Nixu DDI in Enterprise Environment – Click to Enlarge

When integrated with Nixu NameSurfer IPAM, Nixu NEE provides organizations with location-aware IP Address Management process greatly speeding up the response times for internal service requests. By providing a transparent real-time view of the active IP allocations, organizations are also able to keep accurate inventory of their IP resources and to take appropriate measures against unauthorized use of their network resource.

Since its initial launch in late 2010, Nixu NEE has been warmly received by enterprises and governmental organizations subject to various security standards, such as PCI (Payment Card Industry) standards. The Managing Director of Nixu Software, Juha Holkkola said in this regard: "Although it's not always easy to quantify a Return on Investment (ROI) for network security enhancements, Nixu NEE has been able to significantly boost the IPAM ROI for our customers. Thanks to its accurate IP-location inventory, organizations running Nixu NEE and Nixu NameSurfer IPAM have been able to dramatically reduce the time require for onsite service calls and as a result achieve 100% improvements in operational efficiency of their IT support teams."

Find out more about Nixu NEE and download a free 30-day evaluation license from our website.

Nixu DDI Software Appliance Platform Awarded Gold Medal for Its IPv6 Support on 21st December 2011

The exhaustion of IPv4 address space in 2011 made IPv6 connectivity an unavoidable reality. While most organizations are yet to face an urgent need for introducing IPv6 support in their networks, they should nonetheless, plan ahead to ensure a smooth transition to a dual-stack environment. The increased complexity of the IPv6 address syntax and the vast size of the available address space mean that DDI services (DNS, DHCP, IPAM) play an even more pivotal role in managing these dual-stack networks.

Having introduced full dual-stack support already in 2004, Nixu Software has been a pioneer in the wide-scale adoption of IPv6 network connectivity. Juha Holkkola, the Managing Director of Nixu Software, said in this regard: "When we started out working with dual-stack environments, there was no strict standard, let alone any certification available. Now that IPv6 is going mainstream, we decided that it was a good time to have Nixu DDI platform's world-class IPv6 support formally acknowledged. Our products sailed through the testing phase in a matter of weeks, which is pretty impressive considering that for some of our competitors it has taken over a year, while for others it seems completely impossible."

To celebrate this achievement, Nixu Software has released a new version of howismydns.com, a free online test tool used to validate the configurations of public DNS servers. This latest version provides complete support for dual-stack networks, allowing fully transparent testing process for IPv4, IPv6 and dual-stack DNS deployments. In addition to IPv6 support, the new toolset also comes with a number of DNSSEC validation tests. To try out the latest IPv6 DNS and DNSSEC testing tools, please visit howismydns.com.

While last year's successful World IPv6 Day was all about testing how your site or service worked with IPv6, this year's World IPv6 Launch is about enabling IPv6 permanently as of June 6, 2012 (or earlier). As Google's Erik Klein wrote:

"At long last, IPv6 will be the new normal.”

Today's announcement included a new website:

www.worldipv6launch.org

with information about the initiative, forms to complete to register your participation in World IPv6 Launch, and also badges and images you can use on your websites, in your presentations, etc. As you will see on the site, this year's initiative is focused primarily on internet service providers (ISPs), home networking equipment manufacturers and website operators / content providers. You can register on the site to participate and can also stay up-to-date on the program by following @worldipv6launch on Twitter.

Partners participating in the event also published supporting blog posts today, including:

• Internet Society Deploy360 Programme: World IPv6 Launch on June 6, 2012, To Bring Permanent IPv6 Deployment
• The Official Google Blog: IPv6: Countdown to launch
• Cisco Blog: Launching a New Internet Protocol (includes a video)

While Facebook joined in with a tweet about their participation to their 2-million+ followers.

Many more companies are already completing the forms and registering their interest in joining the effort.

The momentum is just starting and will only build as June 6th approaches - what will you do to be part of the effort?

Full Disclosure: I am employed by the Internet Society although not directly with the World IPv6 Launch team. My role is with the Deploy360 Programme where we are providing resources to help people more rapidly deploy IPv6 (and thereby participate in World IPv6 Launch).

Written by Dan York, Author and Speaker on Internet technologies for over 20 years

BlueCat Networks, the IPAM Intelligence™ company, today announced that it has collaborated with the UK Cabinet Office on a best practice approach for deploying a resilient, IPv6-ready DNS service for the Public Sector Network (PSN). The PSN is a CIO Council initiative designed to create the effect of a single network across government.

