^ Top

NANOG 37 Agenda

All times listed below are Central Time. 

Presentation File Key:

     Windows Media video, requires Windows Media Player to view. 

   Real Video, requires Real Player to view. 

     PDF Document, requires Adobe Acrobat Reader to view/print. 

Sunday, June 4 2006
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
3:00pm - 5:00pmConvention Center J2

San Jose Newcomers\' Reception

Welcome! If you\'re new to NANOG, or if you\'re an experienced attendee and just feel like hanging out, this orientation session and reception are for you. Join us to meet other newcomers as well as members of the NANOG Steering Committee, Program Committee, and List-admin team. We\'ll demystify the goings-on at NANOG, and also tell you a bit about the birth of the organization way back in the mists of time. We\'ll meet from 3:30-5:00 p.m. on Sunday, June 5. Light refreshments will be served—and be sure to join us immediately after the reception for the Community Meeting at 5:00 p.m. Opening Remarks and Welcome - Steve Feldman, CNET NANOG History - Bill Norton, Equinix Merit Overview - Betty Burke, Merit Network Inc.

View full abstract page.
  • Steve Feldman, CNET.
  • Betty Burke, Merit Network Inc..
  • Bill Norton, Equinix.
pdfBetty Burke - Newcomers' Reception(PDF)
pdfBill Norton - NANOG History(PDF)
5:00pm - 7:00pmConvention Center J2

NANOG Community Meeting

<UL> <LI> What subjects might interest the members but are not at the meeting because the talks were rejected by the PC <BR><BR></LI> <LI> Should the PC keep and publish minutes? With what content? - shows and no-shows - who is active in recruiting talks <BR><BR></LI> <LI> Transparency in PC review process, should the reviews be signed as opposed to anonymous? <BR><BR></LI> <LI> Should PC members be assigned to shepherd talks to help authors tune their talks earlier in the development process? <BR><BR></LI> <LI> What should the mid- long-term direction of NANOG be? <BR><BR></LI> <LI> How should we deal with attendees from the press - Attendance fee - Photography <BR><BR></LI> <LI> Two or three meetings a year? <BR><BR></LI> <LI> ML AUP change <BLOCKQUOTE> 8. Challenge/response sender whitelisting software which requires interaction by any party to validate a post to the NANOG mailing list as non-spam shall be treated by the list administration team like any other condition that generates a bounce message. Subscribers with software (such as but not limited to TMDA) that is (mis) configured in this fashion are subject to removal from the list without notice, and are welcome to resubscribe at such time as their software is fixed. </BLOCKQUOTE> </LI> </UL>

View full abstract page.
  • Randy Bush, IIJ.
  • Betty Burke, Merit Network.
  • Steve Feldman, CNET.
  • Rob Seastrom, ClueTrust.
pdfBetty Burke Community Meeting Presentation(PDF)
youtubeNANOG Community Meeting
pdfNANOG SC Presentation(PDF)
pdfRob Seastrom Community Meeting Presentation(PDF)
pdfSteve Feldman Community Meeting Presentation(PDF)
Monday, June 5 2006
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
8:00am - 9:00amAlmaden Concourse Hallway JContinental Breakfast
9:00am - 9:15amExhibit Hall 3Welcome, IntroductionsSpeakers:
  • Steve Feldman, CNET.
  • Rodney Joffe, UltraDNS.
youtubeWelcome, Introductions
9:15am - 9:45amExhibit Hall 3

Authentication for TCP-based Routing and Management Protocols

This presentation describes a TCP extension that enhances security for BGP, LDP and other TCP-based protocols. It is intended for applications where secure administrative access to both the end-points of the TCP connection is normally available. TCP peers can use this extension to authenticate messages passed between one another. The strategy described herein improves upon current practice, which is described in RFC 2385, \"Protection of BGP Sessions via the TCP MD5 Signature Option.\" Using this new strategy, TCP peers can update authentication keys during the lifetime of a TCP connection. TCP peers can also use stronger authentication algorithms to authenticate routing messages.

View full abstract page.
  • Ron Bonica, Juniper.
youtubeAuthentication for TCP-based Routing and Management Protocols
pdfRon Bonica Presentation(PDF)
9:45am - 10:00amExhibit Hall 3

Research Forum: Active Measurement of the AS Path Prepending Method

While the AS path prepending method has been widely deployed by operators, very little is known about the impact of this method on Internet routing. In this project, we have conducted an active measurement study on a dual-homed, stub AS. We announce a route of a beacon prefix in the AS to both links, and we prepend only on the busier link. After announcing each prepending length, we observe possible route changes from a set of looking glasses and route servers. Based on the measurement results, we have observed quite a few interesting and useful results. First of all, a very high percentage of routes to the beacon prefix have been changed. Another is that we can identify which upstream ASes are responsible for the route changes. In particular, we can classify all the upstream ASes into three categories, depending on their responses to the prepended routes: active-responsive, passive-responsive, and nonresponsive. These findings obtained from the active measurement could be very useful for operators to estimate the impact of advertising prepended routes before effecting it. A measurement-based mechanism can also be devised to compute the optimal prepending configuration.

