Registration is Open
Learn MoreBecome a Sponsor
Learn More- Events
- NANOG 90
Gather With Us
NANOG is, and always has been, dedicated to the people who make up our community. Our tri-annual meetings draw up to 1,500 individuals in multiple facets of network engineering, operations, and architecture, who gather in major cities across North America.
Stay Competitive
Stay ahead of the curve with direct access to the industry’s top minds + hours of peer-reviewed content.
Bring Your Ideas to Life
Presentations at NANOG spark the imagination, encourage dialog, and drive new solutions to our greatest networking challenges.
Make Meaningful Connections
We understand the importance of one-on-one appointments with your colleagues — we offer the tools you need to schedule meetups and network.
Keynote: Abstract Ponderings: A 10-Year Retrospective
Rob Shakir - Google
This discussion is part retrospective/introspective, a candid look at where we've been and what we need to think about as we evolve the next generation of our management (and control) planes.
Learn MoreKeynote: A Brief History of the Internet in North Carolina
Mark Johnson - Independent
While the trajectory of Internet service and adoption shares similarities with other regions, North Carolina's unique story encompasses shared experiences and distinctive firsthand narratives detailing the uneven progress of the Internet's early days.
Learn MoreSocial Events
NANOG Socials are an incredible opportunity to get to know your peers in the industry + foster important relationships in a relaxed, casual environment.
NANOG 90 Venue Information
Headquarter Hotel
Le Méridien Charlotte
555 South McDowell Street, North Tower,
Charlotte, North Carolina, USA, 28204
Thank You Sponsors!
Building the Internet of Tomorrow takes a village. Our sponsors make these meetings possible, and we appreciate their support.
Please take the opportunity to learn more about the difference-makers within our community!
Coming to the NANOG 90 Stage in Charlotte
The following presentations will take place while NANOG is in Charlotte 12-14 February, 2024. More talks will be listed as the Program Committee accepts submissions.
Full AbstractAn ongoing issue with Internet standards development is limited interaction between the standards developers and the network operator community. This talk is a step toward bridging that gap, highlighting ongoing work from the IETF that is likely to be published in the RFC series or will otherwise have notable operational considerations. |
Full AbstractGoogle gRPC gNOI service is a commonly used tool today to manage TLS certificates. This session introduces the audience to gRPC gNSI service that is being developed by Google for all security related operations on the router. We will start with a brief overview of TLS, discuss challenges with TLS configuration on a router followed by a recap of gNOI and an introduction of gNSI. |
Full AbstractIn this session we review IPv6 features and capabilities on AWS, best practices for adopting IPv6 on AWS, and reference architectures. We also dive deeper into the common use cases that drive customer IPv6 adoption on AWS, and lessons learned to help you accelerate your IPv6 adoption journey. |
Full AbstractWhat if you could fully automate your internet exchange? You can! In this presentation, IX founders Chris Grundemann and Matt "Grizz" Griswold will walk through the thinking, the architecture, the tools, and a real example to show you how-to use modern, open-source tools to build an IX operations platform capable of setting your IX to FullAuto. We will cover the terms and definitions that need to be understood, we'll introduce the network automation philosophy that drives successful projects, and cover the core principles that facilitate excellent execution. Then we'll walk you through an example, using a real IX (IX-Denver), to demonstrate the possibilities - and provide a roadmap for everyone else who wants to do the same. Automation is not just for network operators. We can, and should, automate our internet exchanges as well. Let's go! |
Full AbstractRPKI ROV adoption has grown significantly over the past five years. In a recent milestone, the percentage of IPv4 routes in the global routing table with ROAs has finally crossed 50% (IPv6 crossed this mark last year). In addition, another major telecom began rejecting RPKI-invalid routes reducing the propagation of these problematic routes even farther. Finally, this talk with present an analysis of the 'effective expirations' of ROAs and how the behavior of these expirations varies greatly between RIRs due to differences in their cryptographic chains. |
Full AbstractWhen it comes to Internet access, Indigenous communities are among the most underserved throughout North America. According to Canada’s ISED, 97 percent of urban households have access to high-speed Internet, compared to only 37 percent in rural communities. The statistics are even more bleak for Indigenous communities, where just 24 percent have access to high-speed Internet. |
Full AbstractDatacenters are comprised of thousands of servers, network and storage devices. Data Center Networks (DCNs) are the communications backbone of a datacenter. Several architectural and design innovations have been introduced in DCNs to address the growing size and increasing operational demands of the datacenter. From a protocol perspective, these demands and challenges have been addressed primarily by aggregating multiple off-the-shelf protocols and retrofitting them to the DCN communication needs. This aggregation has resulted in higher overhead, added operational complexity and requires increased effort to perform DCN troubleshooting and maintenance. |
