Join us in Hollywood, CA for NANOG 86
NANOG 2022 Election Cycle is here!
- Events
- NANOG 86
Hollywood, CA | NANOG 86
Our 86th community-wide gathering was 17-19 Oct 2022.
NANOG 86 Keynote Speaker - Harlan Stenn
Tech Pioneer Talks about "The NTP Project" + the Importance of Timekeeping in Tech.
Network Time Protocol (NTP) Project Manager + President of the Network Time Foundation, Harlan Stenn to the NANOG 86 Keynote stage!
Watch Now.
Keynote Talk Title: Me, NTP, The NTP Project, and Network Time Foundation - How We Got Here: Welcome to my Hallucination.
About Stenn: Harlan Stenn is a nearly 50-year veteran of the IT industry. Harlan began programming computers in high school in 1971. He holds a bachelors degree in Business Administration (Accounting) from The Colorado College in Colorado Springs, and an MSE in Computer Science from Washington University in St. Louis.
A well-versed entrepreneur, Harlan has launched several successful businesses and has been a respected, sought-after I/T consultant and contractor for decades who is well known for writing astonishingly portable C code since the early 1980s. To put it another way, if NTP is Dave Mills' edifice, Harlan is its janitor.
In mid-2011 he started Network Time Foundation (NTF), with the mission to provide direct services and support to improve the state of accurate computer network timekeeping. NTF now works with several time-related projects, including NTP, Ntimed, Linux PTP, RADclock, and the General Timestamp API and Library. The GTSAPI is a way to make sure that a timestamp contains enough information to be useful outside of the system on which it was “taken". Several new projects are in the works, including Khronos, and several SyncE packages.
Preface: History of the Network Time Foundation - From the earliest days of human history, people have had a close relationship with time...
Computers aren't intelligent; they keep poor time. So how do global networks track when a transaction happened and the nanoseconds that make up a timestamp count? Learn More
Dates | Member | Non Member | Student | Virtual | |
---|---|---|---|---|---|
Early | 11 JUL 2022 | $675 | $700 | $100 | $100 |
Standard | 08 AUG 2022 | $775 | $800 | $100 | $100 |
Late | 10 OCT 2022 | $875 | $900 | $100 | $100 |
Onsite | 16 OCT 2022 | $1,075 | $1,100 | $100 | $100 |
NANOG hopes everyone who registers for the meeting will be able to attend; however, we know extenuating circumstances do occur.
The NANOG cancellation and refund policies are as follows:
Any registration canceled between 11 Jul to 01 Oct, 2022 is refundable but will incur a $50.00 fee
Registrations canceled on 02 Oct to 15 Oct, 2022 is refundable but will incur a $100.00 fee
Registrations canceled on or after 16 Oct, 2022 will not receive a refund
NANOG Social Event Guest Pass: $50 per guest (purchase separately when you register, limit 2)
The Engineer Approved List of Sightseeing in Hollywood
We have put together a list sure to stimulate the imagination of any tech pro while visiting the city.
Hotel Information:
Headquarter Hotel
Hotel Guest Room Block
Loews Hollywood Hotel
1755 North Highland Ave.
Hollywood, CA 90028
NANOG 86 Health + Safety
The health and safety of meeting attendees are very important to us. We believe the most effective way to ensure the safety of all attendees is to be fully vaccinated against COVID-19 . Please note that proof of vaccination will not be required to attend NANOG 86. Be aware that while NANOG will make every effort to reduce the risk of COVID-19 transmission on site, it is possible that you may come into contact with people that carry the virus through your travels.
Be Aware. Any company offering to sell you the NANOG 86 Attendee list is fraudulent.
