Tag Cloud:

Sign Your DNS Zones

By Pete Toscano, Network Operations Manager, ARIN

Security

Last month we signed ARIN’s forward DNS zone as part of our commitment to Domain Name System Security (DNSSEC).  That means we completed the process that essentially allows resolvers to verify the arin.net information that they receive from ARIN’s nameservers, and it allows users to have a higher degree of confidence that when they go to https://www.arin.net or act on any other information under arin.net that they are communicating with the host they expect.

We went through the process of signing ARIN’s forward DNS zones to do our part to contribute to a valuable and trustworthy Internet.  The process can be complex, but it’s worth it.

Why is signing your DNS important?

Every time you type in a web address (with letters) it corresponds to a set of numbers.  That is one use of the Domain Name System, or DNS for short.  Think of DNS as an inverted tree with many branches.  The root zone is at the top and out from it comes other zones through which a chain of authority flows. DNSSEC adds another layer of security to this tree by allowing users to validate that the DNS records come from the correct source.

DNSSEC makes the name tree more reliable for the whole Internet.  Not only can resolvers validate the data they’re getting from nameservers with signed DNS zones, but users can have a higher degree of confidence that when they go to a web site under a signed domain they’re actually on the correct web site and not some imposter’s phishing site.  Basically, DNSSEC validates that you received information from the source and not from a third party who could change the information in a malicious way.

Implementation Considerations

DNS records for arin.netMake sure your domain name registrar supports DNSSEC.  In ARIN’s case, we needed to go through the process of changing registrars so we could employ this important functionality.  Changing registrars can be a slow process, so be sure to include that in your timeline.  If you want to find a registrar that supports DNSSEC, check out this list of registrars compiled by ICANN that are DNSSEC friendly.

Depending on how you manage DNS now, your workflow process may need to be reengineered to some degree, especially when it comes to reporting DS record changes or additions to your registrar.  This can be done manually, but you may want to consider automated signing solutions.  There are both software and hardware-based options.  Larger installations may want to consider a hardware solution for the DNS signing, but it comes down to your budget and tolerance for added complexity. ISOC’s Deploy 360 has more information on deploying DNSSEC.  Once you are setup, you can use tools like Sandia National Laboratories’ DNSviz and Versign Labs’ DNSSEC debugger to ensure you have DNSSEC setup correctly.

We’re doing our part to make the Internet more secure, and you should too! We encourage all members of the Internet community to implement DNSSEC for their own forward and reverse zones to help secure the Domain Name System as the Internet continues to grow and evolve.

 

Why Is the Transition To IPv6 Taking So Long?

IPv6 is an essential technology if the Internet is to grow, but adoption has been slow. Graeme Caldwell of Interworx takes a look at why organizations are holding back on IPv6.

Guest blog post by Graeme Caldwell 

We stand on the cusp of an explosion in the number of Internet-connected devices. The mobile revolution was just the beginning. Combined, the burgeoning wearables market and the Internet of Things will potentially create billions of new connected devices over the next few years. Every device will need an IP address and there are far too few available addresses within the IPv4 system to handle the sheer quantity of connections. It’s a problem that’s been predicted and solved for many years, in theory at least. But IPv6 is being adopted at a glacially slow pace.

The reasons for the gradual adoption are simple to understand. It’s expensive. The Internet is made up of tens of millions of servers, routers, and switches that were designed to work with IPv4. Upgrading that infrastructure entails a significant capital investment. As things stand, workarounds like NAT take some of the pressure off — but they are a temporary band-aid solution. In the long-term, transition to IPv6 will have to happen, but, given the level of the required investment, there’s not a compelling business argument to make the transition immediately.

To get the full benefit of IPv6, a significant proportion of the net’s infrastructure has to support it, and, with the exception of a few organizations, many don’t want to invest in infrastructure upgrades that don’t have any immediate benefit.

When they were developing IPv6, the Internet Engineering Task Force decided that, in order to implement new features in IPv6, the protocol would not be backward compatible with IPv4. IPv6 native devices are not capable of straightforwardly communicating with IPv4 devices. That makes incremental updating of systems difficult, because workarounds have to be put in place to ensure that legacy hardware and newer IPv6 hardware have a way of talking to each other — most IPv4 hardware will never be updated.

According to Leslie Daigle, Former Chief Internet Technology Officer for the Internet Society, “The lack of real backwards compatibility for IPv4 was the single critical failure. There were reasons at the time for doing that. But the reality is that nobody wants to go to IPv6 unless they think their friends are doing it, too.”

Forward thinking software companies have already included the necessary functionality to handle IPv6 in their products. At InterWorx, we could have left implementing IPv6 support until we absolutely had to, but the benefits of the transition for us and our users in the web hosting industry were undeniable. We wanted to give clients the option of using IPv6 so they can begin to prepare for the inevitable move and implement IPv6 systems. InterWorx includes a full suite of IPv6 management tools, including IPv6 pools management, IPv6 clustering, and diagnostic tools.

