^ Top

NANOG Meeting Presentation Abstract

Tutorial: BGP Techniques for Service Providers
Meeting: NANOG22
Date / Time: 2001-05-20 1:30pm - 3:00pm
Room: Center Ballroom
Presenters: Speakers:

Phil Smith, Cisco Systems

Philip Smith has been with Cisco Systems for three years. He is part of the Internet Architectures Group, which is led by the CTO for Consulting Engineering. His role includes working with many ISPs in the Asia Pacific region, specifically in network design, configuration, and scaling, as well as providing training through an extensive ISP Workshop program.<BR> <BR> Prior to joining Cisco, Philip spent five years in several key network engineering and operations roles at PIPEX (now part of UUNET\'s global ISP business), the UK\'s first commercial Internet Service Provider. He was one of the first engineers working in the commercial Internet in the UK, and played a key role in building the modern Internet in Europe.
Abstract: This tutorial introduces service providers to some more advanced BGP features and techniques to aid with operating their networks within the Internet. After a brief recap of iBGP, eBGP and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and examine policy options available through the use of local preference, MED and communities. The tutorial will then briefly cover some basic multihoming techniques, before finishing with a look at some of the facilities available for debugging problems in BGP networks.
Files: youtubeBGP Techniques for Service Providers
Sponsors: None.
Tutorial: Basic ISP Traffic Engineering Tools and Practices
Meeting: NANOG22
Date / Time: 2001-05-20 1:30pm - 3:00pm
Room: North Ballroom
Presenters: Speakers:

John Brown, Chagres Technologies

Now at Chagres Technologies, John Brown has over five years experience in dealing with traffic flows and engineering issues for small providers and end users. Mr. Brown was the former CTO of iHighway.net, a rural ISP, and has presented at various forums, including NANOG, ARIN, ICANN, the U.S. Congress, and the FCC.
Abstract: This session focuses on tools that will help small or rural ISPs with traffic engineering management for inbound and outbound flows. Tools to be covered include:

  • Cflow

  • NetFlow

  • FlowScan

  • RRDTool / MRTG

  • TraceRoute / Ping / Bing / PathChar

  • SNMP (including security issues)

Files: youtubeBasic ISP Traffic Engineering Tools and Practices
Sponsors: None.
Tutorial: ARIN Policies and Guidelines
Meeting: NANOG22
Date / Time: 2001-05-20 3:30pm - 5:00pm
Room: North Ballroom
Presenters: Speakers:

Richard Jimmerson, ARIN

Richard Jimmerson is Director of Operations at ARIN.
Abstract: This tutorial covers all aspects of current ARIN (American Registry for Internet Numbers) policies and guidelines for obtaining IP address space and AS numbers. The session also explains the Policy Evaluation process, giving attendees who are interested in changing current ARIN policies or proposing new ones an opportunity to talk directly with members of the ARIN staff.
Files: youtubeARIN Policies and Guidelines
pptARIN Policies and Guidelines(PPT)
Sponsors: None.
Estimating Global Denial-of-Service Activity
Meeting: NANOG22
Date / Time: 2001-05-21 9:15am - 9:45am
Room: Forum Hall
Presenters: Speakers:
Stefan Savage, UCSD/Asta Networks.
David Moore, CAIDA/CAIMIS.
Geoff Voelker, UCSD CSE.
Abstract: A few highly publicized incidents have demonstrated the threat posed by denial-of-service attacks, but the community has no current, quantitative data about how serious a problem this actually is. Moreover, collecting such information is complicated by the distributed nature of attacks and concerns about privacy.