Full AbstractWith a few simple changes, IP-transit customers can increase the reliability of the prefix filtering provided to them by their IP-transit providers, and hopefully avoid easy-to-mitigate prefix filtering issues. As an IP-Transit provider, we (Inter.link) often encounter prefix list generation issues with our customer's IRR data. In this talk we'll present some easy to implement changes, in relation to their IRR data and PeeringDB data, that have helped our customers, which other IP-transit customers can implement to improve the quality of their service with their provider. |
Full AbstractThis 15-minute talk introduces the audience to ICANN's KINDNS Initiative. Modeled on ISOC's MANRS program, KINDNS (which stands for Knowledge-sharing and Instantiating Norms for DNS and Naming Security) aims at developing a simple but effective framework for a secure DNS operation to which operators can voluntarily and easily commit. This framework should be something simple to refer to and be accessible to even small operators that may typically be unable to dedicate many resources to globally follow both the evolution of the DNS protocol and discussions about operational best practices. |
Full AbstractExploring integration options: |
Full AbstractThis presentation chronicles our experience, highlighting the critical role of threat intelligence in understanding and countering malicious actors. We’ll delve into the data-driven approach we employed to crack their attack patterns, paving the way for strategic countermeasures. |
Full AbstractThe American Registry for Internet Numbers (ARIN) is a nonprofit, member-based organization that administers IP addresses and ASNs in support of the operation and growth of the Internet. Hear from ARIN's Chief Customer Officer on where the organization sits with IPv6 growth, IPv4 Waitlist and Transfer stats, along with other notable organizational updates. |
Full AbstractA bird's-eye view over IONOS' European backbone, connecting about three dozen locations in Europe. |
Full AbstractNetwork operators engineer their networks with enough capacity to service peak loads. They also engineer redundant capacity into their networks. During off-hours, much, if not most, of this capacity is unused. Sadly, most networks consume nearly the same amount of power during off-hours as they consume during peak-hours. In this presentation, we propose a power management portal that reports a) network status, b) network power utilization and c) network power efficiency. It also proposes strategies for powering down selected router components during off-hours and powers those router components up and down as per the proposed strategy. This power management portal is under development and the authors are soliciting co-innovators. |
Full AbstractThe use of IP spoofing for generating DDoS attacks has been around for decades. In the last several years, tracing back spoofed traffic and engaging networks to deploy ACLs/uRPF to enforce BCP38 has become a common method to disrupt DDoS-As-A-Service providers (also known as booters/stressers). This presentation will cover the overall effort along with methodologies that networks can use to detect this as well as controls they can implement to mitigate this behavior. A number of real-world trace back scenarios will be covered as well as interesting things found along the way. |
Full Abstractmeshrr is a concept of how to leverage the possibilities of cloud technologies for the benefit of traditional networking infrastructure. It is a demonstration-grade, scale-out, hierarchically-capable, BGP route reflector and route server approach using Juniper cRPD and intended for deployment on Kubernetes. |
Full AbstractAs part of this research, we demonstrate the surprising impact of 1% packet loss on throughput, both in symmetric and asymmetric networking topologies, in the environment using CUBIC congestion avoidance algorithm. Our findings reveal a significant decrease in throughput, more than 70%, compared to baseline measurements without packet loss. Moreover, we explore the effects of increasing packet loss levels, up to 10%, and observe a compounding decline in throughput, indicating the importance of addressing even minor levels of packet loss. We compare attained results using CUBIC congestion avoidance algorithm, in both topologies, with those achieved using the BBR congestion avoidance algorithm, advocating for broader and faster adoption of BBR. |
Full AbstractBGP’s deployment model makes even modest software bugs have significant consequences on global Internet routing. |
Full AbstractThis talk discusses methods and challenges involved in disrupting the operations of groups that carry out Distributed Denial of Service (DDoS) attacks. To disrupt DDoS attack operations, automated mechanisms need to continuously track global DDoS attacks and identify their orchestration infrastructures. This information enables sending high-quality takedown requests to hosting providers and domain registrars used by the DDoS groups. Successful takedown requests disrupt the attacks and demotivate DDoS operators by hampering their ability to keep their services running for financial gain. The takedown requests also help the recipient service providers to address gaps in their abuse detection and keep DDoS operations out of their platforms. However, these service providers respond to takedown requests at varying degrees of speeds and efficacy. The talk will explore alternative mechanisms to address these inconsistent responses. |
