Tag Cloud:

ARIN Public Policy Discussions are heading to Baltimore

By Einar Bohlin, Senior Policy Analyst, ARIN

 

It has been a busy summer, and things show no sign of slowing in the world of the ARIN Policy Development. Soon you will have two opportunities to take part in the discussion of 10 policy proposals.

Your first chance will be during the Public Policy Consultation (PPC) at NANOG 62 on 7 October 2014 from 9:30 AM – 1:00 PM EDT.

https://www.arin.net/ppcnanog62

Full calendar on the 7th? How do things look on the 9th? You can join us for the ARIN 34 Public Policy Meeting, from 9:00 AM – 5:00 PM EDT.

https://www.arin.net/ARIN34

Can’t make it to Baltimore? Participating online can be equally rewarding. Anyone can view the live transcript and webcast on the ARIN website throughout the meeting, and registered remote participants can submit questions and comments alongside in-person attendees and raise a virtual hand during straw polls.

Full details about remote participation are available on the meeting websites.

I hope you will plan on joining us and add your voice to the discussion.

Build Your Own IPv6 Lab

Get your hands dirty. Playing with IPv6 can be the best way learn it. Jeffrey L. Carrell lays out how you can build an IPv6 lab from the comfort of your own home for no more than a few dollars.

Guest Blog Post by Jeffrey L. Carrell

IPv6 is called the new Internet protocol. However, it’s been running on the Internet since 1999, so it’s really not so new, it’s just that not a lot of networks have implemented it as of yet. The challenge is that it is different from what we are all used to working with. It’s a bigger number: 128 bits compared to IPv4’s 32 bits. It has colons instead of periods (ok, dots for us diehard networking folks).  It has all new routing protocol components. And on, and on. But, it has WAY MORE possible addresses than IPv4! The theory is, we should never run out in our lifetimes! But, it is different.

So, how do you learn about IPv6 if your company is not implementing IPv6? How do you afford the equipment that is capable of running IPv6? More importantly, should you spend your own money and time to learn about IPv6 if there are no other compelling reasons or funding? The answer: YES, you should learn it on your own! A professional technologist should realize that investing in yourself is important and generally does payoff in the future.  How much are you willing to invest, money wise? How about very little (and I mean ‘little’ as in a few bucks)?

For a small investment of a computer (which you probably already have), a free virtualization application, a free full-blown routing application, an Internet connection (even free WiFi at the coffee shop will work), $5.00 USD investment for an IPv6 tunnel account, and free or evaluation versions of client operating systems; you can build a sophisticated lab and learn IPv6 just as effectively as if you had invested a lot more money.

The platform I’d recommend consists of a single computer with 8+ GB ram, 200MB hard disk, dual-core or better processor, one or more networking interfaces, Oracle’s VirtualBox, VyOS (routing software), Freenet6 account and software (IPv6 tunnel service), client OS’s such as a Linux platform and/or Microsoft Windows evaluation versions, and an Internet connection that is IPv4 only. With this as a base system platform, you can also add external equipment and build a larger lab environment.

The purpose here is to “play” with IPv6. What I have found not only for myself, but for many others who I’ve had in IPv6 training classes, only reading about IPv6 does not provide adequate knowledge or the hands-on experience that leads to the actual learning of IPv6. You need to see the configuration components; you need to look at the packets with a protocol analyzer; you need to try different configuration scenarios. The doing will drive home the learning!

You can create your own IPv6 lab environment with just about any option to what I’ve outlined above. Any VM application will work, many routers and/or routing applications will work, and there are a few choices in choosing an IPv6 tunnel provider. My personal goal was to find the combination that didn’t require a lot of money or special hardware, and didn’t require specific types of Internet connectivity (e.g. you’re not required to have a static IPv4 address, generally the way home Internet services is provided). Another major aspect of this IPv6 lab system, is to have real IPv6 Internet connectivity over an IPv4 only connection, which means you can actually use IPv6 to communicate to the outside world. You can even configure a client VM to not have any IPv4 at all! I have tested this system at various WiFi hotspots, friends’ networks, and even at 37K feet in the air while flying on a plane that had WiFi.

I started with an account with Freenet6, which allowed me to build a system that provides for a /56 subnet for IPv6, which could provide up to 256 /64 IPv6 subnets. I generally design breaking the /56 into 16 /60s and then each /60 provides 16 /64s. This lets me build multiple networks, and I can then enable different IPv6 routing protocols to really test my configs. A most excellent resource specifically covering IPv6 addressing topics soon to be published is “IPv6 Address Planning” by Tom Coffeen by O’Reilly. Another great resource is Rick Graziani’s book “IPv6 Fundamentals: A Straightforward Approach to Understanding IPv6” by Cisco Press which covers not only IPv6 basics but routing in an IPv6 network as well, with a focus on Cisco IOS.

So far I’ve made it sound easy to throw all this stuff together in a pot, stir it around a bit, and presto-changeo you have a way-cool IPv6 lab. Unfortunately that is not exactly the case. It does take a bit of tweaking and modifying to make the base system work. Initially you download all the software you need and also sign up for your Freenet6 account. Then you install VirtualBox and create a VyOS virtual machine (VM). After getting the VyOS VM going, the real fun begins. You must do some updates to the Debian base which VyOS runs on and then install the freenet6 (called gogo6) client software. After getting that all going, there are a few tweaks to the gogo6 main configuration file for account info, etc., and to the router config file gogo6 calls within VyOS. It’s a bit more complicated than I have time or space to cover here. After all this, you can then configure one or more client VMs to play with.

Here is what the IPv6 Lab system could look like:

Network Diagram Screenshot

After configuring the system, I have an IPv6 tunnel up and running, and a Linux client on a different IPv6 subnet, on an IPv4 only connection to the Internet, all in VirtualBox:

VB VyOS Screenshot

If you want to learn more about how you can set up your own IPv6 home lab, I will be facilitating two half-day hands-on workshops on this project at the upcoming 2014 North American IPv6 Summit on September 23-25 in Denver Colorado. There is still time to register for the workshop and/or the IPv6 Summit.

