MENOG 7 offered three Workshops:


IPv4/IPv6 BGP Routing Workshop

A workshop for those building or operating a wide area TCP/IP based ISP network or Internet eXchange Point (IXP) with international and/or multi-provider connectivity.

Instructors: Philip Smith & Stefan Olofsson (Cisco)

Who should attend?

This is a technical workshop, made up of lectures and hands-on lab work. It is open to technical staff who are now building or operating a wide area Service Provider network or Internet eXchange Point (IXP), likely with international and/or multi-provider connectivity.


Participants must have technical day to day hands on experience of Internet routers. Cisco IOS Fundamentals, user level UNIX and maybe some system administration, some use of network design preferably TCP/IP-based is also helpful.

What you will learn

  • Techniques for design, set-up, and operation of a metropolitan, regional, or national ISP backbone network. This includes ISIS, BGP4, and policy based routing configurations.
  • Techniques for multiple connections to the Internet (multihoming), including connections to IXPs and ISPs.
  • Techniques to achieve optimal performance and configuration from a Cisco backbone router. This includes routing scalability, network design, and configuration tips.

Technologies Covered

IPv4 and IPv6, ISIS, iBGP, eBGP, BGP Scaling, BGP Policies, Route Reflectors, BGP Best Practices, BGP Configuration Essentials, IXP Design.

Each class is different and tuned to the participants requirements. If there are any specific requirements, these should be communicated to the instructors during the workshops. The instructors who teach at these workshops are among the top Internet engineers today and between them, have a great deal of knowledge on many current technologies.

Please be aware that participants are required to bring laptops


Network Management Workshop

A course for those who need to manage diverse Network and NOC operations. A combination of theory and lab, with lab work on Ubuntu Linux constituting about 60% of the total course.

Instructors: Phil Regnauld & Brian Candler (NSRC)

Who should attend:

Engineers and system staffs at ISPs and large networks including academic networks who are involved system management, network monitoring, and telemetry. The course is for those who need to manage diverse Network and NOC operations.


Good knowledge of Unix, IPv4 addressing and general network concepts

Topics Covered:

The workshop will be a combination of theory and lab. The lab will constitute about 60% of the total course. Ubuntu Linux server version will be workshop platform. The course will cover:

Day 1:

* What's a Network Operations Center (NOC)
* Attendee Presentations on their own infrastructure
* Resilient, Reliable & Robust DNS operations
* Network Monitoring and Management Overview (principles)

Day 2:

* Network Performance Metrics & Definitions
* Network tools and diagnostics
* Nagios
* SNMP  

Day 3:

* Ticketing Systems (Request Tracker)
* Nagios (part II), includes RT+Mailgate
* Cisco / Net-eqpt. Configuration Elements
* NetFlow and NFSen 

Day 4:

* Introduction to CVS / CVSweb
* Smokeping - monitoring DNS latency
* Cacti

Day 5:

* Log Management (Syslog-NG/Swatch)
* Network Documentation (Netdot)

Network Infrastructure Security and Forensics

Instructors for Network Infrastructure Security: Gaurab Raj Upadhaya (Limelight Networks) and Jonny Martin (PCH)

Instructors for Network Forensics:  Irek Parafjanczuk & John Kristoff (Team Cymru)

An advanced hands-on workshop covering best practice network infrastructure security including DDoS, IP spoofing, and RTBH.

Who should attend:

Network Operations and security staff at ISPs and Network Service Providers. People who are trying to learn ropes of establishing a functioning security system in their network core and edges. Anyone else with interest in Security topics.


This is an advanced course. Good familiarity with UNIX command line and system administration jobs. Knowledge of Layer 3 protocols, and command line of popular routers. Basic knowledge of security concepts is an added advantage.

What you will learn:

The ISP / NSP Security Workshop focuses on following components to provide comprehensive understanding and hands-on experience allowing you to gain valuable experience in network security best common practices, tools and techniques.

Topics Covered (Network Infrastructure Security)

For network infrastructure security, best common practice for protecting infrastructure including IP addressing, baseline building, securing IGP and BGP routing protocols and router filtering techniques are covered in detail. Controlling access to the routers, collecting network telemetry information and control plane protection techniques are discussed. A six step methodology for detecting and mitigating DDoS attacks on the infrastructure provides hands-on understanding on how to deal with such attacks. Anti-spoofing measures to combat IP spoofing attacks and Remotely Triggered Blackhole (RTBH) filtering to protect against infrastructure attacks hands-on practice provides easy to deploy tools on the SP networks.

Topics Covered (Network Forensics)

In this workshop a number of different modules will be presented looking at the nature of network attacks, how these occur, how they are controlled and how they can be identified.


TCP/IP Overview (if required)

Understanding TCP/IP traffic using Wireshark.

Introduction to Network Forensics:

This module will consider data sources used to collect network data, what data are commonly used in network forensics and which tools are commonly used to collect this data.

Understanding Botnets and Analysing Botnet Traffic

The role and impact of Botnets will be discussed and an overview of botnet operation, functionality and control presented. Participants will create and control an IRC based botnet and will use the botnet to initiate a ddos attack with the participants taking on the role of the “botherder” and controlling the infected machines.  The network traffic generated in these exercises will be examined to see how botnet activity can be identified.

Investigating a malware infection:

Using several publicly available tools, participants will look at the traces that a malware infection can leave on an infected machine. These can include system changes and outgoing network traffic.

Netflow analysis:

In the courses of the workshop exercises netflow traffic can be collected. Participants will look at this netflow traffic using NFSEN and see how infected machines can be identified.  This exercise will help participants understand netflow and how netflow can be used to help to protect a network.

Remote Access Tool (RAT) – Back Connect Infection  (using Poison Ivy)

In this module participants will create a back-connect trojan using a Remote Access Tool (Poison-Ivy). They will then build the exploit which will be used to infect the compromised machine (install the trojan) using metasploit and deliver the exploit to the target machine (the bot).  The functions that the RAT provides to control the bot  via the back-connect will be examined.