MENOG 7 Tutorial Abstracts

Network Core Infrastructure Security – Best Practices – Yusuf Bhaiji (Cisco Systems)

This session focuses on the basic requirements necessary to improve backbone security. It reviews features and techniques available to help improve security by hardening the core network.

This session reviews security best practices, security recommendations, and router features to mitigate direct infrastructure attack. It covers the deployment of specific features and using them to improve backbone security. This session is designed for network engineers and security professionals in service provider & enterprise environments.

Layer 2 Attacks and Mitigation Techniques – Yusuf Bhaiji (Cisco Systems)

Layer 2 Attacks and Mitigation Techniques session focuses on the security issues surrounding Layer 2, the data-link layer. With a significant percentage of network attacks originating inside the corporate firewall, exploring this soft underbelly of data networking is critical for any secure network design.

Security issues addressed in this session include ARP spoofing, MAC flooding, VLAN hopping, DHCP attacks, and Spanning Tree Protocol concerns. Common myths about Ethernet switch security are confirmed or debunked, and specific security lockdown recommendations are given. Attack mitigation options include the new DHCP snooping and Dynamic ARP Inspection (DAI) functionality.

Attendees can expect to learn Layer 2 design considerations from a security perspective and mitigation techniques for Layer 2 attacks. This session is for network designers, administrators, and engineers in all areas of data networking.

Practical DNS Operations – John Kristoff (Team Cymru)

The domain name system (DNS) is a critical component of most any network’s operation, yet measurement studies have repeatedly shown this part of the Internet’s infrastructure is often neglected. Single points of failure, misconfigurations, years-old security lapses and limited insight to manage the Internet’s naming infrastructure are replete throughout the industry. This tutorial aims to help change that. We will highlight some of the key areas of concern that all network operators should be familiar with and how to they can be addressed. After participating in this tutorial, you will come away with a better appreciation for how DNS works and many ideas on how to optimize DNS services in your own environment.

Advanced Netflow for Service Providers – Aamer Akhter (Cisco Systems)

This session is for service provider, and NREN experts engaged in designing, maintaining, and troubleshooting security, capacity planning, and accounting solutions. This session presents the latest NetFlow developments: new features, NetFlow version 9, and its standardization at the IETF. The new Flexible NetFlow feature is covered in detail. Technical details of the new features are addressed with configuration examples, show commands, tricks, and best practice advice. Scenarios such as NetFlow for security, NetFlow for application visibility, and NetFlow for capacity planning are covered.

Building an IPv6 Numbering Plan – Marco Hogewoning (XS4ALL)

This course will show how to build an addressing plan that is both scalable and offers a high degree of aggregation without wasting a lot of addresses. Although the main focus will be on IPv6 it will also address some of the challenges in IPv4 and show how to maintain a proper level of aggregation even when resources are scarse. It will contain a number of interactive exercises to give hands on experience. Topics include: Introduction, Subnetting revisted, Goals and policies, Building the initial plan, Room for Growth, and a PI example.

Monitoring Video Services in Service Provider Networks – Ali C Begen & Aamer Akhter (Cisco Systems)

Internet video is now over one-third of all consumer Internet traffic, and will approach 40% of consumer Internet traffic by the end of 2010. The sum of all forms of video (TV, video-on-demand, over-the-top and peer-to-peer) will continue expanding to 90% of the global consumer traffic by 2014. With this rate of growth in video traffic in service provider networks, a greater understanding of the various forms of video, and how to identify, monitor, and construct service-level agreements (SLAs) for video services are becoming a necessity. In this tutorial, we provide an overview of different types of video travelling over service provider networks, and explain the variety of requirements these services demand from the network and providers. We discuss identification and monitoring techniques to bring a deeper understanding of traffic patterns as well as providing service assurance. The tutorial also presents several concepts related to fault isolation and measuring quality of experience in IPTV networks.