View full abstract page.
  • Rocky K. C. Chang, Hong Kong Polytechnic University.
  • Samantha Lo, Hong Kong Polytechnic University
  • Samantha Lo is currently a Master of Philosophy student at the Department of Computing of The Hong Kong Polytechnic University. She received her BSc in Information Technology from the same university in 2005. Samatha received a Merit Award in the Charles Baggage Final-Year Project Award, and the 3rd prize in The 9th Challenge Cup Philips Competition in 2005. During 2003-2004, she was a trainee business analyst at the DBS Bank in Hong Kong. Her research interests include Internet measurement, interdomain routing, and traffic engineering. In real life, she is also a musician, playing a classical Chinese instrument. She received a number of awards and has performed in Southeast Asian countries and China.
youtubeResearch Forum: Active Measurement of the AS Path Prepending Method
pdfSamantha Lo Presentation(PDF)
10:00am - 10:15amExhibit Hall 3

Research Forum: Pretty Good BGP and the Internet Alert Registry

The Internet\'s interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks primarily due to operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. Until such a large proposal is adopted, networks will remain vulnerable to false information injected into BGP. However, BGP routers could avoid selecting and propagating these routes if they were cautious about adopting new reachability information. We describe a protocol-preserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of disruptive routes, providing network operators time to respond before the problem escalates into a large-scale Internet attack.

View full abstract page.
  • Josh Karlin, University of New Mexico.
pdfJosh Karlin Presentation(PDF)
youtubeResearch Forum: Pretty Good BGP and the Internet Alert Registry
10:15am - 10:30amExhibit Hall 3

Research Forum: A simple coordination mechanism for interdomain routing

Routing information in BGP today carries little information about path quality. Upstream ISPs often select paths based on what is locally optimal. This can lead to poor end-to-end paths because decisions that appear locally sound may be globally poor. For instance, \"hot potato\" routing may not send packets in the direction of the ultimate destination. While MEDs, which enable downstream ISPs to share their preferences with upstream ISPs, are useful in some cases, they do not generally improve end-to-end paths. They enable \"cold potato\" routing, which simply means that paths are now optimized with respect to the downstream ISP. Additionally, MEDs have meaning only across two adjacent ISPs. Neither can an ISP meaningfully compare MEDs received from two different downstream ISPs nor can an intermediate ISP transmit MEDs received from a downstream ISP to an upstream ISP. We present Wiser, an extension to BGP that produces efficient end-to-end paths. Wiser retains ISP independence in that providers are not required to disclose sensitive internal information (such as path length) and ISPs can make optimize for their own criteria (such as a mix of latency and utilization). With Wiser, downstream ISPs advertise routes tagged with costs that are similar to MEDs. Upstream ISPs then select paths with an amended BGP decision process that considers the sum of its internal costs and the costs reported by the downstreams. The costs of the downstream ISP are normalized such that they become comparable to the costs of the upstream ISP. To discourage abuse, such as when an upstream ISP refuses to consider downstream costs, there is a contractual limit on the average cost an ISP incurs for carrying traffic received from another ISP. We have evaluated Wiser using measured ISP topologies and a router-level prototype. We find that, unlike routing today, the efficiency of Wiser is close to that of an ideal routing that globally optimizes network paths for metrics such as path length and bandwidth provisioning. We also find that these benefits come at a low cost: the overhead of Wiser is similar to that of BGP in terms of routing messages and computation.

View full abstract page.
  • Thomas Anderson, University of Washington.
  • Ratul Mahajan, Microsoft Research
  • Ratul Mahajan is a researcher at Microsoft Research. He obtained a Ph.D. from the University of Washington, Seattle and a B.Tech. from the Indian Institute of Technology, Delhi (India), both in Computer Science and Engineering. His research interests lie in the area of networked systems, and his work addresses several problems in network measurement, diagnosis, and routing.
  • David Wetherall, University of Washington.
pdfRatul Mahajan Presentation(PDF)
youtubeResearch Forum: A simple coordination mechanism for interdomain routing
10:30am - 11:00amAlmaden Concourse Hallway JBreak
11:00am - 11:30amExhibit Hall 3

Managing 100+ million IP addresses

How to manage a network with 100+ million IP addresses in the next few years? When Net10 does not cut it anymore, the sensible answer for Comcast is IPv6. Comcast is one of the first operators to adopt IPv6 as a strategic activity with an aggressive roll-out plan. In its initial phase, this plan focuses on the management and operation of Comcast-operated devices such as cable modems and set-top boxes. Key architectural choices are made to reduce the complexity of the overall deployment.

View full abstract page.

  • Alain Durand, Comcast
  • Alain has been working on IPv6 since 1994, participated in the INRIA BSD IPv6 implementation in 1995, and was a pioneer on the 6bone in 1996. He has authored numerous RFCs and Internet Drafts, and co-chaired the IETF NGtrans working group from 1999 to 2002. He now servers as the co-chair of the Softwires working group. Prior to Comcast, Alain was at Sun as the IPv6 architect during the development of Solaris 10.
pdfAlain Durand Presentation(PDF)
youtubeManaging 100+ million IP addresses
11:30am - 12:30amExhibit Hall 3

Panel: Network Neutrality - What Does It Mean To Operators?

We\'ve all heard about or participated in the Network Neutrality debate by now. However, as legislation is proposed and CEO\'s pontificate, vital questions remain unanswered. What does Network Neutrality really mean to carriers, to content providers, and to our customers? What will be the operational fallout of the current debate, regardless of its eventual resolution? Join our \"neutral\" panelists as they discuss key issues: <UL> <LI> Settlement: Will we have a reciprocal settlement system? Should we? <BR><BR></LI> <LI> Congestion: Is talk of prioritization really just a codeword for increasing access/backbone congestion in a time of increasing broadband speeds? <BR><BR></LI> <LI> The Peering Doomsday Scenario: Are we hurtling towards \"Tier 0 Peering\" where AT&T and Verizon will conduct settlement-free interconnection as a \"gang of two\"? <BR><BR></LI> </UL>

View full abstract page.

