^ Top

NANOG 23 Agenda

Presentation File Key:


Windows Media video, requires Windows Media Player to view. 


Real Video, requires Real Player to view. 


PDF Document, requires Adobe Acrobat Reader to view/print. 

Sunday, October 21 2001
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
1:30pm - 3:00pmJewett Ballroom F-H

Tutorial: IP Routing Protocol Scalability: Theory and Examples

This tutorial addresses the building blocks of IP routing protocol scalability (hierarchy, redundancy, and addressing and summarization) along with protocol-specific issues. BGP, ISIS and OSPF configurations and parameters are explored. The examples presented include a set of protocol-specific \"best practices.\" <BR><BR> Intended Audience: Network operators and engineers with IP routing experience. Knowledge of the protocols covered is expected. <BR><BR> Tutorial Outline <BR><BR> Introduction<BR> - Scope of the Presentation<BR> - Agenda <BR><BR> <STRONG>Scalability Building Blocks</STRONG><BR> Relationship to Convergence and Stability<BR> Impact/Use of Hierarchy/Redundancy/Addressing and Summarization <BR> Hierarchy<BR> - Why is hierarchy important?<BR> - Brief overview of service placement (per layer. <BR><BR> Redundancy - When is redundancy too much?<BR> - IGP Flooding <BR><BR> Addressing and Summarization<BR> -Aggregation Methods per protocol <BR><BR> <STRONG>ISIS Scalability</STRONG> <BR><BR> Hierarchy in ISIS<BR> - L or L-only networks<BR> - Use and limitations of Hierarchical Networks<BR> - Route Leaking <BR><BR> Detection and Propagation of Changes - Fast Hellos<BR> - LSP Generation<BR> - SPF Runs<BR> - Exponential Backoff<BR> <BR><BR> Other tips...<BR> - Overload bit <BR><BR> <STRONG>OSPF Scalability</STRONG> <BR><BR> Hierarchy - Area types and flow of routing information<BR> - LSA Filtering <BR><BR> Detection and Propagation of Changes<BR> - Fast Hellos<BR> - LSP Generation<BR> - SPF Runs<BR> - Exponential Backoff <BR><BR> Other tips...<BR> - Overload bit <BR><BR> <STRONG>OSPF Scalability</STRONG> <BR><BR> Hierarchy - Area types and flow of routing information<BR> - LSA Filtering <BR><BR> Detection and propagation of changes<BR> - Fast Hellos<BR> - LSA Generation<BR> - SPF Runs<BR> - Exponential Backoff <BR><BR> Other tips...<BR> - Stub router advertisement <BR><BR> <STRONG>BGP Scalability</STRONG> <BR><BR> iBGP Full Mesh<BR> - Route Propagation Requirements <BR><BR> Peer-Groups<BR> - Configuration Grouping and UPDATE Generation <BR><BR> Route Reflectors<BR> - Deployment (Hierarchy) <BR><BR> Confederations<BR> - Deployment<BR> - Interaction with IGPs <BR><BR> Detection and Propagation of Changes - minAdvertisementTimer<BR> - NEXT_HOP Reachability<BR> - 4.5.3 Route Dampening <BR><BR> Summary and Conclusions

View full abstract page.

  • Alvaro Retana, Cisco Systems
  • Alvaro Retana is a Technical Leader in Cisco\'s IP Routing Deployment and Scalability Team, where he works first-hand on advanced features in routing protocols. Alvaro was formerly a technical lead for both the Internet Service Provider Support Team and the Routing Protocols Team at the Cisco Technical Assistance Center in Research Triangle Park, NC.
youtubeIP Routing Protocol Scalability: Theory and Examples
1:30pm - 3:00pmJewett Ballroom A-E

Tutorial: ISP Security - Real World Techniques II

The Internet is a battleground, with ISP\'s and their customers right in the middle of the line of fire. What ISPs need to protect themselves are tools and techniques that work in the line of fire, i.e., tools that fight DoS attacks and provide something other than a busy signal on the customer service line.<BR> <BR> This tutorial will walk ISPs through the five stages of working an attack: preparation, identification, classification, traceback, and reaction. Focus will be placed on techniques that work - with specific vendor features left for other sessions. All the techniques have been validated and proven to be operationally deployable and workable under conditions of network stress. The key objective is to empower other ISPs to deploy these vendor-independent techniques, which will provide a foundation for inter-NOC cooperation to trace back the attacks to their source.

