Saturday, October 7, 2006
Topic/Presenter |
---|
RecordingsFull AbstractThis tutorial introduces service providers to some of the features available in BGP to aid multihoming to the Internet. After an explanation of multihoming and the principles being followed in this tutorial, several examples involving different scenarios will be given. Configuration techniques for modifying inbound and outbound traffic flows are covered, as are some examples on how to use BGP communities in inter-AS relationships. The tutorial finishes by covering some common multihoming security issues. Speakers |
RecordingsFull AbstractZero downtime is one of the key principles in network design, in particular when building data-centers, where key applications and data need to be accessed at any given time. Content switches have traditionally been used to build scaleable and resilient data-centers offering local load balancing for the data-center front-end and multi-tier architectures. Over the past years enterprises and services providers around the world have started to utilize content switches (often in conjunction with other dedicated GSLB devices) to also provide redundancy across multiple distinct geographic locations. The session introduces Global Server Load Balancing (GSLB) concepts and terminology, like active-standby, active-active, and disaster recovery, before diving into a detailed description of the most common GSLB technologies, including DNS-based solutions, L3-based solutions (Route Health Injection) and HTTP-only mechanisms. Speakers |
Sunday, October 8, 2006
Topic/Presenter |
---|
Full AbstractSpeakers |
Full AbstractExperience with telcos, ISPs, and cable operators, especially rural, has shown a lack of familiarity with ensuring fault tolerance of critical components such as softswitches (Class 5 and 4), remote monitoring and problem intervention for remote sites, quality of service, as well as load sharing and server backup. Drawn from carriers of all sizes, this presentation will discuss requirements checklists and real-world fixes. Some preliminary work on an open source remote management platform will be discused. Speakers |
RecordingsFull Abstract
Speakers |
Recordings |
Full AbstractAgenda ----------- 2:00-2:15 - Topic and Speaker, TBD 2:15-2:30 - Favorite Peering Routers - Discussion Facilitator: Tom Scholl This discussion will enumerate the top reasons Peering Coordinators prefer one router over another for the purposes of peering. We will have microphones circulating around the room so folks can chime in. 2:30-3:10 - The Great Debate - Should Consistent Announcements and a Backbone always be a requirement for multi-site Peering? The two debaters have agreed, regardless of their personal opinions, to present and defend the strongest arguments on both sides: Peter Cohen will be arguing that consistent announcements are indeed a rational requirement for multi-site peering. Aaron Hughes will be arguing that consistent announcements are not a valid peering requirement when peering with content that is duplicated/mirrored across multiple sites. The format is the same as previous debates: 2 minutes for each side to state their case 2 minutes each side to attack the others position and reinforce their position 2 minutes each to sum up their argument We will take an audience vote : Which side made the more compelling case? This will determine the winner of the debate. We will then open the floor to discussion, highlighting points that should have been made during the debate, points or questions that might highlight issues that might sway the audience to vote for which *argument* ultimately is stronger, after the audience discussions is over. We will take a final vote on the issue: "Should Consistent Announcements and a Backbone always be a requirement for multi-site Peering? 3:10-3:30 - Other topics that pop up from the community between now and the meeting and Peering Personals where Peering Coordinators can introduce themselves to the group, with the goal of initiating the peering negotiations. Speakers |
Monday, October 9, 2006
Topic/Presenter |
---|
Full AbstractSecurity incidents are a daily event for Internet Service Providers. Attacks on an ISP's customers, attacks from an ISP's customer, worms, BOTNETs, and attacks on the ISP's infrastructure are now one of many "security" NOC tickets throughout the day. This increase in the volume and intensity of attacks has forced ISP's to spend constrained resources to mitigate the effects of these attacks on their operations and services. This investment has helped minimize the effects of the attacks, but it has not helped stop them at the source. Stopping attacks at their source requires rapid and effective inter-ISP cooperation. Hence, these ISP Security BOFs are also used as a face-to-face syncup meeting for the NSP-SEC forum. Speakers |
|
RecordingsFull AbstractEvery SONET, TDM and Optical device manufacturers use the TL1 language as its dominant management protocol for controlling non-routing / transmission telecommunication devices. A general explanation of TL1, how one configures devices via the TL1 language, how to use commercial and open source software for TL1 and a case study of integrating exclusively TL1 devices into SNMP monitoring systems will be provided in this presentation. Speakers |
|
RecordingsFull AbstractEthernet services today are a viable alternative for businesses looking for private line connectivity among locations. One obstacle to the global deployment of such services is the limited reach of service providers offering such Ethernet services. Multi-provider Ethernet services are therefore important in ensuring mass-deployment and continued success of the Ethernet services market. In order to ensure operational success of multi-provider Ethernet services, the hand-off between providers needs to be sufficiently simple and flexible. This talk explores the viability of using a combination of VPLS and the recently standardized IEEE 802.1ad technologies as the underlying methodology for offering multi-provider Ethernet services. An overview of the methodology, benefits, potential challenges and comparison with alternative approaches will be covered in this talk. Speakers |
