Internet Technologist, Author, and Speaker. All opinions are his and his alone
Joined on June 2, 2012 – United States
Total Post Views: 119,736
Chris Grundemann is a passionate Internet Technologist and a strong believer in the Internet's power to aid in the betterment of humankind. In his current role as Director of Deployment and Operationalization (DO) at the Internet Society Chris is focused on helping to get key Internet technologies, such as IPv6, DNSSEC, and TLS deployed around the globe.
Chris has over a decade of experience as both a network engineer and architect designing, building, and operating large IP, Ethernet, and Wireless Ethernet networks. Prior to taking the "DO" helm, Chris was focused on technical leadership, innovation, and contributions to standards & specifications as CableLabs' Lead Architect of Advanced Network Technologies. While there Chris took over and successfully led their IPv6 deployment coordination efforts to conclusion, co-created and led development of the HIPnet™ home router architecture (which facilitates self-configuring multi-router home networks) from initial ideation through prototype demonstration, and won the coveted CableLabs 'Inventor of the Year' award for 2012 (he currently has 2 patents and 9 more pending). Before that, Chris was responsible for setting forward looking architectures and leading technology development efforts at tw telecom inc. Chris has also worked as a Network Engineer for Virtela Communications and as the Manager of Network Systems and Operations at WavMax Broadband/Hometown Access.
In addition to his professional career, Chris has remained consistently engaged in the broader Internet community as well. He is the Founder and Chair Emeritus of the US Colorado Chapter of the Internet Society, CTO for the Rocky Mountain IPv6 Task Force (RMv6TF), and Chair of the NANOG-BCOP ad hoc committee, which he also co-founded. He has previously held positions with NANOG, ARIN, CEA, UPnP, DLNA, and several others.
Chris has written two books: Day One: Exploring IPv6 and Day One: Advanced IPv6 Configuration; as well as several IETF Internet Drafts, various industry papers, a CircleID blog, a personal weblog, and several other publications. Plus he is often sought out to present at conferences and NOGs around the world. His specialties include network design, protocol design, consensus building, technology evangelism, research and development (R&D), leading collaborative groups, communicating abstract ideas to diverse audiences and generally getting stuff done!
NOTE: All views contained here on this website are mine and mine alone, they in no way represent the views of any of my employers, colleagues, associates, friends, neighbors, pets or anyone else. In fact, they may not even represent my own opinions by the time you read them.
Except where otherwise noted, all postings by Chris Grundemann on CircleID are licensed under a Creative Commons License.
After a quick break to catch our breath (and read all those IPv6 Security Resources), it's now time to look at our tenth and final IPv6 Security Myth. In many ways this myth is the most important myth to bust. Let's take a look at why... Myth: Deploying IPv6 Makes My Network Less Secure... I can hear you asking "But what about all those security challenges we identified in the other myths?" more»
We are approaching the end of this 10 part series on the most common IPv6 security myths. Now it's time to turn our eyes away from security risks to focus a bit more on security resources. Today's myth is actually one of the most harmful to those who hold it. If you believe that there is no good information out there, it's nearly impossible to find that information. So let's get down to it and dispel our 9th myth. more»
Most of our IPv6 Security Myths are general notions, often passed on unwittingly between colleagues, friends, conference attendees, and others. Today's myth is one that most often comes specifically from your vendors or suppliers. Whether it's a hardware manufacturer, software developer, or Internet Service Provider (ISP), this myth is all about trust, but verify. more»
This week's myth is interesting because if we weren't talking security it wouldn't be a myth. Say what? The phrase "96 more bits, no magic" is basically a way of saying that IPv6 is just like IPv4, with longer addresses. From a pure routing and switching perspective, this is quite accurate. OSPF, IS-IS, and BGP all work pretty much the same, regardless of address family. Nothing about finding best paths and forwarding packets changes all that much from IPv4 to IPv6. more»
Here we are, half-way through this list of the top 10 IPv6 security myths! Welcome to myth #6. Since IPv6 is just now being deployed at any real scale on true production networks, some may think that the attackers have yet to catch up. As we learned in Myth #2, IPv6 was actually designed starting 15-20 years ago. While it didn't see widespread commercial adoption until the last several years, there has been plenty of time to develop at least a couple suites of test/attack tools. more»
Internet Protocol addresses fill two unique roles. They are both identifiers and locators. They both tell us which interface is which (identity) and tell us how to find that interface (location), through routing. In the last myth, about network scanning, we focused mainly on threats to IPv6 addresses as locators. That is, how to locate IPv6 nodes for exploitation. Today's myth also deals with IPv6 addresses as identifiers. more»
