This presentation will present the major issues of typical existing Governments and Enterprise networks that need to be considered when deploying IPv6 and will depict the 12 steps needed to correctly approach the project.

Routing security is on the move, things are looking up! So, what changesto routing security are in the pipeline? What will happen in the next 18months? In this presentation we cover updates from around the world andthe role of RPKI - the future is bright!

Since the late 1990s, projects like RIPE NCC RIS and Route Views are collecting BGP data to monitor the inter-domain Internet evolution.During the last years the amount of data collected has increased greatly, mostly due to the introduction of new route collectors (e.g.PCH, Isolario), new BGP feeders, new BGP extensions (e.g. Multiprotocol RFC4760, ADDPATH RFC7911) and, of course, due to the natural growth of the Internet.

Most of the MRT-BGP data reader were designed when the amount of data available was smaller, and as a consequence are not able to perform efficiently with current datasets. Moreover several of them do not support most of the BGP extensions introduced in time usually because they are not properly maintained and updated.

In this presentation it is proposed to the APRICOT community BGP scanner, a new open source MRT-BGP data reader and C library implemented at IIT-CNR, which is exploited in the Isolario project. To the best of our knowledge, BGP scanner outperforms all the MRT-BGP data reader freely available online, in terms of speed and memory consumption.

It is well known that there are network traffic flows which consumeconsiderably more network resources than others, and such a flow isknown as a heavy-hitter (HH). The appropriate detection and managementof HHs are critical for maintaining network performance, presentingcritical network challenges. Yet, HH detection has been reduced to theuse of a threshold, i.e., if the flow exceeds a previously set thresholdvalue, the detector determines that the flow is an HH. To the best ofour knowledge, there is no uniform definition of the threshold value. Inthis study, we take advantage of the tools provided by machine learning(ML) for data analysis, that can categorise the flows into trafficclusters, where each cluster has different flow characteristics. Thispresentation outlines the methodology, a visualization of the relevantattribute statistics that aid in recognising cluster types and outlinehow the scheme can be implemented in a real network. We conclude with adiscussion of ongoing and future work.

A number of DNS software and service providers have announced that we will all cease implementing DNS resolver workarounds to accommodate DNS authoritative systems that don't follow the EDNS protocol. Each vendor has pledged to roll out this change in some version of their software by the Flag Day.

Domains served by DNS servers that are not compliant with the standard will not function reliably after February 1, 2019, and may become unavailable.

If your company's DNS zones are served by non-compliant servers, your online presence will slowly degrade or disappear as ISPs and other organizations update their resolvers. When you update your own internal DNS resolvers to versions that don't implement workarounds, some sites and email servers may become unreachable.

This talk will cover the background of the changes, potential affects on Internet users/providers and testing methodologies to ensure minimal impact.

We are very aware of the extent to which our online profile is being collated, analysed and monetised. The DNS can be a major source ofactivity profiling. The DNS architecture is open, chatty, and promiscuous, which seems very anomalous in this day and age. However, the DNS picture is changing and steps are being made to improve the privacy-protecting properties of name resolution. This presentation surveys the current efforts to improve the privacy of the DNS.

Having a need to inform network operators of an impending change thatcould affect many, the RIR registration databases were consulted forcontact information. The experience is described along with somecommentary on the process.

Fukuoka University's NTP service continues to suffer from access overload from clients throughout the world. We are currently undergoing preparations to cease the service, and in this task after analyzing various types of traffic, we discovered the 1.1.1.0/24 request. In this session I will discuss the origin of the request and results of our analysis.

During the 2015 BlackHat conference, the authors presented an approach which makes it possible for an arbitrary attacker to use vulnerabilities in the Border Gateway Protocol to obtain fraudulent certificates, recognized by browsers as valid ones, for Web sites an attacker couldn't otherwise control.

As a result, the overall security of Internet PKIX, which we all rely on daily while browsing our favorite social networks and banking systems, was shown to be at risk.

Plenty of time has passed since August 2015. Researchers were digging into the issue, certificate authorities kept an eye on it, changes to Internet protocols were designed and implemented, and black hats started to exploit the method after all.