View full abstract page.
  • Brian W. Gemberling, UUNET.
  • Barry Raveendran Greene, Cisco Systems.
  • Chris Morrow, UUNET/Verizon.
pdfBarry Raveendran Greene Presentation(PDF)
pptBarry Raveendran Greene Presentation(PPT)
youtubeISP Security - Real World Techniques II
3:00pm - 3:30pm Break
3:30pm - 5:00pmJewett Ballroom F-HTutorial: IP Routing Protocol Scalability: Theory and Examples (Continued)Speakers:
  • Alvaro Retana, Cisco Systems.
3:30pm - 5:00pmJewett Ballroom A-ETutorial: ISP Security: Real World Techniques (Continued)Speakers:
  • Brian W. Gemberling, UUNET.
  • Barry Raveendran Greene, Cisco Systems.
  • Chris Morrow, UUNET.
5:00pm - 7:30pm Dinner
7:30pm - 9:00pmJewett Ballroom A-E

Tutorial: BGP Multihoming Guide

This tutorial introduces service providers to some of the features available in BGP to aid multihoming to the Internet. After an explanation of multihoming and the principles being followed in this tutorial, several examples involving different scenarios will be given. This includes the options available when multihoming to the same ISP (including RFC2270) and to different upstreams. Configurations for modifying inbound and outbound traffic flows are covered. The tutorial concludes with a case study, and an examination of the use of BGP communities by several ISPs.

View full abstract page.
  • Philip Smith, Cisco Systems.
youtubeBGP Multihoming Guide
pdfPhilip Smith Presentation(PDF)
7:30pm - 9:00pmJewett Ballroom F-H

Tutorial: Packets and Photons: The Emerging Two-Layer Network

This session highlights new techologies for optical-based networks. The tutorial begins by examining how service providers have constructed their networks in the past in order to cope with the need for IP bandwidth. System equipment layers are discussed, and how they are now being collapsed into an emerging two-layer network. Future technology directions are then explored, including pure photonic routers. We then discuss how network architectures will look, along with their benefits. An in-depth look is taken at generalized MPLS (GMPLS), which allows the IP routing layer to share a common control plane with the optical transmission layer. The importance of this is explained and why it could be the basis for building IP service infrastructures of the future.

View full abstract page.

  • Dan Lockwood, Juniper
  • Dan Lockwood joined Juniper Networks in September 1998 to build the company\'s Professional Services and Education division. He currently manages a group of consultants focused on helping customers plan, architect, and deploy next-generation IP and MPLS networks. Prior to coming to Juniper Networks, Lockwood was a principal consultant at Cascade Communications. Here, he was responsible for designing and deploying multi-service networks using MPLS-based IP Navigator, ATM, and Frame Relay. Lockwood holds a B.S. in Computer Science from Princeton University.
pptPackets and Photons(PPT)
youtubePackets and Photons: The Emerging Two-Layer Network
Monday, October 22 2001
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
9:00am - 9:15amOCC EastWelcome, IntroductionsSpeakers:
  • Susan Harris, Merit Network.
  • Tom Herbst, Cisco Systems.
youtubeWelcome, Introductions
9:15am - 9:30amOCC East

The Internet Under Stress

After the horrific attacks of September 11, Matrix.Net was asked by the Office of the President to track the effects on the Internet and to examine past records for any unusual incidents. Salus presents data, maps, and graphs for Internet performance on September 11 and during earlier disruptive events.

View full abstract page.

  • Peter H. Salus, Matrix
  • Peter H. Salus is Chief Knowledge Officer of Matrix.Net in Austin, TX. He is the author of <I>A Quarter Century of UNIX</I> (1994), <I>Casting the Net</I> (1995), and several other books, and has conducted The Bookworm in ;login: for over a decade. Peter has written for and edited Matrix News since 1994.
pptPeter Salus Presentation(PPT)
youtubeThe Internet Under Stress
9:30am - 9:50amOCC East

What Worked and What Didn\'t: 9/11

Using details gathered from both small and larage providers in New York, the rest of the USA, and overseas, Donelan discusses the events and aftermath of September 11 from an operators\' point of view.

View full abstract page.
  • Sean Donelan, Donelan.com.
pptSean Donelan Presentation(PPT)
youtubeWhat Worked and What Didn't: 9/11
9:50am - 10:10amOCC East

Multicasting Worked on 9/11

On the morning of September 11, 2001, after the terrorist attacks in New York and Washington, many Internet users tried to get news and information over the Internet, only to be met with sluggish performance or unavailable websites. These problems were compounded for users in New York because of the general unavailability of terrestrial broadcasts after the structural failure of the World Trade Center. By contrast, multicasting, which was designed to deal with sudden audience spikes, did not suffer any known outages, and multicast video audiences increased to unprecedented levels. At Networld+Interop in Atlanta, which was ongoing at the time of the attacks, \"the crowds around the one [multicast] display had grown so large as to constitute a fire hazard, [while] all the major news web sites had completely melted down.\"<BR> <BR> The events of 9/11 show that multicasting is a robust, real-world product capable of performing well under difficult conditions. Multicasting is robust to increased traffic loads, both because it limits the bandwidth being consumed, and because the control traffic is robust under packet loss. This robustness will considerably increase with the adoption of Single Source Multicast (SSM), which significantly reduces the amount of required control traffic.<BR> <BR> Multicasting is sensitive, of course, to degradation in the underlying Internet infrastructure. While this was not a problem on 9/11, it was a problem in the days afterwards, as data exchange facilities near the World Trade Center found it hard to stay in service. For the most part, any outages were sporadic and quickly routed around.<BR> <BR> Multicast video was a major source of news on 9/11, with a video audience of 2000+ receivers, and undoubtedly a considerably larger number of viewers. The increased traffic lasted for much of the rest of the week. This shows that multicasting can be used to disseminate information under trying conditions, and that a critical mass of people is able to receive this information. Multicasting would thus seem to be an obvious adjunct to the existing Emergency Alert System (EAS).<BR> <BR> This presentation will focus on the observed multicast traffic on and after the attacks on 9/11, how the multicast Internet behaved under stress, and what these observations imply about multicast security and robustness.

