Categories
Internet of Things (IoT) IPv6 Technology

IPv6 Deployments Need To Be Planned, But It ‘Just Works’ – Lessons from Broadband World Forum

Last week I had the pleasure to visit the Broadband World Forum in Amsterdam. It gathers fixed and mobile access providers and vendors that sell the equipment that these providers use to bring us the Internet. Walking around the exhibition floor I got the impression that the hottest areas are home automation, as the consumer-facing pieces of the Internet of Things, and virtualization that seems to sneak closer and closer to the edge.

While home networking and the Internet of Things were being marketed everywhere, in only two or three hard-to-find places did I see any mention of IPv6. If the Internet is supposed to connect a significant fraction of the predicted 20 billion Things by 2020, it is somewhat amazing that the addressing scheme that allows for end-to-end connectivity is not prominently mentioned. We had to ask, and in our statistically insignificant sample we did assess that IPv6 is part of many product offerings.

Still, while IPv6 may be in the products, most of us are not being offered IPv6 when we connect to the Internet. Hoping to inspire other access providers to deploy IPv6, we organized an IPv6-dedicated session with participation from Hans Thienpondt from Telenet Belgium, Bjørn Netland from Telenor, Nick Heatley from EE UK, and Timo Hilbrink from XS4ALL.

Hans gave an introductory presentation describing the experience of deploying IPv6 in Telenet. Telenet has a huge deployment. In our measurements at World IPv6 Launch we show that 40% of the traffic coming from their network uses IPv6. Hans explained that the choice for IPv6 was a strategic one: with the IPv4 address shortage there will be a point that while continuing to use carrier grade NATS (CGNs) the complexity and brittleness, and hence the cost, will continue to grow, and additionally, the risk of bad user experience will continue to grow. By introducing IPv6, one allows for a growth path whereby the CGNs keep having reasonable headroom and the user experience remains acceptable. Hans told us that their experience with using IPv6 so far is entirely positive.

During the panel discussion with all the network operators, we realized that the deployment experience for these service providers was similar: The strategic vision was developed by the engineers and sold to upper management about five years ago and the deployment followed a relatively careful and slow path, in bottom-up fashion, so to speak. One of the audience members made clear that bottom-up is not the only way: he had been told by upper management to deploy about three years ago.

Another similarity is that when users are offered IPv6, the traffic patterns demonstrate a significant fraction of their traffic being over IPv6: 20-30% being somewhat typical for an IPv6-enabled user, and all that without increased helpdesk pressure.

The holy grail of IPv6 transition techniques is to be able to run a single stack IPv6 network, but still allow a state-of-the-art user experience for applications and services that have not transitioned to IPv6 and only run over IPv4. We talked about two hurdles getting to IPv6 only networks.

While IPv6 deployment is ramping up in the mobile environment there are still hurdles to overcome for mobile operators to run IPv6 exclusively: during inter-provider roaming one cannot rely on ubiquitous availability of IPv6 on each network and there remains a need to configure two profiles: an IPv6 profile for home and an IPv4-only profile for the roaming user. That seems to be a complexity that is not going to go away soon.

Another challenge for IPv6-only deployments in the mobile space is the availability of the client component of 464XLAT (RFC6887) in terminal equipment. Support for that technology is not yet ubiquitous and not yet on the roadmap of all mobile device producers. In spite of this we see significant deployments of IPv6 in at least two large mobile networks in North America – Verizon Wireless and T-mobile USA. So it is quite possible and we look forward to seeing more deployment in this space.

When the Internet Society first began discussing IPv6 deployments with operators at the Broadband World Forum, there was very little experience to share. Now, just four years after our first participation in a similar panel at BBWF in Paris, we can point to massive deployments of IPv6 in networks such as Comcast, Deutsche Telekom, and KDDI. And now IPv6 is used by the most-visited websites in the world: Google, Facebook, YouTube, Yahoo!, and Wikipedia. It’s great to see this kind of progress towards a better and more robust Internet.

