back to meeting agenda.

Tuesday Meeting Registration
Date/Time 7:30 AM to 5:00 PM
Location Centennial Foyer
back to meeting agenda.
Tuesday Breakfast
Date/Time 7:30 AM to 9:45 AM
Location Capitol Ballroom 1-4
Sponsors
Open Gear
Sedona Systems
back to meeting agenda.
Tuesday Espresso Bar
Date/Time 8:30 AM to 4:30 PM
Location Centennial Foyer
back to meeting agenda.
Members Breakfast (Invite Only)
Date/Time 9:00 AM to 9:45 AM
Location Capitol 5-7
back to meeting agenda.
A reflection of Time Spent at NANOG
Date/Time 10:00 AM to 10:15 AM
Location Centennial Ballroom
Presenters
Speaker
Betty Burke, NANOG
Currently serving as the NANOG Executive Director, responsible for all aspects of NANOG, reporting to the Board of Directors. Previous 37 years of experience serving in technology, business, and management within the Michigan Information Technology Services, University of Michigan, and Merit Network. Proven leadership and experience in development of strategic and operational plans, creation and implementation of marketing campaign for conference center and high tech facilities including a data center, conference and office building, library and campus fiber assets. Proven operational success through project management, along with leadership through community and team building.
Abstract A reflection of NANOG and time as Executive Director
Presentation Files
Video Files
back to meeting agenda.
The Single Source of Truth for Network Automation
Date/Time 10:15 AM to 11:00 AM
Location Centennial Ballroom
Presenters
Speaker
Andy Davidson, Asteroid
Abstract How a single source of truth, expressed as an elegant data model, can operate an Internet business' process and network automation. Many automation presentations to date have considered programming skills/languages a network engineer starting an automation project needs. They concentrate on vendor automation features. The audience learns the Arista/Juniper integration options. Little presented to date explains how an engineer can integrate software relevant business processes or product design. If a network concentrates only on the automation platform facing their network, though the instruction set to manage the network is automated, can the company be said to be automated without integration into the products and rest of the business? When a company extends the scope of the automation project into the product set, sales process, monitoring there are many efficiencies realized: Freedom to provide services by nontechnical teams The speed of deployment of customer services (reduce time to bill!) The accuracy of monitoring systems More customer self-service options Rich API that customers can deploy into their software SLA and outage validation The presentation shows lessons learned to network companies (ISPs, IXPs, content) looking to embark upon an automation project: Why and how to build a data model that can describe your customers, products, and network, teams What normalization is, and why/how to use it Why and how to abstract different layers of technical systems to allow vendor changes/flexibility How and why to use the data model to build systems configurations and monitoring templates How and why to abstract between functional elements (like "ports") and all matters relating to the service on those technical elements How and why to expose parts of it to customers to provide an extra layer of transparency and benefit to your end users How to integrate with data which is in third-party databases The mistakes I made and had to refactor out after launch
Presentation Files
Video Files
back to meeting agenda.
RIFT (Routing In Fat Trees) for Hyperscale Datacenters
Date/Time 11:00 AM to 11:30 AM
Location Centennial DEFGH
Presenters
Speaker
Alankar Sharma, Comcast
As a Sr. Principal Architect with Comcast, Alankar focuses on Datacenter network architecture and strategy with keen attention to scalability, manageability, and automation. He also partners with the research and education communities on projects and participates in industry standard conferences. He has Masters in Computer Engineering from Drexel University, over 13 years of experience in data networks and filed several patents. In the past Alankar held various network engineering positions at AT&T, ADP and Intelligent Currency Validation Network.
Abstract RIFT (Routing In Fat-Trees) is being designed as next-gen routing protocol optimized for leaf/spine architectures, taking advantage of somewhat deterministic network topologies (CLOS) common to hyperscale datacenters. Large datacenters have known challenges with IGP, pushing the engineers towards BGP, which requires enough tweaks and cumbersome configurations, vouching the need for alternate solutions. RIFT also adds autonomous routing, empowering the routers to identify their relative roles and start routing traffic autonomously. RIFT has been gaining attention at IETF. There is a formal RIFT working group formed in the past IETF meeting (London). Juniper, Comcast and Cisco have been contributing heavily towards the specifications. Link to the IRTF draft- https://tools.ietf.org/html/draft-ietf-rift-rift-01
Presentation Files
Video Files
back to meeting agenda.