Coming soon to the NANOG 86 Stage
Full AbstractThe IETF standards for BGP are created in the Inter-Domain Working Group. Are you interested in finding out what's changing in BGP standards? The IDR chairs will present the latest changes to BGP. This includes standards on Intent/Color Routing, BGP-LS, SR-Routing, BGP Yang models, fixing "Stuck BGP sessions," version 2 of Flow Specification, and more. Are you irked about something in BGP or BGP standards? Come to the session and complain to the IDR Chairs. Your opinions matter to the IDR chairs. |
Full AbstractRPKI ROV adoption has grown significantly over the past five years. In a recent milestone, the percentage of IPv4 routes in the global routing table with ROAs has finally crossed 50% (IPv6 crossed this mark last year). In addition, another major telecom began rejecting RPKI-invalid routes reducing the propagation of these problematic routes even farther. Finally, this talk with present an analysis of the 'effective expirations' of ROAs and how the behavior of these expirations varies greatly between RIRs due to differences in their cryptographic chains. |
Full AbstractThe use of IP spoofing for generating DDoS attacks has been around for decades. In the last several years, tracing back spoofed traffic and engaging networks to deploy ACLs/uRPF to enforce BCP38 has become a common method to disrupt DDoS-As-A-Service providers (also known as booters/stressers). This presentation will cover the overall effort along with methodologies that networks can use to detect this as well as controls they can implement to mitigate this behavior. A number of real-world trace back scenarios will be covered as well as interesting things found along the way. |
Full AbstractWhen it comes to Internet access, Indigenous communities are among the most underserved throughout North America. According to Canada’s ISED, 97 percent of urban households have access to high-speed Internet, compared to only 37 percent in rural communities. The statistics are even more bleak for Indigenous communities, where just 24 percent have access to high-speed Internet. |
Full AbstractAn ongoing issue with Internet standards development is limited interaction between the standards developers and the network operator community. This talk is a step toward bridging that gap, highlighting ongoing work from the IETF that is likely to be published in the RFC series or will otherwise have notable operational considerations. |
Full AbstractGoogle gRPC gNOI service is a commonly used tool today to manage TLS certificates. This session introduces the audience to gRPC gNSI service that is being developed by Google for all security related operations on the router. We will start with a brief overview of TLS, discuss challenges with TLS configuration on a router followed by a recap of gNOI and an introduction of gNSI. |
Full AbstractIn this session we review IPv6 features and capabilities on AWS, best practices for adopting IPv6 on AWS, and reference architectures. We also dive deeper into the common use cases that drive customer IPv6 adoption on AWS, and lessons learned to help you accelerate your IPv6 adoption journey. |
Full AbstractDatacenters are comprised of thousands of servers, network and storage devices. Data Center Networks (DCNs) are the communications backbone of a datacenter. Several architectural and design innovations have been introduced in DCNs to address the growing size and increasing operational demands of the datacenter. From a protocol perspective, these demands and challenges have been addressed primarily by aggregating multiple off-the-shelf protocols and retrofitting them to the DCN communication needs. This aggregation has resulted in higher overhead, added operational complexity and requires increased effort to perform DCN troubleshooting and maintenance. |
Full AbstractWith a few simple changes, IP-transit customers can increase the reliability of the prefix filtering provided to them by their IP-transit providers, and hopefully avoid easy-to-mitigate prefix filtering issues. As an IP-Transit provider, we (Inter.link) often encounter prefix list generation issues with our customer's IRR data. In this talk we'll present some easy to implement changes, in relation to their IRR data and PeeringDB data, that have helped our customers, which other IP-transit customers can implement to improve the quality of their service with their provider. |
Full AbstractThis presentation chronicles our experience, highlighting the critical role of threat intelligence in understanding and countering malicious actors. We’ll delve into the data-driven approach we employed to crack their attack patterns, paving the way for strategic countermeasures. |
Full AbstractExploring integration options: |
Full AbstractA bird's-eye view over IONOS' European backbone, connecting about three dozen locations in Europe. |