As it is now almost four years after the discovery of the initial issue, it's a good time to examine the outcome: what has been done, what's yet to be done and how long does it take for the Internet community to amend an Internet protocol even for the greater good.

LinkedIn has been on a journey to support IPv6 everywhere since 2012. It started first with email, quickly followed by the website. We have seen tremendous growth in the region, for instance in India and China. But the transformation to support IPv6 is not limited to our external services, we have started to transform our internal network, offices, data centers... The goal is to deploy IPv6 everywhere but, more important, to remove IPv4.

This presentation shows the challenges we faced, the ones we are still facing, and will provide some tips and recipes if you are on the same journey.

Most route server instances at internet exchanges (IXPs) perform prefix filtering based on route/route6 objects published by internet routing registries. The data quality of these IRRDB objects is often poor, with problems relating to missing, stale and incorrectly duplicated information. Resource holders often have difficulty correcting this information due to the object sets being decoupled from the RIR resource assignments.

RPKI is a public key infrastructure framework designed to secure the internet's routing infrastructure in a way that replaces IRRs with a database where trust is assigned by the resource holder. There are still issues: the database has only a fraction of the prefix coverage as IRR databases do and there is no implemented support for features such as AS-SETs. We are now in a multi-year transition from IRR to RPKI while these issues are solved.

In the presentation, we propose a best-practice integration of RPKI into the current IX route server context which still includes IRR support. We will present the development work we have completed with IXP Manager to support RPKI and discuss our experiences at putting this live at INEX.

In 2009, we presented results from a large scale, multi-year study ofglobal Internet traffic across 110 providers and 200 Exabytes ofcommercial traffic. This original study found significant changes ininter-AS traffic patterns, an increasing consolidation of "HyperGiant"traffic volumes and an evolution of provider peering strategies.

In this talk, we revisit our work from a decade ago with an in-depthlook at the changes to traffic patterns, content delivery and Internetpeering across more than 50 providers around the world. We show howcloud, IoT and significant changes to interconnection strategies areimpacting networks in North America, Europe and Asia.

An overview of QR codes, what makes up a QR code, and some Proof Of Concept on ways that it can be used, maliciously or otherwise.

The presentation discusses the use of QR Codes and where it could be used maliciously. Including a review of Kali Linux and the Social Engineering Toolkit to send phishing emails. Then demonstration of the QRLJacking toolkit to hijack a whatsApp login.

Then finally looking at the technical specifications of QR codes and how to reverse engineer a QR Code.

LoRa is one of a handful of new Internet of Things radio protocolsdesigned for low power, wide area networks. It trades speed forrobustness, and its small messages can penetrate both literal & urbanjungles. LoRaWAN is an open set of protocols using LoRa to create an IoTnetwork with multiple layers of encryption and mobility. This talk willprovide a technical introduction to the protocols aimed at networkoperators.

New optical technologies are driving a transformation in metro networking. Open line systems enable best-in-class equipment deployment. Optimized ROADM solutions are enabling deployment simplicity, space and power efficiency, and low first-in-cost. Next-gen coherent solutions are revolutionizing metro capacity-reach options delivering significant cost savings and service flexibility.

This is an updated version 2 of my old talk about appearance of AS1, AS2 and AS3 in the routing table. It covers a check of their appearance as well what can be done to both at network operators end as well as IXPs to prevent that.

NetFlow provides network administrators with a method of letting theadministrator determines what passes thru the network. The ELK(Elasticsearch, Logstash, and Kibana) stack is a set of tools foringesting, storing and visualising massive amounts of data. Putting theNetFlow into ELK, can provide engineers with detailed information on theorigin and destination of network packets via visualisation tools,costing and usage pattern, it also can generate automated alerts onsecurity anomalies.

We have worked in the last few years to grow our global footprint at afast pace, building POPs and deploying Caches to connect to multipleISPs around the world so People can access content reliably and with thebest performance. Part of providing the best performance is to beprepare to continue providing access to Facebook's family ofapplications during disasters with zero impact to Users.

