^ Top

NANOG 31 Agenda

All Times are in Pacific Standard Time 

NANOG 31 Agenda

Presentation File Key:


Windows Media video, requires Windows Media Player to view. 


Real Video, requires Real Player to view. 


PDF Document, requires Adobe Acrobat Reader to view/print. 

Sunday, May 23 2004
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
1:30pm - 3:00pmColonial

Tutorial: BGP Techniques for Service Providers

The tutorial introduces service providers to some more advanced BGP features and techniques to aid with operating their networks within the Internet. After a recap of iBGP, eBGP, and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and examine policy options available through the use of local preference, MED and communities. The tutorial then looks at common deployment scenarios as used in ISP networks, before finishing off with some of the newer configuration features available.

View full abstract page.

  • Philip Smith, Cisco Systems
  • Philip Smith joined Cisco Systems in January 1998. He is a member of the Service Provider Architectures Group of Consulting Engineering, within Corporate Development. His role includes working with many ISPs in the Asia-Pacific region and the rest of the world, specifically in network strategies, design, technology, and operations, as well as helping with network configuration and scaling. Other areas of interest also include Internet routing, Internet protocols, IPv6, and encouraging the growth of the Internet around the world. Prior to joining Cisco, he spent 5 years at PIPEX (now part of UUNET\'s global ISP business), the UK\'s first commercial Internet Service Provider. He was one of the first engineers working in the UK Internet, and played a fundamental role in building the modern Internet in the UK and Europe. Philip is co-author of Cisco ISP Essentials, ISBN 1-58705-041-2, published by Cisco Press. He holds a Doctor of Philosophy and has a First Class Honours Degree in Physics. He lives in Brisbane, Australia.
youtubeBGP Techniques for Service Providers
pdfPhilip Smith Presentation(PDF)
1:30pm - 3:00pmGeorgian

Tutorial: Using IPsec to Encrypt Your Wireless Traffic at NANOG

NANOG plans to make an IPsec server available at NANOG31, which attendees can use to encrypt their traffic on the local network. This willl significantly reduce the chance that someone can sniff your passwords on the wireless network. During this tutorial, you will learn how to configure your Linux, BSD, Mac, or Windows laptop for use with the NANOG IPsec server. This is a hands-on tutorial, so bring your laptops to the session. If you want to be fully prepared for the tutorial, visit my page <A HREF=\"http://www.packet-pushers.net/NANOG/ipsec/\" TARGET=\"_blank\">http://www.packet-pushers.net/NANOG/ipsec/</A> in advance. Install any necessary software on your laptop in advance if possible.

View full abstract page.

  • Duane Wessels, Measurement Factory
  • Duane Wessels discovered Unix and the Internet as an undergraduate studying physics at Washington State University. After playing System Administrator for a few years, he moved to Boulder, Colorado, to attend graduate school. In late 1994, he joined the Harvest project, where he worked on searching, indexing and caching. From 1996 until 2000, he was co-principle investigator of the NLANR Information Resource Caching project (IRCache). During this time he and others developed and supported the Squid caching proxy. His second book, titled Squid: The Definitive Guide, is soon to be published by O\'Reilly and Associates. Currently, he is co-owner and president of The Measurement Factory, Inc., a company that specializes in evaluating the performance and compliance of HTTP-aware devices.
pdfDuane Wessels Presentation(PDF)
youtubeUsing IPsec to Encrypt Your Wireless Traffic at NANOG
3:00pm - 3:30pm Break
3:30pm - 5:00pmColonialTutorial: BGP Techniques for Service Providers (Part 2)Speakers:
  • Philip Smith, Cisco Systems.
3:30pm - 5:00pmGeorgian

Tutorial: IS-IS Up to Date

This presentation reviews recent IETF enhancements to IS-IS, including extensions in support of high availability [Restart-TLV], MD5 authentication support, multi-topology extensions, and IS-IS for IPv6. The tutorial also covers topics that will help ISPs improve the operating efficiency of their network. <BR><BR> An outline of the session follows: <OL> IS-IS for high availability <UL> <LI> Check-pointing method</LI> <LI> IETF restart TLV</LI> </UL> </LI> <LI> IS-IS for IPv6</LI> <LI> Multi-topology support</LI> <LI> MD5 authentication support</LI> <LI> Other topics <UL> <LI> Default-metric change</LI> <LI> IS-IS protocol shutdown</LI> <LI> Limit the number of redistributed routes</LI> <LI> Update on IETF Drafts</LI> </OL>

View full abstract page.

  • Shankar Vemulapalli, Cisco Systems
  • Shankar Vemulapalli is a Technical Leader at Cisco Systems. He is a member of Central Engineering, within Advanced Services. In his current role, he specializes in design and implementation of new enhancements to routing protocols (BGP/OSPF/ISIS) and MPLS-VPNs, in service provider and enterprise customer networks. Shankar is also a frequent contributor at networking technical forums.
youtubeIS-IS Up to Date
pdfShankar Vemulapalli Presentation(PDF)
6:00pm - 8:00pmOffsite

Sunday Evening Reception!

NANOG and Switch and Data invite you to join us for a Sunday evening reception, to be held from 6:00 - 8:00 p.m. at <A HREF=\"http://lecolonialsf.com\" TARGET=\"_BLANK\">Le Colonial Restaurant.</A> We\'ll be serving beer, wine, and light hors d\'oeuvres in a private lounge on the second floor of the restaurant. <BR><BR> Le Colonial is located just a few blocks from the hotel on Cosmo near Taylor. <BR><BR> Your NANOG name badge will serve as your entry ticket to the event. If you\'d like to be escorted to the restaurant, please meet in the St. Francis lobby at 5:45 p.m.

