^ Top

NANOG Meeting Presentation Abstract

Operators and the IETF - What Next?
Meeting: NANOG63
Date / Time: 2015-02-02 10:15am - 10:45am
This item is webcast
Room: Salon I
Presenters: Speakers:

Chris Grundemann

Chris Grundemann (JNCIE #449) is a passionate Internet Technologist and a strong believer in the Internet's power to aid in the betterment of humankind. In his current role as Director of Deployment and Operationalization (DO) at the Internet Society, Chris is focused on helping to get key Internet technologies, such as IPv6, DNSSEC, and TLS deployed around the globe. He has over a decade of experience as both a network engineer and architect designing, building, and operating large IP, Ethernet, and Wireless Ethernet networks. Chris has 3 patents, 8 patents pending and is the author of Day One: Exploring IPv6 and Day One: Advanced IPv6 Configuration, as well as several IETF Internet Drafts, a CircleID blog, a personal weblog, and various other industry papers and blogs. He is the founder and Chair Emeritus of the Colorado chapter of the Internet Society (CO ISOC) as well as the Chair of the NANOG Ad Hoc BCOP Committee (NANOG-BCOP). Chris has held previous positions with CableLabs, tw telecom, ARIN, NANOG, CEA, UPnP, DLNA, RMv6TF, and several others. Learn more: http://www.internetsociety.org/who-we-are/staff/mr-chris-grundemann
Abstract: In 2014, the Internet Society launched a project to address the perceived gap between Operators and the IETF. The objective of this project is ultimately to facilitate communications between the operator community and the IETF to help ensure that operational realities inform the development of key standards. The first phase of this project was a survey of the operator community that was conducted over the first half of 2014. This talk aims to synthesize the survey results, along with information we collected directly from operators during the survey window. The primary purpose of doing this is to start a conversation which we hope will lead to increases in the level of operational input and feedback to the IETF standards making process. We understand the problems, now let’s start finding solutions!

Feel free to read our Internet-Draft ahead of time: https://tools.ietf.org/html/draft-opsawg-operators-ietf
Files: pdfOperators and the IETF - What Next?(PDF)
youtubeOperators and the IETF - What Next?
Sponsors: None.
Common Carriage and the Open Internet
Meeting: NANOG63
Date / Time: 2015-02-02 10:45am - 11:30am
This item is webcast
Room: Salon I
Presenters: Speakers:

Christopher Yoo, U. of Pennsylvania Law School

Christopher S. Yoo is the John H. Chestnut Professor of Law, Communication, and Computer & Information Science and the Founding Director of the Center for Technology, Innovation and Competition at the University of Pennsylvania. His research focuses on the insights that the principles of network engineering and imperfect competition provide into the regulation of the Internet and intellectual property. He is also building an innovative integrated interdisciplinary program designed to produce a new generation of professionals with advanced training in both law and engineering. The author of four books and more than seventy articles and book chapters, Professor Yoo testifies frequently before Congress, the Federal Communications Commission, the Federal Trade Commission, and foreign regulatory authorities. Before entering the academy, Professor Yoo clerked for Justice Anthony M. Kennedy of the Supreme Court of the United States and Judge A. Raymond Randolph of the U.S. Court of Appeals for the D.C. Circuit. He also practiced law with Hogan & Hartson (now Hogan Lovells) under the supervision of now-Chief Justice John G. Roberts, Jr., and served as a professor at the Vanderbilt Law School, where he led the Technology and Entertainment Law Program. He is a graduate of Harvard College, the Anderson School at UCLA, and the Northwestern University School of Law.
Abstract: The hope is to discuss history and motivation of telecom regulation as well as some possible outcomes.
Files: pdfCommon Carriage and the Open Internet(PDF)
youtubeCommon Carriage and the Open Internet
Sponsors: None.
Stewardship and Accountability for Internet Identifiers
Meeting: NANOG63
Date / Time: 2015-02-02 11:30am - 12:00pm
This item is webcast
Room: Salon I
Presenters: Speakers:

John Curran

John Curran is the President and CEO of the American Registry for Internet Numbers (ARIN), responsible for leading the organization in its mission of managing the distribution of Internet number resources in its geographic region. He was also a founder of ARIN and served as its Chairman from inception through early 2009. John¹s experience in the Internet industry includes serving as CTO and COO for ServerVault, which provides highly secure, fully managed infrastructure solutions for sensitive federal government and commercial applications. Prior to this, he was CTO for XO Communications, and was integral in leading the organization¹s technical initiatives, network architecture, and design of leading-edge capabilities built into the company¹s nationwide network. Mr. Curran also served as CTO for BBN/GTE Internetworking, where he was responsible for the organization¹s strategic technology direction. He led BBN¹s technical evolution from one of the earliest Internet Service Providers through its growth and eventual acquisition by GTE. He has also been an active participant in the Internet Engineering Task Force (IETF), having both co-chaired the IETF Operations and Network Management Area and served as a member of the IPng (IPv6) Directorate.
Abstract: John Curran will provide an overview of the ongoing efforts to improve community accountability for the Internet names, numbers, and protocol parameters in preparation for transition of the stewardship for these IANA registries from the USG/NTIA to the global Internet community.
Files: pdfStewardship and Accountability for Internet Identifiers(PDF)
youtubeStewardship and Accountability for Internet Identifiers
Sponsors: None.
RING SQA: blazing fast partial outage detection (free!)
Meeting: NANOG63
Date / Time: 2015-02-02 1:00pm - 1:30pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Job Snijders, NTT Communications