 

Jeff Carrell

Jeffrey L. Carrell is Network Consultant at Network Conversions. Jeff is a frequent industry speaker, freelance writer, blogger, IPv6 Forum Certified Trainer, network instructor and course developer to major networking manufacturers, and technical lead and co-author on 2 books: Guide to TCP/IP 4th Edition (contributing IPv6 content) and Fundamentals of Communications and Networking 2nd Edition. Jeff focus’s on IPv6 interoperability, and delivers lectures and IPv6 hands-on labs at technical conferences worldwide. As an IPv6 Forum Certified IPv6 Trainer, Jeff offers IPv6 Forum Silver and Gold Certified courses, customized IPv6 training courses, is an IPv6 Instructor for HP Education Services for their IPv6 Foundations course, and an IPv6 Instructor for Nephos6 for their IPv6 Foundations course. Jeff is a featured IPv6 instructor for the gogoNET online community, offering webinars and online workshops on IPv6 technologies via the gogoTRAINING initiative. Jeff is also a “Protocol Analysis Workshop” facilitator for Riverbed. Jeff has been involved in the computer industry for 35 years and has concentrated his endeavors in the internetworking portion of the industry for over 28 of those years. Jeff actively participates on IPv6 topics on twitter @JeffCarrell_v6.

 

IANA Oversight Transition Q&A

By Cathy Handley, Executive Director of Government Affairs & Public Policy, ARIN

IANA_bill_Stewardship-03There is a lot of confusion about the IANA oversight transition,  so we pulled together this Q&A to answer your questions about what is really happening. As we get ready to discuss this topic as a community at ARIN 34, we want to make sure you have a clear understanding of the issues.

Is the US government giving the Internet away?

No, the intention has always been to transfer the oversight of the Internet Assigned Names and Numbers (IANA) functions away from the U.S. government to the global community.

Exactly what was proposed in the National Telecommunications and Information Administration (NTIA) 14 March announcement?

The NTIA intends to transfer the role of oversight of the IANA functions it currently performs to the global multistakeholder Internet community.

What does it mean, NTIA has “oversight” of the IANA functions?

The role of NTIA is to ensure that ICANN meets the obligations as outlined in the IANA functions contract. Visit this page for background on the IANA functions role.

Where can I find the IANA Functions Contract?

The full text of the contract is available on the NRO website.

Will ICANN continue to perform the IANA functions after the transition?

Yes, ICANN will continue to perform the operational role associated with the IANA functions; it is only the IANA oversight role of NTIA that is changing.

What is the role today of NTIA in addressing?

Today NTIA has a procedural oversight role in the performance of the IANA functions.  For example, the RIRs might expect the NTIA to review IANA’s performance if there was an issue with how IANA was managing the allocation of resources to the RIRs. According to the NTIA, its role is largely symbolic; it is not an operational role.

Why is ICANN in charge of the process?

ICANN is not in charge of the transition process.  As the entity that performs the IANA functions, ICANN was asked to facilitate the process. It is now in the hands of the IANA Stewardship Transition Coordination Group (ICG). The NTIA will determine if the proposal being developed by the ICG is acceptable.

What is the IANA Stewardship Transition Coordination Group (ICG)?

As defined by the ICG Charter: The ICG acts as a liaison to the all interested parties including those with direct operational or service relationship with IANA, namely names, numbers and protocol parameters.  The ICG will solicit proposals from the operational or service communities in addition to the broader community.  The ICG will then assess the outputs of the three operational communities for compatibility and interoperability.  Following the assessment, the ICG will assemble a proposal for the transition.

Is ARIN participating in the process?

ARIN is participating through the Number Resource Organization (NRO) and NRO Number Council with three representatives as members of the ICG. The NRO will put forth a proposal based on the inputs of all five Regional Internet Registries (RIRs).

ARIN will be contributing its community input following the ARIN 34 meeting this fall.

How can I get involved or stay informed throughout the transition process?

There will be an email consultation that will begin before and continue after the ARIN 34 meeting.  There will also be a session on 9 October during the ARIN 34 meeting where we will be accepting feedback either in person or via remote participation.

You can also follow the work of the Coordination Group and other transition process news.

Is there anything I need to do?

The best thing to do is to stay informed.  You can follow the process through the both the ICANN and Team ARIN websites.   In addition there will be open discussions at the ARIN 34 meeting in Baltimore, and you can contribute your opinions during the consultation.

What happens if agreement is not reach by September 2015?

Nothing.  The current IANA functions contract has the possibility of two, two-year extensions. The two, two-year extensions afford the community time to continue to discuss to come to an agreement.

When will this actual transition occur?

Once an agreement has been reached on the new oversight mechanism, the actual transition process will begin.

Who will have oversight after NTIA?

In general, the global multistakeholder community, the specifics of which are being determined through the consultation process.

When the oversight of IANA changes, who will be in charge of Internet number resource global policies and how could this affect global policy?

The RIR communities will continue to be responsible for initiating and developing global policies. Global policy will not be affected by a change in who has oversight responsibility for the IANA functions.

Will a change in IANA oversight impact how IP addresses are allocated?

No. The ARIN community will continue to develop the policies under which ARIN allocates Internet number resources.

 

 

Internet Governance Forum 2014 in Istanbul, Turkey

By Jennifer Bly, Public Relations and Social Media Coordinator, ARIN

Internet Governance Forum IGF 2014Last week I had the privilege of attending the Internet Governance Forum (IGF) in Istanbul, Turkey to support the Number Resource Organization (NRO) on behalf of ARIN.  More than 2,300 people convened in Istanbul, Turkey plus another 1,100 tuned in online to discuss Internet Governance matters with the theme “Connecting Continents for Enhanced Multistakeholder Internet Governance.” This being the first IGF I’ve attended in person, I have a few observations I’d like to share with you.

The IGF brings together varied viewpoints from around the world and from many cross sections of the Internet community; there were stakeholders representing development, regulatory, technical, economic, social, and civil society communities.  These individuals, many experts in their respective fields, meet at the IGF to share and represent their interests, and this leads to many rich discussions.

Anyone who attends an IGF will quickly notice the emphasis that is placed on the importance of multistakeholderism throughout the forum.  By the end of week there wasn’t an attendee who hadn’t used the word “multistakeholder” at least 15 times. Yet no matter how overused the term, the concept of a multistakeholder approach to Internet governance where everyone can participate on equal footing, remains a highly valued component.