To this end, we have implemented a new technique, called \"backscatter analysis,\" that allows us to observe worldwide denial-of-service activity without requiring widespread cooperation. Over the course of several weeks we observe several thousand DoS attacks, measure their behavior, duration, topological and geography locality, and characterize what types of sites are victimized most often.
Files: youtubeEstimating Global Denial-of-Service Activity
Sponsors: None.
Observations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
Meeting: NANOG22
Date / Time: 2001-05-21 9:45am - 10:15am
Room: Forum Hall
Presenters: Speakers:
Rob Malan, University of Michigan.
Farnam Jahanian, University of Michigan.
Jon Arnold, University of Michigan.
Matthew Smart, University of Michigan.
Paul Howell, Merit Network.
Russell Dwarshuis, Merit Network.
Jeff Ogden, Merit Network.
Jon Poland, Merit Network.
Abstract: This presentation summarizes over a year of operational experience in tracking denial-of-service attacks across a large regional ISP. We present measurements and observations on attacks ranging from small floods targeting dorm-room IRC servers, to all out, well-coordinated attacks against elements of the backbone infrastructure. In collaboration with backbone operations/engineering staff, we deployed analysis and probe machines at the peering points and major customer access points in a Michigan provider\'s network. The measurement infrastructure combined Netflow collection with network topology statistics to identify attack ingress points and trajectories. The presentation will highlight some of the operational challenges we faced as well the successes.
Files: youtubeObservations and Experiences Tracking Denial-Of-Service Attacks Across a Large Regional ISP
Sponsors: None.
Practical Approaches to Dealing with DDoS Attacks
Meeting: NANOG22
Date / Time: 2001-05-21 10:15am - 10:45am
Room: Forum Hall
Presenters: Speakers:

Massimiliano Poletto, Mazu Networks

Prior to co-founding Mazu, Poletto was a postdoctoral associate at the MIT Laboratory for Computer Science, where he collaborated on the modular packet processing architecture that has since evolved into the Mazu platform. He received a Ph.D. from MIT in 1999 for research on improving the performance of computer programs by allowing them to automatically adapt to changing run-time conditions. Poletto\'s work on compiler algorithms has been adopted by groups at Microsoft and IBM.
Abstract: Distributed denial of service (DDoS) attacks are really network operations and performance problems, rather than strictly security events. To effectively address these attacks, the network infrastructure must be able to quickly identify unusual packet streams at high rates and help operators move closer to the packets\' sources.



This talk will focus on novel anomaly-detection techniques developed to identify potential DDoS traffic. The analyses are triggered by congestion or unusual network traffic levels---the common characteristics of any network-based DoS attack. The analyses look at various parameters, ranging from IP addresses to packet payloads, to rapidly build \"dynamic signatures\" of high-volume traffic that is likely to be causing the anomaly. Since the analyses identify aggregate traffic properties, rather than looking for signatures of specific attack tools, they are fast and should remain effective even in the presence of new attack tools. When run on multiple devices deployed in strategic points throughout the network, the anomaly-detection analyses can be used in a distributed manner to quickly move closer to the source of an attack, pinpointing the networks from which the attack is originating.
Files: pptMassimiliano Poletto Presentation(PPT)
youtubePractical Approaches to Dealing with DDoS Attacks
Sponsors: None.
A Fine-Grained View of High-Performance Networking
Meeting: NANOG22
Date / Time: 2001-05-21 11:05am - 11:45am
Room: Forum Hall
Presenters: Speakers:

Steve Casner, Packet Design

Stephen L. Casner received his B.A. in Mathematics from Occidental College in 1973 and his M.S. in Computer Science from the University of Southern California in 1976, where he designed and implemented protocols and software for some of the earliest experiments with packet voice using the ARPAnet at USC\'s Information Sciences Institute. He took this work to the commercial arena with further development of packet-based audio and video technology for both conferencing and streaming applications at Precept Software, which was acquired by Cisco Systems. Currently at Packet Design, he is applying some of the same techniques in network performance measurement and analysis. He is also co-chairman of the Audio/Video Transport working group of the Internet Engineering Task Force. This group has developed the Real-time Transport Protocol (RTP) for packet audio and video as well as other real-time multicast and unicast applications. He was the primary organizer for the establishment of the worldwide Mbone in its initial experimental phase.
Cengiz Alaettinoglu, Packet Design.
Chia-Chee Kuan, Packet Design.
Abstract: Network operators have a fairly good idea about how well their networks are working on a macro level -- link downtime percentages, ping latencies, CPU utilization, etc. However, few have examined the fine-grained behavior of their networks. We have collected high-resolution (20 microseconds) jitter measurements on a wide-area backbone network for a duration of several weeks. Based on this data, we claim that today\'s wide-area backbone networks are ready to support applications such as circuit emulation over IP -- or they could be, as this example shows.