Job is actively involved in the Internet community both in an operational capacity and as a founder of cooperation efforts such as the NLNOG RING. He has taught service providers in the Middle East how to deploy IPv6 and has a passion for Routing Security and Automation. Job holds a position at NTT Communications' IP Development Department.
Abstract: A new partial outage detector dubbed “RING SQA” is available to all RING participants. The purpose of the method is to detect outages as fast as possible that only affect a subset of all internet destinations. Users are encouraged to intergrate RING SQA Alerts with their NOC workflow to improve customer experience and reduce network downtime.
Files: pdfRING SQA: blazing fast partial outage detection (free!)(PDF)
youtubeRING SQA: blazing fast partial outage detection (free!)
Sponsors: None.
The Resolvers We Use
Meeting: NANOG63
Date / Time: 2015-02-02 1:30pm - 1:45pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Geoff Huston, APNIC

Geoff Huston is the Chief Scientist at APNIC, the regional Internet registry in the Asia Pacific. He has worked in the Internet forever, starting out in the academic and research networks, then serving time in a telco, and more recently doing researchy stuff. He is currently interested in the apparent contradictions of applying privacy and security to the DNS.
Abstract: We make many assumptions about the way the DNS works. One of the more critical assumptions is that the end user is located "near" to the DNS resolver they end up using. That way content data networks can provide different answers depending on who DNS resolver queries for the content, for example. But is this the case? This presentation shows the result of looking at the correlation between the end user's location and the DNS resolver's location. For every 1 in 3 users we see that they are sending their queries via a DNS resolver located in a different country. This presentation looks into this situation.
Files: pdfThe Resolvers We Use(PDF)
youtubeThe Resolvers We Use
Sponsors: None.
Recent BGP routing incidents - malicious or not
Meeting: NANOG63
Date / Time: 2015-02-02 1:45pm - 2:15pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Andree Toonk, BGPMon.net

Andree is the founder and lead developer of BGPMon.net, where he specializes in BGP routing and BGP security incidents such as routing hijacks and large scale outages. Andree is Manager of Network Engineering at OpenDNS where he is responsible for the OpenDNS global Network architecture, development, and implementation and operations of the OpenDNS infrastructure. Managing all aspects: transit, peering, anycast, automation, DDOS mitigation, facilities, routing, switching, firewalls, etc. Andree received his MS degree in System and Network Engineering from the University of Amsterdam. He has a a passion for network security and network automation.
Abstract: ®In this presentation we'll go over the details of some of the recently observed BGP incidents.
The presenter will highlight a few recent real world examples, provide data and background information.

Examples include:
* IP squatting by spammer
* The Bitcoin BGP Hijack
* Turkey Hijacking IP addresses for popular Global DNS providers
* BGP leaks (accidentally providing transit, not hijacks) causing outages for large CDN
* BGP MITM events

We'll also look at the questions if certain networks are more vulnerable than others & why.
All examples are supported by real world data and relevant background info.
Files: pdfRecent BGP routing incidents - malicious or not(PDF)
youtubeRecent BGP routing incidents - malicious or not
Sponsors: None.
Network Integration Panel
Meeting: NANOG63
Date / Time: 2015-02-02 2:45pm - 3:30pm
This item is webcast
Room: Salon I
Presenters: Moderators:

Joe Provo, Google

Joe Provo is a Packet Slinger in Google's Acquisition Network Operations team. He started in the networking world as a consultant in 1990, then was the founding engineer for UltraNet in 1994. UltraNet acquired other regional providers and was acquired itself by RCN in 1998; RCN then acquired six additional network and Joe was involved or in charge of merging them all. He moved to ITA Software in 2007, which was acquired by Google in 2011.
Panelists:

McGehee Games, CenturyLink

McGehee Games is in the CenturyLink Core Data Planning team, managing their backbone and peering connections. He started working in the networking field in 1997 as a member of the UUNET customer support department. He joined the Qwest TAC in 2000 and has been with the company since through several mergers and acquisitions.

Steve Powell, Level3

Steve Powell is a member of the Architecture and Engineering group at Level3. He has been involved in networking since 1991, working in Operations at MERIT supporting NSFNET and then by acquisition at ANS, AOL, and WCOM. He moved to Global Crossing in 2000.

Dave Siegel, Level 3 Communications

Dave Siegel has been involved in providing Internet Service since 1993 and is currently a Vice President of Product Management at Level 3 Communications. He has been involved with integration of at least eight networks, both from the engineering side as well as the business side.

Richard A Steenbergen

Richard A Steenbergen worked for several ISPs in the late 1990s, served as Chief Scientist at ServerCentral, founded nLayer Communications and stayed as CTO through its acquisition by GTT. He's most recently merged with Turkes Industries and established a growing boutique residential experience brand, "The Turkbergen".
Abstract: Mergers and acquisitions have been part of the lifecycle of many networks over time in both service provider and enterprise realms. Integrating the networks of two companies can involve some typical approaches and typical pitfalls. The panelists will draw on their significant collective experience to share some lessons learned.
Files: pdfNetwork Integration Panel(PDF)
youtubeNetwork Integration Panel
Sponsors: None.
Automatically Build, Test and Deploy Your Network Configurations
Meeting: NANOG63
Date / Time: 2015-02-02 3:30pm - 4:00pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Carlos Vicente, Dyn Inc.

