Categories
Deploy360 IPv6

Why you need IPv6 and the sad tale of an ISP that didn’t deploy it

IPv6-imageWe’ve recently come across a couple of videos about IPv6 that we think are worth sharing.

The first comes from Ethan Banks of Packet Pushers who makes the case for why you finally really do need IPv6. Here he argues that where IPv6 is not deployed, it’s starting to have a real business impact in a number of regional markets. As IPv4 reaches a stage of imminent exhaustion, it’s becoming necessary to buy address space at a significant cost, or use multiple layers of Network Address Translation that degrade performance and break applications.

In many cases, users already have IPv6 capability as many mobile operators have been deploying IPv6 for a while, whilst other ISPs particularly in US but also parts of Europe, are also rolling it out. Many operating systems including Windows, even prefer using IPv6 for transport, so there no reason not to support IPv6 on your web sites and other services. Indeed, you’re increasingly likely to be cutting off potential users if you don’t.

Conversely, take a look at the sad tale of an ISP that didn’t deploy IPv6 that was produced by the University of Guadalajara for LACNIC 23. This relates the tale of a large incumbent ISP that decided not to deploy IPv6 whilst a smaller one did. The result is that it loses customers be cause it no longer has sufficient IPv4 addresses, it cannot participate in state tenders that require IPv6 to be supported, and eventually its engineers and then sales team leave for the smaller ISP. Whilst real names have not been used in the video, it’s purportedly based on a true story and should therefore serve as a cautionary tale.

One more video to view if you’re interested in deploying IPv6 is Clinton Work’s presentation at NANOG 65 on deploying IPv6 at scale. Here he presents TELUS’s experiences of planning and deploying IPv6, the technical and training challenges, and their reasons for doing it.

We at Deploy360 want to support those interested in deploying IPv6, so please take a look at our Start Here page to understand how you can get started.

 

Categories
Improving Technical Security Mutually Agreed Norms for Routing Security (MANRS) Technology

Taking MANRS on the Road Going North

Two weeks ago, we organized a panel discussion on the Mutually Agreed Norms for Routing Security (“MANRS”) document at NANOG65 in Montreal. It was wonderful to see that three MANRS participants – Tony Tauber (Comcast), Job Snijders (NTT), and Rob Hagens (Zayo) – were on the panel discussing some important aspects of MANRS and routing security in general. Andree Toonk from BGPmon.net also participated, providing an overview of the security landscape.

Perhaps the most important questions were: (a) Why join MANRS? and (b) What difference can it make?

I think the takeaways from this discussion can be summarized in three bullet points:

  • Because security of the global routing system is a sum of all contributions
  • Because this is a way to visibly define and promote a new baseline in routing security
  • Because a community has gravity that can attract others, producing a network effect

Another, similar discussion happened again last week, this time in Northern Europe, in Stockholm during the Netnod meeting.

The title of my presentation, “How can we work together to improve security and resilience of the global routing system?” contained part of the answer that MANRS participants believe in: we can only improve the situation by working together. And the MANRS initiative itself offers a possible answer to the how.

Reflecting on an old well-known incident of YouTube prefix hijacking, one can observe that YouTube, by itself, could not protect its network from hijacking, but that Pakistan Telecom and PCCW could. What YouTube could have done is mitigate the attack – and that is what it did – but the damage had already been done. Another thing that a network can do is to help others to protect their networks. For instance, letting others know what announcements to expect by registering this information in an IRR, or RPKI.

The promise of MANRS is that it can help others to protect your network. But to make this happen, you should join, too.

There was strong support for the idea that implementing the actions identified in MANRS is a good way to go that can make routing more secure and reliable. There was less agreement that one should also join the MANRS initiative, though. Apart from traditional shyness (we are simply doing our job well), there are other factors, like perceived difficulties of convincing other people in the company of the benefits of this initiative.

Write us (http://www.routingmanifesto.org/contact/) if you want to discuss this further, or simply share your doubts and concerns – that is very helpful, too!

And if you are ready and convinced – Gå med i MANRS idag!!

Categories
Deploy360 IPv6

Interesting IPv6 Address Planning Discussion on NANOG Mailing List

IPv6 BadgeEarlier this month there was an interesting discussion on the public NANOG mailing list about IPv6 subnetting that I thought might be of interest to our readers.

