NANOG Meeting Presentation Abstract

Tutorial: IP Routing Protocol Scalability: Theory and Examples
Meeting:	NANOG23
Date / Time:	2001-10-21 1:30pm - 3:00pm
Room:	Jewett Ballroom F-H
Presenters:	Speakers: Alvaro Retana, Cisco Systems Alvaro Retana is a Technical Leader in Cisco\'s IP Routing Deployment and Scalability Team, where he works first-hand on advanced features in routing protocols. Alvaro was formerly a technical lead for both the Internet Service Provider Support Team and the Routing Protocols Team at the Cisco Technical Assistance Center in Research Triangle Park, NC.
Abstract:	This tutorial addresses the building blocks of IP routing protocol scalability (hierarchy, redundancy, and addressing and summarization) along with protocol-specific issues. BGP, ISIS and OSPF configurations and parameters are explored. The examples presented include a set of protocol-specific \"best practices.\" Intended Audience: Network operators and engineers with IP routing experience. Knowledge of the protocols covered is expected. Tutorial Outline Introduction - Scope of the Presentation - Agenda Scalability Building Blocks Relationship to Convergence and Stability Impact/Use of Hierarchy/Redundancy/Addressing and Summarization Hierarchy - Why is hierarchy important? - Brief overview of service placement (per layer. Redundancy - When is redundancy too much? - IGP Flooding Addressing and Summarization -Aggregation Methods per protocol ISIS Scalability Hierarchy in ISIS - L or L-only networks - Use and limitations of Hierarchical Networks - Route Leaking Detection and Propagation of Changes - Fast Hellos - LSP Generation - SPF Runs - Exponential Backoff Other tips... - Overload bit OSPF Scalability Hierarchy - Area types and flow of routing information - LSA Filtering Detection and Propagation of Changes - Fast Hellos - LSP Generation - SPF Runs - Exponential Backoff Other tips... - Overload bit OSPF Scalability Hierarchy - Area types and flow of routing information - LSA Filtering Detection and propagation of changes - Fast Hellos - LSA Generation - SPF Runs - Exponential Backoff Other tips... - Stub router advertisement BGP Scalability iBGP Full Mesh - Route Propagation Requirements Peer-Groups - Configuration Grouping and UPDATE Generation Route Reflectors - Deployment (Hierarchy) Confederations - Deployment - Interaction with IGPs Detection and Propagation of Changes - minAdvertisementTimer - NEXT_HOP Reachability - 4.5.3 Route Dampening Summary and Conclusions
Files:	IP Routing Protocol Scalability: Theory and Examples
Sponsors:	None.

Tutorial: ISP Security - Real World Techniques II
Meeting:	NANOG23
Date / Time:	2001-10-21 1:30pm - 3:00pm
Room:	Jewett Ballroom A-E
Presenters:	Speakers: Barry Raveendran Greene, Cisco Systems. Chris Morrow, UUNET/Verizon. Brian W. Gemberling, UUNET.
Abstract:	The Internet is a battleground, with ISP\'s and their customers right in the middle of the line of fire. What ISPs need to protect themselves are tools and techniques that work in the line of fire, i.e., tools that fight DoS attacks and provide something other than a busy signal on the customer service line. This tutorial will walk ISPs through the five stages of working an attack: preparation, identification, classification, traceback, and reaction. Focus will be placed on techniques that work - with specific vendor features left for other sessions. All the techniques have been validated and proven to be operationally deployable and workable under conditions of network stress. The key objective is to empower other ISPs to deploy these vendor-independent techniques, which will provide a foundation for inter-NOC cooperation to trace back the attacks to their source.
Files:	Barry Raveendran Greene Presentation(PDF) Barry Raveendran Greene Presentation(PPT) ISP Security - Real World Techniques II
Sponsors:	None.

Tutorial: BGP Multihoming Guide
Meeting:	NANOG23
Date / Time:	2001-10-21 7:30pm - 9:00pm
Room:	Jewett Ballroom A-E
Presenters:	Speakers: Philip Smith, Cisco Systems.
Abstract:	This tutorial introduces service providers to some of the features available in BGP to aid multihoming to the Internet. After an explanation of multihoming and the principles being followed in this tutorial, several examples involving different scenarios will be given. This includes the options available when multihoming to the same ISP (including RFC2270) and to different upstreams. Configurations for modifying inbound and outbound traffic flows are covered. The tutorial concludes with a case study, and an examination of the use of BGP communities by several ISPs.
Files:	BGP Multihoming Guide Philip Smith Presentation(PDF)
Sponsors:	None.

