Newcomer’s session : How to get the most out of ZANOG

• Amreesh Phokeer

Room: Injabulo

Welcome, Housekeeping

• ZANOG Executive Committee

Room: Injabulo

Keynote - Building a greenfield fiber network in the 2023

• Jared Mauch

Room: Injabulo

RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data Planes (Plenary Session)

• Amreesh Phokeer (Internet Society)

Room: Injabulo As RPKI is becoming part of ISPs’ daily operations and Route Origin Validation is getting widely deployed, one wonders how long it takes for the effect of RPKI changes to appear in the data plane. Does an operator that adds, fixes, or removes a Route Origin Autho- rization (ROA) have time to brew coffee or rather enjoy a long meal before the Internet routing infrastructure integrates the new information and the operator can assess the changes and resume work? The chain of ROA publication, from creation at Certification Authorities all the way to the routers and the effect on the data plane, involves a large number of players and is not instantaneous and is often dominated by ad hoc administrative decisions. This is the first comprehensive study to measure the entire ecosystem of ROA manipulation by all five Regional Internet Registries (RIRs), propagation on the management plane to Relying Parties (RPs) and to routers; measure the effect on BGP as seen by global control plane monitors; and finally measure the effects on data plane latency and reachability. We found that RIRs usually publish new RPKI information within five minutes, except APNIC which averages ten minutes slower. We observe significant disparities in ISPs reaction time to new RPKI information, ranging from a few minutes to one hour. The delay for ROA deletion is significantly longer than for ROA creation as RPs and BGP strive to maintain reachability. Incidentally we found and reported significant issues in the management plane of two RIRs and a Tier1 network.

BGP Security - Hijack and Route Leak Detection (Plenary Session)

• Lefteris Manassakis (Code BGP)

Room: Injabulo In this presentation, we focus on BGP security using the Code BGP platform. We start with an introduction to the various types of BGP hijacks and route leaks and the challenges related to detecting BGP anomalies. We explain how the Code BGP Platform leverages multiple data sources and GraphQL subscriptions to detect BGP events of interest. We present two exact prefix hijack events against root DNS prefixes that took place a month ago. Finally, we do a live demo of configuring alert rules, doing actual announcements on the Internet and detecting hijacks.

CSIRT Under Attack! (Plenary Session)

• Riccardo Tani

Room: Injabulo After 3 weeks of complex Investigation, an apparently ordinary IT problem will suddenly shake the Incident Response Team with one of its members directly targeted by a Criminal Organization. A real Cyber Attack was narrated from the eyes of the Incident Handler to show the CSIRT reaction in case of an out-of-the-playbook Incident. Why DFIR and OSINT should be essential parts of any mature Cyber Security Practice

ASPA: RPKI-based AS_PATH verification

• Ben Maddison

Room: Injabulo

Open Source and Community Based solutions for DDOS Mitigation (Plenary Session)

• John Brown (Team Cymru)

Room: Injabulo In this talk we will discuss a number of solutions for DDOS mitigation. This will be a technical presentation. We will discuss traditional ACL's, Blackhole routing, uRPF, RTBH, how to leverage BGP to deploy a protective shield, and a community based solution that leverages RTBH at global scale. In addition we will discuss the importance of BCP 38 and RPKI signing of routes to further protect the Internet from DDOS attacks.

How to Avoid Fines and Stay out of Prison: A Guide for ISPs (Plenary Session)

• Ant Brooks (ISPA)

Room: Injabulo There are many legal and regulatory obligations on South African ISPs, from complying with ICASA's licensee reporting requirements to registering with the Film and Publication Board. This presentation looks at some of the current obligations and their impact on ISPs as well as investigating how network operators should be planning for future compliance requirements.

Whisky BOF with quiz / informal social Room: Injabulo

5G Transport and Data Center Fabrics Architecture and Requirements (Plenary Session)

• Mikael Holmberg (Extreme Networks)

Room: Injabulo This presentation discuss the necessary evolution of the Edge and Central Data Center transport network designs and architectures to comply with the increased requirements in 5G networks.

Spatial Division Multiplexing: A New (Subsea) Cable Paradigm (Plenary Session)

• Mark Tinka (SEACOM)

Room: Injabulo This paper summarizes the current state-of-the-art in how submarine cable transmission technologies are evolving to support even more capacity over longer distances, not only as the content providers dominate the space, but also as older cables run out of capacity and need to be replaced with new systems.

Routing perspectives from Netflix Room: Injabulo

Scrapping 3064s... and other Layer-2 best practices #51

• Graham Beneke

Room: Injabulo A review of the usage of layer-2 in modern networks - the good, the bad, and the ugly. How to make layer-2 network more secure and robust.

Lightning Talks Room: Injabulo Yolande - How far behind are we (15min) Mark - ICANN DNS (15min)

FNO Survey 2023

• edrich de Lange (KZNNOG)

Room: Injabulo

Measuring DNS hygiene

• Amreesh Phokeer (Internet Society)

Room: Injabulo

Futureproofing ISP DNS Recursive Resolver

• John Todd

Room: Injabulo

21st Century Data Centres

• Martin Atkinson (Equinix Inc)

Room: Injabulo

Panel: Data Centres in the time of Load-shedding

• Angus Hay

Room: Injabulo

Scrapping 3064s... and other Layer-2 best practices (Plenary Session) Room: Injabulo A review of the usage of layer-2 in modern networks - the good, the bad, and the ugly. How to make layer-2 network more secure and robust.