View full abstract page.

  • Marshall Eubanks, Multicast Technologies
  • Marshall Eubanks, CTO at Multicast Technologies Inc., since its founding in 1999, develops multicast applications for broadcasting, content delivery, and one-to-many file transfer. He is also responsible for multicast monitoring at Multicast Technologies and in the effort to protect multicast against denial of service attacks.
  • Rich Mavrogeanes, Vbrick.
  • Prashant Rajvaidya, UC Santa Barbara.
pptMarshall Eubanks Presentation(PPT)
youtubeMulticasting Worked on 9/11
10:10am - 10:30am Break
10:30am - 11:00amOCC East

Trends in Denial of Service Attack Technology

This talk highlights recent trends in denial of service attack technology from the perspective of CERT\'s analysis of the continued development, deployment, and use of denial of service attack tools by intruder communities.<BR> <BR> The speaker has co-authored this paper on DOS attack trends.

View full abstract page.
  • Kevin Houle, CERT.
youtubeTrends in Denial of Service Attack Technology
pptTrends in Denial of Service Attack Technology(PPT)
11:00am - 11:15amOCC EastDDoS PanelModerators:
  • Barry Raveendran Greene, Cisco Systems.
11:00am - 11:15amOCC East

Recent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out?

This talk provides an overview of CAIDA\'s analyses of <A HREF=\"http://www.caida.org/research/security/code-red/\" TARGET=\"_BLANK\">Code Red and other recent worms</A>

View full abstract page.
  • David Moore, CAIDA.
pdfDavid Moore Presentation(PDF)
youtubeRecent Internet Worms: Who Are the Victims, and How Good Are We at Getting the Word Out?
11:15am - 11:30amOCC East

DoS Attacks in the Real World

This presentation takes a real-world look at DoS attacks, concentrating on those launched in relation to Internet Relay Chat (IRC). We will cover the psychology of those who launch DoS attacks, the tools and methods they use, and our successes with tracking and prosecution of these individuals. Additionally, we will cover our tried-and-tested methods of observing, tracking, and defending against these attacks. Finally, we will focus on the effects of these attacks on nearby machines and network infrastructure.

View full abstract page.

  • Karthik Arumugham, Global NAPs
  • Karthik Arumugham has been a Network Engineer at Global NAPs in Quincy, MA for one year, and has been with the company as a Systems Engineer and Software Developer for two years. He has several years of experience in Unix administration, system and network security, and software development.

  • Steven Schechter, Globix
  • Steven Schecter has been a Backbone Engineer at companies such as AboveNet Communications (MFNX), and now presently Globix Corporation in New York City. Previous to that he spent two years working as a Network Engineer and Systems Administrator for Net Access Corporation.

  • Jason Slagle, Toledo Internet Access
  • Jason Slagle has four years experience as Network Administrator at Toledo Internet Access in Toledo, OH. Currently holding his CCNP/CCDP certifications, he is seeking his CCIE and Cisco specialization in security.
youtubeDoS Attacks in the Real World
11:30am - 12:00pmOCC East

Diversion and Sieving Techniques to Defeat

Network engineers have been known to use diversion to blackhole DDoS attacks. This technique may divert and blackhole legitimate traffic. We present a method that provides availability under DDoS attacks by combining different diversion methods with a mechanism that sieves the \"bad\" packets and forwards the \"good\" packets to the intended victim. The method minimizes demand on router resources and does not introduce additional elements on the normal data path.<BR> <BR> The diversion method allows a sieving mechanism to process only the victims\' traffic. The system is employable on a provider\'s backbone, preferably at the peering points. Furthermore, since diversion is done on demand for different targets at different periods of time, the solution can be shared by a large number of potential victims and can protect any element in the provider\'s backbone. This method can also be applied on egress traffic, thus enabling a service provider to clean attack traffic generated within its own network. Various alternative methods of transparently diverting a victim\'s traffic and returning its legitimate traffic will be presented.

View full abstract page.