"The security of business and network services accessible to users over the PSN is of paramount importance," said John Stubley, Public Sector Network — Program Director. "Over the past year, we have worked productively with BlueCat Networks to identify the technical issues to ensure our DNS core services are authoritative, resilient, scalable and easy to manage. BlueCat Networks has been extremely responsive in answering our requests and has provided expertise to the PSN Programme for this area of work."

"The PSN is a key component of the UK's ICT strategy, and will allow public sector users in the UK to more easily share information and access open standard-based services," said Matthew Pearson, UK and Ireland Sales Director, BlueCat Networks. "We are pleased to have the opportunity to work with the Cabinet Office and the PSN in a technical advisory role. BlueCat Networks contributed to the architecture and configuration for a centralised, authoritative DNSSEC and IP Address Management (IPAM) solution for .gov.uk domains. The approach had to be easy to manage, resilient, geographically-dispersed and scalable to support the network backbone for the whole of the United Kingdom. It also had to be future-ready with support for IPv6. Our recommendations were based on our experience in helping US government agencies successfully deploy DNSSEC and IPAM across their large, distributed networks."

BlueCat Networks' appliance-based software solutions provide a purpose-built platform for IP Address Management (IPAM) and DNS/DHCP core network services. Deployed at some of the most demanding and secure organizations in the world, BlueCat Networks' physical and virtual appliances help public and private sector organizations improve security, lower costs and increase IT efficiency. BlueCat Networks' solutions also allow organizations to securely manage change and growth with unsurpassed scalability and future-ready support for IPv6 and DNSSEC.

For a free trial of BlueCat Networks' DNS, DHCP and IPAM solutions, visit http://pages.bluecatnetworks.com/FreeTrial.

"The connected world is also an IP-dependent world," said Michael Hyatt, co-founder and CEO of BlueCat Networks. "By working with HP, we are helping commercial and government organizations successfully make the transition to IPv6, which is a key technology for enabling successful IT initiatives including virtualization and the cloud today and in the future."

By combining IPAM with HP Network Consulting for IPv6 services, enterprises and governments will be able to enhance network flexibility and scalability to support critical IT initiatives, such as virtualization and cloud computing. These services enable a seamless transition to an IPv6 connected world by assessing IPv6 readiness, as well as architecture and design, integration and deployment.

"Organizations need to look ahead to the IPv6 transition to maintain the connectivity needed for real-time responses to business needs," said Imran Khan, vice president, Networking Consulting, Technology Services, HP. "The combination of offerings from HP and BlueCat Networks will help organizations ensure seamless connectivity and business continuity during the IPv6 shift."

Deployed at some of the most demanding and secure organizations in the world, BlueCat Networks' IP Address Management solutions provide an essential technology for helping organizations transition to IPv6, launch new IP-dependent services including virtualization and clouds, and manage network growth and change.

For more on this announcement please visit www.bluecatnetworks.com/hp.

For free trial software, please visit http://pages.bluecatnetworks.com/FreeTrial.

BlueCat Networks, the IPAM Intelligence™ company, will host a live webinar on January 19 featuring Forrester Research, Inc. to discuss the "Five Reasons DDI is Critical to the Network."

"Much of IP, Dynamic Host Communication Protocol (DHCP), Domain Name Services (DNS) management requires too much hand holding; administrators spend time allocating addresses, capturing unused ones, uploading new records, or checking for errors," wrote Andre Kindness, Senior Analyst, Forrester Research, Inc. in a December 7, 2011 blog post. "On average, it takes two days to allocate a set of addresses for the deployment of new servers when it's 5 minutes of work."

A December 2011 report from Forrester provides guidance on why organizations should move off spreadsheets or a homegrown DDI solution and surveys the top commercial DDI solution vendors. A complimentary copy of the Forrester Research report is available at: www.bluecatnetworks.com/forrester.

In the BlueCat Networks webinar, guest speaker Andre Kindness will share key findings from the Forrester Research report "An Infrastructure Can Only Be As Efficient As DNS, DHCP, and IP Address Management" (December 2, 2011) including what to look for in a DDI solution and the capabilities that make BlueCat Networks a top choice for DDI.

"We are pleased that BlueCat Networks is positioned as a top DDI solution in the recent Forrester Research report," said Michael Hyatt, CEO and Co-Founder of BlueCat Networks. "Our IP Address Management solutions not only deliver the automation and intelligence needed to build a more flexible and efficient network, they also provide a critical foundation for helping organizations keep pace with emerging business and IT priorities such as the cloud, virtualization, IPv6 and DNSSEC."

To register for the solution webinar "Five Reasons DDI is Critical to the Network," please visit: www.bluecatnetworks.com/forrester.

While the bright-shiny-object-chasing side of me definitely notices those articles, my own interest is on a deeper and far more technical level:

how many consumer devices currently support IPv6?