Segment Routing for DCI
Date/Time 11:30 AM to 12:00 PM
Location Centennial DEFGH
Presenters
Speaker
Muhammad Durrani
Muhammad Durrani is a Sr. Director Global Network Architecture at Equinix. In this capacity he is working with Equinix technology partners in Web scale & cloud Providers market segments. He is veteran speaker with expertise in IP, MPLS , Segment routing, IaaS, PaaS and SaaS technology. Mr. Durrani has co-authored couple of RFCs and hold Dual CCIE (#12521) in Routing & Switching and Service Provider core.
Pete Moyer
Pete Moyer is a consulting engineer at Nokia ION, focusing on Webscale & Cloud providers. He has attended many previous NANOG events (his first NANOG was in 1999) and he has expertise in IP & MPLS networks. He has many years of multi-vendor networking experience; including Nokia, Brocade, Juniper and Cisco.
Abstract Abstract: This talk will cover two talk tracks into a single presentation. First, a technology overview of applicable Segment Routing (SR) components for an IXP network will be covered. Second, a discussion of how this technology is being leveraged in the Equinix Unified Packet Fabric architecture. The first part is not intended to be a complete SR technology overview; it is intended to cover the SR aspects that are applicable to the Equinix use case. Additional Notes: Pete Moyer, Nokia Consulting Engineer will cover the first part of the talk and Muhammad Durrani, Equinix Chief Network Architect will cover the second part.
Presentation Files
Video Files
back to meeting agenda.
Tuesday Lunch
Date/Time 12:00 PM to 1:30 PM
Location Capitol Ballroom 1-4
Sponsors
910 Telecom
F5 Networks
Thousand Eyes
back to meeting agenda.
Women In Technology Lunch
Date/Time 12:00 PM to 1:30 PM
Location Capitol 5-7
back to meeting agenda.
Routing Is At Risk. Let's Secure It Together.
Date/Time 1:30 PM to 2:00 PM
Location Centennial ABC
Presenters
Speaker
Andrei Robachevsky, Internet Society
Andrei Robachevsky is the Senior Technical Programme Manager at the Interenet Society. His primary area of interest is security and resilience of the Internet infrastructure. This work is based on active engagement with the operator, research and policy communities. Prior to joining ISOC, Andrei was Chief Technical Officer of the RIPE NCC, responsible for the deployment of DNSSEC for the reverse DNS tree and deployment of anycast instances of the K-root DNS server. Andrei brings to the Internet Society more than 20 years experience in the Internet technical community. For more than a decade he is actively following Regional Internet Registry (RIR) and Internet Engineering Task Force (IETF) activities. He was Chair of the Number Resource Organization’s (NRO) Engineering Coordination Group (ECG), which is responsible for various technical inter-RIR activities and projects. In 2010-2012 Andrei was a member of the Internet Architecture Board (IAB).
Abstract Stolen cryptocurrency, hijacked traffic blocking access to whole countries, derailing vital Web resources for thousands of people. Routing used to fly under the radar. As long as incidents weren't too bad, no one asked too many questions, and routing security never made it to the top of the to-do list. But these days, routing incidents are regularly making the news, executives are getting nervous, and engineers are under pressure to make sure their network isn't next. The problem is, you cannot secure your own network entirely by yourself. But you can help secure the global routing system as a whole. We have a collective responsibility to ensure a secure routing infrastructure. Mutually Agreed Norms for Routing Security – MANRS – is a global initiative of network operators and IXPs to reduce the most common routing threats. MANRS offers an opportunity for a globally adopted, systemic approach to routing security. This talk will present detailed statistics about what's happening in the global routing system, and offer ways to leverage the MANRS security baseline and demonstrate commitment to the security and sustainability of the Internet. It will cover recent developments, such as launching the new MANRS IXP Programme, aimed at scaling up the adoption of security practices.
Presentation Files
Video Files
back to meeting agenda.
Flowspec for BGP Route Servers at IXPs
Date/Time 2:00 PM to 2:30 PM
Location Centennial ABC
Presenters
Speaker
Benedikt Rudolph, DE-CIX
Benedikt Rudolph is a researcher at DE-CIX since 2016. He participates in several research projects, e.g., funded by the german federal ministry for education and science (BMBF). He actively contributes to the Internet, networking, and IXP community community (e.g., RIPE, EURO-IX, DENOG). Before joining DE-CIX he received a M.Sc. degree in computer science with a focus on IT security from Technische Universität Darmstadt, Germany. His research interests are internet infrastructure as well as Internet measurements and networking technology.
