Subsea networking for non-physicists
- Beatty Lane-Davis
This talk covers the basics of what goes into building subsea cables and how they're laid from coast to coast. It explains how the cables weredesigned to accomodate 10G waves and further describes how that complicates life for 100G waves. To explain the differences between the two and I include a solid primer on coherent transmission. With this information we dig into why the design of cables changed in the last 10 years to optimize for coherent transmission. Finally we look at modern improvements being made to coherent modem design to maximize performance on wet plants and consider how the design of the wet plant is changing again with modern cable builds.
This paper is our historical and operational experience and including how we were fighting internet asymmetric routing, how we solved latency issue using by BGP community.
The tutorial covers deployment guidelines for 464XLAT/NAT64 in Operator and Enterprise Networks.
The success of Segment Routing in the realm of SDN does not need any further introduction. A question many network operators struggle with however, is about the most optimal size of Segment Routing Segments, the data-plane segment encoding and the actual industry standardization maturity.
During MPLS World Congress 2019 the presentation comparison of Segment Routing Data-plane Encodings caused a wave of new Segment Routing encoding paradigms optimizing native IPv6 data transport.
This session will compare the various data-plane encodings of Segment Routing (SRoMPLS, SRv6, SRv6ng, SRv6+ and SR-over-UDP) and provide a technological comparison between those associated Segment Routing encodings. The session will discuss the requirements and benefits of Segment Routing in the domain of 5G and the hyper connected world, where it is business critical to have deterministic guarantees to connect subscribers and customers with both virtual and physical value add services using IPv4, IPv6 and MPLS data-plane encoding.
Key learning points:
Understand the various options of Segment Routing Encapsulation
Learn the structure of each data-plane encoding
Learn how Segment routing can deterministically connect subscribers with value services
Understand the pro's and con's of each data-plane encoding
Understand the security implications of each data-plane encoding
Most network operators today face the challenge of having to be capable of performing the lawful interception (LI) of digital communications and delivering the intercepted traffic to law enforcement agencies in real-time.
However, the commercial solutions for LI that are offered by the usual vendors are prohibitively expensive and are sometimes fail to meet the legislated standards. For smaller operators, meeting one's LI obligations can feel like being stuck between a rock and a hard place: the commercial options are too expensive, the penalties for non-compliance are too onerous and the prescribed standards for LI are too complex to implement something in-house.
In this talk, I will present OpenLI: an open-source ETSI-compliant lawful interception system that makes it possible for small and medium-sized operators to meet their LI requirements without going bankrupt. OpenLI has been developed as a collaboration between the University of Waikato and a consortium of New Zealand ISPs, specifically to allow ISPs in a similar situation to have a viable alternative to vendor LI solutions. This talk will cover the history of the OpenLI project, explain the challenges of implementing LI in software, describe how OpenLI works in practice and announce the current state of the project.
More details on OpenLI (including links to the current released version) can be found here
This presentation is an examination of IPv6 adoption observed on Internet Exchanges. This version of the presentation is prepared for APRICOT and includes IPv6 adoption data and analysis for the APNIC region.
Thomas will describe in detail the structures inside optical transceivers. A Transmitter / Receiver Optical Sub Assembly (TOSA /ROSA) is no longer just a diode in a housing handling the light path to and fro to the fiber. The performance increases from 10G to 100G onwards to 400G - are not only giant steps in bandwidth there are matching leaps in manufacturing.
How did the optical industry players around the globe make it possible to squeeze everything into the tiny form factors we see today? It is all about precision - a microscope with a calm and competent hand is no longer sufficient, now it is about; nano tolerances, testing, complex transceiver firmware and a shed load of money.
This is the high precision optical mechanical engineering revolution which fuels the hyper growth of data centers and optical networking worldwide
If you face design issues with your current optical network design Thomas will give insights into the latest 40G to 400G transceiver developments (e.g. long distance 80km) which you can expect to see in the upcoming months. Hopefully this might save you some headaches.
