NANOG 89 Agenda

n89-hex-simple-shadow-3

 

NANOG 89 San Diego

16-18 October 2023



IPv4-Global
HOST SPONSOR

Premium Sponsors

AWS

PLATINUM

arin

PLATINUM

ciena

PLATINUM

equinix

PLATINUM

BlueCat

GOLD

Telstra

GOLD

Verisign

GOLD

 

NANOG 89 Agenda


Click on any talk title in the agenda to view the full abstract and speaker info.

Please note agenda is subject to change.

Sunday, October 15, 2023
Topic/Presenter
Full Abstract

Come learn to play pickleball! Coach Louie & his hat will teach beginner pickleball. We will cover the rules and basic mechanics of serving, hitting, and volleying during the 1st hour. There will be additional advice on strategy and kill shots: both execution and defense. Then we will have time for some matches.

Paddles & balls will be provided. Dress in comfortable clothes and shoes for sports. Bring a water bottle and your paddle if you have one.

Fill out the sign up sheet at https://forms.gle/qqcWWQ2KPvFFd6XM7 to help us gauge interest, but feel free to come drop in either way!

We will meet in the Loews hotel lobby at 14:30 PDT to ride over to The HUB Pickleball Club for a 15:00-17:00 (PDT) session. If you come separately, please ask the desk clerk to charge your day pass to Louie's account (Passphrase is ZERO-ZERO-TWO).

Full Abstract

Register Here: https://connect.uniti.com/acton/media/45225/nanog89-party

*Separate registration with the sponsor required for entry

*NANOG Badge required for entry

Monday, October 16, 2023
Topic/Presenter
Full Abstract

Come play pickleball! We have reserved a court to play at the nearby Coronado Cays Park at 7-9 AM on Monday, Tuesday, and Wednesday. All levels are welcome. Coach Louie and his hat are available to offer instruction for beginners.

Paddles & balls will be provided. Dress in comfortable clothes and shoes for sports. Bring a water bottle and your paddle if you have one.

We will meet in the Loews hotel lobby at 6:45 PDT to go over to the park. (Transportation has yet to be finalized.)

Sponsors:
Vincent Celindro - Juniper Networks
Full Abstract

New to NANOG? Don’t miss our Newcomers Orientation for an opportunity to network with fellow newcomers and learn more about NANOG - both the community and the organization.

Topics to be covered include:
What is NANOG
What is a NOG
NANOG Governance
NANOG Resources
NANOG 89 Program Information

Speakers
  • Speaker Vincent Celindro - Juniper Networks
Full Abstract

Welcome to NANOG 89! Join us as we officially kick-off three days of great programming and networking events.

Leslie Daigle: Leslie Daigle has been working at the intersection of technology, business/economics and policy to drive effective change for more than twenty years. Leslie is currently the Chief Technical Officer and Director of the Internet Integrity Program at the Global Cyber Alliance (GCA), furthering GCA’s development and deployment of global solutions that contribute to eradicating cyber risk. Leslie is the Principal at ThinkingCat Enterprises, as well as co-founder and co-host of the TechSequences podcast, which explores the many facets of Internet technology, along with its intended (and sometimes unintended) consequences.
Tina Morris: Tina Morris serves as a member on the NANOG Board of Directors and is a Senior Technical Business Development Manager at Amazon Web Services focused primarily on IPv4 and IPv6 address resource strategy. In addition, Tina is currently serving as Vice-Chair of the ARIN Board of Trustees and participates actively within the Global RIR community.
Cat Gurinsky: Cat Gurinsky is a senior network engineer working on global large scale datacenter networks. Her primary focus is on the automation of the network specifically as it pertains to deployments, troubleshooting and life cycle management. In previous network engineering roles at Valparaiso University, Switch & Data, and Equinix she has worked on everything from enterprise and wireless deployments to internet exchanges and data centers. She first started working in network engineering in 2007 and began attending NANOG in 2009 at NANOG 46. Cat has a passion for BGP, Python, network tools, monitoring, automation and anything that can help make life easier in large scale networks. Cat also serves on the Advisory Board for the Network Automation Forum. She was elected to the NANOG Board of Directors in the 2023 elections and is currently serving on the board with a 3 year term from 2024-2026. Cat has previously served NANOG as part of the Development Committee from 2011-2012 and on the Program Committee from 2019-2023. During her 5 years on the program committee she was the chair of the Program Committee for almost 3 years, during which time she sat on the NANOG Board of Directors as an ex-officio member / PC liaison and Board Secretary. Before that she also served as Vice Chair, Secretary and Inclusion & Diversity Sub-Committee Chair for the Program Committee. During her time on the Development Committee she served as Membership Chair.
Speakers
Full Abstract

John Curran, President and CEO of the American Registry for Internet Numbers (ARIN), will review the ongoing evolution of the Internet from simply a massive commercial activity into something more integral to society. Key topics will include how Internet coordination is different from governance, and how the technical community has engaged in Internet governance, and the potential consequences network operators will experience as the landscape continues to evolve. Learn what is at stake, including the potential for economic, security, and human impact as a result of Internet governance decisions. Find out what specific steps you can take to help govern the Internet — whether you are a large or small organization — and why your help is needed to keep the Internet stable and richly interconnected.

Speakers
  • Speaker John Curran - ARIN
Full Abstract

The Border Gateway Protocol (BGP) serves as the backbone of the internet, yet it's not without its security concerns. This talk introduces the Resource Public Key Infrastructure (RPKI), a solution addressing these vulnerabilities. We'll delve into RPKI's basics, its workings, and its adoption rates within the RIPE NCC area. By also spotlighting statistics from North America, we'll offer a broader view of RPKI's significance in bolstering global routing security. Join us to understand how RPKI is reshaping internet safety.

