Tag Cloud:

Why Learning IPv6 Puts You a Step Ahead in Your Career

Signal to employers that you’re at the top of your game by learning IPv6 now

Guest blog post by Jonathan S. Weissman

ARIN reached the true technical IPv4 Exhaustion on September 24, 2015. Yet back in 2012, I believe that I created and taught the first ever college course held in the United States that was devoted exclusively to IPv6, a summer course at Finger Lakes Community College. The course had a normal 45 hours aggregate meeting time, but it was devoted to just IPv6 and nothing else. Twenty years before that, in 1992, the IETF asked for white papers after multiple proposals to expand IPv4’s 32 bit address space surfaced. RFCs for IPv6 started appearing in 1996, twenty years ago from this summer, in which my IPv6 course is running in its fifth consecutive iteration at FLCC.

Both my FLCC IPv6 course and my personally written exam for the course are certified by the IPv6 Forum, a world-wide consortium, and an official certifying body for IPv6. Students who get a 70% or better on my exam at the end of the semester, will automatically earn their IPv6 Certified Network Engineer – Silver certification from the IPv6 Forum. Adding this certification to their resume will no doubt make a huge impression on potential employers.

A group of my students at Finger Lakes Community College about to get IPv6 certified!

A group of my students at Finger Lakes Community College about to get IPv6 certified!

IPv6 has, for the last few years, been appearing on industry level certification exams by CompTIA, Cisco, and others. It’s no longer something being shoved under the rug. Especially now that ARIN is “fresh out” of IPv4 addresses, the knowledge of IPv6 becomes more and more of a requirement with each passing day. You can’t simply wait until your company starts using IPv6 before learning about it. With a solid background in IPv6 before it’s needed, you will be able to easily adapt to and adopt this fascinating new protocol with intelligence and efficiency.

Interestingly enough, I recently looked back at the reports from my first industry certification exams, and to my shock, I saw that my Novell CNE and CNA exams from 2000/2001 actually had IPv6 questions. However, at that point, IPv6 was still in its infancy. No one was using it in earnest as we are just starting to do now.

There happens to be a great twist to this story. IPv4 isn’t going away entirely for a very long time. Experts are predicting decades more of IPv4. On January 1, 1983, ARPANET turned off NCP (Network Control Protocol), and flipped on Vint Cerf’s TCP/IP, featuring IPv4 addressing. There has not been, nor will there ever be, a corresponding “flag day” for IPv6. Back then, if you were “connected,” you were a government agency, academic institution, or research institution. Nowadays, all businesses are connected, and some can’t even afford seconds of downtime. Some companies pay extra to their service providers for the “five nines,” 99.999% guaranteed uptime during a year. Therefore, IPv6 education includes incorporating and interoperating IPv6 with IPv4 with dual-stacking, tunneling, or translation.

For my students with IPv6 education (and certification), it shows at the very least that they are progressive, motivated, and a step ahead of the times. It shows that they are scalable, adaptable, and up on the latest and greatest (although as we mentioned, this “latest and greatest” is nearly twenty-five years old). It shows potential employers that when the need arises to start using IPv6 in an incremental fashion, those who have been already working with IPv6 can be trusted as the pioneers, the architects, the leaders for IPv6 deployment. Learning IPv6 now, when you’re not faced with pressure, deadlines, prioritization demands, and more makes the learning process smoother and cleaner. Being able to learn IPv6 now affords you the opportunity to cover both breadth and depth in ways that simply wouldn’t be possible in a more “on demand” environment.

IPv6 is not just about the exhaustion of IPv4 addresses. The Internet is slowly going to turn from IPv4 to IPv6. It’s happening now. Think about business continuity. At some point, if you don’t make the switch, from a business perspective, it could be devastating. IPv6 is also about doing things that simply weren’t possible with IPv4. For example, “Internet of Things” devices simply do not have enough logic to run a dual stacked IPv4/IPv6 combination. Those sensors being placed all over the planet? They’re running native IPv6! Besides sensory networks, think about the control systems. Think about reporting systems. Think about appliances. Think about home entertainment devices.

One more thing, of course…security! Some networks might have IPv6 enabled and might not even realize it. Malicious IPv6 traffic can enter the network, tunneled through IPv4. Firewalls won’t catch it. Neither will IDS/IPS systems. They don’t even know what they’re looking for, as far as IPv6 goes!

Furthermore, you can’t start thinking about IPv6 security mechanisms and implementations without a truly solid background in the IPv6 protocol and all of its subcomponents like Internet Control Message Protocol for IPv6 (ICMPv6), Neighbor Discovery Protocol (NDP), Dynamic Host Configuration Protocol for IPv6 (DHCPv6), link-local addresses, Internet Protocol Security (IPsec), and much more. As my IPv6 course illustrates, there are so many layers and wrinkles to IPv6. You can’t just read a book over a weekend and be ready to deploy IPv6 or, even worse, IPv6 security on a Monday morning. I tell my students, “seeing is believing,” as we spend lots of time on IPv6 labs, while sniffing in Wireshark.

There’s little to no pressure right now to start learning IPv6. As the days, weeks, and months go by, that will become less and less true. The “Internet of Things” and mobile devices are, of course, the big factors responsible for IPv6’s great need right now. Now is the time to start learning IPv6! There will never be a better time!

