Skip to main content
Lotus
21 February – 3 March 2022

Accepted Presentations

Keynote

Why We Made The Internet So Difficult To Operate

  • Jack Haverty

A World of Opportunity for Internet and Internet based Services

  • Sharful Alam

Surfing through time: Internet’s journey in Bangladesh

  • S M Altaf Hossain

Why We Made The Internet So Difficult To Operate

TBA

A World of Opportunity for Internet and Internet based Services

Bangladesh would be one of the most exciting countries if you are into the business of Internet, data centre, digital content, IOT, OTT, FinTech, or eCommerce. Each sector shall leverage Internet extensively and it'll impact the way 170 million Bangladeshis live and think today.

Without any research you can invest your time, energy, experience, money, skills, relationships, and access to resources, and you’ll be happily surprised. Join the session to know what, why, and how.

Surfing through time: Internet’s journey in Bangladesh

Bangladesh has made incredible progress during the recent decade. And all this has been made possible by the timely policy development as well as proactive initiative and tireless work of innumerable enterprising, determined and visionary people in various sectors. The Internet industry is also at the doorstep of youth today through the works of some talented and enthusiastic people. Now is the right time to prepare this young industry for the future in the light of our past and present experience. Covid-19 situation teaches us the value of being connected and informed. A mature, progressive, open and safe Internet will be the key differentiator in the coming day

Conference

Routing in 2021

  • Geoff Huston

An Update on IPv6 Fragmentation

  • Geoff Huston

Introducing the Internet Society Internet Resilience Index (IRI)

  • Amreesh Phokeer

RPKI - 2021 a year in review

  • Dave Phelan

Improving RPKI RP Resiliency

  • Koen van Hove

IPSec History and Future

  • Shishio Tsuchiya

Message Digests for DNS Zones

  • Duane Wessels

Enhancing performance of DoH using CDN edge compute and edge database

  • Yin Chao

Monitoring customer network using Raspberry Pi

  • Bayambajargal Jamsran

Securing the routing of New Zealand's Research and Education sectors with MANRS

  • Aaron Murrihy

DNS Openness?

  • Geoff Huston

Reducing IP Address Waste: The IPv4 Unicast Extensions Project

  • Seth Schoen

Gatekeeper: The First Open Source DDoS Protection System

  • Qiaobon Fu

Transparent Forwarders: An Unnoticed Component of the Open DNS Infrastructure

  • Marcin Nawrocki

Ransomware as a Science

  • Eireann Leverett

Pluggable coherent optics in IP backbones is real!

  • Danny Pinto

Routing in 2021

The routing and addressing infrastructure can tell us a lot about the evolving nature of the Internet. This presentation looks at the changes that have occurred in the Internet's inter-domain routing system over 2021.

An Update on IPv6 Fragmentation

We look at the incidence of packet drop in IPv6 in fragmented packets, and in a new study we look at drop rates of various fragment size and compare drop rates of fragmented packets to atomic fragment IPv6 packets.

Introducing the Internet Society Internet Resilience Index (IRI)

The presentation is about the Internet Society Internet Resilience Index (IRI). The IRI is built around the four measurement pillars outlined above: Infrastructure, Performance, Security, and Market Readiness. Each of these four pillars represents core aspects of the Internet. Without them, the Internet wouldn't be able to operate. The pillars themselves are made up of a series of indicators that provide empirical information about the state of the Internet at a country level.

Improving RPKI RP Resiliency

The Resource Public Key Infrastructure (RPKI) was created to improve the security of the Border Gateway Protocol (BGP). With the advent of delegated RPKI, everyone can control part of the RPKI tree. We look into what a malicious actor can do when it controls part of the RPKI tree, and find that a malicious certificate authority (CA) or repository can disrupt all currently available Relying Party (RP) software. This means that all RP software would either crash or take unreasonably long (days, months) to process all data. We go over what we tested, what issues have been resolved, and which issues still remain to this day.