Carlos Vicente is a Principal Network Engineer at Dyn, where he contributes to Dyn's next-generation infrastructure. His interests include network design, automation and management. Prior to Dyn, he worked for ISC where he helped maintain and grow the worldwide DNS F-Root network. He also worked with the University of Oregon and the Network Startup Resource Center (NSRC) building networks and training engineers in emerging regions. Carlos is the author of the open source Network Documentation Tool (Netdot). He is originally from the Dominican Republic and has an M.S. degree in Telematics from the Politechnic University of Catalonia (Spain).
Abstract: Do you still copy/paste configuration sections when deploying new devices or adding new features? Do you struggle to keep things consistent and free of cruft? Do you suffer each time you need to touch 100+ devices? Envious of the tools the systems and software people use to automate their work? With networks growing at a faster pace than the teams who manage them, we need to move our processes and tools into the 21st century.

Configuration management and continuous integration are common in software development and systems administration, but woefully absent in networks. Utilizing these capabilities to address our challenges in managing our network configuration is both wise and necessary.

Kipper is the internal codeword for our network automation system. It is a modular solution using standard tools and protocols such as Ansible, Jenkins, Github and NETCONF. We’ll cover how Kipper addresses these issues, its implementation details, challenges and experiences.
Files: pdfAutomatically Build, Test and Deploy Your Network Configurations(PDF)
youtubeAutomatically Build, Test and Deploy Your Network Configurations
Sponsors: None.
BCOP Publication Options
Meeting: NANOG63
Date / Time: 2015-02-02 4:00pm - 4:30pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Cathy Aronson, Daydream Imagery LLC.

Cathy was most recently a network engineer at Cascadeo Corporation where she helped manage addressing and routing for a number of clients. She is an active member of the ARIN Advisory Council and has been on the program committe of NANOG two different times. Previously, Cathy was a member of the technical staff at Packet Design, where she was responsible for operational aspects of their Internet scaling projects. Earlier Cathy was at the @Home Network where she was responsible for routing and IP addressing. She began her career at Merit, Inc. where she worked on the NSFNET Backbone and CICNet.
Abstract: NANOG and the other regional NOGs are writing Best Current Operational Practices documents. These BCOP documents need a home. One of the suggested places to publish these documents is the IETF RFC process. My talk will outline publishing options for BCOP documents within in the RFC framework.
Files: pdfBCOP Publication Options(PDF)
youtubeBCOP Publication Options
Sponsors: None.
Datacenter Track
Meeting: NANOG63
Date / Time: 2015-02-02 4:30pm - 6:00pm
Room: Salon I
Presenters: Moderators:

Martin Hannigan, Akamai Technologies, Inc.

Martin Hannigan has 27 years of internet operations, engineering and management experience. He is currently Director of Network and Data Center Architecture at Akamai Technologies, the world largest CDN. He serves on the Board of Directors of the Toronto Internet Exchange "TorIX". Canadas largest and North Americans second largest IXP as Vice President and is Vice Chair of the Board of the France-IX, the largest multi node IXP in France.
Abstract: The data center track is focused on data center real estate, energy and physical interconnection topics. Discussion points for the upcoming track are a community developed data center standard data center questionnaire, a panel discussion focused on data center WDM avoidance or deferral, an overview of data center requirements by cloud providers and an Open-IX Data Center standards update.
Files: None.
Sponsors: None.
DNS Track
Meeting: NANOG63
Date / Time: 2015-02-03 9:30am - 11:00am
Room: Salon I
Presenters: Moderators:

Duane Wessels, VeriSign

Duane is a Principal Research Scientist at Verisign, with a focus on DNSSEC projects. Prior to joining Verisign, Duane was the Director of the DNS Operations Analysis Research Center (DNS-OARC), where he now serves on the Board of Directors.
Abstract: The NANOG63 DNS Track solicits presentations from DNS operators, developers, and researchers on current topics in the industry. These might include: recent spate of software vulnerabilities; new gTLDs; DNSSEC deployment; recent DNS protocol work in the IETF; DDoS attacks.
Files: pdfDNS Track(PDF)
pdfDNS Track(PDF)
pdfDNS Track(PDF)
pdfDNS Track(PDF)
pdfDNS Track(PDF)
Sponsors: None.
ARIN Public Policy Consultation Track
Meeting: NANOG63
Date / Time: 2015-02-03 9:30am - 11:00am
This item is webcast
Room: Salon M
Presenters:
Abstract: One of ARIN’s key responsibilities is to facilitate the Internet number resource policy development process. Working together with elected volunteers, the community at-large creates the policies that ARIN follows when reviewing requests for Internet number resources. To ensure operators in the ARIN region have full access to these important discussions, in addition to opportunities on the open public policy mailing list and ARIN public policy meetings, we would like to bring the discussion directly to the operators by requesting agenda time on the NANOG program. We are requesting agenda time because we believe Internet number resource policies that determine how operators may access Internet number resources from the registry are best discussed and developed by the operators themselves.