 

Jonathan WeissmanJonathan S. Weissman is an Associate Professor and IT Program Coordinator at FLCC. He holds 34 industry level certifications, five of which are IPv6 certifications from the IPv6 Forum.

Connect with him on LinkedIn or email him at jonathan.weissman@flcc.edu

 
 

My Experience as an ARIN Fellow

ARIN 37 Fellow Alyssa Moore shares about her experience as a newcomer to the ARIN community and the policy development process.

Guest Blog by Alyssa Moore

In April I had the good fortune to:

  • Attend an all-expenses-paid meeting in Jamaica
  • Nerd out with Internet community experts and veterans
  • Engage in the best professional development of my career
  • Form relationships with brilliant mentors

Sounds too good to be true, right? Allow me to introduce you to the ARIN Fellowship Program.

ARIN 37 Fellows

ARIN 37 Fellows – April, 2016. Photo: ARIN

During my time as an ARIN Fellow, I learned that Internet number resource policies in the ARIN region are developed entirely by the community. Every word of the Number Resource Policy Manual (NRPM) undergoes rigorous examination in a transparent, community-driven, bottom-up policy development process. This is significant because in an increasingly networked world, we should all have a stake in Internet governance. Number resource policy is of particular importance in light of the recent depletion of the IPv4 address “free pool” in the ARIN region, the development of an IPv4 transfer market, and the slow pace of a global transition to IPv6.

I also learned that ARIN provides multiple avenues to contribute to the formation of policies and processes that underpin global Internet infrastructure. Anyone with an email address can chime in on global Internet policy-making simply by joining and participating in a mailing list.  Anyone can also attend an ARIN meeting, either in person or virtually. And anyone residing in the ARIN region with an interest in Internet governance is encouraged to apply for the Fellowship Program.

Policy Discussion at ARIN 37

Facilitation of policy discussion at ARIN 37. Photo: ARIN

While there is much lively discussion on mailing lists or during meetings, I found that some of the most spirited policy conversations took place over breakfast and at after-hours socials. For example, rules around IPv4 address transfers are currently of particular interest to the ARIN community. Some advocate passionately for the application of strict needs tests in cases where limited IPv4 resources are sold in a private transaction. Others support complete liberalization of the IPv4 transfer market, and the rest fall somewhere in between. If you’re involved in politics in any way, this type of problem may sound familiar.

Regardless of where one’s opinions fall on the policy spectrum, each and every person I encountered took the time to engage in a meaningful discussion with me and explain the issues within their historical context. I was floored by how quickly introductions were made and how welcoming the ARIN community is to newcomers. It’s for these reasons that I strongly encourage anyone with a stake in number resources or the larger Internet governance landscape to get out to an ARIN meeting in person. Fellowship applications are currently being accepted for the 20-21 October 2016 meeting in Dallas, Texas through 31 July 2016.

 

Alyssa MooreAlyssa Moore is the Policy and Strategy Analyst at Cybera, Alberta’s non-profit research and education network. She is involved in the Canadian Internet community as an advocate for socially responsible tech policy and a champion of publicly owned network infrastructure. Alyssa’s passion for the Internet is borne of a love-hate relationship with rural dial-up and satellite connections in her formative years. She holds a Bachelor of Arts in Political Science from Carleton University.
Cybera website: http://www.cybera.ca
Personal website: http://www.alyssamoore.ca
Twitter: @lyssamoo

 

Voting Contact Clean-Up Campaign Now Underway!

By Wendy Leedy, Member Engagement Coordinator, ARIN

Each fall, ARIN’s Membership elects representatives to the ARIN Board of Trustees and Advisory Council. Two out of three years, they also elect one ARIN representative to the Number Resource Organization Number Council (NRO NC). Every member organization – regardless of its size – is permitted one Voting Contact who casts one vote in ARIN Elections. These elections directly shape the future of ARIN, our community, and the Internet itself!ARIN Elections

This year, all eligible voters must log into ARIN Online to access their organization’s ballot, therefore requiring all registered Voting Contacts to have an ARIN Online account to participate – as previously announced, ARIN is improving the security of its voting system and will no longer email web links for casting ballots. To be eligible to vote, an organization must be a General Member in Good Standing (current on all invoices) and must have designated a Voting Contact linked to an ARIN Online account on record by 6 September.

To assist and ensure all eligible member organizations are prepared to vote during ARIN Elections, our team is currently leading an extensive Voting Contact clean-up campaign. Over the past few weeks and in the coming weeks every member organization should receive an email that either:

  • Confirms an organization’s Voting Contact (if there is no change, no action is required)
  • Requests an organization to designate a Voting Contact now
  • Requests your Voting Contact set up their ARIN Online Account and/or validate their being a voting contact for your organization

As Member Engagement Coordinator, I encourage each of you to please take a few minutes to read the email you received and to take any necessary action asked of you as soon as possible. By doing this, you will ensure that you are eligible to vote in this year’s election. Don’t forget that the deadline to establish voter eligibility for Voting Contacts is Tuesday, 6 September 2016.

Since the outcome of ARIN Elections can have a far-reaching impact, it’s not only a privilege for member organizations to participate, but also an important responsibility. Active and ongoing participation in elections demonstrates an organization’s support of and commitment to electing representatives who will drive transparent policy discussion and change; openly listen to, engage with, and fairly represent the community at-large; and work toward advancing the future of ARIN and the Internet.

