NANOG 87 recap summary

The NANOG 87 meeting took place a few days ago. Excluding the hackathon, it was approximately five hours of content each day for three days. Slide decks for all the talks are on the meeting page and the videos have already been put into the TeamNANOG YouTube NANOG 87 play list. This is a very brief, likely imperfect summary of a few of talks from the meeting. I don’t review all talks, because I simply couldn’t attend them all for one reason or another. There is also of course more to tell about the so-called “hallway track”, which is where a lot more interesting things happen that I do not detail here. You may also wish to take a look at Enno Rey’s NANOG87 blog post.

Day 1

The Future is Now: Delivering the Next Generation Brilliant Network
Elad Nafshi
A keynote by Comcast’s Chief Network Operator kicked off the meeting. The speaker presented a Comcast-specific view of the broadband advances being built and deployed. A handful of attendees recoiled at this presentation as being too much marketing, but if it wasn’t for the playing of an actual commercial partway through, I’m not sure anyone would have cared. By the end, the speaker delved into deployment and monitoring issues, expanded on further with an interesting exchange in Q&A with Jared Mauch.

The Operational Impacts of Supporting a Disaggregated, Distributed, Cloud-based Network Architecture
Aliraza Bhimani
The next talk, also happened to be from a Comcast employee. The main argument here was to replace big chassis router hardware and expensive proprietary line cards with distributed, “pizza box” off-the-shelf hardware that is cheaper and more flexible. In my view, this is just an extension of the ideas popularized by SDN and OpenFlow. The speaker suggested that his white paper, reference [33] in the slide deck, was the place to read about his ideas in more detail.

Uncommon Paths to Beginning Network Automation
Jordan Villarreal
This talk was a sort of call-to-arms, encouraging netops on the road to performing network automation in their environment. The talk was devoid of any specific tools or techniques, but rather laid out some high-level advice, such as how to begin and whether to outsource or not.

Cloud Network Engineering: A Closer Look
Kam Agahian
This talk outlined the definition of a burgeoning class of network engineer, a cloud network engineer. The speaker outlined where this role is typically found and skill sets required. Many of the skills will be common to traditional network engineer roles, but there is the addition of cloud-specific tooling and the lack of certain hardware-specific skills (e.g., data center operations).

Simplified Troubleshooting through API Scripting
Cat Gurinksy
I thought Cat gave one of the better tech talks of the day. She walked through some basics of network tooling using the APIs available in network gear. Her examples were in Python and she presented some real world, practical examples. She also provided some insight into the differences in automating through screen scraping and the API, and focus she places on interface details with her tools. I later suggested she should give a Python for Netops tutorial and she seemed receptive to the idea. If she does, I think that would be very popular and if this talk was any indication, quite good.

Imposter Syndrome in Networking - Overcoming Imposter Syndrome to Further Your Network Automation Journey
Matt Vitale
A layer 8 talk, where the speaker reflects on personal struggles many tech employees face in their own career. The phrase used here is “imposter syndrome”, but it would be synonymous with self-loathing, low self-esteem, and other feelings of inadequacy. The speaker identified common negative thinking and ways to react to it so as not to get trapped into one’s own negativity.

gRIBI - gRPC Service for RIB Injection
Nandan Saha, Steve Ulrich
I was interested in learning more about this talk after seeing the submission (I’m on the program committee). The basic idea here is that gRIBI is an gRPC-based mechanism to alter forwarding tables in routers. I was curious who would use this and why. As I somewhat suspected, one of the main uses was for automated certain types of security mechanisms like a black hole or route diversion for scrubbing. I’m not sure all networks would need this, since traditional BGP-based RTBH mechanisms might work fine, but maybe this adds some additional functionality and control that makes certain tasks like this in more complex environments easier.

Day 2

A Security Practitioner’s Guide to Internet Measurement
Michael Bailey
Michael Bailey recently moved to Georgia Tech from the University of Illinois Urbana/Champaign to take on the role of Professor and School Chair of a new interdisciplinary, permanent School of Cybersecurity and Privacy. He gave a well received keynote to open the day. Full disclosure, I’ve known Michael for many years and on behalf of the PC I solicited and promoted him as a keynote for this meeting. Michael sprinkled his talk with examples and lessons throughout his career and over the past 20 years, with many examples of work presented at earlier NANOGs. He highlighted a number of challenges that are faced in measuring and understanding the Internet from a security perspective.