In a Feburary 2014 report, Google revealed that their IPv6 traffic had hit 3 percent and it’s currently at about 4 percent. That seems unimpressive, but it’s a sign that adoption rates are accelerating — the move from 2 percent to 3 percent took only 5 months and from 3 percent to 4 percent even less time. Under pressure from the proliferation of connected devices, we can expect to see organizations adopting IPv6 ever more quickly.

 

GraemeGraeme works as an inbound marketer for InterWorx, a revolutionary web hosting control panel for hosts who need scalability and reliability. Follow InterWorx on Twitter at @interworx, Like them on Facebook and check out their blog.

 

Caribbean Internet Governance Forum (CIGF) Celebrates 10 Years

CTU Telecommunications Specialist, Nigel Cassimire, shares what happened at this year’s Caribbean Internet Governance forum.

Guest blog post by Nigel Cassimire, Telecommunications Specialist, CTU

Caribbean IGFThe 10th edition of the Caribbean Internet Governance Forum (CIGF) was held at the Atlantis, Paradise Island Resort in The Bahamas from 6th to 8th August 2014. The CIGF is a regional, multi-stakeholder forum which was initiated by the Caribbean Telecommunications Union (CTU) and the Caribbean Community (CARICOM) Secretariat in 2005 in order to coordinate a regional approach to Internet Governance issues for the final session of the World Summit on the Information Society (WSIS) in Tunis that year.

The CIGF has since been convened annually by the CTU and lays claim to being the first such regional forum in the world, all others having been convened after the initial global Internet Governance Forum in 2006. The primary product of the work of the CIGF has been the formulation of a Caribbean Internet Governance Policy Framework issued in 2009, and updated in 2013, which:

  • Articulates a vision, mission and guiding principles for Internet Governance (IG) in the Caribbean
  • Identifies current priority areas in IG of greatest relevance to the Caribbean
  • Offers policy recommendations in such priority areas for the attention of all stakeholders

The theme of the 10th CIGF was “Building National Capacity for Global Influence” and specific objectives addressed in the agenda were to:

  • Build regional capacity in the area of ccTLD operation and administration
  • Review and update the Caribbean Internet Governance Framework V 2.0
  • Facilitate open discussion on the Net Mundial Outcomes, and the proposed NTIA transition.
  • Explore and spread awareness on Opportunities for Caribbean Growth through the Internet Economy
  • Develop a mechanism to ensure effective Caribbean representation at Global Internet Governance Fora.

There were over 40 registered participants representing Caribbean stakeholders in government, operating companies and other private sector, academia, civil society and, in particular, Caribbean ccTLDs for whom dedicated content had been included on the agenda. ICANN, ARIN, LACNIC, ISOC and Google all provided financial support as well as valuable agenda content. Agenda information as well as presentation slides are archived on the CTU’s event web page.

The 10th CIGF successfully addressed its objectives through presentations and several vibrant discussion sessions and, when necessary, focussed review of the policy framework document. Suggested refinements were identified for subsequent wider circulation and comment. This is the first step in the current revision cycle towards a third revision of the document for likely issuance in 2016.

Most importantly, the CTU Secretary General, Ms. Bernadette Lewis proposed an approach for fostering capacity building in IG at the national level in order to enhance Caribbean participation and influence globally in IG, consistent with the 2014 theme. This approach is based on mobilising relevant ICT resources and expertise in the Caribbean not currently focussed on IG e.g. computer societies, IT professional associations and the like.

The CTU will continue to foster multi-stakeholder collaboration in the Caribbean region on Internet issues and in particular through the medium of the CIGF. More deliberate efforts will also be taken in the near future to coordinate the work of the CIGF with the wider regional LACIGF and the global IGF. Please plan to attend the 11th CIGF that will be held in Suriname at a date to be fixed in 2015.

 

Nigel CassimireNigel Cassimire has been serving as a Telecommunications Specialist at Caribbean Telecommunications Union since July 2005, when he started independent consultancy. The CTU is a regional organisation with responsibility for the development of ICT policy within the Caribbean region. Its members are drawn from Caribbean Governments, private sector and civil society organisations. Nigel has over 30 years of experience in telecommunication industry. He has extensive knowledge in telecommunications technologies and services and is now working in telecommunications policy development at the Caribbean Telecommunications Union Secretariat.

 

 

 

IETF 90 Part 2: IPv6 reverse DNS

ARIN Advisory Council member, Cathy Aronson, shares some of her thoughts on IPv6 reverse DNS from IETF 90 in Toronto, Ontario, Canada last week.

IETF Language ButtonsGuest blog post by Cathy Aronson

Some thoughts on IPv6 reverse DNS.

Lee Howard was speaking in the Sunset4 working group at IETF 90.  He mentioned something that got me thinking.  I have often discussed in my talks problems in IPv6 that were unanticipated. A lot of these problems are unintended consequences of very large subnet sizes.  Some problems are outlined in RFC 6583.

Lee mentioned another interesting problem, reverse DNS.  Best practice [RFC1033] says that every Internet-reachable host should have a name (per RFC 1912) that is recorded with a PTR record in the .arpa zone.  It also says that the PTR and the A record must match.