As a small one more thing Thomas will dive into the basics of how FEC compensates for errors caused by PAM4 modulation.
In this presentation, I will provide overviews of and key points about recently published IETF RFCs that are relevant to network operators. I will also highlight some Internet Drafts that may also may be of interest.
Ever since its inception in the late 80s, BGP has performed impressively in its role of maintaining the inter-connectivity of the Internet. However, when the Internet began, there was no need to bake trust into the routing layer, as all operators could stand in a single meeting room.
Nowadays, we could be peering with thousands of organisations at peering points on multiple continents. With the growing prevalence of accidental or malicious behaviour in the cyber space, how do we trust that the routing information we're being sent is correct? RPKI aims to bring some measure of trust back into our routing inter-connects.
This talk will present the decisions made, steps taken, and infrastructure built to enable RPKI route validation on the REANNZ border. It will show that although RPKI is not a complete solution, it has value and is operationally simple and inexpensive to set up.
The Internet's routing foundation has cracks, and they are growing. Not a single day goes by without dozens of incidents affecting the routing system. Route hijacking, route leaks, IP address spoofing, and other harmful activities can lead to DDoS attacks, traffic inspection, lost revenue, reputational damage, and more. These incidents are global in scale, with one operators routing problems cascading to impact others. Mutually Agreed Norms for Routing Security (MANRS) is a global initiative, supported by the Internet Society and a number of NRENs like AARNet, that provides crucial fixes to reduce the most common routing threats.
The presentation is about the recent deployment of ROV at the National Data Center (NDC) in Bangladesh. Since, NDC was the first in BD to drop invalids, some background work had been done to realize the impact of it for the end users. The activity involved building awareness on RPKI ROA among the ISPs and other network operators in the country. The presentation mostly highlights this activities.
Moore's law continues to track. In the world of coherent transmission that means the DSP's that drive long-haul transmission are getting smaller and smaller. In the next year we're going to see pluggable 400G modules with the capability of running long-haul distances.
What does this mean for networks? Is there a need going forward for an optical switching layer and a packet switching layer? Have we reached a turning point in the economics of networking which will re-shape how we build networks much in the same way MPLS did at the beginning of the century?
Over the last 2 years, Telstra has constructed and become the System Integrator for a common NFV infrastructure based on Open-Standards
Why did we do this?
How does it work?
What is it like to operate?
We are also looking closely at adopting this methodology, along with other emerging technologies for Edge. In this presentation, we will describe the architecture for this solution, our operational experience, and present our thoughts around how the industry and our solution will evolve moving into the future.
With the advent of 5G and proliferation of cloud deployments, the scale and complexity of IP and transport networks have become too onerous for manual OAM approaches.
Managing a network today requires more than just multi-layer topology discovery, it demands a model driven, automated approach that includes IP routing that is aware of the transport constraints such as share risk link groups and latency.This presentation describes the evolution of the dependencies of the IP and transport network, as well as methods that can be used to manage these complexities through practical use cases that provide significant OPEX and CAPEX savings.
It's been more than 20 years since Cisco first introduced NetFlow as a scalable way to track network activity without collecting raw packets.
To this day, network operators who use NetFlow and other types of flow data for network management still report the benefits, which include a lightweight monitoring footprint, faster troubleshooting, more effective planning, and automated security.
However, when any technology survives for two decades, it raises the question: Is NetFlow outdated? Are there other data sources and technologies that are newer, faster, and more detailed for achieving network visibility?
In this presentation, we will discuss:
We as a service provider always believe in innovation and dedicated towards service we cater to our valued customer in terms of customer prospective. As we know IPv4 is on depletion and we always want to came out from this limitation. Hence we dare to come out of this situation by deploying IPv6 into our network. Walking along with challenges of deploying this new thing into our network, i want to share the pain and gain we experienced with this deployment to the community with the aim to learn things that we missed and implement those in to our network for betterment of our service
This presentation compares snapshot of the IPv4 global routing table from 9 large networks and compares the differences in routes. The goal is to find what causes a difference of a few thousand routes across larger networks.