Full AbstractSpeakers |
Full AbstractIn the hot-potato settlement-free peering world of today, there is an expectation that all peers play & advertise routes equally. However, in reality, some settlement-free peers may attempt to short cut and modify advertisements resulting in you hauling traffic a bit farther than needed. This presentation looks at ways this is done today, some specific examples of this as well as other interesting things you can learn by examining routes received (but maybe not accepted) at all points in a network. Speakers Aman Shaikh, AT&T Labs Richard Steenbergen, nLayer Communications |
Full AbstractOn todays Internet, BGP leaks between peers are commonplace. While many presentations have been done regarding how to filter this, people still do not apply these practices. One feature though is used quite well across almost every network: maximum-prefix. While maximum-prefix does "stop" a leak, it still has some negative side effects. This presentation outlines some alternative concepts as to how maximum-prefix works to keep traffic (and BGP) operating even in the event of a leak. Speakers |
Full AbstractSpeakers Raul Lozano, Time Warner Telecom Danny McPherson, Arbor Networks |
|
RecordingsFull AbstractToday IPv6 has routing issues that need to be resolved. One of these is IPv6 Multihoming and Traffic Engineering. This briefing addresses all the IPv6 Multihoming Solutions currently put forward by the Internet Community as a collective. While Multihoming is the focus of this discussion, Traffic Engineering is also considered in parallel with the possible solutions being considered. With this briefing, I hope to receive further input on what direction the Internet Community wishes to pursue in order to resolve IPv6 Multihoming. Speakers |
Full AbstractIPv6 has seen relatively little adoption among service providers worldwide in recent years but that may be beginning to change. As fear of IPv4 address exhaustion looms and IPv6 is perceived to be maturing, roll-outs are increasing. This is bringing a series of conflicts between service providers and protocol architects. Service providers want to deploy IPv6 in a manner compatible with current IPv4 deployment, but this notably conflicts with desire to use IPv6 to solve the massive deaggregation and routing-table bloat seen in the IPv4 world. Clearly there are problems that need to be worked out. Nevertheless, a large group of IPv6 proponents has developed. These are people who think that IPv6 is more than ready for production deployment, even to end-users. They think it solves some problems for real networks (mostly related to IP number exhaustion, but there are others), and that the time for resistance, comment and criticism has come and gone. At the same time, a large and quiet body of people are (mostly) silently waiting for IPv6's demise so that we can start talking about a simpler protocol migration. These people tend to think that IPv6 is massively over-designed, fails to solve the location+identifier problem in routing scalably, and offers no backwards compatibility. They also tend to think that there is plenty of time to design and implement a better solution. IPv6 proponents, even those who think that the protocol needs work, obviously strongly disagree. What everyone agrees on is that IPv6 has not seen massive adoption and that there is a looming set of problems for IPv4 (the combination of address shortage and routing table bloat). This panel will finally unite the IPv6 naysayers and the IPv6 proponents in a single, constructive discussion. The idea is to combine people who think that IPv6 is workable but needs some fixing with those who think that it is fatally flawed in a useful, public debate. The panel also unites people whose experience is on the protocol design side, people who run large networks, and those who do research, analysis and tools for operators. Speakers Panelist - Daniel Golding, Tier 1 Research Panelist - David Meyer, Cisco, University of Oregon Jason Schiller, Verizon Business |
|
Tuesday, October 10, 2006
Topic/Presenter |
---|
Full AbstractThis session covers the functionality of the NetIO stack for Windows Vista and Windows Server Code-Name Longhorn, with a focus on its implications for network infrastructure and network operations. Case studies are presented to illustrate the opportunities and challenges associated with deploying significant new networking functionality, both in a broadly available consumer operating system and in a high volume server operating system. The session closes with some thoughts on improving the evolution of networking functionality through collaboration between software vendors and public network operators. Speakers |
Full AbstractPresenting progress on x.509 stuff. There is considerable progress, i.e. running code. Speakers |
Full AbstractSpeakers |
|
RecordingsFull AbstractPrefix hijacking events occur due to both unintentional configuration errors and intentional attacks. The talk introduces the Prefix Hijack Alert System (PHAS). PHAS is a simple, real time notification system that alerts prefix owners if the BGP origin for their prefix changes. The central goal of PHAS is to provide reliable and timely notification of origin AS changes. Although many origin changes are valid, the design of PHAS errs on providing notifications for all the prefix origin changes to maximize users detection power. PHAS notifications follow a standard format and are delivered to multiple mailboxes of prefix owners to maximize delivery reliability even in the face of effective route hijacking. An automated mail reader with a simple filter can quickly capture real route hijacks and ignore the rest messages, providing the network administrator with rapid notification and few (if any) false positives. In addition to origin changes, PHAS also notifies changes in sub-prefix sets and last hop sets. We are in the process of deploying PHAS, and prefix owners can now register their prefixes to receive alarms by email, or check the alarms for their prefixes on the web. Speakers |
Full Abstractlacing voice traffic on the data network exposes it to the same attacks that plague the existing Internet infrastructure. Traditional perimeter security solutions cannot cope with the complexity of VoIP protocols at carrier-class performance. To be useful and economical for carrier deployments, SIP-based VoIP security solution must process carrier-class call volumes. Equally important, solution elements should scale independently, allowing operators to manage growing demand and manage costs. In a unique collaboration between network operator, vendor, and academia, Verizon Labs, CloudShield, and the computer science team at Columbia University have implemented a large-scale SIP-aware application layer firewall (ALG) combined with Denial-of Service detection and mitigation to provide robust protection of SIP-based VoIP infrastructures. The SIP ALG uses a rule-based approach for rate limiting the signaling channel traffic, and the DoS filtering function discriminates legitimate traffic from attack traffic by enforcing threshold and authentication policies. The developed firewall device was found to exceed testing capacity with SIP traffic filtering managing call volumes exceeding 30,000 concurrent calls, and SIP signal processing of up to 300 calls per second. This presentation will cover the following topics related to this research project - The challenges for carrier-class VoIP infrastructure protection; - Details of the scalable SIP-aware ALG - Details of the SIP filtering solution for detecting and mitigating DoS attacks - The testing and analysis tool and test bed designed to validate the research - Performance testing results of the implementation The net result of this research is that scalable, affordable solutions are possible with commercially available hardware platforms and appropriately architected applications software. Speakers Gaston Ormazabal, Verizon Labs Somdutt B. Patnaik, Columbia University. Eilon Yardeni, Columbia University |
Full AbstractBotnets---networks of (typically compromised) machines---are often used for nefarious activities (\eg, spam, click fraud, denial-of-service attacks, etc.). Identifying members of botnets could help stem these attacks, but {\em passively} detecting botnet membership (\ie, without disrupting the operation of the botnet) proves to be difficult. This paper studies the effectiveness of monitoring lookups to a DNS-based blackhole list (DNSBL) to expose botnet membership. We perform {\em counter-intelligence} based on the insight that botmasters themselves perform DNSBL lookups to determine whether their spamming bots are blacklisted. Using heuristics to identify which DNSBL lookups are perpetrated by a botmaster performing such reconnaissance, we are able to compile a list of likely bots. This paper studies the prevalence of DNSBL reconnaissance observed at a mirror of a well-known blacklist for a 45-day period, identifies the means by which botmasters are performing reconnaissance, and suggests the possibility of using counter-intelligence to discover likely bots. We find that bots are performing reconnaissance on behalf of other bots. Based on this finding, we suggest counter- intelligence techniques that may be useful for early bot detection. The paper referenced in the talk is available at: http://www.cc.gatech.edu/~feamster/papers/dnsbl.pdf" TARGET="_BLANK">http://www.cc.gatech.edu/~feamster/papers/dnsbl.pdf Speakers |
Full AbstractIt's well known that the rise of peer-to-peer applications have had a major impact on the unprecedented increase in the Internet traffic worldwide. This phenomenon is very much particular in Japan due to popularity of fiber access services. An analysis was done on few interesting incidents that were observed in the past 6 months at JPNAP, a major IX in Japan. Before dawn on January 7 2006, a decline in aggregated traffic of about 20% at JPNAP was observed. We considered that quite a number of peer-to-peer windows machines rebooted automatically due to the emergency release of a Windows Update at that time. As a result a temporary traffic drop happened at JPNAP without any network troubles. Also, few interesting incidents happened at FIFA World Cup in June 2006. We could detect an anomalous traffic decline and recovery during World Cup matches in which the Japanese team was playing. These traffic trends were reported at the major ISPs' backbones in Japan, also. This phenomenon indicates that application behaviors of P2P machines and human activities in major social events could cause a huge impact on the Internet traffic. What does this mean to us network operators? There is a need to consider the possibility that such events could happen when we do network designs or scheduled maintenance work. If possible, we'd like to survey and compare the traffic statistics of other regions at the time of such events and to discuss the issue with operators. Speakers |
RecordingsFull AbstractSpeakers |
RecordingsFull AbstractSpeakers |
RecordingsFull AbstractSpeakers |
RecordingsFull AbstractSpeakers |
Full AbstractSpeakers |
RecordingsFull AbstractSpeakers |