View full abstract page.
Monday, May 24 2004
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
8:00am - 9:00amItalian FoyerContinental Breakfast
9:00am - 9:15amGrand BallroomWelcome, IntroductionsSpeakers:

  • Steve Feldman, CNET
  • Steve Feldman has been involved in computer networking since 1978. He has worked in software development and network engineering for Tymnet and MFS/Worldcom, where he was the principal architect for the MAE Internet exchanges. Since then, he has gone on to work for several startups and acted as an independent consultant, and is now a network engineer for CNET Networks. Steve received B.S. and M.S. degrees in Computer Science from the University of California at Berkeley.

  • Susan Harris, Merit Network
  • Susan Harris coordinated NANOG meetings on behalf of Merit Network at the University of Michigan. She has been working in IT for 20 years, mostly in telecommunications and network engineering, and is the author of three RFCs.

  • Duane Wessels, The Measurement Factory
  • Duane Wessels discovered Unix and the Internet as an undergraduate studying physics at Washington State University. After playing System Administrator for a few years, he moved to Boulder, Colorado, to attend graduate school. In late 1994, he joined the Harvest project, where he worked on searching, indexing and caching. From 1996 until 2000, he was co-principle investigator of the NLANR Information Resource Caching project (IRCache). During this time he and others developed and supported the Squid caching proxy. His second book, titled <I>Squid: The Definitive Guide</I>, is soon to be published by O\'Reilly and Associates. Currently, he is co-owner and president of The Measurement Factory, Inc., a company that specializes in evaluating the performance and compliance of HTTP-aware devices.
pdfSusan/Duane's intro presentation(PDF)
youtubeWelcome, Introductions
9:15am - 9:45amGrand Ballroom

BGP Wedgies -- Bad Routing Policy Interactions that Cannot Be Debugged

It is now common knowledge that locally well defined BGP routing policies can interact to produce unexpected routing anomalies globally. We introduce a new class of such problems, called BGP Wedgies. A BGP Wedgie is defined as a policy interaction where (1) there are multiple solutions (routings) at the AS level, (2) some solutions are intended, while others are not, (3) getting stuck in an unintended solution requires resetting BGP sessions to \"kick the system\" back to an intended solution, (4) no one group of network operators has control over the set of sessions that needs to be reset, and (5) no one set of network operators has enough global knowledge to know what is happening. In such a situation the routing is \"wedged\" into a local optimum that is very difficult to change. Realistic examples will be given.

View full abstract page.
  • Randy Bush, Presenter.
  • Tim Griffin, Intel Research, author.
youtubeBGP Wedgies
pdfTim Griffin Presentation(PDF)
9:45am - 10:15amGrand Ballroom

IP Over Anything

This presentation will cover the use of L2/L3 technologies with the ultimate goal of providing transit service for IP traffic. Specific reference will be made regarding the use of Frame, ATM, and MPLS L2 technologies as well as the use of BGP, IGP, and ECMP. The technologies will be contrasted in such a fashion as to provide a view of how the interaction of these technologies can help and/or hinder a network. Detail will be shared regarding some of the problems experienced with the various traffic management methods and some solutions.

View full abstract page.

  • Blaine Christian, MCI
  • Blaine Christian currently manages the IP transit team for MCI under the umbrella of global data network management. He is responsible for the day-to-day management of the ~2k network devices that make up the domestic AS701 backbone. He has been with UUNET (now known as MCI) since 1997 and has served in his current position since 1999. Prior to MCI he served a tour of duty in Japan with the AirForce, majored in Electrical and Computer Engineering at George Mason University, and ran a small network consulting company.
pdfBlaine Christian Presentation(PDF)
youtubeIP Over Anything
10:15am - 10:35amGrand Ballroom

Implications of Securing Backbone Router Infrastructure

This talk discusses several currently deployable methods designed to improve the security of a service provider\'s router infrastructure, and outlines their operational implications. Many of these methods have been implemented on the Sprint IP network, which will be used as a case study. For example, one such method that Sprint has implemented is to remove the more specific routes to the /30 networks between Sprint and its customers. Sprint also plans to remove the more specific routes to its intra-router /31 networks as well. This talk will discuss the motivation behind these changes, how they were made, and most importantly, their operational impact.

View full abstract page.

  • Ryan McDowell, Sprint
  • Ryan has a BS in Computer Science and an MS in Information Systems. He has worked for Sprint for the past five years in various engineering and operations roles.
youtubeImplications of Securing Backbone Router Infrastructure
pptRyan McDowell Presentation(PPT)
10:35am - 11:00am Break
11:00am - 11:30amGrand Ballroom

Benefits of Negotiated Interdomain Traffic Engineering

Current interdomain routing policies are based on information local to each ISP and optimized for the benefit of that ISP. It is known that this combination can to lead to sub-optimal Internet paths and even unpredictable results. Paths can be sub-optimal because decisions that appear locally sound may have adverse global effects, such as when early-exit routing sends packets further from the ultimate destination. Behavior can be unpredictable because the actions of one ISP can have an unintended influence on the other and vice versa, and in the worst case cycles of influence can lead to oscillations as traffic is re-routed. Today, these problems are resolved by operator intervention, not by protocols. We present work that examines whether two neighboring ISPs can benefit by using automated negotiation to determine the paths of traffic that they exchange. There is an incentive to negotiate only if both ISPs benefit relative to making independent decisions. To see if this is so, we simulated ISP routing choices driven by latency reduction and hotspot avoidance over sixty measured ISP topologies with a variety of traffic models. We find negotiation most valuable as a means of avoiding hotspots. It also provides a modest decrease in latencies, which suggests that the \"price of anarchy\" is low in terms of path length with real ISP topologies, even though it can be substantial in the theoretical worst case. Interestingly, we also find that global optimization (which treats both ISPs as a single larger ISP) is undesirable in the sense that in some cases one ISP can suffer to benefit the other. We also describe our first steps towards a practical negotiation protocol. ISPs can already influence each other\'s routing decisions to some extent (e.g., via MEDs and AS-path prepending), but this influence is mostly indirect, coarse, often governed by trial-and-error and supplemented by out-of-band agreements between operators. Our intent is to help operators by relieving them of the bulk of the tedious and error-prone task of responding to traffic engineering problems, such as an overloaded peering link, while allowing them to maintain control over the result. It accommodates competitive concerns by revealing little ISP-internal information and independent ISP management by allowing different optimization criteria. We find that it selects routing strategies that realize most of the potential benefits identified in our study. We are particularly interested in operator feedback on the need for, requirements, and utility of this kind of mechanism.

