Nick Buraglio

XBD201603 00095
Nick Buraglio
Planning and Architecture Engineer
Illinois us

Nick has been involved in networking since 1997, primarily focused on service provider networking and large scale, high performance computing networking. Nick has been employed by regional Internet Service Providers, the National Center for Supercomputing Applications (NCSA), The University of Illinois, and he has been contracted to the Federal Bureau of Investigation as a cybersecurity consultant and instructor. 

Nick has worked extensively with emerging and disruptive technologies, and has been active in the IPv6 community for 20 years. 

Nick is currently part of the Energy Sciences Network Planning and Architecture group. He is currently the implementation and community of practice lead for the IPv6-only mandate for the US Department of Energy, and an active participant in the USG IPv6-only task force. 

Nick has also been involved in the Internet Engineering Task Force for several years and is currently a co-chair in the IPv6 operations (v6ops) working group. 


Journal Articles

Mariam Kiran, Scott Campbell, Fatema Bannat Wala, Nick Buraglio, Inder Monga, “Machine learning-based analysis of COVID-19 pandemic impact on US research networks”, ACM SIGCOMM Computer Communication Review, December 3, 2021,

This study explores how fallout from the changing public health policy around COVID-19 has changed how researchers access and process their science experiments. Using a combination of techniques from statistical analysis and machine learning, we conduct a retrospective analysis of historical network data for a period around the stay-at-home orders that took place in March 2020. Our analysis takes data from the entire ESnet infrastructure to explore DOE high-performance computing (HPC) resources at OLCF, ALCF, and NERSC, as well as User sites such as PNNL and JLAB. We look at detecting and quantifying changes in site activity using a combination of t-Distributed Stochastic Neighbor Embedding (t-SNE) and decision tree analysis. Our findings bring insights into the working patterns and impact on data volume movements, particularly during late-night hours and weekends.

Ralph Koning, Nick Buraglio, Cees de Laat, Paola Grosso, “CoreFlow: Enriching Bro security events using network traffic monitoring data”, Future Generation Comp. Syst., February 1, 2018, 79,

Attacks against network infrastructures can be detected by Intrusion Detection Systems (IDS). Still reaction to these events are often limited by the lack of larger contextual information in which they occurred. In this paper we present CoreFlow, a framework for the correlation and enrichment of IDS data with network flow information. CoreFlow ingests data from the Bro IDS and augments this with flow data from the devices in the network. By doing this the network providers are able to reconstruct more precisely the route followed by the malicious flows. This enables them to devise tailored countermeasures, e.g. blocking close to the source of the attack. We tested the initial CoreFlow prototype in the ESnet network, using inputs from 3 Bro systems and more than 50 routers.

Conference Papers

Marian Babik, Martin Bly, Nick Buraglio, Tim Chown, Dimitrios Christidis, Jiri Chudoba, Phil DeMar, José Flix Molina, Costin Grigoras, Bruno Hoeft, Hiro Ito, David Kelsey, Edoardo Martelli, Shawn McKee, Carmen Misa Moreira, Raja Nandakumar, Kars Ohrenberg, Francesco Prelz, Duncan Rand, Andrea Sciabà, Tim Skirvin, “Overcoming obstacles to IPv6 on WLCG”, CHEP2023, May 8, 2023,

The transition of the Worldwide Large Hadron Collider Computing Grid (WLCG) storage services to dual-stack IPv6/IPv4 is almost complete; all Tier-1 and 94% of Tier-2 storage are IPv6 enabled. While most data transfers now use IPv6, a significant number of IPv4 transfers still occur even when both endpoints support IPv6. This paper presents the ongoing efforts of the HEPiX IPv6 working group to steer WLCG toward IPv6-only services by investigating and fixing the obstacles to the use of IPv6 and identifying cases where IPv4 is used when IPv6 is available. Removing IPv4 use is essential for the long-term agreed goal of IPv6-only access to resources within WLCG, thus eliminating the complexity and security concerns associated with dual-stack services. We present our achievements and ongoing challenges as we navigate the final stages of the transition from IPv4 to IPv6 within WLCG.

Paul Ruth, Mert Cevik, Cong Wang, Yuanjun Yao, Qiang Cao, Rubens Farias,
Jeff Chase, Victor Orlikowski, Nick Buraglio,
“Toward Live Inter-Domain Network Services on the ExoGENI Testbed”, 2018 IEEE INFOCOM, IEEE, April 15, 2018,

This paper introduces ExoPlex, a framework to improve the QoS of live (real) experiments on the ExoGENI federated testbed. The authors make the case for implementing the abstraction of network service providers (NSPs) as a way of having experimenters specify the performance characteristics they expect from the platform (at the testbed level). An example tenant using this version of ExoGENI enhanced with NSP capabilities is presented, and experimental results show the effectiveness of the approach.


Nick Buraglio, Automation, Orchestration, prototyping, and strategy, Great Planes Network Webinar Series Presentation, March 9, 2018,

Presentation on network automation and orchestration with focus on getting started and options available.

Nick Buraglio, SDN Best Practices, Great Planes Network Webinar Series Presentation, April 8, 2016,

Presentation of best practices in production SDN deployments based on experience deploying SDN based networks based on varying technologies and techniques. 

Nick Buraglio, SDN: Theory vs. Practice, Invited talk, CODASPY 2016 SDN/NFV workshop, March 11, 2016,

Discuss research based software based networking and the differences beetween real world, prodiuction SDN for CODASPY SDN/NFV conference workshop. 

Nick Buraglio, Bro intrusion detection system (IDS): an overview, Enhancing CyberInfrastructure by Training and Education, May 22, 2015,

Nick Buraglio, Anita Nikolich, Dale Carder, Secure Layer 3 SDX Concept (Interdomain SDN), May 14, 2015,

A concept framework for Secure Layer 3 Interdomain SDN and ISD/IXP. 

Nick Buraglio, IPv6 Status; Operating production IPv6 networks, March 22, 2015,

IPv6 Status update and primer on operating production IPv6 networks as of 3/2015

Nick Buraglio, Anita Nikolich, Dale Carder, Securing the SDN WAN, October 30, 2014,

SDN has been successfully implemented by large companies and ISPs within their own data centers. However, the focus has remained on intradomain use cases with controllers under the purview of the same authority. Interdomain SDN promises more fine grained control of data flows between SDN networks but also presents the greater challenges of trust, authentication and policy control between them. We propose a secure method to peer SDN networks and a test implementation

Nick Buraglio,Vincent Stoffer, Adam Slagell, Jim Eyrich, Scott Campbell, Von Welch, Securing the Science DMZ: a discussion, October 28, 2014,

The Science DMZ model is a widely deployed and accepted architecture allowing for movement and sharing of large-scale data sets between facilities, resources, or institutions. In order to help assure integrity of the resources served by the science DMZ, a different approach should be taken regarding necessary resources, visibility as well as perimeter and host security. Experienced panelists discuss common techniques, best practices, typical caveats as well as what to expect (and not expect) from a network perimeter that is purpose built to move science data.


Best practices for securing an open perimeter network
Securing the Science DMZ

Best practices for securing an open perimeter network or Science DMZ at for BroCon 2014.  Slides. Video

Nick Buraglio, Securing the Science DMZ, June 14, 2014,

The Science DMZ model is a widely deployed and accepted architecture allowing for movement and sharing of large-scale data sets between facilities, resources, or institutions.
In order to help assure integrity of the resources served by the science DMZ, a different approach should be taking regarding
necessary resources, visibility as well as perimeter and host security. Based on proven and existing production techniques
and deployment strategies, we provide an operational map and high level functional framework for securing a science DMZ utilizing a “defense in depth” strategy including log aggregation, effective IDS filtering and management techniques, black hole routing,
flow data and traffic baselining.

Nick Buraglio, Real world IPv6 deployments, June 9, 2014,

Presentation for Westnet conference on Real world IPv6 deployments, lessons learned and expectations.


Nick Buraglio, Geoff Huston, Expanding the IPv6 Documentation Space, Internet Engineering Task Force Document, November 20, 2023,

The document describes the reservation of an additional IPv6 address prefix for use in documentation. The reservation of a /20 prefix allows documented examples to reflect a broader range of realistic current deployment scenarios.

Nick Buraglio, Chris Cummings, Russ White, Unintended Operational Issues With ULA, Internet Engineering Task Force Document, October 20, 2023,

The behavior of ULA addressing as defined by [RFC6724] is preferred below legacy IPv4 addressing, thus rendering ULA IPv6 deployment functionally unusable in IPv4 / IPv6 dual-stacked environments. The lack of a consistent and supportable way to manipulate this behavior, across all platforms and at scale is counter to the operational behavior of GUA IPv6 addressing on nearly all modern operating systems that leverage a preference model based on [RFC6724] .

Nick Buraglio, Tim Chown, Jeremy Duncan, Preference for IPv6 ULAs over IPv4 addresses in RFC6724, Internet Engineering Task Force Document, October 9, 2023,

This document updates [RFC6724] based on operational experience gained since its publication over ten years ago. In particular it updates the precedence of Unique Local Addresses (ULAs) in the default address selection policy table, which as originally defined by [RFC6724] has lower precedence than legacy IPv4 addressing. The update places both IPv6 Global Unicast Addresses (GUAs) and ULAs ahead of all IPv4 addresses on the policy table to better suit operational deployment and management of ULAs in production. In updating the [RFC6724] default policy table, this document also demotes the preference for 6to4 addresses. These changes to default behavior improve supportability of common use cases such as, but not limited to, automatic / unmanaged scenarios. It is recognized that some less common deployment scenarios may require explicit configuration or custom changes to achieve desired operational parameters.

Nick Buraglio, X. Xiao, E. Vasilenko, E. Metz, G. Mishra,, Selectively Isolating Hosts to Prevent Potential Neighbor Discovery Issues and Simplify IPv6 First-hops, Internet Engineering Task Force Document, July 9, 2023,

Neighbor Discovery (ND) is a key protocol of IPv6 first-hop. ND uses multicast extensively and trusts all hosts. In some scenarios like wireless networks, multicast can be inefficient. In other scenarios like public access networks, hosts may not be trustable. Consequently, ND has potential issues in various scenarios. The issues and the solutions for them are documented in more than 30 RFCs. It is difficult to keep track of all these issues and solutions. Therefore, an overview is useful. This document firstly summarizes the known ND issues and optimization solutions into a one-stop reference. Analyzing these solutions reveals an insight: isolating hosts is effective in preventing ND issues. Five isolation methods are proposed and their applicability is discussed. Guidelines are described for selecting a suitable isolation method based on the deployment scenario. When ND issues are prevented with a proper isolation method, the solutions for these issues are not needed. This simplifies the IPv6 first- hops.


U.S. Patent Application Ser. No: 18/052,614