NETblog::jtk

home | software | papers | talks | blog

Wed, Nov, 03, 2004

I attended NANOG 32 in Reston. Most of the presentations can downloaded from the NANOG meeting agenda pages. There was one night of tutorials and two days of various presentations and a BoF. As with many meetings of this sort, plenty of useful discourse is done in hallways and at the bar. What follows is a report of the event from my perspective.

The Options for Blackhole and Discard Routing tutorial covered some of the same ground as related NANOG presentations in the past. Though it did highlight a couple of newer points. If you take a feed from The Team Cymru Bogon Route Server Project, you might be concerned that either do to malicious cracking or mistake you might be given a route to drop that you wouldn't normally want to. One way to minimize this is to take the initial list of bogon routes and use that as a filter so that no routes outside of those will be accepted. That way you'll only be able to blackhole stale (previously bogon) routes. Update that filter at your leisure and you should be relatively safe. Another interesting use of blackhole routes that some providers allow is for you an organization to advertise it's larger aggregate routes with a blackhole community to an upstream, but then also advertise more specifics without the community. This places the burden of dropping bogus traffic in your upstream's network so it does not fill your end links. Your upstream becomes your garbage collector. Be sure to check with your upstream before trying this of course.

Tim Pozar gave an informative overview of 802.11 wireless issues. The slides and audio are available online. One point to highlight is that you can be ordered to cease operation of your wireless network by a commission if you are interfering with another public safety use of the spectrum. I got the impression that in some cases, powerful organizations may be able to make that argument even if you think it may be specious. In a related presenation on 802.1x, the presenters told us that T-Mobile has announced that they are rolling 802.1x out to their hot spots.

Global Crossing noted that they have one of the world's largest VoIP deployments. They use QoS and MPLS knobs and things appear to be working well for them. In a related presentation, Vijay Gill talked about AOL's datacenter design and streaming services. They ignore layer 2, VLAN and VTP kknobs, because he believes they cause more problems than they solve.

A well received presentation about Sizing Router Buffers from a researcher at Stanford was full of detailed technical analysis. His slide-fu was also the best of the meeting, which included network animations to demonstrate his material. You should probably listen to the audio to best understand and follow the slides. In a nutshell, the size of router buffers does not necessarily need to be as large as was originally thought and this can allow router vendors to use faster RAM chips that are available at those lower capacities.

A Tuesday morning DNS presentation brought to light an interesting DNS attack that can result from TCP filtering in the path between a recursive server and an authoritative server. Imagine a recursive server that receives an answer with the truncated bit, indicating the answer contains more than 512 octets and thus requires a TCP connection. If the recursive server then attempts a TCP connection, but somewhere on the path TCP is being filtered, TCP state can build on the querying server. It may be that the authoritative servers or networks outside your control are doing the filtering. It would be nice if the filters could at least send a RST back. There isn't a great solution to this problem yet.

The guys that presented the Internet Motion Sensor project noted that people can participate in the project. If you have dark space to monitor, they will send you a box and allow you a view into the aggregate data.

posted at 2:20 pm| permanent link

Feedback: jtk@northwestern.edu