Deploy360 Improving Technical Security IPv6

RIPE 71 – Highlights from Day 2

RIPE71_logoThe RIPE 71 meeting is happening this week in Bucharest and each day we’ll be highlighting the presentations and activities related to the Deploy360 technologies.

Most of Tuesday was taken up by the plenary session, but well worth highlighting is the presentation by George Michaelson on IPv6 deployment. Since 2010, APNIC has been collecting 12-15 million samples per day using placement of adverts through Google on selected websites. This has previously been undertaken with Flash, but due the increasing security issues that are leading browsers to discontinue support, they have recently moved to using an HTML5 model. In fact, with Flash predominantly running on Windows-based platforms, they are now seeing a wider range of operating systems and browsers, as well as getting a good insight into cellular networks for the first time.

One significant recent IPv6 deployment is by cable provider Sky UK which is upgrading approximately 80,000 customers to per night, with nearly 17% of their hosts currently enabled for IPv6. Whilst this dwarfs any other UK provider, it puts them on target for 20%+ IPv6 capability by 2016.

T-Mobile USA is also known to have deployed 464XLAT which allows clients on IPv6-only networks to access IPv4-only services. This is predominantly a cellular provider with some WiFi services, and is indeed showing around 60-80% IPv6 capability. Android devices in particular show high consistent usage of IPv6 capability, and with Google, Facebook, CloudFlare and Akamai routinely supporting dual-stack content, this is reducing the CGN/NAT requirement for IPv4. It should be noted though, that Apple does not implement 464XLAT in its iOS devices, which explains the very low visibility of these devices.

SK Telecom in Korea is deploying 464XLAT to its 20 million customers as well, and has converted approximately 4 million devices to IPv6 capability. As Korea has more mobile users than broadband users, this deployment along probably amounts to a 2% IPv6 penetration rate in Korea.

Over in the US, a number of the major providers including AT&T Verizon Cellular, Comcast and Sprint appear to have been deploying true dual-stack on cable and wireless networks as similar prominence of iOS devices can be seen alongside Android devices. There are exceptions seen on the AT&T and Sprint cellular networks suggesting 464XLAT deployment, but interestingly iOS devices are still seen in some numbers which may relate to APN problems or even vendor marketing preferences with respect to the handsets.

Check out George’s excellent presentation for more information on deployments in Ecuador, Brazil, Peru, Poland, Norway and Romania and the suppositions about how they’re provisioning IPv6.

Later that evening was the well attended Anti-Spoofing BoF chaired by ISOC’s Andrei Robachevsky and Benno Overeinder of NLnet Labs. This presented the problems of spoofed Internet traffic and outlined some of the solutions, but posed the question as to whether the problem was being solved in the right way, or should community efforts be better focused on the attacking vectors of a DDoS attack. The aim was to understand the challenges from the perspective of IXP customers (e.g. ISPs, CDNs) and to discuss their future needs, and led to a long and fruitful discussion running well over the time allocated for the session. Andrei will be posting more over on the Tech Matters Blog shortly.

For those of you who cannot attend the RIPE meeting in person, just a reminder that remote participation is available with audio and video streaming and also a jabber chat room.

The full programme can be found at