Have questions or need help establishing your voting eligibility? Contact us at members@arin.net or call 1.703.227.9840, ext. 834. You may also visit our Voting Contacts page for steps on how to view and update your Voting Contact information or create an ARIN Online account.

At ARIN, we recognize you are busy, so we thank you in advance for your time and ongoing involvement in and support of ARIN. We look forward to virtually seeing you at the polls in October! It’s your voice, your vote – make it count!

Can You Make IPv6 Work Commercially?

Uncovering the costs and (hidden) benefits of IPv6 deployment that lead to a positive business case

Guest Blog Post by Marco Hogewoning, External Relations Officer – Technical Advisor at the RIPE NCC

Large scale IPv6 deployments suggest that IPv6 is at least a technical success – the technology works. Now it’s time to visit the other important question: does it work commercially? Does IPv6 really come with a positive business case? We are about to find out, if you help us…

RIPE Labs ROI PollOur technical community has spent about two decades making IPv6 work on a technical level. We have developed the protocol, modified and expanded a few others; we set up the registry system and distributed the addresses. In addition, over the last 10 years we have invented pretty much any possible way to encapsulate or translate IPv6, making it easier to integrate with the IPv4-based world we still live in. And we have succeeded: when in Belgium, there is about a one-in-two chance your Internet connection supports IPv6; on a global scale, Google (on a good day) sees one-in-eight customers connecting via IPv6.

Are we done then? After all, we can show that IPv6 works, even on a massive scale with millions of users. We have written all the documentation there is to write, we have educated and trained all of our colleagues and even created awareness outside of our own community about the need to transition the Internet to use IPv6. Meanwhile the IETF has already taken steps to investigate and discuss the consequences of the inevitable “shutdown” of IPv4. All we need to do is sit back, relax and wait for the IPv6 transition to complete, which is just a matter of time.

Or is it?

As part of this year’s inter-sessional work for the Internet Governance Forum (whose 2016 event will be held in Mexico this December), a group of volunteers has picked up the daring task of trying to describe the commercial and economic reality that underpins a successful deployment of IPv6. As part of the project to document IPv6 best practices, we are hoping to gather some input on the costs and (hidden) benefits of IPv6 deployment that lead to a positive business case and that will convince the product managers and boardrooms who are now stuck with the challenge of expanding their business using a finite and very much exhausted resource, to deploy IPv6 within their products and services.

Can you help us? Share how you make IPv6 work in a competitive market, share the arguments behind your business case – maybe it was just a matter of your competitor deploying it? Even if you haven’t deployed IPv6, please share your arguments or business case, as this would also help us to gain insight in what is happening here.

More information about the IGF Best Practices Forum will soon be posted on the IGF website from where you can also subscribe to a dedicated mailing list. To read my full post, check out RIPE Labs and answer our IPv6 Return on Investment Poll there as well.

 

Marco_Hogewoning112x165Marco Hogewoning is External Relations Officer – Technical Advisor with the RIPE NCC. As part of the External Relations team, he helps lead the RIPE NCC’s engagement with membership, the RIPE community, government, law enforcement and other Internet stakeholders.

 

 

 

 

 

Origin AS: An Easier Way to Validate Letters of Authority

By Mark Kosters, Chief Technology Officer, ARIN

One challenge that Internet Service Providers (ISPs) face today is dealing with end customers who have their own IP address blocks and want their ISP to route them. ISPs want to satisfy their customers, but they also want to ensure that the customer has valid use of the IP address block.  Determining a customer’s valid use of an address block is fairly simple if the customer is the address block holder and if the ISP can easily see, using tools such as Whois, that they are the rightful holder.  However, in the case where the customer does not provide a clear assertion that they are the rightful holder, determining valid use becomes more challenging. In this case, the customer presents a “Letter of Authority” (LOA) that asserts that the IP address holder has authorized the customer use of their block. The ISP must figure out how to verify the letter so that Internet routing of the address block can be enabled by that ISP.

View and Manage Network Screenshot

The challenge in validating LOAs is that it requires looking at the past history of the IP address block within the directory services of the various Regional Internet Registries (RIRs) and the Internet Routing Registry (IRR).  If the validation is done carefully, ISPs need to follow the registration trail of the companies if the name of the company providing the LOA does not match the current holder of that space within the registry. This effort is time consuming, inherently manual, and often fraught with questionable information. Further, there is no standard process or recordkeeping for the validation process, so that vetting may be uneven between ISPs and is likely non-transferrable when the customer moves between ISPs and wishes to use the address block again. This situation creates redundant work when the holder moves on to the second ISP, who also needs to determine the current organization with the registration rights before they can validate the customer’s offered LOA, and accept the IP address space to be originated from their network.

Long term, better maintenance of IP address blocks in the registry would make vetting LOA’s easier, and the adoption of Resource Public Key Infrastructure (RPKI) resource certification would eliminate most, if not all, of the issues.  However, until there is more widespread adoption of RPKI, the community is seeking an easier way to validate that the customer presenting an LOA is actually authorized by the address block holder.

