Congress West, PO Box 1248
West Perth WA 6872 Australia
Ph: +61 8 9322 6906
Fax: +61 8 9322 1734
APRICOT 2006 Program
> Workshops &
Tutorials > Tutorials
Routing (2 days)
Instructors: Damien Holloway (Juniper)
- JUNOS philosophy and features,
- the Juniper router family,
- typical placement of various routers in networks.
- Introduction to JUNOS CLI and exercises
- Routing policies, filters and routing protocols - OSPF and BGP - configuration
- MPLS and VPN configuration
- Demonstrating High Availability features - fast reroute, graceful
- guidance on network design principles for high availability.
- high level overview of network security issues and techniques for
DDoS mitigation and security mechanisms such as IDS, Firewalls.
Best Practice Guidelines
for Deploying MPLS (1 day)
Instructors: Monique Morrow (Cisco), Jeff Apcar (Cisco),
Muhammad Sagheer (Cisco)
MPLS core related technologies:
Layer 2 and Layer 2 VPNs; multicast, OAM, Security, IPv6; GMPLS; interworking
scenarios and future direction of MPLS technology.
The tutorial focus will be in providing practical implementation guidelines
with case study example.
Introduction to WiMax
and Broadband Access technologies (1/2 day)
Instructors: Mohammad Farhad, Richard Pruss
The IEEE 802.16/WiMax (Worldwide
Interoperability for Microwave Access) standard defines the air interface
for fixed point-to-multipoint broadband wireless access networks. It
is a wireless alternative to Digital Subscriber Line (DSL). An amendment,
being drafted, adds mobility support. A lot of works are also going
on in many standards bodies and many edge of service provider network
deployments on session and policy control. This tutorial provides a
detailed introduction to WiMax and covers the ground of access privileges,
resource usage control, QoS, accounting and service and application
mediation. Standards status and update for Cable, DSL Forum, mobile/
3GPP, ITU, TISPAN and some hopes for convergence. It also discusses
some deployment cases to show how it looks like in practice.
Play Services Over Metro Broadband Network (1/2 day)
Instructors: Lim Wong, Richard Pruss (Cisco)
Metro broadband networks
are capable of delivering a variety of services to the end customers
but why are so many carriers having issues offering triple play services?
This tutorial will discuss the architectural options for delivering
high quality video, voice, and Internet services to the home; and how
video and voice can be integrated into existing data network. What last
mile technology, security and Quality of Service mechanism are needed
to offer these services? Topics include:
- Triple play network architecture
- Last mile access options - PONs, xDSL, Metro Ethernet, WiMAX, Cable
- IP video essentials
- Multicast video (IPTV) network design
- Video on Demand network design
- Security and Quality of service requirements
Security in Mobile
and Wireless Networks (1/2 day)
Instructors: Ray Hunt (University of Canterbury, NZ)
This tutorial will address
a range of technical and performance issues central to the deployment
and operation of secure Wireless LANs (IEEE802.11a, b, g) and UMTS /
CDMA2000 3G networks appropriate for both the enterprise and for wireless
and mobile network operators. It will examine security in the mobile
network architecture including important topics such as cryptographic
tools, devices and equipment, mobility, authentication and security
standards, security testing and evaluation, performance and quality
of service as well as a range of WLAN/3G interoperability and standards
issues. It will discuss the new IEEE802.11i (WPA2) security standard
including new products and performance issues and examine how this will
interwork with 3G Networks. Further, it will discuss the results of
performance tests on various security architectures and configurations
in order to provide useful guidelines for configuration and operation
Demonstration of basic stumbling, attack and sniffing tools will also
Using EAP Authentication
with RADIUS and Configuration of Linux Authentication Server
Instructors: Hugh Irvine, Dhruba Raj Bhandari
The RADIUS protocol is widely
used for AAA (authentication, authorisation and accounting. EAP (extensible
authentication protocol) is now extensively used for both wireless and
wired networks, and there is a bewildering array of EAP flavours to
choose from. This tutorial will demonstrate and explain the configuration
and operation of a number of EAP versions.
The practical demonstration will involve:
- General overview of wireless authentication
- Configure Apache as an portel page server
- Mysql as an database server for user and accounting info
- Free Radius as an authentication server.
BGP Deployment, Best
Current Practices and Troubleshooting Techniques for Service Providers
Instructors: Philip Smith (Cisco)
This tutorial introduces
service providers to BGP, including iBGP, eBGP and common attributes.
It will then introduce some more advanced features of BGP, and look
at the various scaling techniques available, when to use BGP instead
of an IGP, and examine policy options available through the use of local
preference, MED and communities. This tutorial introduces service providers
to some of the features available in BGP to aid multihoming to the Internet.
After an explanation of multihoming and the principles being followed
in this tutorial, several examples involving different scenarios will
be given. Configuration techniques for modifying inbound and outbound
traffic flows are covered, as are some examples on how to use BGP communities
in inter-AS relationships. The tutorial finishes by covering some common
multihoming security issues.
The tutorial discusses the best current practices for ISPs, including
how to configure external peering sessions and how to deploy BGP across
ISP backbones as well as examining common problems ISPs have when deploying
BGP within their network. It looks at problems with peer establishment,
missing routes, inconsistent route selection, and convergence issues.
It also looks at real world examples of common errors which are made
when deploying BGP, both as iBGP and eBGP, in service provider networks.
Suite (1/2 day)
Instructors: Anura Abayaratne (MTT Network, Sri Lanka)
- Basic commands
- Starting BGP
- BGP router
- BGP network
- BGP Peer
- BGP Peer Group
- BGP Address Family
- Autonomous System
- BGP Communities Attribute
- BGP Extended Communities Attribute
- Displaying BGP Routes
- VTY shell
Maximising Your IP
Address Potential (1 day)
Instructors: APNIC staff
This tutorial consists of four different modules. Each module is self-contained
so you can pick and choose which modules you are interested in. The
modules are described below.
1. Infrastructure development, education and APNIC
This module will explain what APNIC is, who makes up the APNIC community,
and what services and activities APNIC provides. The module will also
examine APNIC's role in Internet development as well as the role of
training and the future of the Internet.
2. Creating policies that work for you
This module provides an overview of APNIC policy, explains policy changes
made in the past, and how you can participate in the policy development
in the future. The module also provides an explanation of how to apply
for IP addresses by selecting the appropriate APNIC policy for you.
Finally, the module explains how to propose a new policy if current
policies do not meet the needs of the Internet community.
3. Efficient address space management
This module will provide you with an overview of the Internet resource
management system, how to use the functions in MyAPNIC, and how to query
and update the APNIC Whois Database.
4. Managing your "old" address space
If you have IP addresses that were allocated to you in the early days
of the Internet, this module should be of interest. This module will
define what historical addresses are, where they come from, and what
recent changes may now have an impact on the way your historical address
space is registered.
VPNs in MPLS Networks (1/2 day)
Instructors: Ariff Premji (Juniper)
Workshop for customers who
do not have L3VPNs and would like to migrate to a MPLS VPN architecture.
The workshop would cover the migration procedure from any non-Juniper
environment to a Juniper environment. Hands-on material will be included
in this tutorial.
Primer and Infrastructure Routing (1 day)
Instructors: Seo Boon Ng, Lim Fung
Integrated IS-IS is an IGP
that is popular with large service providers. The objectives of this
tutorial is to allow attendees who have not been using ISIS, to evaluate
if IS-IS is more suited in their environment. For attendees who are
using IS-IS, this session would emphasis the optimal ways to deploy
ISIS in ISP environment. This includes pointers on tuning IS-IS for
fast convergence. The tutorial comprises hands-on and theory sections.
The theory session includes designs and case studies which are specific
to service provider networks. Participants should have baseline knowledge
of either IS-IS/OSPF/BGP.
Introduction to IS-IS
- IS-IS Protocol Overview
- CLNS Addressing
- IS-IS Protocol Concept
- IS-IS Database concept
- Difference between IS-IS and OSPF
- IS-IS SP deployment best practise (IS-IS working with BGP)
- IS-IS MD5 authentication
- IS-IS security Using IS-IS to hide the core network
- IS-IS case study and lab setup
- Lab on IS-IS and Routing security (Hiding the core network)
- Basic ISIS Troubleshooting technique
in MPLS Networks (1/2 day)
Instructors: Harpreet Singh
This presentation talks about
the conventional problems in IP networks, different techniques in MPLS
traffic engineering and the limitations and capabilities of MPLS traffic
engineering. The presentation starts with RSVP signaling, various approaches
to Fast reroute, and traffic protection. The presentation also touches
on the multivendor aspects of traffic engineering in Juniper and Cisco
routers and the different implementation flavours
Netflow, Flow Tools
and Flow Analysis (1/2 day)
Instructors: Gaurab Upadhaya
Netflow has been increasingly
used as a tool to gather information about traffic flows in IP networks.
Flow analysis has the ability to tell administrators what kind of traffic
is flowing in the network based on traffic types. As has been observed
in the past, netflow can be used to detect attacks and troubleshoot
networks. goals - Enable participant to enable flows on their routers,
collect flow data and display flow data in RRDTool generated graphs.
Pre-requisites - Basic knowledge about routers, Unix based systems,
and IP address and ports.
VoIP - Asterisk and
SIP Implementation, Theory, Monitoring and Traffic Engineering
Instructors: Jonny Martin, Ruwan Silva, Habib Madani,
Slides: download, download2, download3
This tutorial aims to get
a few more people up and running with their own VoIP systems and to
provide additional information to those who already are up and running.
Implementation of an Asterisk - the Open Source PBX - based VoIP system
will be covered from the initial build through to a fully functioning
The theory and operation of the Session Initiation Protocol (SIP) will
be covered. This will include the theory of operation and architecture
of SIP and exploration of Open Source implementations with particular
emphasis on Asterisk and SIP Express Router (SER).