Assessing the Aftermath: Evaluating the effects of a global DDoS-for-hire service takedown on the DDoS threat landscape
Richard Clayton, John Kristoff
Richard Clayton and yours truly jointly gave an overview of a December 15, 2022 booter/stresser DDoS-for-hire takedown event. The event, led by the FBI, seized control over 49 domain names and arrested six individuals involved in the DDoS-for-hire operations. Richard presented an overview of the DDoS-for-hire services, the takedown itself, and the immediate impact following their demise. Overall DDoS attacks from these services fell by roughly 50%. I then preceded to examine what impact, if any, the takedown had from the perspective of NETSCOUT’s DDoS attack monitoring capability. Our viewpoint differs and therefore identifying the effect is a little more difficult, especially given the time of year at which the takedown occurred, but we surmise we can see some probable correlation between the takedown and a change in attacks.

Lightning Talk: Global Developments in the Internet Number Registry System - February 2023
John Curran
The relative importance of this short lightning talk cannot be understated. John Curran presented a quite sobering update on the legal situation involving AFRINIC. The last time he gave this update, things looked more hopeful, but I felt things were potentially less rosy now and given that there are active challenges in APNIC leadership happening, the threats to the stability of the RIR system seems real and worrying. I wish this issue would get more attention in at least the tech press than it appears to be getting. In a nutshell, AFRINIC is currently “ungovernable” given the lack of a governing board. Operations are getting done, but they are at real risk given the uncertainty of legal outcomes.

Lightning Talk: Keep Ukraine Connected - one year anniversary
Ester Paal
Another sobering talk, this time on the state of the Ukraine Internet and a Global NOG Alliance campaign to help provide support through equipment and funding for the Ukraine Internet.

Lightning Talk: Netops on Mastodon
John Kristoff
Yours truly, in attempts to pitch Mastodon, provided some nudges to help get more netops onto Mastodon. I provided a short list of relevant server instances that may be well suited for netops, a word cloud of some well known netops I follow, and a link to an online form that is helping to build a “bootstrapping” list of net and sec ops/research people that are on Mastodon, making it easier to find one another. I thought I’d get a few naysayers, but all chat and follow I got was positive, suggesting that it is becoming the preferred social media platform for the community already.

Day 3

World Cup 2022 - Analysis of the impact on the Internet traffic and utilization
Agustín Speziale
This talk, mostly pictures, highlighted various major events related to the World Cup, including network activity. We got to see, from a certain vantage point, the popularity of each round and the corresponding amount of traffic compared to trends in the weeks prior and following. The speaker was eager to make sure the NANOG community was ready for 2026, when most of the games will be hosted in the NANOG community’s back yard.

BGP Zombies - Ghost routes as seen by BGP monitoring platforms
Lefteris Manassakis
A phenomenon found in many Internet router tables is the presence of so-called BGP zombies. These are routes that are present in the RIB, but should not be. They are often a result of unexpected link or peering changes, and where an update is not propagated as a result. Lefteris also spent a significant amount of time talking about the monitoring infrastructure he has developed to observe anomalies such as this. The one missing bit is what do you do when you find a zombie? Should netops try to remove them and if so how? These remain open questions.

Enabling Passive Measurement of Zoom Performance in Production Networks
Oliver Michel
I was very impressed with this talk and the work behind it. It consisted of essentially two parts. One was the reverse engineering of Zoom traffic to extract traffic stream features to be used for grouping and measuring traffic. Another was in the actual measurement conducted to give very precise metrics of Zoom meeting performance. I could envision this type of work leading to network-based performance monitors that helps netops identify and address performance problems in live-stream multimedia.

Lightning Talk: My First Professional Conference
Moira Johnson
A moving lightning talk by 18-year old Moira Johnson was one of the highlights of Wednesday. This young woman shared her experience in coming to NANOG and what it was like to be there. She received lots of encouragement and some tearful voices of support for others by the time she was done.

Lightning Talk: Improving the Inference of Sibling Autonomous Systems Zhiyi Chen
Anyone who has tried to work with and automate the processing legacy WHOIS database data has probably come across many examples of inconsistency. This talk talked about inconsistency from the perspective of autonomous systems that occur because of multiple registrations, mergers, and acquisitions. An interesting problem, although probably niche mostly for researchers that are run into when trying to do large data analysis of Internet network measurement.