One possible solution that can be implemented with the existing ARIN registry system is to make use of the “Origin AS” address block attribute.   Specifically, if a customer asks that an IP address block be routed because of an LOA, the ISP can request that the customer configure the Origin Autonomous System (AS) associated with the IP address block that is reflected in ARIN’s directory services to match the ISP’s AS number.  IP address block holders (including legacy address holders) can easily set this attribute using an ARIN Online account. Organizations that don’t have current contact information associated with their address block will need to be validated by ARIN, but this only needs to occur once. Once validated, the resource holder can update their IP address record, including the Origin AS, as necessary.   The other advantage of this approach is that it ensures that organization information is consistently reviewed by ARIN and eliminates any potential change of the ISP, thus preventing the hijacking of IP address blocks by parties that don’t have the registration rights to those address blocks.

The Origin AS can be set by the appropriate contact (tech, admin, or resource) in one of two ways:

  • SWIP-EZ: A web interface through ARIN Online that allows any authenticated user to make changes to their registration information for that IP address block.
  • Reg-RWS: An API that allows for automated and authorized updates by an authenticated user to occur via ARIN’s provisioning system for that IP address block.

Once the information is updated, an ISP can manually validate that the Origin AS of the IP address matches theirs, or validate using automated scripts.  Either way, after the IP address block has an Origin AS that matches the AS of the ISP, the ISP can provision the route of this IP address without worry.

 

Where are you on your IPv6 journey?

By Hollis Kara, Communications Manager, ARIN

Over and over again we hear that people need more resources to help them deploy IPv6, so we have set out to find out what would be the most valuable for those who are trekking upward. Our first step is to discover what kind of IPv6 activities are already occurring in our region. To do that we have an IPv6 Deployment Survey aimed at those organizations who have already begun their journey to IPv6.

IPv6 Survey

Have you started, or even completed, deploying IPv6? If so, please take our short survey to help us collect information about where you are in the process, the challenges you have faced, and the advice you would give to others. By attempting to identify the pain points companies are experiencing, we hope to be able to help you overcome them.

The survey will begin by asking you some demographic questions, followed by questions designed to help us understand what types of services your company has already made available over IPv6. Next we’ll ask you about the obstacles you encountered along the way and how you overcame them. We’ll also ask you what kind of resources were (or would have been) useful for you and if there’s one piece of advice you could give to others, what would it be?

Many respondents to date have indicated they have an IPv6-enabeld network infrastructure, IPv6 transit and/or peers. The main obstacle we’re seeing so far appears to be technical issues, and for almost half of those who have responded so far, the process has taken less than one year to accomplish. Better vendor support would have made deploying IPv6 easier for many of you, and lots of respondents have suggested the best advice is to plan early and strategically.

Please take a few minutes to answer our survey questions yourself.  It shouldn’t take more than ten minutes to complete, and the results will be used for educational purposes only. Also consider including your contact information at the end so we may reach out to you for more detail or to partner with you in our outreach efforts (that currently include Get6 and lists of hosting/DNS providers and consultants/trainers on our IPv6 wiki). We’re looking forward to using the results of this survey to continue to help you on your IPv6 journey!

 

Healthcare’s Digital Future is Here, But How Will it Connect?

By Ashley Durkin-Rixey, Stanton Communications

This past week, I attended the Digital Healthcare Summer Summit and 2016 BIO International Convention on behalf of ARIN. You might be wondering what one of the Regional Internet Registries and healthcare have in common. The answer is quite a bit.

Digital Healthcare Summit Get6

Igniting the Tipping Point

The theme of the Summit itself was “Igniting the tipping point,” a nod to the fact that the digital revolution in healthcare is not necessarily a new topic, but one that is poised to move into the everyday lives of clinicians, researchers and patients everywhere. These technologies can improve clinical efficiencies, education and most importantly, patient outcomes; but there is still much work to be done in order to make the case for investments in digital healthcare and widespread adoption.

This is a theme familiar to ARIN. In September of last year, ARIN announced the depletion of IPv4 addresses and the need to transition to IPv6. Since then, ARIN has focused on educating communities outside the tech world on making the move to IPv6 and why the time is now. IPv6’s unlimited address pool and true end-to-end connection is the backbone that will facilitate the Internet of Things as we add more and more connected devices to our lives.

Creating the Internet of Healthcare Things

In speaking with attendees and exhibitors at the summit, many told me condition specific wearables and monitoring devices in particular are igniting the tipping point. Whether it is a sock with a sensor in it to track patients within a hospital, facility, or at home to make sure they are moving post-surgery, or an application to help patients adhere to medication-that is accessed via mobile phones and smartwatches, these types of digital healthcare innovations will have an immediate impact on outcomes.

So how will all these devices connect? That’s where I’ve been able to share ARIN’s message on IPv6. I’m delighted to say there are app and device makers who are aware of IPv6 and taking that into consideration as they develop, but there is still much to be done to educate care providers and their network teams about future proofing their networks to use IPv6 to the fullest.

The Internet of Healthcare Things is fast emerging and its promises will be felt everywhere on the healthcare continuum, from wellness care to acute disease conditions. But with any technological revolution, the devices are only one side of the coin. IPv6 and network evolution play a key role in sparking our connected healthcare future.