  • Yehuda Afek, Tel-Aviv Univ. & WANWall
  • Yehuda Afek is a Professor in the School of Computer Science at Tel-Aviv University, and the CTO of WANWall Inc. Currently his research focuses on efficient forwarding and routing algorithms for IP networks, and methods for traffic engineering to stop DDoS attacks. Prior to joining Tel-Aviv University in 1989 he spent four years in AT&T Bell Laboratories. He received his M.Sc. and Ph.D. in Computer Science from UCLA in 1985 and 1983, respectively.
  • Anat Bremler-Barr, Tel-Aviv Univ. & WANWall.
  • Hank Nussbacher, WANWall.
  • Danny Touitou, WANWall.
youtubeDiversion and Sieving Techniques to Defeat
pptYehuda Afek Presentation(PPT)
1:30pm - 1:45pmOCC East

NOBAD: Network-Oriented Basic Anomaly Detection

The goal of this presentation will be to introduce NOBAD, the Network Oriented Basic Anomaly Detection Infrastructure. NOBAD, a volunteer effort, aims to provide a means of distributed network performance and anomaly measurements to quickly detect network problems. These could include line saturation or CPU spikes, which might be signs of denial of service attacks or technical problems. NOBAD consists of a number of sensors deployed throughout the network and a smaller number (where \'number\' is an arbitrary amount from one to n) of so-called aggregators to collect data and react accordingly.<BR> <BR> NOBAD is currently in use at a large network infrastructure provider and has been tested in governmental environments as well. Its distributed nature and the openness of its code and underlying mechanisms and protocols provide the needed vendor independence for homogenous networks. This presentation will focus on both technical background and possible use cases.<BR> <BR> NOBAD, as a volunteer effort, is available as Open Source and can be used under the terms of the \'BSD Public License,\' which permits inclusion in commercial products. A stable release is planned for the weekend prior to NANOG 23.<BR> <BR> The technical background section of the talk will include details of sensor and aggregator implementation, and will address current problems with homogenous networks.<BR> <BR> The use case presentation will cover current implementations, advantages of NOBAD compared to static log file analyzers such as swatch, and a view into the future of distributed anomaly detection.

View full abstract page.

  • Jonas M. Luster, d-fensive.com
  • Dr. Jonas Luster is co-founder and CIO of d-fensive networks, Inc. a security consulting company foscusing on risk analysis and mitigation in large scale networks. He claims not to be a technical person, having graduated as a Criminologist and not in CS, but contributes to a few OpenSource projects as programmer and designer.
pptJonas Luster Presentation(PPT)
youtubeNOBAD: Network-Oriented Basic Anomaly Detection
1:45pm - 2:15pmOCC East

Designing a Testbed for Evaluating DDoS Defense Research

Numerous DDoS defense technologies are now under development by researchers and product vendors. A critical problem is that these technologies, however promising, cannot be validated unless they can be shown to be effective in an environment representative of the equipment, topology, and bandwidth that exists at large ISPs and peering points. Operational settings having these characteristics typically cannot allow the degree of experimentation needed for technology evaluation.<BR> <BR> NAI Labs, the research division of Network Associates, Inc., under contract to the Defense Advanced Research Projects Agency (DARPA), is formulating a set of equipment, connectivity, and data requirements for experimentation and evaluation of new DDoS defense technologies. Meeting these requirements would allow researchers, vendors, service providers, and potential customers to verify that emerging DDoS defense technologies are suitable for large-scale operational deployment. If these requirements can be articulated and supported by industry, U.S. government sponsorship may ultimately be sought to implement them. DARPA, through its contract to NAI Labs, is seeking input from the NANOG community so that a future facility based on these requirements can promote the development of new technology capable of defending against the broadest spectrum of future DDoS attacks.<BR> <BR> This presentation will introduce the project and describe the research work results to date. It is intended to be an introduction to the project and will be followed by a Monday evening BOF, in which feedback and comments from the NANOG community will be sought.

View full abstract page.

  • Wes Hardaker, NAI Labs
  • Wes Hardaker is a Research Scientist with NAI Labs, the research division of Network Associates. His current research is focused on policy management of high-speed IPsec devices and on designing a test network suitable for evaluating DDoS defense products and research work. Priror to join NAI Labs, he worked at U.C. Davis developing its security infrastructure. Additionally, he is the lead developer of the popular net-snmp open source network management toolkit.
pptDesigning a Testbed(PPT)
youtubeDesigning a Testbed for Evaluating DDoS Defense Research
2:15pm - 2:45pmOCC East

Inter-City MAN Services Using MPLS

This presentation describes a network service model for high-speed Metropolitan Area Network (MAN) service providers to deliver economical services between cities. It utilizes a distance-insensitive IP NSP as a WAN partner for inter-city services, simplifies MAN operation, and improves the scalability of a traditional standard overlay model by allowing the MAN provider to peer with the NSP for both Internet transit and inter-city MAN services (e.g., transparent LAN services.)<BR> <BR> This network service model allows an NSP to offer hierarchical MPLS services to downstream providers, while providing scalability and automation for both the NSP and MAN provider. While this presentation refers to a solution for MAN providers, any downstream provider that needs hierarchical MPLS services from an NSP can use this service.

View full abstract page.