  • Bill Woodcock, Packet Clearing House
  • Bill Woodcock is research director of Packet Clearing House, a non-profit research institute dedicated to understanding and supporting Internet traffic exchange technology, policy, and economics. Bill has operated national and international Internet service provision and content delivery networks since 1989, and currently spends most of his time building Internet exchanges in developing countries.
  • Sean Donelan, Cisco Systems.
  • Sean Doran, None.
  • Gene Lew, Neustar.
  • Brokaw Price, Yahoo.
youtubePanel: Network Neutrality - What Does It Mean To Operators?
12:30pm - 2:15pm Lunch
2:15pm - 3:45pmJ3

BGP Techniques for Service Providers

This tutorial introduces service providers to some advanced BGP features and techniques to aid with operating their networks within the Internet. After a recap of iBGP, eBGP, and common attributes, the tutorial will look at the various scaling techniques available, when to use BGP instead of an IGP, and policy options available through the use of local preference, MED, and communities. The tutorial then describes deployment techniques, including aggregation, announcing and receiving prefixes, and some of the newer features available.

View full abstract page.

  • Philip Smith, Cisco Systems
  • Philip Smith joined Cisco Systems in January 1998. He is a member of the Service Provider Architectures Group of Consulting Engineering, within Corporate Development. His role includes working with many ISPs in the Asia-Pacific region and the rest of the world, specifically in network strategies, design, technology, and operations, as well as helping with network configuration and scaling. Other areas of interest also include Internet routing, Internet protocols, IPv6, and encouraging the growth of the Internet around the world. Prior to joining Cisco, he spent five years at PIPEX (now part of UUNET\'s global ISP business), the UK\'s first commercial Internet Service Provider. He was one of the first engineers working in the UK Internet, and played a fundamental role in building the modern Internet in the UK and Europe. Philip is co-author of Cisco ISP Essentials, published by Cisco Press. He holds a Doctor of Philosophy and has a First Class Honours Degree in Physics. He lives in Brisbane, Australia.
youtubeBGP Techniques for Service Providers
pdfPhilip Smith Presentation(PDF)
2:15pm - 3:45pmJ2

Peering BOF XIII

The 2006 U.S. Peering Ecosystem is forecasting some turbulence over the next few years, and we will use this Peering BOF to explore some of these issues. Here are some of the ideas that the community has asked to discuss. We\'ll try something a bit different this time as well, recruiting a few brave souls to polish their crystal ball and project what they think the Internet Peering Ecosystem will look like in the year 2010. This exercise will hopefully be insightful, interesting, outlandish, or maybe way wrong. In any case, it will certainly help spur discussion among the members of this community. We\'ll take a look at the transit survey results from the last BOF, if they are available. Peering disclosure has re-emerged as an issue as customers increasingly are interested in ISPs\' current and future peering relationships as a proxy for connectivity quality. This leads to the question, are there better metrics for this? We will have a couple people discuss an emerging trend in video distribution that may result in peered traffic that dwarfs today\'s peered Internet traffic. These are some of the discussions this BOF will facilitate. As usual, we will use the leftover time at the end of the BOF to allow new folks to introduce themselves to the community to facilitate peering discussions leading into the break.

View full abstract page.

  • Bill Norton, Equinix
  • Bill Norton is Co-Founder and Chief Technical Liaison for Equinix. He focuses on research on large-scale interconnection and ISP peering, and in particular, scaling Internet operations using optical networking. Bill has published and presented his research in a variety of international forums. From 1987 to 1998, he served in several staff and managerial roles at Merit Network, directing national and international network research and operations activities and serving as NANOG coordinator. Bill received a B.A. in Computer Science and an M.B.A. from the Business School at the University of Michigan, and has been an active member of the Internet Engineering Task Force for the past 15 years.
pdfBill Norton Presentation(PDF)
pdfBill Norton Transit Survey presentation(PDF)
pdfBill Norton YouTube peering personals(PDF)
pdfDan Golding's Net Neutrality and Peering(PDF)
3:30pm - 4:00pmAlmaden Concourse Hallway JBreak
4:00pm - 5:30pmJ3Tutorial: BGP Techniques for Service Providers (Part 2)Speakers:
  • Philip Smith, Cisco Systems.
4:00pm - 5:30pmExhibit Hall 3