View full abstract page.
  • Thomas Anderson, University of Washington.
  • Ratul Mahajan, University of Washington
  • Ratul Mahajan received a B.Tech. degree from the Indian Institute of Technology, Delhi, India, and an M.S. degree from the University of Washington. He is currently pursuing a Ph.D. degree at the University of Washington. His research interests span the entire range of internetworking-related topics. His past work includes a study of global routing configuration errors and discovering Internet topology and routing policies.
  • David Wetherall, University of Washington.
youtubeBenefits of Negotiated Interdomain Traffic Engineering
pdfRatul Mahajan - Traffic Engineering(PDF)
11:30am - 12:00pmGrand Ballroom

Verifying Wide-Area Routing Configuration

There is a need for a systematic approach to verifying router configurations before they are deployed. In this work, we develop a static analysis framework for configuration checking and use it in the design of rcc, a \"router configuration checker.\" rcc takes as input a set of router configurations and flags anomalies and errors based on a set of well-defined correctness conditions. We have used rcc to check BGP configurations from nine operational networks, testing nearly 700 real-world router configurations in the process. Every network we analyzed had configuration errors, some of which were potentially serious and had previously gone unnoticed. Our analysis framework and results also suggest ways in which BGP and configuration languages should be improved. rcc has also been downloaded by 30 network operators to date. <BR><BR> In this talk, I will: <UL> <LI> Provide a survey of the BGP-related problems that have been discussed on the NANOG mailing list over the last 10 years</LI> <LI> Discuss the framework we have developed for static analysis of BGP configurations.</LI> <LI> Present a summary of the configuration errors we found in the ASes we have surveyed thus far.</LI> <LI> Ask for more cooperation from the NANOG community. In particular, we would greatly benefit from having more people test out the tool, suggest additional features and checks, and let us know the types of errors that they have turned up in their configurations. </LI> </UL>

View full abstract page.

  • Nick Feamster, MIT
  • Nick Feamster is a graduate student in the Networks and Mobile Systems group at the MIT\'s Computer Science and Artificial Intelligence Laboratory (formerly LCS) under the supervision of Professor Hari Balakrishnan. He is interested in wide-area networking, network measurement, and security. His current research focuses on verification techniques for BGP and interdomain traffic engineering. He is an NSF Graduate Research Fellow and the recipient of the Best Student Paper awards at the USENIX Security Symposium in 2001 and 2002. Nick received his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively.
pdfNick Feamster Presentation(PDF)
youtubeVerifying Wide-Area Routing Configuration
12:00pm - 1:30pm Lunch
1:30pm - 2:00pmGrand Ballroom

Methods of Interconnecting MPLS Networks

This talk reviews several possible architectures for service provider MPLS network interconnections, including: <UL> <LI> Back-to-back VRFs </LI> <LI> EBGP redistribution of labeled VPN IPv4 routes between SP ASes </LI> <LI> Multihop EBGP redistribution of labeled IPv4 Routes between SP ASes <BR><BR></LI> </UL> We then discuss the advantages and caveats of each architecture; the method CW has selected, with a consideration of Carrier Supporting Carrier (CSC) and OAM; and a summary of futures, i.e., current actions at IETF.

View full abstract page.

  • Udo Steinegger, Cable & Wireless
  • Udo Steinegger has been working in the Cable & Wireless IP Engineering Group since 2000. He is responsible for designing parts of C&W\'s public IP network and portions of its MPLS VPN network. Udo\'s interests focus on MPLS-based technologies (L2/L3 VPNs, interconnections, QoS, etc.), and extending/operating C&W\'s IXP (INXS). Prior to working for Cable & Wireless, Udo worked for a small local telco in southern Germany, and previously studied computer science.
youtubeMethods of Interconnecting MPLS Networks
pdfUdo Steinegger Presentation(PDF)
2:00pm - 2:30pmGrand Ballroom

Implementing Global Network Mobility Using BGP

Traditional approaches to IP mobility target host mobility, rather than mobile networks per se. Providing internet access on mobile platforms where hosts (which may number in the hundreds) remain relatively stationary with regards to the platform presents a set of problems that has not been addressed by traditional IP mobility solutions. This presentation describes a technique that allows intercontinental mobility of networks aboard aircraft that does not require either any modifications to the TCP/IP protocol stacks of the hosts on board the aircraft, or interaction from the end-user of this device. Mobility is accomplished by means of selective advertising and withdrawing prefixes at satellite earth stations as aircraft transit the globe. This topic will be of interest to all service providers, as our actions impact the global routing table.

View full abstract page.

  • Benjamin Abarbanel, Boeing
  • Benjamin Abarbanel holds a BS degree in Electrical Engineering from the University of Maryland. Ben has 25 years of data networking experience at General Electric, Sprint, Alcatel, Marconi, some startups, and now at Boeing. Throughout his career, he has held a variety of product development positions in developing small- to large-scale IP routers, as well as frame relay, and ATM switches. He has been involved in developing and deploying various routing and network-related protocols such as BGP, ISIS, OSPF, MPLS, frame relay, ATM, SNMP, and others. For several years, Ben has been an active member in the IETF Inter-Domain Working Group and contributed to a number of Internet-Drafts. His recent focus has been to develop and deploy the IP mobility solutions for inflight applications for ConneXion by Boeing.
pdfBenjamin Abarbanel Presentation(PDF)
youtubeImplementing Global Network Mobility Using BGP
2:30pm - 3:00pmGrand BallroomVPN Isolation - Limits and LinksSpeakers:
  • Sue Hares, NextHop.
pdfSue Hares Presentation(PDF)
youtubeVPN Isolation - Limits and Links
3:00pm - 3:30pm Break
3:30pm - 4:00pmGrand Ballroom