Alastair Strachan: Alastair Strachan is the Community Development Officer at the RIPE NCC. In this role, he works to strengthen the RIPE NCC's engagement with the RIPE NCC membership, the RIPE community, government, law enforcement and other Internet stakeholders. Alastair coordinates the RIPE NCC Community Projects Fund which gives funding to non-commercial projects that benefit the RIPE community.
Speakers
  • Speaker Alastair Strachan
Full Abstract

BGP and it's implementations are very sensitive places to find bugs, During validation testing for one the products I was working on I ended up discovering a bug in a vendors BGP implementation, that inspired me to explore the entire bug class on all of the other vendors. What I found was a large range of problems that ultimately could be used to partition large sections of the internet. Join me in finding out what these bugs are, why they are so deadly, and how I found them!

Speakers
  • Speaker Ben Cartwright-Cox
Sponsors:
Full Abstract

In this talk, I'll share Meta's journey to a consistent and stable QoS policy. I'll reveal the challenges we've faced and how we overcame them.

In the second half of the talk, I'll talk about a fascinating investigation where we were dropping critical traffic in spite of our best laid plans.

Join me to learn how Meta overcame the challenges of crafting a QoS policy at scale and maybe learn a few tricks for finding hidden gremlins in your own networks.

Speakers
  • Speaker Ashley Hatch
Full Abstract

Are you a pro in CLI commands but tired of manually logging in to each network device and managing the network device configuration and operational data using the command line interface? Then it's time for you to explore Scrapli and automate CLI scraping. Scrapli is a Python library that helps you to connect multiple network devices via SSH or Telnet, synchronously or asynchronously for screen scraping. It is a vendor-neutral, fast, flexible, and well-tested open-source automation tool. It allows you to manage the configuration of multiple network devices simultaneously. It supports Cisco IOS-XE, IOS-XR, NX-OS, Arista EOS, and Juniper JunOS network operating systems. This session gives an overview of Scrapli and its flavors(Scrapli-Netconf and Nornir-Scrapli) that help automate task execution to manage network configuration and operational data.

Neelima Parakala: Neelima Parakala is a Software Technical Marketing Engineer at Cisco, focusing on Service Provider products and network automation tools. Neelima received her B. Tech. in Computer Science and Engineering from Amrita University, Kerala in 2014, and her MS in Computer Science from the University of South Florida in 2018. She has a background in software engineering, including developing network protocols, distributed applications, and automation tools. She is the developer of NAPALM IOS-XR NETCONF driver. Prior to joining Cisco, Neelima built high-performance web applications for financial firms
Speakers
  • Speaker Neelima Parakala
Filipe Correia - Ribbon
Full Abstract

We need to build optical networks in multiples of 400G lanes – 400G/800G/1200G and so on – to transport data center traffic that is growing in multiples of 400GbE. The presentation shows how the industry is leveraging progress in DSP technology to create two complementary types of 0dBm transceiver solutions to meet different needs: 1) proprietary capacity-reach optimized transceivers that maximize channel capacity for any distance, including regional coverage 800G and short haul 1200G in 2023, and 2) standard cost-power optimized transceivers that provide strong enough performance for most metro applications, including 400G in 2023 and 800G in 2024. The presentation also shows how these solutions can operate together on the same fiber using a rational 75GHz/150GHz channel plan.

Filipe Correia: I am a Business Development Manager for Tier 1 service providers in North America, focused on Ribbon's IP, Optical, and Automation portfolio since 2021. In the past, I was also Regional Product Line Manager and Consulting Engineer in Nokia Networks’ IP & Optical Network Division, focused on IP portfolio, network automation and optimization solutions including Software Defined Network (SDN) Controllers for enterprise, web scale, and provider networks. I am a regular speaker at network and industry conferences. Currently based in Dallas, TX, and have more than 23 years of experience in telecommunications across Ribbon Communications, Nokia and Alcatel-Lucent as well as over 16 years focused in the IP division working on Enterprise and Service Provider IP/MPLS networks. Along the way, I've also lived and supported Asian Pacific accounts out of Melbourne, Australia, focused on IP/MPLS networks, which has given me a great view of network implementations across regions.
Speakers
  • Speaker Filipe Correia - Ribbon
Full Abstract

This presentation traces the history of the world's largest spam operation, from its humble beginnings in the early 2000's sending out the usual types of scams of that time, to its rise doing "advertising" for large corporations. Their ties to well-known "spam kings" are uncovered as well as the extreme lengths they took to keep their operation hidden from the public. This all came crashing down when several of their executives were convicted of federal fraud charges and CAN-SPAM violations, resulting in the company losing over $1 billion in value, and the email marketing division finally being shut down completely.

Speakers
  • Speaker Matthew Schneider
Charles Rumford - Deft and TallWireless
Full Abstract

NANOG Jeopardy is back with better software, better buzzer, and fun new topics!

