Home / Blogs

The Christmas Goat and IPv6 (Year 4)

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Torbjörn Eklöv

This year, 2013, I got 24 days of IPv6 and DNSSEC measurements (See posts for: 2012, 2011 and 2010). All in all it created 15GB logs with more than 62 million rows. On the 21st of December, early in the morning, the goat was "traditionally" burnt down, however this year with one exception. Via the Swedish newspaper Expressen the arsonists anonymously took the blame and also filmed their own act. You can watch the film here.)

As the poor Christmas Goat turned into flames, and in the time thereafter the bandwidth increased as shown in the graph below.I have done my measurements in the same way as the previous year:

  • One picture with both A and AAAA RR to track the use of native IPv6
  • One picture with a broken DNSSEC domain to track DNSSEC validation
  • The earlier year I also measured 6to4 and Teredo with http://[2001:67c:2448:10::215]/ipv6.jpg This communication is however almost non-existing, so I think that I will not include this in the future.

The Christmas Goat in a very nice picture some while before it was torched. 
At this time we also had snow, unfortunately this has not been the situation for the later part of the "winter"...So, what is the results of my tests for this year? Well, like the past year there are many people/computers who monitors the goat 24/7 and "wget's" the bocken.jpg. Therefore I focus the measurement on unique IPv4 and IPv6 addresses.

The http://bocken.gavle.se/kamera1/bocken.jpg who have A and AAAA tracks native IPv6 and 3.4% (!!!) of the unique IP-addresses are IPv6!
This is a tripled value from the 1.4 % I could read out from last year! Slowly we are getting there year by year. (Many are using SLAAC for address assignment so one host can potentially be connected with one or more addresses).

IPv6 in Sweden is a problem, there are no major ISP who by default have enabled the service to the private homes. The business models most popular used are also a problem. This comes with a third party "communication operator" who, no matter their good intentions, always comes in the way for a good network design and service model to the end customer.

A short description of the Communication Operator, CO, might be in place.

The subscriber can often choose by some or many ISP and also change their ISP very quickly. But there are hundreds of COs with different network design and technicians with various knowledge of their own network and network communication in general, so it isn’t easy to deploy IPv6 in this model. With this in mind, I think 6RD is the solution in short for IPv6 in Sweden. Then again 6RD comes with other problems such as the DHCP server with option 212 can be placed in the CO networks and some ISP:s then might be connected to hundreds of “CO networks”.

The increase of IPv6 is therefore mostly from outside Sweden. Comcast, ATT, Time Warner cable and Verizonwireless is the major IPv6 users this year.

My pages about IPv6 adaption at the Swedish municipalities and authorities at http://kommunermedipv6.se/maps.php#tabs-2, http://www.myndighetermedipv6.se/mipv6/ show some increase in adoption but almost none has enabled IPv6 for the internal surf. See http://www.vyncke.org/ipv6status/project.php?metric=p&country=se for more about IPv6 in Sweden.

Another interesting thing is that if we calculate in gigabytes, IPv6 is 38% of the total traffic.

IPv4 traffic for some time 26,088,311 Packets / 20.64 GB
IPv6 traffic for some time 14,551,338 Packets / 12.82 GB

And at last some words about DNSSEC. 60% of the visitors use a DNSSEC-enabled resolver. This also shows big improvement with almost a double use of DNSSEC-validation. I think that Google’s public DNS is an explanation for this.

Take a look at http://dnssecandipv6.se for more IPv6 and DNSSEC pages.

A very Happy IPv6 New Year to you all!

By Torbjörn Eklöv, CTO, Senior Network Architect, DNSSEC/IPv6

Related topics: DNS Security, IPv6



To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Is Your TLD Threat Mitigation Strategy up to Scratch?

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Introducing the Verisign DNS Firewall

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

What's in Your Attack Surface?

3 Questions to Ask Your DNS Host About DDoS

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

The Latest Internet Plague: Random Subdomain Attacks

Nominum Announces Future Ready DNS

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

Dyn Adds Chris Griffiths As New VP of Labs

DotConnectAfrica Registry Services Participates in ICANN DNSSEC Training at AFRALTI Nairobi