BGP Tools

In recent years various non-commercial tools have been developed to collected and analyze BGP data. When combined with BGP data collected by individual ISPs as well as by public archives such as RouteViews and RIPE RIS, these tools can potentially provide invaluable insight into the operations of inter-domain routing. The fourth BGP Analysis Tools BOF builds on the potential of these tools by fostering a closer interaction between non-commercial tool developers and the potential users represented by NANOG. The BoF is organized as a series of short presentations and is followed by hands-on demonstrations. This BoF features the Routing Configuration Checker, Organized BGP Data Collector and Analysis, the Datapository, and short updates from a number of tools including a new BGP monitor tool. Following the presentations, the tool developers will be available for tool demonstrations and discussions. Featured Tools: Routing Configuration Checker: Guaranteeing that a routing configuration satisfies an operator\'s security policy is important not only for the public Internet, but also in the case of BGP/MPLS layer-3 VPNs and for other network configurations that must provide some security policy (e.g., IPSec, GRE tunnels, etc.). Existing techniques for assessing a network\'s security properties are often performed with attempts to actively compromise the network or to violate some security policy by actively sending streams of packets at the network perimeter; these techniques do not test network-wide configurations for invariants, and they do not provide a formal risk assessment. Existing tools that evaluate the security properties of network configurations operate at the device level but do not analyze network-wide} behavior, which is particularly important to understand, given that the {\\em interactions} between configurations across distributed network devices ultimately dictate the behavior of the network. Static configuration analysis can help network operators determine whether a network\'s behavior matches the network operator\'s expectations and achieves the intended security policies. O-BGP BGP Data Organization Tool and Data Collection Errors. The Organize BGP (O-BGP) project has developed software for downloading data from monitoring points such as RouteViews and RIPE RIS. The software organizes the data into a common format, adds labeling information into the updates, and compares the update logs with the routing table snapshots. Ideally, a routing table built from updates should equal the routing table snapshot from the corresponding time period, but this is often not the case. In addition to presenting the O-BGP toolset, this discussion covers the type of data, extent of errors, and possible explanations. The Datapository: Internet measurement data provides the foundation for the operation and planning of the networks that comprise the Internet, and is a necessary component in research for analysis, simulation, and emulation. Despite its critical role, however, the management of this data---from collection and transmission to storage and its use within applications---remains primarily ad hoc, using techniques created and re-created by each corporation or researcher that uses the data. To remedy these problems, we present the Datapository, a collaborative network data analysis and storage facility. Originally the ``MIT BGP Monitor\'\', the Datapository is growing to support multiple data feeds (e.g., spam, end-to-end measurement probes, traceroutes, Abilene data, etc.). The datapository is currently used by researchers at Georgia Tech, Carnegie Mellon, University of Michigan, Princeton, and MIT and has been used by operators in the past (in its previous life as the BGP monitor) to provide additional network visibility. Tool Updates and New Developments: Brief updates on advances from tools in previous BoFs and introductions or new tools. Motivated by some of the data collection discussed above, the RouteViews team along with several universities will begin developing a new BGP data collector and format for organizing the data. This presentation reviews some of the requirements and initial direction for this work. Additional tools including LinkRank and other projects will be on-hand to discuss their current plans.

View full abstract page.
  • Nick Feamster, MIT.
  • Dan Massey, Colorado State University.
  • Lixiz Zhang, UCLA.
pdfFeamster: Datapository(PDF)
pdfFeamster: rcc and Beyond(PDF)
pdfMassey: OBGP Slides(PDF)
pdfZhang: Introduction(PDF)
4:00pm - 5:30pmJ2

Exchange Point Operators

This BOF provides a forum for discussion of issues that are specific to the operation of internet exchanges. Topics the community has volunteered to cover so far include:<BR> 30 minutes <BR> Starting an Exchange in a nutshell. What you should know before you decide to start an exchange. Also, what you can do to grow your smaller exchange into a larger one. Presenter: Bill Woodcock. PCH <BR> <BR> 30 minutes (or less) <BR> Updates <BR> EURO-IX update - Kurt Eric Lindqvist <BR> <BR> The Federal GigaPOP and the Ottawa Internet Exchange - Confessions of a Siamese Twin -- Presenter: William F. Maton Sotomayor <BR> <BR> IX.PR - Internet Exchange Puerto Rico, "In Peer We Trust" -- Presenter: Mehmet Akcin <BR> <BR> DE-CIX Internet Exchange Frankfurt/Germany - "Your Gateway to Central and Eastern Europe" - Speaker: Frank Orlowski <BR> <BR> 30 minutes <BR> Discussion Points <BR> <BR> Exchange Point Tools <BR> -Network Monitoring and Alerts <BR> -VLAN management <BR> -Auditing <BR> Hardware wishlists <BR> Reporting and Measurement

View full abstract page.

  • Joe Abley, Afilias Canada
  • Joe Abley is Network Architect at Afilias, a DNS registry company. He was previously an engineer at ISC, responsible for ISC's network, and still helps out as a volunteer. Before joining ISC, he chased packets at MFN/AboveNet and various Internet companies in New Zealand. Joe is involved in organising and presenting at operator meetings and workshops in the Asia Pacific and Africa, and is an active participant in the IETF. He holds a BA (Hons) in Physical and Computer Science, having narrowly avoided failure at the University of Cambridge whilst young and foolish.

  • Celeste Anderson, USC
  • Celeste Anderson is the Manager for several projects at the University of Southern California including the Los Nettos Regional Network and USC Co-location (external). She manages both the Pacific Wave and CIIX internet exchange nodes in California on behalf of the Corporation for Education Network Initiatives in California (CENIC). She has been involved with peering exchanges since the formation of the LAAP with MFS' MAE-LA in 1996 and networking since joining USC's Information Sciences Institute back in 1987 and the formation of Los Nettos in 1988.
pdfBill Woodcock: IXP in a Nutshell(PDF)
pdfCeleste Anderson 4: Ottawa IX(PDF)
pdfFrank Orlowski: DE-CIX Internet Exchange(PDF)
pdfKurt Erik Lindqvist: Euro-IX Update(PDF)
pdfMehmet Akcin: IX.PR(PDF)
pdfWilliam F. Maton Sotomayor: Ottawa, Canada IX(PDF)
5:30pm - 7:30pmAlmaden FoyerBeer n Gear
Tuesday, June 6 2006
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
8:00am - 9:00amAlmaden FoyerContinental Breakfast
9:00am - 9:30amExhibit Hall 3

