Conference Secretariat

Congress West, PO Box 1248
West Perth WA 6872 Australia

+61 8 9322 6906
Fax: +61 8 9322 1734

APRICOT 2006 Program > Workshops & Tutorials > Tutorials

Juniper Advanced Routing (2 days)
Instructors: Damien Holloway (Juniper)
Level: Intermediate

- JUNOS philosophy and features,
- the Juniper router family,
- typical placement of various routers in networks.
- Introduction to JUNOS CLI and exercises
- Routing policies, filters and routing protocols - OSPF and BGP - configuration exercises
- MPLS and VPN configuration
- Demonstrating High Availability features - fast reroute, graceful restart etc.
- guidance on network design principles for high availability.
- high level overview of network security issues and techniques for DDoS mitigation and security mechanisms such as IDS, Firewalls.


Best Practice Guidelines for Deploying MPLS (1 day)
Instructors: Monique Morrow (Cisco), Jeff Apcar (Cisco), Muhammad Sagheer (Cisco)
Level: Intermediate
Slides: download

MPLS core related technologies: Layer 2 and Layer 2 VPNs; multicast, OAM, Security, IPv6; GMPLS; interworking scenarios and future direction of MPLS technology.
The tutorial focus will be in providing practical implementation guidelines with case study example.


Introduction to WiMax and Broadband Access technologies (1/2 day)
Instructors: Mohammad Farhad, Richard Pruss
Level: Intermediate
Slides: download

The IEEE 802.16/WiMax (Worldwide Interoperability for Microwave Access) standard defines the air interface for fixed point-to-multipoint broadband wireless access networks. It is a wireless alternative to Digital Subscriber Line (DSL). An amendment, being drafted, adds mobility support. A lot of works are also going on in many standards bodies and many edge of service provider network deployments on session and policy control. This tutorial provides a detailed introduction to WiMax and covers the ground of access privileges, resource usage control, QoS, accounting and service and application mediation. Standards status and update for Cable, DSL Forum, mobile/ 3GPP, ITU, TISPAN and some hopes for convergence. It also discusses some deployment cases to show how it looks like in practice.


Delivering Triple Play Services Over Metro Broadband Network (1/2 day)
Instructors: Lim Wong, Richard Pruss (Cisco)
Level: Intermediate
Slides: download

Metro broadband networks are capable of delivering a variety of services to the end customers but why are so many carriers having issues offering triple play services?
This tutorial will discuss the architectural options for delivering high quality video, voice, and Internet services to the home; and how video and voice can be integrated into existing data network. What last mile technology, security and Quality of Service mechanism are needed to offer these services? Topics include:
- Triple play network architecture
- Last mile access options - PONs, xDSL, Metro Ethernet, WiMAX, Cable
- IP video essentials
- Multicast video (IPTV) network design
- Video on Demand network design
- Security and Quality of service requirements


Security in Mobile and Wireless Networks (1/2 day)
Instructors: Ray Hunt (University of Canterbury, NZ)
Level: Intermediate
Slides: download

This tutorial will address a range of technical and performance issues central to the deployment and operation of secure Wireless LANs (IEEE802.11a, b, g) and UMTS / CDMA2000 3G networks appropriate for both the enterprise and for wireless and mobile network operators. It will examine security in the mobile network architecture including important topics such as cryptographic tools, devices and equipment, mobility, authentication and security standards, security testing and evaluation, performance and quality of service as well as a range of WLAN/3G interoperability and standards issues. It will discuss the new IEEE802.11i (WPA2) security standard including new products and performance issues and examine how this will interwork with 3G Networks. Further, it will discuss the results of performance tests on various security architectures and configurations in order to provide useful guidelines for configuration and operation in practice.
Demonstration of basic stumbling, attack and sniffing tools will also be included.


Using EAP Authentication with RADIUS and Configuration of Linux Authentication Server (1/2 day)
Instructors: Hugh Irvine, Dhruba Raj Bhandari
Level: Intermediate

The RADIUS protocol is widely used for AAA (authentication, authorisation and accounting. EAP (extensible authentication protocol) is now extensively used for both wireless and wired networks, and there is a bewildering array of EAP flavours to choose from. This tutorial will demonstrate and explain the configuration and operation of a number of EAP versions.

The practical demonstration will involve:
- General overview of wireless authentication
- Configure Apache as an portel page server
- Mysql as an database server for user and accounting info
- Free Radius as an authentication server.


BGP Deployment, Best Current Practices and Troubleshooting Techniques for Service Providers (1 day)
Instructors: Philip Smith (Cisco)
Level: Introductory

This tutorial introduces service providers to BGP, including iBGP, eBGP and common attributes. It will then introduce some more advanced features of BGP, and look at the various scaling techniques available, when to use BGP instead of an IGP, and examine policy options available through the use of local preference, MED and communities. This tutorial introduces service providers to some of the features available in BGP to aid multihoming to the Internet. After an explanation of multihoming and the principles being followed in this tutorial, several examples involving different scenarios will be given. Configuration techniques for modifying inbound and outbound traffic flows are covered, as are some examples on how to use BGP communities in inter-AS relationships. The tutorial finishes by covering some common multihoming security issues.

The tutorial discusses the best current practices for ISPs, including how to configure external peering sessions and how to deploy BGP across ISP backbones as well as examining common problems ISPs have when deploying BGP within their network. It looks at problems with peer establishment, missing routes, inconsistent route selection, and convergence issues. It also looks at real world examples of common errors which are made when deploying BGP, both as iBGP and eBGP, in service provider networks.


Zebra/Quagga Routing Suite (1/2 day)
Instructors: Anura Abayaratne (MTT Network, Sri Lanka)
Level: Advanced
Slides: download

- Installation
- Basic commands
- Starting BGP
- BGP router
- BGP network
- BGP Peer
- BGP Peer Group
- BGP Address Family
- Autonomous System
- BGP Communities Attribute
- BGP Extended Communities Attribute
- Displaying BGP Routes
- VTY shell
- Filtering


Maximising Your IP Address Potential (1 day)
Instructors: APNIC staff
Slides: download

This tutorial consists of four different modules. Each module is self-contained so you can pick and choose which modules you are interested in. The modules are described below.

1. Infrastructure development, education and APNIC
This module will explain what APNIC is, who makes up the APNIC community, and what services and activities APNIC provides. The module will also examine APNIC's role in Internet development as well as the role of training and the future of the Internet.

2. Creating policies that work for you
This module provides an overview of APNIC policy, explains policy changes made in the past, and how you can participate in the policy development in the future. The module also provides an explanation of how to apply for IP addresses by selecting the appropriate APNIC policy for you. Finally, the module explains how to propose a new policy if current policies do not meet the needs of the Internet community.

3. Efficient address space management
This module will provide you with an overview of the Internet resource management system, how to use the functions in MyAPNIC, and how to query and update the APNIC Whois Database.

4. Managing your "old" address space
If you have IP addresses that were allocated to you in the early days of the Internet, this module should be of interest. This module will define what historical addresses are, where they come from, and what recent changes may now have an impact on the way your historical address space is registered.


Introducing Layer3 VPNs in MPLS Networks (1/2 day)
Instructors: Ariff Premji (Juniper)
Level: Intermediate
Slides: download

Workshop for customers who do not have L3VPNs and would like to migrate to a MPLS VPN architecture. The workshop would cover the migration procedure from any non-Juniper environment to a Juniper environment. Hands-on material will be included in this tutorial.


Integrated IS-IS Primer and Infrastructure Routing (1 day)
Instructors: Seo Boon Ng, Lim Fung
Level: Intermediate
Slides: download

Integrated IS-IS is an IGP that is popular with large service providers. The objectives of this tutorial is to allow attendees who have not been using ISIS, to evaluate if IS-IS is more suited in their environment. For attendees who are using IS-IS, this session would emphasis the optimal ways to deploy ISIS in ISP environment. This includes pointers on tuning IS-IS for fast convergence. The tutorial comprises hands-on and theory sections. The theory session includes designs and case studies which are specific to service provider networks. Participants should have baseline knowledge of either IS-IS/OSPF/BGP.
Introduction to IS-IS
- IS-IS Protocol Overview
- CLNS Addressing
- IS-IS Protocol Concept
- IS-IS Database concept
- Difference between IS-IS and OSPF
- IS-IS SP deployment best practise (IS-IS working with BGP)
- IS-IS MD5 authentication
- IS-IS security Using IS-IS to hide the core network

Lab session
- IS-IS case study and lab setup
- Lab on IS-IS and Routing security (Hiding the core network)
- Basic ISIS Troubleshooting technique


Traffic Engineering in MPLS Networks (1/2 day)
Instructors: Harpreet Singh
Level: Advanced

This presentation talks about the conventional problems in IP networks, different techniques in MPLS traffic engineering and the limitations and capabilities of MPLS traffic engineering. The presentation starts with RSVP signaling, various approaches to Fast reroute, and traffic protection. The presentation also touches on the multivendor aspects of traffic engineering in Juniper and Cisco routers and the different implementation flavours


Netflow, Flow Tools and Flow Analysis (1/2 day)
Instructors: Gaurab Upadhaya
Level: Intermediate

Netflow has been increasingly used as a tool to gather information about traffic flows in IP networks. Flow analysis has the ability to tell administrators what kind of traffic is flowing in the network based on traffic types. As has been observed in the past, netflow can be used to detect attacks and troubleshoot networks. goals - Enable participant to enable flows on their routers, collect flow data and display flow data in RRDTool generated graphs. Pre-requisites - Basic knowledge about routers, Unix based systems, and IP address and ports.


VoIP - Asterisk and SIP Implementation, Theory, Monitoring and Traffic Engineering (1 day)
Instructors: Jonny Martin, Ruwan Silva, Habib Madani, Syed Khurram
Level: Intermediate
Slides: download, download2, download3

This tutorial aims to get a few more people up and running with their own VoIP systems and to provide additional information to those who already are up and running. Implementation of an Asterisk - the Open Source PBX - based VoIP system will be covered from the initial build through to a fully functioning system.

The theory and operation of the Session Initiation Protocol (SIP) will be covered. This will include the theory of operation and architecture of SIP and exploration of Open Source implementations with particular emphasis on Asterisk and SIP Express Router (SER).

Finally VOIP Network traffic trend analysis through SIP, SIP-T, ISUP, MGCP, Trunk protocol counters will be covered. This provides an innovative way to monitor VoIP networks and traffic flows which can help in identifying capacity, malfunction and mis-configuration issues. Industry wide the switches need to have this information available for doing trend analysis. BTS provides ways export the data to a file, which can then be pulled off the switch in pseudo-real time manner for trend analysis purposes.


ISP Network Security - Survey of Security Threats and Attack Classification (1/2 day)
Instructors: Danny McPherson, Ray Hunt
Level: Intermediate
Slides: download, download2

Information on ISP security survey results recently published includes many things that can be done to raise the bar in ISP network, lots of open source tools and techniques. This tutorial will include an introduction to commercial tools as well.

Internet architectures are built upon a pair of protocols designed over 25 years ago and to which virtually no consideration was given to security. Although the IPv6 networking family has been designed to address this issue, the majority of existing network infrastructure is subject to substantial threats. This tutorial examines the current security risks resulting from using TCP/IP by network providers and ISPs and how these threats related to traffic carried by these providers on behalf of their customers can have such devastating effects. This tutorial classifies the type of attacks possible focusing particularly on both wireless local and wide area networks.
These threats are largely centered on IP sniffing, IP spoofing, TCP hijacking, Buffer Overflow, Blended and Distributed Denial of Service attacks. Although firewalls have been designed to provide protection for many services, it is now recognised that they can be broken and new firewall and IDS technology is necessary to complete the TCP/IP security framework.