 

IPv6 and Adventures in Podcastland

By Hollis Kara, Communications Manager, ARIN

6 June 2016 marked the fourth anniversary of World IPv6 Launch, and looking back we have made pretty significant progress since then, with Google reporting that the percentage of users that access Google over IPv6 is now up to 12%. To commemorate the occasion, Dan York, of the Internet Society, invited me to join him on the For Immediate Release Podcast where he was serving as guest host.  This provided an excellent opportunity to talk a little bit about why communications professionals should care about IPv6 and to direct anyone interested in learning more to our Get6 campaign. As a communications professional and ARIN employee, I think it is pretty easy to see where I might have a few things to say on the subject!

Check out the podcast (the discussion about IPv6 begins at minute 37:30).

FIR #38: The worst press release ever?

Communicators need to be thinking about how they’re serving up their content and how they are connecting with people.  You are going to have customers coming in over an IPv6 connection, and if you don’t have IPv6 in addition to IPv4 for your website, there are things happening in the background that may degrade their experience with your content.

I appreciated the opportunity to chat with Dan and the other panelists about a range of topics including Snapchat, Periscope, tronc, and Mary Meeker’s recently released report on 2016 Internet Trends. Big thanks to Dan, C.C. Chapman, and Kami Huyse for making me feel right at home on my first podcast adventure!

 

 

Welcome to the ARIN Community

By Kim Kelly, Communications Writer, ARIN

Are you new to the ARIN community? Welcome! You may already be familiar with the ARIN mission statement:

ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number resources throughout its service region; coordinates the development of policies by the community for the management of Internet Protocol number resources; and advances the Internet through informational outreach.

But what does that actually look like in action?

To answer this question, we’ve developed a simple, easy-to-digest video to help you learn more about ARIN’s structure and services. The video also includes all the different ways you can get involved in our community, which you may not have previously been aware of.

This video is a great primer (or reminder for some of you!) of all the different ways ARIN is here to serve you. So check it out below.

For more information, visit the New to ARIN page on our website. If you have any questions about ARIN or about how you can get involved, leave a comment or email us at info@arin.net anytime.

RDAP: Whois for the Modern World

By Andy Newton, Chief Engineer, ARIN

At an Internet Engineering Task Force (IETF) conference in 2011, I was invited to participate in an informal brainstorming session on Internet routing security. During the meeting, a researcher showed me one of his web-based tools for diagnosing routing issues. He started his demonstration with “Give me your AS number.” Plugging my Autonomous System Number (ASN) into his browser, the tool came to life with a rich set of data.

Then he said, “It only works for ASNs from ARIN.” I asked why, and he explained that all of the logic was running in the browser using Javascript, not on a back-end system, and ARIN was the only Regional Internet Registry (RIR) with a REST-based Whois service compatible with the program running in his browser. That was true. At that time, ARIN was the only RIR with such a service, and it was a proprietary system designed specifically for ARIN by ARIN. Fast-forward five years, and now all the RIRs run such a service… the same service: the Registration Data Access Protocol (RDAP).

RDAP the new whois

Why do RIRs run RDAP?

RDAP was given official standards status last year by the Internet Engineering Task Force (IETF) and was quickly adopted by all the RIRs. But the IETF didn’t just design RDAP for IP network registrations and ASNs. RDAP was also designed to model the data in Domain Name Registries (DNRs) and has extension mechanisms for other registry types. Extensions have already been defined for ENUM registries (which are DNRs for telephone numbers), and work is beginning on using it for routing registries as well.

Where WHOIS uses a special-use port and protocol, RDAP uses HTTP/HTTPS. Where WHOIS has a myriad of encoding schemes, RDAP uses the well-understood JSON format. Where WHOIS has a data model for every registry, RDAP defines one data model. And where WHOIS has no provisions for authentication, bootstrapping, or internationalization, RDAP has answers for them all.

Of course, this article could describe the technical merits and benefits of each one of those items, but doing so would help obscure a more meaningful point: by adopting one single standard, the effort to create tools which need this data has been made much easier. And it’s those tools, providing solutions for problems unforeseen by the protocol wizards and policy wonks that created RDAP, that can help change how the ‘internals’ of the Internet operate.

Using the WHOIS protocol, software developers have a much more difficult effort with regards to obtaining data from registries. They must craft special code for almost each registry.

By contrast, RDAP is easier because there is one data model. And the programming model is easier too because it is web-based. Software developers do not need to worry about lower-level network connections, which are often unavailable in some constrained programming environments. The web-based, RESTful encoding with JSON employed by RDAP can be accessed with built-in application programming interfaces available on all modern platforms: server, desktop, web, and mobile.

Creating tools for RDAP

Back in 2010 when ARIN first fielded its pilot, web-based, REST service containing Whois data, an analysis of the web logs after a few short months yielded some surprising results: a large number of the queries came from custom programs, many of them being browser-based applications. In other words, people had created tools around the service in a short amount of time.

The same is true of RDAP. Tools making use of it are popping up in all forms. Earlier this year I had a similar experience to the one I mentioned from five years ago. This time, it was the fine folks from APNIC Labs, and this time, their tool (vizAS) worked with any ASN from any RIR because it uses RDAP.

Check out vizAS: a tool for exploring the interconnections between AS numbers within a single economy, and a comparison of the state of interconnections between the IPv4 and IPv6 address families.