IGF 2014 Opening Ceremony

There are a few fundamental issues people seem to amicably agree on—those being the goal of working toward a better Internet, and generally, a more stable and robust Internet.  Indeed, Vint Cerf rounded out the opening ceremony with the acknowledgement that we are all committed to a better and evolving Internet that will serve all of our needs. You can view his speech on YouTube. And furthermore, you view many IGF sessions from last week on the IGF’s YouTube Page.

ARIN participated in IGF through the Number Resource Organization (NRO) as we have for each and every IGF to date.  The NRO had a booth in the IGF village where we spoke to delegates about all of kinds of topics from how to get involved in the IANA oversight transition process to why deploying IPv6 is important. The NRO had representatives from each of the five Regional Internet Registries to speak with attendees from all over the world.   The NRO also had individuals participate in many sessions of importance to the RIR communities on everything from potential impacts of carrier grade network address translation to the evolution of Internet governance ecosystem.  The NRO also kicked off @theNRO twitter handle with live tweets through which you can scroll back to catch some of the highlights from many #IGF2014 sessions.

Part of IGF is meeting many individuals who are passionate about making the Internet a better place. One such person is Deirdre Williams, an Internet end user in Saint Lucia, West Indies, who described one of her main takeaways from IGF as being:

The IGF is a place where the human considerations can be injected back into the tech. For me the most important consideration is balance – human beings respond badly to absolutes. The discussion has a tendency to fragment during the year; the IGF provides an opportunity to bring all the different perspectives back together again into the same space.

Internet Governance Forum Workshop 2014

It’s amazing how people can come together to have constructive discussions on such a pressing topic like how the Internet will be managed in the years to come. For an overview of what happened at the 2014 IGF, a draft Chair’s Summary of the 9th IGF is available. Next year the IGF will be hosted by Brazil, in João Pessoa, Paraíba from 10-13 November 2015.  Until then, you have lots of time to speak with your respective RIR to learn more about the opportunities you have to get engaged in Internet Governance dialogue.  If you reside in the ARIN region, here’s one place where you can get started. It seems to me, the technical community in particular has done a lot of work to educate, advise, and be available for conversations about the Internet technology they build and maintain.  Yet, there always remains a need for more technically-skilled individuals to join in these conversations, build relationships, and provide expertise on issues vital to making Internet technologies actually work.

What do terms like multistakeholderism, Internet governance, and technical community really mean?

Reflecting on the Internet Governance Forum, Suzanne Woolf explains how difficult it can be to come to a common understanding about the terminology used at the IGF and her impressions as a first-time attendee last year.

Guest blog post by Suzanne Woolf

Last year I went to my first Internet Governance Forum in Bali, Indonesia.  I was involved in several workshops and discussions about “the role of the technical community in Internet governance,” including the Regional Internet Registries (RIRs) and Internet Engineering Task Force (IETF); the role of governments; questions of increasing access to communications resources for the next billion users; and reactions to “pervasive monitoring” of Internet communications by US and other intelligence agencies.

I’ve been involved with “Internet policy” for many years now, as a member of ARIN’s AC, on various ICANN Advisory Committees, and as a liaison to the ICANN Board of Directors…which turned out to be a useful perspective, but by no means complete!

Words, Words, Words

For the perspective of someone who is new to the IGF, but familiar with “Internet governance” from experience of other venues, it was striking how much confusion there seems to be about many of the key terms thrown around. 

Multistakeholderism.  It’s easy for a techie to listen to 20 minutes of IGF workshops and speeches and conclude the term itself doesn’t actually mean anything. But a few days later I’d concluded it actually means too many things. I think there’s already a partial shared definition, though, in what it *isn’t*. It’s sometimes hard to tell what “multistakeholderism” means, but it does seem to be based on the idea that “Decisions aren’t only made by governments and implemented in treaties.” The problem then becomes figuring out who *does* make decisions, organized by what processes, so the decisions make sense and don’t just represent one or a few interests.

Internet Governance.  “Internet governance” is itself another slippery term. It’s not just about what the RIRs and ICANN do, it also includes topics like spam and child protection online and intellectual property protection and so on. The things RIRs and the Internet Corporation for Assigned Names and Numbers (ICANN) and the IETF oversee are “critical Internet resources” and considered really important, but the technical and operational details of how the Internet actually works are only a small part of what people talk about as “Internet governance”. This by itself can be disorienting for an engineer!

Technical Community.  Another thing that jumped out at me was the phrase: “technical community”. This is another term that’s hard to define in the IGF context. It doesn’t mean there what it means to the ARIN community, where people are “technical” if their primary knowledge/skills/work involves things like routers and peering. In the IGF context, people and roles are defined from astarting point of “some kind of stakeholder, not government”. The definition of “technical community” is lots broader than what we’re used to, and lots less clear.  It’s distinguished from “government,” “business,” and “civil society,” and it includes not only people whose background is technology and engineering, but anyone from an organization oriented on technology, from large ISPs and software companies to the RIRs, the Internet Society (ISOC), and World Wide Web Consortium (W3C). These categories can overlap, too.

Overall Impressions

Techies who step into the IGF, and meetings like it, should be prepared to be a little disoriented, but willing to listen and persist. IGF participants are people of good will and genuine concern for the future of the Internet. They don’t entirely agree on how to go about it, but they want a future that’s not owned only by governments or special interests, and they’re willing to work for it. The rhetoric can be confusing and the outcomes hard to define, but there’s a lot of positive energy and some real insight to be found as well. And the “technical community” has our own contribution to make, if we’re willing to engage.

I think RIR members should know that the Number Resource Organization (NRO) is doing very good work in just showing up, being visible in venues like IGF, and answering questions about the mysteries of how the net really works and the nature of “critical Internet resources” like IP addresses. If we don’t explain those things to “the other stakeholders,” its going to be even more difficult to make progress on “Internet governance” issues.