This tutorial will examine and classify the risks and threats in TCP/IP networks today addressing the limitations of firewalls as well as the use of Intrusion Detection and Prevention architectures.


Large Scale Denial of Service Attack Mitigation (1/2 day)
Instructors: Paul Quinn, Darrel Lewis (Cisco)
Level: Intermediate
Slides: download

Denial of service attacks are a fact of life for service providers today and effective attack mitigation is key for maintaining availability and exercising control.
This session will begin with an overview and characterization of attacks. We will then review attack detection techniques before turning to the core of the tutorial: mitigation. We will cover a wide-range of network-centric tools available to operators, as well as advanced mitigation architectures. The session will conclude with some deployment guidelines and a discussion of the future of denial of service attacks.
Following this tutorial attendees will have a thorough understanding of best practices for attack mitigation and be able to determine the most effective mitigation deployment models for their network.


Best Practice for Security Patch and Vulnerability Management (1/2 day)
Instructors: Neal Gemassmer
Level: Introductory

Organisations that invest in complex and expensive network systems could find these systems become rendered useless if something as simple as patching is not managed effectively. Hackers continue to use worms, viruses, spyware and malware to exploit known vulnerabilities on unpatched systems, resulting in costly network downtime and considerable administrative resource and expense to repair.
Moreover, as the trend continues in enterprise networking for the convergence of voice, video and data onto a single network, the implications of downtime due to a compromised network become more far-reaching. Unpatched critical applications such as telephony are now vulnerable to malicious attack, with potentially disastrous consequences for an organisation's data. This is in addition to having a negative affect on the productivity of staff.
Patching is, of course, only one element of an overall security program. However, it does make a pivotal contribution to reducing the myriad of vulnerabilities and their resulting exploits. It also helps to resolve issues arising from spyware and malware. By establishing the correct procedures and process for patch management, companies can ensure they are less likely to fall victim to network attacks.
This presentation will discuss best practices approach to patch and vulnerability management and why it's critical for businesses to adopt an effective network security program in order to best protect their networks against emerging security threats.


IPv6 Transition and Deployment (1/2 day)
Instructors: Salman Asadullah
Level: Intermediate

IPv6 Network Design and Operation
- IPv6 Merits and Motivations
- IPv6 Addressing Planning and Assignment
- IPv6 and DNS
- IPv6 and Network Management
- IPv6 Routing Protocols

Enterprise Deployment
- Campus
- Remote Access

Service Provider Deployment
- Core
- Access

IPv6 Services
- Multicast
- QoS
- Security
- Mobility


APNIC: Practical introduction to IPv6 (1 day)
Instructors: Jordi Palet Martinez, Tomohiro Fujisaki (NTT), Amante Alvaran (APNIC)
Slides: download

The IPv6 tutorial will offer a practical introduction to the basics of IPv6. Participants will learn how to activate IPv6 on PCs, and be given practical instruction on:

* Installing IPv6 on different platforms (XP/W2003, Linux, BSD)
* Basic stateless/stateful configuration, including privacy setup
* Transition mechanisms
* Examples of applications
* Basic configuration of routers
* IPv6 policies and procedures

During the tutorial, attendees will also learn how to accomplish some
Basic monitoring and troubleshooting of the IPv6 network.

The tutorial is targeted at engineers and network administrators from both ISPs and SOHO/Enterprise networks. Participants should already have a basic knowledge of IPv4.

Note: Considering the hands-on approach of this tutorial, it is highly recommended that participants bring their own laptops, so they can practice the lessons learned during the tutorial. It is assumed that most participants will be using Windows XP, so most of the training will be done on this operating system. However, instructions for other operating systems will be provided as part of the tutorial materials.