• RIPE 48 Home


• Hostmaster
  Consultation Centre
• Info for Newcomers
• Meet & Greet!
• RIPE NCC Membership Liaison Desk

• Meeting Plan
• Working Group Agendas
• E O F
• Plenary Agenda
• Minutes
• Presentations
• Sessions Archive
• Tutorials and Courses

• Attendees List
• Travel Info
• Hotel Information
• Meeting Venue
• Dinner Venue
• Sponsorship

• Connectivity Info
• Feedback Trials
• Webcasts

• Contact Meeting

EOF Programme

Preliminary Programme:

The EOF will start only after Lunch. There will be *no* morning sessions this time!

Title: Practical Strategies for IP Traffic Engineering and Enhancing Core network Availability
Speaker: John Evans (Cisco), Alan Gous (Cariden)
Abstract: MPLS traffic engineering (TE) is often considered as synonymous with making more efficient use of network bandwidth and/or improving network availability via the capabilities of TE Fast Re-route (FRR). This session considers the theory behind traffic engineering in general, together with the benefits, limitations, and deployment considerations of MPLS TE in the context of IP traffic engineering and engineering core network availability. Consideration is also given to alternative technologies such as IGP metric based traffic engineering and IGP fast convergence, and to how quatitive decisions can be made on the relative benefits of the different approaches. PDF

(Working) Title : Lawful Interception of IP traffic
Speaker: Jaya Baloo
Abstract: The presentation will explain the main legal and technical issues concerning lawful interception of IP traffic and the resulting impact on an ISP network architecture. The mandate for lawful interception by governments throughout Europe preceded any standard for delivery of intercepted traffic.

ETSI has been dealing with standards development for Lawful Interception of IP traffic for over three years and has just recently issued definitive specifications for the EU. Just one month earlier, in February, ETSI actually released three specifications. The primary specification is the hand over specification for IP delivery and the two other specifications are concerning service specific details for e-mail services and internet access services. The presentation will examine the results of the ETSI working group and evaluate the effect of the three Technical Specifications on existing LI -IP infrastructure and organization already in place in many European ISPs.

The presentation will also discuss the repercussions of this LI standard and requirement as it affects the enlarging EU community as well as serving as a precedent for other international standards, including CALEA.

Relation to other known work/ & or presentations: Robin Gape began the discussion at RIPE 37 and introduced LI-IP . I have made quite a few presentations on Lawful Interception implementations in Europe and about IP tapping in general. The ETSI standards, TS 102 232, 233, 234

Title: Applications of Bidirectional Forwarding Detection (BFD)
Speaker: Rahul Aggarwal (Juniper)
Abstract: This presentation describes various applications of BFD in service provider networks. BFD is emerging as a widely applicable forwarding detection tool. It can be used to reduce failure detection times, improve convergence and aid operations. Several service providers are looking at deploying it. BFD makes it possible to support SLAs of applications such as voice over IP, by allowing end to end sub-second failure detection.

It is an ubiquitous OAM tool and can be used for IGP adjacencies, static IP routes, E-BGP peers, MPLS LSPs and IP/GRE tunnels.

The talk will start with an overview of BFD to establish the context of the presentation. The application of BFD in the access network will be stressed as a means to achieve edge availability. Particularly BFD between a router and a host will be discussed as a means to fill the last mile failure detection void. Usage of BFD for IGP fast convergence will be described, where its particularly useful on ethernet links. The relevance of BFD for static IP routes and E-BGP peers will be described. This is relevant between a router and hosts eg. web servers and VoIP media gateways. BFD over ethernet will be introduced for fault detection between a router and a switch. BFD can also be used as an OAM tool on IP/GRE tunnels and for MPLS LSPs. The relevant mechanisms for this will be discussed. Voice over IP will be used as a case study to describe how BFD can be used to achieve end to end sub-second failure detection.