This presentation provides an overview of the importance of beingprepared for a major disaster on the Edge of Facebook's network, thatcould impact Peoples' experience, focusing our efforts on having anunderstanding how our infrastructure would react under thesecircumstances and defining the metrics, tools and improvements needed.

This talk will present SDN/ONOS-oriented computing, storage, networking orchestration architecture and its system implementation based on location and load aware virtually dedicated container networking. With a new container network interface (VDN-CNI) implemented, the system integrates containerized service resources using Kubernetes and wide-area virtual networking resources using virtually dedicated network (VDN) application on KREONET-S which is an ONOS/OpenFlow centric SDN-WAN infrastructure for R&E community in South Korea. The location and load aware orchestration system allows KREONET-S users to dynamically and rapidly manage their demanding containerized computing and storage resources coupled with high-performance virtual networks (VDNs) activated for high speed, low or zero packet loss and optimum end-to-end (or edge-to-edge) latency.

The orchestration system architecture has several key components such as orchestrator, container manager (Kubernetes), virtual network manager (VDN application), SDN controller (ONOS), and OpenFlow network devices and service resources which are deployed in eight distributed network centers in Korea (5), USA (2), and China (1). In the architecture, orchestrator intelligently decides the nearest service location to the users after receiving their service requests, by considering the load (e.g., CPU, memory, and storage usage) and VDN status information acquired from container manager and virtual network manager. Here, container manager works on k8s pods management in association with VDN-CNI which is designed to connect the provisioned pods to ONOS/VDN in a way of allocating either shared or dedicated networking for each pod. Eventually orchestrator communicates with virtual network manager to provide the requested complete set of service resources for users through manipulating virtually dedicated networks into being composed of (distributed) service pods, user end-hosts, required network gateways, and proper virtual network functions such as vDHCP and virtual network access controls (vNAC).

In this talk, the implemented orchestration system components and functions will be presented and demonstrated using a distributed k8s testbed over KREONET-S, with the overall architecture described in detail.

This is a 30 minute presentation describing the history and current state of the DNS's system of Root Service.

The presentation begins with a dramatic telling of the history of the DNS root server system. It shows how and why the system ceased evolving in 1997, now almost 22 years ago.

The presentation then talks about a significant effort to get the DNS Root Server system to evolve again, involving a new governance model for root service.

Next the presentation talks about threats to the root server system, outlining technical, economic, and political challenges. It gives mitigation options for these threats, and in doing so, introduces a new form of root service that ICANN is proposing: hyperlocal

This presentation will review the year 2018 in terms of the growth inthe routing system and the update stability of the eBGP routingenvironment. The data will be used to generate some predictions aboutthe future growth of the routing system.

A recent surge in interest in datacenter routing has instigated a flurryof activity in the IETF and other standards bodies and in the communityat large. Datacenters have of late been leveraging BGP for underlayrouting, largely due to Link State IGP flooding and scaling concerns,and in order to better control policy. This talk aims to outline thevarious approaches and their individual aims, potential benefits, andpossible drawbacks. The goal is to inform the community of the state ofplay in this exciting area.

Since 2011, the five RIRs have been offering Resource PublicKey Infrastructure (RPKI) systems, aimed at making Internet routing moresecure and reduce the risk of BGP hijacking. These systems allow membersto log into web-based portals to request an RPKI certificate and use itto publish Route Origin Authorization (ROAs). In the hosted setupcertificates, and keys, and signed products are all kept and publishedin the RIR infrastructure.

However, four out of five RIRs also allow members to run their own RPKIinfrastructure as a so-called Delegated RPKI Certificate Authority.LACNIC as the last RIR not to provide this option yet, is committed tohave this functionality available by the end of 2019.

While a hosted set-up serves many small ISPs well, there may be goodreasons to run your own infrastructure instead. Possible use cases existfor:

• Operators who require easier RPKI management that is integrated withtheir own systems in a more streamlined way
• Operators who are security conscious and require that they are theonly ones in possession of the private key of a system they use
• Operators who want to be operationally independent from the parentRIR, such as National Internet Registries (NIRs) or Enterprises
• Operators of global networks may wish to operate a single system,rather than maintain ROAs in up to five web interfaces.