This presentation will describe a CORD (Central Office Re-architected as a Datacenter) open-source solutions for service providers. It combines NFV, SDN, and the elasticity of commodity clouds to bring datacentre economics and cloud agility to the Telco Central Office. CORD lets the operator manage their Central Offices using declarative modelling languages for agile, real-time configuration of new customer services. Providers can leverage common hardware and software infrastructure to offer traditional connectivity as well as cloud services for residential, enterprise, and mobile customers. CORD infrastructure also allows third parties to provide innovative services to common customers with a variety of partnership models. As a reference implementation, CORD is built from commodity servers, white-box switches, disaggregated access technologies (e.g., vOLT, vBBU), and open-source software (e.g.,OpenStack, ONOS, XOS). It has been supported by major service providers like AT&T, SK Telecom, Verizon, China Unicom, and NTT Communications.
In particular, this presentation shows that service providers can develop solutions for SDN/NFV-based fabrics by adopting smaller reference implementation of CORD, called a Trellis. It is a leading open-source multi-purpose leaf-spine fabric supporting distributed access networks, NFV, and edge cloud applications. It is a fully open-source platform that reduces the Total Cost of Ownership (TCO) and makes it easy for operators to customize it for their applications. It is built by using bare-metal switches with merchant-silicon ASICs and currently deployed in production networks by a Tier-1 US network operator.
Its been a commonly accepted maxim of network design that buffers in switches need to be dimensioned to be equal to the delay bandwidth product of the circuit that is being driven by the switch. But this is leading to some real issues with scaling, speed and cost. Are there alternative approaches that can make use smaller buffers? We will explore the tradeoffs of network member capacity and protocol performance in this presentation.
A review of the state of the Internet's inter-domain routing space for 2019, looking at the BGP metrics. The presentation includes projects for growth in the IPv4 and IPv6 space for the next five years
For many years we have been hearing about IoT devices and the challenges to make them secure reliable and safe. ICANN's Security and Stability Advisory Committee (SSAC) published a report discussing the opportunities, risks and challenges of the interplay between DNS and IoT devices. This talk will detail the highlights of the opportunities that the DNS offers to increase IoT security and transparency and how the IoT may pose a risk to the DNS.
The presentation covers the topic of managing DHCP configuration in amodern and scalable way using Kea, a new open source DHCP solution that's going to eventually replace ISC-DHCP. Kea provides flexible JSON based configuration with a REST API to manage it. Prefix Delegation mechanism and various options how to deploy it using Kea is discussed. Quick overview with some example operations are presented. While all of the examples discussed are IPv6, the solution still supports legacy technologies, such as IPv4. Discussion of the planned features in future releases will conclude the talk.
There are people who play games and there are people who watch games. While it is debatable whether Video Gaming is a sport, it is a fact that Video Gaming rival’s traditional media as a form of entertainment, whether offline or online.
This presentation covers the challenges in getting an excellent online game experience for games from the network point of view (in addition to providing some insight from the developer and players point of view). This presentation will discuss online game experience wrt the network being multi-domain by nature.
We conducted a research on a published BGP full route information and detected 3 /24 unassigned IP networks announcements. The results have proven that even unassigned IP networks are actually announced in the internet. The problem is not organisation/region dependent, and there are several possible future works that we can better understand the situation.
For full route data, we downloaded files from RIPE Routing Information Service. Then we compared the full routes with a list of allocated/assigned IP prefixes in Japan, which is managed by JPNIC. The output is the set difference of the two datasets, which are unassigned route announcements. Python is used to implement the script. For IP network addresses manipulation in our research, netaddr and ipaddress are the essential libraries.
It's been 30 years since the famous meeting in a cafeteria where Kirk Lougheed and Yakov Rekhter used two napkins to sketch out the main feature of the BGP protocol. BGP was devised as an improved routing protocol able to fulfill the needs of an Internet that was about to take off. Yet as the architects themselves have admitted, security wasn't even on the table back then. And despite several security-driven protocol enhancements and BCPs over the past 30 years, thousands of companies and millions of end users are still affected by route leaks and hijack attempts that cause service disruptions and loss of revenue.