So in IPv4 for a network block like 192.0.2.0/24 the entries would be in the form

1.2.0.192.IN-ADDR-ARPA.  IN PTR 1.user.anytown.AW.example.com.

2.2.0.192.IN-ADDR-ARPA.  IN PTR 1.user.anytown.AW.example.com.

The corresponding A records would be

1.user.anytown.AW.example.com.  IN A 192.0.2.1

2.user.anytown.AW.example.com.  IN A 192.0.2.2

So imagine an IPv6 /48.

A sample entry for 2001:0db8:0f00:0000:0012:34ff:fe56:789a would be be:

a.9.8.7.6.5.e.f.f.f.4.3.2.1.0.0.0.0.0.0.0.0.f.0.8.b.d.0.1.0.0.2.IP6.ARPA.  IN PTR 1.user.anytown.AW.example.com.

“Since 2^^80 possible addresses could be configured in the 2001:db8:f00/48 zone alone, it is impractical to write a zone with every possible address entered.  If 1000 entries could be written per second, the zone would still not be complete after 38 trillion years.”

It is also the case that addresses are assigned dynamically out of these huge address ranges and so it may be difficult to determine the address ahead of time.

The document outlines several solutions all of which have problems.  For detailed information about the solutions please consult the document.

In my opinion it may be time to take another look at this practice and see if requiring forward and reverse match is still necessary.  There are applications which depend on this and it’s not entirely clear that it is really needed any more.

I have asked some folks what is being done about this on networks today.  I was told that most  residential service providers are simply not providing reverse DNS for their IPv6 customers. Other service providers will delegate the reverse zone to the customer upon request and some provide a web portal for the customer to manage their own reverse.  Yet others generate the in-addr on demand.  So they perform the equivalent of $GENERATE but instead of storing all the generated responses in memory they generate the record when the request is received and respond with the generated record that is then discarded.  Another provider I talked to is planning on returning NXDomain (non-existent domain) when queried for the reverse.

 

Internet Governance Affects Us All

Guest blog post by John Sweeting, ARIN Advisory Council Chair & Sr. Director of Network Architecture & Engineering, Time Warner Cable

John SweetingWe recently attended the IGF-USA in Washington, DC and it got us thinking about why it is important for the ARIN community members to be involved with what is happening with the Internet as a whole.

Here are three things that are important to us as  users of the Internet and part of ARIN and the global Internet community.  All Internet users should probably put these issues on their radar too.

Evolution of the Internet governance ecosystem is occurring

With the National Telecommunications and Information Administration (NTIA) preparing to turn over oversight of the IANA stewardship functions to the multistakeholder community, there is a huge effort underway to determine a replacement that meets the requirements of the US government and more importantly the global Internet community’s needs for a healthy Internet. Currently a coordination group representing 13 communities (including the Number Resource Organization (NRO) which represents ARIN and the other Regional Internet Registries) has been formed to define and guide the transition process.  The important thing to note is that discussions occurring now could impact Internet operators and users alike for generations to come.

Conversations regarding increasing accountability are also occurring

One of the sessions at IGF-USA touched on increasing accountability, particularly the accountability of ICANN
.  One of the key points we took away from this session was that the more transparency that the key organizations can provide in managing the Internet infrastructure, the better.  Since ARIN is part of that infrastructure, transparency and accountability are important issues for our community as well.

Working together to find solutions to problems is key

The essence of a multistakeholder dialogue is that all parties are present in key forums to make their voices heard – everyone from civil society, government, technologists, research scientists, industry, and academia.  From the ARIN community especially, we have an interest in making sure the technical realities of how the Internet works are understood and unimpeded. It is important that we involve ourselves where discussions about Internet governance are happening.

Some of the sessions from IGF-USA are available to watch online if you’re interested.  We think it is very important to make yourself aware of what is going on now with Internet governance and always be looking for opportunities to contribute.

 

Getting Serious About IPv6 – Go Big or Go Home

Ed Horley provides a convincing case for the many reasons why you need to get an IPv6 plan in place now and how to overcome some of the common challenges along the way.

Guest Blog Post by Ed Horley

I gave an Interop IPv6 presentation titled “Getting Serious About IPv6 – Go Big or Go Home” in Las Vegas on April 3, 2014. Since then, ARIN announced it has moved to Phase 4 (down to its last /8 of IPv4 – that happened on April 23, 2014).  I think what surprised people the most (based on the feedback I got from the session) was that my argument about adoption for IPv6 had little to do with ARIN running out of IPv4. After all, this is what everyone talks about, that there are no more IPv4 addresses. My argument is:

You have already deployed IPv6… you just didn’t know it.

At this point, you may be scratching your head saying Ed is crazy, what is he talking about? Let me point out that all major OS platforms (and different flavors of those platforms) support IPv6 and have for a while now. It turns out that IPv6 is enabled (on by default) and preferred in almost all cases. To top it off, there are IPv6 transition technologies in Windows, there are zerconf capabilities in all the OSs, there is support for mDNS or LLMNR, and to top it all off, IPv6 has several address mechanisms per active interface on a host. If you add this all up it is highly likely that you have deployed IPv6, you just didn’t do it in a structured and controlled manner the way you did your IPv4 deployment.