  • Pascal Menezes, Terabeam
  • A seasoned IP veteran and network architect, Menezes has more than 16 years experience in next-generation information systems and communications architecture. As Terabeam\'s CTO of IP internetworking, Menezes designed and implemented one of the first production grade Gigabit Ethernet MANs in 1998 offering VoIP services. He is an early pioneer in packet-based QoS framework, layer 2 VPN MPLS services for MANs, and inter-city MPLS hierarchical services. He has designed and implemented many global, national, regional and metro IP networks.<BR> <BR> Prior to his work at Terabeam, Menezes was Senior Internetworking Technologist at Packet Engines. Previous to Packet Engines, he worked as a consultant to Fortune 50 companies specializing in network and system integration. Menezes currently is the Vice President of the Metro Ethernet Forum (MEF), Co-Chair of the Protocol and Transport group at the MEF, and has authored and co-authored many IETF drafts on Ethernet MAN technologies, including Layer 2 MPLS services and Inter-MAN MPLS LSP services. He actively participates in IETF working groups, design teams, and MPLS Forum technical meetings.
youtubeInter-City MAN Services Using MPLS
pptPascal Menezes Presentation(PPT)
2:45pm - 3:15pmOCC East

MPLS in Perspective

This presentation considers whether service providers should roll out MPLS in their networks, and what questions they should ask in arriving at the answer. Kompella addresses commonly asked questions, such as \"What\'s the benefit of using MPLS vs. ATM?\", \"MPLS vs. IP?\" and \"Are the benefits of MPLS worth rolling out new protocols?\" He also suggests more fundamental questions that <I>should</I> be asked.

View full abstract page.

  • Kireeti Kompella, Juniper
  • Kireeti Kompella is a Distinguished Engineer at Juniper Networks. His current interests are all aspects of Multi-Protocol Label Switching, including traffic engineering, generalized MPLS, and MPLS applications such as VPNs. Kompella is active at the IETF, where he is a co-chair of the CCAMP Working Group and the author of several Internet-Drafts in the areas of IS-IS, MPLS, OSPF, PPVPN and TE. Previously, he worked in the area of file systems at Network Appliance and SGI.<BR> <BR> Kompella received his B.S. in EE and M.S. in C.S. at the Indian Institute of Technology, Kanpur; and his Ph.D. in C.S. at the University of Southern California.
pptKireeti Kompella Presentation(PPT)
youtubeMPLS in Perspective
3:15pm - 4:00pm Break
4:00pm - 5:00pmOCC EastPanel: Terabit POP DesignModerators:
  • Dave Ward, Cisco.
  • Ron da Silva, AOL Time-Warner.
  • Sean Doran, Ebone.
  • Ted Seely, Sprint.
youtubePanel: Terabit POP Design
5:30pm - 7:30pm OCC West
  • Sponsors Cisco Systems; Extreme Networks; Juniper Networks; Laurel Networks; OPNET Technologies; PAIX.net; Pluris; Riverstone Networks.
  • Sponsors
  • 7:30pm - 9:00pmJewett Ballroom F-HDesigning a Testbed for Evaluating DDoS Defense ResearchModerators:
    • Wes Hardaker, NAI Labs.
    7:30pm - 9:00pmJewett Ballroom A-D

