8:00:00 AM9:00:00 AMRegistration / Breakfast
9:00:00 AM9:15:00 AMOpening RemarksTom Kacprzynski (CHI-NOG)
9:15:00 AM9:45:00 AMNetwork Infrastructure: Build, Test, Deploy, RepeatJoe Clarke (Cisco)
9:45:00 AM10:15:00 AMA Real-World Approach to Intent-Based Networking and Service OrchestrationChris Cummings (
10:15:00 AM10:45:00 AMBreak 1
10:45:00 AM11:15:00 AMBringing Cloud Networking Back To EarthTeren Saap (Arista)
11:15:00 AM11:45:00 AMReeling in Unwanted TrafficPhil Roberts (Global Cyber Alliance)
11:45:00 AM12:15:00 PMJust Don’tAlex Latzko (Deft)
12:15:00 PM1:45:00 PMLunch
1:45:00 PM2:15:00 PMHow NOT to Get Rich Quick: Building an Infrastructure Measurement NFPWilliam (Bill) Eaheart (
2:15:00 PM2:45:00 PMThe DDoS Threat Landscape ReportJohn Kristoff (NETSCOUT)
2:45:00 PM3:15:00 PMMobile User Plane EvolutionJeffrey Zhang (Juniper)
3:15:00 PM3:45:00 PMBreak 2
3:45:00 PM4:15:00 PMEfficient Network Automation with Nornir and NapalmNeelima Parakala (Cisco)
4:15:00 PM4:45:00 PMSimplify – The 16-Bit DatacenterBrandon Ewing (IMC)
4:45:00 PM5:15:00 PMSupercharging your Network
Simulations with Jupyter Notebooks
Taran Deshpande (Cisco)
5:15:00 PM5:30:00 PMClosing Remark – Survey
5:30:00 PM7:30:00 PMSocial Event / Drinks and Food / Raffle


TopicDescriptionSpeaker Bio
The DDoS Threat Landscape Report by John KristoffIn this presentation, we will discuss global and regional trends in DDoS
attacks in the first half of 2022, including details of new DDoS vectors, observed attack volumes and prevalence, targeted verticals, notable attack campaigns, and other information relevant to network
operators and their end customers.
John is a principal analyst at NETSCOUT on the ATLAS Security Engineering and Response Team (ASERT). He is a PhD candidate in Computer Science at the University of Illinois Chicago studying under the tutelage of Chris Kanich. John is also adjunct faculty in the College of Computing and Digital Media at DePaul University. He currently serves as a research fellow at ICANN, sits on the NANOG program committee, and operates
Reeling in Unwanted Traffic by Phil RobertsOver three years ago, the Global Cyber Alliance established a worldwide honeyfarm, with hundreds of sensors, to collect IoT attack traffic for analysis. With terabytes of data with over a million hits a day, it clearly communicates that the Internet is full unwanted traffic, hammering unrelentingly on unsuspecting devices. The open question is: how to reduce the amount and impact of such unwanted traffic, without building IP block lists or otherwise unwittingly carving up the Internet?This presentation will review some of the data from the honeyfarm collection, giving a sense of what we have learned, and some of the surprises along the way. More importantly, it will raise a series of questions about what can be done to address the level of unwanted traffic on the Internet, in ways that are consistent with a continued free and open Internet.Phil Roberts is the Director of Technology with the Global Cyber Alliance. He has worked in the not-for-profit space as a technologist for the last 14 years, including founding a not-for-profit to build open source hardware security modules. His work has been to facilitate adoption of new technologies and best practices to make the Internet better whether in operations (IPv6) or cybersecurity (this work at the Global Cyber Alliance).
A Real-World Approach to Intent-Based Networking and Service Orchestration by Chris CummingsIntent-based networking is something that has a lot of mystique and buzz-words surrounding it. This talk explores the approach that ESnet took to build our service orchestration software suite as well as giving a few demonstrations of the software in action. This presentation is not an exhaustive explanation of how to build your own intent-based networking environment, but rather an example and overview of a real-world stack that is being used in a production network today and the principles behind it.Chris Cummings has been fascinated by, and heavily involved in, computer networking from a very young age—Chris has experience in Service Provider Networking, Enterprise Networking, Optical, Wireless, Security, Network Automation, and more. Currently, he is a Network Automation Software Engineer for a large US-based international research network, ESnet, working daily at the interface of service provider network technologies and network automation.