As DNRs start to field RDAP services, the opportunity for tooling becomes greater. Network abuse researchers have talked to me about tools that make use of RDAP for both types of data: coordinating observations of network abuse between the registration information of domain names and IP networks.

And some anti-spam researchers have figured out a way to use RDAP to enhance domain reputation scores. As more Top Level Domain (TLD) operators support RDAP, the ability for spammers to hide behind bad domains will become harder (and the TLDs without RDAP service may get bad reputations themselves).

Going forward, it is hard to predict what other tools may surface which use RDAP. But then again, that’s the whole point. RDAP is an enabling technology for network metadata, and the utility it may bring cannot be foreseen but should not be overlooked.

 

This post originally appeared on APNIC’s blog.

IPv6 Success Stories from Companies that Have Done It

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

Many organizations have already successfully deployed IPv6. In your journey to do the same, seeking out advice from those who have already been there can help you along in the process. In a featured session at the ARIN 37 Public Policy and Members Meeting, a group of experts from a diverse range of companies (e.g. large and small ISPs, enterprise, software, CDNs, cloud services providers) discussed IPv6 obstacles and successes at their own organizations.

IPv6 Success Stories Panel at ARIN 37

Questions asked of panelists included some standouts like:

  • Do you advertise that you’re utilizing IPv6, or do you just try to make it so the customer never realizes that the transition has happened?
  • Having gone through implementations, what kind of long-term benefits have you seen, in terms of automation and scale?
  • How has your organization been with adapting tools, back office systems, sales systems, CRM, ERPs, billing systems, etc. to accommodate your IPv6 transition?
  • What advice would you give based on your experience regarding what worked well and what didn’t?
  • Why did you decide to not simply keep buying IPv4 addresses or embrace carrier-grade NAT?

A few highlighted quotes from the panel were:

“When you look at how many devices we would like to provision, continuing to try and buy IP[v4] addresses and propagate that model and the amount of money that it would require, it’s actually cheaper to deploy v6.”  – Dan Alexander, Network Engineer, Comcast

“[IPv6 deployment] doesn’t just happen. You need to put someone in charge of it. You need to have somebody own that process”  – Rob Seastrom, Principal Engineer, Time Warner Cable

“We’ve had a lot of internal activism going out to the various software development departments saying:  If you’re building code that doesn’t support v6, you’re hurting the company.”  Owen DeLong, Senior Architect, Akamai Technologies

“When we went out and built our under-LAN infrastructure, v6 allocations made it a lot easier for different locations and sites and we were able to properly plan long term.”  – Charles Gucker, Network Engineer, VMware

“One of the keys for success is having a good v6 addressing plan to make your deployments simple. For example, we assigned a /48 to each site and then on occasion we embed the VLAN number inside our addressing blocks so it’s easy for people to find.”  – Andrew Dul, Network Architect, EGATE Networks

Those are only a few gems from the discussion. Watch the entire session below or read through the full transcript on our website.

If you have an IPv6 success story you’d like to share, we’d love to help get the word out. Drop us a note in the comments or shoot us an email at get6@arin.net and we’ll be in touch.

You probably have IPv6. Turn it on!

Kyle Drake, founder of Neocities, a free web hosting service, shares his experience with implementing IPv6. This post originally appeared on APNIC’s blog.

Guest blog post by Kyle Drake

Thanks to a massive amount of time and effort, there are now a large number of ISPs, data centres, cloud services, and software that now support IPv6 in the United States and around the world. Actual adoption of IPv6 in production is slowly increasing globally, but is still lower than it could be.

With this post, I not only want to convince you to start looking into beginning to use IPv6 on your own computer, but show that in many cases, enabling IPv6 can be as simple as clicking a button on your WiFi router.

Turn on IPv6

You might already know the reasons why IPv6 is so important: we’ve now run out of available IPv4 addresses, and it’s now very expensive to acquire new IPv4 addresses (in the ARIN region, you likely have to buy them from others), hampering the ability for network operators to provide infrastructure services at reasonable costs.

There are also significant security benefits to IPv6. One of the ways exploits are propagated is they scan the entirety of the IPv4 address range looking for vulnerabilities. As the IPv6 address range is so large (128 bits), it becomes impossible to scan the entire range. There was a great recent blog post on The Internet of Stupid Things that highlights the serious security problems we’ll have with IoT if we don’t deal with the address scanning problem, to say nothing about the problem of not even remotely having enough IPv4 addresses to support that many devices.

Considering the many benefits of IPv6, you may be wondering when you’ll be able to start using it. The answer is, probably now. And it might be easier than you realise.

Getting my feet wet with IPv6

I wanted to see if I could get IPv6 support for Neocities, which started my investigation into the current state of IPv6. At that point, I didn’t really know a lot about actually using IPv6. Before I enabled it on my servers, I wanted to get it working on my laptop and home network. I didn’t just want to ping the server from another server, I wanted to test the complete end-user experience myself.

The first thing I did was contact my ISP to see if they supported IPv6, and it turns out they did. Surprisingly to me, this is already true for many (if not the majority) of ISPs in the USA. Comcast, Time Warner Cable, Verizon, Cox, AT&T, Charter, and CenturyLink all have active support for IPv6, and that’s just the largest ISPs in the United States, representing approximately 78 million subscribers.