Tutorial: Packets and Photons: The Emerging Two-Layer Network
Meeting:	NANOG23
Date / Time:	2001-10-21 7:30pm - 9:00pm
Room:	Jewett Ballroom F-H
Presenters:	Speakers: Dan Lockwood, Juniper Dan Lockwood joined Juniper Networks in September 1998 to build the company\'s Professional Services and Education division. He currently manages a group of consultants focused on helping customers plan, architect, and deploy next-generation IP and MPLS networks. Prior to coming to Juniper Networks, Lockwood was a principal consultant at Cascade Communications. Here, he was responsible for designing and deploying multi-service networks using MPLS-based IP Navigator, ATM, and Frame Relay. Lockwood holds a B.S. in Computer Science from Princeton University.
Abstract:	This session highlights new techologies for optical-based networks. The tutorial begins by examining how service providers have constructed their networks in the past in order to cope with the need for IP bandwidth. System equipment layers are discussed, and how they are now being collapsed into an emerging two-layer network. Future technology directions are then explored, including pure photonic routers. We then discuss how network architectures will look, along with their benefits. An in-depth look is taken at generalized MPLS (GMPLS), which allows the IP routing layer to share a common control plane with the optical transmission layer. The importance of this is explained and why it could be the basis for building IP service infrastructures of the future.
Files:	Packets and Photons(PPT) Packets and Photons: The Emerging Two-Layer Network
Sponsors:	None.

The Internet Under Stress
Meeting:	NANOG23
Date / Time:	2001-10-22 9:15am - 9:30am
Room:	OCC East
Presenters:	Speakers: Peter H. Salus, Matrix Peter H. Salus is Chief Knowledge Officer of Matrix.Net in Austin, TX. He is the author of <I>A Quarter Century of UNIX</I> (1994), <I>Casting the Net</I> (1995), and several other books, and has conducted The Bookworm in ;login: for over a decade. Peter has written for and edited Matrix News since 1994.
Abstract:	After the horrific attacks of September 11, Matrix.Net was asked by the Office of the President to track the effects on the Internet and to examine past records for any unusual incidents. Salus presents data, maps, and graphs for Internet performance on September 11 and during earlier disruptive events.
Files:	Peter Salus Presentation(PPT) The Internet Under Stress
Sponsors:	None.

What Worked and What Didn\'t: 9/11
Meeting:	NANOG23
Date / Time:	2001-10-22 9:30am - 9:50am
Room:	OCC East
Presenters:	Speakers: Sean Donelan, Donelan.com.
Abstract:	Using details gathered from both small and larage providers in New York, the rest of the USA, and overseas, Donelan discusses the events and aftermath of September 11 from an operators\' point of view.
Files:	Sean Donelan Presentation(PPT) What Worked and What Didn't: 9/11
Sponsors:	None.

Multicasting Worked on 9/11
Meeting:	NANOG23
Date / Time:	2001-10-22 9:50am - 10:10am
Room:	OCC East
Presenters:	Speakers: Marshall Eubanks, Multicast Technologies Marshall Eubanks, CTO at Multicast Technologies Inc., since its founding in 1999, develops multicast applications for broadcasting, content delivery, and one-to-many file transfer. He is also responsible for multicast monitoring at Multicast Technologies and in the effort to protect multicast against denial of service attacks. Prashant Rajvaidya, UC Santa Barbara. Rich Mavrogeanes, Vbrick.
Abstract:	On the morning of September 11, 2001, after the terrorist attacks in New York and Washington, many Internet users tried to get news and information over the Internet, only to be met with sluggish performance or unavailable websites. These problems were compounded for users in New York because of the general unavailability of terrestrial broadcasts after the structural failure of the World Trade Center. By contrast, multicasting, which was designed to deal with sudden audience spikes, did not suffer any known outages, and multicast video audiences increased to unprecedented levels. At Networld+Interop in Atlanta, which was ongoing at the time of the attacks, \"the crowds around the one [multicast] display had grown so large as to constitute a fire hazard, [while] all the major news web sites had completely melted down.\" The events of 9/11 show that multicasting is a robust, real-world product capable of performing well under difficult conditions. Multicasting is robust to increased traffic loads, both because it limits the bandwidth being consumed, and because the control traffic is robust under packet loss. This robustness will considerably increase with the adoption of Single Source Multicast (SSM), which significantly reduces the amount of required control traffic. Multicasting is sensitive, of course, to degradation in the underlying Internet infrastructure. While this was not a problem on 9/11, it was a problem in the days afterwards, as data exchange facilities near the World Trade Center found it hard to stay in service. For the most part, any outages were sporadic and quickly routed around. Multicast video was a major source of news on 9/11, with a video audience of 2000+ receivers, and undoubtedly a considerably larger number of viewers. The increased traffic lasted for much of the rest of the week. This shows that multicasting can be used to disseminate information under trying conditions, and that a critical mass of people is able to receive this information. Multicasting would thus seem to be an obvious adjunct to the existing Emergency Alert System (EAS). This presentation will focus on the observed multicast traffic on and after the attacks on 9/11, how the multicast Internet behaved under stress, and what these observations imply about multicast security and robustness.
Files:	Marshall Eubanks Presentation(PPT) Multicasting Worked on 9/11
Sponsors:	None.

Trends in Denial of Service Attack Technology
Meeting:	NANOG23
Date / Time:	2001-10-22 10:30am - 11:00am
Room:	OCC East
Presenters:	Speakers: Kevin Houle, CERT.
Abstract:	This talk highlights recent trends in denial of service attack technology from the perspective of CERT\'s analysis of the continued development, deployment, and use of denial of service attack tools by intruder communities. The speaker has co-authored this paper on DOS attack trends.
Files:	Trends in Denial of Service Attack Technology Trends in Denial of Service Attack Technology(PPT)
Sponsors:	None.

Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out?
Meeting:	NANOG23
Date / Time:	2001-10-22 11:00am - 11:15am
Room:	OCC East
Presenters:	Speakers: David Moore, CAIDA.
Abstract:	This talk provides an overview of CAIDA\'s analyses of Code Red and other recent worms
Files:	David Moore Presentation(PDF) Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out?
Sponsors:	None.

DoS Attacks in the Real World
Meeting:	NANOG23
Date / Time:	2001-10-22 11:15am - 11:30am
Room:	OCC East
Presenters:	Speakers: Karthik Arumugham, Global NAPs Karthik Arumugham has been a Network Engineer at Global NAPs in Quincy, MA for one year, and has been with the company as a Systems Engineer and Software Developer for two years. He has several years of experience in Unix administration, system and network security, and software development. Steven Schechter, Globix Steven Schecter has been a Backbone Engineer at companies such as AboveNet Communications (MFNX), and now presently Globix Corporation in New York City. Previous to that he spent two years working as a Network Engineer and Systems Administrator for Net Access Corporation. Jason Slagle, Toledo Internet Access Jason Slagle has four years experience as Network Administrator at Toledo Internet Access in Toledo, OH. Currently holding his CCNP/CCDP certifications, he is seeking his CCIE and Cisco specialization in security.
Abstract:	This presentation takes a real-world look at DoS attacks, concentrating on those launched in relation to Internet Relay Chat (IRC). We will cover the psychology of those who launch DoS attacks, the tools and methods they use, and our successes with tracking and prosecution of these individuals. Additionally, we will cover our tried-and-tested methods of observing, tracking, and defending against these attacks. Finally, we will focus on the effects of these attacks on nearby machines and network infrastructure.
Files:	DoS Attacks in the Real World
Sponsors:	None.

Diversion and Sieving Techniques to Defeat
Meeting:	NANOG23
Date / Time:	2001-10-22 11:30am - 12:00pm
Room:	OCC East
Presenters:	Speakers: Yehuda Afek, Tel-Aviv Univ. & WANWall Yehuda Afek is a Professor in the School of Computer Science at Tel-Aviv University, and the CTO of WANWall Inc. Currently his research focuses on efficient forwarding and routing algorithms for IP networks, and methods for traffic engineering to stop DDoS attacks. Prior to joining Tel-Aviv University in 1989 he spent four years in AT&T Bell Laboratories. He received his M.Sc. and Ph.D. in Computer Science from UCLA in 1985 and 1983, respectively. Anat Bremler-Barr, Tel-Aviv Univ. & WANWall. Hank Nussbacher, WANWall. Danny Touitou, WANWall.
Abstract:	Network engineers have been known to use diversion to blackhole DDoS attacks. This technique may divert and blackhole legitimate traffic. We present a method that provides availability under DDoS attacks by combining different diversion methods with a mechanism that sieves the \"bad\" packets and forwards the \"good\" packets to the intended victim. The method minimizes demand on router resources and does not introduce additional elements on the normal data path. The diversion method allows a sieving mechanism to process only the victims\' traffic. The system is employable on a provider\'s backbone, preferably at the peering points. Furthermore, since diversion is done on demand for different targets at different periods of time, the solution can be shared by a large number of potential victims and can protect any element in the provider\'s backbone. This method can also be applied on egress traffic, thus enabling a service provider to clean attack traffic generated within its own network. Various alternative methods of transparently diverting a victim\'s traffic and returning its legitimate traffic will be presented.
Files:	Diversion and Sieving Techniques to Defeat Yehuda Afek Presentation(PPT)
Sponsors:	None.

NOBAD: Network-Oriented Basic Anomaly Detection
Meeting:	NANOG23
Date / Time:	2001-10-22 1:30pm - 1:45pm
Room:	OCC East
Presenters:	Speakers: Jonas M. Luster, d-fensive.com Dr. Jonas Luster is co-founder and CIO of d-fensive networks, Inc. a security consulting company foscusing on risk analysis and mitigation in large scale networks. He claims not to be a technical person, having graduated as a Criminologist and not in CS, but contributes to a few OpenSource projects as programmer and designer.
Abstract:	The goal of this presentation will be to introduce NOBAD, the Network Oriented Basic Anomaly Detection Infrastructure. NOBAD, a volunteer effort, aims to provide a means of distributed network performance and anomaly measurements to quickly detect network problems. These could include line saturation or CPU spikes, which might be signs of denial of service attacks or technical problems. NOBAD consists of a number of sensors deployed throughout the network and a smaller number (where \'number\' is an arbitrary amount from one to n) of so-called aggregators to collect data and react accordingly. NOBAD is currently in use at a large network infrastructure provider and has been tested in governmental environments as well. Its distributed nature and the openness of its code and underlying mechanisms and protocols provide the needed vendor independence for homogenous networks. This presentation will focus on both technical background and possible use cases. NOBAD, as a volunteer effort, is available as Open Source and can be used under the terms of the \'BSD Public License,\' which permits inclusion in commercial products. A stable release is planned for the weekend prior to NANOG 23. The technical background section of the talk will include details of sensor and aggregator implementation, and will address current problems with homogenous networks. The use case presentation will cover current implementations, advantages of NOBAD compared to static log file analyzers such as swatch, and a view into the future of distributed anomaly detection.
Files:	Jonas Luster Presentation(PPT) NOBAD: Network-Oriented Basic Anomaly Detection
Sponsors:	None.