The very lengthy discussion thread began back on October 9, 2014, when Erik Sundberg asked this question:

I am planning out our IPv6 deployment right now and I am trying to figure out our default allocation for customer LAN blocks. So what is everyone giving for a default LAN allocation for IPv6 Customers. I guess the idea of handing a customer /56 (256 /64s) or a /48 (65,536 /64s) just makes me cringe at the waste. Especially when you know 90% of customers will never have more than 2 or 3 subnets. As I see it the customer can always ask for more IPv6 Space.

/64
/60
/56
/48

Small Customer?
Medium Customer?
Large Customer?

The ensuing discussion makes for interesting reading to see what many network operators do and why they suggest doing things in the way that they do.

For our part, we have a page about IPv6 Address Planning that links to several resources that can help guide people in what to do:

http://dev.internetsociety.org/deploy360/resources/ipv6-address-planning/

Of particular interest (and was mentioned in the discussion thread) may be the Best Current Operational Practice (BCOP) document developed by NANOG on this particular topic and available at:

http://bcop.nanog.org/index.php/IPv6_Subnetting

It was a great to read the discussion on the NANOG list. One of the hardest things to understand when thinking about IPv6 address planning is the need to adjust your mind from living with the scarcity of IPv4 addresses to where we have a world of abundance of IPv6 addresses.  With that abundance we now have the freedom and flexibility to think about network addressing in a much different manner!

If you would like to get started with IPv6, please do visit our Start Here page to find resources tailored for your type of organization or role!

Categories
IPv6

Interesting IPv6 Address Planning Discussion on NANOG Mailing List

IPv6 BadgeEarlier this month there was an interesting discussion on the public NANOG mailing list about IPv6 subnetting that I thought might be of interest to our readers.

The very lengthy discussion thread began back on October 9, 2014, when Erik Sundberg asked this question:

I am planning out our IPv6 deployment right now and I am trying to figure out our default allocation for customer LAN blocks. So what is everyone giving for a default LAN allocation for IPv6 Customers. I guess the idea of handing a customer /56 (256 /64s) or a /48 (65,536 /64s) just makes me cringe at the waste. Especially when you know 90% of customers will never have more than 2 or 3 subnets. As I see it the customer can always ask for more IPv6 Space.

/64
/60
/56
/48

Small Customer?
Medium Customer?
Large Customer?

The ensuing discussion makes for interesting reading to see what many network operators do and why they suggest doing things in the way that they do.

For our part, we have a page about IPv6 Address Planning that links to several resources that can help guide people in what to do:

http://dev.internetsociety.org/deploy360/resources/ipv6-address-planning/

Of particular interest (and was mentioned in the discussion thread) may be the Best Current Operational Practice (BCOP) document developed by NANOG on this particular topic and available at:

http://bcop.nanog.org/index.php/IPv6_Subnetting

It was a great to read the discussion on the NANOG list. One of the hardest things to understand when thinking about IPv6 address planning is the need to adjust your mind from living with the scarcity of IPv4 addresses to where we have a world of abundance of IPv6 addresses.  With that abundance we now have the freedom and flexibility to think about network addressing in a much different manner!

If you would like to get started with IPv6, please do visit our Start Here page to find resources tailored for your type of organization or role!

Categories
Deploy360 Events

Chris Grundemann At NANOG62 This Week Talking BCOP

NANOG 62 LogoAre you at NANOG 62 in Baltimore, MD, this week?  If so, look for our Chris Grundemann (see team photo) who is there all week.

Chris is primarily at NANOG for the Best Current Operational Practices (BCOP) Track happening today from 4:30 to 6:00pm US EDT in the “Maryland Suites” room.   Chris was very active with this BCOP work in NANOG before joining the Internet Society and remains closely connected to what is going on.  As we’ve written about in the past, our team here is working to help facilitate the creation of regional BCOP documentation efforts around the globe and a good bit of what Chris expects to be doing at NANOG 62 is speaking with operators about what other BCOP documents could be written.

He’ll also be speaking with people about all the work we’re doing here to promote IPv6, DNSSEC, TLS and technologies to secure BGP.  If you’d like to meet up with him, please drop an email to deploy360@isoc.org and he can connect with you there at the show.