Anatomy of recent DNS reflector attacks from the victim and reflector point of view

In the last several months there have been a number of significant DDoS attacks using open recursive DNS servers to reflect and amplify the attack. In the last several weeks these attacks have begun to be picked up by the media. This presentation looks at the anatomy of these attacks from the victim point of view, as well as from the reflector point of view. The presentation looks at a specific attack, breaks down the traffic, what filtering does and doesn\'t work, as well as the challenges of each. The presentation also looks at data collected from a participating reflector, and extrapolates out the data to estimate the size and number of attacks that have been seen. Also extrapolated out in the presentation is the potential size of the attack if 500,000 open DNS servers were to be used.

View full abstract page.
  • Frank Scalzo, Verisign.
youtubeAnatomy of recent DNS reflector attacks
pdfFrank Scalzo Presentation(PDF)
9:30am - 10:00amExhibit Hall 3

Understanding the Network-Level Behavior of Spammers

We study the network-level behavior of spammers, including: IP address ranges that send the most spam, common spamming modes (e.g., BGP route hijacking, bots), how persistent (in time) each spamming host is, botnet spamming characteristics, and techniques for harvesting email addresses. This presentation studies these questions by analyzing an 18-month trace of over 10 million spam messages collected at one Internet \"spam sinkhole,\" and by correlating these messages with the results of IP-based blacklist lookups, passive TCP fingerprinting information, routing information, and botnet \"command and control\" traces. We find that a small, yet non-negligible, amount of spam is received from IP addresses that correspond to short-lived BGP routes, typically for hijacked addresses. Most spam was received from a few regions of IP address space. Spammers appear to make use of transient \"bots\" that send only a few pieces of email over the course of a few minutes at most. These patterns suggest that developing algorithms to identify botnet membership, filtering email messages based on network-level properties (which are less variable than an email\'s contents), and improving the security of the Internet routing infrastructure may be prove extremely effective for combating spam.

View full abstract page.
  • Nick Feamster, Georgia Tech University.
  • Anirudh Ramachandran, Georgia Tech University.
pdfNick Feamster Presentation(PDF)
youtubeUnderstanding the Network-Level Behavior of Spammers
10:00am - 10:30amExhibit Hall 3

Information Collection on DDoS Attacks

It is no secret that DDoS is a growing problem and can cost companies millions of dollars. Anyone from mom and pop shops to large corporations to even ISPs can become the target of DDoS for the purpose of extortion, revenge, censorship, or a vareity of other reasons. However, no matter the motivation, DDoS is a crime, and a crime that is notoriously difficult to prosecute for. No definitive guide exists on how to collect information, what information to get, or even the proper authorities to contact. This presentation will outline how and what information to collect, who to give it to, and raise some important questions about how to deal with DDoS effectively within our community.

View full abstract page.

  • Anna Claiborne, Prolexic Technologies
  • Director of Systems Development, Prolexic Technologies Ms. Claiborne is a founding employee of Prolexic Technologies and has served as Sr. Programmer, Operations Manager and Director of Systems Development since its 2003 inception. She wrote much of the original code base powering Prolexic\'s infrastructure, played a key role in mitigating hundreds of Distributed Denial of Service attacks, and helped to pioneer the growth and development of the company. Prior to Prolexic, she was a Programming Team Leader with Tower Records and a Network Engineer with Place Savings Bank. Ms. Claiborne has extensive knowledge of network security technology, operating systems, software development, network architecture, and database design. She also holds a degree in Genetic Engineering from the University of California Davis.
pdfAnna Claiborne Presentation(PDF)
youtubeInformation Collection on DDoS Attacks
10:30am - 11:00amAlmaden FoyerBreak
11:00am - 12:30amExhibit Hall 3IPv6 DaySpeakers:
  • www.ipv6day.org , None.
pdfIPv6 DAY(PDF)
11:00am - 11:30amExhibit Hall 3


The US is getting ready to start an End User ENUM trial. The Country Code 1 ENUM LLC is the company that was formed by the industry to obtain the CC1 delegation and to oversee both the trial as well as the commercial launch of ENUM. The US trial is set to test End User ENUM within the parameters established by the US government. This presentation provides an overview of the CC1 ENUM LLC’s role, delves into the US ENUM trial activities, and provides an outline of what is planned for the US ENUM commercial launch sometime in 2007.

View full abstract page.

  • Karen Mulberry, Neustar
  • Sr. Director, Distinguished Member of the Technical Staff at Neustar Inc. is the founder and former Chairman of the CC1 ENUM LLC responsible for obtaining the Country Code 1 ENUM delegation. Karen previously worked at MCI on domestic and international numbering, naming and addressing issues, standards and policies, such as such as ITU Study Group 2, US ENUM Forum, INC, North American Portability Management LLC, and the FCC’s North American Numbering Council. She has been in the telecommunications industry for over 18 years and holds a BS from the University of San Francisco and an MBA from the University of Phoenix.
pdfKaren Mulberry Presentation(PDF)
11:30am - 12:30pmExhibit Hall 3

Panel: Hot Time in the Big IDC: Power, cooling, and the data center

The colocation and IDC industry is hot right now - literally. As data centers fill up, power and cooling capacity are exhausted before the space runs out. Why is this happening? Who is to blame? What can we do about it? And, most importantly, what does the future hold for the data center, in a world where blade servers use enough electricity to power a small town, and routers put out more BTUs than a pizza oven? Moderator Daniel Golding brings together vendors and data center operators to hash out one of the most \"electrifying\" issues facing the Internet industry.