However, running your own CA comes at a cost. The talk will discussthese as well as possible mitigation strategies. For instance, providingthe necessary availability can be managed by outsourcing publication toa cloud service provider.

Finally, the talk will look into existing and upcoming options fordeploying a CA.

At the end of the talk, interested users will have a betterunderstanding of which choice is best for their organization.

Cloudflare runs a large anycast network, with over 150 deployments worldwide. Deployments of this size come with their own unique set of difficulties and challenges. One of the bigger challenges is a global change to the anycast routing. Minor mistakes or delays might have an enormous impact, as traffic can shift globally, overwhelming a single location with requests that really shouldn't be there. In the past, the network team at Cloudflare made the decision to add prepends to our prefix announcements.

At the time, this was a reasonable decision, that actually made the anycast network work as expected. These prepends had their use then, but are no longer a required piece of configuration, and haven't been for a long time. As some of you will realise, changing this piece of configuration could lead to massive problems while the change is being rolled out like overloading single locations, or overloading individual transit pipes.

As the first Root DNSSEC KSK rollover comes to a close, a quick review of where the project stands and a look at the lessons learned - so far.

Talk on how Traffic Engineering is done in LinkedIn Backbone network, including learning and improvements done over a period. The presentation covers how to optimize Traffic engineering, so that efficiency of link utilization can be improved, also reducing the operational overhead.

Every computer has a local clock that tells the time. But how accurate is this clock? The presentation takes a quick look at time and the Network Time protocol and then describes an exercise in measuring time accuracy across the Internet and makes some conclusions as to how well time is synchronised across the Internet.

Operating IX in India has many challenges on many levels. This presentation highlights those challenges.

Over the last year Euro-IX has been leading the IXPDB project. This isthe only automated database where IXPs control and can publish theircomplete member list. The database is now live and we are working onbuilding tools around that to help IXPs and Networks find informationabout each other.

Today we have 79 IXP exporting this data to the IXPDB, I hope to createawareness to encourage and motivate more IXPs to go down this route sowe can have some reliable data for the community.

This talk will include:

• Quick History of the project
• The IX-F JSON Member List
• Euro-IX tools now available
• A roadmap of new tools coming in 2019
• What the community can do to help.

I also hope to get feedback from the attendees on new ideas and tools they'd like to see.

This presentation will talk about why these new cable systems will provide critical infrastructure for meeting the future growth in collaborative research and transnational education between Australia and our Asian partners.

The experience on setting up of SLT-IX and the current status of SriLankan Internet exchange. Transforming local competitors into peers forthe objective of improving local internet experience in the country.

Located at the border between Singapore and Malaysia, Johor Bahru is not only the second largest city in Malaysia, it is also the gateway to most traffic between Singapore and the Indochina region. The Indochina countries, with its populations among the most ardent Internet users in the world, have seen tremendous Internet traffic growth over the recent years. This put Johor Bahru an increasingly important gateway for OTT players to reach the Indochina eyeballs. This presentation serves to explain how the OTT and eyeball players can take advantage of JB to improve cost and network efficiency.

ISPs often seek capital for "growth," but understanding your specific needs and stage of company lifecycle is critical to obtaining the right financing. The presentation will provide an overview of ISP financing options and key considerations for financing network expansion.

This BoF will merge whisky, food, music played by the DJ's In Tech andt-shirts, to bring participants together to actively sign RPKI ROA's.

With ever growing routing related incidents happening on daily basisthere is a need to have an open and candid discussion among the networkoperators community to find the possible way forward. To address this Iwould like to propose a Routing Security BoF, where operators can sharetheir approach in securing their own infrastructure and keeping theinternet routing table clean as well.

Also, this will provide a platform to discuss how operators are lookingat RPKI and what are the roadblocks and will try to find out if anyonehas implemented ROV.