Abstract BIRD is a widely deployed software for BGP route servers at IXPs. The release of version 2.0.2 in March added support for BGP Flow Specification (RFC 5575). While constantly adding new features, the single-threaded architecture of the routing daemon imposes limits on computationally-intensive tasks. This raises questions about scalability and resource consumption, especially for deployments with hundreds of peers and hundred-thousands of prefixes, common at IXPs. In this talk we present a first performance evaluation of BIRD 2.0.2 and test the new Flowspec feature in a close to reality, large-scale IXP deployment. To set the context, we investigate a scenario where Flowspec is used to exchange information about DDoS traffic blackholed on the IXPs switching platform. Ideally this feature would not interfere with routine operation of the route server. To be effective, BGP announcements of blackhole routes need to be disseminated quickly. Therefore we look at the forwarding performance of Flowspec messages in BIRD under various operating conditions. Especially important to us is resource consumption (memory and CPU) as well as practical deployment considerations. In addition to the evaluation of BIRD 2.0.2 we provide reference measurements with the widely deployed and stable BIRD 1.6.4 release without Flowspec support.
Presentation Files
Video Files
back to meeting agenda.
Architecting Robust BGP Routing Policies
Date/Time 2:30 PM to 3:00 PM
Location Centennial ABC
Presenters
Speaker
Job Snijders, NTT Communications
Job is actively involved in the Internet community both in an operational capacity and as a founder of cooperation efforts such as the NLNOG RING. He has taught service providers in the Middle East how to deploy IPv6 and has a passion for Routing Security and Automation. Job holds a position at NTT Communications' IP Development Department.
Abstract What actually makes good routing policies "good"? At NANOG we've mostly focused on teaching each other how to implement one or another BGP feature in our networks, but there has been very little dialogue on how to design robust policies. In this presentation I'll offer a conceptual model to look at routing policy, offer terminology to help discuss routing policy, and analyse routing policy design patterns.
Presentation Files
Video Files
back to meeting agenda.
Lightning Talk: BGP Transport Security - Do You Care?
Date/Time 3:00 PM to 3:10 PM
Location Centennial ABC
Presenters
Speaker
Ignas Bagdonas, Equinix
Ignas Bagdonas is a network engineer.
Abstract How many of you use MD5 for BGP sessions? And for what purpose? Isn’t MD5 authentication really just a longer form of peer identifier – to avoid accidentally establishing a session with a wrong peer? Does MD5 help in preventing route leaks and hijacks? Does your network allow access to internal BGP speaking nodes from outside of the perimeter? How do you distribute MD5 secrets to your peers? How do you change MD5 secrets without tearing down the BGP session? TCP Authentication Option has been around for a while. Is anyone aware of TCP-AO? Do any major vendors implement it? Does anyone care? Why not to run BGP over TLS? Or BGP over IPsec? Or BGP over QUIC? Or why not invent a new secure transport for BGP? Sure, that sounds to be a lot of fun, let’s do that. Control plane security has been a special kind of security for a long time. Indeed there are speciality aspects to it as of the layers above relying significantly on the proper operation of the control plane, and often transports used for control planes are not too common ones. IETF has been working on control plane security for a noticeable period of time, there was a dedicated KARP working group and protocol-specific working groups had their individual initiatives on security aspects. However the world still uses MD5 for BGP. KARP WG got shutdown after a long struggle to produce anything. Is this the question of education, or the lack of it to be precise? Is the problem of peer authentication solved in some other way? Is there a problem at all? Do we need to spend time on spreading the word on what control plane security is and why it is important? Is there a problem at all – given sufficient network operational hygiene and proper network design, do we need control plane security as a separate entity as such? Is there a need for having inbuilt transport security mechanisms into BGP protocol itself?
Presentation Files
Video Files
back to meeting agenda.
Lightning Talk: Legal Barriers to Securing the Routing Architecture
Date/Time 3:10 PM to 3:20 PM
Location Centennial ABC
Presenters
Speaker
David Wishnick, University of Pennsylvania
David Wishnick is an Academic Fellow at the University of Pennsylvania Law School’s Center for Technology, Innovation, and Competition. David’s scholarship focuses on the interactions between law and technology in shaping commercial transactions and business forms. Before joining Penn, David practiced at Jenner & Block LLP in Washington, DC, where he advised clients in the finance and communications industries. Prior to joining Jenner, David clerked for Judge Guido Calabresi of the U.S. Court of Appeals for the Second Circuit and Judge Thomas B. Griffith of the U.S. Court of Appeals for the D.C. Circuit. David holds a J.D. from Yale Law School and an A.B. magna cum laude from Brown University. He was born and raised in Chicago.