Happy Packets - Initial Results

As routing researchers, we frequently hear comments such as: <UL> <LI> Internet routing is fragile, collapsing...</LI> <LI> BGP is broken or is not working well</LI> <LI> Yesterday was a bad routing day on the Internet,</LI> Change X to protocol Y will improve routing <BR><BR></LI> </UL> And we often measure routing dynamics and say that some measurement is better or worse than another. But what is \'good\' routing? How can we say one measurement shows routing is better than another unless we have metrics for routing quality? We often work on the assumption that number of prefixes, speed or completeness of convergence, etc., are measures of routing quality. But are these real measures of quality? <BR><BR> Perhaps because I am also an operator I think the measure that counts is whether the customers\' packets reach their intended destinations. If the customers\' packets are happy, the routing system (and other components) are doing their job. Therefore, I contend that, for the most part, we should be judging control plane quality by measuring the data plane. And we have well defined metrics for the data plane: delay, drop, jitter, reordering, etc. We also have tools with which to measure them. <BR><BR> It is not clear that happy packets require routing convergence as we speak of it today. If there is better routing information near the destination than at the source, maybe there is sufficient information near the source to get the packets to the better informed space. This is not that unlike routing proposals, such as Nimrod, where more detail is hidden the further you get from the announcer. If the routing system is noisy, i.e., there is is lot of routing traffic, that may not really be a bad thing. <BR><BR> We know convergence time can be reduced if announcement throttling (MRAI) is lessened. As long as network growth increases load on the routers below Moore\'s law, it is not clear we are in danger. This talk presents results of six months of measurements using multiple globally widespread streams directed at a multi-homed routing beacon.

View full abstract page.

  • Randy Bush, IIJ
  • Randy Bush works as Principal Scientist at Internet Initiative Japan. Previously he spent a bit over a year at AT&T doing research and working on network architecture. He got some operational experience from being on the founding team at Verio, a backbone provider, from which he graduated as VP of Networking after five years. Before that, he was the principal engineer of RAINet, an ISP in Oregon and Washington, which was Verio\'s first acquisition. As PI for the Network Startup Resource Center, an NSF-supported pro bono effort, he has been involved for some years with the deployment and integration of appropriate networking technology in the developing world.
  • Tim Griffin, Intel Research.
  • Zhuoqing Mao, University of Michigan.
  • Eric Purpus, University of Oregon.
  • Dan Stutzbach, University of Oregon.
youtubeHappy Packets - Initial Results
pdfRandy Bush Presentation(PDF)
4:00pm - 5:00pmGrand Ballroom

Research Forum: 10 Gbps Line Speed Programmable Hardware for Open Source Network Processing Applications

We present the latest results of our NSF-sponsored research project to extend our existing 1-Gbps PCI-based traffic processing hardware to 10 Gbps. The PCI card has two Ethernet ports and acts as a line speed Ethernet bridge with sub-microsecond latency. The card can be programmed with a large number of predefined stateful signatures that identify which packets are to be captured and/or blocked at line speed. Blocking/monitoring rules (specified as either Snort 2.x rules or BPF expressions) can be uploaded/modified in real-time by the host through the PCI without interrupting the packet flow. The hardware has been designed to easily integrate with existing open source monitoring software. Using our approach, all existing sniffing applications, such as tcpdump, Snort, etc., can transparently benefit from the hardware line-speed acceleration without modification (as they see our hardware as a standard NIC in promiscuous mode). Preliminary data indicates that a 10 Gbps version of our PCI traffic processing hardware (to be built later this year) is feasible at a surprisingly low cost. With our innovative design, the use of a XILINX virtexII-Pro FPGA and existing off-the-shelf components allows processing of approximately 625 Snort-like signatures at 10 Gbps line-speed with sub-microsecond latency. The increase in the number of rules scales linearly with the addition of FPGAs; thus, a 2-FPGA board would hold approximately 2*625 (1250) signatures, etc.. The programmable nature of this hardware technology can easily be adapted, modified and enhanced to accommodate new user-defined functions. An open-source hardware library of line-speed functions (common to both 1 Gbps and 10 Gbps) that go beyond the current capability is currently being worked on by a small research group. We hope to stimulate an exchange of ideas on the subject with the NANOG community. In particular, we hope to find out how to facilitate the adoption of this powerful new concept in an open-source, operational environment.

View full abstract page.
  • Livio Ricciulli, Metanetworks.
pdfLivio Ricciulli Presentation(PDF)
youtubeResearch Forum: 10 Gbps Line Speed Programmable Hardware for Open Source Network Processing Applications
4:00pm - 5:00pmGrand Ballroom

Research Forum: Predicting Public Internet Growth With Classical Economic Theory, or, The Wealth of Networks