Here we are, all the way up to Myth #4! That makes this the 4th installment of our 10 part series on the top IPv6 Security Myths. This myth is one of my favorite myths to bust when speaking with folks around the world. The reason for that is how many otherwise well-informed and highly experienced engineers, and others, hold this myth as truth. It's understandable, really. more»
We're back again with part 3 in this 10 part series that seeks to bust 10 of the most common IPv6 security myths. Today's myth is a doozy. This is the only myth on our list that I have seen folks raise their voices over. For whatever reason, Network Address Translation (NAT) seems to be a polarizing force in the networking world. It also plays a role in differentiating IPv4 from IPv6. more»
Last June I wrote an article titled "The IETF's Other Diversity Challenge" where I discussed the positive steps the Internet Engineering Task Force (IETF) is taking to increase the diversity of its participants and raised a potentially overlooked demographic: Network Operators. That essay was a problem statement of sorts, and I was long ago taught that you should only raise problems that you have a solution for, or are at least willing to help solve. more»
Today we continue with part 2 of the 10 part series on IPv6 Security Myths by debunking one of the myths I overhear people propagating out loud far too much: That you don't need to worry about security because IPv6 has it built into the protocol. In this post, we'll explore several of the reasons that this is in fact a myth and look at some harsh realities surrounding IPv6 security. more»
Now that IPv6 is being actively deployed around the world, security is more and more a growing concern. Unfortunately, there are still a large number of myths that plague the IPv6 security world. These are things that people state as fact but simply aren't true. While traveling the world, talking to the people who've already deployed IPv6, I've identified what I believe are the ten most common IPv6 security myths. more»
The Internet Engineering Task Force (IETF) is the standards body for the Internet. It is the organization that publishes and maintains the standards describing the Internet Protocol (IP -- versions 4 and 6), and all directly related and supporting protocols, such as TCP, UDP, DNS (and DNSSEC), BGP, DHCP, NDP, the list goes on, and on... But how do they do that? How does the IETF produce documents, and ensure that they are high quality, relevant, and influential? more»
It has now been about eight months since I joined the Internet Society as the Director of Deployment & Operationalization and I still get asked on a fairly regular basis "what do you do?" Well, with ISOC's Chief Internet Technology Officer Leslie Daigle's recent departure, and with my time here having exceeded both my first 120 days and my first 6 months, this seems like the right moment to reflect on my brief tenure here so far and perhaps pontificate a bit on where we're going - and why. more»
BGP. Border Gateway Protocol. The de-facto standard routing protocol of the Internet. The nervous system of the Internet. I don't think I can overstate the importance, the criticality of BGP to the operation of the modern Internet. BGP is the glue that holds the Internet together at its core. And like so many integral pieces of the Internet, it, too, is designed and built on the principle of trust... The folks who operate the individual networks that make up the Internet are generally interested in keeping the Internet operating, in keeping the packets flowing. And they do a great job, for the most part. more»
I recently attended RIPE 66 where Tore Anderson presented his suggested policy change 2013-03, "No Need -- Post-Depletion Reality Adjustment and Cleanup." In his presentation, Tore suggested that this policy proposal was primarily aimed at removing the requirement to complete the form(s) used to document need. There was a significant amount of discussion around bureaucracy, convenience, and "liking" (or not) the process of demonstrating need. Laziness has never been a compelling argument for me and this is no exception. more»
I'm a network engineer, and like many engineers I often gravitate to the big projects; large networks with problems of scale and complexity in my case. However, I also consider myself a student of Occam's razor and often quote Antoine de Saint-Exupéry: "perfection is reached not when there is nothing left to add, but when there is nothing left to take away." In this spirit of "less is more" I have recently become intrigued by the problems appearing in home networking. more»
Almost every conversation I have with folks just learning about IPv6 goes about the same way; once I'm finally able to convince them that IPv6 is not going away and is needed in their network, the questions start. One of the most practical and essential early questions that needs to be asked (but often isn't) is "how do I lay out my IPv6 subnets?" The reason this is such an important question is that it's very easy to get IPv6 subnetting wrong by doing it like you do in IPv4. more»
Declan McCullagh recently opined that the "FBI [and the] DEA warn [that] IPv6 could shield criminals from police." His post was picked-up relatively widely in the past few days, with the headlines adding more hyperbole along the way. So just how real is this threat? Let's take a look. more»
World IPv6 Launch kicked off 6 June 2012 at 00:00 UTC. On this day, multitudes of website operators, network operators and home router vendors from all over the world have joined thousands of companies and millions of websites in permanently enabling the next generation Internet. They have done this by turning IPv6 support on by default in (at least some of) their products and services. This is a major milestone in the history of the Internet. more»