Beyond the BCOP session today, which is unfortunately not being webcast, there is an outstanding agenda of presentations this week, many of which will be webcast / live streamed for remote viewing.  Some of the sessions that hit the topics we cover here at Deploy360 include (slides are available for sessions that are already over, and the video recordings should be available soon):

Monday, October 6, 2014

  • Detecting and Quantifying IPv6-based SMTP Abuse
  • Project Turris  (an IPv6-capable and DNSSEC-validating home gateway/router from CZ.Nic)
  • Single Pass Load Balancing with Session Persistence in IPv6 Network

Tuesday, October 7, 2014

  • DNS Track (unfortunately not webcast)

Wednesday, October 8, 2014

  • Adventures in RPKI (non)Deployment

There are a great range of other talks on the NANOG 62 agenda that may be of interest, too.  I’m personally interested in the talk on Thursday (right before the RPKI talk) from Tim Stronge at TeleGeography about submarine cables as I just find that whole area intriguing.

All in all it should be a great event – and if you want to learn more about what we are doing and want to provide some feedback about what you could use help with to get started with IPv6, DNSSEC and other technologies, please do find Chris and say hello!

Categories
Deploy360 IPv6 To archive

Watch LIVE Today: NANOG Sessions On IPv6 Performance, Addressing

NANOG-60Today’s meeting of the North American Network Operators Group (NANOG) provides two opportunities to learn more about IPv6 by watching the NANOG live video stream at:

http://www.kikaua.com/clients/nanog/

First, from 2:30 – 3:15 US Eastern time, Lee Howard of Time Warner Cable will present on “IPv6 Performance Bonus“. The abstract is:

Data from multiple sources suggests that IPv6 offers better performance over IPv4. Presentation includes the data and methodologies, plus test results investigating the reasons for the performance difference.

Later in the day, from 4:30 – 5:00 US Eastern time,  Athanasios Douitsis from the NTUA Network Operations Centre in Greece will present on “Building an IPv6 Address Management System“. From his abstract it sounds like it should be an interesting case study in how to implement a system for IP address management.  (You can also see our IPv6 address planning page for resources related to this topic.)

The full NANOG 60 agenda lists the other sessions that will be happening today and tomorrow, as well as presentation files for sessions that have already occurred.

If you are at NANOG 60 in Atlanta this week, please do remember that our Chris Grundemann is there at NANOG. Please do find him and say hello!

Categories
IPv6

Watch LIVE Today: NANOG Sessions On IPv6 Performance, Addressing

NANOG-60Today’s meeting of the North American Network Operators Group (NANOG) provides two opportunities to learn more about IPv6 by watching the NANOG live video stream at:

http://www.kikaua.com/clients/nanog/

First, from 2:30 – 3:15 US Eastern time, Lee Howard of Time Warner Cable will present on “IPv6 Performance Bonus“. The abstract is:

Data from multiple sources suggests that IPv6 offers better performance over IPv4. Presentation includes the data and methodologies, plus test results investigating the reasons for the performance difference.

Later in the day, from 4:30 – 5:00 US Eastern time,  Athanasios Douitsis from the NTUA Network Operations Centre in Greece will present on “Building an IPv6 Address Management System“. From his abstract it sounds like it should be an interesting case study in how to implement a system for IP address management.  (You can also see our IPv6 address planning page for resources related to this topic.)

The full NANOG 60 agenda lists the other sessions that will be happening today and tomorrow, as well as presentation files for sessions that have already occurred.

If you are at NANOG 60 in Atlanta this week, please do remember that our Chris Grundemann is there at NANOG. Please do find him and say hello!

Categories
Deploy360 Events To archive

Speaking About BCOP At NANOG59 TODAY In Phoenix, Arizona

NANOG 59 MeetingIf you are attending the 59th meeting of the North American Network Operators Group (NANOG) in Phoenix, Arizona, please do say hello to Chris Grundemann, our new director of Deployment & Operationalization (DO), under which the Deploy360 Programme sits.

Chris is of course no stranger to NANOG as he has been very involved with setting up the regional “Best Current Operational Practices (BCOP)” efforts happening within NANOG.

In fact he will be speaking on a panel about BCOP from 4:30 – 6:00 pm MST TODAY. [1 – see note below about timezone] Chris will now be able to speak not only about the BCOP work within NANOG but also the broader picture of how we are intending to help encourage more BCOP creation and sharing around the world.

A livestream of NANOG59 is available at:

http://www.kikaua.com/clients/nanog/

The full agenda can be found on the NANOG website.  Beyond his BCOP presentation, Chris will be around the NANOG event meeting with people in his new role.  If you are interested in reaching Chris, you can email him at grundemann@isoc.org.


[1] Arizona does not use Daylight Savings Time and so Phoenix has remained on “Mountain Standard Time” (MST) which is UTC-7 and the same as US Pacific Daylight Time (PDT). So you can think of it as being the same time as it is in California and the rest of the US west coast.