Steinthor Bjarnason - Arbor Networks

Withstanding the Infinite: DDoS Defense in the Terabit Era

In this presentation, we will discuss the growing frequency of large-scale, high-impact 'carpet-bombing' DDoS attacks targeting network infrastructure, as well as diffraction/amplification and refraction/amplification DDoS attack methodologies, and provide details of successful defense strategies for terabit-scale DDoS attacks observed in the wild. Tools and techniques for detecting, classifying, tracing back, and mitigating these categories of DDoS attack will be covered, including best current practices (BCPs) for network operators which can proactively limit the scope and impact of these attacks.

Biography

Steinthor Bjarnason is a Senior Network Security Analyst on the Arbor Networks ASERT team, performing applied research on new technologies and solutions to defend against DDoS attacks.

Steinthor has 18 years of experience working on Internet Security, Cloud Security, SDN Security, Core Network Security and DDoS attack mitigation. Steinthor is an inventor and principal of the Cisco Autonomic Networking Initiative, with a specific focus on Security Automation where he holds a number of related patents


Phil Britt - Aussie Broadband

The challenges of growing quickly

Having built to the 121 nbn POIs (twice), Phil will talk though the challenges for scaling quickly including transit and peering links, IPv6, migration from Cisco ASR9001 to ASR9906, and a behind the scenes look into the rapidly expanding Aussie Broadband network.

Biography

Phillip Britt is a transformational business leader who is taking Aussie Broadband from a small regionally-focussed internet service provider towards an Australia-wide tier 2 business.

Phil has been Managing Director of Aussie Broadband since July 2008. He has worked in the ISP industry at management level since 1996 and has extensive experience in both the technical and management challenges of the telecommunications industry. He is a graduate of the JMW Leader of the Future program and is well-known for his technical expertise in forums such as Whirlpool.

Phil co-founded Aussie Broadband in 2003 in response to what he saw as a growing need to extend broadband access into regional and rural areas of Australia. Aussie has grown an excellent reputation with both customers and the tech-savvy for its extraordinary levels of stable internet service and sensible technical advice. This is based on Phil's passion for putting the customer at the centre of the business.

In late 2016, Phil announced Aussie Broadband's intention to take its service offering to a national level, with a deal that gives the company direct access into every NBN POI across Australia. He sees opportunity for the company to offer its unique internet service and products to all Australians.


Chris Bull - F5 Networks

vBNG: Remove hardware from your NBN RSP service layer – add services

As NBN rolls out, RSPs are seeing significant churn of subscribers from xDSL to FTTx/HFC NBN services.

As a result, the reliance on L2TP and PPPoE in full-blown BNG hardware, is diminishing. Throw in carriers’ desire to reduce un(der)utilised network equipment – ala VNF provisioning – and you have a strong case for vBNG. NFV brings the promise of automation and orchestration with self-service portals, and auto-scale-out.

At the BNG layer, RSPs typically look at aggregation and (H)QoS plus limited services for AAA and DHCP.

But why not apply more network services to improve subscriber QoE and curtail operational expenses.

DNS, QoS and subscriber policy are the obvious ones; together with traffic distribution and steering across VAS platforms.

However, another major consideration is retaining control of network utilization as subscribers migrate for DSL. Home users find themselves with access to more than 10x the bandwidth - and video traffic continues to consume the bulk of network resources, to the tune of 60%+. Netflix, YouTube and the associated encryption. Throw in QUIC, and traditional Video Optimisation no longer works. A new generation of bandwidth hungry protocols are aimed at getting as much content to the user as fast as possible, with little or no regard for the infrastructure, and video browsing is killing networks.

RSPs need to add protocol optimization and bandwidth control to their network services to preserve their own network investments.

By virtualising the BNG you free yourself of the limitations of bespoke hardware and introduce the opportunity to consolidate functions.

So make your vBNG a real gateway – give it some services!

