Home / Blogs

Some Internet Measurements

Geoff Huston

At APNIC Labs we've been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP.

The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. For example, is the level of IPv6 deployment in, say Western Europe higher or lower than in Eastern Asia? Which countries in Western Europe are leading in IPv6 deployment? And which ISPs in these countries? The motivation behind the measurement reports described here is to use a uniform presentation format that describes measurements relating to the current level of IPv6 deployment, the current level of DNSSEC use, and the size of BGP advertisements.

All of these reports are updated daily.

IPv6 Deployment Statistics

The first of these is the data relating to the uptake of IPv6. The entry point for the tool is a world map, coloured by the level of IPv6 adoption on a country-by-country basis. Clicking on any country will lead to a per country view of the collected data, with a view of our measurements of IPv6 use over time. This per-country view also displays a list of all the networks (Autonomous Systems) that are registered as being located within that country, and its possible to drill down to a detailed view of each network's progress over time with IPv6 deployment.

The starting point URL is: http://stats.labs.apnic.net/ipv6

By default, the map is coloured using the percent of users in each country who are capable of performing an end-to-end session using IP6. Capable relates to the ability of a user to successfully perform an object retrieval where the object is only available using IPv6. There is a second option to display the IPv6 Preference level, where in this case the data reflects the percent of users within that country who, when given a dual stack object, prefer to fetch the dual stack object using IPv6. Conventionally one would expect the two measurements to be closely coupled, but on some platforms the implementation of the happy eyeballs dual stack algorithm (see: Bemused Eyeballs: Tailoring Dual Stack Applications for a CGN Environment) has the result that on some platforms IPv4 is sometimes preferred in a dual stack context.

The second set of reports is a per-country display: e.g. http://stats.labs.apnic.net/ipv6/AU

This is a time series display of the percent of the users of this country who are capable of using IPv6, and who prefer to use IPv6 in dual stack contexts.

This page also has a table of Autonomous Systems (ASNs) for this country, and reports on figures for IPv6 capable and preferred users for each ASN. These figures are an average of the daily numbers over the past 90 days. In order to understand the relative context of these per-ASN figures, the number of sample points over the past 90 days is also displayed. (The numbers for ASNs with less than 50 samples over this 90 day period are not displayed.) This sample count is an approximate indicator of the relative size of each network. Each ASN is a link to a per-ASN display page.

The third set of reports are per-ASN displays: e.g. http://stats.labs.apnic.net/ipv6/AS7922

This page shows the relative numbers of users who demonstrate their IPv6 capability on a day-by day basis who appear to be located within this particular network service provider (or ASN). The time series display allows for the daily measurements for this ASN to be compared against the per-country totals, to illustrate how this network compares to the national average.


There is a similar collection of reports for the level of use of DNSSEC across the Internet. An end user is believed to use DNSSEC if the user's DNS resolvers fetch the DNSSEC signature additional data for the name (by including the relevant DNSSEC options in the DNS query) and also fetch the DNSSEC resource records for the domain name. The experiment also checks the user's ability to fetch an object with a domain name that is validly signed using DNSSEC, and checks that the user will refuse to fetch an object that uses a domain name that is invalidly signed.

The Internet-wide view can be found at: http://stats.labs.apnic.net/dnssec

The coloring scheme for this world map is that of the relative count of users within each country who have been observed to perform DNSSEC-validation when resolving domain names.

Clicking on any country brings up a report of DNSSEC use over time within that country (e.g. http://stats.labs.apnic.net/dnssec/se). This per-country report tracks both the relative number of users in that country who are believed to exclusively use DNS resolvers that perform DNSSEC validation, and also tracks the estimated relative number of users whose DNS queries are passed through to Google's public DNS service. The reason for the inclusion of the report on use of Google's Public DNS service is that Google announced in early 2013 that its public DNS service would henceforth perform DNSSEC validation. The extent to which this single action has influenced the global figure for DNSSEC validation is illustrated by this metric.

The second component of this country report is the map of the geographic region in which the country is located, to give a general view of the context of the level of DNSSEC use in this country as compared to its regional neighbours.

The third component of the country report is a list of individual networks in the country (listed by ASN), the percentage of users within that network who are thought to be using DNSSEC-validating DNS resolvers, the percentage of users who are throughout to be directing their DNS queries to the Google Public DNS service, and the final column indicates the number of sample points gathered for this AS over the past 90 days. Obviously the higher this final number, the higher the level of credibility that can be ascribed to the first two percentages, and the larger the network is in terms of number of users.

The third set of DNSSEC reports are the per-ASN reports, that provide the level of DNSSEC use within each ASN. (e.g. http://stats.labs.apnic.net/dnssec/AS7922). The graphed view displays the daily DNSSEC-validation ratio for users from this network, together with the ratio of users who have their queries passed to Google's Public DNS. To place this per-network numbers in some context, the figures for the entire country are also plotted.


The last of these is a report on the inter-domain routing status, as seen through the Border Gateway Protocol (BGP). The starting point is a graph of a time series of the number of IPv4 and IPv4 route objects, together with the number of visible ASNs. This series is assembled using daily data points.

The Internet-wide view of the routing system is at: http://stats.labs.apnic.net/bgp

Again, there are breakdowns into regions, and into countries. The per-country view also displays a more detailed view of the routing measurements at 5 minute intervals, extending back over the most recent 60 days. (e.g. http://stats.labs.apnic.net/bgp/fr).

Similarly, there are per-AS views, using a similar URL name scheme (e.g. http://stats.labs.apnic.net/BGP/as1221).

By Geoff Huston, Author & Chief Scientist at APNIC. (The above views do not necessarily represent the views of the Asia Pacific Network Information Centre.)

Related topics: Cybersecurity, DNS, DNS Security, IP Addressing, IPv6, Networks


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper


DNS Security

Sponsored by Afilias
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll