Home / Blogs

Some Internet Measurements

Geoff Huston

At APNIC Labs we've been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP.

The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. For example, is the level of IPv6 deployment in, say Western Europe higher or lower than in Eastern Asia? Which countries in Western Europe are leading in IPv6 deployment? And which ISPs in these countries? The motivation behind the measurement reports described here is to use a uniform presentation format that describes measurements relating to the current level of IPv6 deployment, the current level of DNSSEC use, and the size of BGP advertisements.

All of these reports are updated daily.

IPv6 Deployment Statistics

The first of these is the data relating to the uptake of IPv6. The entry point for the tool is a world map, coloured by the level of IPv6 adoption on a country-by-country basis. Clicking on any country will lead to a per country view of the collected data, with a view of our measurements of IPv6 use over time. This per-country view also displays a list of all the networks (Autonomous Systems) that are registered as being located within that country, and its possible to drill down to a detailed view of each network's progress over time with IPv6 deployment.

The starting point URL is: http://stats.labs.apnic.net/ipv6

By default, the map is coloured using the percent of users in each country who are capable of performing an end-to-end session using IP6. Capable relates to the ability of a user to successfully perform an object retrieval where the object is only available using IPv6. There is a second option to display the IPv6 Preference level, where in this case the data reflects the percent of users within that country who, when given a dual stack object, prefer to fetch the dual stack object using IPv6. Conventionally one would expect the two measurements to be closely coupled, but on some platforms the implementation of the happy eyeballs dual stack algorithm (see: Bemused Eyeballs: Tailoring Dual Stack Applications for a CGN Environment) has the result that on some platforms IPv4 is sometimes preferred in a dual stack context.

The second set of reports is a per-country display: e.g. http://stats.labs.apnic.net/ipv6/AU

This is a time series display of the percent of the users of this country who are capable of using IPv6, and who prefer to use IPv6 in dual stack contexts.

This page also has a table of Autonomous Systems (ASNs) for this country, and reports on figures for IPv6 capable and preferred users for each ASN. These figures are an average of the daily numbers over the past 90 days. In order to understand the relative context of these per-ASN figures, the number of sample points over the past 90 days is also displayed. (The numbers for ASNs with less than 50 samples over this 90 day period are not displayed.) This sample count is an approximate indicator of the relative size of each network. Each ASN is a link to a per-ASN display page.

The third set of reports are per-ASN displays: e.g. http://stats.labs.apnic.net/ipv6/AS7922

This page shows the relative numbers of users who demonstrate their IPv6 capability on a day-by day basis who appear to be located within this particular network service provider (or ASN). The time series display allows for the daily measurements for this ASN to be compared against the per-country totals, to illustrate how this network compares to the national average.


There is a similar collection of reports for the level of use of DNSSEC across the Internet. An end user is believed to use DNSSEC if the user's DNS resolvers fetch the DNSSEC signature additional data for the name (by including the relevant DNSSEC options in the DNS query) and also fetch the DNSSEC resource records for the domain name. The experiment also checks the user's ability to fetch an object with a domain name that is validly signed using DNSSEC, and checks that the user will refuse to fetch an object that uses a domain name that is invalidly signed.

The Internet-wide view can be found at: http://stats.labs.apnic.net/dnssec

The coloring scheme for this world map is that of the relative count of users within each country who have been observed to perform DNSSEC-validation when resolving domain names.

Clicking on any country brings up a report of DNSSEC use over time within that country (e.g. http://stats.labs.apnic.net/dnssec/se). This per-country report tracks both the relative number of users in that country who are believed to exclusively use DNS resolvers that perform DNSSEC validation, and also tracks the estimated relative number of users whose DNS queries are passed through to Google's public DNS service. The reason for the inclusion of the report on use of Google's Public DNS service is that Google announced in early 2013 that its public DNS service would henceforth perform DNSSEC validation. The extent to which this single action has influenced the global figure for DNSSEC validation is illustrated by this metric.

The second component of this country report is the map of the geographic region in which the country is located, to give a general view of the context of the level of DNSSEC use in this country as compared to its regional neighbours.

The third component of the country report is a list of individual networks in the country (listed by ASN), the percentage of users within that network who are thought to be using DNSSEC-validating DNS resolvers, the percentage of users who are throughout to be directing their DNS queries to the Google Public DNS service, and the final column indicates the number of sample points gathered for this AS over the past 90 days. Obviously the higher this final number, the higher the level of credibility that can be ascribed to the first two percentages, and the larger the network is in terms of number of users.

The third set of DNSSEC reports are the per-ASN reports, that provide the level of DNSSEC use within each ASN. (e.g. http://stats.labs.apnic.net/dnssec/AS7922). The graphed view displays the daily DNSSEC-validation ratio for users from this network, together with the ratio of users who have their queries passed to Google's Public DNS. To place this per-network numbers in some context, the figures for the entire country are also plotted.


The last of these is a report on the inter-domain routing status, as seen through the Border Gateway Protocol (BGP). The starting point is a graph of a time series of the number of IPv4 and IPv4 route objects, together with the number of visible ASNs. This series is assembled using daily data points.

The Internet-wide view of the routing system is at: http://stats.labs.apnic.net/bgp

Again, there are breakdowns into regions, and into countries. The per-country view also displays a more detailed view of the routing measurements at 5 minute intervals, extending back over the most recent 60 days. (e.g. http://stats.labs.apnic.net/bgp/fr).

Similarly, there are per-AS views, using a similar URL name scheme (e.g. http://stats.labs.apnic.net/BGP/as1221).

By Geoff Huston, Author & Chief Scientist at APNIC. (The above views do not necessarily represent the views of the Asia Pacific Network Information Centre.)

Related topics: DNS, DNS Security, IP Addressing, IPv6, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

What Holds Firms Back from Choosing Cloud-Based External DNS?

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Protect Your Privacy - Opt Out of Public DNS Data Collection

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Sponsored Topics



Sponsored by

DNS Security

Sponsored by
Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services


Sponsored by