Lincoln Joint Techs Focus Areas

The Coming Crisis in Routing and Networking

1. Exhaustion of IPv4 address space and its impact on the size of the forwarding table.
2. Growth of the default-free FIB has moved beyond the capacity of many popular routers.
3. "Churn" resulting from the acceleration of the growth in prefixes advertised in BGP is
   reaching the point where processors in popular routers can no longer converge forwarding
   tables between updates.
4. The deployment of global network resources (storage and computing) has been forced into
   NAT and application gateways, even in North America.
5. IPv6-enabled networks don't help until users can run IPv6-only stacks.
6. Those deploying IPv6 for wide-area services have encountered problems involving both
   loss of ‘reach-ability’ in some cases, and even faster growth of the hardware resources needed
   

This focus area will look at the nature and scope of the problem and at possible approaches to
dealing with it. These may involve hardware and software changes including significant changes
in how global routing is done.

Campus Networking

The only constant within the campus network environment is change. Campus network administrators
face a continual balancing act between meeting ever increasing demand, satisfying constantly changing
technology and policy requirements, and improving productivity. Deployment of new campus network
technologies, enhancement of existing technologies, and improving network management capabilities
are the principal methods to accomplish this. This focus area includes presentations that discuss such
experiences; suggested topics include (but are certainly not limited to):

1. Wireless:
   * 802.11n deployment & support experiences
   * Managing, troubleshooting, and providing general user VLAN support
   * Authenticated wireless deployment, or perhaps simply preventing unauthorized use
   
2. Campus network infrastructure & essential services:
   * VRF or other LAN compartmental techniques & experiences
   * Prioritization and preferential network service support
   * Supporting large scale science (such as LHC) collaboration or other potentially high-impact power users
   * Interest in and preparation for emerging WAN dynamic circuit services
   * Maximizing reliability as uptime requirements march toward five 9s
   * DNS support, including DNSsec & Bind 9 deployment experiences
   
3. New, emerging technologies:
   * IPv6 planning & support experiences; DHCPv6
   * VoIP deployment, management, and policy experiences
   
4. Network management tools, such as anything that might help the rest of us be more
   efficient and productive

WAN Issues

1. WAN Operations:
   * Current national scale network updates and directions
   * New wide area networking initiatives
   
2. Exploiting Dynamic Circuit Networks
   * Practical experiences with production use of end-to-end circuits
   * Emerging dynamic circuit services and capabilities
   * Development of interface standards and protocols for end-to-end circuit setup and teardown
   * Debugging and troubleshooting end-to-end circuits, dynamic as well as static
   * Interoperability issues for deployment of circuit services
   
3. Large Application Communities Network Usage Models and Impact on WAN (i.e. LHC)
   
4. Performance Measurement
   * Performance-related Working Group update
   * Multi-domain network measurement projects and tools
   * Monitoring end-to-end circuits extending across administrative domain boundaries
   * Measurement and monitoring tools and use cases
   * Best practices in application and device tuning

Security

The Security focus area is interested in talks that focus on the following areas:

1. Network Security Analysis and Management:
   * With the increasing speed and complexity of our networks, where do the black boxes go? (Those black boxes
      certainly include: firewalls, traffic shaping, intrusion detection/prevention, proxies, etc.)
   * What problems are caused or what benefits are gained by placing them in-line or out-of-band? Or, are we better off without them?
   * What can or should be done about (encrypted) tunnels?
   * Are you using MPLS VRFS and, if so, what for?
   * What are you using isolated networks for, and do they actually connect to the campus network?
   
2. Controlling Access to the Network:
   * For Network Admission Control, 802.11x, user authentication and authorization, what can be required of a broad user community to gain access to the network with extremely heterogeneous hardware and OS platforms?
   * How can they be assisted in increasing the security of their platform?
   * What about "other" devices, e.g., SCADA and VoIP?
   
3. Layer 2 Security:
   * There have been some recent incidents using ARP poisoning and spoofing; what techniques have been successful to prevent these attacks in a scalable manner?
   * What else is being done to secure the switch infrastructure?
   
4. Other Topics:
   * DNSSEC is being deployed on some campuses. Can we get deployment experiences? How do you work with the TLD operators?
   * IPv6 requires replication of IPv4 security measures on routers, hosts, and may not even be visible to those firewalls, IPS/IDS, and traffic shaping devices. What needs to be done?
   * Deployment stories are also invited for secure access to sites' internal business functions by certificates, Kerberos, Shibboleth, LDAP, or other means.
   * BGP has some ongoing development in enhancing security that could be reported.
   * Disaster recovery is seen as critical. What are institutions doing on campus, and offsite?
   * TIC/Einstein