Items that are likely to be discussed at an ARIN Public Policy Consultation in San Antonio include:

Out of Region Use (of number resources including IPv6)
Maintaining IN-ADDRs
Removing Needs Test from Small IPv4 Transfers
Change Utilization Requirements from last-allocation to total-aggregate
New MDN Allocation Based on Past Utilization
Modification to CI Pool Size per Section 4.4 (adding more IPv4 space to the critical infrastructure reserve)
Removal of Minimum in Section 4.10 (increasing the IPv4 minimum from /28 to /24)

Full text of these proposals is available at: https://www.arin.net/policy/proposals/
Files: youtubeARIN Public Policy Consultation Track
Sponsors: None.
ARIN Public Policy Consultation Track
Meeting: NANOG63
Date / Time: 2015-02-03 11:30am - 1:00pm
This item is webcast
Room: Salon M
Presenters:
Abstract: One of ARIN’s key responsibilities is to facilitate the Internet number resource policy development process. Working together with elected volunteers, the community at-large creates the policies that ARIN follows when reviewing requests for Internet number resources. To ensure operators in the ARIN region have full access to these important discussions, in addition to opportunities on the open public policy mailing list and ARIN public policy meetings, we would like to bring the discussion directly to the operators by requesting agenda time on the NANOG program. We are requesting agenda time because we believe Internet number resource policies that determine how operators may access Internet number resources from the registry are best discussed and developed by the operators themselves.

Items that are likely to be discussed at an ARIN Public Policy Consultation in San Antonio include:

Out of Region Use (of number resources including IPv6)
Maintaining IN-ADDRs
Removing Needs Test from Small IPv4 Transfers
Change Utilization Requirements from last-allocation to total-aggregate
New MDN Allocation Based on Past Utilization
Modification to CI Pool Size per Section 4.4 (adding more IPv4 space to the critical infrastructure reserve)
Removal of Minimum in Section 4.10 (increasing the IPv4 minimum from /28 to /24)

Full text of these proposals is available at: https://www.arin.net/policy/proposals/
Files: youtubeARIN Public Policy Consultation Track
Sponsors: None.
Security Track
Meeting: NANOG63
Date / Time: 2015-02-03 11:30am - 1:00pm
Room: Salon I
Presenters: Moderators:

John Kristoff, Team Cymru

John Kristoff is a researcher with Team Cymru, an Internet security research firm and the Managing Director of the Dragon Research Group. John has worked at UltraDNS/Neustar as a network architect and held network engineering positions at both Northwestern University and DePaul University. John remains affiliated with Northwestern and DePaul as a collaborator, student and instructor. John is an active participant and in some cases a founder of a handful of network and security related communities, both private and public.
Abstract: The NANOG security track explores the latest in current network security threats, defenses and research. Contact the track coordinator to reserve some time to lead a discussion or present a topic of interest.
Files: pdfSecurity Track(PDF)
Sponsors: None.
Beyond the Range of the Moment: Ethical Response to Cybercrime
Meeting: NANOG63
Date / Time: 2015-02-03 2:30pm - 3:15pm
Room: Salon I
Presenters: Speakers:

David Dittrich, University of Washington

Dave Dittrich is an Affiliated Research Scientist with the Office of the Chief Information Security Officer at the University of Washington. He has been involved in investigating and countering computer crimes going back to the late-1990s. Dave was the first person to describe the technical details of DDoS attack tools in 1999, was an early researcher into bots and botnets, and one of the first to study P2P for botnet command and control. Dave has pushed the limits, but he tries to do it in a way that is ethically defensible. He has written extensively on ethics and the "Active Response Continuum," serves on one of the UW's Institutional Review Boards evaluating human subjects research, and he and Erin Kenneally recently co-authored the Department of Homeland Security document, "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research."

Katherine Carpenter

Katherine Carpenter (JD, MA) is a consultant currently researching ways to improve the ethics behind computer security research. She has previously worked in bioethics and health; her graduate education focused in international relations, international law, technology and privacy. She has worked for the City of Seattle, the Seattle Children’s Hospital, the Colorado Children’s Hospital, and the World Health Organization. As a member of an Institutional Review Board at the University of Washington she reviewed both socio-behavioral and biomedical studies to improve ethics and study design. Katherine earned her Juris Doctor from the University of Denver's Sturm College of Law and her Masters from University of Denver's Josef Korbel School for International Studies. She earned her bachelor's degree from Columbia University.
Abstract: Botnet takedowns are occurring more frequently as time goes on. Some are done in conjunction with criminal or civil legal action, but many more are done by private sector actors using only technical means. Most are viewed as failures in one way or another, regardless of the actual goals of the action in the first place. More and more, aggressive responses come with some manner of collateral damage. This talk covers some of the issues regarding these takedowns and seeks feedback from the NANOG membership about how the service provider stakeholder population (and their customer base) can best be represented in these takedowns.
Files: pdfBeyond the Range of the Moment: Ethical Response to Cybercrime(PDF)
youtubeBeyond the Range of the Moment: Ethical Response to Cybercrime
Sponsors: None.
Public Policy Approaches to IPv4-IPv6 Transition
Meeting: NANOG63
Date / Time: 2015-02-03 3:15pm - 3:45pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Lee Howard, Time Warner Cable