IPSec History and Future

IPSec is well-known VPN protocol. But there were some issue to deploy large scale networking. Today's IPSec interoperability has been improved by IKEv2 and Broadcom Jericho2c integrates IPSec and MacSec on line rate. The presentation explains IPSec problem in ten past year s and explain new IPSec world in future.

Message Digests for DNS Zones

Last year the IETF published RFC 8976, titled Message Digest for DNS Zones. It describes a protocol and new DNS record that provides a cryptographic message digest over DNS zone data. When used in combination with DNSSEC, it allows recipients to verify zone data for integrity and origin authenticity, providing assurance that received zone data matches published data, regardless of how it was transmitted and received.

This presentation provides an introduction to the zone digest protocol, its record format, parameters, and use cases. It also covers known implementations of the protocol and provides some benchmark measurements for zones of varying size. Lastly, it introduces the Root Zone Maintainer's plans to deploy the ZONEMD protocol in the root zone.

Enhancing performance of DoH using CDN edge compute and edge database

For both security and privacy reasons, application providers are increasingly starting to use DNS over HTTP (DoH). Browsers like Firefox already provide such options. However they use public DoH resolvers. For applications which want total security and privacy, they would like to setup their own DoH service. In order to improve the DoH service performance they have used a novel technique of using edge compute to process and store in and edge database queries for the DoH so it can enhance the performance of client applications for DoH resolutions. This talk will show an architecture where an edge compute and edge database system provides performance enhancements for DoH.

Securing the routing of New Zealand's Research and Education sectors with MANRS

Ever since its inception in the late 80s, BGP has performed impressively in its role of maintaining the inter-connectivity of the Internet. However, when the Internet began, there was no need to bake trust into the routing layer with the small number of operators. These days we could be peering with thousands of organisations at peering points on multiple continents. With the growing prevalence of accidental or malicious behaviour in the cyber space, we can no longer trust the routing information we receive. Threats such as route hijacking, IP spoofing and route leaks loom on the Internet every day.

Network operators have a responsibility to ensure a globally robust and secure routing infrastructure. Mutually Agreed Norms for Routing Security (MANRS) provides a framework to improve the trustworthiness and reliability of global Internet routing, relying on collaboration amongst participants and shared responsibility for Internet infrastructure.

REANNZ is proud to be the first network operator in New Zealand to join MANRS. As the provider of a network that connects NZ's researchers, educators, and students to the rest of the world, REANNZ has always taken the security and stability of our members' networks seriously. MANRS' pragmatic and straightforward framework for implementing best practice routing security reflects and expands upon our own efforts in this area.

This talk will present the MANRS framework and provide an operational overview of the steps we have taken to ensure the validity of our own network information, as well as to protect our members from improper routing activity.

DNS Openness?

The internet has been proclaimed as a clear victory for a deregulated industry based on open interoperable standards and market-based vibrant competition proving the impetus for continued expansion and evolution. As long as the essential aspects of the Internet are open in the sense that they are uniformly accessible by all without qualification, then we believe that this is enough to sustain the market-based development of the Internet and sustain competition and further evolution. But open frameworks can be captured and markets often fail, so this belief is more of a hope than a confident prediction.

In this presentation I'd like to address this open question by taking a look at today's pressure on the DNS, looking at the DNS topics of trust, open resolution and the rise of application-centric DNS services. Using the DNS as the benchmark, I'd like to pose the question: Will the Internet we are building today will be recognisable as a truly open system tomorrow?

Reducing IP Address Waste: The IPv4 Unicast Extensions Project

Toward the end of 2021, we made a splash with proposals to change the status of various historically reserved IPv4 addresses. These proposals attack IPv4 address shortages by potentially making available hundreds of millions of addresses that are currently not used on the Internet.They were set aside in the 1980s for various reasons that are no longer useful or relevant.

While IPv4 address demand is acute and many kinds of addresses are still going to waste, bringing them into use will require software and operational changes. That will take time. We see this as a medium-term process to keep our options open in the future; we anticipate that demand for IPv4 address space will exist for years to come.

This presentation will introduce our four Internet-Drafts and related work, and respond to some of the concerns raised within the operator community about what it would mean to unreserve address space and how doing so will be useful for the Internet.

