Fall 2016 NetGurus Meeting
Internet2 will provide NetGurus a room to be set in a closed Board style conference seating to support ~30 participants . The meeting will take place the Thursday after the Technology Exchange (Sept. 26-28, 2016) conference concludes. We will have a projector and screen available if needed by participants.
Summary
Location | Miami, FL |
Room | Trade (Lobby Level) |
Date | Sept. 29, 2016 |
Time | 9:00am - 5:00pm |
NOTE: Breakfast and lunch are on your own. A morning and afternoon break with snacks and beverages will be provided. We will go to dinner as a group the night before.
Tentative Agenda
Time | Activity |
---|---|
Breakfast | On your own |
9:00am | Gurus start |
10:30-11:00am | Break and networking (Brickell Foyer - Lobby Level) |
Noon | Lunch on your own |
3-3:30pm | Break and networking (Brickell Foyer - Lobby Level) |
6:00pm*** | Gurus and Guests Dinner |
***Note that the dinner is on Wednesday night, instead of after the meeting Thursday.
Attendance
Contact Dan Brisson (dbrisson@uvm.edu) or Cas D'Angelo (cas.dangelo@oit.gatech.edu) to RSVP and for topics you wish to discuss during the meeting. Attendance limit is 30.
Name | |
---|---|
Dan Brisson | dbrisson@uvm.edu |
Cas D'Angelo | cas.dangelo@oit.gatech.edu |
Peter Gutierrez | peterg@nic.umass.edu |
John Kristoff | jtk@depaul.edu |
Drew Lake | rlake2@depaul.edu |
Dan Magorian | Dan.Magorian@jhuapl.edu |
Andrew Gallo | agallo@gwu.edu |
Danny Shue | danny_shue@unc.edu |
Mike Van Norman | mvn@ucla.edu |
Tony Brock | anthony.brock@oregonstate.edu |
Yul Pyun | ypyun@usc.edu |
Joe Rogers | joe@usf.edu |
Jose Dominguez | jad@uoregon.edu |
David Teach | dteach@uoregon.edu |
Matt Wilson | mwilson@northwestern.edu |
Amy Liebowitz | amylieb@umich.edu |
Charles Rumford | charlesr@isc.upenn.edu |
Dwayne Fennell | dfennel@clemson.edu |
Matt Zekauskas | matt@internet2.edu |
Matthew Almand | matthew-almand@tamu.edu |
Randy Dahilig | randyfd@triton.uog.edu |
Jose Santiago | jdsantiago@triton.uog.edu |
Brian Flanagan | brian.flanagan@oit.gatech.edu |
Liane Tarouco | liane@penta.ufrgs.br |
Adair Thaxton | sthaxton@email.unc.edu |
Chris Cook | chris.cook@nyu.edu |
Noaman Khan | noaman@gwu.edu |
Joe Marentette | jmarentette@wustl.edu |
Dan Matthews | dcm81@case.edu |
Discussion Topics and Notes
Topics are submitted by participants. Please contact Dan Brisson (dbrisson@uvm.edu) or Cas D'Angelo (cas.dangelo@oit.gatech.edu) to add an item to the agenda.
- Internet2 network futures plan - What does the next generation network need to look like?
DDoS attack mitigation
- This topic was covered fairly heavily during the conference due to Internet2's interest in offering this service
- NoX working with Akamai on a solution for members
- Concerns about large scale attacks against an entire /16, not just a single or a couple of hosts
- Use a CDN for critical web assets instead of paying for DDoS mitigation services
- Cost of impact:
- Business cost
- Reputation
- Multiple happy Arbor customers
- Create a common list of contacts to call when under a DDoS
- Talk with local Risk Management office about DDoS to assist with costs
- 3 out of 30 participants paying for DDoS mitigation services
- 15 out 30 use RTBH
Cloud/Data center outsourcing, experiences, challenges
- One school with "cloud first initiative" - explore cloud first for any new service
- Virtualize and move servers to cloud
- Another school with initiative 3yrs ago to move 75% of services to cloud - estimate that today only 3 out of a couple hundred have moved
- Legacy app issues
- Readying application developers an issue
- Cloud is more expensive than led to believe
- Looking now at private cloud now
- Differences in offerings from cloud vendors
- Bandwidth
- IPSec
- Resources available to researchers
- 10 schools with private cloud service on campus - openstack
- Only one school with "bursting into the cloud"
- Report of a CIO forum with 4 CIOs speaking of advantages of the cloud
- Keeping expertise in-house doesn't make sense
- Rather have people manage relationships
- How can we as network engineers be in the loop on enabling the move to the cloud
- One school with "cloud first initiative" - explore cloud first for any new service
- Cloud automation
- One school looking at Clicker for DNS automation
- Another school going with Cisco offering
- Ties into ServiceNow, Infoblox, Firewalls
- Cloudlab mentioned
- Setup VRF for connection to cloud
- 3/4s of participants using VRFs on campus today
- 5 with more than 10 vrfs on an interface
Automated network configuration management tools and techniques
- Php/ipam used by one school
- good documentation for automatic provisioning
- Digital Ocean
- Netbotz
- Netdot
- swiss army knife
- does not support VRFs
- Custom scripts to check:
- Configs
- ACLs not in use
- DNS consistency
- Check ospf database
- Spectrum
- Akips
- Infoblox
- Ansible & RANCID
- Solarwinds
- Netflow: SILK
- Splunk
- Php/ipam used by one school
IPv6 deployment: L2 monitoring and auditing, IPv4 congruency
- Netdb to scrape mac/ipv6 address
- Slaac in use, b/c of Android not supporting DHCPv6
- Anti-spoofing v6 ACLs
- Ptp links at /127 out of a /64
- FHRP protections still holding back until it’s on par with v4
- V4 and v6 ACL congruence
- Concern of rogue RAs
- Issues with appliances supporting v6 routing protocols such as OSPF, ISIS, BGP
Wireless, issues of it becoming the dominant access method
- AirPlay proximity
- One school looking at Cisco ISE
- Same school using 5ghz only SSID with 90% device use
- Discussion on Packetfence
- Data Center Interconnect methodologies
- One school using Cisco's FabricPath
- Carrier ethernet in the campus
Dinner Options
Pollos Jarras
Thanks for the Support
Many thanks to our sponsors who have made this meeting possible:
Marie Modrell
Kelly Faro
George Loftus
Internet2