Biography

Chris Bull has over 20 years of working with Service Providers in the UK, Europe and Australia. He has a wealth of experience in designing and consulting on Service Provider networks including Core and Mobile, LAN & Metro Ethernet, IP routing and Application Delivery Control.

Chris started his involvement with Service Providers at Cisco Systems UK, where his role was to provide network design consultation for Mobile Service Providers, in particular Orange, Vodafone and T-Mobile.

Chris has been working with Australian Service Providers since 2010 in various system engineering and management roles at other network vendors, including Juniper, Brocade, and more recently F5.

Since joining F5 Networks Chris has broadened his skills and experience in application delivery and security, subscriber policy management, traffic optimisation, and the inevitable virtualisation and automation of their associated technologies.


Claudiu Captari - Arista Networks

SP Routing Innovation with Segment Routing, VXLAN and EVPN

Detailing examples of how service providers are applying cloud networking principles to transform their Edge, Core and Data Center domains, with a particular focus on MPLS Segment Routing and VXLAN as the transport architecture. These transports, combined with BGP community and multi-protocol address family extensions, allow providers to realise a highly scalable, resilient and extensible network architecture.

Biography

Claudiu Captari has over 14 years experience in the Networking industry with extensive experience in designing large scale data centre and public cloud platforms for service providers and enterprise customers in Australia. Claudiu joined Arista Networks as a pre-sales systems engineer, helping customers transition to the next generation, highly scalable and programmable cloud architectures. Prior to joining Arista, Claudiu has worked at Telstra as a Senior Cloud Network Architect and Cisco Systems as a Data Centre Technology consultant.


Stefan Keller-Tuberg - nbn

Simulating Vectored VDSL2 and Industry Code C558

Since 2014, nbn has worked with industry and Communications Alliance to update the shared cable bundle interference management Code to cover Next Generation Broadband platforms such as VDSL2. That Code was released earlier this year. The new Code required development of a tool that could accurately estimate the impacts of crosstalk and interference in FTTB and FTTN deployment situations. This presentation explores the method for simulating VDSL2 and estimating outcomes and shows that the Communications Alliance simulations accurately reflect nbn’s Vectored VDSL2 experience. Understanding the methodology for simulating VDSL2 points towards an operational technique available to all service providers to reliably identify and characterise cable impairments.

Biography

Stefan Keller-Tuberg is a professional engineer with over thirty years experience in the telecommunications industry. Stefan is a VDSL2 technology subject matter expert in nbn’s CTO team, and has represented nbn in the committee of experts that developed Communications Alliance industry Code C658. He is acknowledged as an Australian expert on VDSL2 and vectoring, and is the author of the Communications Alliance Vectored VDSL2 simulation tool.


Egor Krivosheev - 2degrees

Automating the Network using modern tech

With the emergence of tools like Ansible and Salt Stack, it has become much easier to automate routine operations. I amongst many others find it challenging to implement network automation at scale in a large multi-vendor environment. During my talk, I will go through my journey highlighting new developments and best practices in such areas:

  • Inventory and Autodiscovery
  • Management and Control plane APIs
  • Programming languages and libraries
  • NETCONF / YANG / Openconfig /gRPC
  • Streaming telemetry

I will be providing real-world usage examples for technologies mentioned above without going into many technical details.

Biography

Egor Krivosheev is a Network Architect at 2degress. Egor has been working in the industry for more than ten years and holds a masters degree in Computer Science. His current focus is on network automation in areas of:

  • continuous delivery and continuous integration
  • automatic fault investigation and remediation
  • autodiscovery
  • service provisioning
  • traffic engineering controllers

Beatty Lane-Davis

Subsea for non-physicists

Undersea cables are the foundation of the global internet, but how do they work? The challenges in getting signals to reach across oceans continually push the boundaries of transport technologies. In this talk we will dig into how these cables are constructed, laid and operated. We will also explore the changes in technology that have driven step-function increases in available capacity & how this evolution has shaped the design of the cables themselves. Finally, we will consider the upcoming advances currently making their way from research-land into shipping products and what future wet plants are likely to look like.


