Earlier this week I went to Atlanta for NANOG87. I hadn’t been at a NANOG meeting for a while – I even missed the legend “World IPv6 Reunion Tour 2022” panel with my friend Jason Fester + some other fine IPv6 folks at NANOG85 in Montréal.
Many people mainly join NANOG meetings for the hallway track, that is connecting/ socializing with peers (I had some very good conversations over dinner as well – you know who you are ;-), but they have a talks as well. In the following I’ll discuss some of them. I will add links to the videos once those are available in the NANOG YouTube channel.
Day 1 Keynote: Elad Nafshi (Comcast) – The Future is Now: Delivering the Next Generation Brilliant Network
A bit marketing-heavy but still entertaining, and it included some interesting technical tidbits on Comcast’s approach of fibre fault isolation & repair, and on their future cable modem design.
Aliraza Bhimani (Comcast Cable): The Operational Impacts of Supporting a Disaggregated, Distributed, Cloud-based Network Architecture
Solid technical presentation, however I’m not entirely convinced that this will gain heavy ground in other organizations than those using whitebox networking already (due to support strategies, due to added complexity for the needed interconnects etc.), but definitely an interesting talk.
Cat Gurinsky: Simplified Network Troubleshooting through API Scripting
This was one of the talks/workshops I was most looking forward to, as Cat is an expert in the field. Unfortunately she started a bit earlier than scheduled so I missed the majority of it.
Day 2 Keynote: Michael Bailey – A Security Practitioner’s Guide to Internet Measurement
Michael discussed the value of measurements & metrics, of critical thinking, and of an interdisciplinary approach to network security. Overall an excellent keynote.
I particularly liked this slide 😉
Dr. Richard Clayton & John Kristoff: Assessing the Aftermath. Evaluating the effects of a global DDoS-for-hire service takedown
In December 2022 the FBI seized 49 domain names, taking roughly half of the booters active at the time (temporarily) out of business. Richard gave an overview of the booter landscape and the operation itself, while John looked at numbers of observed DDoS attacks before/after it, in order to identify the impact of the takedown.
Akiwate Gautam (Stanford University): Retroactive Identification of Targeted Domain Hijacks
This was one of my favorite talks as I think that while the attack vector is not new, it’s still under-estimated in several organizations. Gautam discussed a case study of a registrar-based DNS takeover/attack against the French airspace company Safran in 2014 which had triggered the researcher’s interest in the subject. He noted that TLS would not protect against such an attack (I discussed trust relationships & issues when using certificates here):
They subsequently developed a methodology to (retroactively) identify such attacks, based on the operational requirements from the attacker’s perspective:
This allowed them identify a number of hijacks, incl. some potentially unknown ones:
Full paper from IMC 2022 here
Network Engineering Jeopardy!
This was serious fun. Here are the categories of the two rounds:
Agustín Speziale: World Cup 2022 – Analysis of the impact on the Internet traffic and utilization
Agustín started with an overview of the LATAM countries participating in the 2022 FIFA World Cup. He introduced each analyzed country providing the respective population size, (estimated) Internet users, number of ASs, and some additional details on their Internet landscape, which in itself was quite interesting. He then presented traffic statistics during the period of the World Cup, and matched traffic peaks to individual matches, plus some rationale on the importance of the respective matches (some pictures with graphs here).
Entertaining & educative talk, with an eventual plea to the NANOG audience to keep these numbers & trends in mind, with the World Cup 2026 looming. I for one expect that
football soccer will be(come) a huge thing in the US in the next years anyway.
Slides of the talk here
Later that day there were a talk on the benefits of using CG-NAT with 100-net (100.64.0.0/10) – which I did not attend as the topic was against my religion 😉 – and a talk on IPv6, which was a really bad talk (outdated stuff, “could have been a blogpost”, in the year 2015). Hence not covering those two here.