Lee Howard has worked in small and large ISPs, consulting, hosting, and enterprise networks for over 20 years. He is currently Director of Network Technology for Time Warner Cable, leading their IPv6 efforts.
Abstract: The transition from IPv4 to IPv6 is, arguably, a public policy concern. Some national governments have made efforts to encourage IPv6 deployment. By comparing places with the highest and lowest deployment, we can see what government policies have been most effective.
We find evidence that government policies help in web deployment, and that IPv6 Internet access is more closely associated with a single company or small group. We also offer evidence that small groups are the most successful at raising deployment among both web and ISP measures.
Files: pdfPublic Policy Approaches to IPv4-IPv6 Transition(PDF)
youtubePublic Policy Approaches to IPv4-IPv6 Transition
Sponsors: None.
DDoS Mitigation using BGP Flowspec
Meeting: NANOG63
Date / Time: 2015-02-03 4:15pm - 5:00pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Justin Ryburn, Juniper Networks

Justin Ryburn is a Senior Systems Engineer at Juniper Networks. He holds an MBA and a MS in IT Management from Webster University as well and numerous industry certifications. Justin contributed content for Cyber Forensics (Auerbach Publishing, 2007). Prior to joining Juniper, Justin held various operations, engineering, and sales engineering positions over his 15-year career with companies such Savvis, Nortel, XO, and Charter.
Abstract: The BGP Flow Specification defined in RFC 5575 gives network operators an additional tool to mitigate the effects of DDoS attacks on their network. In this talk, we will look at the previous tools available to operators for blocking DDoS attacks. We will then look at how BGP Flowspec aims to improve upon those methods. Finally, we will take a look at where BGP Flowspec is working and what needs to be improved to make this tool even more effective.
Files: pdfDDoS Mitigation using BGP Flowspec(PDF)
youtubeDDoS Mitigation using BGP Flowspec
Sponsors: None.
Approaches for DDoS — an ISP Perspective
Meeting: NANOG63
Date / Time: 2015-02-03 5:00pm - 5:30pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Barry Dykes, ViaWest Inc

Barry Dykes has more than 20 years of Internet industry experience. Previously as VP of Engineering/Operations for ViaWest, he was responsible for all networking and security functions. Dykes has developed and implemented firewall, VPN, load-balancing, routing and switching products for ViaWest customers and was responsible for all backbone and data center design (internal, complex-customers, and production). During his 13 years at ViaWest, he successfully guided the ViaWest backbone through 6 major overhauls, ensuring the stability and scalability of the infrastructure that connects ViaWest, its customers and the Internet together. This was done with no measurable impact to customers through each phase. Barry has also held positions with Qwest, Genuity, MCI and OneSecure. With Qwest, he defined and developed their Cyber-Centers as well as a comprehensive Network-based VPN offering that utilized IPSec and other protocols. He worked with various vendors to develop methods of address conservation (VLAN-aggregation RFC 3069 and VPN ID’s utilized by a number of Network-based VPN vendors). During his tenure with Genuity Inc, a leading Tier 1 Internet Service Provider, he performed as Senior Network Architect and played an intricate role in the design and implementation of their Wide Area Network and defined policies, including IGP and BGP. Barry was key to the building of InternetMCI’s first Internet Network Operations Center during his employment with MCI. He provided both training and expert troubleshooting of complex networking issues as well as monitored, troubleshot and restored both customer and backbone circuits in bandwidths from Fractional T1’s to Optical Carriers. Please note the following resume which will provide detailed information regarding Barry Dykes employment history.

Ognian Mitev, ViaWest, Inc.

Ognian Mitev is a Principal Network Architect at ViaWest, Inc. Ognian is responsible for designing, implementing, and managing enterprise and customer internetworks for data centers across North America. He is the chair of the Rocky Mountain IPv6 Task Force and the Colorado Internet Society Chapter and is actively involved with the North American At-Large ICANN organization.
Abstract: Basically, we have done tons at ViaWest to deal with the increase in DDoS attacks that we have seen at the end of 2013. Our approach has been a little difference since we couldn't really find a cloud or hardware vendor that "just made it all fit together" and work in an automated fashion. From detecting an attack independently of our network devices (we did not all a cloud vendor to have access to our routers like many ask for) to automatically swinging an attack to a cloud provider without personnel interaction. We have basically automated every part of dealing with an attack.
Files: pdfApproaches for DDoS — an ISP Perspective(PDF)
youtubeApproaches for DDoS — an ISP Perspective
Sponsors: None.
Real-world Network Automation
Meeting: NANOG63
Date / Time: 2015-02-04 9:30am - 10:30am
This item is webcast
Room: Salon I
Presenters: Moderators:

Matt Peterson, Cumulus Networks

Matt Peterson works within the office of the CTO at Cumulus Networks. At Cumulus, he built the initial customer experience team, and is responsible for technical evangelism and customer product direction. Matt has held enable access on 2 to 5 digit ASN organizations - as well as co-founding the first non-profit IX within San Francisco, known as SFMIX. His work has been presented at numerous industry events, including APRICOT, BSDcon, Defcon, & CCC Camp. At NANOG62, Matt presented on an extreme temporary network deployment for the annual Burning Man festival - this panel will continue the discussion on using modern automation on IP networks.
Panelists:

Bronwyn Lewis, Packet Clearing House

Bronwyn Lewis is a provisioning engineer at non-profit Packet Clearing House. In her role at PCH, her work focuses on configuring and deploying equipment around the world, seeing new equipment from first-rack through PoP installation. Prior to PCH, Bronwyn managed operations & various technical projects at a market research start-up in Los Angeles and studied global rights, justice, and governance issues at the New School in NYC.