Charles Rumford: Charles currently works for Deft as a lead network and automation engineer on the operations team. His main responsibilities include routing, network design, systems administration, network design, and automation. "Making events non-events" and "no one should know we've done anything" are his primary guiding principles for designs and work. Usability and security are of great interest to Charles as well. Outside of the work space, Charles doesn't stray to far from the technology path. He serves on the planning committees for The WOPR Summit and the Blue Team Village @ DEFCON. His primary roles are to support conference IT infrastructure, speaker operations, and community development. Outside of the technology space, Charles is very active in the Philadelphia Guild of Change Ringers serving as treasurer, steeple keeper, and educator. He also finds enjoyment in the orchestra, knitting, musical theater, and cycling.
Speakers
  • Speaker Charles Rumford - Deft and TallWireless
Full Abstract

Engineering Teams have always struggled to create meaningful hardware-based infrastructure lab environments for such tasks as mocking up networks and simulating design changes, practicing major migrations before touching production networks, or training new users with hands-on experiences that emulate their own networks. These hardware-based labs are expensive to build up and difficult to maintain. In addition, with a push for learning Network Automation and new Cloud-Based Management Solutions, a dev-ops environment to experiment with these tools against infrastructure is a must.

While simulated network tools have been around for quite some time, I'd like to share some my recent experience and success in utilizing an easy to implement and low-cost tool to provide a simulated sandbox environment for some of the above initiatives. Some of the referenced initiatives have been geared toward internal engineering teams, while others have been customer facing for training and Proof-of-Concept initiatives.

Michael Carey, a Senior Solutions Architect, will present on some of what has been learned along the way utilizing this tool, EVE-NG, to show how to easily get this tool up and running in various environments, provide some ideas for where to start with the vendor emulation environments, and discuss some of the benefits this environment can provide to your engineering staff and/or customers.

Michael Carey: Michael Carey is a Senior Solutions Architect within the Commercial East Sales Architecture team at ConvergeOne. His previous role as a Lead Solutions Architect at ConvergeOne and Integration Partners focused on multi-vendor Network Fabric architectures and designs, developing and utilizing Network Automation tools, and leading the Mid-Atlantic Post-Sales Engineering efforts. Prior to joining ConvergeOne, Michael held positions as the Lead Network Engineer and Director of Network Operations with the Keystone Initiative for Network Based Education & Research (KINBER) designing, building, and managing Pennsylvania's Research and Education Network (PennREN). Michael has previous Network Design, Implementation, and Network Management experience at UPS Logistics Group, Tidelands-Georgetown Hospital Systems, and Penn State University. Michael is a graduate of Penn State University and resides in State College, Pennsylvania.
Speakers
  • Speaker Michael Carey - Integration Partners
Full Abstract

The attacks on critical infrastructure like a service provider network have been increasing more than ever along with their level of sophistication. Attackers are not just targeting the product, but the infrastructure and tools used to build the end products are also being attacked. With the dynamic ever-changing threat landscape in service provider networks, it's important to look at security from ground-up. No amount of software security features will come to our rescue if the hardware itself has been compromised. Attendees of the session will benefit from understanding the various threats to a network device and how each of them can be addressed at every layer. In addition to ensuring the integrity of the network device, the session also focusses on the operational security aspects to ensure the security posture of the entire network is stronger. Lastly, the session also introduces the impact of Quantum Computing on network security and the possible solutions to handle this threat.

Speakers
  • Speaker Rakesh Kandula
Full Abstract

The Women in Tech Mixer welcomes all attendees that identify as female and/or with she/her pronouns for an afternoon of networking with other fellow community members with light fare and drinks.

Full Abstract

The forum provides time for attendees to meet and network with others in the peering community present at NANOG.

Peering Representatives, who completed and submitted the form will have a dedicated highboy table for up to 2 representatives. They will be able to distribute business cards, and provide a white paper or 1 sheet marketing page. Please note: any other type of giveaway is not allowed.

Complete the form here: https://www.nanog.org/events/nanog-89/peering/

Sponsors:
Full Abstract

Location: Imperial Beach Biergarten
https://www.mikehessbrewing.com/imperial-beach/

Address: 805 Ocean Lane, Imperial Beach, CA 91932

Transportation: Will be provided starting at 6:45pm

*NANOG Badge required for entry

Sponsors:
Tuesday, October 17, 2023
Topic/Presenter
Full Abstract

Come play pickleball! We have reserved a court to play at the nearby Coronado Cays Park at 7-9 AM on Monday, Tuesday, and Wednesday. All levels are welcome. Coach Louie and his hat are available to offer instruction for beginners.

Paddles & balls will be provided. Dress in comfortable clothes and shoes for sports. Bring a water bottle and your paddle if you have one.

We will meet in the Loews hotel lobby at 6:45 PDT to go over to the park. (Transportation has yet to be finalized.)

Full Abstract

The Members Meeting agenda and link to the webinar details are available for Members only. You MUST be signed in with your NANOG Profile account to view the Members Meeting Agenda page. Please bring (or share via email) any questions you would like to discuss at the meeting.

Anshul Sadana - Arista Networks
Full Abstract

Anshul Sadana, Chief Operating Officer of Arista Networks, takes the stage for a fireside chat.

Anshul Sadana: SVP, Customer Engineering at Arista Networks Responsible for Product Roadmap, Pre-Sales and Services Globally.
Speakers
  • Speaker Anshul Sadana - Arista Networks
John Sweeting - ARIN
Full Abstract

ARIN is a nonprofit, member-based organization that administers IP addresses and ASNs in support of the operation and growth of the Internet. Hear from ARIN's Chief Customer Officer on where the organization sits with IPv6 growth, IPv4 Waitlist and Transfer stats, along with other notable organizational updates.