If you have deployed IPv6 (congratulations by the way) but didn’t do any planning, what challenges do you now face?

First, do you understand the impact of turning off IPv6? Often when I point out that all the host OSs are running IPv6 many people want to jump immediately to shutting off IPv6. While this is possible (sort of), the question you should ask is, “will this impact my existing services?” Think carefully before you just start shutting off IPv6. Remember, it is enabled and preferred and if your existing production network is using IPv6 for some of its network traffic you will have a production outage while you disable IPv6. Furthermore, you might not even know all the applications that ARE using IPv6, have fun troubleshooting that one. Even after you think you have turned off IPv6 on your equipment, how often do you actually audit and check to see if it is running? Does it get re-enabled with OS patches and updates? What about third party equipment that runs on your network or wireless/wired guest network? How about BYOD and those devices that you can’t control the networking stack? The reality is, even though you think you are simplifying your workload, you aren’t. You will still need to set up sniffers that can detect and capture IPv6 traffic, otherwise, how will you know it is NOT running on your network? You will still have to collect and analysis log files that contain both IPv4 and IPv6. You will still have to write and maintain policy and security rules that include both IPv4 and IPv6.

At this point, it must be obvious, why not just adopt and support IPv6 if you have to do all this work for it anyway?!?

To make matters even more interesting, I argue that if you have industry compliance requirements and you do not have a plan for IPv6 (off, on, whatever) then there is no way you can say you are in compliance of an audit. Why? Because how do you pass an audit when you have a protocol running on your network you don’t understand, can’t get any information from and aren’t even watching?

What challenges do you have once you realize you need to have some sort of IPv6 plan in place?

I have heard repeatedly that education for staff is the biggest issue around IPv6. Does your team know anything about IPv6? Would they even know it if they saw it? ARIN has some great education resources available at https://getipv6.info along with the IPv6 info center and if you want specific IPv6 and Windows knowledge then consider picking up my book.

The next common challenge is getting your policies (IT, security, purchasing, etc.) modified to include and be thinking about IPv6. For instance, will you purchase the right equipment that supports IPv6 the “first” time or will you have to buy it all again in one to two years? Adopting newer OS platforms becomes easier because these newer platforms support IPv6 from the start. But what do you have to do for older systems? Initially, you really won’t notice anything until your service provider truly depletes their IPv4 address space. Then they will be forced to starting adopting and deploying IPv6 but they will use various methods in the meantime to extend the life of IPv4. They will most likely utilize a tool called Carrier Grade NAT (CGN). CGN breaks IPv4 uniqueness at a much larger scale. We used to hide a single household or commercial company behind a common IPv4 address, now we will hide an entire city, county or larger unit of people. CGN exasperates IPv4 port exhaustion issues; it compounds stateful NAT issues, along with just slowing things down.

Finally, what problems will you see happen as IPv4 runs out? It is going to get harder and harder for your employees to get public IPv4 at home. This can potentially cause problems for VPN, VoIP, Video, Collaboration and Gaming (depending on how those technologies are deployed). If third parties and employees start getting IPv6 through their service provider and you stay on IPv4 only, then their connection will have to be proxied to you. Because the session is proxied, you lose the ability to have end to end connectivity, something taken for granted in our IPv4 only world.

Lack of IPv6 has real world costs and impacts, and you are simply kicking the can down the road with the potential for even greater pain the longer you wait to adopt.

How do we start down the IPv6 path of enlightenment? What do we need to do next?

Well, as I mentioned earlier, education has been identified as the key thing people need, at all levels. This means you need to invest in educating your staff on how to design, deploy, operate and maintain a network running IPv6 and also one doing dual-stack. You will need to have an education plan and resources in place for your company to learn all this. Most importantly, this does not happen overnight, you need to start NOW! Why? Because once your staff is educated it is much easier to build a plan. A plan needs to be tailored to your company needs and requirements. You need to include testing and validation of network, operating systems, apps and everything in between to insure you are on the right path. Oh, and you will need a lab – trust me on this one. You will need people from every team involved in the education and training. Why? Because while IPv6 at first glance appears to be a networking only function you will quickly discover that your application, database and help desk teams will need to know, understand and troubleshoot it. You will also need to understand the business impacts of starting the adoption of IPv6. Seriously? Did he just say business impacts? Yes, you many have critical home grown business applications that do not work with IPv6. You might have partners in the world that only have IPv6 as a protocol option. You likely want to understand what the impacts will be before you run into an unpleasant surprise along the way. If the majority of your business is on, from, or coming across the Internet then supporting IPv6 is critical to your business.

Let’s say I still have not convinced you. You still don’t believe you will be using IPv6 anytime soon in your company. Well, the last holdout OS in the market that did not support IPv6 was Windows XP and Microsoft end of support happened on April 8 2014. This means if you are deploying a newer OS (Microsoft Windows, Apple iOS and OSX, Android, Linux, FreeBSD, CentOS, etc.) of some kind, guess what? Yes, that is right, you will be dealing with IPv6 regardless of how much you want to avoid or ignore it.