Carlos Vicente, Dyn

Carlos Vicente is a Principal Network Engineer at Dyn, where he contributes to Dyn's next-generation infrastructure. His interests include network design, automation and management. Prior to Dyn, he worked for ISC where he helped maintain and grow the worldwide DNS F-Root network. He also worked with the University of Oregon and the Network Startup Resource Center (NSRC) building networks and training engineers in emerging regions. Carlos is the author of the open source Network Documentation Tool (Netdot). He is originally from the Dominican Republic and has an M.S. degree in Telematics from the Politechnic University of Catalonia (Spain).

Jérôme Fleury, CloudFlare

Jérôme Fleury helped build large Internet Service Providers in France including Tiscali and Telecom Italia, as a Network Engineer there, he deployed one of the largest Local Loop Unbundling network during the 2000 market deregulation in France. Then, from 2005-2007, he managed the Telecom Italia backbone in France before joining the newly built French internet exchange-FranceIX-as a technical manager. While with FranceIX he enjoyed facilitating the rebirth of peering in France. Since 2013, Jérôme has been discovering the world of globally distributed CDN network management with CloudFlare.
Abstract: The legacy of specialized tools developers has long been eclipsed by the DevOps movement - uniting developers & operations staff to share common responsibilities, technology, and mindshare. This growing crusade has extended to the network, where traditional IP network engineers are adopting systems administration skills. Ironically many of the industry led efforts (Yang, NETCONF, etc) have seen vague wide-scale adoption - while bottom-up efforts (Ansible, Schprokits, Puppet) have led the majority of publicly acknowledged automation tools.

Each panelist will briefly describe their organization, history of tooling, and personal experience developing or supporting an automation effort. After which the panel will break out into a Q&A session that covers:
Culture / staff training - getting adoption across a team or organization
Tool / languages chosen - existing software vs custom development, accessibility
Scaling - is a large environment a prerequisite, where does one start?
Unique to the chosen panelists is a diverse set of automation use-cases, from initial configuration (templates, IP calculation), traffic engineering, and policy enforcement.
Files: pdfReal-world Network Automation(PDF)
youtubeReal-world Network Automation
Sponsors: None.
Selective Blackholing - How to Use & Deploy
Meeting: NANOG63
Date / Time: 2015-02-04 10:30am - 11:00am
This item is webcast
Room: Salon I
Presenters: Speakers:

Job Snijders, NTT Communications

Job is actively involved in the Internet community both in an operational capacity and as a founder of cooperation efforts such as the NLNOG RING. He has taught service providers in the Middle East how to deploy IPv6 and has a passion for Routing Security and Automation. Job holds a position at NTT Communications' IP Development Department.
Abstract: While DDoS are commonplace in today's networks, effective mitigation is either very costly or you throw out the good with the bad when using a conventional blackhole community. In the author's humble opinion selective blackholing is very effective, and arguably the cheapest way to deal with DDoS attacks.

This BGP community scheme is designed based on the theory that most prefixes (and content) have a geopgrahical significance which decreases as distance between the sender and receiver of traffic increases. Most often big DDoS attacks are sourced world-wide, but most legitimate visitors come from within a certain radius. In other words: a Texas gun shop owner doesn't care about Dutch visitors during a DDoS attack.

The objective of this presentation is to explain how to interpretate selective blackhole communities as an end-user, and elaborate on how one might implement such a scheme as a network operator.
Files: pdfSelective Blackholing - How to Use & Deploy(PDF)
youtubeSelective Blackholing - How to Use & Deploy
Sponsors: None.
Assessing Internet Resilience at a Key Node
Meeting: NANOG63
Date / Time: 2015-02-04 11:30am - 12:00pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Michael Thompson, Argonne National Laboratory

Mike Thompson is a Cyber Security Analyst at Argonne National Laboratory (ANL). He is currently the Resilience Assessment Lead supporting the Department of Homeland Security's Regional Resiliency Assessment Program evaluating the Ashburn area data data center cluster. He has lead and contributed to several projects including a variety of research for Argonne and analysis projects for the Department of Homeland Security. He is a lead developer on a patent pending moving target defense technology. In previous lives, Mike has taught high school and community education classes on technology, sound engineering, and ESL - he was an Operations technician and System Administrator for Google during the early days of their great global data center expansion -- and he has sold roadside produce all over the upper Midwest. His eclectic experience gives him a unique insight into the problems of computer security and privacy.
Abstract: The Ashburn, VA data center corridor has been a central hub of Internet traffic since the early days of the Internet when MAE-East was the primary place to interconnect with other service providers. Though Ashburn is not the single point of failure that it once was, large volumes of backbone traffic still route through IXPs and data centers in Ashburn and nearby areas. After hurricane Sandy rendered data centers in New York City and along the eastern seaboard inoperable, an exploration of the resilience of Ashburn facilities and the ability for the Internet to survive without them is critical. The Risk and Infrastructure Science Center (RISC) at Argonne National Laboratory is developing innovative approaches to assess internet slowdowns and reroutes based on facility and region level outages. For example, Argonne supports the Department of Homeland Security’s Regional Resiliency Assessment Program (RRAP), which will study data center and internet resilience in Ashburn during its FY 2015 series of projects. If the Ashburn/DC area were to suffer an outage, it is unlikely that the rerouting of such a volume of traffic would be successful. Although TCP is an extremely robust protocol which can effectively reroute around network problems, the routers themselves must have the capacity to deal with the amount of traffic routed to them. In addition to raw transit, it is estimated that 70% of Amazon AWS services are housed in the Ashburn area. Due to the data center concentration and transit locality of the area, it is likely that other cloud providers have similar concentrations in the area. We aim to investigate the consequences of losing singly homed services as well as the capacity issues involved in TCP routing internet traffic around a blacked-out Ashburn area.