Jen Linkova

Shakespeare's Guide To Network Maintenances

The presentation provides a summary of the worst current operational practices for planning and performing network maintenance. The talk discusses how network maintenance should (not) be prepared and executed. The topics covered:

  • NOT testing your changes;
  • NOT documenting the changes;
  • NEITHER testing NOR documenting the rollback plans;
  • NOT sending maintenance notifications;
  • utilizing the powerful Copy&Paste technology for automating your network changes;
  • choosing the worst time for performing the changes (e.g. Friday night before the long weekend).

To ensure that the presentation carries great weight each topic is illustrated by William Shakespeare quotes (hopefully it would help to entertain the audience too).


Ben McAlary - Atlassian

Building and Operating Hybrid-Cloud Networks at Atlassian

A talk covering the evolution of Atlassian's network, its architecture, its traffic and scale. Covering the following topics:

  • How Atlassian moved from their own private Datacenters to Hybrid Cloud with AWS
  • How moving to a microservices and kubernetes application stacks changed the way the network operates.
  • How Atlassian maps and monitors who is using the network and how.
  • How Atlassian leveraged some AWS networking elements in unconventional ways to reduce transit costs between continents.
  • How Atlassian manages peerings between 200+ VPCs in 5+ regions to reduce costs, latencies and increase speeds.
  • Some insightful war stories and lessons, including how we keep StatusPage online when it feels like the internet is down.

Biography

Benjamin McAlary is Principle Network Engineer at Atlassian. Ben cut his teeth setting up mesh WiFi across his home suburb on the NSW South Coast. He began his career at Cisco and worked in their Network Security and Service Provider Architecture teams. He joined Atlassian as the Network Engineering team was being built and helped expand the network to many global locations and supported a transition to hybrid-cloud and microservices architecture.


Daniel McKeage - Hawaiki Submarine Cable

The Building of Hawaiki Cable

Submarine Cables are a key infrastructure supporting the Internet, but few Internet engineers have the opportunity to be directly involved in the development of a cable.

Daniel will draw from his experience in the submarine cable industry to explain the major steps involved in the development of a submarine cable. Using graphics and photos as the primary presentation material, Daniel will take the audience through the process of building and commissioning the 15,000km Hawaiki Cable.

  1. Cable Overview:
    • A familiarization of the major components of a submarine cable
    • Terminology and acronyms:
      • Wet Plant
      • Dry Plant
    • Powering a submarine cable
  2. Cable Development:
    • Desktop Study - Planning using data not ships
    • Route design - designing for reliability
    • Route Survey - Proving the theory, side scan sonar, finding new things on the bottom
    • Permits – Each country has its own process and procedure
  3. Manufacturing:
    • High strength components to handle pressure at depth
    • Fibre protection, power conductor and insulation
    • Armouring, hardening the cable where physical aggression is likely
  4. Hawaiki Cable Laying Operations:
    • Cable Load, 15,000km, big cable, multiple ships
    • Setting sail, ships head to the Pacific via the Panama Canal
    • The Australia landing at Coogee Beach
    • The final splice
  5. Getting to First Light:
    • Cable Station and land cable development
    • Power System and Inside Plant Install
    • Testing each individual component as its installed
    • Final splice, powering the cable, and first light
    • Commissioning tests, and official acceptance and handover to owner

Biography

Daniel is part of Service Delivery and the Project Development team at Hawaiki Submarine Cable. Daniel has been working on Hawaiki Submarine Cable since the early stages of the project. Prior to Hawaiki, Daniel held several positions at Alcatel Submarine Networks including Site Manager, Commercial Manager and Manufacturing Manager where he was involved in the planning, manufacture and installation of dozens of submarine cables around the world including PacRimEast, PacRimWest, the Southern-Cross Cable and the Bass Strait cables to Tasmania.


Diogo Montagner - APAC Centre of Excellence, Juniper Networks

Architecting Network Telemetry

With the majority of networking devices supporting the near real time and richer output of network telemetry these days, is it time to let SNMP go? But, is it as simple as flicking the switch from SNMP to telemetry ? From the network telemetry use cases to essential telemetry architectural building blocks, this presentation will explore important things that you need to take in consideration when designing your telemetry architecture.

Biography

Diogo has worked in the networking industry for 18+ years. He is a passionate fullstack network engineer and occasional technical author and book reviewer. Diogo currently works as automation and software expert for Juniper Networks in APAC where he helps customers to design and deploy automation and software solutions.


Richard Nelson - WAND

Faucet - Openflow SDN Made Easy

Openflow as an SDN standard was developed nearly 10 years ago, yet there are not many production deployments. This talk will present our efforts to deploy Openflow in production and make it easier for others who want to do so.

Faucet is a project, originally from the University of Waikato, REANNZ and Google to build an open-source enterprise style SDN controller. It aims to be as simple to deploy, operate and support as well as understand the code base.

Faucet is a multi-table Openflow 1.3 controller. It contains no driver code for specific switches so it enables multi-vendor networking. Faucet currently works on six vendors switches, including HPE(Aruba), Cisco, Allied Telesis and Noviflow.

Faucet includes a comprehensive test switch that can be used to confirm both the software and the hardware it is to be deployed to. In combination with standard automation tools this allows dev-ops style continuous integration and deployment.

Openflow allows very fine grained control of traffic and is a very good fit for the security and policy requirements of enterprise networks. Faucet is being used as a platform for deploying network security applications that are being developed in Australia, the US and elsewhere.

This talk will describe how the project began. It will discuss the features and advantages of using Openflow in the enterprise market and will present examples of production networks using Faucet.

Adventures in Open Source Lawful Intercept

In New Zealand the Telecommunications Interception Capability and Security Act (TICSA) requires all network operators with 4000 customers to implement Lawful Intercept capability. The regulations require capability to provide realtime capture using the ETSI standards.

Commercial Lawful Intercept solutions are (apparently) expensive. Consequently some industry members looked for a low cost solution using open source software. It became apparent that no suitable software existed. Following on from those discussions a group of ISPs have funded the WAND research group at the University of Waikato to develop open source Lawful Intercept software.

WAND has a long history of developing packet capture software. Libtrace (https://research.wand.net.nz/software/libtrace.php) is the library developed through that experience. It is a high performance library supporting parallel capture streams and providing per-packet processing for analysis, encapsulation or packet modification. Libtrace provides a high level API for packet access; additional libraries provide flow tracking and applicaton protocol identification. Libtrace programs can read from files, standard interfaces and Intel DPDK and Endace DAG cards without modification or recompilation. Multiple capture formats are supported for reading and writing.

OpenLI (https://openli.nz/) is the software that has been developed in this project using Libtrace. It provides distributed collection for IP+Radius and VoIP (RTP/RTSP+SIP) capture and encapsulation conformant to the ETSI 2013 standards. As of June 2018 the core feature set is nearly complete and it is being tested by multiple ISPs and with the NZ Police.

Biography

Richard Nelson is the leader of the WAND network research group in the Computer Science Department at the University of Waikato, based in Hamilton, New Zealand. He has been the Science Leader on three MBIE Endeavour Science Funding projects. Richard has consulted extensive for industry, having consulted for including New Zealand’s major telcos and the Commerce Commission. He is a trustee of the NZ Network Operators Group. Previously Richard worked as a Research Fellow in the Monash University. He has also worked in industry in New Zealand and the UK. His PhD is in Electrical Engineering from the University of Canterbury.


Tim Obezuk - Cloudflare

Internet noise (a story about two little subnets)

Cloudflare recently launched a public DNS resolver service on 1.1.1.1 and using two subnets, 1.0.0.1/24 and 1.1.1.1/24. These IP addresses are common place for abuse and unwanted traffic. This talk will go into some of the details about the traffic and what we have seen since launching.

Biography

Tim is a Solutions Engineer at Cloudflare, based in Melbourne, Australia. Tim works closely with Australian organisations to make the internet better for everyone by guiding the implementation of Cloudflare's global Anycast network and suite of CDN, smart-routing, DNS and Edge Compute services. Before this he worked as a DevOps Engineer building scalable web applications leveraging serverless, containerized and edge technologies.


Brendan Ritchie - LightwireBusiness

NZ UFB network post 2020

The presentation will commence with an overview of the current regulated wholesale market for Ultrafast Broadband in NZ, detailing:

The government bodies involved The carriers contracted to the Government in each region The three primary service variants, namely Bs2, Bs3 and B34, detailing which are GPON design versus point to point, current speed options Wholesale pricing and price components, including handovers The recent reduction in required POIs due to the tail extensions now offered by Chorus

The presentation will then delve into the single biggest change approaching the fibre market.

That looming change is the unbundling of UFB fibre from 2020. This is a regulated requirement which means that Chorus and the three other LFC's (local fibre companies) must provide this service, however a recent review by the government has decided to leave the pricing of the regulated service in the hands of the carriers leaving us in a situation where a public push is being made by the retail service providers, particularly those that will be able to gain the required economies of scale to make commercially viable use of unbundled fibre.

In this section I would cover:

What unbundling means in the UFB context – the need for on the ground technical resource, deploying NTUs per site and hardware inside each splitter cabinet, and why only the three major retail providers are pushing hard for this. Explain why the return isn’t the same as it was for copper - with almost 16,000 fibre cabinets around New Zealand and each of those only able to handle 48 connections, the cost per cabinet deployment is harder to claw back than was the case with copper unbundling where 143 exchanges each housed up to 7,000 connections each How the pricing process will play out over the next 18 months and the scenarios we could be left with.

My hope is that my presentation provides an interesting insight into what is often touted as the model that the NBN should have followed, while highlighting that the UFB network is far from static; speeds are increasing constantly and unbundling could be a major disrupter.

Biography

For the last 12 years I have been based in Australia while running largely New Zealand based telecommunications companies. Initially I headed up DTS, followed in more recent times by Lightwire, a company with more than 10 years of operational history having come from the University of Waikato’s research and development arm, and now with more than 7000 connected customers, a large number of which are connected through our own fixed wireless network.

I am regularly published in publications such as Techday (NZ and Aus) and Computerworld (NZ), and have providing commentary for a number of articles published by Commsday (Aus) and the National Business Review (NZ).

I also regularly publish on Lightwire’s blog - https://www.lightwirebusiness.com/category/blog/


Vijay Sivaraman - UNSW

Scalable and Flexible Network Functions using SDN White-Boxes

Appliances for Network Functions (NFs) such as deep-packet-inspection and cyber-security have traditionally been expensive and inflexible, while emerging virtual appliances (VNFs) are limited in data-rates they scale to. In this talk we make the case that SDN white-boxes can be leveraged to achieve the best of both worlds to realise flexible and scalable NFs at low cost. Our arguments are based on a combination of analysis and prototyping, and demonstration of functional NFs for traffic classification and cyber-security operational at 10 Gbps in our campus network.

Biography

Vijay received his Ph.D. from the University of California at Los Angeles in 2000, and then worked for three years in a silicon valley start-up writing forwarding code and L2/L3 protocols for a high-speed switch-router. He is now a Professor at UNSW Sydney, and is passionate about bridging the gap between academic research and commercial practise, and the skills needed to support the translation. He is a strong advocate of Software Defined Networking (SDN) technology and its potential to spur innovation in networking without being beholden to incumbent vendors.


Mark Smith

The Robots are Coming!

At a number of past AusNOG conferences we've seen Google and Facebook make a number of presentations about how they've automated the operatonal deployment, monitoring and troubleshooting in their networks.