Categories
Deploy360 Domain Name System Security Extensions (DNSSEC) Improving Technical Security

DNSSEC Is A Building Block, Not A Magic Bullet

Olaf KolkmanSpeaking at Broadband World Forum (BBWF) in Amsterdam this week, our CITO Olaf Kolkman was quoted as saying a key point we’ve been emphasizing throughout our work:

“There is no magic solution to any cyber security or internet security type of threat. But there are a number of building blocks that are promising.”

They include domain name system security extensions (DNSSEC), which help to secure certain kinds of information on networks.

“But they’re building blocks, they’re not magic bullets,” he said.

Exactly!

When we speak about DNSSEC or TLS  or BGP security, we are often immediately met by detractors with “But it doesn’t do ______” which, in their minds, immediately disqualifies the technology from further usage.  Often this is said, even though DNSSEC/TLS/BGP was never intended to do whatever it is they want.  They just expect the technology to magically do it all!

For example, with DNSSEC, some people immediately say “but it doesn’t protect against the confidentiality of your DNS queries!”  Well, no, it was never intended for that.  DNSSEC is entirely about protecting the integrity of your DNS queries, i.e. ensuring that the information you receive from DNS is the identical information that the operator of the domain put into DNS.  That’s it.  Confidentiality of DNS queries is something completely different! (And is now being discussed by the new DPRIVE working group inside the IETF.)

And by being a smaller building block, DNSSEC can be built upon to bring about powerful new innovations such as the DANE protocol, where we can add an additional layer of trust to TLS / SSL certificates and interactions.

What has made the Internet work so well on a technical level and evolve into the amazing communications medium that it has become is the fact that it is built from small building blocks that are then loosely coupled together in ways that make sense.

Building blocks, not magic bullets!

P.S. And if you want to get started with security building blocks like DNSSEC, please visit our Start Here page!

Categories
IPv6

IPv6 & Broadband – Four Speakers at Broadband World Forum Next Month

We’ve gathered four speakers from across Europe who have each deployed IPv6 on their own networks. They’ll share their experiences during the IPv6 deployment session on Wednesday, 22 October, at Broadband World Forum in Amsterdam. I’m chairing this session and I’m excited to invite you to join us next month for a case study and a panel that are both sure to be informative.

In both the case study and the panel we hope to explore what IPv6 deployment looks like from inside a network operator who has done it. How much of the traffic is IPv6 and what is it made up of mostly? How has having IPv6 deployed impacted their plans for network growth going forward?

First, Hans Thienpondt will discuss Telenet’s IPv6 deployment. Telenet in Belgium has been busy deploying IPv6 this year and over a third of the traffic coming from their network uses IPv6 according to our latest World IPv6 Launch measurements.

Then we’ll have a panel session with speakers from three more network operators who are deploying IPv6:

  • Bjorn Netland, Head of Fixed and Mobile Core Networks, Telenor
  • Nick Heatley, Senior Network Architect, Network Strategy and Core, EE, UK
  • Timo Hilbrink, Networking Team, XS4ALL

The panel will be a lively discussion of issues in deploying IPv6 in both fixed and mobile broadband networks.

Here’s where we’ll be at BBWF this year.

IPv6 Session
During the IP Evolution Track
Wednesday, 22 October
5:05 PM

Internet Society Booth
Trade Show Floor
Stand H10

At the booth, you can pick up information about the Internet Society, learn more about our technical topics, find out how to join us as a member, and of course we’ll have fun trade show promotional items like pens, USB sticks, frisbees, and lucky draws for two Raspberry Pis each day (that’s six over the three-day event!).

Broadband World Forum offers a free Expo Hall pass so you can come visit us on the trade show floor, but that won’t get you into the IPv6 session. We do also have a discount code for delegate passes – use code I7VSH/DIS30 for 30% discount off paid registration.

We hope to see you there!