Designing a Testbed for Evaluating DDoS Defense Research
Meeting:	NANOG23
Date / Time:	2001-10-22 1:45pm - 2:15pm
Room:	OCC East
Presenters:	Speakers: Wes Hardaker, NAI Labs Wes Hardaker is a Research Scientist with NAI Labs, the research division of Network Associates. His current research is focused on policy management of high-speed IPsec devices and on designing a test network suitable for evaluating DDoS defense products and research work. Priror to join NAI Labs, he worked at U.C. Davis developing its security infrastructure. Additionally, he is the lead developer of the popular net-snmp open source network management toolkit.
Abstract:	Numerous DDoS defense technologies are now under development by researchers and product vendors. A critical problem is that these technologies, however promising, cannot be validated unless they can be shown to be effective in an environment representative of the equipment, topology, and bandwidth that exists at large ISPs and peering points. Operational settings having these characteristics typically cannot allow the degree of experimentation needed for technology evaluation. NAI Labs, the research division of Network Associates, Inc., under contract to the Defense Advanced Research Projects Agency (DARPA), is formulating a set of equipment, connectivity, and data requirements for experimentation and evaluation of new DDoS defense technologies. Meeting these requirements would allow researchers, vendors, service providers, and potential customers to verify that emerging DDoS defense technologies are suitable for large-scale operational deployment. If these requirements can be articulated and supported by industry, U.S. government sponsorship may ultimately be sought to implement them. DARPA, through its contract to NAI Labs, is seeking input from the NANOG community so that a future facility based on these requirements can promote the development of new technology capable of defending against the broadest spectrum of future DDoS attacks. This presentation will introduce the project and describe the research work results to date. It is intended to be an introduction to the project and will be followed by a Monday evening BOF, in which feedback and comments from the NANOG community will be sought.
Files:	Designing a Testbed(PPT) Designing a Testbed for Evaluating DDoS Defense Research
Sponsors:	None.

Inter-City MAN Services Using MPLS
Meeting:	NANOG23
Date / Time:	2001-10-22 2:15pm - 2:45pm
Room:	OCC East
Presenters:	Speakers: Pascal Menezes, Terabeam A seasoned IP veteran and network architect, Menezes has more than 16 years experience in next-generation information systems and communications architecture. As Terabeam\'s CTO of IP internetworking, Menezes designed and implemented one of the first production grade Gigabit Ethernet MANs in 1998 offering VoIP services. He is an early pioneer in packet-based QoS framework, layer 2 VPN MPLS services for MANs, and inter-city MPLS hierarchical services. He has designed and implemented many global, national, regional and metro IP networks.<BR> <BR> Prior to his work at Terabeam, Menezes was Senior Internetworking Technologist at Packet Engines. Previous to Packet Engines, he worked as a consultant to Fortune 50 companies specializing in network and system integration. Menezes currently is the Vice President of the Metro Ethernet Forum (MEF), Co-Chair of the Protocol and Transport group at the MEF, and has authored and co-authored many IETF drafts on Ethernet MAN technologies, including Layer 2 MPLS services and Inter-MAN MPLS LSP services. He actively participates in IETF working groups, design teams, and MPLS Forum technical meetings.
Abstract:	This presentation describes a network service model for high-speed Metropolitan Area Network (MAN) service providers to deliver economical services between cities. It utilizes a distance-insensitive IP NSP as a WAN partner for inter-city services, simplifies MAN operation, and improves the scalability of a traditional standard overlay model by allowing the MAN provider to peer with the NSP for both Internet transit and inter-city MAN services (e.g., transparent LAN services.) This network service model allows an NSP to offer hierarchical MPLS services to downstream providers, while providing scalability and automation for both the NSP and MAN provider. While this presentation refers to a solution for MAN providers, any downstream provider that needs hierarchical MPLS services from an NSP can use this service.
Files:	Inter-City MAN Services Using MPLS Pascal Menezes Presentation(PPT)
Sponsors:	None.

MPLS in Perspective
Meeting:	NANOG23
Date / Time:	2001-10-22 2:45pm - 3:15pm
Room:	OCC East
Presenters:	Speakers: Kireeti Kompella, Juniper Kireeti Kompella is a Distinguished Engineer at Juniper Networks. His current interests are all aspects of Multi-Protocol Label Switching, including traffic engineering, generalized MPLS, and MPLS applications such as VPNs. Kompella is active at the IETF, where he is a co-chair of the CCAMP Working Group and the author of several Internet-Drafts in the areas of IS-IS, MPLS, OSPF, PPVPN and TE. Previously, he worked in the area of file systems at Network Appliance and SGI.<BR> <BR> Kompella received his B.S. in EE and M.S. in C.S. at the Indian Institute of Technology, Kanpur; and his Ph.D. in C.S. at the University of Southern California.
Abstract:	This presentation considers whether service providers should roll out MPLS in their networks, and what questions they should ask in arriving at the answer. Kompella addresses commonly asked questions, such as \"What\'s the benefit of using MPLS vs. ATM?\", \"MPLS vs. IP?\" and \"Are the benefits of MPLS worth rolling out new protocols?\" He also suggests more fundamental questions that should be asked.
Files:	Kireeti Kompella Presentation(PPT) MPLS in Perspective
Sponsors:	None.