View full abstract page.

  • Dan Golding, Tier1 Research
  • Daniel Golding is vice president of Tier 1 Research, specializing in the data center, colocation, and internet infrastructure industries. Prior to joining Tier 1, he was a senior analyst with the Burton Group, as well as Peering Manager for America Online. Daniel has briefed the FCC on Internet policy issues and is a frequent speaker at industry events, including the North American Network Operator\'s Group (NANOG) and the Global Peering Forum. Daniel holds a BS from Auburn University and an MS from George Mason University, both in engineering.

  • Michael Laudon, Force10 Networks
  • Michael Laudon has over 12 years of network hardware design experience and is Director of Engineering, Hardware at Force10 Networks. He is responsible for the hardware design aspects of the E-Series switch/router platform. Mike previously held system architecture and line card development positions at Force10. Before joining Force10, Mike founded Sundance Technology where he designed Gigabit Ethernet MACs and PHYs, and previously worked in engineering roles at Cypress Semiconductor. Mike has an MSEE degree from the University of Wisconsin, Madison.
  • Jay Park, Equinix.
  • Rob Snevely, Sun Microsystems
  • Rob Snevely is an Enterprise Architect at Sun Microsystems and is the author of the book \"Enterprise Data Center Design & Methodology.\" He has nearly 20 years experience working with large scale UNIX systems and is responsible for data center architecture for all of the Enterprise Technology Centers at Sun. Since coming to work for Sun in 1990 as a systems administrator, he has been involved with network and system performance and large-scale system engineering. His liberal arts background in theatre & art history augment his practical and pragmatic methods for designing data centers.

  • Josh Snowhorn, Terremark Worldwide, Inc.
  • With more than 6 years experience in the telecommunications industry, Mr. Snowhorn is currently a Director and the Peering Coordinator at Terremark Worldwide, Inc., a leading operator of Internet exchange points (IX) from which it provides colocation, interconnection and managed services to the government and commercial sectors. Mr. Snowhorn is responsible for all issues related to peering including facilitation of network interconnectivity between North and South America.

  • David Tsiang, Cisco Systems
  • Currently a Distinguished Engineer in the Service Provider Routing Technology (SPRTG) group. Worked on the AGS+, 7000/7500, GSR and CRS1 in the roles of hardware architecture and ASIC design. Currently managing the SPRTG architecture group at Cisco covering all service provider platforms including GSR and CRS1. Before Cisco worked at IBM on mainframe communications controllers and ROLM designing PBX\'s.
  • Brad Turner, Juniper Networks.
  • Brian Young, Switch and Data
  • Brian Young is a solution engineer at Switch and Data LLC. He has over 15 years of Telecommunications and IT experience covering sales, data centers and engineering. His background allows him to assesss customer needs for technical and business proposals and develops solutions that solve real customer problems. Mr. Young holds a bachelor\'s in Electrical Engineering and a MBA in quantitative analysis from St. John\'s University.
pdfDaniel Golding Presentation(PDF)
youtubePanel: Hot Time in the Big IDC: Power, cooling, and the data center
12:30pm - 2:15pm Lunch
2:15pm - 3:45pmJ3

MPLS Traffic Engineering

This tutorial is designed to introduce small and medium ISPs to the concepts and power of MPLS TE. Participants will be given a copy of a Visio diagram to be able to actively calculate some SPF algorithms (unconstrained and constrained), to better understand how paths are determined.

View full abstract page.

  • Pete Templin, Texlink
  • Pete Templin is the senior network architect at Texlink Communications, where he manages the IP/MPLS network and related services. These include product development, tier 3 trouble escalation, capacity planning, and operational strategy/tactics. Previously, he worked in sales engineering and professional services at Digital Island (or was it the Digital Cable Wireless Island?).
youtubeMPLS Traffic Engineering
pdfPete Templin Exercise(PDF)
pdfPete Templin Presentation(PDF)
2:15pm - 3:45pmJ2


The IETF Operational Security for IP Network Infrastructure (OPSEC) working group is documenting current security practices, and the capabilities that are needed in network routers and switches to support these practices. This BOF will discuss in detail two documents that have been produced by the OPSEC WG, and will ask for network operator input on these documents. The documents to be discussed in detail include \"Operational Security Current Practices\" and Filtering Capabilities for IP Network Infrastructure.

View full abstract page.

  • Ross Callon, Juniper
  • Ross Callon is a distinguished engineer in the protocols group at Juniper Networks. He has extensive experience in routing protocol and high speed router design, and in protocol standardization. Ross Callon is co-chair of the IETF Operational Security Capabilities for IP Network Infrastructure (OPSEC) working group, and is IETF routing area director. He is coauthor of OPSEC Framework and Miscellaneous Capabilities specification, and contributor to the Provider-Provisioned VPN Security Framework.

  • Merike Kaeo, Double Shot Security
  • Merike Kaeo is Chief Network Security Architect at Double Shot Security. She is the author of Designing Network Security, published by Cisco Press, which has been published in eight languages and is being used as a curriculum textbook in a variety of network security courses. The second edition was published in November 2003. Merike has acted as a technical advisor for numerous security start-up companies and has been an instructor and speaker at a variety of global security-related conferences. She is also a frequent presenter at global ISP conferences including NANOG, RIPE, APRICOT and SANOG.