IPv6 is the future and the future is NOW!

 

Ed HorleyEd Horley is the Practice Manager for Cloud Solutions and Practice Lead for IPv6 at Groupware Technology in the San Francisco Bay Area. Ed is actively involved in IPv6 serving as the co-chair of the California IPv6 Task Force and additionally helping with the North American IPv6 Task Force. He has presented at the Rocky Mountain IPv6 Summit, the North American IPv6 Summit, the Texas IPv6 Summit in addition to co-chairing and presenting at the annual gogoNETLive IPv6 conference in Silicon Valley. He has also presented on IPv6 at both Microsoft TechEd North America and Europe, at TechMentor in Redmond, Orlando and Las Vegas, at InterOp in Las Vegas and at Cisco Live in North America and Europe. Ed is the author of Practical IPv6 for Windows Administrators from Apress (2013). He is a former 10 year Microsoft MVP (2004-2013) and has spent the last 18+ years working in networking as an IT professional. Ed enjoys Umpiring Women’s Lacrosse when he isn’t playing around on IPv6 networks. He maintains a blog at http://www.howfunky.com/ where he covers technical topics of interest to him and is on twitter at @ehorley.

IETF 90 Part 1

ARIN Advisory Council member, Cathy Aronson, is at IETF 90 in Toronto, Ontario, Canada this week. Follow along as she shares her findings with us on TeamARIN!

Guest blog post by Cathy Aronson

Cathy Aronson

Yesterday morning I attended the IEPG (Internet Engineering and Planning Group) meeting here at IETF 90.  George Michaelson of APNIC gave an interesting presentation about Teredo (a tunneling technology that allows IPv6 capable hosts to use IPv6 over a IPv4 only connection).  George’s slides are here.  The great thing about his presentation is that he observed Microsoft doing exactly what they said they were going to do.  They turned off their Teredo relays.  It is clear in George’s graphs that the Microsoft Teredo relays have been turned off.   The presentations about sunsetting Teredo are linked here:

http://www.ietf.org/proceedings/87/slides/slides-87-v6ops-5.pdf

http://www.ietf.org/proceedings/88/slides/slides-88-v6ops-0.pdf

George talked about how the Microsoft relays continue to cause a lot of zombie tunnels. Microsoft is apparently still sending “who am I” endpoint signaling but not carrying IPv6 data.   Further there are a lot of other autonomous systems that are serving up Teredo tunnels.  George listed them in his presentation and suggested that they stop doing Teredo.

 

ARIN is in the Caribbean

By Cathy Handley, Executive Director of Government Affairs and Public Policy, ARIN

ARIN is in the CaribbeanSee what we did there?  Not only are the letters A-R-I-N actually in the word cARIbbeaN, but so much more.  There are many Caribbean economies in the ARIN’s service region and we work hard to serve everyone that depends on us for Internet number resources.

For those of you in the Caribbean, we have some suggestions for what you can do to prepare for the future of the Internet and to get more involved in ARIN and other important organizations in the Caribbean.

Get ready for IPv6

Network operators and content providers alike need to prepare for the future Internet.  You can find resources about IPv6 adoption on our IPv6 Info Center and IPv6 Wiki.  When you’re ready to request IPv6 addresses, it’s easy, just begin on our Request Resources Page.

Get involved in Internet governance discussions

The future of the Internet is too big of an issue to ignore, and many discussions are going on now that will affect how the Internet is managed in the years to come. Find information about what Internet governance is, and how you can get involved on our Internet Governance webpage.

Attend an ARIN Meeting

ARIN holds two Public Policy and Members Meetings a year for members of the entire Internet community to engage in policy discussions and network with colleagues. These meetings are held in locations across the US, Canada, and Caribbean to allow individuals in all areas of the ARIN region to attend.  In April 2013 we hosted our meeting in Bridgetown, Barbados.

Apply for a fellowship to an ARIN Meeting

We also offer the opportunity to attend an ARIN meeting for free through the ARIN Fellowship Program.  Thus far, twelve fellows have come from the Caribbean and we are always seeking more applicants. For those who are not able to attend an ARIN meeting in person, we also offer many remote participation options as well.

Get involved with CaribNOG

ARIN works closely with local operator groups in our region, including the Caribbean Network Operators Group (CaribNOG), toward the shared goals of the successful operation of the Internet infrastructure. ARIN regularly sponsors CaribNOG and members of our engineering team frequently give presentations at these events to help support the needs of Caribbean network operators.

Get involved with the CTU

ARIN has been a supporter of the Caribbean Telecommunications Union (CTU) since 2007.  The CTU is an organization dedicated to facilitating the development of the regional telecommunications sector as well as working with Caribbean intergovernmental agencies for capacity building, knowledge sharing, education and policies for Internet governance within the Caribbean. ARIN provides educational information at Ministerial and ICT Roadshows, collaborates to get the word out about ongoing ICT capacity-building efforts carried out by the CTU, and, where possible, lends resources to reach ARIN’s Caribbean community.