John Sweeting: John Sweeting is the Chief Customer Officer of the American Registry for Internet Numbers (ARIN), responsible for the overall development, direction and operation of the department. Prior to joining ARIN staff, he served 12 years on the ARIN Advisory Council, 6 of which he was the Chair, and 1 year on the Address Supporting Organization’s Address Council (ASO AC). John served on the Consolidated RIR IANA Stewardship Proposal (CRISP) team which was convened in December 2014 to guide development of the Number Community response to the IANA Stewardship Transition Coordination Group’s RFP.
Speakers
  • Speaker John Sweeting - ARIN
Full Abstract

Session Description, this session will be the DE&I presentation taking place before the DE&I Lunch on Tuesday. This session will be followed but continued discussion during lunch.

Summary:

At Discover, we make DE&I a part of everything we do so our employees can thrive, and we can best serve our customers. Progressing DE&I is both the right thing to do and critical to our success as a business. We’ve established measurable North Star DE&I Goals in three areas:

Diversity

Increase the representation of Women and People of Color at all management levels to 50% and 40%, respectively, by 2025.
Increase representation of Black and Hispanic at all management levels to 15% by 2025
Equity

Monitor our core talent processes to identify and resolve any potential equity gaps
Inclusion

Achieve and maintain equally strong employee inclusion across all identity groups by 2024

To achieve these goals, we rely on our network of leaders to power our success. In 2022, we invited all people leaders and our affinity group leaders to take a 60- day inclusion challenge. About 70% of our target population opted-in to take the challenge! As a result, our Engagement and Inclusion Index scores increased across nearly all identity groups, with overall Engagement and Inclusion increasing three points from 2021.. We attribute this progress to the intentional effort leaders have made to shape our DE&I culture.

In this session, you’ll learn:

Concepts around race and human dynamics that can causes tension and conflict between groups
Opportunities to start new inclusive practices that will raise your leadership effectiveness

Agenda & Timing

Topic

Time

Welcome & Opening

- About Discover

11:15 – 11:20

5 min

Unpacking Leadership

- How our brain works

11:20 – 11:30

10 min

Unpacking Race

- How race became a class

11:30 – 11:55

25 min

Inclusive practices, discussion prompts for lunch, & close

11:55-12:00

5 min

Lunch & Q&A

12 – 1:00

Speakers
  • Speaker Joy Canonigo
Full Abstract

Continue the conversation! Join us in the Diversity, Equity, + Inclusion Lunch to discuss three topics following the presentation from Joy Canonigo.
i. Where do you see opportunities to expand your network? Identify the top 3 areas of diversity you would like to know more about. Share with your table group and get feedback on how to learn more about those areas.
ii. Think about a time when you or a loved one felt included/excluded; How did that moment impact your perspective? What inclusive practice will you start as a result?
iii. Why is it important that we focus on DE&I, what are the benefits? What happens if we don’t? What will you do as a result?

Sponsors:
Full Abstract

This tutorial explores the fundamentals of optical networking technologies, terminology, history, and future technologies currently under development.

Example topics include:

* How fiber works (the basics, fiber types and limitations, etc)
* Working with optics (choosing the right type, designing optical networks, etc)
* Optical power (understanding dBm, loss, using light meters, etc)
* DWDM (how it works, muxes, oadms, amps, etc)
* Dispersion (what is it, why do we care, how do we fix it)
* Optical Myths (can I hurt myself looking into fiber, can I overload my optic, etc)

Speakers
  • Speaker Richard Steenbergen - Petabit Scale
Full Abstract

There are two major well known BGP collection projects out there, RIPE RIS and the University of Oregon Route Views.

But did you know there is a 3rd one that bgp.tools operates?

In this talk I will show bgp.tools runs it's 1000+ session BGP collector, and how the rest of the site works, what it can do, and what bgp.tools is doing to come closer physically to networks for route collection where possible!

Speakers
  • Speaker Ben Cartwright-Cox
Full Abstract

In this talk, we describe procedures that make use of Autonomous System Provider Authorization (ASPA) objects in the Resource Public Key Infrastructure (RPKI) to verify the Border Gateway Protocol (BGP) AS_PATH attribute of advertised routes. This type of AS_PATH verification provides detection and mitigation of route leaks and improbable AS paths. It also to some degree provides protection against prefix hijacks with forged-origin or forged-path-segment.

Kotikalapudi Sriram: Sriram received B.S. and M.S. degrees from the Indian Institute of Technology, Kanpur, India, and a Ph.D. degree from Syracuse University, all in electrical engineering. He is currently a Senior Researcher in the Communications Technologies Laboratory at the National Institute of Standards and Technology (NIST), Gaithersburg, Maryland. Previously, he held various positions at Bell Laboratories - the innovations arm of Alcatel-Lucent and formerly that of AT&T. His titles at Bell Laboratories included Consulting Member of Technical Staff (highest rank in the technical ladder) and Distinguished Member of Technical Staff. His current research interests include inter-domain routing architecture and security and DDoS mitigation. He is a co-author of several IETF RFCs related to RPKI, BGPsec, route leaks mitigation, and source address validation. He is a contributing author and a coeditor of the book "Cable Modems: Current Technologies and Applications" (IEEE Press, 1999). He holds 18 U.S. patents. He is a recipient of the US Department of Commerce Gold Medal. He is a Fellow of the IEEE.
Speakers
  • Speaker Kotikalapudi Sriram
Full Abstract

Allocation of the global IP address space is under the purview of IANA, who distributes management responsibility among five distinct Regional Internet Registries (RIRs). Each RIR is empowered to bridge technical (e.g., address uniqueness and aggregatability) and policy (e.g., contact information and IP scarcity) requirements unique to their region. Despite the critical policy and technical importance of IP address allocation, little systematic effort has analyzed fine-grained geographic registration information, much less its accuracy.