Abstract This short presentation is meant to solicit NANOG community feedback on one aspect of Internet routing: the adoption of the Resource Public Key Infrastructure framework to increase the security of routing announcements. RPKI promises to reduce the widespread costs that mistaken and malicious routing announcements impose on network operators and their customers. Yet adoption rates are low—especially in North America. Why has RPKI adoption been more widespread in Europe and Latin America than in North America? Are there legal barriers to adoption that might be surmounted? I am part of a team from the University of Pennsylvania Law School that is conducting interviews across the routing community to better understand the barriers to RPKI adoption. Ultimately, we will produce a report aimed to stimulate discussion and action. Before doing so, we are interested in hearing from anyone in the NANOG community who has experience with RPKI, procurement of similar services, or simply is interested in the subject. Our work is funded by NSF Award #1748362, Legal Barriers to Securing the Routing Architecture.
Presentation Files
Video Files
back to meeting agenda.
Lightning Talk: Submarine Cable Status Map
Date/Time 3:20 PM to 3:30 PM
Location Centennial ABC
Presenters
Speaker
Mehmet Akcin, Kapany Networks Inc.
Mehmet is currently working on changing the way network, datacenter and infrastructure architecture, strategic sourcing and engineering is done! By streamlining the planning and procurement process we are here to help both vendors and companies who need capacity. He is also working on something else which is much more cooler but not going to be writing here until it is launched, so watch this space or @mhmtkcn twitter/github. I live to eat good food. My passion is to open a restaurant when I retire. I have been to 300+ Michelin Starred restaurants. Angel Investor for farm-to-table, farm-to-house and FarmTech startups!
Abstract We are all aware of the amazing www.submarinecablemap.com which we use many times planning our network and various other reasons. I am putting together with my own financial and personal efforts a map which shows the operational status of the map. https://map.kapany.net is available for people to visit and see this information. We are looking for developers to help with granting access to map or source data for NOCs, Carriers to update the status themselves and various other reporting people in the industry requested such as Total capacity per segment, etc.
Presentation Files
Video Files
back to meeting agenda.
Tuesday PM Break
Date/Time 3:30 PM to 4:00 PM
Location Centennial Foyer
Sponsors
Bluebird Network
IPv6 Taskforce
LightRiver Technologies
back to meeting agenda.
EVPN for Everyone Else - Evolved Campus Core
Date/Time 4:00 PM to 4:30 PM
Location Centennial ABC
Presenters
Speaker
Vincent Celindro, Juniper Networks
Vincent has nearly twenty years of experience architecting, deploying, operating networks and challenging the norm. He started his career at Northwestern University, where he was one of the pioneers running an MPLS/VPN network in a university environment. Vince currently is an Architect at Juniper Networks, where he travels around the country helping well-known organizations ranging from Mega/Hyperscale datacenters, tier2/3 service providers, the largest Colo-facilities globally, Higher Ed, retailers and online gaming companies – architect, maintain and advance their networks to support their respective services today and for the future. He is a mentor, and always willing to share his knowledge/experiences to help improve and progress the craft of Network Engineering. Network \R\evolutionist (JNCIE #69/CCIE #8630)
Abstract Today when you hear someone talk about EVPN/VXLAN it's more than likely in the context of a DataCenter. This session will address another use case and a novel way of leveraging EVPN/VXLAN. Everybody has a campus network. Enterprises, Service Providers as well as Data Centers, be it servicing a handful of employees at a remote datacenter, maybe thousand plus corporate users in a single building or split across multiple buildings/regions. Consider not only users but the various IOT connected device as well (VoIP, Building Automation …) – what are the challenges, what are the concerns that campus networks have faced since the very beginning. The underlying campus network architecture has not changed since the early 2000s. You will learn the similarities between the Datacenter and the campus, how to leverage the benefits of EVPN/VXLAN to address some of the leading campus challenges all while improving security.
Presentation Files
Video Files
back to meeting agenda.