As large ISPs look at making IPv6 available to residences, will the devices and software customers use in the home actually work with an IPv6 network?

I'm getting on a plane tomorrow morning to head out to CES and on Thursday and Friday I'll be walking the show floor on a quest for IPv6-enabled vendors. A couple of vendors have already reached out to me, both from the voice-over-IP / telecommunications industry, which is good to see.

IF YOU ARE AT CES AND YOUR PRODUCT/SERVICE SUPPORTS IPv6, I'd definitely like to be in contact with you.

I'm looking forward to doing some video interviews and writing some articles here at CircleID about whatever level of IPv6 support (or not) I find at the event.

P.S. I'll note, too, that on Saturday, the Internet Society team of which I am a part will be participating in a workshop with consumer electronics vendors about IPv6. This workshop is part of the International Conference on Consumer Electronics (ICCE).

Written by Dan York, Author and Speaker on Internet technologies for over 20 years

It is January 2012 and we keep our heads above the mobile data deluge, even if barely, thanks to a gathering avalanche of LTE networks.

Even the wildest prognoses proved conservative as the GSMA was betting on a more 'managed' progression through intermediate steps of gradual increases reasoning that the use of existing investments should be maximized while price declines and threats to existing roaming and SMS revenues also had to be 'managed'. Continuity implies to postulate that transitions should be gradual, not chaotic or highly disruptive. The last two years, however, turned out to be rather disruptive after a plateau of relative tranquility powered by a steady traffic and revenue growth in the wireless data world. But over the last year we have rather unexpectedly seen industry pillars including Microsoft, Nokia and RIM heaving and creaking under the mobile broadband gusts. Once unassailable Symbian now fades away and Android dominates the charts. Cloud computing combined with ever more Intelligent and versatile end devices is likely to further upset a relatively stable decade when some dominant computer and handheld operating systems were revenue and profit gushers with every new version they issued.

It still holds that faced with deluges of data and floods of handsets and applications, a drought of IP addresses might be perceived as a rather minor issue in the scheme of big things that would be resolved in due time anyway. As address depletion became a reality, the excitement was limited to the circles of digerati and cognoscente but went largely unnoticed by the vast majority. Not so when broadband networks fail to deliver enough bandwidth to provide a satisfactory user experience.

Back in June of 2009 there were no LTE networks operational. Ten of them were forecasted to go live by the end of 2010. The very first to become commercial was Teliasonera in Norway and Sweden on December 14th 2009. In the US, MetroPCS was first of the mark on September 21st 2010 followed by Verizon Wireless on december 5th the same year. In Canada, we saw Rogers Wireless start LTE service in july 2011 with Bell following in September 2011, the same month as AT&T Mobility.

Latest GSM Association figures (registration required) show us that as of January 5th 2012 we have 49 operational LTE networks in 29 countries and 229 deployment commitments in a total of 79 countries. And obviously LTE networks have to be able to talk to each other. This in turn is generating furious activity to deploy IPX exchanges to provide data and voice roaming in an all IP environment, a topic by itself, and keeping a number of us quite busy over the last six months.

And what about IPv6 in all of this? It is or soon will be under the hood. Verizon announced from the start that their devices would support IPv6 as recommended in the LTE specifications and they kept their word. Some mobile network operators have been rather discreet but are quietly working on their IPv6 deployment. They consider upcoming IPv6 support as implicit; IP addresses are IP addresses, their format is irrelevant to the general public.

Mobile operators often cited lack of LTE ready enabled end devices as a delaying factor. That argument is now passé. End of October, the GSA listed 197 LTE enabled devices from 48 manufacturers, up threefold since February 2011 and the list includes 27 smart phones. And If you happen to be enjoying the Consumer Electronics Show in Vegas this week, LTE devices are hot!

Now that both voice and data are becoming more widely available as voice over LTE concerns move backstage, competitive pressure should start working its magic. The choice and the application versatility of LTE enabled devices associated with quality of service and adequate pricing is what turns on a mobile broadband hungry public.

We already start to feel the acceleration of the LTE powered mobile broadband bullet train. The art will be to translate this in IPv6 traffic growth forecasts. I have a vague feeling that the most accurate forecasts will unlikely be based on some prudent extrapolations.

Let IPv6 enjoy the LTE ride.