Full AbstractNetwork operators engineer their networks with enough capacity to service peak loads. They also engineer redundant capacity into their networks. During off-hours, much, if not most, of this capacity is unused. Sadly, most networks consume nearly the same amount of power during off-hours as they consume during peak-hours. In this presentation, we propose a power management portal that reports a) network status, b) network power utilization and c) network power efficiency. It also proposes strategies for powering down selected router components during off-hours and powers those router components up and down as per the proposed strategy. This power management portal is under development and the authors are soliciting co-innovators. |
Full AbstractThis talk summarises for a NANOG audience an academic paper recently presented at the "23rd Workshop on the Economics of Information Security". In the paper we evaluate a rare successful intervention in the management of Internet infrastructure -– a multi-year "traceback" campaign to shut down sources of spoofed traffic utilised for DDoS attacks. We assess why it has been possible to "move the needle" on an issue that has dogged the network engineering community for more than thirty years. The decentralised community of competing network providers has few incentives to solve the issue -- which is why little has changed since the flurry of activity when BCP38 (and the century) was new. Our analysis is based on interviews with key players in the initiative. We find that success occurred because the issue of spoofing was migrated away from the incentives of these companies into the incentive structures of the far more densely networked and centralised professional community of network engineers. |
Full Abstractmeshrr is a concept of how to leverage the possibilities of cloud technologies for the benefit of traditional networking infrastructure. It is a demonstration-grade, scale-out, hierarchically-capable, BGP route reflector and route server approach using Juniper cRPD and intended for deployment on Kubernetes. |
Full AbstractBGP’s deployment model makes even modest software bugs have significant consequences on global Internet routing. |
Full AbstractAs Roblox scales at an unprecedented rate, our legacy network collector architecture is becoming increasingly inadequate for efficiently gathering network device metrics. This presentation dives into the limitations of the existing system and unveils our innovative new architecture designed to scale 10x our current capacity. We will explore the challenges that necessitated this shift and the key features of the new architecture that ensures it can handle Roblox's ever-growing needs. |
Full AbstractThis talk discusses methods and challenges involved in disrupting the operations of groups that carry out Distributed Denial of Service (DDoS) attacks. To disrupt DDoS attack operations, automated mechanisms need to continuously track global DDoS attacks and identify their orchestration infrastructures. This information enables sending high-quality takedown requests to hosting providers and domain registrars used by the DDoS groups. Successful takedown requests disrupt the attacks and demotivate DDoS operators by hampering their ability to keep their services running for financial gain. The takedown requests also help the recipient service providers to address gaps in their abuse detection and keep DDoS operations out of their platforms. However, these service providers respond to takedown requests at varying degrees of speeds and efficacy. The talk will explore alternative mechanisms to address these inconsistent responses. |
Full AbstractIPv6 has been "the next generation of IP" for over 20 years. For the longest time, the gold standard has been to run a network with both IPv4 and IPv6, however operating both protocols at the same time presents an additional operational challenge. With the global share of IPv6 traffic nearing 40-50%, it's time to re-evaluate our goal and look at ways to run networks that are largely IPv6-only. So how do we start testing IPv6-only technologies? They can be complex to setup and troubleshoot even for seasoned network engineers let alone application developers, IT support personnel, and others with limited networking experience. Enter the IPv6 Test Pod, a device that intends to makes testing IPv6-only networks easy, made possible by the ARIN Community Grants program. The IPv6 Test Pod delivers a several IPv6-enabled networks, presented as SSIDs that the user can join to start testing IPv6-only technologies -- including dual-stack (as a baseline), IPv6-only, DNS64/NAT64, 464XLAT, and others. The IPv6 Test Pod is made available for no cost to project participants and participants can be anyone interested in testing IPv6-only networks including IT support personnel, developers, or even network engineers that are too busy to test IPv6-only networks. Dual stack is arriving, let's get ready for an IPv6-only world. |