Gatekeeper: The First Open Source DDoS Protection System

Distributed denial of service (DDoS) attacks are at the tipping point of becoming everybody's top concern: (1) the peak capacity of DDoS attacks has been growing exponentially for years, (2) this trend is not slowing down, and (3) most attacks are not yet very sophisticated. While current DDoS protection systems have been able to match the peak capacity of attacks, they are brittle in the face of the increasing sophistication of attacks. In this talk, we introduce Gatekeeper, a DDoS protection system that scales to any peak capacity, delivers unparalleled multi-vector protection and mitigates attacks in seconds.

Transparent Forwarders: An Unnoticed Component of the Open DNS Infrastructure

In this presentation, we revisit the open DNS (ODNS) infrastructure and, systematically measure and analyze transparent forwarders, DNS components that transparently relay between stub resolvers and recursive resolvers. Our key findings include four takeaways. First, transparent forwarders contribute 26% (563k) to the current ODNS infrastructure. Unfortunately, common periodic scanning campaigns such as Shadowserver do not capture transparent forwarders and thus underestimate the current threat potential of the ODNS. Second, we find an increased deployment of transparent forwarders in Asia and South America. In India alone, the ODNS consists of 80% transparent forwarders. Third, many transparent forwarders relay to a few selected public resolvers such as Google and Cloudflare, which confirms a consolidation trend of DNS stakeholders.

This presentation aims for raising awareness of transparent DNS forwarders, hoping that awareness will help to reduce public deployment in the future.

More details, including ongoing measurements, of the project are available on https://odns.secnow.net/

Ransomware as a Science

Ransomware is typically presented in the small, individual events, the binaries, the victim, the story of the cleanup. This is important, but we also need to study ransomware by the numbers...how many threat actors are there, are they equally prolific? How many people pay ransoms, and how many people don't? How much does the cleanup cost if you don't pay, and how much if you do? Over the course of it's history, is it getting better or worse? What impact do our interventions make?

Pluggable coherent optics in IP backbones is real!

Global Internet continues to see exponential traffic growth with technologies enabling increased bandwidth capacity and high performance but with continually dropping in price.With these drivers, At Colt we are we are preparing the move to 400G connections in backbone and peering. Colt’s is taking rapid step forwards to leverage cutting edge network technologies ahead of time to adopt high bandwidth technology without breaking the bank! Efficient network silicon, leveraging 400G ZR/ZR+ coherent optics to reduce optical transport costs, optimizing datacenter/colocation spaces are key ingredients for our plan and future success. We have already deployed successfully in Europe and planning our next deployment in Tokyo.

Panel Discussions

Operating the network when a natural disaster is occuring

    Moderator

  • Warrick Mitchell
  • Speaker

  • Chris Zane
  • Speaker

  • Richard Tumaliuan
  • Speaker

  • Simon Sohel Baroi

Building IXPs in the Pacific

    Moderator

  • Terry Sweetser
  • Speaker

  • Masataka Mawatari
  • Speaker

  • Chris Zane
  • Speaker

  • Tevia Navila
  • Speaker

  • JOSE DANTE S. SANTIAGO
  • Speaker

  • Jethro W Tambeana
  • Speaker

  • Keith Anderson

The Dire DDoS Realities - How Bad can it Get?

  • Barry Greene

Operating the network when a natural disaster is occuring

This panel will discuss the following topics:

  1. What sort of natural disasters do you have affecting your region (Volcanic, Tsunami/Floods, Fire, EarthQuakes)
  2. Do you take these into consideration when building your network and reliability models?
  3. Is diversity enough, do you need triversity or even greater?
  4. Lessons learnt during these natural disasters.

Building IXPs in the Pacific

Building and running a local Internet eXchange Point (IXP) brings many benefits to participating internet service providers and their downstream customers and end users. Panelists will discuss their efforts, successes and business models in delivering better latency and less cost to local internet service providers.

The Dire DDoS Realities - How Bad can it Get?