Get involved with CANTO

The Caribbean Association of National Telecommunication Organization (CANTO) serves the Caribbean telecommunications and Internet community by influencing policy, providing information in all aspects of the industry as it evolves, and facilitating a meaningful collaborative process. ARIN consistently sponsors and sends speakers to the annual CANTO meeting to support their efforts in the Caribbean ICT community.

Join ARIN’s Government Working Group (AGWG)

ARIN has maintained a long-standing, well-established working relationship with the governments, regulators, and law enforcement agencies (LEAs).  This cooperative relationship has become increasingly important, as the wider Internet community strives to ensure that all voices are heard and the interests of all parties are considered.  The ARIN Government Working Group (AGWG) is a forum for learning about and discussing matters relating to the Internet, with specific focus on cooperation between the private and public sectors. The AGWG provides a venue for ARIN community members and government representatives to meet and discuss areas of common interest

There are lots of ways you, as a Caribbean community member, can participate in the issues, forums, and organizations at the core of Internet.  All of the contributions you make are valued and help keep the Internet open, stable, and secure.

 

Gearing up for IGF-USA

By Cathy Handley, Executive Director of Government Affairs & Public Policy, ARIN

globeIt isn’t news that the Internet community is living in interesting times.  Since the NTIA announced its intention to transition oversight of the IANA functions to the global multistakeholder community in March of this year, the debate has been fast and furious.  At ICANN 50 in June the panels on the transition process and the larger issue of ICANN accountability were among the most heavily attended sessions on the agenda. While discussion in ICANN continues, we are heading into the Internet Governance Forum USA (IGF-USA) on 16 July, when thought leaders from across the US Internet community will meet at George Washington University for this full-day event, from 8:30 AM to 7:00 PM. If you are in DC, we encourage you to take advantage of free registration to attend, but more importantly we strongly encourage you to tune in to the webcast on the IGF-USA website to learn more about current Internet Governance issues, including those surrounding the IANA functions oversight transition and ICANN accountability.

Some of the other topics on the agenda include:

  • Human Rights in the Internet Governance Debate
  • Net Neutrality Around the World
  • The Evolution of the Internet Governance Ecosystem, and
  • Big Data, The Internet of Things, Privacy and Trust

IGF-USA 2014 is a multistakeholder US forum designed to engage civil society, government, technologists, research scientists, industry and academia, helping to create partnerships, coalitions and dialogues that demonstrate best practices and help move policy forward.

Be part of building a US based coalition to generate momentum around priority Internet governance issues and practices under consideration.

Don’t miss out on your chance to take part in this regional preparatory event as ramp up toward the Ninth Annual IGF meeting in Istanbul, Turkey continues.

We will also be soliciting your input in the months to come on the IANA functions oversight transition as part of our responsibilities in that process. You can learn more and find other ways to participate in the ongoing dialog by visiting our IANA Globalization page.

 

IPv6 Effects on Web Performance

Will IPv6 positively affect web performance in the future? Blake Crosby shares his thoughts on the answer to this question.

Guest Blog Post By Blake Crosby

There are a lot of efforts to improve the speed of the web. The inevitable release of HTTP 2.0 in the near future will address many of the existing web performance bottlenecks.

Will IPv6 increase web performance in the future?

The answer is Yes! IPv6 has many improvements over its v4 counterpart that will help make the web a faster place.

Packet Fragmentation

IPv6 does not fragment packets; this means that any packet reassembly does so at the client or at some other endpoint. The router is free to use those extra CPU cycles to move packets faster through the network.

Checksumming Done at Higher Layers

Routers don’t need to spend time checking the integrity of the IPv6 header (for TCP packets). Instead, validating the data packet happens at the TCP layer. Less work for the router means moving those packets faster!

Keep It Simple

The IPv6 packet header is much simpler than the IPv4 header, making it much easier to process these packets as they flow through routing equipment

IPv6 and IPv4 Packet Headers

For example, the Time To Live (TTL) field has been replaced with a Hop Limit field (a simple counter), thus routers don’t need to calculate the time the packet has spent in queues. One less calculation to be made before sending that packet along to the next hop.

Bigger Is Better

Reducing the number of round trips is the best way to improve your web browsing experience. IPv6 can help with that by using Jumbograms. Having the ability to squeeze up to 4096 MB in a single packet will reduce the number of round trips required to download data. Provided the link layer has a large enough MTU.

Better Mobile Performance

Due to IPv4 limitations, mobile devices need to use Triangular Routing in order to receive and send packets to/from the Internet. In triangular routing, the mobile device is able to send packets directly to the remote host; however, the remote host must route packets through a “Home Agent” which can be very far away from the actual user.

For example, a particular network may have a limited number of home agents. If the mobile device is located in San Francisco, and the mobile carriers home agent is located in Houston, all packets destined for that San Francisco mobile device must be routed through the home agent in Houston.

Mobile IPv6 eliminates the need for this network architecture. Packets need not be routed through a home agent.