Full AbstractAs Roblox scales at an unprecedented rate, our legacy network collector architecture is becoming increasingly inadequate for efficiently gathering network device metrics. This presentation dives into the limitations of the existing system and unveils our innovative new architecture designed to scale 10x our current capacity. We will explore the challenges that necessitated this shift and the key features of the new architecture that ensures it can handle Roblox's ever-growing needs. |
Full AbstractIPv6 has been "the next generation of IP" for over 20 years. For the longest time, the gold standard has been to run a network with both IPv4 and IPv6, however operating both protocols at the same time presents an additional operational challenge. With the global share of IPv6 traffic nearing 40-50%, it's time to re-evaluate our goal and look at ways to run networks that are largely IPv6-only. So how do we start testing IPv6-only technologies? They can be complex to setup and troubleshoot even for seasoned network engineers let alone application developers, IT support personnel, and others with limited networking experience. Enter the IPv6 Test Pod, a device that intends to makes testing IPv6-only networks easy, made possible by the ARIN Community Grants program. The IPv6 Test Pod delivers a several IPv6-enabled networks, presented as SSIDs that the user can join to start testing IPv6-only technologies -- including dual-stack (as a baseline), IPv6-only, DNS64/NAT64, 464XLAT, and others. The IPv6 Test Pod is made available for no cost to project participants and participants can be anyone interested in testing IPv6-only networks including IT support personnel, developers, or even network engineers that are too busy to test IPv6-only networks. Dual stack is arriving, let's get ready for an IPv6-only world. |
Full AbstractThis presentation will explore the integral role of the Number Resource Organization (NRO) and the Regional Internet Registries (RIRs) in global internet governance, with an emphasis on the new NRO RPKI Program, an initiative overseen by the NRO Executive Council. As a strategic effort under the NRO and RIRs, the RPKI Program is pivotal in advancing the development and adoption of Resource Public Key Infrastructure (RPKI) across the globe, enhancing the security and stability of internet routing. We will introduce the leadership team spearheading this program, outline our strategic objectives, and discuss the impactful initiatives that are currently being developed. The presentation will emphasize how this program is a collaborative effort guided by the expertise and governance of the NRO Executive Council, seeking to draw in active feedback from the technical community to refine and innovate our approach. Concluding with detailed resources and avenues for engagement, attendees will gain insights into the significance of their participation in shaping the future of internet security through the NRO RPKI Program. |
Full AbstractWhere exactly are we with BGP security in the global Internet routing system? And what's ahead of us? In this talk I'll reflect on progress made in recent years and look ahead what problems remain and what solutions are in the pipeline. This won't be a "Look ROAs are up and to the right!!11!"-talk, but rather a reflection on various milestones the wider community managed to reach and where the gaps are in this multi-decade journey towards a secure routing system. |
Full AbstractIt's been a while since I adopted a new habit. The last few days of every year are a special time for me to recap what happened and what I learned in my personal and professional life. Additionally, I have a stash of notes that I've collected over the years. This session will demonstrate four of the most important lessons in my professional life and career in IT, notably managing high-performance teams in two of the largest public cloud providers in the world: Oracle Cloud and Amazon. While I learned these lessons the hard way and through a lot of trial and error, this short session is an attempt to share that experience not just with my peers in leadership roles but also with anyone who wants to manage even a small team of one. Here I will go over the four principles of (1) The power of authenticity, (2) The impossible self-cloning, (3) The concept of flexible 1:1s, and (4) The handling of unreasonable requests. |
Full AbstractThis talk summarises for a NANOG audience an academic paper recently presented at the "23rd Workshop on the Economics of Information Security". In the paper we evaluate a rare successful intervention in the management of Internet infrastructure -– a multi-year "traceback" campaign to shut down sources of spoofed traffic utilised for DDoS attacks. We assess why it has been possible to "move the needle" on an issue that has dogged the network engineering community for more than thirty years. The decentralised community of competing network providers has few incentives to solve the issue -- which is why little has changed since the flurry of activity when BCP38 (and the century) was new. Our analysis is based on interviews with key players in the initiative. We find that success occurred because the issue of spoofing was migrated away from the incentives of these companies into the incentive structures of the far more densely networked and centralised professional community of network engineers. |