    Peering BOF IV

    Now more than ever, Internet Service Providers are focusing on ways to increase the resiliency of their networks and, if at all possible, reduce their operating costs at the same time. Past research (Peering Decision Tree, presented at NANOG 19, and A Business Case for Peering) demonstrates the economic tradeoffs of peering and highlight the simple but challenging first step: How to know who to talk with at an ISP to get peering set up?<BR> <BR> This Peering BOF focuses on this first step using \"Peering Personals.\" We solicit Peering Coordinators (before the meeting), asking them to characterize their networks and peering policies in general ways (\"content heavy\" or \"access (eyeball) -heavy,\" \"Multiple Points Required\" or \"Will Peer anywhere,\" \"Peering with Content OK,\" etc.). From the answers we will select a set of ISP Peering Coordinators to present a 2-3 minute description their network, what they look for in a peer, etc., allowing the audience to put a face with the name of the ISP. At the end of the Peering BOF, Peering Coordinators will have time to speak with Peering Coordinators of ISPs they seek to interconnect with. The expectation is that these interactions will lead to the Peering Negotiations stage, the first step towards a more fully meshed and therefore resilient Internet.<BR> <BR> At the first NANOG Peering BOF I volunteered to maintain a Peering Contact Database (as an Excel Spreadsheet) that I e-mail out about every six weeks to participating Peering Coordinators. If you are a Peering Coordinator and would like to be listed in the PCD and get a copy of the PCD, send a note to [email protected] with Subject: PCD. I maintain this as a community service and is completely separate from my role at Equinix.<BR> <BR> ------<BR> <BR> NOTES:<BR> <BR> Date: Mon, 29 Oct 2001 10:03:33 -0800<BR> From: William B. Norton <BR> Subject: Peering BOF IV Meeting Notes<BR> <BR> Hi all -<BR> <BR> Here are my notes from the Peering BOF IV - NANOG 23.<BR> <BR> We started at 7:30 PM Monday evening with the intention of pulling the <BR> peering community together through introductions. We had about 20 Peering <BR> Coordinators step up to the mike, introduce themselves, say a word or two <BR> about their network, peering policy and what they are looking for in a peer <BR> network. This allowed the audience to put a face to a name for <BR> conversations afterwards. Another 10 that didn\'t pre-register for this <BR> stepped up and chimed in as well. From about 8:30 til almost 10PM the <BR> community stuck around to talk and I\'m told that *dozens* of peering <BR> sessions (Yahoo!, Akamai, Carrier1, SBC, etc.) will be set up as a result. <BR> Highly successful NANOG for this segment of the population.<BR> <BR> Several folks asked for a list of those who stood up to talk about their <BR> peering policy, and here is what I have:<BR> <BR> BBC Internet<BR> Simon Lockhart<BR> [email protected]<BR> <BR> Digital Island<BR> Mitchell Rose<BR> [email protected]<BR> <BR> DoubleClick<BR> Alex Ng<BR> [email protected]<BR> <BR> TELUS<BR> Clinton Work <BR> [email protected]<BR> <BR> France Telecom/Open Transit<BR> Vincent Gillet<BR> [email protected]<BR> <BR> Globix<BR> Steven J. Schecter<BR> [email protected]<BR> <BR> WINFirst<BR> Hansel Lee<BR> [email protected]<BR> <BR> 4CNet<BR> Brian Court<BR> [email protected]<BR> <BR> Akamai<BR> Rachel Warren <BR> [email protected] <BR> <BR> Patrick Gilmore <BR> [email protected]<BR> <BR> Hostcentric <BR> Charlene Wang<BR> [email protected]<BR> <BR> Japan Telecom<BR> Seiji Kuroda<BR> [email protected]<BR> <BR> Adelphia<BR> Joe Klein<BR> [email protected]<BR> <BR> Earthlink<BR> Jeb Linton/Josh Fleishman<BR> <BR> Yahoo!<BR> Jeffrey Papen<BR> [email protected]<BR> <BR> SBC<BR> Ren Nowlin <BR> [email protected]<BR> <BR> Carrier1<BR> Eric Troyer<BR> [email protected]<BR> <BR> ESNet<BR> Joe Metzger<BR> [email protected]<BR> <BR> Velocita<BR> Brian Dickson<BR> [email protected]<BR> <BR> I want to thank these folks for volunteering to share their info and hopefully this led to some sessions coming up. <BR> <BR> Speaking of which, if Peering Coordinators would like to participate in the Peering Contact Database and receive a copy once a month or so of the Peering Contact Database, send e-mail to [email protected] and I\'ll return the template to fill out. So far we have about 150 Peering Coordinators listed.<BR> <BR> Several suggestions were made for the next time:<BR> <BR> - Include a \"Peering Contracts Required\" icon and<BR> <BR> - \"Make it easy for folks to step up later along with Icons\" and<BR> <BR> - \"Include e-mail addresses\"<BR> <BR> We\'re going to try and factor in these suggestions for the Peering Personals at the next Gigabit Peering Forum which is held Dec 3rd in San Jose. If you are a Peering Coordinator and would like an invite to this let <BR> me know.<BR> <BR> For those who could not attend due to travel restrictions or whatever I\'d be happy to e-mail the slides with the peering icons and ISP names etc.<BR> <BR> Hope this helped -<BR> <BR> Bill

    View full abstract page.
    • Bill Norton, Equinix.
    9:00pm - 9:30pmSimmons 1-2PGP Key Signing
    Tuesday, October 23 2001
    Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
    9:00am - 9:30amOCC East

    Enhancing the Internet\'s Administrative Look-up Service

    The use of the whois protocol to provide a look-up service for Internet infrastructure information is showing its age. Operators are experiencing increased demands for information through the whois service. From the needs of privacy, law enforcement, intellectual property rights, and referrals, new demands are being asked of this service. VeriSign is in the process of gathering requirements from the various whois user communities. Mark will present the process through which VeriSign is gathering these requirements, and the generalities of what is currently known about them.<BR> <BR> In addition, VeriSign has been working on efforts to shift this look-up service away from whois to other, more capable protocols. Andrew will present VeriSign\'s two projects looking at replacing this service with a protocol other than whois: 1) VeriSign is piloting a project to replace whois with LDAP, and 2) a proposed XML-based directory protocol that mirrors much of the effort going into EPP (Extensible Provisioning Protocol).

    View full abstract page.
    • Mark Kosters, VeriSign Applied Research.
    • Andrew Newton, VeriSign Applied Research.
    pptAndrew Newton Presentation(PPT)
    youtubeEnhancing the Internet's Administrative Look-up Service
    9:30am - 9:45amOCC EastOperator Requirements of Infrastructure Management MethodsSpeakers:
    • Bill Woodcock, Packet Clearing House.
    youtubeOperator Requirements of Infrastructure Management Methods
    9:45am - 10:00amOCC EastHow to Do VLAN-Based Security Within Your Network InfrastructureSpeakers:
    • Bill Woodcock, Packet Clearing House.
    youtubeHow to Do VLAN-Based Security Within Your Network Infrastructure
    10:00am - 10:30amOCC EastIntroduction to BGP Dynamics Track <I>and</I> Routing Table Growth: News at ElevenModerators:
    • Dave Meyer, Sprint.
    • Randy Bush, None.
    • Bill Woodcock, Packet Clearing House.
    youtubeIntroduction to BGP Dynamics Track <I>and</I> Routing Table Growth: News at Eleven
    10:30am - 10:45am Break
    10:45am - 11:15amOCC East

    ARIN Open Mike Session

    This discussion will include a ten-minute overview of the ARIN policy evaluation process that identifies the current issues being evaluated. The remaining time will be left open for meeting attendees to ask questions and provide feedback on any issue related to ARIN procedures or policies.