If you are interested in learning more about the challenges of improving web performance, see my analysis of IPv4 versus IPv6.  Additionally, I highly recommend “High Performance Browser Networking” By Illya Grigorik.

 

Blake CrosbyBlake is an Operations Engineer with Fastly, the smartest CDN on the planet.

His intimate knowledge of web performance ensures that Fastly stays ahead of the curve with emerging technologies.

He’s also on the Board of Directors for the Toronto Internet Exchange (Torix).

 

Discussing Governance of the Internet

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

The Internet is a victim of its own success due to its complex, global nature. At first the Internet was just made to work, but now it is growing up.  Governments are wondering how to fulfill their traditional responsibilities and how to deal with this technology that has transformed almost every aspect of our world.

At the most recent NANOG meeting, an expert panel touched on the subject of Internet governance from an outline of current events to how to get involved. The focus of panel centered on transitioning the oversight of the Internet Assigned Numbers Authority (IANA) functions (for some background info, check out our IANA Globalization page).

Participants in the panel included moderator: Paul Brigner, North America Regional Bureau Director at ISOC. Panelists: John Curran, President and CEO at ARIN; Scott Mansfield, Lead Architect at Ericsson; Alissa Cooper, Distinguished Engineer at Cisco Systems; Mehmet Akcin, Internet Evangelist at Microsoft

Watch the full webcast here:

 

Since the panel was conducted for an audience of network operators, the conversation heavily emphasized how everyone, including members of the technical community, have an opportunity to get involved to share their unique perspectives and to ground discussions in facts.

Coming up soon are several regional and international Internet Governance Forums you may have the opportunity to participate in.  From the ARIN region, in July will be the IGF USA and in August the Caribbean IGF.  In September the global annual IGF will be held in Istanbul, Turkey.  These are important meetings at the crossroads of the communities who comprise the Internet stakeholder groups – including government, the technical community, and civil society. Follow along with us and explore your opportunities to participate by visiting ARIN’s Internet Governance Resource Center.

 

Just in time for summer – IPv6 is heating up

By Hollis Kara, Communications Manager, ARIN

Just last week was the second anniversary of the World IPv6 Launch, and the Internet Society published some interesting and useful information in celebration of this milestone—everything from an infographic to IPv6 case studies.

This activity kicked up some chatter in the Twitterverse. Here are just of few of some of the cool tweets we spotted last week:

But that isn’t the only milestone event that is contributing to the rising interest in IPv6.

This week we also got word from our region to the south that LACNIC reached their final /10 of IPv4 address space on Tuesday, marking the exhaustion of addresses in their region.  This event has sparked further discussion about the need to deploy IPv6.  Just today ArsTechnica touted with the Americas running out of IPv4, it’s official: The Internet is full.

If you are looking for examples of who is making the move to IPv6 and why, we have a video that is worth your time. During NANOG 61 Cameron Byrne of T-Mobile gave an excellent presentation about his company’s efforts to get IPv6 to millions of smartphone users.

IPv6 is definitely on an upward trend.  More and more people are actively engaging in the discussion about the need for IPv6 and calling for business to get ready for this new protocol.  Yesterday GigaOm encouraged cloud providers to get with IPv6 program due to the billions of devices coming online.

Momentum is shifting, and we are excited to see what happens next.

 

ARIN Number Policy Discussions – the ARIN PPC – at NANOG 61

By Einar Bohlin, Senior Policy Analyst, ARIN

Tomorrow morning during NANOG 61, ARIN will host a  Public Policy Consultation, or PPC, to discuss possible changes to Internet number resource policy. Currently the Advisory Council’s (AC) docket includes 10 Draft Policies and 4 Recommended Draft Policies, so there are will be a lot to discuss.

ARIN PPC at NANOG 61 Bellevue

The Draft policies are simply proposals that have been found by the AC to be clear and in scope. They are all works in progress. Tomorrow the AC will be seeking community feedback to see if consensus can be found on the value these proposals offer in the creation of  good policy. Drafts can either go forward to become recommended, or they can end up being abandoned.

Recommended Drafts are further along in the policy process. The AC has found them to be fair, technically sound and having some support from the community. By promoting a draft to the recommended state the AC is telling you that this has been found to be good policy; and it is on track for adoption to be new number policy. After these are presented Recommended Drafts are eligible to go to a last call on the mailing list. This could happen after the AC’s June teleconference. In fact, you could look at the presentation of Recommended Drafts as the beginning of last call. These are normally going to become policy unless there is substantive opposition.

An example of a current Recommended Draft Policy is ARIN-2014-13: Reduce All Minimum Allocation/Assignment Units to /24. This policy change would reduce the minimum allocation or assignment to a /24. This means ISPs and end users with a need for a /24 or larger network could request that from ARIN.

If you’re already attending NANOG, please join the discussion of Internet number resource policy Tuesday morning. If you’re not attending NANOG, you can still participate to the ARIN session free of charge either in-person or online. See the event information about the ARIN PPC at NANOG 61. There you can find registration information, remote participation info, the agenda, and a Discussion Guide with all the proposals and drafts being discussed.