In this presentation we will share hypotheses and areas of exploration of the RRAP and will engage the NANOG community in a discussion to help shape the scope of the study.
Files: pdfAssessing Internet Resilience at a Key Node(PDF)
youtubeAssessing Internet Resilience at a Key Node
youtubeAssessing Internet Resilience at a Key Node
Sponsors: None.
Migrating AmLight from legacy to SDN: Challenges, Results and Next Steps
Meeting: NANOG63
Date / Time: 2015-02-04 12:00pm - 12:30pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Jeronimo Bezerra, Florida International University

Jeronimo is a network engineer at Florida International University, responsible for the AmLight project, project that connects all academic networks in Latin America to other academic networks in the world. Involved with computer's networks since 2002, Jeronimo has MSc degree in Mechatronics, Cisco and Juniper certifications. He has also been involved with commercial service providers in Brazil, specially with IPv6, MPLS and BGP deployments. Currently, Jeronimo is deeply involved with SDN to support network-aware applications.
Abstract: In August 2014, AmLight distributed exchanged point was migrated from a VLAN+RSTP network to a SDN. This migration had two main motivations: improve provisioning and add programability support to AmLight network. But this migration wasn't simple, because with points of presence in the U.S, Chile and Brazil, peaks of 22Gbps of traffic per day, more than 300 VLANs and 1,000 universities and research centers connected to it, any change is complex and it has to be performed carefully. Multi-domain layer 2 provisiong was improved from days to seconds after the SDN deployment; network virtualization is available for interested users. This presentation will describe our experience in migrating a production layer two network to become the first SDN network connecting countries in Latin America. We will describe the steps we took, all tests and challenges, the results and next steps.
Files: pdfMigrating AmLight from legacy to SDN(PDF)
youtubeMigrating AmLight from legacy to SDN
Sponsors: None.
Why Operators need Transport SDN (Not just another SDN presentation)
Meeting: NANOG63
Date / Time: 2015-02-04 12:30pm - 1:00pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Peter Landon, BTI Systems

Peter Landon is the Director of Product Architecture in the Office of the CTO at BTI Systems, responsible for the company¹s product architecture strategy. He is also a participant and contributor to the OIF as well as the ONF OTWG. His more than 25 years of experience in ASIC design include: leading the design of the tracking system for the NASA James Webb Space Telescope while at COM DEV; being appointed "Distinguished Member of Technical Staff" in ASIC design at Lucent Technologies/Bell Labs; serving as technical manager for optical IC development at Agere Systems; and since joining BTI, leading the architecture and design of the BTI 7000 Series packet-optical transport systems, and the award-winning BTI 7800 Series Intelligent Cloud Connect platforms. Peter earned his BSc in Engineering from Queen¹s University with post graduate work at Carleton University in Ottawa, Ontario.
Abstract: This presentation will outline the reasons why network operators need to be thinking about transport-layer SDN, which includes the Layer 0/1 optical transport infrastructure. Traditionally, Layer1 has been the boring uncle that doesn’t get talked about, with all the attention focused on L2 and above. With the advent of transport SDN and the possibility of dynamic control of optical and L1 resources, the value of L2+ SDN is actually multiplied, because it opens up the ability to deliver new optimized services that weren’t possible in the past.

How can SDN work for L0/L1 when there is no MAC, and no packet header to examine? This presentation will explain the mechanics of optical transport SDN and how the ONF is driving an open standard which will enable deployment of the technology in a multi-vendor network. I will also describe practical use cases that will demonstrate the value of transport SDN, as part of a unified infrastructure that includes a centralized SDN controller.
Files: youtubeWhy Operators need Transport SDN
pdfWhy Operators need Transport SDN (Not just another SDN presentation)(PDF)
Sponsors: None.
RIPE Lessons from RPKI adoption
Meeting: NANOG63
Date / Time: 2015-02-04 2:30pm - 3:00pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Alex Band, RIPE NCC

Alex Band is the Product Manager at the RIPE Network Coordination Centre (NCC). He is responsible for the planning and communication behind the RIPE NCC's many products and services. This includes lifecycle management, gathering and prioritising customer requirements, defining the product vision, and working closely with technical development departments to ensure the RIPE NCC delivers successful products and services. Alex has in-depth knowledge of RIPE NCC's products and services, and their target audience -- the RIPE NCC membership and the RIPE community. Alex frequently travels throughout the RIPE NCC service region (Europe, the Middle East and Central Asia) to deliver presentations on behalf of the RIPE NCC on a number of topics, including: resource certification (RPKI), Internet policy and governance, IPv4 and IPv6, the RIPE Routing Registry, and the RIPE Policy Development Process. Prior to his current role, Alex was a Trainer at the RIPE NCC for four years.
Abstract: The RIPE NCC has been running a hosted RPKI service for four years now. In tandem, we ship the RPKI Validator relying party software. The system has had a lot of traction in our region since the launch, as can be seen from the global adoption statistics:

http://certification-stats.ripe.net

I would like to give a presentation on our our design philosophy, community approach and all other factors that make this a succesful service that real operators use in their daily work and engage in a discussion with the audience why this seemingly isn't the case in North America.