Like the fixed telecom infrastructure that connects most users to the Internet, the international distribution of publicly routed IPv4 addresses (based on the national registration of their originating AS, using partially corrected/updated whois data) is fairly closely predicted by national gross domestic product (GDP). This statistical observation is consistent with well-known facts about the extra-national use (i.e., outside of their country of reported allocation) of IP and AS numbers across highly developed countries because, like \"national\" IP and AS accounting, \"national\" GDP calculations implicitly encompass many of the international productive assets of locally incorporated firms. Additionally, inter-domain routing for public Internet services remains highly nation-centric in heavily regulated telecommunications markets. In such cases (still the norm in many parts of the world), the extension of national telecom monopoly control to layer 3 effectively creates national Autonomous Routing Domains (ARDs), with the national telecom monopoly serving as a barrier between domestic and international inter-domain routing. National GDP is not a good predictor of public AS numbers. However, a simple two-variable interaction model using national GDP and national AS numbers very closely parallels the global landscape of publicly routed IP. All things (e.g., GDP, fixed telecom infrastructure) remaining equal, more AS numbers in use by a national economy leads nonlinearly to the accumulation of more Internet resources by those same Autonomous Systems, as measured by public routed IP. One interpretation of this statistical observation is that ASes introduce the element of specialization into the global Internet growth equation. This is intuitively plausible since ASes enable network operators to exercise beneficial control over shared and wholly-owned telecom resources, assembling them into logical systems to achieve specific institutional (usually commercial) goals. The role of specialization, exchange, and competition in facilitating resource accumulation was first observed by Adam Smith in The Wealth of Nations (1776). Smith theorized that systems of specialized, interacting, and competing units constitute a more efficient form of economic organization than unicellular and undifferentiated systems of similar size. This efficiency takes the form of accelerated capital formation and accumulation, which in turn contributes to further innovation and specialization, and to higher standards or living. The global distribution of Internet resources seems to be consistent with Smith\'s vision of economic organization. A variety of factors may complicate or contradict this finding. For example, the use of IPv4 address and AS number accounting to quantify Internet resource production could be disputed on a variety of empirical grounds (varying national patterns of NAT and IPv6, the existence of ARDs larger and smaller than individual AS numbers, etc.). The author hopes to solicit operationally-grounded comments from the NANOG community to inform ongoing work on a general theory of IP economics.

View full abstract page.
  • Tom Vest, eyeconomics.com.
youtubePredicting Public Internet Growth With Classical Economic Theory, or,
5:00pm - 7:00pmCalifornia East/West, 2nd FloorBeer n GearSpeakers:
  • Sponsors Alcatel; Arbor Networks; Cariden; Cisco Systems; Internap; Juniper Networks; Laurel Networks; Packet Design; Redback Networks; Seranoa Networks, None.
7:30pm - 9:00pmColonial

ISP Security and NSP-SEC BOF VI

Security incidents are a daily event for Internet Service Providers. Attacks on an ISP\'s customers, attacks from an ISP\'s customer, worms, BOTNETs, and attacks on the ISP\'s infrastructure are now one of many \"security\" NOC tickets through out the day. This increase in the volume and intensity of attacks has forced ISP\'s to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face sync up meeting for the NSP-SEC forum (see <A HREF=\"https://puck.nether.net/mailman/listinfo/nsp-security\" TARGET=\"_BLANK\">https://puck.nether.net/mailman/listinfo/nsp-security</A>) <BR><BR> The agenda for the BOF follows: <UL> <LI> Barry Dykes/Viawest: DOS/Security Incident Handling (~10 minutes) </LI> <LI> Roland Dobbins/Cisco IT: DOS/Security Incident Handling (~10 minutes) </LI> <LI> Michael Bailey & Evan Cooke/UoM: IMS (~15 minutes) </LI> <LI> Blaine Christian/MCI:TTL Filterings (~15 minutes) </LI> <LI> Dave Ward/Cisco: BGP over IPSEC (~15 minutes) </LI> <LI> Wendy Garvin/Cisco PSIRT: TCP Vulnerability (~15 minutes) </LI> <LI> Chairs/Open Discussion: TCP Vulnerability Q & A (~15 minutes) </LI> <LI> Patrick Gilmore/Open Discussion: Responding to Vulnerability Rumors (~15 minutes) </LI> <LI> Open Floor for Discussions </LI> </UL>

View full abstract page.
  • Merike Kaeo, Double Shot Security.
  • Danny McPherson, Arbor Networks.
9:00pm - 10:30pmItalian FoyerPGP Key Signing PartySpeakers:
  • Joe Abley, ISC.
9:00pm - 10:30pmGeorgian

What Does NANOG Want the IETF to Do?

The <A HREF=\"http://www.ietf.org/\" TARGET=\"_BLANK\">Internet Engineering Task Force</A> is making standards for the Internet. It is not always clear that these standards are improving the situation for those who run the Internet infrastructure. This session gives you a chance to tell some of the people who run the IETF what you would like to see the IETF do in order to make the Internet work better.

View full abstract page.

  • Harald Alvestrand, Cisco Systems
  • Harald Alvestrand was born in Norway in 1959, and graduated from the Norwegian Institute of Technology in 1984. He has worked for Norsk Data, UNINETT (the University Network of Norway), EDB Maxware and, since 2000, for Cisco Systems. His current title is Cisco Fellow. Harald has been active in Internet standardization since 1991, and has written a number of RFCs. He has been an area director of Applications and of Operations & Management in the IETF, as well as a member of the IAB, and is currently serving as IETF Chair.

  • Alex Zinin, Alcatel
  • Alex Zinin currently works at Alcatel as a Principle Engineer in the Office of the CTO NA, helping the company with IP routing. Before Alcatel, Alex worked for Nexsi as a routing software architect, and for Cisco as a routing escalation engineer in the ISP team, helping US service providers. Before Cisco, he worked as a consulting engineer and instructor at AMT Group, Russia, and as a lead engineer at Center Group, Russia. Alex has been active in the IETF since mid-90\'s, with a primary focus on routing, and has authored several RFCs. Since 2002, Alex has been working as the IETF Routing Area co-Director. He was also a co-director of the Sub-IP area.
Tuesday, May 25 2004
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
8:00am - 9:00amItalian FoyerContinental Breakfast
9:00am - 9:30amGrand Ballroom