Full AbstractIt's been a while since I adopted a new habit. The last few days of every year are a special time for me to recap what happened and what I learned in my personal and professional life. Additionally, I have a stash of notes that I've collected over the years. This session will demonstrate four of the most important lessons in my professional life and career in IT, notably managing high-performance teams in two of the largest public cloud providers in the world: Oracle Cloud and Amazon. While I learned these lessons the hard way and through a lot of trial and error, this short session is an attempt to share that experience not just with my peers in leadership roles but also with anyone who wants to manage even a small team of one. Here I will go over the four principles of (1) The power of authenticity, (2) The impossible self-cloning, (3) The concept of flexible 1:1s, and (4) The handling of unreasonable requests. |
Full AbstractWhere exactly are we with BGP security in the global Internet routing system? And what's ahead of us? In this talk I'll reflect on progress made in recent years and look ahead what problems remain and what solutions are in the pipeline. This won't be a "Look ROAs are up and to the right!!11!"-talk, but rather a reflection on various milestones the wider community managed to reach and where the gaps are in this multi-decade journey towards a secure routing system. |
Full AbstractThis 15-minute talk introduces the audience to ICANN's KINDNS Initiative. Modeled on ISOC's MANRS program, KINDNS (which stands for Knowledge-sharing and Instantiating Norms for DNS and Naming Security) aims at developing a simple but effective framework for a secure DNS operation to which operators can voluntarily and easily commit. This framework should be something simple to refer to and be accessible to even small operators that may typically be unable to dedicate many resources to globally follow both the evolution of the DNS protocol and discussions about operational best practices. |
Full AbstractThis presentation will explore the integral role of the Number Resource Organization (NRO) and the Regional Internet Registries (RIRs) in global internet governance, with an emphasis on the new NRO RPKI Program, an initiative overseen by the NRO Executive Council. As a strategic effort under the NRO and RIRs, the RPKI Program is pivotal in advancing the development and adoption of Resource Public Key Infrastructure (RPKI) across the globe, enhancing the security and stability of internet routing. We will introduce the leadership team spearheading this program, outline our strategic objectives, and discuss the impactful initiatives that are currently being developed. The presentation will emphasize how this program is a collaborative effort guided by the expertise and governance of the NRO Executive Council, seeking to draw in active feedback from the technical community to refine and innovate our approach. Concluding with detailed resources and avenues for engagement, attendees will gain insights into the significance of their participation in shaping the future of internet security through the NRO RPKI Program. |
Full AbstractWhat if you could fully automate your internet exchange? You can! In this presentation, IX founders Chris Grundemann and Matt "Grizz" Griswold will walk through the thinking, the architecture, the tools, and a real example to show you how-to use modern, open-source tools to build an IX operations platform capable of setting your IX to FullAuto. We will cover the terms and definitions that need to be understood, we'll introduce the network automation philosophy that drives successful projects, and cover the core principles that facilitate excellent execution. Then we'll walk you through an example, using a real IX (IX-Denver), to demonstrate the possibilities - and provide a roadmap for everyone else who wants to do the same. Automation is not just for network operators. We can, and should, automate our internet exchanges as well. Let's go! |
Full AbstractAs part of this research, we demonstrate the surprising impact of 1% packet loss on throughput, both in symmetric and asymmetric networking topologies, in the environment using CUBIC congestion avoidance algorithm. Our findings reveal a significant decrease in throughput, more than 70%, compared to baseline measurements without packet loss. Moreover, we explore the effects of increasing packet loss levels, up to 10%, and observe a compounding decline in throughput, indicating the importance of addressing even minor levels of packet loss. We compare attained results using CUBIC congestion avoidance algorithm, in both topologies, with those achieved using the BBR congestion avoidance algorithm, advocating for broader and faster adoption of BBR. |
Full AbstractThe American Registry for Internet Numbers (ARIN) is a nonprofit, member-based organization that administers IP addresses and ASNs in support of the operation and growth of the Internet. Hear from ARIN's Chief Customer Officer on where the organization sits with IPv6 growth, IPv4 Waitlist and Transfer stats, along with other notable organizational updates. |
Apply for the Peering Coordination Forum
The Peering Coordination Forum is a 90-minute session to be held on 17 OCT during the NANOG 86 conference. The forum provides time for attendees to meet and network with others in the peering community present at NANOG. NANOG 86 Peering Coordination Forum applications will remain open until we have 20 applications or 10 OCT.