Home / Blogs

Some Internet Measurements

Geoff Huston

At APNIC Labs we've been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP.

The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. For example, is the level of IPv6 deployment in, say Western Europe higher or lower than in Eastern Asia? Which countries in Western Europe are leading in IPv6 deployment? And which ISPs in these countries? The motivation behind the measurement reports described here is to use a uniform presentation format that describes measurements relating to the current level of IPv6 deployment, the current level of DNSSEC use, and the size of BGP advertisements.

All of these reports are updated daily.

IPv6 Deployment Statistics

The first of these is the data relating to the uptake of IPv6. The entry point for the tool is a world map, coloured by the level of IPv6 adoption on a country-by-country basis. Clicking on any country will lead to a per country view of the collected data, with a view of our measurements of IPv6 use over time. This per-country view also displays a list of all the networks (Autonomous Systems) that are registered as being located within that country, and its possible to drill down to a detailed view of each network's progress over time with IPv6 deployment.

The starting point URL is: http://stats.labs.apnic.net/ipv6

By default, the map is coloured using the percent of users in each country who are capable of performing an end-to-end session using IP6. Capable relates to the ability of a user to successfully perform an object retrieval where the object is only available using IPv6. There is a second option to display the IPv6 Preference level, where in this case the data reflects the percent of users within that country who, when given a dual stack object, prefer to fetch the dual stack object using IPv6. Conventionally one would expect the two measurements to be closely coupled, but on some platforms the implementation of the happy eyeballs dual stack algorithm (see: Bemused Eyeballs: Tailoring Dual Stack Applications for a CGN Environment) has the result that on some platforms IPv4 is sometimes preferred in a dual stack context.

The second set of reports is a per-country display: e.g. http://stats.labs.apnic.net/ipv6/AU

This is a time series display of the percent of the users of this country who are capable of using IPv6, and who prefer to use IPv6 in dual stack contexts.

This page also has a table of Autonomous Systems (ASNs) for this country, and reports on figures for IPv6 capable and preferred users for each ASN. These figures are an average of the daily numbers over the past 90 days. In order to understand the relative context of these per-ASN figures, the number of sample points over the past 90 days is also displayed. (The numbers for ASNs with less than 50 samples over this 90 day period are not displayed.) This sample count is an approximate indicator of the relative size of each network. Each ASN is a link to a per-ASN display page.

The third set of reports are per-ASN displays: e.g. http://stats.labs.apnic.net/ipv6/AS7922

This page shows the relative numbers of users who demonstrate their IPv6 capability on a day-by day basis who appear to be located within this particular network service provider (or ASN). The time series display allows for the daily measurements for this ASN to be compared against the per-country totals, to illustrate how this network compares to the national average.

DNSSEC Use

There is a similar collection of reports for the level of use of DNSSEC across the Internet. An end user is believed to use DNSSEC if the user's DNS resolvers fetch the DNSSEC signature additional data for the name (by including the relevant DNSSEC options in the DNS query) and also fetch the DNSSEC resource records for the domain name. The experiment also checks the user's ability to fetch an object with a domain name that is validly signed using DNSSEC, and checks that the user will refuse to fetch an object that uses a domain name that is invalidly signed.

The Internet-wide view can be found at: http://stats.labs.apnic.net/dnssec

The coloring scheme for this world map is that of the relative count of users within each country who have been observed to perform DNSSEC-validation when resolving domain names.

Clicking on any country brings up a report of DNSSEC use over time within that country (e.g. http://stats.labs.apnic.net/dnssec/se). This per-country report tracks both the relative number of users in that country who are believed to exclusively use DNS resolvers that perform DNSSEC validation, and also tracks the estimated relative number of users whose DNS queries are passed through to Google's public DNS service. The reason for the inclusion of the report on use of Google's Public DNS service is that Google announced in early 2013 that its public DNS service would henceforth perform DNSSEC validation. The extent to which this single action has influenced the global figure for DNSSEC validation is illustrated by this metric.

The second component of this country report is the map of the geographic region in which the country is located, to give a general view of the context of the level of DNSSEC use in this country as compared to its regional neighbours.

The third component of the country report is a list of individual networks in the country (listed by ASN), the percentage of users within that network who are thought to be using DNSSEC-validating DNS resolvers, the percentage of users who are throughout to be directing their DNS queries to the Google Public DNS service, and the final column indicates the number of sample points gathered for this AS over the past 90 days. Obviously the higher this final number, the higher the level of credibility that can be ascribed to the first two percentages, and the larger the network is in terms of number of users.

The third set of DNSSEC reports are the per-ASN reports, that provide the level of DNSSEC use within each ASN. (e.g. http://stats.labs.apnic.net/dnssec/AS7922). The graphed view displays the daily DNSSEC-validation ratio for users from this network, together with the ratio of users who have their queries passed to Google's Public DNS. To place this per-network numbers in some context, the figures for the entire country are also plotted.

BGP

The last of these is a report on the inter-domain routing status, as seen through the Border Gateway Protocol (BGP). The starting point is a graph of a time series of the number of IPv4 and IPv4 route objects, together with the number of visible ASNs. This series is assembled using daily data points.

The Internet-wide view of the routing system is at: http://stats.labs.apnic.net/bgp

Again, there are breakdowns into regions, and into countries. The per-country view also displays a more detailed view of the routing measurements at 5 minute intervals, extending back over the most recent 60 days. (e.g. http://stats.labs.apnic.net/bgp/fr).

Similarly, there are per-AS views, using a similar URL name scheme (e.g. http://stats.labs.apnic.net/BGP/as1221).

By Geoff Huston, Author & Chief Scientist at APNIC. (The above views do not necessarily represent the views of the Asia Pacific Network Information Centre.)

Related topics: DNS, DNSSEC, IP Addressing, IPv6, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

The Resolvers We Use

A Brave New World or Do We Need to Discuss IT and Ethics?

ccTLDs Might Be Property

Domain Name Abuse Is a 4 Letter Word

If It Doesn't Exist, It Can't Be Abused

Related News

Topics

Industry Updates – Sponsored Posts

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Video Interviews from ICANN 50 in London

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNSSEC

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi