NZ nogging

The NZNOG meeting continues to be one of the more interesting NOG meetings these days. Now I have to say that in some sense the NZNOG meeting was not highly polished in terms of logistics: some of the time the overhead projector was either bouncing around or projecting in green, and the hotel builders were adding a hammering soundtrack to the presentations. But I could forgive all of that if the meeting was full of ideas, interchange and information, and it certainly was all of that and more. Here is my brief summary of some of the presentations fromthe 2012 NZNOG meeting:


Josh Bailey (Google) presented on OpenFlow. Josh is a Google researcher who is involved in both OpenFlow and M-Lab. OpenFlow is an instantiation of the more generic approach of Software Defined Networking (SDN), and is the outcome of research undertaken by Nick McKeown at Stanford, which is turn is part of the recent US efforts at “Clean Slate” networking research.

The advantages of this approach lie in the effort to disassemble the vertically bundled package of control and data integration of packet forwarding. This is another cut on the open router architecture (FORCES in IETF lingo) taken down to a more basic level of packet switching control. The basic approach in OpenFlow is to create an abstraction of the control of a forwarding “robot” as set of match+action rules. The match is essentially a bit vector and mask value, and the actions include forward, discard, duplicate, send to control, push or pop headers and similar.

The model has some attractions in terms of its flexibility through software control, and the ability to use commodity hardware in the forwarding infrastructure of the network while allowing a distinct control infrastructure.


ARP Networking

Don Stokes presented on some work in using ARP behaviours to tailor a network service. RFC1122 approach of ARP cache refresh using unicast deadman timers of ARP reqs. Don also presented on an approach to use tailored ARP responses to implement point-to-point links with failover. The approach is that the router proxies for the supposed subnet and answers with its own mac address for all client ARP requests – i.e. fun with ARP as a replacement for VRRP and address conservation! I rather liked the attitude here that is was perfectly ok to customize the ARP behaviour of the network, and the outcomes in terms of lightweight support of complex concepts such as hot swapping of routing components in the network is impressive.


Philip Smith of APNIC presented on some of the practical issues in converting a network from OSPF as an IGP to ISIS. He talked about how to undertake this transition from a mechanistic perspective. Philip did not really dwell on the motivations for switching from OSPF to IS-IS, such as enumerating the functional differences between the two IGPs, nor did he cover a comparison of the network management operational overheads of the two protocols. Future presentation perhaps?


Martin Levy presented the (obligatory) presentation on IPv6. There was a distinct effort by the program committee to limit the number of presentations on IPv6 to one, and they almost managed to get away with it! Much of this topic has been extensively covered in operational gatherings, particular with World IPv6 Day and its aftermath, and its extremely challenging to present new material in this topic space.There were two IPv6 presentations: one by Fortinet on IPv6 security and one by Martin Levy on the state of IPv6 deployment.

The IPv6 Deployment story has been widely promulgated in the past year or so and probably does not bear repeating here. I must admit that the security presentation raised a few questions in my head. Yes its true that the same platform level vulnerabilities exist irrespective of the IP layer protocol used to push packets to and from the platform, so in some sense nothing changes. It’s also true that the established method of malware infection in IPv4, namely address scanning, is largely ineffectual in IPv6. So right now we have seen almost nothing in terms of malware in IPv6 in the open Internet, and I suspect that its early days to be trying to put the dots together and present a story on security issues that are intrinsic to IPv6 per se.

I like the web pages on IPv6 metrics:


Phil Regnauld of ISOC’s Network Resource Startup Center (NRSC) presented on the validns toolkit ( This is a toolkit for DNS and DNSSEC zone validation that includes DNSSEC signature validation and NSEC/NSEC3 chain validation.


Andy Linton of VUW presented on netdot (, which is a rather neat open source network asset documentation and tracking tool.

Earthquake Response Tracking

The meeting was held in Christchurch, the location of a major earthquake in February 2011, and a couple of talks were in direct response to the earthquake and its aftermath.

Jed Laundry (Acatel-Lucent) presented a view of the response to the Christchurch earthquake using UMTS base station data to track the general movement of people in response to the earthquake in February 2011 in the hours following the event.

Kim Claffey of CAIDA presented on a similar topic, using the source address of the background traffic that is sent to an advertised IPv4 /8 prefix as the primary source of data. Disruptions such as the NZ and Japan earthquakes, and the Internet shutdowns in Lybia and Egypt have an observable effect of the distribution of source addresses that generate this backscatter traffic. It appears that the conficker virus on XP platforms form a significant proportion of this traffic, and the extent to which the skewed conficker address generation code has an impact on the sensitivity of this form of inferred measurement was not quantified in this presentation.

Dean Pemberton showed one a very interesting project, which is an “ISP in a Box.” The unit is packaged into a briefcase and includes a range of power supply options, a range of uplink options and a range of downlink technologies, including Wifi and Ethernet. The equipment was all sourced from local suppliers and fitted neatly into a single case which, we are told, is permissible on domestic flights in New Zealand as hand luggage! In the context of natural disasters that can take out local power and wired communications this approach generated some interest. Some examples of the included technology in the briefcase:


Graphical Representation of Traceroute Data

The folk at WAND labs came up with a neat tool to perform a
visualization of traceroute paths (
I’m still wondering exactly how this informs a view of the Internet’s
topology, but perhaps using the pairwise-interconnects to overlay on
geo-loc data might provide some further insights as to the topology of
the network.


This presentation started with the premise that: “only in the densest population areas does it make economic sense to use fibre.” For most of New Zealand the relatively low population densities  are in favor of satellite-based services. This presentation looked at a terrestrial alternative, using 802.22 services, delivering broadband using cognitive radio in the whitespace of spectrum that is unused by broadcast services.