Enhancing the Internet\'s Administrative Look-up Service
Meeting:	NANOG23
Date / Time:	2001-10-23 9:00am - 9:30am
Room:	OCC East
Presenters:	Speakers: Mark Kosters, VeriSign Applied Research. Andrew Newton, VeriSign Applied Research.
Abstract:	The use of the whois protocol to provide a look-up service for Internet infrastructure information is showing its age. Operators are experiencing increased demands for information through the whois service. From the needs of privacy, law enforcement, intellectual property rights, and referrals, new demands are being asked of this service. VeriSign is in the process of gathering requirements from the various whois user communities. Mark will present the process through which VeriSign is gathering these requirements, and the generalities of what is currently known about them. In addition, VeriSign has been working on efforts to shift this look-up service away from whois to other, more capable protocols. Andrew will present VeriSign\'s two projects looking at replacing this service with a protocol other than whois: 1) VeriSign is piloting a project to replace whois with LDAP, and 2) a proposed XML-based directory protocol that mirrors much of the effort going into EPP (Extensible Provisioning Protocol).
Files:	Andrew Newton Presentation(PPT) Enhancing the Internet's Administrative Look-up Service
Sponsors:	None.

ARIN Open Mike Session
Meeting:	NANOG23
Date / Time:	2001-10-23 10:45am - 11:15am
Room:	OCC East
Presenters:	Speakers: Richard Jimmerson, ARIN.
Abstract:	This discussion will include a ten-minute overview of the ARIN policy evaluation process that identifies the current issues being evaluated. The remaining time will be left open for meeting attendees to ask questions and provide feedback on any issue related to ARIN procedures or policies.
Files:	ARIN Open Mike Session Richard Jimmerson Presentation(PDF) Richard Jimmerson Presentation(PPT)
Sponsors:	None.

Global Routing Instabilities During Code Red II and Nimda Worm Propagation
Meeting:	NANOG23
Date / Time:	2001-10-23 11:15am - 12:00pm
Room:	OCC East
Presenters:	Speakers: Jim Cowie, Renesys Corporation. Andy Ogielski, Renesys Corporation.
Abstract:	We will present our analysis of the surprisingly strong impact of recent Microsoft worms (such as Code Red II and Nimda) on the stability of the global routing system. Analysis of the on-line BGP message archives from the RIPE-NCC Routing Information Service, and of the worm scanning and infection spread datasets shows strong correlations between worm propagation periods and very long-lasting BGP \"update storms.\" We will also discuss preliminary results concerning the populations of unstable routes, unreachable networks, and the mechanisms by which the worm traffic may be destabilizing the BGP routing system. See: http://www.renesys.com/tech/presentations/
Files:	Global Routing Instabilities During Code Red II and Nimda Worm Propagation
Sponsors:	None.

Shining Light on Dark Internet Address Space
Meeting:	NANOG23
Date / Time:	2001-10-23 1:30pm - 2:00pm
Room:	OCC East
Presenters:	Speakers: Craig Labovitz, Merit Network/Arbor Networks. Abha Ahuja, Merit Network/Arbor Networks. Presented by Rob Malan, Arbor Networks.
Abstract:	In this talk, we explore the degree to which commercial strategies, peering disputes, network failures, misconfiguration, and occasionally, malicious intent, lead to a partitioning of Internet topology. Specifically, we present a three-year study of the differences in Internet provider reachability. We focus on \"dark address space,\" or the range of topology accessible from one provider, but unreachable via one or more competitor networks. We present active and passive measurements of these differences on time scales ranging from several seconds to multiple months.
Files:	Shining Light on Dark Internet Address Space
Sponsors:	None.

BGP Multiple Origin AS (MOAS) Conflicts
Meeting:	NANOG23
Date / Time:	2001-10-23 2:00pm - 2:15pm
Room:	OCC East
Presenters:	Speakers: Xiaoliang Zhao, NCSU. Dan Massey, USC/ISI. Allison Mankin, USC/ISI. S. Felix Wu, UC Davis. Lan Wang, UCLA. Dan Pei, UCLA. Lixia Zhang, UCLA.
Abstract:	This talk will present our measurement and analysis of multiple origin AS (MOAS) conflicts in observed BGP updates, as well as a proposal for use of a community attribute and DNS to decrease risk in cases where MOAS conflicts may cause significant Internet routing disruption. Examples of such disruption include the AS8584 case in April 1998, and the instabilities generated by C&W peering changes in June of this year. Seen in BGP routing table views, MOAS conflict is the case where a particular prefix originates from more than one AS. Using BGP routing tables from multiple views over 1279 continuous days, we analyzed total numbers of MOAS conflicts, duration of the conflicts, and relation to prefix length. We also classified the conflicts by the congruence of the multiple AS paths and analyzed the potential causes for the conflicts. These include intended uses to meet legitimate operational needs (multi-homing without BGP, private AS number substitution at egress, exchange points, anycast practices) and faults. Both the total numbers of MOAS conflicts and the distribution of conflict duration suggest that MOAS due to faults represents a significant operational concern, even with the filtering lessons learned from AS8454 and similar events before and after. When a MOAS conflict occurs, we would like to enable routers to distinguish intended MOAS cases from route flapping or blackholing. Proposed solutions so far include the use of DNS (Bates/Bush1998) and uses of routing registries, including full-blown certifications (SBGP). In this talk we propose a much simpler and incrementally deployable approach using a new community attribute and DNS, which can provide adequate protection against faults from MOAS conflicts.
Files:	BGP Multiple Origin AS (MOAS) Conflicts Lixia Zhang Presentation(PPT)
Sponsors:	None.