Appropriate Layer 2 Interconnection Between IXPs

There is an increasing demand for interconnection at layer 2 between diverse network operators. The drivers for this are often economic rather than technical. There are, however, operational problems which arise from connecting distinctly-managed Ethernet switch infrastructures at layer 2. These include risks such as broadcast storms, which have led to a number of past incidents at various internet exchanges. There are also service-level-affecting issues such as providing resilience within the limitations of spanning-tree, problem diagnosis, and fault resolution. Where the interconnecting IXPs are located in the same facilities within a metro area (i.e. they are \"coterminous\"), there can be significant advantages from interconnecting them using native Ethernet. These include increasing peering opportunities and \"critical mass\" for their participants, reducing overall latency, and better localisation of traffic. Services which allow interconnection and extension of non-coterminous layer-2 IXP fabrics over long-haul distances are increasingly available. Although these appear to offer a cost-effective alternative to conventional IP peering and transit arrangements, the issues outlined above lead to more acute risks and problems than the coterminous case. In particular, use of non-native Ethernet circuit technology such as tunnelling and/or over limited capacity links can impose performance constraints and increase latency. There are also significant scaling issues with use of conventional MAC-broadcast based IP address resolution techniques, and non-global circuit identifier space. In late 2002, XchangePoint, a commercial competitive IXP operator, and LoNAP, a mutual membership IXP association, interconnected their coterminous exchanges in London. Several potential interconnection models and their advantages and disadvantages were considered. A VLAN-based approach has been employed which contains many of the operational risks, flexibly addresses participant requirements, and has some minor limitations. The formal interconnection agreement arrived at covers commercial, service level, AUP and operational implementation details, and the approach is likely of more widespread interest and use. The operational experiences of connecting two established coterminous Internet Exchanges have demonstrated when and how with appropriate design this type of layer-2 interconnection can be made to work, but have also highlighted the limitations that make non-coterminous interconnect much more problematic.

View full abstract page.

  • Keith Mitchell, XchangePoint
  • Keith Mitchell is Founder and CTO of XchangePoint, a commercial operator of Internet peering and transit interconnect services in multiple European cities, and was Executive Chairman of LINX from its inception until September 2000.
youtubeAppropriate Layer 2 Interconnection Between IXPs
pdfKeith Mitchell Presentation(PDF)
9:30am - 10:00amGrand Ballroom

Evolution of the U.S. Peering Ecosystem

A new Internet peering ecosystem is rising from the ashes of the 1999/2000 U.S. telecommunications sector crash. Global Internet transit providers have gone bust and a critical broadband infrastructure provider has failed, leaving in its wake a large set of Internet players to fend for themselves to provide their customers with Internet services. A broad set of service providers that were once focused only on growing their market share (at any cost) now are bending down to shave pennies off of their cost structure. Those who cannot prove the viability of their business model while satisfying their customer demands are out of business. In this presentation, we share research carried out over the last four years with hundreds of Peering Coordinators to document the recent chaotic evolution of the peering ecosystem. We do this by first defining the notion of an \"Internet Peering Ecosystem\" as a set of autonomous Internet Regions, each with three distinct categories of participants. Each of these groups of participants has their own sets of characteristics, motivations and corresponding behaviors and interconnection dynamics. We describe four classes of Peering Inclinations as articulated in Peering Policies. The bulk of the presentation, however, focuses on the evolution of the U.S. Peering Ecosystem. Several key players, some abandoned by their service providers, have entered into the Peering Ecosystem and caused a significant disruption to the ecosystem. Peer-to-peer application traffic has grown to represent a significant portion of their expense. We describe five major events and three emerging evolutions in the Peering Ecosystem that have had, and continue to have, a significant disintermediation effect on Tier 1 ISPs.

View full abstract page.

  • Bill Norton, Equinix
  • William B. Norton has held the position of Co-Founder and Chief Technical Liaison for Equinix for the past six years, focusing on Internet research relating to peering and interconnections. Many of his white papers are publicly available and currently in use in college curricula around the globe.
youtubeEvolution of the U.S. Peering Ecosystem
pdfWilliam Norton - Peering Ecosystem paper(PDF)
pdfWilliam Norton Slides(PDF)
10:00am - 10:30am Break
10:30am - 11:00amGrand Ballroom

IPv6 IPv4 Threat Comparison

IPv6 is seeing increased deployments worldwide and is expected to ramp up significantly with the U.S. Department of Defense mandate of IPv6 by 2008. Much of the existing security discussion around IPv6 has focused on its inclusion of IPsec. While the confidentiality, integrity, and authentication features of IPsec are clearly useful, IPSec deployment will suffer many of the same deployment challenges as are currently seen in IPv4 (identity, key management, and configuration issues). <BR><BR> This session will present IPv6 security as contrasted with IPv4 from a threats perspective. Common threats you may be familiar with in IPv4 will be compared to how those threats may evolve in IPv6 and what new considerations or best practices will be necessary to mitigate these threats. Potential best practices for the use of IPv6 in a dual-stack mode in an enterprise Internet edge will be presented as well. <BR><BR> A detailed paper on the threat comparison is available at: <BR><BR> <A HREF=\"http://www.cisco.com/security_services/ciag/documents/v6-v4-threats.pdf\">http://www.cisco.com/security_services/ciag/documents/v6-v4-threats.pdf</A>

View full abstract page.

  • Sean Convery, Cisco
  • Sean Convery is a security architect at Cisco Systems, focusing on new security technologies. Sean\'s first book, Network Security Architectures (Cisco Press, 2004), was recently published and details secure network design methods. He has been with Cisco for six years and was the principle architect of the original Cisco SAFE Security Blueprint, as well as author of several of its white papers.

  • Darrin Miller, Cisco Systems
  • Darin Miller is a security researcher in Cisco\'s Critical Infrastructure Assurance Group (CIAG). Before coming to the CIAG, Darrin worked primarily as a consulting systems engineer, where he worked with large corporations on network security architecture. He has written and contributed to several whitepapers on the subject of network security. Prior to his five years at Cisco, Darrin held various positions in both IT and security consulting during his 15 years in networking.
pdfDarrin Miller Presentation(PDF)
youtubeIPv6 IPv4 Threat Comparison
11:00am - 12:00pmGrand BallroomNetwork Augmentation Panel: Experiences in Adding IPv6 Services & Support to Existing IPv4 NetworksModerators:

  • Bill Manning, USC
  • Bill Manning has been involved in networking since 1979, when he joined Texas Instruments to build out its global IP network. He then joined Rice University and was part of the team that built and ran SESQUINET. Bill was instrumental in the migration of MIDNET and SESQUINET from NSFNET regional networks to commercial networks. Currently a member of the research staff at USC\'s Information Sciences Institute, his primary technical interests have been in network operations and naming systems. Bill is active in the IETF and IEPG as an individual participant, working group chair, and code developer.