In this talk, Catchpoint BGP expert Luca Sani will focus on route leaks and hijacks. He will explain what the biggest security risks are, how and why they came to be, and how they've affected end-user experiences around the world over the past year. Using three of the most famous BGP routing incidents of 2019 as a case study, Luca will cover what went wrong and how it could have been prevented, hoping that such an analysis could raise awareness in the community on how important is to secure your network policies regardless of the size of your organization.
The Cable Haunt (CVE-2019-19494) vulnerabilities found in Broadcom cable modems, was recently published with proof of concept code that can be used to exploit customer equipment.
The cable modems are vulnerable to remote code execution through a web-socket connection. This presentation will be an overview of the vulnerability including a list of known exploitable equipment.Various forms of spine and leaf networks are used in large scale data center fabrics. The background of these fabrics, however, is not well-known. This session will explain the history of the spine and leaf fabric, beginning with the Stowger frame, the crossbar fabric, and moving through to the butterfly.
We are developing a software router 'Kamuee' using DPDK. Although the source code is proprietary, it effectively uses open technologies such as DPDK, Linux, liburcu, lthread, Quagga/FRR, and so on. In the presentation we discuss its performance, field experiences, technical issues, and business prospects.
Scale-out design, when applied to routing, directs us to build large fabrics of routers. This has limitations due to control plane scaling. These limitations can be addressed through the use of Dynamic Flooding, which allows traditional IGPs to scale more smoothly than has been possible in the past.
An introduction to a new and novel routing protocol for the datacenter; Routing in Fat Trees or in short RIFT. In this presentation we will dive into what challenges RIFT solves over the use of OSPF, IS-IS and BGP in the datacenter. I will also give an update on the status of the work in IETF and point out to some implementations.
In this presentation I will give an update on the current state of Routing Security, briefly show what it is as an introduction, give an update on the work in IETF and will present next steps like Autonomous System Provider Authorization using RPKI. I will also point out some implementation issues and it's suggested solutions.
As LinkedIn continued to scale its infrastructure across the world,there emerged a need to be able to scale our network security policyenforcement, while significantly increasing bandwidth and density withinthe datacenter.
In 2016, LinkedIn built Distributed Firewall (DFW) to transform itsnetwork and security operations. This has enabled the company to expandhorizontal network scalability and allow full utilization of datacenterpower, cooling and space by intermixing heterogeneous environmentswithin the same physical rack and network footprint.
This presentation details the journey to building DFW, how we'veiterated over the design to increase security policy velocity andobservability. I will discuss lessons learnt from running DFW at scaleacross LinkedIn's data centres globally.
A cyber range provides a place security teams (CSIRT/CERT) to practiceskills (e.g., attack detection and mitigation, penetration testing,...)for responding to cyber attacks in a realistic testbed environment. NCL(National Cybersecurity R&D Lab) aims to provide a virtualized cyberrange environment for performing sophisticated cybernetic attacksagainst a simulated critical infrastructure, especially for research anddevelopment of new security methods, tools, or training, and alsoencourage collaboration among researchers in academia, government bodiesand the industry. The infrastructure includes a cluster of 300 nodesthat provides a wide range of provisioning mechanisms, security data,and security services for various use cases (e.g., CTF - Capture theFlag, CDX - Cyber Defence Exercises, Pentesting, and others).
In particular, CDX employs a cyber range and supportive infrastru to simulate multiple complex setups and allows participants to int with an assigned host realistically. It is designed to foc defending critical information infrastructure against skille coordinated attackers for participants, which is driven by a sce that includes the actions of attackers (i.e., Red Team) and assign for defenders (i.e., Blue Team) prepared by the organizers. NCL members are mainly responsible as a system/infrastructure administ (i.e., Green Team) and also CDX organizer/orchestrator (i.e., team). As a Green team, they need to provide infrastructur different environments (e.g., Internet, information techno operational technology, healthcare, and others). As a White team, need to provide scenarios and rules for the Blue team as we generating background activity during exercise to make it more realistic.