Written by Yves Poppe, Director, Business Development IP Strategy at Tata Communications

Nixu NameSurfer® Suite – Latest 7.1.1 version introduces a centralized reporting tool for DDI, a number of IPAM enhancements. (Click to Enlarge)

"The latest version of Nixu NameSurfer expands the dashboard we introduced in Nixu NameSurfer 7 Series into a global DDI toolset" said Juha Holkkola, the Managing Director of Nixu Software. "The design principle behind the global DDI toolset is to provide network administrators and managers with a set of interactive tools that can be used to monitor and manage the entire DDI environment from a single screen."

A high percentage of enterprise and carrier customers still base their IPAM reporting on static Excel spreadsheets. The new reporting tool included in Nixu NameSurfer Suite 7.1 series provides a set of reports that can be exported in pdf format facilitating the viewing, sharing and storing of DDI-related information offline. To support legacy reporting methods, also csv exports continue to be supported.

The native integration between IPv6 blocks managed in Nixu NameSurfer IPAM and Nixu DHCP Servers running in DHCPv6 mode marks another pioneering step by Nixu Software in supporting and encouraging IPv6 connectivity. Thanks to this functionality, the IP Address Management processes for both IPv4 and IPv6 networks can be aligned and carried out transparently from a centralized IPAM solution.

"Having first introduced support for dual-stack DNS environments as early as 2004, we have been watching the dual-stack networking scene closely for more than five years. As we are now seeing an increasing number of IPv6 — enabled network environments going live, we felt this is a perfect time to add the last part to the IPv6 DDI puzzle" added Juha Holkkola.

Find out more about Nixu NameSurfer Suite and download a free evaluation.

Top 10 Featured Blogs in 2011:

1. A Fairness 'Scorecard' for Trademark Protection Under the New gTLDs
   By Konstantinos Komaitis, Feb 23, 2011 (33,350 views)
2. IP Addressing in the New Age of Scarcity
   By Peter Thimmesch, May 27, 2011 (21,563 views)
3. Smartphones: Too Smart for Mobile Operators?
   By Henry Lancaster, Aug 03, 2011 (21,144 views)
4. On Mandated Content Blocking in the Domain Name System
   By Paul Vixie, Mar 18, 2011 (16,315 views)
5. Court Approves Nortel's Sale of IPv4 Addresses to Microsoft
   By Benson Schliesser, Apr 27, 2011 (13,173 views)
6. The Design of the Domain Name System, Part VIII - Names Outside the DNS
   By John Levine, Sep 17, 2011 (12,399 views)
7. Top Public DNS Resolvers Compared
   By Michael Meisel, Apr 07, 2011 (12,217 views)
8. Why the Lawsuit Against .XXX Maybe the Best Sales Tool Ever For New gTLD Applicants
   By Michael Berkens, Nov 17, 2011 (9,466 views)
9. Independence and Security Online Have Not Yet Been Won
   By Mike Dailey Jul 03, 2011 (9,373 views)
10. Comcast’s Impressive System for Notifying Infected Users
    By J.D. Falk, Mar 01, 2011 (9,216 views)

Top 10 News in 2011:

1. New Top-Level Domains Approved By ICANN
   Jun 19, 2011 (44,312 views)
2. ICANN Approves .XXX
   Mar 18, 2011 (20,936 views)
3. Experts Urge Congress to Reject DNS Filtering from PROTECT IP Act, Serious Technical Concerns Raised
   May 26, 2011 (12,284 views)
4. Microsoft Offers $7.5 Million to Buy 666,624 IPv4 Addresses
   Mar 25, 2011 (9,600 views)
5. Egyptian Government Shuts Down Most Internet and Cell Services
   Jan 28, 2011 (3,988 views)
6. US Government Domain Seizure Results in Unintended Shutdown of Thousands of Websites
   Feb 16, 2011 (3,962 views)
7. J.D. Falk: 1974 - 2011
   Nov 17, 2011 (3,918 views)
8. Cybercriminals Shifting Focus From Windows PCs to Other Systems and Mobile
   Jan 20, 2011 (3,823 views)
9. Researchers Report New Method for Detecting Domain-Fluxing
   Mar 28, 2011 (3,633 views)
10. Microsoft, Federal Agencies Take Down Rustock Botnet
    Mar 18, 2011 (3,607 views)

Top 10 Industry News in 2011 (sponsored posts):