    View full abstract page.
    • Richard Jimmerson, ARIN.
    youtubeARIN Open Mike Session
    pdfRichard Jimmerson Presentation(PDF)
    pptRichard Jimmerson Presentation(PPT)
    11:15am - 12:00pmOCC East

    Global Routing Instabilities During Code Red II and Nimda Worm Propagation

    We will present our analysis of the surprisingly strong impact of recent Microsoft worms (such as Code Red II and Nimda) on the stability of the global routing system. Analysis of the on-line BGP message archives from the RIPE-NCC Routing Information Service, and of the worm scanning and infection spread datasets shows strong correlations between worm propagation periods and very long-lasting BGP \"update storms.\" <BR><BR> We will also discuss preliminary results concerning the populations of unstable routes, unreachable networks, and the mechanisms by which the worm traffic may be destabilizing the BGP routing system. <BR><BR> See: <BR><BR> <A HREF=\"http://www.renesys.com/tech/presentations/\">http://www.renesys.com/tech/presentations/</A>

    View full abstract page.
    • Jim Cowie, Renesys Corporation.
    • Andy Ogielski, Renesys Corporation.
    youtubeGlobal Routing Instabilities During Code Red II and Nimda Worm Propagation
    12:00pm - 1:30pm Lunch
    1:30pm - 2:00pmOCC East

    Shining Light on Dark Internet Address Space

    In this talk, we explore the degree to which commercial strategies, peering disputes, network failures, misconfiguration, and occasionally, malicious intent, lead to a partitioning of Internet topology. Specifically, we present a three-year study of the differences in Internet provider reachability. We focus on \"dark address space,\" or the range of topology accessible from one provider, but unreachable via one or more competitor networks. We present active and passive measurements of these differences on time scales ranging from several seconds to multiple months.

    View full abstract page.
    • Abha Ahuja, Merit Network/Arbor Networks.
    • Craig Labovitz, Merit Network/Arbor Networks.
    • Presented by Rob Malan, Arbor Networks.
    youtubeShining Light on Dark Internet Address Space
    2:00pm - 2:15pmOCC East

    BGP Multiple Origin AS (MOAS) Conflicts

    This talk will present our measurement and analysis of multiple origin AS (MOAS) conflicts in observed BGP updates, as well as a proposal for use of a community attribute and DNS to decrease risk in cases where MOAS conflicts may cause significant Internet routing disruption. Examples of such disruption include the AS8584 case in April 1998, and the instabilities generated by C&W peering changes in June of this year.<BR> <BR> Seen in BGP routing table views, MOAS conflict is the case where a particular prefix originates from more than one AS. Using BGP routing tables from multiple views over 1279 continuous days, we analyzed total numbers of MOAS conflicts, duration of the conflicts, and relation to prefix length. We also classified the conflicts by the congruence of the multiple AS paths and analyzed the potential causes for the conflicts. These include intended uses to meet legitimate operational needs (multi-homing without BGP, private AS number substitution at egress, exchange points, anycast practices) and faults.<BR> <BR> Both the total numbers of MOAS conflicts and the distribution of conflict duration suggest that MOAS due to faults represents a significant operational concern, even with the filtering lessons learned from AS8454 and similar events before and after. When a MOAS conflict occurs, we would like to enable routers to distinguish intended MOAS cases from route flapping or blackholing. Proposed solutions so far include the use of DNS (Bates/Bush1998) and uses of routing registries, including full-blown certifications (SBGP). In this talk we propose a much simpler and incrementally deployable approach using a new community attribute and DNS, which can provide adequate protection against faults from MOAS conflicts.

    View full abstract page.
    • Allison Mankin, USC/ISI.
    • Dan Massey, USC/ISI.
    • Dan Pei, UCLA.
    • Lan Wang, UCLA.
    • S. Felix Wu, UC Davis.
    • Lixia Zhang, UCLA.
    • Xiaoliang Zhao, NCSU.
    youtubeBGP Multiple Origin AS (MOAS) Conflicts
    pptLixia Zhang Presentation(PPT)
    2:15pm - 2:45pmOCC East