The Impact of BGP Misconfiguration on Connectivity
Meeting:	NANOG23
Date / Time:	2001-10-23 2:15pm - 2:45pm
Room:	OCC East
Presenters:	Speakers: Ratul Mahajan, University of Washington. David Wetherall, University of Washington. Tom Anderson, University of Washington.
Abstract:	While it is well-known that BGP is vulnerable to simple, accidental misconfigurations that can cause widespread loss of connectivity, most of the evidence is anecdotal. Routing configuration errors have received less attention than more popular threats to connectivity, such as denial-of-service, and CAIDA\'s BGP analyses and Merit\'s IPMA project provide some of the only data available. We present initial results of a new study of BGP configuration errors based on publicly available routing table snapshots and looking glasses. We quantify the kind and extent of configuration errors, as well as their impact on backbone connectivity. In this talk, we focus on announcements with incorrect origin AS and partial connectivity. We find that there are a significant number of questionable routing announcements, but the majority of these have only a slight impact on connectivity. Of the roughly 2% of the prefixes per day that are not announced with consistent origins, O(100) prefixes are subject to AS-path stripping and potential address space hijacks, while the other fluctuations are more benign. We also analyze partially connected address space (that is reachable only from some parts of the Internet) to expose route filtering and damping practices that are limiting connectivity. We find that 1-2% of the address space exists in a persistently partially reachable state at any given time.
Files:	The Impact of BGP Misconfiguration on Connectivity(PPT) The Impact of BGP Misconfiguration on Connectivity
Sponsors:	None.

Analysis of RIPE / RIS Project\'s BGP Data: CIDR at Work
Meeting:	NANOG23
Date / Time:	2001-10-23 2:45pm - 3:15pm
Room:	OCC East
Presenters:	Speakers: Cengiz Alaettinoglu, Packet Design Cengiz Alaettinoglu is a member of the Technical Staff at Packet Design. His current work includes analysis of and enhancements to BGP and IGP scaling and convergence properties. He was previously at the USC Information Sciences Institute, where he worked on the Routing Arbiter project. Cengiz co-defined the Routing Policy Specification Language along with the protocols to enable a distributed, secure routing policy system.
Abstract:	We analyze the BGP messages collected by the RIPE-NCC Routing Information Service. The data has been collected for about two years. It is much richer than the daily snapshots often used in analysis and helps us address more detailed questions than simply table size growth. For example, we can show the effectiveness of CIDR aggregation, or account for multi-homing and inter-domain traffic engineering more accurately. In short, we find that the routing table size growth is not exponential, CIDR is doing very well, and churn is decreasing. Most of the churn is due to the loss and re-establishment of BGP peerings, as well as policy misconfigurations (leaking routes, etc).
Files:	Analysis of RIPE / RIS Project's BGP Data: CIDR at Work Analysis of RIPE/RIS Project's BGP Data(PDF)
Sponsors:	None.

XML-based Network Management
Meeting:	NANOG23
Date / Time:	2001-10-23 3:15pm - 3:30pm
Room:	OCC East
Presenters:	Speakers: Rob Enns, Juniper Rob Enns works on user interface and network management software at Juniper Networks. Prior to Juniper Rob worked at Berkeley Networks and FORE Systems.
Abstract:	Service providers have expressed a need for a simple, standard method of building tools for network management and provisioning. The Extensible Markup Language (XML) provides a straighforward means by which these needs can be met. Using standard tools, XML can be easily parsed, stored, retrieved, debugged, and documented. XML\'s ASCII encoding lends itself well to scripting and provisioning (it\'s easy to write, and easy to debug), and its ability to provide forward and backward compatibility makes it a robust choice for building network management tools. This talk will include a very brief introduction to XML, a description of areas of network management to which XML is applicable, and examples of using XML and XML-based tools to wrangle operational and configuration data from a network.
Files:	Rob Enns Presentation(PPT) XML-based Network Management
Sponsors:	None.