They've been really interesting presentations. However, I've wondered how applicable their level of automation really is to the rest of us with much smaller networks. We don't and most of us will never have the scale problems they do.

I've changed my mind. I think Google's and Facebook's level of operational automation is inevitable for all networks. If automation is performed by robots, then I think robots are coming to networks everywhere.

In this presentation, I'll talk about why I've changed my mind. More practically, I'll introduce some of the basic building block tools of "robot building" that can be used to build some trivial yet still quite useful operational automation. These tools can then be used as a basis to build more advanced automation. Finally, I'll talk a bit about the possible "post automation" future in networks.

Biography

Mark began working in the ICT industry in the early 1990s, initially working with desktop PCs and servers. He made networking his professional focus in 1998.

Mark has held a number of roles, performing support, administration, deployment, design and presenting training. He has worked for state government departments, national and multinational system integrators and state, national and international residential and corporate ISPs and telcos.

Mark has also presented at the AusNOG conference 5 times, has written blog articles for APNIC by invitation, and has contributed to the IETF since 2002, primarily in the IPv6 6man and v6ops working groups. He is an acknowledged reviewer and contributor to 31 IETF RFCs, and the author of 9 IPv6 related Internet Drafts.


Thomas Weible - Flexoptix

400G - don't get confused with this transceiver generation

Transmission speed of 400G is becoming a reality, with new challenges for optical and electrical components in high speed systems emerging as well. PAM4 modulation is one key component for 400G transmission with transceivers, this talk will be a show and tell into PAM4. With this knowledge, the design decisions behind the new formfactors OSFP, QSFP-DD, SFP56-DD and µQSFP are easier to understand. This talk will help you to: Design / build new kind of applications or connections with your networking gear in the field Avoid pitfalls when designing your racks Be aware how power consumption and new plugs will be part of the new world of 400G transceivers.

Biography

Thomas Weible - Co-Founder and CTO of Flexoptix GmbH. He formerly lead the groundbreaking software development within the company. Thomas has moved more and more towards the field of transceiver technology and his so called „support with no levels and no bullshit“. Enthusiastic in everything he does, he gives realistic and practical answers to get transceivers working and operational. As speaker at several conferences around the globe he is able to target the needs of network engineers.


Walt Wollny - Hurricane Electric

New Market Evaluation Strategy Guide

Biography

Walt Wollny is the Director of Interconnection Strategy. Supporting Hurricane Electric global network reach to over 45 countries and over 190 Internet Exchanges. Focus on global connectivity and new markets. Walt has been working in the in the Internet industry for over 20 years. Before Hurricane Electric, Walt was an IP Business Development Manager at Amazon supporting over 64 new CDN builds including new markets including Japan, Singapore, Hong Kong, India, Taiwan, Philippines and Australia.


David Woolley - Telstra

IPv6 – how hard can it be?
How Telstra is transitioning fixed broadband services from IPv4 to IPv6

Just over 7 years ago, Telstra received its last block of IPv4 addresses. As a result Telstra has embarked upon a multiphase transition from IPv4 to IPv6 with dual stack as an interim solution. By May 2013, Telstra had provided dual stack IPv4/IPv6 services for 900 NBN customers in Victoria. Since then over 2,000,000 ADSL and NBN services have been made dual stack capable. With the introduction of the 2nd generation Smart Modems, Telstra has entered the final phase and is providing single stack IPv6 access.

This presentation will cover:

  • The transition plan – The four phases from IPv4 only -> Dual stack -> IPv6 + CGNAT -> IPv6 only.
  • The impact of IPv6 on residential gateway design. Considerations like:
    • When to use IPv6 over IPv4.
    • Resilience – is it OK to fail back to IPv4?
    • Interoperability with the home network.
  • The internet is broken – let’s blame IPv6. IPv6 really doesn't deserve to be the scapegoat.
  • The end game - Single stack IPv6
    • How did we do it?
    • What about IPv4 only devices on the home network?
    • What breaks?