In this work, we examine all IPv4 address information across all five RIRs to characterize where addresses are physically registered and the extent to which these registrations cross RIR region boundaries. We then perform an active measurement IP geolocation study to validate registration geo-information accuracy -- in essence an ``audit'' of the registries. While we find the registration locations to largely be consistent with our geolocation inferences, we show that some RIRs have a non-trivial fraction of prefixes that are used both outside of the RIR's region and outside of the registered country's region. Such discrepancies may warrant further investigation.

Speakers
  • Speaker Robert Beverly
Full Abstract

Internet routing is a key building block of the Internet’s infrastructure that remains vulnerable to attacks. Resource Public Key Infrastructure (RPKI) has emerged as the leading strategy for securing BGP routing, though uptake has been uneven across the world.
The presentation will introduce the results of data analysis on RPKI adoption in North America and the Caribbean.
With the support of ARIN Community Grants program, the DNS Research Federation team is analysing BGP announcements and their validity status to explore RPKI coverage, RPKI validation results and study-country level trends in the countries of service within the ARIN region.
In the presentation, project leads, Carolina Caeiro and Mark McFadden, will introduce our global stats on RPKI adoption and validation results, and how the ARIN region is performing as a whole. We will then look at sub-regional trends, with a special focus on dynamics in the US and Canada, and how these differ from those of Caribbean counterparts served by ARIN. The presentation will also take a closer look at invalids routes identified in North America, and patterns emerging in the data from observing invalid routes.
The Data Analytics Platform where we host the data is open for general use, so we will introduce to the community how they may sign up to process the RPKI data themselves, and conduct personalised queries, such as ASN and prefix lookups.

Speakers
  • Speaker Carolina Caeiro
Leif Sawyer - GCI Comunication Corp (AS8047)
Full Abstract

Hear from candidates John Jason Brzozowski, Vincent Celindro, Ron da Silva (video message), Cat Gurinsky, and Marlin Martes as they answer questions asked by Leif Sawyer from the NANOG Election Committee.

Remote attendees are invited to join the session live via Zoom.
Join Zoom Meeting
https://nanog.zoom.us
Meeting ID: 875 1264 3179
Passcode: 760218

NANOG Members are invited to leave Statements of Support for the candidates. You may complete a form here: https://www.nanog.org/members/elections/2023-candidate-statement-of-support-form/

Voting will open after the conclusion of this Candidate Forum.

Speakers
  • Moderator Leif Sawyer - GCI Comunication Corp (AS8047)
Full Abstract

Routing matters to the DNS, especially the security of routing. DNSSEC permits a receiver to validate responses, but this can't happen if the query is not delivered to an appropriate server. This study is a measure of RPKI deployment by DNS operators, analyzed according to the DNS division of labor. Deployment in the top of the global public Internet's names, the root zones, the top-level domains, and the RIR reverse map zones is measured, as well as deployment by names registered within selected top-level domains. Surprisingly, there are starkly different deployment rates of this routing security mechanism within the different DNS environments.

Edward Lewis: Edward is a Senior Technologist in the Office of the CTO. Prior to joining ICANN he worked 11 years inside Internet registries of many types - gTLD, ccTLD, sTLD and RIR. He worked for a DNS Hosting company. He co-chaired the original IETF WG that developed EPP. He developed some of the first DNSSEC codebases under the original DARPA contract in the 1990's. Before that, he worked building research networks attached to the NASA Science Internet (one of the three original backbones) and taught Networking courses at the University of Maryland - Baltimore County.
Speakers
  • Speaker Edward Lewis - ICANN
Full Abstract

The Border Gateway Protocol is vulnerable to IP prefix hijacks, enabling a range of attacks. The Resource Public Key Infrastructure (RPKI) was introduced to tackle the security problems of BGP with attestations on the valid ownership of IP resources by Autonomous Systems (ASes).
Securing BGP and understanding the limitations of current security solutions is a very timely and important topic, as is also shown by the recent inquiry into Internet routing vulnerabilities launched by the FCC.
In this talk we will illustrate how the vulnerability in the Internet can be measured by running active attacks on BGP with self-own resources. We use the presented technique to show that the Internet of today is still vulnerable to origin hijacks. Encouragingly, our results also indicate increasing deployment of the RPKI to protect against the attacks.
We found that over 27% of observed networks use the RPKI to validate routes in BGP updates.
We add a mathematical graph-analysis to our measurements to quantify how current RPKI deployments block propagation of hijacks and surprisingly find that ROV enforcement in Internet Exchange Point (IXP) routeservers does not prevent global propagation of hijacks.
We observe that our attacks were leaked over almost all IXP routing LANs despite ROV enforcement in their respective routeservers. Our evaluations show that the leaks occur due to a high prevalence of direct sessions between IXP customers, circumventing routeserver ROV and spreading our attacks. IXPs thus only provide local protection to sessions of their routeserver, but they hardly limit the global spread of our attacks.
On the other hand, we demonstrate that large providers have a strong impact on limiting the global spread of our prefix hijacks. We thus emphasize that deploying RPKI validation on large providers provides a strong collateral protection. We further want to encourage operators to either move IXP sessions to the routeserver or implement ROV in their own routers.