Using Topological Mapping to Manage and Secure Large Networks
Meeting:	NANOG23
Date / Time:	2001-10-23 3:45pm - 4:00pm
Room:	OCC East
Presenters:	Speakers: Karl Siil, Lumeta Karl Siil, Director of Professional Services at Lumeta Corporation, has been working in network and system security for the past 20 years. Prior to Lumeta, Mr. Siil spent over 10 years at AT&T Bell Labs developing secure operating systems and networks for commercial and government clients, and three more years running the security practices of various global consulting companies.
Abstract:	The security of a network infrastructure, particularly an extensive one, relies on the proper management of the network address space, routes, and external connections. If network managers don\'t know what they have, how it\'s connected, and what else it\'s connected to, they can\'t know if it is secure. The Internet Mapping Project, started by Bill Cheswick at Bell Labs, has been collecting intriguing topological information about the Internet since August of 1998. In the last year, this technology has been applied to large corporate intranets and ISPs with equally illuminating results. The presentation introduces the analysis and interpretation of such maps and what can be determined from such analysis. The larger the network, the more useful we find this analysis to be for identifying single points of failure, address squatting (the use of another organization\'s address space within one\'s own network), legacy connections to divested networks or former business partners, and outright security violations. Real-world anonymized examples will be part of the presentation.
Files:	Karl Siil Presentation(PPT) Using Topological Mapping to Manage and Secure Large Networks
Sponsors:	None.

Back to NANOG23 agenda.

NANOG23 Abstracts

• Show All

• IP Routing Protocol Scalability: Theory and Examples
  Speakers:
  Alvaro Retana, Cisco Systems;

• ISP Security - Real World Techniques II
  Speakers:
  Barry Raveendran GreeneCisco Systems; .
  Chris MorrowUUNET/Verizon; .
  Brian W. GemberlingUUNET; .
  

• ISP Security - Real World Techniques II
  Speakers:
  Barry Raveendran GreeneCisco Systems; .
  Chris MorrowUUNET/Verizon; .
  Brian W. GemberlingUUNET; .
  

• ISP Security - Real World Techniques II
  Speakers:
  Barry Raveendran GreeneCisco Systems; .
  Chris MorrowUUNET/Verizon; .
  Brian W. GemberlingUUNET; .
  

• BGP Multihoming Guide
  Speakers:
  Philip SmithCisco Systems; .
  

• Packets and Photons: The Emerging Two-Layer Network
  Speakers:
  Dan Lockwood, Juniper;

• The Internet Under Stress
  Speakers:
  Peter H. Salus, Matrix;

• What Worked and What Didn\'t: 9/11
  Speakers:
  Sean DonelanDonelan.com; .
  

• Multicasting Worked on 9/11
  Speakers:
  Marshall Eubanks, Multicast Technologies; Prashant RajvaidyaUC Santa Barbara; .
  Rich MavrogeanesVbrick; .
  

• Multicasting Worked on 9/11
  Speakers:
  Marshall Eubanks, Multicast Technologies; Prashant RajvaidyaUC Santa Barbara; .
  Rich MavrogeanesVbrick; .
  

• Multicasting Worked on 9/11
  Speakers:
  Marshall Eubanks, Multicast Technologies; Prashant RajvaidyaUC Santa Barbara; .
  Rich MavrogeanesVbrick; .
  

• Trends in Denial of Service Attack Technology
  Speakers:
  Kevin HouleCERT; .
  

• Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out?
  Speakers:
  David MooreCAIDA; .
  

• DoS Attacks in the Real World
  Speakers:
  Karthik Arumugham, Global NAPs; Steven Schechter, Globix; Jason Slagle, Toledo Internet Access;

• DoS Attacks in the Real World
  Speakers:
  Karthik Arumugham, Global NAPs; Steven Schechter, Globix; Jason Slagle, Toledo Internet Access;

• DoS Attacks in the Real World
  Speakers:
  Karthik Arumugham, Global NAPs; Steven Schechter, Globix; Jason Slagle, Toledo Internet Access;

• Diversion and Sieving Techniques to Defeat
  Speakers:
  Yehuda Afek, Tel-Aviv Univ. & WANWall; Anat Bremler-BarrTel-Aviv Univ. & WANWall; .
  Hank NussbacherWANWall; .
  Danny TouitouWANWall; .
  

• Diversion and Sieving Techniques to Defeat
  Speakers:
  Yehuda Afek, Tel-Aviv Univ. & WANWall; Anat Bremler-BarrTel-Aviv Univ. & WANWall; .
  Hank NussbacherWANWall; .
  Danny TouitouWANWall; .
  

• Diversion and Sieving Techniques to Defeat
  Speakers:
  Yehuda Afek, Tel-Aviv Univ. & WANWall; Anat Bremler-BarrTel-Aviv Univ. & WANWall; .
  Hank NussbacherWANWall; .
  Danny TouitouWANWall; .
  

• Diversion and Sieving Techniques to Defeat
  Speakers:
  Yehuda Afek, Tel-Aviv Univ. & WANWall; Anat Bremler-BarrTel-Aviv Univ. & WANWall; .
  Hank NussbacherWANWall; .
  Danny TouitouWANWall; .
  

• NOBAD: Network-Oriented Basic Anomaly Detection
  Speakers:
  Jonas M. Luster, d-fensive.com;

• Designing a Testbed for Evaluating DDoS Defense Research
  Speakers:
  Wes Hardaker, NAI Labs;

• Inter-City MAN Services Using MPLS
  Speakers:
  Pascal Menezes, Terabeam;

• MPLS in Perspective
  Speakers:
  Kireeti Kompella, Juniper;

• Peering BOF IV
  Moderators:
  Bill NortonEquinix; .
  