  • Chris Morrow, Verizon Business
  • Chris Morrow is a Network Security Engineer at Verizon Business. Over the last 7 years his focus has been on network security issues affecting the former UUNET network and it\'s customers. Chris has been involved with the OPSEC effort for the last 2 years.
pdfMerike Kaeo Presentation(PDF)
pdfRoss Callon Presentation(PDF)
3:30pm - 4:00pmAlmaden FoyerBreak
4:00pm - 5:30pmJ3

Fundamentals of Passive Monitoring Access

The explosion in network security and monitoring solutions has created challenges for operators who need secure access to network traffic in order to enable security and monitoring assets. Operators are looking for ways they can obtain high-visibility access to network traffic without affecting the security and integrity of their enterprise networks. Finding solutions that maintain link uptime, prevent packet loss and latency, avoid new points of failure, and provide flexibility and scalability is critical to successful network security and monitoring. This tutorial covers connectivity options that address these increasingly common issues. Participants will learn best practices for connecting their Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), probes, and analyzers to critical network links. Section 1: During the first half of the tutorial, participants receive an introduction to various methods of accessing network traffic, including hubs, network taps, and switch SPAN ports. The advantages and disadvantages of each will be presented. The various types of taps and their application in the network infrastructure will be presented along with diagrams of typical installations. Section 2: The second half of the tutorial covers various methods operators can use to increase the reach, efficiency, and value of their existing investments in network security and monitoring solutions. Participants learn how port and link aggregation solves connectivity and coverage challenges. Concurrent monitoring of a single link and connectivity flexibility are applications relevant to regeneration taps and matrix switches. An explanation of common link aggregator and matrix switch deployments will include both inline and SPAN applications.

View full abstract page.
  • Joy Weber, Net Optics.
youtubeFundamentals of Passive Monitoring Access
pdfJoy Weber Presentation(PDF)
4:00pm - 5:30pmJ2


Security incidents are a daily event for Internet Service Providers. Attacks on an ISP\'s customers, attacks from an ISP\'s customer, worms, BOTNETs, and attacks on the ISP\'s infrastructure are now one of many \"security\" NOC tickets throughout the day. This increase in the volume and intensity of attacks has forced ISP\'s to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face syncup meeting for the NSP-SEC forum. AGENDA <STRONG>Probing Open Recursive Name Servers</STRONG> John Kristoff Analyzing the results of remote open recursive name server probes. We look at the effectiveness of different probing techniques against different sets of data including reflectors used in recent attacks, other known open recursives and a large set of DNS server queriers. Some of the who and what are open will be briefly examined as as well as some unexpected responses to our probes that may invite further analysis. <STRONG>Infrastructure Security Survey Results</STRONG> Craig Labovitz <STRONG>Does Web 2.0 = Security 0.0?</STRONG> Roland Dobbins \'Web 2.0\' hosted applications are going mainstream; recent events have highlighted the fact that not only enterprises, but millions of small businesses, SOHO users, and individuals who depend upon these applications are adversely impacted when disruptive network events occur. However, there has to date been little or no engagement between the traditional computer security community, the operational security community, and the developers/providers of these applications. What can be done - and what *should* be done, and by whom - to help integrate \'Web 2.0\' application providers into the operational security community? What role, if any, should nsp-sec play? <STRONG>Email question for discussion from Monika Machado</STRONG> What tools are used by network operators for event correlation and aggregation and how effective are these tools for trending, analysis and reacting to incidents? <STRONG>Open MIC/Discussion</STRONG>

View full abstract page.
  • Roland Dobbins, Cisco Systems.
  • Danny McPherson, Arbor Networks.
pdfJohn Kristoff Presentation(PDF)
Wednesday, June 7 2006
Time/Webcast:Room:Topic/Abstract:Presenter/Sponsor:Presentation Files:
8:00am - 9:00amAlmaden FoyerContinental Breakfast
9:00am - 9:30amExhibit Hall 3

Smart Network Data Services

SNDS, what it does and why, where it\'s going, and solicitation of participant feedback. I am a Development Manager for Microsoft at Hotmail in Silicon Valley. One of the things my team does is design and build the mail and anti-spam systems for Hotmail. We did a project almost year ago now called Smart Network Data Services (http://postmaster.msn.com/snds) which gives anyone who can prove they own a given IP range the data that we produce as part of our mail delivery and anti-spam operations. My personal motivation for building this system was to provide ISPs a free tool which can be used to detect, measure, and hopefully resolve abuse problems within their network. We\'re now working on some major revisions to the system, which I think will make it a lot more useful and effective to this community.

View full abstract page.

