Proactive Network Configuration Validation with Batfish – NANOG (2015) Presentation

Proactive Network Configuration Validation with Batfish

Batfish is an open-source network configuration analysis tool in active development produced jointly by researchers at University of California, Los Angeles; University of Southern California; and Microsoft Research. Though its individual modules have various applications, its primary purpose is to detect bugs in network configurations. Batfish takes as input a set of network configurations, and an environment, which consists of a set of (in)active links and a set of external BGP advertisements. Users are able to ask customized queries about the control plane using Batfish’s domain-specific query language e.g. whether all loopback addresses are being advertised into OSPF, or whether all route policies attached to eBGP neighbors apply a particular community to incoming routes. Batfish also is able to compute the convergent data plane for a network, which provides further query facilities. Given the data plane, users can employ an off-the-shelf data plane checker or use Batfish’s data-plane queries to check common properties such as reachability/black holes, loops, etc, as well as novel properties (introduced at NSDI’15) regarding equivalence of multipath routes, fault-tolerance, and unique delegation of customer address space, with more to come.

A short history of TCP vs BBR – Video – Packet Pushers

A short history of TCP vs BBR [full version]

Geoff Huston, APNIC’s Chief Scientist, breaks down how TCP and BBR work to show the advantages and disadvantages of both.Highlighting that BBR wins because its stamps all over Cubic. Survival of the fittest means that legacy OS with old TCP flow control will be worse off and die quicker. Which is nice.

Source: A short history of TCP vs BBR – Video – Packet Pushers

David Holder – An Overview of IPv6 Security

UKNOF42 - An Overview of IPv6 Security

Speaker: Dr David Holder (Erion Ltd)

Security is one of the most crucial factors in modern networks. Network operators are painfully aware of this. IPv6 brings new challenges, features and opportunities for network security.

This presentation provides a comprehensive overview of IPv6 security, why it needs to be taken seriously, how it differs from IPv4, the problems it presents and current IPv6 security techniques and best practice.

As IPv6 becomes more widespread, no one interested in network security or network forensics can afford to ignore security IPv6