We observed that most of the time the jitter level is quite low, making the data very uniform. But very occasionally there are extremely interesting events that last from a few seconds to a few minutes. In particular, we detected sustained routing loops in IS-IS, which should not occur. We will show the surprising effect this has on the data, and examine some protocol anomalies that may have been the cause. If these rare problems are corrected, low-latency, low-loss Virtual Wire services can be supported.
Files: youtubeA Fine-Grained View of High-Performance Networking
pptSteve Casner Presentation(PPT)
Sponsors: None.
Some Initial Measurements of Prefix Length Phyltreing
Meeting: NANOG22
Date / Time: 2001-05-21 11:45am - 12:00pm
Room: Forum Hall
Presenters: Speakers:
Jennifer Rexford, AT&T.
Steve Bellovin, AT&T.
Randy Bush, None.
Abstract: Please see the following link for presentation slides:



http://ran.psg.com/~randy/010521.nanog/index.htm
Files: None.
Sponsors: None.
IPv4 Address Space Allocation and Usage Trends
Meeting: NANOG22
Date / Time: 2001-05-21 1:30pm - 1:50pm
Room: Forum Hall
Presenters: Speakers:

Scott Marcus, Genuity

Scott Marcus is the Chief Technology Officer for Genuity Inc. He has a strong interest in network design, forecasting, and capacity planning, and specializes in the technologies and economics of internetworking transmission systems. When GTE acquired the former BBN, he led the engineering design teams that created the initial design for Genuity\'s wide area data network, incorporating SONET/DWDM, TDM, ATM, Frame Relay, Internet and voice/VoIP services.<BR> <BR> Scott has contributed to the architecture and design of large internetworking systems for commercial service providers, carriers, corporate customers, and the U.S. government. He has served in a wide variety of roles at Genuity and its predecessor organizations, including systems architecture and engineering, capacity planning, legal and regulatory advocacy, sales, business development, consulting, and product architecture and design. He is a trustee of the American Registry of Internet Numbers (ARIN), Vice Chair of IEEE CNOM, and author of Designing Wide Area Networks and Internetworks: A Practical Guide.<BR> <BR> The analysis of IPv4 address depletion described in this presentation was sponsored by the Regional Internet Registries (RIRs): APNIC, ARIN, and RIPE NCC.
Abstract: IPv4 address space is critical to the operation of today\'s Internet, and exhaustion of the IPv4 address space was once thought to be likely in the mid-nineties. Nonetheless, few systematic studies of the rate of IPv4 depletion have been undertaken in the past five years. ARIN recently took the lead, with active support from APNIC and RIPE NCC, in establishing a small \"blue ribbon\" team to do quantitative analyses and forecasts of consumption of the identifiers that the RIRs (the Regional Internet Registries ARIN, APNIC and RIPE NCC) maintain, and to assess their impact on the global Internet, in support of policymakers in the RIRs and elsewhere. To that end, we are also working to standardize the format and semantics of RIR allocation data, and to make them available to other external researchers.



The rate of IPv4 allocation seems for now to be contained to single digit percentage expansion per year, with the rate of increase declining over time in the Americas (i.e. negative second derivative). Growth in the Asia Pacific region is, not surprisingly, trending upwards, but starting from a lower base.
Files: youtubeIPv4 Address Space Allocation and Usage Trends
pptScott Marcus Presentation(PPT)
Sponsors: None.
Progress With the DNS Security Extensions
Meeting: NANOG22
Date / Time: 2001-05-21 1:50pm - 2:20pm
Room: Forum Hall
Presenters: Speakers:

Edward Lewis, TISlabs

Since summer 2000, six hands-on workshops have been held to test drive the DNS Security Extensions. One of these workshops followed NANOG 20. A number of software fixes, protocol issues, and operational issues have been identified and discussed. The presentation summarizes the lessons learned and future direction of the DNSSEC effort.
Abstract: Since summer 2000, six hands-on workshops have been held to test drive the DNS Security Extensions. One of these workshops followed NANOG 20. A number of software fixes, protocol issues, and operational issues have been identified and discussed. The presentation summarizes the lessons learned and future direction of the DNSSEC effort.
Files: pptEd Lewis Presentation(PPT)
youtubeProgress With the DNS Security Extensions
Sponsors: None.
Tutorial: Introduction to IP Multicast Practice
Meeting: NANOG22
Date / Time: 2001-05-21 3:30pm - 5:00pm
Room: Forum Hall
Presenters: Speakers:

Bill Nickless, Argonne National Lab

Bill Nickless works for the Mathematics and Computer Science Division of Argonne National Laboratory. He has been working for the past 1.5 years with the Access Grid project, which fundamentally depends on IP multicast service for success. During that time he has helped bring up multicast service at sites ranging from National Laboratories to Native American Tribal Colleges. He is also active in the IETF MSDP and MBONED working groups, and is the author of an Internet Draft covering the topics presented in this tutorial.
Abstract: This tutorial is an introduction to current IP multicast practice, with an emphasis on inter-domain routing (especially inter-Autonomous System peerings.) The session will cover the M-BGP, MSDP, PIM Sparse Mode, and IGMP protocols, and how these protocols interoperate to provide scalable IP multicast service. Both the Any Source Multicast (ASM) and Source Specific Multicast (SSM) multicast service models will be discussed.
Files: pptBill Nickless Presentation(PPT)
youtubeIntroduction to IP Multicast Practice
Sponsors: None.
Tutorial: SNMP Update
Meeting: NANOG22
Date / Time: 2001-05-21 3:30pm - 5:00pm
Room: Bouchon Room
Presenters: Speakers:

Jeff Case, SNMP Research International

Dr. Jeffrey Case is Founder and Chief Technical Officer at SNMP Research, Inc. He leads the development of network system and application management products based on the Simple Network Management Protocol, related standards, and Web technologies. In the 20th anniversary issue of Data Communications magazine, Case was named as one of the twenty most influential people in networking. He is the author or co-author of many standards for Internet management, including SNMP version 1, SNMP version 2, SNMP version 3, and related specifications. Case has a Ph.D. in computer science from the University of Illinois.
Abstract: This tutorial provides an update on recent and contemplated improvements to the Internet Standard Management Framework based on the Simple Network Management Protocol (SNMP) and the Management Information Base (MIB).



Attendees should have at least an introductory-level knowledge of SNMP and MIBs. Topics include:

  1. Differences between SNMPv1, SNMPv2c, and SNMPv3

    • Advantages of SNMPv3 over SNMPv1 and SNMPv2c

    • Disadvantages of SNMPv3





  2. Recent and Ongoing IETF Work Items
  3. SNMP-based Configuration Management

    • Policy MIB Module



  4. EOS Working Group: Evolution of SNMP
  5. SMIng Working Group: Evolution of the Structure of
  6. Management Info
    Distributed Management Working Group (DISMAN)

  7. MIB definitions





  8. A brief look at the relationship between SNMP/MIBs vis-a-vis

    • DMI/MIFs

    • CIM/MOFs

    • COPS/PIBs




SNMP fans are also invited to attend the IETF Operations/Network Management area open meeting, which begins at the DoubleTree on Tuesday evening, May 22.
Files: pptJeff Case Presentation(PPT)
youtubeSNMP Update
Sponsors: None.
Tutorial: More on Network Policy - Sequel to a BOF, Prelude to a Tutorial
Meeting: NANOG22
Date / Time: 2001-05-21 3:30pm - 5:00pm
Room: North Ballroom
Presenters: Speakers:
Stephen Stuart, MFN.
Abstract: Stephen will present a slightly more detailed recap of the last NANOG\'s network policy BOF, hint at a tutorial session that might occur at the next NANOG, and then open the floor to discussion much like last time (stepping in on occasion to play Devil\'s Advocate or otherwise keep some form of debate going).
Files: None.
Sponsors: None.
The New IETF Sub-IP Area: A Brief Summary for Service Providers
Meeting: NANOG22
Date / Time: 2001-05-22 9:00am - 9:30am
Room: Forum Hall
Presenters: Speakers:
Curtis Villamizar, Avici.
Abstract: This talk describes a new work area recently defined by the Internet Engineering Task Force. The Internet Engineering Steering Group, an IETF leadership council, has noticed an abundance of Internet Drafts related to MPLS and optical networking. Several hundred I-Ds were intended to be considered in the MPLS or \'IP over Optical\' Working Groups, and were not within the charters for those WGs. In an attempt to return to sanity, the IESG formed a new work area with six WGs and has tried to divide the work among them. See the IETF Web pages for descriptions of the new Working Groups. Operator input needed!
Files: pdfCurtis Villamizar Presentation(PDF)
youtubeThe New IETF Sub-IP Area: A Brief Summary for Service Providers
Sponsors: None.
MPLS Enhancements to Support Layer 2 Transport Services
Meeting: NANOG22
Date / Time: 2001-05-22 9:30am - 10:00am
Room: Forum Hall
Presenters: Speakers:

Jeremy Brayley, Laurel Networks

Jeremy Brayley, Senior Product Manager with Laurel Networks, has nearly a decade of experience in IP and optical transport. Prior to joining Laurel, Jeremy held positions with FORE and Cisco Systems, where he was responsible for IP and optical transport network design for service providers and large financial institutions.
Abstract: MPLS has been viewed as an IP traffic engineering technology, yet it has another, more compelling application as a multi-service transport medium. This presentation will focus on how a service provider can offer layer 2 switched services, such as long-haul Ethernet, frame relay, and ATM, on an IP/MPLS network. It will explain one method of using LDP-DU (Label Distribution Protocol running in Downstream Unsolicited mode) as a signaling protocol to provision these services over traffic-engineered MPLS tunnels, and how a service provider can match the characteristics and SLAs of these services as they are offered on a switched network.
Files: pptJeremy Brayley Presentation(PPT)
youtubeMPLS Enhancements to Support Layer 2 Transport Services
Sponsors: None.
Very Pleasant/Painful Networking: The Highs and Lows of Building and Maintaining VPNs
Meeting: NANOG22
Date / Time: 2001-05-22 10:00am - 10:30am
Room: Forum Hall
Presenters: Speakers:

Matt Baker, Intel

Matt Baker is a senior network engineer with Intel Online Services, the web and application hosting division of Intel Corporation. Over the past five years, he has worked to develop advanced remote-access solutions for Intel Corporation. From 1998 through early 2000, Matt led Intel\'s broadband and VPN technology trials, designing and deploying one of the earliest large scale corporate xDSL and VPN remote-access networks. At Intel Online Services, his main interest is the concept of the Datacenter, a place where internet service provider and enterprise issues can frequently converge. More precisely, Matt focuses on how these issues affect VPN connectivity/performance, network security design, and AAA systems design.
Abstract: VPNs may empower a mobile workforce with secure and flexible corporate network access, allow xSPs to accommodate inexpensive and rapid integration of new customers, or enable ASPs to deliver complex, mission-critical applications to their customers. However, with all of Virtual Private Networking\'s great promises comes a potentially significant price. The goal of this presentation is to shed some light on these challenges and highlight some of our key learnings and solutions. Topics to be covered include good NAT bad NAT, Internet performance issues, troubleshooting complexity, and the need for education and awareness.
Files: pptMatt Baker Presentation(PPT)
youtubeVery Pleasant/Painful Networking: The Highs and Lows of Building and Maintaining VPNs
Sponsors: None.
OSPF for a Broadband Wireless Campus Backbone
Meeting: NANOG22
Date / Time: 2001-05-22 10:50am - 11:20am
Room: Forum Hall
Presenters: Speakers:

Joseph Hui, Arizona State University

Joseph Y. Hui is International Switching Symposium Chair, Professor of EE, and Director of the Telecom Research Center at Arizona State University. His specialties are switching, networking, and communication systems. While on sabbatical leave from Rutgers at the Chinese University of Hong Kong from 1995-1999, he was engaged in the Internet development, using ATM switching technologies for the Hong Kong Internet Exchange, and later the Hong Kong Commercial Internet Exchange, a spinoff from the Chinese University of Hong Kong. His interests now include broadband wireless internets, wireless storage area networks, and Internet economics.
Abstract: In this talk, we explore the use of a wireless mesh network of up to 1 Gb/s directional Radio Frequency links. Such networks are rather agile and fragile. We outline techniques we plan to use to modify OSPF for this environment, such as rapid rerouting, QoS provisioning, radio link power, and impairment management. We are implementing multipath routing, IP encapsulation, and local fault management to handle local wireless link failures. A prototype effort is described, and some preliminary thoughts for a campus backbone at Arizona State University are proposed.
Files: pptJoseph Hui Presentation(PPT)
youtubeOSPF for a Broadband Wireless Campus Backbone
Sponsors: None.
Operational Experience with IPv6 Migration
Meeting: NANOG22
Date / Time: 2001-05-22 11:20am - 11:40am
Room: Forum Hall
Presenters: Speakers:
Bill Manning, ISI.
Akira Kato, ISI.
Abstract: The presenters are augmenting exchange facilities for IPv6, and will discuss:

  • Why many facilites have constructed parallel fabrics instead of overlays



  • How human factors considerations and operational use have illuminated the need for better tooling as a way to lower the \"bar\" for operations. Kato-san will also discuss the NSPIXP6, an experimental IPv6 exchange in Tokyo. Included will be a brief history and information about design decisions, layer-2 extentions, and current status.





Please see the address below for Bill Manning\'s Presentation:

http://www.isi.edu/~bmanning/nanog22-v6/v3_document.htm




Please see the address below for Kato\'s presenation:

http://www.wide.ad.jp/nspixp6/nanog22/nspixp6.html
Files: youtubeOperational Experience with IPv6 Migration
Sponsors: None.
An Information Sharing and Analysis Center for the Internet
Meeting: NANOG22
Date / Time: 2001-05-22 11:40am - 12:10pm
Room: Forum Hall
Presenters: Speakers:

Kelly Cooper, Genuity

Ms. Cooper has been with Genuity (formerly GTE Internetworking, Powered by BBN) for over six years. Currently serving as a Security Engineer for Genuity\'s Engineering and Technology department, she is responsible for implementing security at the architecture and design level of Genuity\'s network infrastructure.<BR> <BR> Ms. Cooper started with Genuity in Network Operations, first as an Operator and Network Analyst, and most recently as Genuity\'s Internet Security Officer. Her duties included performing network security incident response, creating and enforcing policies. and tracing and countering of network attacks. Also in that role, she worked closely with other service providers and law enforcement agencies on security and abuse issues.<BR> <BR> Ms. Cooper takes an active role in industry-wide security initiatives and served as Chairperson for the Network Security Incident Working Group of the Internet Operators consortium (IOPS.org) for several years. She currently Chairs the IOPS effort to help create an Internet Service Provider Information Sharing and Analysis Center (ISP-ISAC). She was the Chairperson of the Security Best Practices working team of the Internet Service Provider Security Consortium (ISPSEC), sponsored by the ICSA. She is also a recognized contributor to multiple SANS (System Administration, Networking, and Security) Institute web publications (such as the \"Roadmap to Defeating DDoS\" and \"The List of The Top Ten Internet Security Threats\").<BR> <BR> Ms. Cooper got her start in network security while earning a BA from Rutgers College, working in the Rutgers University operations center as an operator and a security advocate. There she supported Rutgers as a backbone node on the NSFNET. Throughout her career, Ms. Cooper has devoted much of her personal and professional time to sharing resources and educating all parties involved in network security incident response.
Abstract: The creation of Information Sharing and Analysis Centers (ISACs) to protect critical infrastructure is encouraged by \"Presidential Decision Directive 63.\" ISACs exist now for the financial services, information technology, telecommunications, and electric utility industries. The Federal government has proposed legislation that would ensure the confidentiality of information collected by ISACs and would also provide antitrust and liability protection.



IOPS is considering the formation of an ISAC for the Internet. The goal is to help coordinate the resolution of Internet problems and to help protect the Internet. Membership in this ISAC would be much larger and more diverse than that of IOPS. The current plan is to hire a contractor to provide the necessary support for the 7x24 operation of the center itself.



This talk will:

  • Summarize the information that IOPS has received about other ISACs

  • Present the requirements we have drafted for an ISP-ISAC

  • Discuss IOPS\' current ideas, including feedback that has been received from potential support contractors

  • Most important -- obtain input from NANOG participants about their thoughts and their potential interest.

Files: youtubeAn Information Sharing and Analysis Center for the Internet
pptKelly Cooper Presentation(PPT)
Sponsors: None.

Back to NANOG22 agenda.

NANOG22 Abstracts

  • SNMP Update
    Speakers:
    Jeff Case, SNMP Research International;

 

^ Back to Top