Today's DDoS attacks are simple, brain dead, and effective. We live in a world where it is easy to craft a DDoS using simple reflectors. DDoS simplicity has consequences. Organizations craft their DDoS defenses to cater to what they see today. They are not exploring the possibilities. Possibilities from known DDoS techniques in the past. Feasible DDoS demonstrated tested, but has yet to be actualized by the miscreants.

This panel session walks through these possibilities of what could happen if a smart attacker would do just a little more homework. Each panelist will be asked a series of questions to explore 'How bad can DDoS get.' The objective would be to have a tool for our peers to use to explain to decision-makers the potential risk and necessity for action. Panelists' wisdom will help map out grave risks we're facing and pointers to explore DDoS Resiliency Architectures to minimize the impact risk.

Peering Forum

Peering Toolbox

  • Yolandi Robinson

An Application Perspective of the AP Peering Ecosystem

  • William B Norton

Using CCTLD data to study the impact of Local IXPs

  • Terry Sweetser

The IXP Database's New Visual Experience

  • Leo Vegoda

Peering Toolbox

This presentation introduces the Peering Toolbox, a community focused project of Euro-IX. The aim is to provide a learning structure and best practice information for new entrants into the interconnection community. The toolbox will act as a reference/guide that IXPs and networks can point others to for best practice information and learn how meet the IXP and peers requirements

An Application Perspective of the AP Peering Ecosystem

In the process of measuring the performance of an overlay network we found many interesting underlying Internet anomalies, particularly in Internet routing Asia. I am writing a draft white paper with some early adopters to answer the questions :Do better peered networks bring forth more routing optimization opportunities in the context of an overlay network? In this talk we present the measurement apparatus and the early findings from measurements taken across Southeast Asia.

Using CCTLD data to study the impact of Local IXPs

CCTLD data clearly showed some interesting trends. Terry will discuss those in more nuanced detail, especially for operators and those wishing to build capability and businesses in these regions.

The IXP Database's New Visual Experience

This presentation will introduce the next phase of the IXP Database. The IXP Database is presents an accurate and authoritative view of IXPs generated by automation that gathers structured data shared by IXPs in combination with other authoritative sources. It aims to be comprehensive, complete and timely.

This presentation will briefly describe what IXPs can share through the API and demonstrate the new interactive platform for filtering, visualising, and exporting the data.

The focus will be the live demonstration of the new platform rather than the slides.

Tutorials

Git for network engineers

  • Philip Paeps

DDoS Resiliency Workshop

  • Barry Greene

Introduction to Network Automation

  • Md Abdul Awal
  • Muhammad Moinur Rahman

Segment Routing

  • Paresh Khatri
  • Zobair Khan

Scalable & Reliable Storage using CEPH

  • Phil Regnauld

Art of Route Filtering

  • Aftab Siddiqui
  • Massimiliano Stucchi

Using CI/CD pipeline in network deployments

  • Anurag Bhatia

IXP Manager - Bringing your IX and First Members Live

  • Barry O'Donovan

Introduction to PeeringDB: A tutorial

  • Arnold Nipper

SD-WAN: a basic introduction

  • Paresh Khatri

A fully automated, software defined, cloud internet exchange

  • Toni Yannick Kalombo

Git for network engineers

Why should network engineers learn Git? How can netops use GitHub as a collaboration tool? This tutorial aims to help answer these questions, and demonstrate how network engineers and network operators can make effective use of Git.

DDoS Resiliency Workshop

Rethinking Internet Resiliency to Prepare for Today's and Tomorrow's DDoS Attacks

We cannot ignore the growing, expanding, and unrelenting DDoS threat. We now live in a world where any system connected to the global telecommunications system (the Internet), must be resilient to DDoS. The capacity to launch DDoS attacks expands. The means of access and launch attacks are getting simpler. The miscreants setting up these DDoS systems are not getting caught nor 'incentivized' to stop.

In parallel, we are building networks by leveraging interconnected and interdependent cloud, edge, DevOps, and many other technologies. These interdependent and rapidly deployed systems provide exceptional services. But, the vast majority of these services lack resiliency and do not think about their fragility to DDoS. DDoS miscreants do their homework, finding vulnerable elements that collapse the whole 'interconnected solution.'