Niklas Vogel: Niklas Vogel is a first year PHD student at Goethe University Frankfurt. His research is focussed on routing security, mostly looking into RPKI software and measurements. The aim of his research is to bring RPKI forward, aiding its deployment to reach wide protection of the internet.
Speakers
  • Speaker Niklas Vogel
Full Abstract

Mutually Agreed Norms on Routing Security (MANRS) is an industry-led initiative to improve Internet routing security by encouraging participating networks to implement a series of mandatory or recommended actions. MANRS members must register their IP prefixes in a trusted routing database and use such information to prevent propagation of invalid routing information. MANRS membership has increased significantly in recent years, but the impact of the MANRS initiative on the overall Internet routing security remains unclear. In this talk, we provide an independent look into the MANRS ecosystem by using publicly available data to analyze the routing behavior of participant networks. We quantify MANRS participants' level of conformance with the stated requirements. We found that as of May 2022, over 83% of MANRS networks were conformant to the route filtering requirement by dropping BGP messages with invalid information according to authoritative records, and over 95% were conformant to the routing information facilitation requirement, registering their resources in authoritative databases.

Speakers
  • Speaker Ben Du
Full Abstract

Cloudflare Radar (https://radar.cloudflare.com/) is a hub that showcases global Internet traffic, attack, and technology trends and insights.for the global Internet, countries, and individual networks. With recent efforts, we brought more inter-domain routing information to Cloudflare Radar. We now provide free access to routing statistics, routing anomalies, network registration information, and more on Radar, via website and API access. In this lightning talk, we present what Cloudflare Radar sections contains, as well as how operators can use it to gain insights and debug network issues.

Speakers
  • Speaker Mingwei Zhang
Full Abstract

As BIRD 2 is finishing its 6th year of life and BIRD 3 is pacing fast to become the new stable version, we have to discontinue support for BIRD 1. It hasn't seen any update for 4 years and our team is quickly forgetting the needed knowledge. Please upgrade to BIRD 2 before this year ends.

Speakers
  • Speaker Maria Matejka
Full Abstract

Join us for drinks, networking and fun during NANOG89! | Arelion
Register here: https://www.arelion.com/knowledge-hub/events/nanog89-evening-networking-event
*NANOG Badge required for entry

Wednesday, October 18, 2023
Topic/Presenter
Full Abstract

Come play pickleball! We have reserved a court to play at the nearby Coronado Cays Park at 7-9 AM on Monday, Tuesday, and Wednesday. All levels are welcome. Coach Louie and his hat are available to offer instruction for beginners.

Paddles & balls will be provided. Dress in comfortable clothes and shoes for sports. Bring a water bottle and your paddle if you have one.

We will meet in the Loews hotel lobby at 6:45 PDT to go over to the park. (Transportation has yet to be finalized.)

Full Abstract

This is a session to discuss the desires and needs of the NANOG community for our Diversity, Equity, and Inclusion efforts at NANOG 90 and beyond. What should we keep doing, what new things would you like to see, and what would make it easier to participate in building community at the meetings?

Please come to this session prepared to participate! Remote attendees are invited to join the discussion live via Zoom.
Join Zoom Meeting at https://nanog.zoom.us/
Meeting ID: 833 9025 5276
Passcode: 441836

Full Abstract

The delivery of high quality streaming video via the Internet presents serious challenges for Content Providers, Content Delivery Networks and Internet Service Providers. This presentation will cover industry trends in streaming media, how Verizon has traditionally received streaming traffic, the efforts within industry organizations to improve the streaming video experience through Open Caching and the results seen at Verizon from deploying Open Caching at a nationwide scale. Measurements will be presented for buffering, video start failures and other key metrics from a production streaming video service.

Speakers
  • Speaker Jeff Budney - Verizon
Nikos Kostopoulos - NTUA/GRNET
Full Abstract

Wi-Fi is one of the most popular Internet access methods. Monitoring Wi-Fi networks to ensure their normal operation is essential. WiFiMon ([1], [2]) is a GÉANT service offering open-source tools for efficient Wi-Fi network performance monitoring. The purpose of WiFiMon is to assist administrators in identifying underperforming segments within their networks and optionally enhance performance, for example, by installing more Access Points (APs).

WiFiMon combines various data sources, including WiFiMon Software Probes (WSPs) and WiFiMon Hardware Probes (WHPs). WSPs deliver crowdsourced measurements by reporting performance as experienced by end users roaming the Wi-Fi network, whereas WHPs trigger equivalent measurements from fixed network positions. WHPs complement WSPs by facilitating baseline performance comparisons, hence WHPs are integral to WiFiMon’s operation. WHP measurements mainly rely on Raspberry Pi devices, although any Unix-based device may be used. Optionally, in IEEE 802.1X networks WiFiMon may leverage on RADIUS and DHCP logs to enrich monitoring options, e.g. by reporting throughput per network Access Point.

In this presentation (attached), we provide an overview of WiFiMon and its architectural components, outline its fully automated installation procedure and report recent efforts on facilitating the distributed configuration and control of our WHPs.

[1] WiFiMon Homepage, https://wiki.geant.org/display/WIF/WiFiMon+Home
[2] WiFiMon paper, https://dl.ifip.org/db/conf/wons/wons2021/1570695031.pdf

Nikos Kostopoulos: Nikos is a Ph.D. Candidate at National Technical University of Athens (NTUA), Greece, focusing on network security. He is also a software developer for GÉANT WiFiMon participating as an associate of GRNET, the Greek Research and Technolgoy Network.
Speakers
  • Speaker Nikos Kostopoulos - NTUA/GRNET
Full Abstract

This is a session to discuss the desires and needs of the NANOG community for our Hackathon reboot at NANOG 90. What have you enjoyed, what would you like to see, and what have been barriers to participation? If you’ve never participated in a NANOG Hackathon - join us and tell us why, or what would encourage you to join us in the future.