Demonstrate the power and viability of inter-carrier data-on-demand services through automated provisioning, management, and settlement.
This presentation was first delivered at MEF in Los Angeles in 2019 and accompanied a production demonstration of the MEF Lifecycle Orchestration API (Sonata).
Every internet service provider’s success requires not only a focus technical infrastructure but expertise on operational implementation, particularly with regard to financing startup, growth and expansion activities. This panel session will focus on the financial challenges and opportunities that connectivity service providers in the region face as they move through stages of growth and maturity. Panelists include peer ISPs as well as organizations that are financing connectivity providers (from concessional grants, equity investment, expansion debt capital, among others), and the session will address how to approach challenges in obtaining funds for entities in different stages.
APRICOT audience members will learn how to access and utilize various financial mechanisms to start, expand and grow their internet infrastructure development and have the opportunity to hear how to identify fit-for-purpose financing, discuss the pros/cons of different financial instruments, and pose direct questions of the panelists.
Open source is migrating from the workload side of the world to the network infrastructure side of the world. This Panel will provide a forum for operators to discuss how they are using open source in their networks, challenges they are facing, and sharing solutions they have found.
Brazil Internet Exchange (IX.br), a Department of the Brazil Network Information Centre (NIC.br), has played a prominent role in the development of the Internet in the country. With over 2300 unique ASNs connected in 31 locations and over 9Tb / s of traffic it is one of the top IX business in the world.
This presentation will cover a little of the history of the model adopted by NIC.br in the construction of IX.br and how we have supported the great growth observed in recent years.
Country and environmental data on key players that make the Internet work should also be analyzed, as it has driven increased traffic and the number of ASNs.
With the arrival of the first content providers in the city of Fortaleza, the beginning of a decentralization process is expected to exist today in São Paulo and Rio de Janeiro. Data from these top three IXPs will be compared to see what is already happening.
In this speech we hope to show the current and future opportunities to exchange traffic in Brazil.
The IXPDB is the only database publicly available for the community that has the most accurate and complete data about IXPs because the data is supplied directly by IXPs via an API.
In 18 months we have managed to convert 177 IXPs to automating their data export to the IXPDB, that's just under a third of IXPs in the world. We the IXPAs are confident we can work with IXPs to continue to provide and be the number one place to go for IXP data.This presentation covers the latest updates to the IXPDB, the tools that have been developed for the community to further improve their peering analysis and a road map of what's coming next.We can make things better. Don't throw rocks. HE has been filtering peers for over a year now..
G'day! Tom will present what peering and Interconnection means for Oceania. An overview of what's been and where we are going.
This presentation describes IX, Peering Facility(DC) in Indonesia. It helps audience to select where to newly expand POP in Indonesia.
This session will cover technology evolution towards SRv6 , how this will be further simply and make network more scalable . This session will also cover technical details of SRv6 and major use cases like L3VPN, traffic engineering , service chaining etc.
PeeringDB itself is around for 15 years now, and PDB 2.0 is out for almost four years. With the new GUI and API usage of PDB surged. This drives the demand for an in-depth tutorial.
This tutorial first gives a quick introduction to PeeringDB itself, the association and committees behind it, before going into detail with the GUI and then for the advanced to take a look at the API.
Network state awareness and troubleshooting is a large and skilled part of operating a network. This session will cover basic network data plane troubleshooting best practices and techniques to plan for failures. We will also do demos and a review of the troubleshooting tool chain: NetFlow, perf-mon, CBQoS, ICMP/traceroute, interface stats, but also touching on RP stability (SPF runs, unstable neighbors etc), and SDN methodologies along the same lines
While intrusion detection systems are the basis of every security aware organization and most of the network based threats have been successfully mitigated in the past; the signature based detection system has a major drawback. And that is, the system is always one step behind the newest threats.