 

Suzanne WoolfSuzanne Woolf has extensive experience in internet infrastructure technology and management, particularly DNS and routing, and technical policy for names and addresses, including two terms on ARIN’s Advisory Council. She currently serves as co-chair of the DNSOP working group in the IETF and liaison from the Root Server System Advisory Committee to the ICANN Board of Directors. She’s a freelance consultant in Internet infrastructure and policy, based in the northeastern US.

 

 

 

For more information about the NRO’s participation in this year’s Internet Governance Forum, visit the NRO website.

 

Live Beyond Layer 3

Based on his time at CANTO, Owen DeLong, ARIN Advisory Council member & Senior Backbone Engineer at Black Lotus, encourages fellow Internet technologists to take the time to field questions from senior management and government officials.

Guest Blog Post by Owen DeLong 

I’m a layer three guy, which means that I am a network guy, specifically an Internet guy. I work on routers and connect big networks to other big networks to try and make the Internet work better. For a long time, I, and many people like me have tried very hard to ignore what we call layers 8/9/10 (the financial, administrative, and governmental entities involved with the Internet).  Or worse, sometimes we have been known to sneer at them as “damage to be routed around”. I know that attitude still persists among some, but it really fails to take in the whole story.

ARIN at CANTO 2014

For the last several years, I’ve had the opportunity to work with ARIN doing outreach in the Caribbean at the annual CANTO conference and exhibition. While there are lots of layer 1/2/3 (fiberoptics, switches, routers, etc.) products on display, but the reality is that most of this show is for senior management and government officials. This year, the opening ceremony included speeches from the secretary general of the ITU and the prime minister of the Bahamas (where the meeting was held). There was no shortage of senior government officials.

There are several reasons that CANTO attracts so many senior executives and government officials. First, the Caribbean has traditionally had a number of state-run and/or state-owned telecommunications services or monopoly telecommunications services that were licensed by the state(s). That’s been changing, but slowly. CANTO has always been a forum where those groups and other industry representatives can come together to learn about new technologies, see what is happening in other parts of the region, and talk about issues that are unique to the region and/or require coordination among various countries in the region. In recent years, it has come to include not only telecom, but all of ICT and has also served as a forum to help move away from monopoly telecommunications towards more deregulated and diverse provider choices.

The Internet has become important enough that we layer 1/2/3 folks can no longer pretend government isn’t relevant, nor can we pretend that government won’t notice us and will continue to leave us alone. It’s critical that we increase our awareness about how things work in the wider world and start educating regulators and senior management in ways that will allow them to do their jobs without damaging what we’ve built. As nice as it is to live in layer 3 without caring what’s above or below, strict layering simply doesn’t work with human relationships. In the end, networks are about connecting people, and that’s a process that transcends all layers.

When a manager or a regulator approaches you and starts asking questions you don’t think are worth your time, remember, your answers are going to shape how they decide many things that may affect your future. Answer wisely and carefully. Be available for follow-ups. Be courteous, and this experiment that escaped from the laboratory might just be able to remain the most awesome tool ever developed for democratizing communications.

 

Sign Your DNS Zones

By Pete Toscano, Network Operations Manager, ARIN

Security

Last month we signed ARIN’s forward DNS zone as part of our commitment to Domain Name System Security (DNSSEC).  That means we completed the process that essentially allows resolvers to verify the arin.net information that they receive from ARIN’s nameservers, and it allows users to have a higher degree of confidence that when they go to https://www.arin.net or act on any other information under arin.net that they are communicating with the host they expect.

We went through the process of signing ARIN’s forward DNS zones to do our part to contribute to a valuable and trustworthy Internet.  The process can be complex, but it’s worth it.

Why is signing your DNS important?

Every time you type in a web address (with letters) it corresponds to a set of numbers.  That is one use of the Domain Name System, or DNS for short.  Think of DNS as an inverted tree with many branches.  The root zone is at the top and out from it comes other zones through which a chain of authority flows. DNSSEC adds another layer of security to this tree by allowing users to validate that the DNS records come from the correct source.

DNSSEC makes the name tree more reliable for the whole Internet.  Not only can resolvers validate the data they’re getting from nameservers with signed DNS zones, but users can have a higher degree of confidence that when they go to a web site under a signed domain they’re actually on the correct web site and not some imposter’s phishing site.  Basically, DNSSEC validates that you received information from the source and not from a third party who could change the information in a malicious way.

Implementation Considerations

DNS records for arin.netMake sure your domain name registrar supports DNSSEC.  In ARIN’s case, we needed to go through the process of changing registrars so we could employ this important functionality.  Changing registrars can be a slow process, so be sure to include that in your timeline.  If you want to find a registrar that supports DNSSEC, check out this list of registrars compiled by ICANN that are DNSSEC friendly.

Depending on how you manage DNS now, your workflow process may need to be reengineered to some degree, especially when it comes to reporting DS record changes or additions to your registrar.  This can be done manually, but you may want to consider automated signing solutions.  There are both software and hardware-based options.  Larger installations may want to consider a hardware solution for the DNS signing, but it comes down to your budget and tolerance for added complexity. ISOC’s Deploy 360 has more information on deploying DNSSEC.  Once you are setup, you can use tools like Sandia National Laboratories’ DNSviz and Versign Labs’ DNSSEC debugger to ensure you have DNSSEC setup correctly.

We’re doing our part to make the Internet more secure, and you should too! We encourage all members of the Internet community to implement DNSSEC for their own forward and reverse zones to help secure the Domain Name System as the Internet continues to grow and evolve.

 

Why Is the Transition To IPv6 Taking So Long?

IPv6 is an essential technology if the Internet is to grow, but adoption has been slow. Graeme Caldwell of Interworx takes a look at why organizations are holding back on IPv6.

Guest blog post by Graeme Caldwell 

We stand on the cusp of an explosion in the number of Internet-connected devices. The mobile revolution was just the beginning. Combined, the burgeoning wearables market and the Internet of Things will potentially create billions of new connected devices over the next few years. Every device will need an IP address and there are far too few available addresses within the IPv4 system to handle the sheer quantity of connections. It’s a problem that’s been predicted and solved for many years, in theory at least. But IPv6 is being adopted at a glacially slow pace.