Please come to this session prepared to participate! Remote attendees are invited to join the discussion live via Zoom.
Join Zoom Meeting at https://nanog.zoom.us/
Meeting ID: 833 9025 5276
Passcode: 441836

Aftab Siddiqui - Internet Society
Full Abstract

Routing security is a foundational aspect of maintaining a stable and secure Internet infrastructure. Within this context, the IRR data plays a critical role in managing routing information. However, the presence of stale and incorrect data in unauthenticated IRR databases introduces significant challenges to routing security.

Stale data in IRR db refers to routing information that is outdated or no longer valid. It can arise due to delays in updating or purging obsolete route announcements. The consequence of stale data can be lead to mis origination accepted as valid, causing traffic to take inefficient or insecure paths, which could have serious implications for network performance and security.

We are going to explore some data related to ARIN allocations in RADb, one of the major IRR db service available, addressing concerns such as inaccurate/stale data is a complex endeavour. Solutions include the adoption of Resource Public Key Infrastructure (RPKI) but we don't have enough uptake to completely replace IRR. We are not suggesting a single step to resolve everything, lets look at the data and find out how it can be resolved collectively.

Aftab Siddiqui: Aftab Siddiqui is the Senior Internet Technology Manager atthe Internet Society and leading the MANRS (Mutually Agreed Norms for Routing Security) initiative. MANRS is a global community driven initiative encouraging network service providers, Internet exchange points, Cloud and CDN operators to implement basic network security measures to secure the global routing system. He is based in Sydney, Australia. Before joining ISOC he was working with a system integrator as its Chief Technologist in Sydney. He has vast experience in the service provider sector, he spent almost a decade at Cybernet (one of the largest ISP in Pakistan) leading the Network Operations and Projects team. He is a regular presenter in various technology events like SANOG, APNIC/APRICOT, MENOG and other national NOGs. Currently, serving as the Chair of Routing Security SIG at APNIC.
Speakers
  • Speaker Aftab Siddiqui - Internet Society
Full Abstract

This presentation will be an update of what's been going on at Network Time Foundation in general, and a status update for its NTP, LinuxPTP, libptpmgmt, Khronos, and SyncE Projects.

Harlan Stenn: Harlan Stenn is a nearly 50-year veteran of the IT industry. Harlan began programming computers in high school in 1971. He holds a bachelors degree in Business Administration (Accounting) from The Colorado College in Colorado Springs, and an MSE in Computer Science from Washington University in St. Louis. A well-versed entrepreneur, Harlan has blah blah blah and is well known for writing astonishingly portable C code since the early 1980s. In mid-2011 he started Network Time Foundation (NTF), with the mission to provide direct services and support to improve the state of accurate computer network timekeeping. NTF now works with several time-related projects, including Khronos, the NTP Project's Reference Implementation, Ntimed, Linux PTP, libptpmgmt, several SyncE projects, and the General Timestamp API and Library. The GTSAPI is a way to make sure that a timestamp contains enough information to be useful outside of the system on which it was “taken".
Speakers
  • Speaker Harlan Stenn
Full Abstract

Are you struggling with load balancing in your on-premises Kubernetes cluster? Do you wish to have the same level of automation and experience as the Public Cloud? Look no further! In this presentation, we will guide you through defining your own on-premises Kubernetes LoadBalancer service using BGP through the Datacenter Fabric and bringing true load balancing across the leaf switches with ECMP.
We will demonstrate how to set up a demo from scratch using open-source tools like Containerlab, MetalLB, and Kubernetes Kind. MetalLB is one of the most widely used open-source load balancer projects in enterprises and is suitable for telco use cases like IoT or 5G edge designs. Kubernetes Kind is a tool for running local Kubernetes clusters using Docker container “nodes” and can be used for local development or CI.
This presentation is intended for audiences with any level of skills. We will provide all the necessary elements in a Github repository at https://github.com/cloud-native-everything/metallb-srl-nanog89, which you can use to try in advance or after the session. We are also developing an app to make this lab more automated, which can be executed with just one command. We welcome any collaboration on this project.
Don't miss this opportunity to learn how to bring true load balancing to your on-premises Kubernetes cluster.

Mauricio Rojas: Mau has been working in the IT Industry for more than two decades, most of this time, leading the introduction of new technologies for Data Centers and Cloud in new markets. Originally from Santiago of Chile, he's currently working as Network Automation rPLM in Nokia, supporting US and Canada. Continuously testing the limits of use cases that involves techs like Kubernetes, YANG or Automation Frameworks in General. Mau's also passionate with art (Instagram: p1nrojas), using what is left of his creativity at work into the canvas or digital illustrations.
Speakers
  • Speaker Mauricio Rojas - Nokia
Full Abstract

Automattic (AS2635) operates an Anycast CDN utilizing common internet transit links for datacenter interconnection (DCI) duties. Availability is handled by having a large variety of DFZ connections at each datacenter.

A huge issue with this strategy is the propensity for the internet to fail in ways that are not immediately obvious due to the heavy utilization of multi-pathing (ECMP, LACP, etc) technologies that can hide congestion and errors in the aggregation of many links by network service providers.

To find and visualize these issues, Automattic has designed and deployed internet monitoring software that successfully enumerates ECMP links on the open internet and allows us to find and quantify single-link failures deep within NSP networks. We have been using this software for some time to work with NSP's to aid them in more rapidly remediating their networks.