    The Impact of BGP Misconfiguration on Connectivity

    While it is well-known that BGP is vulnerable to simple, accidental misconfigurations that can cause widespread loss of connectivity, most of the evidence is anecdotal. Routing configuration errors have received less attention than more popular threats to connectivity, such as denial-of-service, and CAIDA\'s BGP analyses and Merit\'s IPMA project provide some of the only data available.<BR> <BR> We present initial results of a new study of BGP configuration errors based on publicly available routing table snapshots and looking glasses. We quantify the kind and extent of configuration errors, as well as their impact on backbone connectivity. In this talk, we focus on announcements with incorrect origin AS and partial connectivity.<BR> <BR> We find that there are a significant number of questionable routing announcements, but the majority of these have only a slight impact on connectivity. Of the roughly 2% of the prefixes per day that are not announced with consistent origins, O(100) prefixes are subject to AS-path stripping and potential address space hijacks, while the other fluctuations are more benign. We also analyze partially connected address space (that is reachable only from some parts of the Internet) to expose route filtering and damping practices that are limiting connectivity. We find that 1-2% of the address space exists in a persistently partially reachable state at any given time.

    View full abstract page.
    • Tom Anderson, University of Washington.
    • Ratul Mahajan, University of Washington.
    • David Wetherall, University of Washington.
    pptThe Impact of BGP Misconfiguration on Connectivity(PPT)
    youtubeThe Impact of BGP Misconfiguration on Connectivity
    2:45pm - 3:15pmOCC East

    Analysis of RIPE / RIS Project\'s BGP Data: CIDR at Work

    We analyze the BGP messages collected by the RIPE-NCC Routing Information Service. The data has been collected for about two years. It is much richer than the daily snapshots often used in analysis and helps us address more detailed questions than simply table size growth. For example, we can show the effectiveness of CIDR aggregation, or account for multi-homing and inter-domain traffic engineering more accurately.<BR> <BR> In short, we find that the routing table size growth is not exponential, CIDR is doing very well, and churn is decreasing. Most of the churn is due to the loss and re-establishment of BGP peerings, as well as policy misconfigurations (leaking routes, etc).

    View full abstract page.

    • Cengiz Alaettinoglu, Packet Design
    • Cengiz Alaettinoglu is a member of the Technical Staff at Packet Design. His current work includes analysis of and enhancements to BGP and IGP scaling and convergence properties. He was previously at the USC Information Sciences Institute, where he worked on the Routing Arbiter project. Cengiz co-defined the Routing Policy Specification Language along with the protocols to enable a distributed, secure routing policy system.
    youtubeAnalysis of RIPE / RIS Project's BGP Data: CIDR at Work
    pdfAnalysis of RIPE/RIS Project's BGP Data(PDF)
    3:15pm - 3:30pmOCC East

    XML-based Network Management

    Service providers have expressed a need for a simple, standard method of building tools for network management and provisioning. The Extensible Markup Language (XML) provides a straighforward means by which these needs can be met. Using standard tools, XML can be easily parsed, stored, retrieved, debugged, and documented. XML\'s ASCII encoding lends itself well to scripting and provisioning (it\'s easy to write, and easy to debug), and its ability to provide forward and backward compatibility makes it a robust choice for building network management tools.<BR> <BR> This talk will include a very brief introduction to XML, a description of areas of network management to which XML is applicable, and examples of using XML and XML-based tools to wrangle operational and configuration data from a network.

    View full abstract page.

    • Rob Enns, Juniper
    • Rob Enns works on user interface and network management software at Juniper Networks. Prior to Juniper Rob worked at Berkeley Networks and FORE Systems.
    pptRob Enns Presentation(PPT)
    youtubeXML-based Network Management
    3:45pm - 4:00pmOCC EastTUNDRASpeakers:
    • Jeffrey Papen, Yahoo.
    3:45pm - 4:00pmOCC East

    Using Topological Mapping to Manage and Secure Large Networks

    The security of a network infrastructure, particularly an extensive one, relies on the proper management of the network address space, routes, and external connections. If network managers don\'t know what they have, how it\'s connected, and what else it\'s connected to, they can\'t know if it is secure. The Internet Mapping Project, started by Bill Cheswick at Bell Labs, has been collecting intriguing topological information about the Internet since August of 1998. In the last year, this technology has been applied to large corporate intranets and ISPs with equally illuminating results.<BR> <BR> The presentation introduces the analysis and interpretation of such maps and what can be determined from such analysis. The larger the network, the more useful we find this analysis to be for identifying single points of failure, address squatting (the use of another organization\'s address space within one\'s own network), legacy connections to divested networks or former business partners, and outright security violations. Real-world anonymized examples will be part of the presentation.

    View full abstract page.

    • Karl Siil, Lumeta
    • Karl Siil, Director of Professional Services at Lumeta Corporation, has been working in network and system security for the past 20 years. Prior to Lumeta, Mr. Siil spent over 10 years at AT&T Bell Labs developing secure operating systems and networks for commercial and government clients, and three more years running the security practices of various global consulting companies.
    pptKarl Siil Presentation(PPT)
    youtubeUsing Topological Mapping to Manage and Secure Large Networks
    4:00pm - 4:15pmOCC EastClosing RemarksSpeakers:
    • Susan Harris, Merit Network.
    pptClosing Remarks(PPT)
    youtubeClosing Remarks


    ^ Back to Top