The reasons for the gradual adoption are simple to understand. It’s expensive. The Internet is made up of tens of millions of servers, routers, and switches that were designed to work with IPv4. Upgrading that infrastructure entails a significant capital investment. As things stand, workarounds like NAT take some of the pressure off — but they are a temporary band-aid solution. In the long-term, transition to IPv6 will have to happen, but, given the level of the required investment, there’s not a compelling business argument to make the transition immediately.

To get the full benefit of IPv6, a significant proportion of the net’s infrastructure has to support it, and, with the exception of a few organizations, many don’t want to invest in infrastructure upgrades that don’t have any immediate benefit.

When they were developing IPv6, the Internet Engineering Task Force decided that, in order to implement new features in IPv6, the protocol would not be backward compatible with IPv4. IPv6 native devices are not capable of straightforwardly communicating with IPv4 devices. That makes incremental updating of systems difficult, because workarounds have to be put in place to ensure that legacy hardware and newer IPv6 hardware have a way of talking to each other — most IPv4 hardware will never be updated.

According to Leslie Daigle, Former Chief Internet Technology Officer for the Internet Society, “The lack of real backwards compatibility for IPv4 was the single critical failure. There were reasons at the time for doing that. But the reality is that nobody wants to go to IPv6 unless they think their friends are doing it, too.”

Forward thinking software companies have already included the necessary functionality to handle IPv6 in their products. At InterWorx, we could have left implementing IPv6 support until we absolutely had to, but the benefits of the transition for us and our users in the web hosting industry were undeniable. We wanted to give clients the option of using IPv6 so they can begin to prepare for the inevitable move and implement IPv6 systems. InterWorx includes a full suite of IPv6 management tools, including IPv6 pools management, IPv6 clustering, and diagnostic tools.

In a Feburary 2014 report, Google revealed that their IPv6 traffic had hit 3 percent and it’s currently at about 4 percent. That seems unimpressive, but it’s a sign that adoption rates are accelerating — the move from 2 percent to 3 percent took only 5 months and from 3 percent to 4 percent even less time. Under pressure from the proliferation of connected devices, we can expect to see organizations adopting IPv6 ever more quickly.

 

GraemeGraeme works as an inbound marketer for InterWorx, a revolutionary web hosting control panel for hosts who need scalability and reliability. Follow InterWorx on Twitter at @interworx, Like them on Facebook and check out their blog.

 

Caribbean Internet Governance Forum (CIGF) Celebrates 10 Years

CTU Telecommunications Specialist, Nigel Cassimire, shares what happened at this year’s Caribbean Internet Governance forum.

Guest blog post by Nigel Cassimire, Telecommunications Specialist, CTU

Caribbean IGFThe 10th edition of the Caribbean Internet Governance Forum (CIGF) was held at the Atlantis, Paradise Island Resort in The Bahamas from 6th to 8th August 2014. The CIGF is a regional, multi-stakeholder forum which was initiated by the Caribbean Telecommunications Union (CTU) and the Caribbean Community (CARICOM) Secretariat in 2005 in order to coordinate a regional approach to Internet Governance issues for the final session of the World Summit on the Information Society (WSIS) in Tunis that year.

The CIGF has since been convened annually by the CTU and lays claim to being the first such regional forum in the world, all others having been convened after the initial global Internet Governance Forum in 2006. The primary product of the work of the CIGF has been the formulation of a Caribbean Internet Governance Policy Framework issued in 2009, and updated in 2013, which:

  • Articulates a vision, mission and guiding principles for Internet Governance (IG) in the Caribbean
  • Identifies current priority areas in IG of greatest relevance to the Caribbean
  • Offers policy recommendations in such priority areas for the attention of all stakeholders

The theme of the 10th CIGF was “Building National Capacity for Global Influence” and specific objectives addressed in the agenda were to:

  • Build regional capacity in the area of ccTLD operation and administration
  • Review and update the Caribbean Internet Governance Framework V 2.0
  • Facilitate open discussion on the Net Mundial Outcomes, and the proposed NTIA transition.
  • Explore and spread awareness on Opportunities for Caribbean Growth through the Internet Economy
  • Develop a mechanism to ensure effective Caribbean representation at Global Internet Governance Fora.

There were over 40 registered participants representing Caribbean stakeholders in government, operating companies and other private sector, academia, civil society and, in particular, Caribbean ccTLDs for whom dedicated content had been included on the agenda. ICANN, ARIN, LACNIC, ISOC and Google all provided financial support as well as valuable agenda content. Agenda information as well as presentation slides are archived on the CTU’s event web page.

The 10th CIGF successfully addressed its objectives through presentations and several vibrant discussion sessions and, when necessary, focussed review of the policy framework document. Suggested refinements were identified for subsequent wider circulation and comment. This is the first step in the current revision cycle towards a third revision of the document for likely issuance in 2016.

Most importantly, the CTU Secretary General, Ms. Bernadette Lewis proposed an approach for fostering capacity building in IG at the national level in order to enhance Caribbean participation and influence globally in IG, consistent with the 2014 theme. This approach is based on mobilising relevant ICT resources and expertise in the Caribbean not currently focussed on IG e.g. computer societies, IT professional associations and the like.

The CTU will continue to foster multi-stakeholder collaboration in the Caribbean region on Internet issues and in particular through the medium of the CIGF. More deliberate efforts will also be taken in the near future to coordinate the work of the CIGF with the wider regional LACIGF and the global IGF. Please plan to attend the 11th CIGF that will be held in Suriname at a date to be fixed in 2015.

 

Nigel CassimireNigel Cassimire has been serving as a Telecommunications Specialist at Caribbean Telecommunications Union since July 2005, when he started independent consultancy. The CTU is a regional organisation with responsibility for the development of ICT policy within the Caribbean region. Its members are drawn from Caribbean Governments, private sector and civil society organisations. Nigel has over 30 years of experience in telecommunication industry. He has extensive knowledge in telecommunications technologies and services and is now working in telecommunications policy development at the Caribbean Telecommunications Union Secretariat.

 

 

 

IETF 90 Part 2: IPv6 reverse DNS

ARIN Advisory Council member, Cathy Aronson, shares some of her thoughts on IPv6 reverse DNS from IETF 90 in Toronto, Ontario, Canada last week.

IETF Language ButtonsGuest blog post by Cathy Aronson

Some thoughts on IPv6 reverse DNS.