How NOT to Get Rich Quick: Building an Infrastructure Measurement NFP by William (Bill), started in 2016, is a nonprofit 501c(3) organization that provides the Internet’s network and security communities with free data, tools, and analysis. Our motto is: “For operators, by operators.”Internet engineers, analysts, incident responders, and supporting organizations must be aware of trends, anomalies, threats, and misconfigurations that originate from within and outside their networks. provides data (signals), analysis, and statistics to increase awareness to build a more robust and secure Internet.Internet insight is measured and monitored from over 200 nodes across 65 metropolitan areas on six continents. Signals are observed and discovered from our distributed network to provide unparalleled insight into anomalies and risks.Our presentation will explore the history of , how we deploy and manage a sensor network, data gathered, and signals provided for analysis and statistics, and review use cases of popular feeds.Bill is an experienced infrastructure architect guided by a collaborative approach to designing and delivering solutions with optimum security to advance the organization’s mission. With over 27 years of experience at DePaul University and the University of Chicago Medical Center, he focuses on network security and infrastructure architecture. He is co-founder of, an educational, nonprofit provider of data (signals), analysis, and statistics that increase awareness leading to a more robust and secure internet.
Just Don’t by Alex LatzkoSometimes you do need to break your old habits which have served you well over the years. IPv6 addressing requires different thought processes than IPv4 in so many ways. This is a quick overview of some of the habits you need to break.I have been a network engineer for about forty years, spending twenty of them in academia building foundations. I then moved into the industrial world and have been here ever since. Currently, I’m the principal network architect at DEFT, and also active in various non-profit organizations both in and out of the networking business. I went to my first CHI-NOG in May of 2013 when it was an after work meetup at a bar, and I believe I have attended all of them since.
Mobile User Plane Evolution by Jeffrey ZhangThis presentation describes 5G User Plane evolution with distributed UPFs, and a natural further evolution to integration of UPF and AN/gNB-CU functions in the next generation mobile networks (e.g., 6G). The integration flattens mobile user plane architecture and significantly simplifies MEC, LAN-type services and Multicast Broadcast Services by maximumly integrating IETF/wireline technologies/solutions. This presentation will help socializing the integration proposal among mobile operators to get their feedback and support.Jeffrey Zhang is a Distinguished Engineer in Juniper Networks with over 25 years of experiences in networking. A long time IETF attendee active in BESS/IDR/BIER/RIFT/MPLS WGs and involved in 3GPP SA2 in recent years. His job responsibilities in Juniper include IETF/3GPP standard activities, customer engagement, and internal development/consulting activities.
Network Infrastructure: Build, Test, Deploy, Repeat by Joe ClarkeFeel comfortable making a network change in the middle of the workday? If your approach to configuration management makes use of NetDevOps with automated testing pipelines and virtualized network infrastructure you will have the confidence that your network changes will work the first time. This session will highlight an approach to applying Continuous Integration and Continuous Deployment with network infrastructure using abstracted configurations in YAML, GitLab for version control and CI, Cisco Modeling Labs to provide a virtual network testbed, Ansible to deploy the configuration, and pyATS to perform the operational network tests. The whole lifecycle of deploy, test, validate, and deploy to production will be shown.As a Cisco Distinguished Customer Experience engineer, Joe has contributed to development and adoption of many of Cisco’s network management and automation products and technologies. He helps to support, enhance, and promote the embedded automation and programmability features, such as the Embedded Event Manager, Tcl, Python, NETCONF/RESTCONF, and YANG. Joe evangelizes these programmability and automation skills in order to build the next generation of network engineer. Joe is a top-rated speaker at Cisco’s annual user conference, CiscoLive!, as well as a certified as a Cisco Certified Internetworking Expert and a Cisco Certified DevNet Expert. He also serves as co-chair of the Ops Area Working Group at the IETF. He is a co-author of “Network Programmability with YANG: The Structure of Network Automation with YANG, NETCONF, RESTCONF, and gNMI” as well as a chapter co-author in the Springer publication, “Network-Embedded Management and Applications: Understanding Programmable Networking Infrastructure”; and he served as one of the technical editors for the Cisco Press books, “Tcl Scripting for Cisco IOS” and “Programming and Automating Cisco Networks: A guide to network programmability and automation in the data center, campus, and WAN.” He is an alumnus of the University of Miami and holds a Bachelor of Science degree in computer science.