The way these ISPs provide IPv6 today is with a “Dual Stack” configuration, essentially providing both an IPv4 and IPv6 address at the same time. This allows you to start getting your feet wet with IPv6 while still supporting sites and software that haven’t switched over yet.

After confirming support from my ISP, my next goal was to figure out how to actually turn it on.

Configuring your WiFi router

If your ISP supports IPv6 and you have a modern WiFi router, this may be the only thing you need to actually configure to get IPv6 working on your home network.

My personal computer only had an IPv4 address being assigned to it from my WiFi router (which I confirmed by visiting an IPv6 test site?, so something clearly needed to get configured on it to enable IPv6.

I started by logging into my WiFi router (a D-Link DIR-868L) and quickly realised that it not only supported IPv6 but that I was one click away from enabling it. The router informed me that it would go into an automatic setup mode which would take a few minutes, then it would reboot with IPv6 support. I clicked the button and went for a cup of tea. Before I came back, the WiFi router had rebooted, and my local network now magically had a dual stack IPv4 and IPv6 address assignment and had bound seamlessly to the modem’s IPv6 address assigned by my ISP.

D-Link’s firmware was the easiest I saw for IPv6 configuration, but I also upgraded a network running a CenturyLink router that was fairly easy (though a few steps were somewhat obtuse), and another router running OpenWRT, which has excellent IPv6 support.

Most routers provide pretty good IPv6 support at this point but unfortunately, there are exceptions. Notably, I was surprised to learn that DD-WRT IPv6 configuration was ridiculously complex, and I didn’t feel bold enough to try to enable it. I’m hoping that DD-WRT can work to improve this in the future.

Trying it out

Now that my home network was set up, I focused my attention on enabling IPv6 for my laptop. At this point I braced myself for a headache, assuming the process would be a harrowing effort of digging through complicated config file muck, fixing broken, incomplete or badly configured software.

Here again, I was pleasantly surprised at how easy this process was. I simply rebooted my computer and had IPv4 and IPv6 support running on my machine. Great! But now how do I actually use it with my web browser?

It turns out that was seamless, too. In fact, it’s so seamless that it took me a while to figure out if it was even working. This is possible because most web browsers (I tested Firefox and Chrome) automatically determine whether they should use IPv6 or IPv4. When you type in a domain name, they automatically look for an AAAA record (the DNS A record for IPv6). If it exists, it tries using IPv6, falling back to the A record and IPv4 if necessary. I noticed no performance reduction in this process, though there could be a minor, unnoticeable difference.

The new “problem” was that I couldn’t visually tell when a site was loading with IPv4 or IPv6. To give me better insight into this, I installed the IPvFox add-on, which put a small icon in my address bar that would tell me if the site was loading with 4, 6, or with a combination of the two (Chrome also has a similar plugin called IPvFoo). I strongly recommend installing these plugins to assist you with testing IPv6 support. In addition, it also provides an interesting insight into which websites currently support IPv6 (a surprisingly large number), and which currently don’t.

Many websites have IPv6 support and don’t even realise it. For example, cloud proxy services such as Cloudflare provide IPv6 support transparently to the site they are proxying, whether the upstream web server supports it or not. Their aggressiveness in adopting cutting-edge technology for their infrastructure is notably helping to improve IPv6 adoption, and in fact, could even be responsible for the majority of web servers that currently support it.

Enabling IPv6 for the servers

Now it was time to see if we could enable IPv6 for the Neocities servers. I first went to the server that powered our web application (the front site), and saw that an IPv6 address had already been provided by our data centre operator, and automatically configured on our server.

If your data centre or cloud provider doesn’t automatically provide an IPv6 address, they usually provide an option to get one through a web interface or by contacting support. Once the server has been assigned an IPv6 address, you need to configure your server to use it. Each operating system has a unique way of configuring networking, so follow the relevant documentation to see how to enable IPv6 for your specific OS.

Once the server has been assigned an IPv6 address, I needed to configure the web server software to use it. Like many (if not most) online providers, we use Nginx for both serving sites we host on Neocities, and for proxying our backend web application. So I needed to configure nginx to start listening on the IPv6 address, in addition to the IPv4 one.

We use a custom compile of nginx that’s tuned for our needs, so I had to enable IPv6 by adding –with-ipv6 to the ./configure before compiling, but if you use the prebuilt nginx that comes from software packages, you likely won’t need this step. Once it was compiled and installed, I only needed to add a line to nginx.conf to tell it to also listen on IPv6:

server {
listen 80;
listen [::]:80;
server_name neocities.org;
# … the rest of your server config
}

I then reloaded nginx, and voila, IPv6 support! When I was ready, the last step was to add an AAAA record for that server to my nameservers. Within minutes, users with IPv6 support started automatically using that address, perhaps without even realizing it.

Minor tooling differences

In the process of testing IPv6, I did notice some mild software differences that initially made it difficult for me to test things, and I wanted to mention them briefly. The first notable difference was that I had to wrap the IPv6 address in square brackets for my web browser.

For example, if I wanted to access http://234::3334::44, I had to type it in as http://[234::3334::44]. I also had to use ping6 instead of ping, and use -6 with curl in order to force IPv6. And SSH would fail with square brackets, so I had to leave them out.