Lee Howard was speaking in the Sunset4 working group at IETF 90.  He mentioned something that got me thinking.  I have often discussed in my talks problems in IPv6 that were unanticipated. A lot of these problems are unintended consequences of very large subnet sizes.  Some problems are outlined in RFC 6583.

Lee mentioned another interesting problem, reverse DNS.  Best practice [RFC1033] says that every Internet-reachable host should have a name (per RFC 1912) that is recorded with a PTR record in the .arpa zone.  It also says that the PTR and the A record must match.

So in IPv4 for a network block like 192.0.2.0/24 the entries would be in the form

1.2.0.192.IN-ADDR-ARPA.  IN PTR 1.user.anytown.AW.example.com.

2.2.0.192.IN-ADDR-ARPA.  IN PTR 1.user.anytown.AW.example.com.

The corresponding A records would be

1.user.anytown.AW.example.com.  IN A 192.0.2.1

2.user.anytown.AW.example.com.  IN A 192.0.2.2

So imagine an IPv6 /48.

A sample entry for 2001:0db8:0f00:0000:0012:34ff:fe56:789a would be be:

a.9.8.7.6.5.e.f.f.f.4.3.2.1.0.0.0.0.0.0.0.0.f.0.8.b.d.0.1.0.0.2.IP6.ARPA.  IN PTR 1.user.anytown.AW.example.com.

“Since 2^^80 possible addresses could be configured in the 2001:db8:f00/48 zone alone, it is impractical to write a zone with every possible address entered.  If 1000 entries could be written per second, the zone would still not be complete after 38 trillion years.”

It is also the case that addresses are assigned dynamically out of these huge address ranges and so it may be difficult to determine the address ahead of time.

The document outlines several solutions all of which have problems.  For detailed information about the solutions please consult the document.

In my opinion it may be time to take another look at this practice and see if requiring forward and reverse match is still necessary.  There are applications which depend on this and it’s not entirely clear that it is really needed any more.

I have asked some folks what is being done about this on networks today.  I was told that most  residential service providers are simply not providing reverse DNS for their IPv6 customers. Other service providers will delegate the reverse zone to the customer upon request and some provide a web portal for the customer to manage their own reverse.  Yet others generate the in-addr on demand.  So they perform the equivalent of $GENERATE but instead of storing all the generated responses in memory they generate the record when the request is received and respond with the generated record that is then discarded.  Another provider I talked to is planning on returning NXDomain (non-existent domain) when queried for the reverse.

 

Internet Governance Affects Us All

Guest blog post by John Sweeting, ARIN Advisory Council Chair & Sr. Director of Network Architecture & Engineering, Time Warner Cable

John SweetingWe recently attended the IGF-USA in Washington, DC and it got us thinking about why it is important for the ARIN community members to be involved with what is happening with the Internet as a whole.

Here are three things that are important to us as  users of the Internet and part of ARIN and the global Internet community.  All Internet users should probably put these issues on their radar too.

Evolution of the Internet governance ecosystem is occurring

With the National Telecommunications and Information Administration (NTIA) preparing to turn over oversight of the IANA stewardship functions to the multistakeholder community, there is a huge effort underway to determine a replacement that meets the requirements of the US government and more importantly the global Internet community’s needs for a healthy Internet. Currently a coordination group representing 13 communities (including the Number Resource Organization (NRO) which represents ARIN and the other Regional Internet Registries) has been formed to define and guide the transition process.  The important thing to note is that discussions occurring now could impact Internet operators and users alike for generations to come.

Conversations regarding increasing accountability are also occurring

One of the sessions at IGF-USA touched on increasing accountability, particularly the accountability of ICANN
.  One of the key points we took away from this session was that the more transparency that the key organizations can provide in managing the Internet infrastructure, the better.  Since ARIN is part of that infrastructure, transparency and accountability are important issues for our community as well.

Working together to find solutions to problems is key

The essence of a multistakeholder dialogue is that all parties are present in key forums to make their voices heard – everyone from civil society, government, technologists, research scientists, industry, and academia.  From the ARIN community especially, we have an interest in making sure the technical realities of how the Internet works are understood and unimpeded. It is important that we involve ourselves where discussions about Internet governance are happening.

Some of the sessions from IGF-USA are available to watch online if you’re interested.  We think it is very important to make yourself aware of what is going on now with Internet governance and always be looking for opportunities to contribute.

 

Getting Serious About IPv6 – Go Big or Go Home

Ed Horley provides a convincing case for the many reasons why you need to get an IPv6 plan in place now and how to overcome some of the common challenges along the way.

Guest Blog Post by Ed Horley

I gave an Interop IPv6 presentation titled “Getting Serious About IPv6 – Go Big or Go Home” in Las Vegas on April 3, 2014. Since then, ARIN announced it has moved to Phase 4 (down to its last /8 of IPv4 – that happened on April 23, 2014).  I think what surprised people the most (based on the feedback I got from the session) was that my argument about adoption for IPv6 had little to do with ARIN running out of IPv4. After all, this is what everyone talks about, that there are no more IPv4 addresses. My argument is:

You have already deployed IPv6… you just didn’t know it.

At this point, you may be scratching your head saying Ed is crazy, what is he talking about? Let me point out that all major OS platforms (and different flavors of those platforms) support IPv6 and have for a while now. It turns out that IPv6 is enabled (on by default) and preferred in almost all cases. To top it off, there are IPv6 transition technologies in Windows, there are zerconf capabilities in all the OSs, there is support for mDNS or LLMNR, and to top it all off, IPv6 has several address mechanisms per active interface on a host. If you add this all up it is highly likely that you have deployed IPv6, you just didn’t do it in a structured and controlled manner the way you did your IPv4 deployment.

If you have deployed IPv6 (congratulations by the way) but didn’t do any planning, what challenges do you now face?