Finally VOIP Network traffic trend analysis through SIP, SIP-T, ISUP,
MGCP, Trunk protocol counters will be covered. This provides an innovative
way to monitor VoIP networks and traffic flows which can help in identifying
capacity, malfunction and mis-configuration issues. Industry wide the
switches need to have this information available for doing trend analysis.
BTS provides ways export the data to a file, which can then be pulled
off the switch in pseudo-real time manner for trend analysis purposes.
ISP Network Security
- Survey of Security Threats and Attack Classification (1/2
Instructors: Danny McPherson, Ray Hunt
Slides: download, download2
Information on ISP security
survey results recently published includes many things that can be done
to raise the bar in ISP network, lots of open source tools and techniques.
This tutorial will include an introduction to commercial tools as well.
Internet architectures are built upon a pair of protocols designed
over 25 years ago and to which virtually no consideration was given
to security. Although the IPv6 networking family has been designed to
address this issue, the majority of existing network infrastructure
is subject to substantial threats. This tutorial examines the current
security risks resulting from using TCP/IP by network providers and
ISPs and how these threats related to traffic carried by these providers
on behalf of their customers can have such devastating effects. This
tutorial classifies the type of attacks possible focusing particularly
on both wireless local and wide area networks.
These threats are largely centered on IP sniffing, IP spoofing, TCP
hijacking, Buffer Overflow, Blended and Distributed Denial of Service
attacks. Although firewalls have been designed to provide protection
for many services, it is now recognised that they can be broken and
new firewall and IDS technology is necessary to complete the TCP/IP
This tutorial will examine and classify the risks and threats in TCP/IP
networks today addressing the limitations of firewalls as well as the
use of Intrusion Detection and Prevention architectures.
Large Scale Denial
of Service Attack Mitigation (1/2 day)
Instructors: Paul Quinn, Darrel Lewis (Cisco)
Denial of service attacks
are a fact of life for service providers today and effective attack
mitigation is key for maintaining availability and exercising control.
This session will begin with an overview and characterization of attacks.
We will then review attack detection techniques before turning to the
core of the tutorial: mitigation. We will cover a wide-range of network-centric
tools available to operators, as well as advanced mitigation architectures.
The session will conclude with some deployment guidelines and a discussion
of the future of denial of service attacks.
Following this tutorial attendees will have a thorough understanding
of best practices for attack mitigation and be able to determine the
most effective mitigation deployment models for their network.
Best Practice for
Security Patch and Vulnerability Management (1/2 day)
Instructors: Neal Gemassmer
Organisations that invest
in complex and expensive network systems could find these systems become
rendered useless if something as simple as patching is not managed effectively.
Hackers continue to use worms, viruses, spyware and malware to exploit
known vulnerabilities on unpatched systems, resulting in costly network
downtime and considerable administrative resource and expense to repair.
Moreover, as the trend continues in enterprise networking for the convergence
of voice, video and data onto a single network, the implications of
downtime due to a compromised network become more far-reaching. Unpatched
critical applications such as telephony are now vulnerable to malicious
attack, with potentially disastrous consequences for an organisation's
data. This is in addition to having a negative affect on the productivity
Patching is, of course, only one element of an overall security program.
However, it does make a pivotal contribution to reducing the myriad
of vulnerabilities and their resulting exploits. It also helps to resolve
issues arising from spyware and malware. By establishing the correct
procedures and process for patch management, companies can ensure they
are less likely to fall victim to network attacks.
This presentation will discuss best practices approach to patch and
vulnerability management and why it's critical for businesses to adopt
an effective network security program in order to best protect their
networks against emerging security threats.
IPv6 Transition and
Deployment (1/2 day)
Instructors: Salman Asadullah
IPv6 Network Design and Operation
- IPv6 Merits and Motivations
- IPv6 Addressing Planning and Assignment
- IPv6 and DNS
- IPv6 and Network Management
- IPv6 Routing Protocols
- S2S VPN
- Remote Access
Service Provider Deployment
Practical introduction to IPv6 (1 day)
Instructors: Jordi Palet Martinez, Tomohiro Fujisaki (NTT), Amante Alvaran (APNIC)
The IPv6 tutorial will offer
a practical introduction to the basics of IPv6. Participants will learn
how to activate IPv6 on PCs, and be given practical instruction on:
* Installing IPv6 on different platforms (XP/W2003, Linux, BSD)
* Basic stateless/stateful configuration, including privacy setup
* Transition mechanisms
* Examples of applications
* Basic configuration of routers
* IPv6 policies and procedures
During the tutorial, attendees will also learn how to accomplish some
Basic monitoring and troubleshooting of the IPv6 network.
The tutorial is targeted at engineers and network administrators from
both ISPs and SOHO/Enterprise networks. Participants should already
have a basic knowledge of IPv4.
Note: Considering the hands-on approach of this tutorial, it is highly
recommended that participants bring their own laptops, so they can practice
the lessons learned during the tutorial. It is assumed that most participants
will be using Windows XP, so most of the training will be done on this
operating system. However, instructions for other operating systems
will be provided as part of the tutorial materials.