology Management group at Qwest, where he is engaged in design and development of the core IP network infrastructure as well as new product engineering. He served in an operational role at Sprint for three years prior to joining Qwest in 1998. Shankar has a MS degree in Computer Science from the George Mason University, and a BS degree from the University of Mysore, India.

Scott Poretsky, Quarry

Scott Poretsky is currently Software Quality Assurance Manager at Quarry Technologies. Prior to that, he spent six years at Avici Systems as Manager of Product Verification. Scott also held network engineering positions with General DataComm and Raytheon Company. He has been an active contributor for router benchmarking standardization with the IETF\'s Benchmarking Methodology Working Group, where he has authored numerous Internet-Drafts. Scott has three IEEE published papers and a patent for ATM networking. He earned an MSEE from the Worcester Polytechnic Institute and a BSEE from the University of Vermont.
Abstract: Router testing has focused on isolated performance of control plane protocols and data plane forwarding. This is not always adequate to validate a router for network deployment, as routers in an operational network are simultaneously configured with multiple protocols and security policies while forwarding traffic and being managed. To accurately benchmark a router for deployment it is necessary to test the router in operational conditions by simultaneously configuring network protocols and security policies, sourcing traffic, and managing the router.

Operational network conditions may be accelerated to benchmark the router under stress, enabling service providers to truly evaluate readiness for deployment. This presentation will discuss the benefits of router stress testing, stress testing model and framework, and current effort to standardize router stress testing in the IETF\'s Benchmarking Methodology Working Group.
Files: pdfShankar Rao Presentation(PDF)
youtubeStress Testing to Validate Router Readiness for Deployment
Sponsors: None.

Back to NANOG29 agenda.

NANOG29 Abstracts


^ Back to Top