First, do you understand the impact of turning off IPv6? Often when I point out that all the host OSs are running IPv6 many people want to jump immediately to shutting off IPv6. While this is possible (sort of), the question you should ask is, “will this impact my existing services?” Think carefully before you just start shutting off IPv6. Remember, it is enabled and preferred and if your existing production network is using IPv6 for some of its network traffic you will have a production outage while you disable IPv6. Furthermore, you might not even know all the applications that ARE using IPv6, have fun troubleshooting that one. Even after you think you have turned off IPv6 on your equipment, how often do you actually audit and check to see if it is running? Does it get re-enabled with OS patches and updates? What about third party equipment that runs on your network or wireless/wired guest network? How about BYOD and those devices that you can’t control the networking stack? The reality is, even though you think you are simplifying your workload, you aren’t. You will still need to set up sniffers that can detect and capture IPv6 traffic, otherwise, how will you know it is NOT running on your network? You will still have to collect and analysis log files that contain both IPv4 and IPv6. You will still have to write and maintain policy and security rules that include both IPv4 and IPv6.

At this point, it must be obvious, why not just adopt and support IPv6 if you have to do all this work for it anyway?!?

To make matters even more interesting, I argue that if you have industry compliance requirements and you do not have a plan for IPv6 (off, on, whatever) then there is no way you can say you are in compliance of an audit. Why? Because how do you pass an audit when you have a protocol running on your network you don’t understand, can’t get any information from and aren’t even watching?

What challenges do you have once you realize you need to have some sort of IPv6 plan in place?

I have heard repeatedly that education for staff is the biggest issue around IPv6. Does your team know anything about IPv6? Would they even know it if they saw it? ARIN has some great education resources available at https://getipv6.info along with the IPv6 info center and if you want specific IPv6 and Windows knowledge then consider picking up my book.

The next common challenge is getting your policies (IT, security, purchasing, etc.) modified to include and be thinking about IPv6. For instance, will you purchase the right equipment that supports IPv6 the “first” time or will you have to buy it all again in one to two years? Adopting newer OS platforms becomes easier because these newer platforms support IPv6 from the start. But what do you have to do for older systems? Initially, you really won’t notice anything until your service provider truly depletes their IPv4 address space. Then they will be forced to starting adopting and deploying IPv6 but they will use various methods in the meantime to extend the life of IPv4. They will most likely utilize a tool called Carrier Grade NAT (CGN). CGN breaks IPv4 uniqueness at a much larger scale. We used to hide a single household or commercial company behind a common IPv4 address, now we will hide an entire city, county or larger unit of people. CGN exasperates IPv4 port exhaustion issues; it compounds stateful NAT issues, along with just slowing things down.

Finally, what problems will you see happen as IPv4 runs out? It is going to get harder and harder for your employees to get public IPv4 at home. This can potentially cause problems for VPN, VoIP, Video, Collaboration and Gaming (depending on how those technologies are deployed). If third parties and employees start getting IPv6 through their service provider and you stay on IPv4 only, then their connection will have to be proxied to you. Because the session is proxied, you lose the ability to have end to end connectivity, something taken for granted in our IPv4 only world.

Lack of IPv6 has real world costs and impacts, and you are simply kicking the can down the road with the potential for even greater pain the longer you wait to adopt.

How do we start down the IPv6 path of enlightenment? What do we need to do next?

Well, as I mentioned earlier, education has been identified as the key thing people need, at all levels. This means you need to invest in educating your staff on how to design, deploy, operate and maintain a network running IPv6 and also one doing dual-stack. You will need to have an education plan and resources in place for your company to learn all this. Most importantly, this does not happen overnight, you need to start NOW! Why? Because once your staff is educated it is much easier to build a plan. A plan needs to be tailored to your company needs and requirements. You need to include testing and validation of network, operating systems, apps and everything in between to insure you are on the right path. Oh, and you will need a lab – trust me on this one. You will need people from every team involved in the education and training. Why? Because while IPv6 at first glance appears to be a networking only function you will quickly discover that your application, database and help desk teams will need to know, understand and troubleshoot it. You will also need to understand the business impacts of starting the adoption of IPv6. Seriously? Did he just say business impacts? Yes, you many have critical home grown business applications that do not work with IPv6. You might have partners in the world that only have IPv6 as a protocol option. You likely want to understand what the impacts will be before you run into an unpleasant surprise along the way. If the majority of your business is on, from, or coming across the Internet then supporting IPv6 is critical to your business.

Let’s say I still have not convinced you. You still don’t believe you will be using IPv6 anytime soon in your company. Well, the last holdout OS in the market that did not support IPv6 was Windows XP and Microsoft end of support happened on April 8 2014. This means if you are deploying a newer OS (Microsoft Windows, Apple iOS and OSX, Android, Linux, FreeBSD, CentOS, etc.) of some kind, guess what? Yes, that is right, you will be dealing with IPv6 regardless of how much you want to avoid or ignore it.

IPv6 is the future and the future is NOW!

 

Ed HorleyEd Horley is the Practice Manager for Cloud Solutions and Practice Lead for IPv6 at Groupware Technology in the San Francisco Bay Area. Ed is actively involved in IPv6 serving as the co-chair of the California IPv6 Task Force and additionally helping with the North American IPv6 Task Force. He has presented at the Rocky Mountain IPv6 Summit, the North American IPv6 Summit, the Texas IPv6 Summit in addition to co-chairing and presenting at the annual gogoNETLive IPv6 conference in Silicon Valley. He has also presented on IPv6 at both Microsoft TechEd North America and Europe, at TechMentor in Redmond, Orlando and Las Vegas, at InterOp in Las Vegas and at Cisco Live in North America and Europe. Ed is the author of Practical IPv6 for Windows Administrators from Apress (2013). He is a former 10 year Microsoft MVP (2004-2013) and has spent the last 18+ years working in networking as an IT professional. Ed enjoys Umpiring Women’s Lacrosse when he isn’t playing around on IPv6 networks. He maintains a blog at http://www.howfunky.com/ where he covers technical topics of interest to him and is on twitter at @ehorley.

IETF 90 Part 1

ARIN Advisory Council member, Cathy Aronson, is at IETF 90 in Toronto, Ontario, Canada this week. Follow along as she shares her findings with us on TeamARIN!