Instead of using slides, I would like to do a live demo of the hosted software and validator (adventurously installed from scratch). To give you an idea of what this looks like I have a short YouTube video, but also an hour long webinar in case you'd like more background:

http://youtu.be/gLwHp12wOGw
http://meet95212513.adobeconnect.com/p3bv0t6lli0/

A public install of our RPKI Validator is available here:

http://localcert.ripe.net:8088

The general idea is that with all emerging technologies, there is the chicken and agg problem of operators having to invest time and resources in a new system, while the gains may be low or non-existent as an early adopter. Easy analogies are IPv6 and DNSSEC. As an organisation, we try to take away as many hurdles as we can, and I would like to show how we've done that to successfully overcome this problem.

Please let mw know if you would like more background information; I can also make slides if that is really desired.
Files: pdfRIPE Lessons from RPKI adoption(PDF)
youtubeRIPE Lessons from RPKI adoption
Sponsors: None.
ISP Interconnection and its Impact on Consumer Internet Performance
Meeting: NANOG63
Date / Time: 2015-02-04 3:00pm - 3:30pm
This item is webcast
Room: Salon I
Presenters: Speakers:

Collin Anderson, Measurement Lab

Collin Anderson is a Washington D.C.-based researcher at Measurement Lab, focused on measurement of the Internet connectivity, including consumer performance and access restrictions, with an emphasis on the application of public data and open methodologies. With open research and cross-organizational collaboration, these efforts have included applying big data to shed new light on complex issues of how business relationships at the core of the Internet have affected end-user access. Through M-Lab this work has extend into the role of promoting well-informed public policy discourse and producing information to allow users to better understand their access to the Internet.
Abstract: While interconnection is a core principle of the Internet and a core element of the network operator community, the role of interconnection health and traffic management practices in end consumer performance has remained opaque to users, policymakers, and researchers alike, based on the complexities of conducting measurement at scale. Measurement Lab’s research on interconnection performance has exposed episodes of persistent congestion across multiple Access ISPs and Transit ISPs over the past three years. These incidents lead to substantial degradation of end-user connectivity that have been quantified and detailed through the substantial performance data made available through M-Lab. This presentation will extend and update a preliminary introduction given before the Cooperative Working Group at RIPE69 in November, concentrating more on the technical findings of the study and discussing the toolkit released concurrently with the report. Moreover, we will further elaborate on research conducted since its release, including discovery of prioritization regimes as a third-party to the underlying network relationship. In reviewing the methodology designed to assess these large-scale network performance trends exposed in the interconnection study, we will elaborate on the open datasets and tools that M-Lab has made available to interested researchers. This presentation will also offer an update on new developments with M-Lab, including new tests, and provide an introduction to the platform as a public resource for the network operator community, providing opportunities for performance diagnostics and quality of service monitoring.
Files: pdfISP Interconnection and its Impact on Consumer Internet Performance(PDF)
youtubeISP Interconnection and its Impact on Consumer Internet Performance
Sponsors: None.

Back to NANOG63 agenda.

NANOG63 Abstracts

  • Network Integration Panel
    Moderators:
    Joe Provo, Google; Panelists:
    McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen
  • Network Integration Panel
    Moderators:
    Joe Provo, Google; Panelists:
    McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen
  • Network Integration Panel
    Moderators:
    Joe Provo, Google; Panelists:
    McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen
  • Network Integration Panel
    Moderators:
    Joe Provo, Google; Panelists:
    McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen
  • Network Integration Panel
    Moderators:
    Joe Provo, Google; Panelists:
    McGehee Games, CenturyLink; Steve Powell, Level3; Dave Siegel, Level 3 Communications; Richard A Steenbergen
  • DNS Track
    Moderators:
    Duane Wessels, VeriSign;
  • Real-world Network Automation
    Moderators:
    Matt Peterson, Cumulus Networks; Panelists:
    Bronwyn Lewis, Packet Clearing House; Carlos Vicente, Dyn; Jérôme Fleury, CloudFlare;
  • Real-world Network Automation
    Moderators:
    Matt Peterson, Cumulus Networks; Panelists:
    Bronwyn Lewis, Packet Clearing House; Carlos Vicente, Dyn; Jérôme Fleury, CloudFlare;
  • Real-world Network Automation
    Moderators:
    Matt Peterson, Cumulus Networks; Panelists:
    Bronwyn Lewis, Packet Clearing House; Carlos Vicente, Dyn; Jérôme Fleury, CloudFlare;
  • Real-world Network Automation
    Moderators:
    Matt Peterson, Cumulus Networks; Panelists:
    Bronwyn Lewis, Packet Clearing House; Carlos Vicente, Dyn; Jérôme Fleury, CloudFlare;

 

^ Back to Top