Supercharging your Network
Simulations with Jupyter Notebooks
by Taran Deshpande
Tired of CLI? Try Jupyter Notebooks to create a learning experience that is reproducible. Along with your network simulator, use Jupyter to build and manage virtual multi-router topologies. We have created a catalog of Jupyter Notebooks that demonstrate use cases of different major technologies, such as ACL, EVPN, BGP, Telemetry, SR, QoS. These notebooks provide a curated experience to learn about these networking concepts, and can be used as “live” documentation. Have a specific use-case in mind? Bring your own use-case and use these notebooks to automate the build and testing of a custom virtual topology.Cisco Mass Scale Infrastructure Routing Technical Marketing Engineer. I handle the Cisco 8000 virtual router emulator and am currently building a library of Jupyter Notebooks for emulator consumption.
Bringing Cloud Networking Back To Earth by Teren SappThis session will cover the different networking solutions most commonly leveraged in public cloud networks including AWS, Azure and Google Cloud. Whether you’re working with a VPC, VNET or Terraform script cloud networking is a skill in high demand and being able to speak the language of the cloud team can be the difference between having a seat at the table and being labeled as a legacy network engineer.Teren has been in the tech industry for over 15 years with his latest employer being Arista Networks. At Arista, Teren leads a team focused on software solutions within the networking industry. The purpose of the software solutions team is to help customers embrace automation and build an automated pipeline for network deployment and ongoing operations. Outside of work Teren enjoys traveling, camping, fishing and all things outdoors with his family. Teren has lived in the midwest his entire life, born and raised in Michigan and has lived in the southwest suburbs of Chicago since 2008.
Simplify – The 16-Bit Datacenter by Brandon EwingOne of the challenges in network management is managing state in configuration. If you `diff` the config of two devices in the same role, how much output is there? Creating a source of truth with multiple pieces of state information, maintaining multiple templates for different devices and roles, tracking IPAM information for extremely large ECMP fabrics – all create possibilities for either user or automation error. We will focus on simplifying configuration by removing state or deriving as much of it as possible from a minimum of input.
Leveraging advances in MP-BGP, interface BGP peering, and options for BGP on the host supporting peer detection, much of traditional fabric configuration can be creatively templatized so that a single configuration works for all of the nodes. We will also address current shortcomings in autoconfiguration, and proposals in the IETF that expand on BGP fabric autoconfiguration.
Brandon Ewing is a network automation engineer with a background in Linux systems engineering at IMC, a leading global trading firm with offices in Chicago and around the globe. An enthusiast of open-source software, he is a maintainer of the vendor-agnostic NAPALM Python library for interacting with network devices and a contributor to a number of different Python and Golang projects. Prior to wandering the halls at IMC, he worked for 15 years with a variety of different internet hosting providers, designing and deploying datacenters and MPLS connectivity. His time at IMC is spent working on low-latency and datacenter networks while improving the automation tools used to interact with both environments.
Efficient Network Automation with Nornir and Napalm by Neelima ParakalaNornir is a vendor neutral, open source project. It is a multi-threaded network automation framework that abstracts inventory and task execution like configuring the devices, validating the operational data, and enabling the services on the provided hosts which are part of the inventory. As it is multithreaded, it allows to manage the configuration of multiple network devices concurrently. NAPALM is a vendor neutral, cross-platform open source project. It is a python library that provides a set of methodologies for configuration management and operational data retrieval. It supports Cisco IOS-XR, Cisco IOS, Cisco NX-OS, Juniper JunOS and Arista EOS network operating systems. This session gives an overview of Nornir, Napalm, and how to concurrently execute tasks to manage network configuration and operational data. Neelima Parakala is a Technical Marketing Engineer at Cisco, focusing on Service Provider products and network automation tools. She received her B. Tech. in Computer Science and Engineering from Amrita University, Kerala in 2014, and MS in Computer Science from University of South Florida in 2018. She has a background in software engineering, including developing network protocols, distributed applications and automation tools. Prior to joining Cisco, Neelima built high-performance web applications for financial firms