Having to deal with these quirks was honestly a little annoying. The one thing I particularly don’t like about IPv6 is weirdness of the colon delimitation. It’s a bit annoying to have to work with it, and I agree with some other writers that think we could do better in this category. It would be nice to see some improvements here in the future, but it’s not a deal breaker for me for the IPv6 adoption we need.

The crazy things IPv6 can do

Lastly, I wanted to mention some pretty interesting experimental projects people are already using IPv6 for. Specifically, I wanted to mention Cjdns, an experimental project that uses private keys to derive IPv6 addresses, enabling trustless distributed routing networks. This works because IPv6 addresses are so large (128 bits), that it’s safe to simply derive them randomly from keypair cryptography. In the future, this could help to address problems like route poisoning and related problems with the present Internet’s trust-oriented routing infrastructure. It’s experimental at this stage, but still a very interesting example of what IPv6 could hold for the future.

IPv6 doesn’t just allow us to add more devices to the Internet; it also enables the possibility of re-architecting the Internet to improve performance, upgrade security, and increase privacy. I’m excited to see what comes next.

Conclusion

All of my ISPs, data centre operators, and cloud service providers supported IPv6. But in many cases, I had to click an extra button to enable it, or explicitly request it. I understand the motive for doing this, as they perhaps wanted to avoid creating any issues with bugs or opening up any unknown security holes. I come from a similar school of thought (don’t turn anything on unless you really need it), but I’m now going to make a rare exception for IPv6.

Router manufacturers, data centres, cloud services: I love how easy you’ve made it to enable IPv6, and I appreciate the hard work you did to enable it, but now’s the time to go one step further. No more “one extra click” or “on request” support: it’s time to enable dual stack IPv6 support by default. When WiFi routers and servers start automatically configuring IPv6 alongside IPv4, we’re going to start seeing a lot more adoption of IPv6. And the farther along we get, the closer we get to being able to finally deprecate IPv4.

This particular technology is working best when its functionality is invisible to the end user. Thanks to the amazing work everyone has put into making IPv6 seamless, most users won’t even notice they’re using it, as everything they do today will continue to work with no noticeable difference. There’s only one thing left for you to do: Turn it on!

Kyle DrakeKyle Drake is a tech entrepreneur and the founder of Neocities.

 

 

 

 

 

The IPv4 Transfer Process

By Cathy Clements, Transfer Services Manager, ARIN

Ever since we officially depleted our IPv4 free pool back in September 2015, we’ve seen more and more interest in transferring IPv4 address space. We know that if this is your first time going through the transfer process, it can seem a little confusing, so we wanted to guide you through the process.

Check out the flowchart below to help you get started in the IPv4 transfer process. Whether you already have IPv4 address space and you’re looking to transfer it, or you need to acquire IPv4 address space, this graphic should point you in the right direction.

IPv4 Transfers Flowchart

ARIN 37 Day 3 Daily Recap

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

Though it’s hard to believe, ARIN 37 has already come and gone.  Today was the third and final day of our Public Policy and Members Meeting in Montego Bay, Jamaica.   Over the last few days, community members have discussed policies, networked with colleagues, and learned more about regional and global issues affecting Internet number resources.

ARIN 37 Meeting Photo

Today’s sessions took us through many topics at the heart of ARIN as an organization. We first heard about a new Services Working Group that has been created to assist with the consideration of proposed changes to ARIN’s services.  Then we heard departmental reports from Communications and Member Services, Engineering, Global Registry Knowledge, Financial Services, Human Resources and Administration, and Registration Services.  A few highlights included:

There were also reports on ARIN finances, the Advisory Council, and Board of Trustees. We wrapped up the meeting was one last open microphone session, during which attendees covered outreach to the Caribbean, IPv4 address space, and more. If you are interested in referencing the slide decks from today’s meeting, all are already available on the ARIN website. In a few days, full transcripts, notes, and webcasts will be posted as well, so stay tuned.

Thanks to everyone who participated in ARIN 37 both onsite and online for making this a successful and enjoyable meeting.  While it’s still fresh in your mind, don’t forget to save the date for the next ARIN meeting in Dallas, Texas from 20-21 October 2016.

 

ARIN 37 Day 2 Daily Recap

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

Today marked Day 2 of the ARIN 37 Public Policy and Members Meeting.  First thing this morning we heard updates from the Number Resource Organization (NRO) comprising the five Regional Internet Registries (RIRs).  We received reports from our RIR colleagues about their respective regions.

ARIN 37 Day 2 Photo

The three policies discussed in detail today included:

In a special IANA Transition Panel, we heard about the current status of the IANA stewardship transition proposal and where it stands now. We also saw presentations on policy simplification and ARIN software development.  Lastly, we rounded out the day with an open microphone session that included topics from legacy address space to future IANA delegations.  We continued to enjoy chatting with you on Twitter about the meeting using #ARIN37.

In the coming weeks, complete webcasts, transcripts, and abbreviated notes from the entire meeting will be posted online.  In the meantime, downloads of all the slide decks presented at the meeting are already available. Don’t forget that you can participate in the last day of ARIN 37 tomorrow morning whether you’re onsite in Jamaica or online anywhere in the world.  See you again tomorrow!