Guest blog post by Cathy Aronson

Cathy Aronson

Yesterday morning I attended the IEPG (Internet Engineering and Planning Group) meeting here at IETF 90.  George Michaelson of APNIC gave an interesting presentation about Teredo (a tunneling technology that allows IPv6 capable hosts to use IPv6 over a IPv4 only connection).  George’s slides are here.  The great thing about his presentation is that he observed Microsoft doing exactly what they said they were going to do.  They turned off their Teredo relays.  It is clear in George’s graphs that the Microsoft Teredo relays have been turned off.   The presentations about sunsetting Teredo are linked here:

http://www.ietf.org/proceedings/87/slides/slides-87-v6ops-5.pdf

http://www.ietf.org/proceedings/88/slides/slides-88-v6ops-0.pdf

George talked about how the Microsoft relays continue to cause a lot of zombie tunnels. Microsoft is apparently still sending “who am I” endpoint signaling but not carrying IPv6 data.   Further there are a lot of other autonomous systems that are serving up Teredo tunnels.  George listed them in his presentation and suggested that they stop doing Teredo.

 

ARIN is in the Caribbean

By Cathy Handley, Executive Director of Government Affairs and Public Policy, ARIN

ARIN is in the CaribbeanSee what we did there?  Not only are the letters A-R-I-N actually in the word cARIbbeaN, but so much more.  There are many Caribbean economies in the ARIN’s service region and we work hard to serve everyone that depends on us for Internet number resources.

For those of you in the Caribbean, we have some suggestions for what you can do to prepare for the future of the Internet and to get more involved in ARIN and other important organizations in the Caribbean.

Get ready for IPv6

Network operators and content providers alike need to prepare for the future Internet.  You can find resources about IPv6 adoption on our IPv6 Info Center and IPv6 Wiki.  When you’re ready to request IPv6 addresses, it’s easy, just begin on our Request Resources Page.

Get involved in Internet governance discussions

The future of the Internet is too big of an issue to ignore, and many discussions are going on now that will affect how the Internet is managed in the years to come. Find information about what Internet governance is, and how you can get involved on our Internet Governance webpage.

Attend an ARIN Meeting

ARIN holds two Public Policy and Members Meetings a year for members of the entire Internet community to engage in policy discussions and network with colleagues. These meetings are held in locations across the US, Canada, and Caribbean to allow individuals in all areas of the ARIN region to attend.  In April 2013 we hosted our meeting in Bridgetown, Barbados.

Apply for a fellowship to an ARIN Meeting

We also offer the opportunity to attend an ARIN meeting for free through the ARIN Fellowship Program.  Thus far, twelve fellows have come from the Caribbean and we are always seeking more applicants. For those who are not able to attend an ARIN meeting in person, we also offer many remote participation options as well.

Get involved with CaribNOG

ARIN works closely with local operator groups in our region, including the Caribbean Network Operators Group (CaribNOG), toward the shared goals of the successful operation of the Internet infrastructure. ARIN regularly sponsors CaribNOG and members of our engineering team frequently give presentations at these events to help support the needs of Caribbean network operators.

Get involved with the CTU

ARIN has been a supporter of the Caribbean Telecommunications Union (CTU) since 2007.  The CTU is an organization dedicated to facilitating the development of the regional telecommunications sector as well as working with Caribbean intergovernmental agencies for capacity building, knowledge sharing, education and policies for Internet governance within the Caribbean. ARIN provides educational information at Ministerial and ICT Roadshows, collaborates to get the word out about ongoing ICT capacity-building efforts carried out by the CTU, and, where possible, lends resources to reach ARIN’s Caribbean community.

Get involved with CANTO

The Caribbean Association of National Telecommunication Organization (CANTO) serves the Caribbean telecommunications and Internet community by influencing policy, providing information in all aspects of the industry as it evolves, and facilitating a meaningful collaborative process. ARIN consistently sponsors and sends speakers to the annual CANTO meeting to support their efforts in the Caribbean ICT community.

Join ARIN’s Government Working Group (AGWG)

ARIN has maintained a long-standing, well-established working relationship with the governments, regulators, and law enforcement agencies (LEAs).  This cooperative relationship has become increasingly important, as the wider Internet community strives to ensure that all voices are heard and the interests of all parties are considered.  The ARIN Government Working Group (AGWG) is a forum for learning about and discussing matters relating to the Internet, with specific focus on cooperation between the private and public sectors. The AGWG provides a venue for ARIN community members and government representatives to meet and discuss areas of common interest

There are lots of ways you, as a Caribbean community member, can participate in the issues, forums, and organizations at the core of Internet.  All of the contributions you make are valued and help keep the Internet open, stable, and secure.

 

Gearing up for IGF-USA

By Cathy Handley, Executive Director of Government Affairs & Public Policy, ARIN

globeIt isn’t news that the Internet community is living in interesting times.  Since the NTIA announced its intention to transition oversight of the IANA functions to the global multistakeholder community in March of this year, the debate has been fast and furious.  At ICANN 50 in June the panels on the transition process and the larger issue of ICANN accountability were among the most heavily attended sessions on the agenda. While discussion in ICANN continues, we are heading into the Internet Governance Forum USA (IGF-USA) on 16 July, when thought leaders from across the US Internet community will meet at George Washington University for this full-day event, from 8:30 AM to 7:00 PM. If you are in DC, we encourage you to take advantage of free registration to attend, but more importantly we strongly encourage you to tune in to the webcast on the IGF-USA website to learn more about current Internet Governance issues, including those surrounding the IANA functions oversight transition and ICANN accountability.

Some of the other topics on the agenda include:

  • Human Rights in the Internet Governance Debate
  • Net Neutrality Around the World
  • The Evolution of the Internet Governance Ecosystem, and
  • Big Data, The Internet of Things, Privacy and Trust

IGF-USA 2014 is a multistakeholder US forum designed to engage civil society, government, technologists, research scientists, industry and academia, helping to create partnerships, coalitions and dialogues that demonstrate best practices and help move policy forward.

Be part of building a US based coalition to generate momentum around priority Internet governance issues and practices under consideration.

Don’t miss out on your chance to take part in this regional preparatory event as ramp up toward the Ninth Annual IGF meeting in Istanbul, Turkey continues.

We will also be soliciting your input in the months to come on the IANA functions oversight transition as part of our responsibilities in that process. You can learn more and find other ways to participate in the ongoing dialog by visiting our IANA Globalization page.