  • Ed Lewis, ARIN
  • Edward Lewis is the Research Engineer for ARIN. He has been involved in DNS and DNSSEC Working Groups in the IETF since 1996 and was a co-chair of the recently concluded Provisioning Registry Protocol Working Group. He dropped his first IPv6 packets \"on the floor\" as a 6bone participant a few years ago for a previous employer.

  • Rob Rockell, Sprint
  • Rob Rockell works in the IP Design organization at Sprint. He\'s been there since a T1 was considered a fat pipe.

  • Brent Sweeny, Internet2 NOC
  • Brent Sweeny has been working with networked computers at Indiana University since the 1970s, starting with PLATO, then DECnet, then ARPAnet, NSFnet, the NSF regionals (CICnet), since its inception in 1998 the Internet2 Abilene network, and now the National LambdaRail. Indiana University houses the Abilene NOC and its operational network engineering group, where Brent is a network engineer.
pdfBrent Sweeny Presentation(PDF)
pdfEd Lewis Presentation(PDF)
youtubeNetwork Augmentation Panel: Experiences in Adding IPv6 Services & Support to Existing IPv4 Networks
pdfRob Rockell Presentation(PDF)
12:00pm - 1:30pm Lunch
1:30pm - 2:00pmGrand Ballroom

Coherent Naming Schemes: A Case Study

In the first part of 2004, Tufts University planned and implemented a new naming methodology to be used across all network devices and interfaces. During the planning discussions, the group came up with several interesting guidelines and methodologies for creating an extensible, comprehensible, and self-documenting network naming scheme. We have since changed over to the new naming scheme, and have already seen productivity benefits. Topics to be covered in the talk include a summary of the problem, methodology, results, and lessons learned.

View full abstract page.

  • Matthew F. Ringel, Tufts University
  • Matthew F. Ringel is currently a Senior Network Engineer for Tufts University. His group is responsible for the care and feeding of all network devices over several campuses, as well as network design and planning. In the past, he has worked at Akamai Technologies as a network engineer, and at Navisite as the systems manager for its NOC. One of Matthew\'s current interests in the networking realm is the theory of network operations, and the analysis of best current operational practices as they fit into a larger theoretical model. He graduated with a B.S. in Computer Science from Columbia University in the City of New York.
youtubeCoherent Naming Schemes: A Case Study
pdfMatthew F. Ringel Presentation(PDF)
2:00pm - 2:30pmGrand Ballroom

Case Studies in Intra-Domain Routing Instability

Routing instability has been one of the most interesting topics for both network operators and researchers for years. While many efforts have focused on inter-domain routing instability, studies of intra-domain routing are quite limited. Most network operators still do not have enough knowledge about how frequently intra-domain routing instability can occur on their networks, and how the instability can affect the networks. <BR><BR> This presentation aims to help network operators get a clearer understanding of intra-domain routing instability. Firstly, we present the results of two case studies. By analyzing routing messages collected on two networks, the WIDE Internet and the APAN Tokyo-XP, over a three-year period, we will show that although network operators hardly notice, intra-domain routing instability can occur, sometimes frequently, on service networks. Following the statistical results, we estimate the impact that such instability brings to the network and summarize the causes found to account for the observed instability. We will also show a self-developed monitoring system (will be released in May 2004) which can be used for detecting routing instability in real-time. <BR><BR> The second part of this talk focuses on troubleshooting routing instability problems. As most routing flaps occur intermittently, finding the right causes has been a hard task for network operators. We propose a method of collecting data for troubleshooting which is based on an event-driven model. We will show what kind of data is useful for troubleshooting and how to use the collected data to isolate root causes of the detected instability. <BR><BR> We answer the following questions in this presentation. <OL> <LI> What is intra-domain routing instability like?</LI> <LI> How frequently can intra-domain routing instability occur on a service network and affect the network?</LI> <LI> How can one efficiently detect routing instability with our monitoring system?</LI> <LI> What are the most likely causes of routing instability?</LI> <LI> How can one troubleshoot routing instability problems? <BR><BR></LI> </OL> We would also like to ask more network operators to analyze their own networks with our system and give us more feedback.

View full abstract page.

  • Zhang Shu, Nat\'l. Institute of Information and Communications Technology, Japan
  • Zhang Shu is a researcher at the National Institute of Information and Communications Technology, Japan. He received a B.E. degree from Waseda University in 1996, and M.E. and Ph.D. degrees from Nara Institute of Science and Technology in 1999 and 2003, respectively. His research interests include routing, MPLS, and network management. He used to be one of the operators of the WIDE Internet and now is contributing to the operation of the APAN Tokyo-XP network. He is a member of the WIDE Project.
youtubeCase Studies in Intra-Domain Routing Instability
pdfZhang Shu Presentation(PDF)
2:30pm - 3:00pmGrand Ballroom