This presentation will present the basics of Anycast CDN operations, give a refresher on router flow-hashing and ECMP path selection and then delve into several case studies showing how Automattic's PINGO system is able to visualize ECMP failures deep inside the internet. We'll present several failures and show how we're able to track these issues down before the NSP's themselves.

Find Pingo on Github at https://github.com/automattic/pingo

Speakers
  • Speaker Tyler Leeds
Full Abstract

For the past 20 years, Internet telescopes have been a de facto standard for large-scale measurement of adversarial behavior on the Internet. However, as service deployment continues to concentrate on public clouds, and as adversaries become more sophisticated, conventional darknet telescopes can miss traffic phenomena, reducing situational awareness and putting services at risk. In response to the changing Internet landscape, we build DScope, a cloud-native Internet telescope. DScope works by leveraging cloud provider IP address pools, meaning it is located in-situ with the valuable targets for adversaries. DScope’s IP address footprint changes constantly, preventing attackers from identifying and avoiding the telescope. Finally, DScope IP addresses are backed by compute that allows for interactivity. DScope uses Linux Netfilter to NAT traffic to a transport-layer honeypot across all TCP ports.

Fundamentally, DScope aims to achieve quality (representativity of traffic) over quantity (total number of telescope IPs). In so doing, we challenge two long-held assumptions in the Internet measurement community: (1) that scanning is random, and so large darknet telescopes have good coverage, and (2) that IPs must be held for long durations to achieve high coverage of phenomena. To evaluate these assumptions, we compared DScope against Merit’s ORION darknet telescope, finding a broad class of cloud-targeted (non-random) traffic that is invisible to these conventional techniques. We also found surprising evidence that optimal measurement actually holds IP addresses for a relatively short time (8 minutes on AWS), as opposed to holding IPs for a long duration.

We are making DScope’s data available to researchers and practitioners to improve situational awareness about emergent threats, as well as to enable improvements to the security of deployed services. We are also soliciting collaboration with network operators and security practitioners towards expanding DScope’s vantage point.

Eric Pauley: Eric Pauley is a Ph.D. candidate and NSF Graduate Research Fellow at the University of Wisconsin–Madison. His research focuses on how public cloud deployment models upend existing assumptions about networks and the way we measure them. His work developing new cloud-based network vantage points has led cloud providers to improve security for tenants and their customers, and has yielded broad insights on security-relevant Internet phenomena. Eric is the co-founder and former CTO of the email marketing technology company Sendtric, which drives conversions for companies from small business to the Fortune 500. He is an instrument-rated private pilot, as well as an avid backpacker and rock climber.
Speakers
  • Speaker Eric Pauley
Full Abstract

The 50th anniversary of Ethernet technology is this year!

"The History and Future of the Ethernet"

This talk will be a retrospective for Ethernet as a technology as the birth of Ethernet was back in May 22, 1973, when Bob Metcalfe wrote a memo to the PARC management explaining how Ethernet would work. Ethernet has come a long way since then and May 22 2023 Ethernet will celebrate 50th birthday. The talk will look at what Ethernet was back in 1973, what it is today and where the technology is heading.

Mikael Holmberg: Mikael Holmberg is a Distinguished Engineer and member of the CTO office at Extreme Networks. He is an experienced professional in networking architectures and technologies who has worked in the computer networking and telecommunications industry for over 30 years.
Full Abstract

The FABRIC testbed is designed to help redefine the boundaries of what's possible in networking, security and distributed systems. I'll do a quick overview of its capabilities and tell you about how you can use this new, freely available testbed.

Speakers
  • Speaker Anita Nikolich
Full Abstract

You should use real OOB, it will save you when things break.

Speakers
  • Speaker Alex Latzko - DEFT.COM
Speakers
  • Speaker Chris Woodfield
Full Abstract

*NANOG Badge required for entry

Sponsors:

 

Network Lounge, sponsored by Windstream Wholesale, providing open seating space for attendee networking, located in Commodore AB.

Espresso Bar, sponsored by Approved Networks, is open Monday - Wednesday from 8:30 am to 4:30 pm, providing complimentary coffee drinks, located in Commodore AB.

 

Meeting Floor Plans

n89 first floor

Click to enlarge

n89 second floor

Click to enlarge

n89 wing floor

Click to enlarge

>

Meeting Network Connectivity

att
Meraki
Juniper Networks

Network Lounge Sponsor

windstream wholesale

Espresso Bar Sponsor

Approved Networks

Beer 'n Gear Sponsors

Cisco
Infinera
IPv4.Global
Juniper Networks
kentik
LightRiver
Nesevo
Netscout
Nexusguard
Nokia
precision optical
Selector.ai

Peering Sponsors

DE-CIX
jpix

Sunday Night Social Host

mdc
Uniti

Monday Breakfast Sponsors

Cogent
Exaswitch
Exfo

Monday Lunch Sponsors

isc
qts
xkl

Monday Break Sponsors

Charter Communications
Choice IT Global
ntt

Monday Night Social Host

Towardex

Tuesday Breakfast Sponsor

Approved Networks
Corero
Exa Infrastructure

Tuesday Lunch Sponsors

BlueCat
Thousand Eyes
zpe

DEI Tuesday Lunch Sponsor

microsoft

Tuesday Break Sponsors

EdgeConneX
Myriad360
xkl

Tuesday Night Social Hosts

Arelion
Ciena
Crown Castle
Neutral Networks

Virtual Meeting Fellowships Sponsor

Image Description

Service Sponsors

AWS
Cloudflare
Container Lab
Deft