The NANOG 82 meeting took place earlier this week. It was approximately five hours of content each day for three days. Slide decks for all the talks are on the meeting page already and the videos are due to appear next week on the TeamNANOG YouTube channel. This is a very brief, likely imperfect summary of the technical talks from the meeting.
Day 1
Evolution of Network Automation at Roblox
Mayuresh Gaitonde
Case study of how an massively multiplayer online game company addressed
the limitations they were experiencing with their existing Netbox
API-driven, Ansible configuration management, Slack-based alerting, and
Influx-based monitoring infrastructure.
IPv6: More than Meets the Eye
Nick Russo
A deeper look at how IPv6 does things IPv4 cannot do or cannot do easily
as scale. The talk is drawn primarily from the Secure Network
Tunneling Using 6rd and Cisco
GETVPN white paper, the Scaling
CSfC Mobile Access using DHCPv6 Prefix
Delegation white paper, and Nick’s
IPv6 Tools GitHub
repository.
Tracing DDoS End-to-End in 2021
Craig Labovitz
Based on Nokia’s findings this talk makes at least two arguments. One,
most DDoS attacks can be filtered at intermediate routers based on
distinct and often unlikely packet fingerprints. Two, the majority of
spoofed traffic (the author uses the term IPHM = IP header modification)
originates from less than 50 hosting providers or regional ISPs.
Gatekeeper: first open source DDoS protection system
Cody Doucette
A look at a distributed admission control and policy enforcement project
to reduce unwanted attack traffic. Uses a suite of open source tools
that will selectively announce BGP routes in key aggregation points on
distributed Linux servers before proxying allowed traffic to the
ultimate destinations. The
Gatekeeper GitHub page has
more detail and code.
DNS Evolution
Geoff Huston
A critique of the current state and direction of the DNS in Geoff’s
inimitable style. Focus is on three distinct areas where changes have
occurred or are beginning to. This includes the addition of
authenticity (i.e. DNSSEC signing and validation), application
rendezvous optimizations (e.g. application-specific RR types, EDNS
client subnet extension), and privacy enhancements (e.g. QNAME
minimization, DNS over HTTPS).
Day 2
Enhancing PING and TRACEROUTE
Ron Bonica, Andreas Roeseler
An overview of Linux and JUNOS implementation enhancements to ping and
traceroute output interface-specific status otherwise inaccessible
(e.g. unnumbered interfaces). These capabilities are not enabled by
default in JUNOS equipment and can be limited to specific probe source
stations.
Keynote: The Evolution of the Interplanetary Internet
Vint Cerf
A brief tour through the design and considerations of delay and
disruption tolerant protocols for inter-planetary communications. Watch
the video to realize these are not just through experiments, but ongoing
work. Also be sure to watch through to the Q&A where Vint is briefly
interrupted from an unexpected caller.
Applications of Segment Routing Flex-Algo and BGP Classful Transport
Julian Lucek
I missed this talk. It was a follow-up to an Flex-Algo talk given at
the previous NANOG. This talk discussed applications and use cases for
the technology.
Security of Alerting Authorities in the WWW: Measuring Namespaces, DNSSEC, and Web PKI
Pouyan Fotouhi Tehrani
I missed this talk. This is a research talk that evaluates the
deployment of authenticity mechanisms such as X.509 certificates and
DNSSEC at various alerting authorities (e.g. government law enforcement
agencies, registrars).
No it wasn’t a hijack
Aftab Siddiqui
This talk characterizes and highlights a long-standing, but little known
BGP routing table phenomenon where some routes have had an unexpected
single-digit ASN in the AS path. This appears to be the result of a
common misconfiguration on Mikrotik routers.
Day 3
NOG in a Box - So you want to start a NOG?
Vincent Celindro, Tom Kacprzynski
The authors share their experience and wisdom organizing a localized
network operators group (Chicago’s CHI-NOG) so that others interested in
forming one in their own area have a framework from which to adapt.
Disaggregated routing gets real in Deutsche Telekom
Carsten Michel, Hannes Gredler
Case study of DT’s largely distributed and disaggreated broadband SDN
architecture in lieu of what might have historically been a
chassis-based design.
Tenant Networking in Public Clouds: Do We Still Need Networking Engineers?
Ivan Pepelnjak
Presents a set of considerations, differences, and challenges faced when
building network services in one or more cloud providers. For example,
will all your layer 2 tunneling, monitoring, and routing tricks work in
the cloud? Hint: probably not.