• Enhancing the Internet\'s Administrative Look-up Service
  Speakers:
  Mark KostersVeriSign Applied Research; .
  Andrew NewtonVeriSign Applied Research; .
  

• Enhancing the Internet\'s Administrative Look-up Service
  Speakers:
  Mark KostersVeriSign Applied Research; .
  Andrew NewtonVeriSign Applied Research; .
  

• ARIN Open Mike Session
  Speakers:
  Richard JimmersonARIN; .
  

• Global Routing Instabilities During Code Red II and Nimda Worm Propagation
  Speakers:
  Jim CowieRenesys Corporation; .
  Andy OgielskiRenesys Corporation; .
  

• Global Routing Instabilities During Code Red II and Nimda Worm Propagation
  Speakers:
  Jim CowieRenesys Corporation; .
  Andy OgielskiRenesys Corporation; .
  

• Shining Light on Dark Internet Address Space
  Speakers:
  Craig LabovitzMerit Network/Arbor Networks; .
  Abha AhujaMerit Network/Arbor Networks; .
  Presented by Rob MalanArbor Networks; .
  

• Shining Light on Dark Internet Address Space
  Speakers:
  Craig LabovitzMerit Network/Arbor Networks; .
  Abha AhujaMerit Network/Arbor Networks; .
  Presented by Rob MalanArbor Networks; .
  

• Shining Light on Dark Internet Address Space
  Speakers:
  Craig LabovitzMerit Network/Arbor Networks; .
  Abha AhujaMerit Network/Arbor Networks; .
  Presented by Rob MalanArbor Networks; .
  

• BGP Multiple Origin AS (MOAS) Conflicts
  Speakers:
  Xiaoliang ZhaoNCSU; .
  Dan MasseyUSC/ISI; .
  Allison MankinUSC/ISI; .
  S. Felix WuUC Davis; .
  Lan WangUCLA; .
  Dan PeiUCLA; .
  Lixia ZhangUCLA; .
  

• BGP Multiple Origin AS (MOAS) Conflicts
  Speakers:
  Xiaoliang ZhaoNCSU; .
  Dan MasseyUSC/ISI; .
  Allison MankinUSC/ISI; .
  S. Felix WuUC Davis; .
  Lan WangUCLA; .
  Dan PeiUCLA; .
  Lixia ZhangUCLA; .
  

• BGP Multiple Origin AS (MOAS) Conflicts
  Speakers:
  Xiaoliang ZhaoNCSU; .
  Dan MasseyUSC/ISI; .
  Allison MankinUSC/ISI; .
  S. Felix WuUC Davis; .
  Lan WangUCLA; .
  Dan PeiUCLA; .
  Lixia ZhangUCLA; .
  

• BGP Multiple Origin AS (MOAS) Conflicts
  Speakers:
  Xiaoliang ZhaoNCSU; .
  Dan MasseyUSC/ISI; .
  Allison MankinUSC/ISI; .
  S. Felix WuUC Davis; .
  Lan WangUCLA; .
  Dan PeiUCLA; .
  Lixia ZhangUCLA; .
  

• BGP Multiple Origin AS (MOAS) Conflicts
  Speakers:
  Xiaoliang ZhaoNCSU; .
  Dan MasseyUSC/ISI; .
  Allison MankinUSC/ISI; .
  S. Felix WuUC Davis; .
  Lan WangUCLA; .
  Dan PeiUCLA; .
  Lixia ZhangUCLA; .
  

• BGP Multiple Origin AS (MOAS) Conflicts
  Speakers:
  Xiaoliang ZhaoNCSU; .
  Dan MasseyUSC/ISI; .
  Allison MankinUSC/ISI; .
  S. Felix WuUC Davis; .
  Lan WangUCLA; .
  Dan PeiUCLA; .
  Lixia ZhangUCLA; .
  

• BGP Multiple Origin AS (MOAS) Conflicts
  Speakers:
  Xiaoliang ZhaoNCSU; .
  Dan MasseyUSC/ISI; .
  Allison MankinUSC/ISI; .
  S. Felix WuUC Davis; .
  Lan WangUCLA; .
  Dan PeiUCLA; .
  Lixia ZhangUCLA; .
  

• The Impact of BGP Misconfiguration on Connectivity
  Speakers:
  Ratul MahajanUniversity of Washington; .
  David WetherallUniversity of Washington; .
  Tom AndersonUniversity of Washington; .
  

• The Impact of BGP Misconfiguration on Connectivity
  Speakers:
  Ratul MahajanUniversity of Washington; .
  David WetherallUniversity of Washington; .
  Tom AndersonUniversity of Washington; .
  

• The Impact of BGP Misconfiguration on Connectivity
  Speakers:
  Ratul MahajanUniversity of Washington; .
  David WetherallUniversity of Washington; .
  Tom AndersonUniversity of Washington; .
  

• Analysis of RIPE / RIS Project\'s BGP Data: CIDR at Work
  Speakers:
  Cengiz Alaettinoglu, Packet Design;

• XML-based Network Management
  Speakers:
  Rob Enns, Juniper;

• Using Topological Mapping to Manage and Secure Large Networks
  Speakers:
  Karl Siil, Lumeta;