In many ways, as an industry, we're being DDoS complacent. The consequence of that complacency is allowing for the DDoS Risk to increase. The people behind DDoS run around making money from their criminal enterprises, and an increasing number of systems are at severe risk.< p>

Rethinking Internet Resiliency to Prepare for Today's and Tomorrow's DDoS Attacks builds on workshops in the past but is updated with the knowledge from the past ten years of DDoS attacks. It is a rethinking of DDoS Resiliency to focus on the engineering, risk mitigation, and intentional remediation of the risk (i.e., pushing back on the badness).

This DDoS Resiliency workshop covers 10 major areas of focus. It is an update of a program that started in 2000 with the Operator's Security Workshops and continues in many network operation forums. Each module is designed to be standalone and or taken as part of the whole program.

Scalable & Reliable Storage using CEPH

CEPH is an open source storage solution that offers block, file and object storage, where both storage and control are distributed across a cluster of servers. Designed correctly, a CEPH storage cluster has no single point of failure, and it can be scaled to hundreds of nodes, and petabytes of storage.

In this tutorial, we'll go over some of the limitations of existing storage solutions, and contrast this with CEPH's scalable and self-healing design. We'll then cover the basic concepts and components of CEPH's architecture, possible use cases, and when CEPH is -- or isn't -- a good fit for a given application or project.

We'll illustrate some useful features on the command line.

In the following sessions, we'll demonstrate the deployment of a CEPH cluster, including integration with a virtualization platform, and object storage using the S3-compatible object gateway.Finally, we'll discuss dos and don'ts, performance considerations, and commercial offerings, before wrapping up with Q&A.

Art of Route Filtering

In the tutorial we will explain some basic principles of Route Filtering and tools available to help make it simple. Every action will be demonstrated on a combination of live and lab network.

Route Filtering based on various data sources such as IRR Peeringdb, RPKI/ROA. We will also explain how to implement Anti-Spoofing (which is also a kind of route filtering).

Using CI/CD pipeline in network deployments

This tutorial will cover the use of CI/CD pipelines from the software development world in network engineering. The goal here is to understand how to template pre-designed changes in the network and enable basic automation of some key elements.

IXP Manager - Bringing your IX and First Members Live

In this 2-hour tutorial, Barry O'Donovan, the lead developer for the IXP Manager project, will demonstrate the initial steps required to turn a fresh installation of IXP Manager into a functional system to help power your IXP. We'll look at adding all the core objects including switches, route servers and your first members.

We'll then demonstrate how we get from these added members to generating secure route server configurations with both prefix filters and RPKI. IXP Manager offers a lot of tooling around this and we'll walk through the various functions including how to fresh prefix lists, access and use looking glasses and examine the filtered prefixes explorer.

Lastly, we'll do the world premiere of a new feature which allows members to implement the standard community based route server filtering via the UI without having to touch their own routers and apply complex community tagging configuration.

This tutorial will be primarily delivered via live demonstrations but supported by slides that will link to further information and tutorials covering each of the key areas.

Introduction to PeeringDB: A tutorial

PeeringDB is a freely available, user-maintained database of networks and the go-to location for interconnection data. The database facilitates the global interconnection of networks at Internet Exchange Points (IXPs), data centres, and other interconnection facilities and is the first stop in making interconnection decisions.

The database is a non-profit community-driven initiative run and promoted by volunteers. It is a public tool for the growth and good of the Internet. Join the community and support the continued development of the Internet.

The tutorial is split into three parts. The first one covers the PeeringDB association, covering how it's organised and how users can get involved. The second part deals with the PeeringDB portal. Users learn how to register, fill information for networks, facilities, Internet Exchanges, and retrieve data. The third pard peeks into the PeeringDB API. This part is intended for the more experienced users.

A fully automated, software defined, cloud internet exchange

This tutorial presents the concept of a cloud based internet exchange.It describes the physical infrastructure of an internet exchange point. It also delves into the virtual infrastructure, the underlying technology and the implementation of an automated cloud internet exchange.