Minutes for NMRG at IETF-96
minutes-96-nmrg-1

The 40th NMRG meeting is a workshop on Measurement-Based Network Management,
organized by Ricardo Schmidt (University of Twente, NL) and Ramin Sadre
(Université catholique de Louvain, B). Compared to previous instances of the
workshop which were specifically on Netflow/IPFIX-based techniques for network
management, its topic has been extended to all kinds of measurement-based
techniques used in network management for 2016. With 52 people attending the
workshop, the participation was considerably higher than in 2015.

=====

Room Tiergarten

14:00-14:05  Introduction by Ramin Sadre

=====

Pedro Isolani, now PhD student at the University of Antwerp, presents his work
on "Interactive Monitoring, Visualization, and Configuration of OpenFlow-Based
SDN", done as part of his master thesis.

Ricardo: You considered only a scenario with one controller. How would you
imagine an SDN-implementation using multiple controllers? Pedro: We should
implement more drivers, to be able to retrieve the same information from
different controller types.

Ricardo: Did you use traffic measurements capabilities of the OpenFlow switch?
Pedro: Only used the control traffic.

=====

Jan Pluskal from CESNET gives a presentation on the "Detection and Analysis of
SIP Fraud Attack on 100Gb Ethernet with NEMEA system".

Alexander: Padding attack against your system? Is your system susceptible to it?
Jan: Depends on the monitoring mechanism of the IDS, whether it can be detected
on flow level. Not tested yet, we have focused on the most common attacks.

Jeronimo (UFlorida): You used a network tap. Planned to filter/divert the
traffic? Jan: We are currently developing a solution that will be able to
filter/divert the traffic containing the attack.

? (Cisco): Also able to classify any meta data related to VM/container
provisioned in a virtual machine? Jan: Can be tested in a virtual machine, for
smaller networks. All tools are Open source. ?: No configuration coming from
the hyper-visor? Jan: No.

Ramin: You cannot detect the protocol, so you cannot have different number of
packets for different protocols, right? Jan: We can detect the protocol by
primitive means, like port number, but nothing advanced.

=====

Cristian Varas (Speedchecker Ltd.) presents their measurements on the
"Connectivity in the LAC region".

? (Comcast): RIPE Atlas hardware is very consistent, you have a software stack.
Have you done any studies to see how this is affecting your data? Cristian: Not
until now. We are currently extending the network. Hardware is indeed very
diverse and quality depends on it.

Jeronimo (UFlorida): Have you considered testing the last-mile connectivity of
the user? For example, Wifi might easily add 20ms. Cristian: Not done. Because
the user's point of view is: what is between them and the server. But it is a
very interesting to do, of course.

?: How did you deploy your software probe? Is it public?
Cristian: We have a website, speedchecker.xyz. You can download your own probe.
The probe does nothing most of the time until receiving a measurement command.
We offer the user measurement of their connectivity in exchange for the
measurement data from the user.

Alexander: Do you provide a service similar to RIPE, i.e., getting access to
all RIPE probes when running a probe, getting credits? Cristian: Right now, we
are not offering that. But we are open to researchers using our platform for
free. A: Is it possible to customize the measurements? Cristian: Probes can do
different kind of measurements (page load, ping,...), offering an API.

Umberto: Comments: (1) nic.br is in a similar project to perform measurements.
Would be nice to also get their data. (2) Some operators in Latin America have
direct connections from Bazil to Columbia, from Sao Paulo to San Diego passing
through Argentina. Maybe they are not included in your studied.

Giovane (SIDN): You did measurements using ICMP. There are a lot of criticisms
against using ICMP because it is shaped. Have you considered using other
protocols? Cristian: ICMP was used in a cooperation with Lacnic. We are
normally using time to first byte.

Bert (Huawei), Ricardo: Feel free to contact RIPE NCC to get more probes for
Latin America.

Ricardo: Is your measurement running continuously?
Cristian: Not continuously, single tests that you can repeat.

=====

Giovane C.M. Moura (SIDN) presents "ENTRADA: Enabling DNS Big Data
Applications".

Ricardo: All open source?
Giovane: Yes.

Ricardo: How much data can provide for open access?
Giovane: We provide aggregated data on our stats web page. Data for researchers
is provided case by case.

Ricardo: Ratio between number of registered domains and malicious domains?
Giovane: 10-15 suspicious domains per day. But depends on definition of
"malicious".

Ricardo: Relationship between number of malicious domains and certain events?
Giovane: We have seen some politically motivated web sites after terrorist
attacks, becoming popular on the first day because of such events. We are
working on extending this project to incorporate registration data to account
for such behavior and focus on those which actually try to be malicious.

=====

15:25-15:30 Closing by Ricardo Schmidt, Ramin Sadre and Laurent Ciavaglia