In depth analysis over a larger set of Network data has the advantage of detecting different types of anomalies. And if it is about a Largest Nation wide ISP, then the SOC team has to adopt the Anomaly Detection system to mitigate the infrastructure threats in a pro-active way.
This talk is about the research work that have been conducted in my current organization, to detect well known and unknown attacks in DNS infrastructure. And the years of experience has been deployed in to the system to build a robust Machine Learning model to detect anomaly behavior in DNS traffic which will have a better assumption on the threat of an anomaly.
I have worked on a number of detection methods, both real-time and statistical analysis methods, that can detect anomalies of some well known DNS attacks. Here i will share about the lesson learned and the progress of our Machine Learning approach.
Security breaches are on the rise, businesses are getting compromised each day but why are organizations still struggling to stop breaches from happening despite of spending thousands of dollars on solutions? This clearly shows that we need a stronger layered based defensive strategy to combat the ever-evolving threat landscape.
In this session we will be be discussing the controls which need to be implemented to mitigate security breaches. We will also be discussing 3 hacking use cases which shall be as mentioned below:
We shall then be demonstrating in front of the audience how to harden systems covering windows and linux based platforms both as per the Center of Internet Security Benchmarks. The controls which we shall be implementing in front of the audience shall included but not be limited to the following:
It’s very well said that in order to be a good cop, we need to think like a thief! Join me in my session where i reveal the hidden facts about system hardening and the value it can bring in to eliminate threats from ever occurring.
This tutorial will introduce the different IPv6-only transition technologies that apply to both, broadband and cellular networks, comparing them and discussing the required steps to deploy IPv6-only with IPv4-as-a-service (IPv4aaS) in an ISP/enterprise network.
The transition mechanisms will include:
The main effort will be devoted to how to setup NAT64, DNS64 and 464XLAT.
This is a full workshop allowing hands-on, so the participants can setup their own VMs (I will provide them) to setup the lab in their own laptops.
To better serve massive scale Video and AI/ML applications, Public/Private cloud introduced a lot of innovations on modern data center design. In this session we will talk about:
add More deep dive information for RoCE Switch innovations:
A little bit of everything perfSONAR is available in this session,including:
And, we will finish up the session with some hands-on fun using a cloud-based perfSONAR lab to run a few of the available perfSONAR measurement tools.
To participate in the lab you will need to bring a laptop.
There has been an explosion of data center technologies over the past few years driven by the advent of cloud and SDN. The aim of this session is to walkthrough VXLAN BGP EVPN technology building blocks used in building highly scalable and reliable data center.
Using local language character sets in domain names and email addresses
Dominant of English in Internet use is a digital divide that restricts users who use non-English characters or scripts to access data and information as well as to use Internet services.
Allowing only a restricted character set (ASCII a to z, 0 to 9 and the hyphen) within the Internet Domain Name System causes difficulty for non-English to learn a new character set in send emails or access to websites. With the emergence of Internationalized Domain Names (IDN) and Internationalized Email address (EAI), two of the important fundamental protocols, made an effective step to achieving a multilingual Internet. IETF and ICANN released- guidelines for IDN and EAI that allow Internet users to use domain names and email addresses in their preferred scripts. However, some websites, software, and applications remain unable to accept and process the domain names and emails address as valid names as guided by IETF. Web addresses cannot be resolved to the intended resource on the website. Mail systems cannot send mails to expected recipients.The BoF aims to gather interested individuals and organizations to share information and brainstorm collectively on how to increase the awareness of its significance and how to ensure that IDNs and EAI can be used faultlessly. Updates of what IDNs and EAI activities have been done in each country may also be shared.
We have many NOG style communities in our region, and it seems there are more new NOGs happening as well. I'll invite each NOG organizers to share their recent updates, and this will be a great opportunity to showcase such NOG activities together.
Updates on issues of interest to IPv4 market participants. Pricing trends, supply and demand trends, changes in transfer policies, leasing trends, IPv6 transition.