• Bidirectional Forwarding Detection, D. Katz, D. Ward,
  draft-katz-ward-bfd-00.txt
• BFD for MPLS LSPs: Rahul Aggarwal and Kireeti Kompella
  draft-raggarwa-mpls-bfd-00.txt
• BFD for IPv4 and IPv6 (Single Hop), D. Katz, D. Ward,
  draft-katz-ward-bfd-v4v6-1hop-00.txt

Title: Nemecis: A tool to analyze the IRR registries
Speaker: Georgos Siganos (University of California Riverside)
Abstract: In this talk, we will present a brief analysis on the IRR and the quality of information they contain. The IRR effort provides a voluntary detailed repository of BGP policy information that has not reached its full potential for three reasons: a) ISPs have limited incentives to maintain their policy, b) extracting useful information is far from trivial, and c) the accuracy of the data is uncertain. Using our tool Nemecis we try to address the last two issues. First, we can check the registered policies for correctness and then for freshness against BGP routing tables. We found that even though RIPE is the most accurate registry, only 34% (for June 22 2003) of the ASes pass all our tests. Our tool consists of two parts: first we have an easy to query relational database, where the policies are stored in tables and not as simple text. Second, we have a web based front end so that ISPs can easily check the result of our analysis.

A demo of the tool exists at the following location: http://ira.cs.ucr.edu:8080/Nemecis

• http://www.nanog.org/mtg-0402/pdf/siganos.pdf
• http://www.cs.ucr.edu/~siganos/papers/Nemecis.pdf

Title: NOC Experiences with Handling of DOS Attacks
Authors: Vincent Gillet, Jean-Michel Valey
Speaker: Vincent Gillet or Jean-Michel Valey (Opentransit - France Telecom)

This presentation will describe our experiences on the way Opentransit NOC handles Denial of Service (DOS) attacks on a 24/7 basis. We will not present the complete mechanism used (Blackhole, ACL, counters, BGP, netflow), but the way Opentransit NOC uses each tool to achieve an efficient DOS diagnostic and resolution. Some live demonstration of the tools will be done. We will also explain what we did at the very first time to handle DOS, the issues we were facing and also our roadmap to improve effectiveness of the service provided to customers. To be noted, the purpose of this presentation is NOT to talk about DOS attack types itself.

Title: Address Space and AS Number Hijacking How Operators Can Protect Themselves & Their Customers
Speaker: Leslie Nobile (ARIN), Leo Vegoda (RIPE NCC), Rob Thomas (Team Cymru/Cisco) (Tentative)
Abstract:

1. Definition and scope of the hijacking problem:

   Over the last year to 18 months we have seen the rise of address space hijacking. Addresses are re-registered from their legitimate users to third parties without proper authority. The networks are often used to send spam and host pornography.

   All four RIRs have "ask and ye shall receive" like policies. However, the groups hijacking address space rarely want to use them because their activities are unpopular. The address space they use is quickly placed on blacklists by network administrators. Consequently, the need a regular supply of fresh address space.

2. Historical perspective:

   An explanation of the "Cheers" legacy. The world has changed since the early days of the Internet. The networking community has grown and people no longer know everyone's name or nic-hdl. Instead, they rely on the registration information published in the RIR databases and various Routing Registries. However, one legacy of the early days is the 'bitty' security on many early registrations.

3. Examples of recent hijackings (in the RIPE NCC region)

   We might describe some tuypical examples from 2004. We can show the kind of modus operandi used by hijackers.

4. Actions taken by the RIRs to combat this problem

   We'll describe changes in ARIN and RIPE NCC procedures. We'll also describe new roles people can contact and registration hints they can watch for e.g. whois -ipn RR-RIPE

   Network operators need to be aware of recent changes in database security mechanisms, such as the deprecation of NONE in the APNIC and RIPE databases, the introduction of the more secure MD5-PW and the introduction of X.509 as an auth scheme for the RIPE database. They also need to know about the introduction of "Org" objects in the RIPE database and how these "Org" objects can be used when accepting new customers and their routes.

5. Actions that the operator community could take to protect themselves and their customers' registrations and networks

   A look at how the miscreants make use of the addresses and AS Numbers they hijack in the registry databases.