Tulip: A Tool for Locating Performance Problems Along Internet Paths

Diagnosing performance faults on Internet paths is a difficult and time-consuming task for which there is little operational support, especially when the paths cross multiple ISPs. Standard tools such as traceroute test connectivity but do not pinpoint the lossy or congested segments of the path; performance tools such as pathchar are often bandwidth-intensive or inaccurate over long paths. <BR><BR> In this talk, we describe tulip, a new tool to diagnose performance problems on Internet paths from the host running the tool to arbitrary IP destinations. Like traceroute, tulip requires no special privileges at the routers along the path. It uses two prevalent but little exploited router features: ICMP timestamps and IP identifiers. ICMP timestamps yield remote timing information that enables the location of congestion to be estimated. IP identifiers yield remote ordering information that enables the location of loss and reordering to be estimated. On most paths we have measured tulip can narrow the region of loss and reordering to within three hops and congestion to within four hops. <BR><BR> We are particularly interested in better understanding the operational needs for diagnostic support and the utility of tools such as tulip to ISPs. As an example of the possibilities in this space, we will describe simple, backwards-compatible changes to routers that enable more efficient and more accurate diagnostic tools that our work on tulip helped to identify. <BR><BR> The tulip tool and a research paper describing our work can be found at: <BR><BR> <A HREF=\"http://www.cs.washington.edu/research/networking/tulip/\" TARGET=\"_BLANK\">http://www.cs.washington.edu/research/networking/tulip/</A>

View full abstract page.
  • Thomas Anderson, University of Washington.
  • Ratul Mahajan, University of Washington
  • Ratul Mahajan received a B.Tech. degree from the Indian Institute of Technology, Delhi, India, and an M.S. degree from the University of Washington. He is currently pursuing a Ph.D. degree at the University of Washington. His research interests span the entire range of internetworking-related topics. His past work includes a study of global routing configuration errors and discovering Internet topology and routing policies.
  • Neil Spring, University of Washington.
  • David Wetherall, University of Washington.
pdfRatul Mahajan - TULIP(PDF)
youtubeTulip: A Tool for Locating Performance Problems Along Internet Paths
3:00pm - 3:15pm Break
3:15pm - 3:35pmGrand Ballroom

Near Real-Time Publication of Allocated Netblocks

At the April 2004 ARIN meeting in Vancouver, there was a discussion of how ARIN and other Regional Internet Registries could provide near-real-time data on which netblocks have been allocated to help enable network and service operators to filter traffic coming from unallocated space. ARIN would like more participation and input from NANOG on how such a service should be implemented.

View full abstract page.

  • Leo Bicknell, ARIN Advisory Council
  • Leo Bicknell is an ARIN Advisory Council member and currently works for Abovenet as a Network Engineer and Peeering Coordinator. He has been with Abovenet since 1998.
  • Cathy Wittbrodt, Daydream Imagery.
pdfLeo Bicknell Presentation(PDF)
youtubeNear Real-Time Publication of Allocated Netblocks
3:35pm - 4:05pmGrand Ballroom

Preparing RIR Allocation Data for Network Security Analysis Tasks

CERT\'s Network Situational Awareness group uses data from the regional registries\' allocation databases to supplement the analysis of network security incident data. The aim of this effort is to build a single allocation tree view of the IPv4 address space so that events may be aggregated by source and destination network. We are building a tool chain to automate the preparation of RIR data for this purpose. This presentation addresses the techniques used by these tools, including: <OL> <LI> Detection and resolution of conflicting information between registries. <BR><BR></LI> <LI> Detection and correction of \"eroded\" ranges in reassignment records (e.g., a reassigned /24 appearing as the range x.y.z.(0,1) - x.y.z.(254,255), which causes problems with our CIDR block-centric view of the world). <BR><BR></LI> <LI> Detection (and, if possible, correction) of errors in the allocation data, including: <UL> <LI> corrupted record metadata (modification dates, etc.) </LI> <LI> corrupted ranges (clear errors in allocations. e.g., a reassigned /29 appearing as x.y.z.0 - x.y.z+1.7) </LI> <LI>range hierarchy \"inversions\" (a range that overlaps another such that a.start < b.start < a.end < b.end; indicative of a stale record or a corrupted range) <BR><BR></LI> </UL> </LI> </OL> Work to date suggests that automated tools will be able to correct all but a handful of irregularities in the source data. A process for reporting these irregularities back to the regional registries for correction or clarification may also be of some use to the Internet community at large.

View full abstract page.

  • Brian Trammell, CERT
  • Brian Trammell is a Member of the Technical Staff on the CERT Network Situational Awareness team in Pittsburgh, Pennsylvania. His current work includes the design and implementation of network security data collection and analysis tools. Brian holds a B.S. in Computer Science from the Georgia Institute of Technology.
pdfBrian Trammell Presentation(PDF)
youtubePreparing RIR Allocation Data for Network Security Analysis Tasks
4:05pm - 4:20pmGrand Ballroom

Integrated Security for SNMP-Based Management

A long-standing operational issue with the security added to SNMPv3 is the fact that it does not integrate with existing security infrastructures, i.e., password and account databases. Although SNMPv3 was the first SNMP version that added security to the protocol, there have been reservations about deploying it because it\'s \"yet another user database to maintain.\" The author (and others) are looking into creating an add-on security extention to the SNMPv3 protocol that will better integrate with your existing security infrastructure. In this presentation, the author will be soliciting feedback about whether this work is important to the operational community and which security infrastructures are most important to target (RADIUS, local accounts, X.509 certificates, SSH, Kerberos, etc). <STRONG>The feedback obtained from the operational community will directly impact whether the work progresses and what requirements it must fulfill to be considered complete </STRONG> - we appreciate your input!

View full abstract page.

  • Wes Hardaker, Sparta
  • Wes Hardaker is a Senior Research Scientist working for Sparta, Inc. His work focuses on network security research and secure network management. Wes\'s currently focuses on managing security policy within large complex networks implementing policies that are enforced using IPsec security services. He is the lead developer of the Net-SNMP open source network management package, as well as multiple other open source network management packages. Wes is also actively involved within the IETF and is helping define new security and network management protocols and standards.
youtubeIntegrated Security for SNMP-Based Management
pdfWes Hardaker Presentation(PDF)
4:20pm - 4:30pmGrand BallroomClosing RemarksSpeakers:
  • Susan Harris, Merit Network.
pdfSusan's final presentation(PDF)


^ Back to Top