Packet-Level Network Analytics without Compromises
Date/Time 4:30 PM to 5:00 PM
Location Centennial ABC
Presenters
Speaker
Oliver Michel, University of Colorado Boulder
Oliver Michel is a fifth-year PhD candidate in Computer Science at the University of Colorado Boulder. He is working in the Networking and Security Research Group (NSR) advised by Professor Eric Keller. Oliver received a Bachelor’s degree in Computer Science from the University of Vienna, Austria advised by Professor Kurt Tutschku in 2013 and a Master’s degree in Computer Science from the University of Colorado Boulder advised by Professor Eric Keller in 2015. During his undergraduate studies, he spent one year at the University of Illinois at Urbana-Champaign working with Professor Brighten Godfrey. Oliver's research interests span most areas of Computer Networking, and in particular, software-defined wide-area networking, packet-level network monitoring, programmable data planes, and low-latency networking. Oliver worked as an iOS Software Engineer for two years at Tupalo.com in Vienna, Austria and recently interned as a WAN Automation Engineer at Juniper Networks.
Abstract Network analytics has been a key component of network management for decades. As we look to integrate more intelligence, whether for increased security or to better handle the emergence of new applications like IoT, we need more information from the network and better tools to process the information. Traditionally, network monitoring and analytics systems rely on aggregation (e.g., flow records) or sampling to cope with high packet rates. This has the downside that, in doing so, we lose data granularity and accuracy, and in general limit the possible network analytics we can perform. Recent proposals leveraging software-defined networking or programmable hardware provide more fine-grained, per-packet monitoring but still are based on the fundamental principle of data reduction in the network, before analytics. Even today, modern network analytics system are still incapable of efficiently processing the deluge of information available with fine grained information. In this talk, we present our work to drastically increase software performance for analytics, and to leverage modern programmable switches to generate per-packet information at Terabit line rates. We will present our system which is a complete network monitoring solution that provides insight into every single packet at data center scale traffic rates. Our system consists of a hardware-software co-design leveraging programmable forwarding engines for telemetry and modern parallel programming techniques for analytics. Our system is able to collect and analyze packet records at terabit speeds for 10s of millions of packets per second per application. These applications can easily be parallelized and scale almost linearly with CPU core count. Analytics applications can be written in standard C++ code and can dynamically scale at runtime.
Presentation Files
Video Files
back to meeting agenda.
"Multicloud" - the next generation cloud infrastructure
Date/Time 5:00 PM to 5:45 PM
Location Centennial ABC
Presenters
Speaker
Jacopo Pianigiani
Deepti Chandra
Abstract So, what are data center networks really built for? Short answer "applications". Whether it is a public cloud provider, private enterprise, FSI or telco cloud - the nature of applications across each data center type impose a different set of demands on the underlying network infrastructure. A next generation architecture is one that is versatile yet modular enough to address these different application needs, whether these are HPC and Big Data, legacy or real-time content. A common architecture goal is for a unified and consolidated network design that can leverage standardized technology attributes and can integrate a versatile workload environment be it high performance bare metal servers to a microservices enabled container environment. This tutorial is aimed at an in-depth structured understanding of data center business and technical requirements and how EVPN-VXLAN constructs serve as a swiss-knife approach to achieve the same. Practical case study examples that translate theoretical concepts into building blocks for designing and automating multi-tenant data center deployments. Explore how a unified technology solution can help build a network that grows with increasing east-west traffic, seamlessly connects with the backbone for north-south communication while leveraging familiar protocol concepts to achieve security insertion. We will also go over operator issues with traffic optimization, multicast and BUM traffic handling and other common pitfalls. A final step would be to define requirements for a cohesive solution using a centralized controller that enables a data center network operator to leverage the same degree of agility and visibility for both the physical network and the application infrastructure to truly build a software-defined data center.
Presentation Files
Video Files
back to meeting agenda.
Beer n Gear
Date/Time 6:00 PM to 8:00 PM
Location Centennial Ballroom
Sponsors
Adva Optical Networking
Arbor Networks
Arista
China Telecom
Ciena
Cisco
Corero
Coriant
Fujitsu
Hilco Streambank
Imperva
Infinera
Juniper Networks
Kentik
Nokia
Packet Design
Precision Optical Transceivers
Serro
Telia Carrier
VIAVI Solutions
Windstream
back to meeting agenda.
Tuesday Evening Social Event
Date/Time 8:00 PM to 11:00 PM
Location Cowboy Lounge
Abstract Time: 8:00pm - 11:00pm Location: Cowboy Lounge Address: 1941 Market St. Denver, CO 80202 **Picture ID required for entry** AND **NANOG Badge required for entry**
Sponsors
Facebook
NANOG
Zayo
back to meeting agenda.