 

 

Top 3 reasons PR pros need to know about IPv6

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

Not a lot people outside of the technical community are aware that the Internet is undergoing one of its most important evolutions to date.  To put it simply, the Internet as we know it will soon be a thing of the past. The pool of available IPv4 addresses has just about run dry, and once they are gone, the old Internet will be replaced by a new network based on a new protocol: IPv6.  This change will have a massive impact on public relations professionals who increasingly rely on data to track campaign performance, conversions and website traffic.

This week PR News featured a byline by ARIN’s President and CEO, John Curran, on PR’s Stake in the Evolution of the Internet, where he explained why it is critical that public relations professionals pay attention to the evolution of the Internet and why the shift to IPv6 will have a major impact on their day-to-day work.

IPv6 for accurate web campaign performance metrics

Here are the top 3 reasons we think PR pros ought to know about IPv6:

1. Reach all your audiences

As IPv4 addresses become increasingly scarce, more and more new users are connecting to the Internet via IPv6 across the world. If your website isn’t IPv6-enabled, it may be unreachable to new Internet users in the near future.

2. Measure effectively

If you use tools to determine website visitors’ behavior and preferences, including what’s driving traffic, geographic location of potential customers, and conversion rates, IPv6 is essential to you. When Internet users browse the web via an IPv6-only connection but want to load a website that is not IPv6-enabled, they must use a network gateway that can make it appear like they are coming for a different location than they actually are.  This can throw off website analytics that are used to determine target audiences and campaign successes or failures.

3. Stay ahead of the competition

If people are having trouble accessing your website, they could turn to competitors who have already made their content available over IPv6.  Many major online companies such (Google, Facebook, Bing, YouTube, Yahoo, to name a few) have already have made their websites IPv6-enabled, and you should too.

 

 

IPv6 Addressing Tips

Ross Chandler, Principal Network Architect of IP network evolution at Eircom/Meteor, shares a few tips on working with IPv6 from his own experience.  The bottom line? You can do this!

Guest Blog Post by Ross Chandler

The most significant changes with IPv6 are: vastly more addresses and the way the extra bits are used. Here are a few practical tips for when you’re adding IPv6 to your network and connected devices.

Don’t stress about the length of IPv6 addresses

The long ones only occur when they’re generated automatically. Don’t attempt to read out one of these long addresses for another human being. You can assign shorter IPv6 addresses by static configuration or by DHCPv6.

Use the 4-bit nibbles when making an addressing plan

The 4-bit (hexadecimal) character positions makes subnetting easy.

e.g. Your assignment might be 2001:db8:1234::/48

This can be subnettied into 16 /52s  (prefix length increased by 4)

2001:db8:1234:0000::/52

2001:db8:1234:1000::/52

.

2001:db8:1234:f000::/52

 

Each of the /52s can be further subnettted into 16 /56s

2001:db8:1234:2000::/56

2001:db8:1234:2100::/56

.

2001:db8:1234:2f00::/56

And so on down to the /64s.

Combining contiguous nibbles allows a prefix to be subnetted into a larger number [16^(number of nibbles)] of smaller subnets with prefix length increased by 4 * (number of nibbles).

2001:db8:2014:1000::/48 can be subnetted into 16 /52 prefixes. 16 = 16^1 and 52 = 48 + 4 * 1.

2001:db8:2015:1200::/48 can be subnetted into 256 /56 prefixes. 256 = 16^2 and 56 = 48 + 4 * 2.

2001:db8:2016:1230::/48 can be subnetted into 4,096 /60 prefixes. 4,096 = 16^3 and 60 = 48 + 4 * 3.

IPv4 subnetting is not as simple as that.

Odd or even address conventions

If you use a /30 IPv4 subnet on a link then a /126 IPv6 prefix length will allow both the IPv4 and IPv6 address at either end to be odd or even.  Similarly for /31 IPv4 or /127 IPv6 links.

You can be liberal with your use of IPv6 /64 prefixes

Don’t be afraid to be liberal when assigning /64s. It’s often helpful to think of 64 bit prefixes as the smallest unit of address assignment of v6. For example, assign a full /64 for each point-to-point link even if you intend using a /126 or /127 mask. This is all right because whether there are 1 or a 1,000 devices on the LAN, compared to the 2^64 possible addresses both are almost equally sparse. Stateless address autoconfiguration (SLAAC) mandates the use of a /64 prefixes on LANs. This fact and the :: compactor allows manually assigned IPv6 addresses to be written in short form with almost half the number of characters as a typical SLAAC assigned address.

Assigning more specific IPv6 subnets

You can make assignments with larger prefix lengths. For example, you may have IPv4 DNS server addresses 203.0.113.1 and 203.0.113.2 and so decide to use the first two addresses from your IPv6 allocation for your IPv6 DNS server addresses 2001:db8::1 and 2001:db8::2. The service number (e.g 53 for DNS) could be the host part of the address.

 

Ross ChandlerRoss Chandler
Principal Network Architect – IP network evolution
Eircom/Meteor