  • Eliot Gillum, Microsoft
  • Eliot Gillum is the Dev Manager for MSN Hotmail / Windows Live Mail Platform team. He joined Microsoft in 1999 as a Software Design Engineer and spent about 18 months in the Windows group, including Networking QoS, before moving to Hotmail. Prior to that he worked as a developer and architect for a various small companies and organizations in diverse areas from computational clustering and signal processing to multimedia. He holds a BS in Computer Science from Cornell.
pdfEliot Gillum Presentation(PDF)
youtubeSmart Network Data Services
9:30am - 10:00am Open issues with ipv6 routing/multihomingSpeakers:

  • Vince Fuller, Cisco Systems
  • Vince Fuller has been involved in global Internet operations, engineering, and architecture for 18 years, having worked for a series of local, regional, national, and international ISPs from 1988 through 2001. Most recently, he has been employed by Cisco Systems as a technical consultant to service provider customers, focusing on scaling issues of very large IP networks.
  • Jason Schiller, UUNET/Verizon.
youtubeOpen issues with ipv6 routing/multihoming
pdfVince Fuller Presentation(PDF)
10:00am - 11:00amExhibit Hall 3Alerting prefix owners of hijacks in near real timeSpeakers:
  • Mohit Lad, None.
youtubeAlerting prefix owners of hijacks in near real time
pdfMohit Lad Lightning Talk(PDF)
10:00am - 11:00amExhibit Hall 3Analysis of DNS Root Server LocationSpeakers:
  • Martin Hannigan, None.
youtubeAnalysis of DNS Root Server Location
pdfMartin Hannigan Lightning Talk(PDF)
10:00am - 11:00amExhibit Hall 3Fashonably Late - What Your Networks RTT Says About ItselfSpeakers:
  • Anton Kapela, None.
pdfAnton Kapela Lightning Talk(PDF)
youtubeFashonably Late - What Your Networks RTT Says About Itself
10:00am - 11:00amExhibit Hall 3Metro WDM in provider networksSpeakers:
  • Alex Pilosov, None.
pdfAlex Pilosov Lightning Talk(PDF)
youtubeMetro WDM in provider networks
10:00am - 11:00amExhibit Hall 3Reigning in the botnets operating on your networkSpeakers:
  • Rick Wesson, None.
youtubeReigning in the botnets operating on your network
10:00am - 11:00amExhibit Hall 3Thepiratebay busted - network impactSpeakers:
  • Mikael Abrahamsson, None.
pdfMikael Abrahamsson Lightning Talk(PDF)
youtubeThepiratebay busted - network impact
11:00am - 11:30amAlmaden FoyerBreak
11:30am - 12:00pmExhibit Hall 3

Effects of anycast on K-root Performance

Anycast is widely used in DNS root server deployments to improve resiliency, spread load and reduce latency. However, its effects on performance have not been studied in depth. We describe methodologies to determine the performance of anycast DNS service both from the client and the server side and to determine the benefit of each node in the anycast cloud. We use the methodologies to provide results on the performance of the K-root server, showing that anycast is effective in reducing latency and that its effects are largely constant over time. We also evaluate the benefit of the global nodes in the anycast cloud, showing that with the exception of the Delhi node, all nodes provide benefit to clients. Finally, we briefly examine the impact of client instance switches, showing that they do not present a serious problem in the current K-root deployment.

View full abstract page.
  • Lorenzo Colitti, RIPE NCC.
youtubeEffects of anycast on K-root Performance
pdfLorenzo Colitti Presentation(PDF)
12:00pm - 12:30pmExhibit Hall 3

Operational experience with TCP and Anycast

There seems to be a widespread belief that gets propogated on various mailing lists that TCP over anycast is very very scary, and needs to be avoided at all costs. We\'d like to share our operational experience showing that TCP over anycast isn\'t inherently unstable, and can be an exellent tool for increasing performance and/or availability in WAN services. Hopefully the presentation will be slightly interactive (how many people know what anycast is? how many people are deathly afraid of tcp anycast? ..etc) and we hope it will inspire discussion, if not tinkering.

View full abstract page.
  • Matt Levine, Cache Networks.
  • Barrett Lyon, BitGravity, LLC.
  • Todd Underwood, Renesys Corporation
  • Todd Underwood is in charge of operations, security, and peering for Renesys, a provider of Internet Intelligence services. Before that he was CTO of Oso Grande, a small New Mexico ISP. He has a background in systems engineering and security and networking for clustered supercomputers. Todd has presented work related to Internet routing dynamics and relationships at NANOG and various peering forums (LINX, Switch and Data, NAP of the Americas). Todd received a B.A. in Philosophy from Columbia College, Columbia University, and an M.S. in Computer Science from the University of New Mexico.
pdfMatt Levine Presentation(PDF)
youtubeOperational experience with TCP and Anycast
12:30pm - 12:45pmExhibit Hall 3

Deploying DNSSEC. Pulling yourself up by your bootstraps

DNSSEC is ready for deployment from a standards and implementations point of view. However, there are very few signed TLD zones and, in particular, the root zone is not signed. In the absence of these, practical use of DNSSEC will not happen widely, unless there is some mechanism to avoid manual maintenance of multiple trust anchors This talk presents DLV, Domain Lookaside Validation, which is just such a mechanism.

View full abstract page.

  • Joao Damas, Internet Systems Consortium
  • Joao joined in ISC in January 2003. He is Senior Programme Manager for F-root nameserver project and BIND Forum. Prior to ISC he was CTO at RIPE NCC. Previously, Joao worked at the University of Madrid as the network engineer in charge of all network services for the University and briefly with the Spanish Academic network. Joao is chairman of the routing-wg at RIPE and a member of the ICANN Root Server System Advisory Council. He regularly attends and speaks at RIPE, IETF, APNIC, LACNIC and is on several additional working groups within these organizations. He holds a MSc in Quantum Chemistry from the University in Madrid.
youtubeDeploying DNSSEC. Pulling yourself up by your bootstraps
pdfJoao Damas Presentation(PDF)
12:45pm - 1:00pmExhibit Hall 3Closing RemarksSpeakers:
  • Steve Feldman, CNET.
youtubeClosing Remarks


^ Back to Top