1. Google Says "Think Mobile" ...and then goMobi
   By dotMobi, Feb 15, 2011 (6,120 views)
2. The Botnet-Counterfeit Drugs Connection
   By MarkMonitor, Apr 01, 2011 (4,928 views)
3. New gTLD Timeline Announced and .XXX Approved
   By MarkMonitor (4,253 views)
4. Second Half 2010 "Dashboard" Domain Name Report - Released
   By PIR, Feb 14, 2011 (3,666 views)
5. MarkMonitor Report: How Scammers Generate Significant Traffic Promoting Suspected Counterfeit Goods
   By MarkMonitor, Feb 01, 2011 (3,536 views)
6. AusRegistry Int. and Crowell & Moring Join Forces to Support New Top-Level Domain Applicants
   By ARI Registry Services, Mar 14, 2011 (3,507 views)
7. Celebrity Marketing Guru Jeffrey Hayzlett to Promote New TLDs for AusRegistry International
   By ARI Registry Services, Jun 17, 2011 (3,472 views)
8. Minds + Machines’ Parent Company, TLDH, Appoints Peter Dengate Thrush as Executive Chairman
   By Minds + Machines, Jul 17, 2011 (3,457 views)
9. DNSSEC is Just the Beginning
   By .CO Internet, Mar 02, 2011 (3,421 views)
10. Landrush for New Domain Extension - .GR.COM
    By CentralNic, Jan 11, 2011 (3,421 views)

Written by CircleID Reporter

They observe that bots typically live on cable or DSL connections with slow congested upstreams. TCP sessions from bots turn out to be fairly easy to recognize by RTT, window, and retransmits, something that people have known at least since a paper at the 2008 CEAS conference on the topic.

This paper tries to see whether it would be practical to use that info to manage spam in real time. They have a network analyzer called SpamFlow that figures out per-connection characteristics. Then as a proof of concept they wrote a Spamassassin plugin to train on the data from SpamFlow and try and do filtering. They do some sort of hand-wavey load testing to see whether SpamFlow can keep up with a realistic mail load, and if it trains fast enough that it would provide useful data in real time. They claim that their results show that it does both.

It's not obvious how best you would use this in combination with all of the other anti-spam tools people we have, most notably blacklists like the CBL that very accurately identify IPs of botted hosts by looking at the characteristics of mail received at large spamtraps. One thing that occurs to me is this sort of thing might be useful if mail moves to IPv6, since building v6 blacklists will be hard due to the size of the address space, while this lets you estimate the bottiness of each connection directly. Also, rather than accepting or rejecting mail, you might slow down mail reception from hosts that seem to be bots, both to give preference to non-bot senders, and because bots tend to be impatient so if you slow down a dubious connection and it gives up, it was probably a bot. The Turntide appliance did something similar five years ago, although it used different heuristics for deciding what to slow down.

This technique looks only at the characteristics of the TCP session, and not at the contents of the session, which means it also doesn't look at the contents of the messages. It might be useful in contexts where for legal or political reasons the spam filter isn't allowed to look at the messages, but users want spam filtering anyway. The authors point out that it is in principle applicable to any TCP transaction, so it might be useful against web queries from bots, too.

It's hardly a FUSSP, but it's an interesting paper.

Written by John Levine, Author, Consultant & Speaker

The Resource Certification (RPKI) service was launched at the beginning of 2011. The system enables network operators to perform Border Gateway Protocol (BGP) origin validation, which means that they can securely verify if a BGP route announcement has been authorised by the legitimate holder of the address block.

Using their resource certificate, network operators can create cryptographically validatable statements about the route announcements they authorise to be made with the prefixes they hold. These statements are called Route Origin Authorisations (ROAs). A ROA states which Autonomous System (AS) is authorised to originate a certain IP address prefix.

So far, 10% of the RIPE NCC membership has opted into requesting a Resource Certificate. In the graph below, you can see the number of IPv4 prefixes (blue) and IPv6 prefixes (red) that have been certified by RIPE NCC members using their certificate. More than 900 IPv4 prefixes are certified. That means that more than 10% of the IPv4 address space the RIPE NCC is maintaining is covered by certificates. For IPv6, around 250 prefixes are certified. This is a relatively high number compared to the total number of IPv6 prefixes in the routing system.

Number of IPv4 and IPv6 Prefixes covered by Certificates in the RIPE NCC service region (Click to Enlarge)

More information:
• Find out more information about certification.
• See more RPKI related statistics.
• See RIPE Labs for other related information about IP address space.

Written by Mirjam Kuehne

I accepted the invitation and set up a separate domain. My own interest in this was of course to track the usage of IPv6 and validation of DNSSEC from the visitors of the site. You can see the results from last year's test here on CircleID.

Also for this year my company Interlan was involved in terms of load sharing. My special interest also stayed the same and the test this year was done in the exact same way, except for the fact that only one camera was used this year.

How did we do this? Below is a brief description:

At the time of the premier of the 2011 Christmas Goat, November 27, 2010, the following was set up: http://www.julbockmedipv6ochdnssec.se/kamera1 (no longer active)

In order to:

• Track native IPv6 with a RR with A and AAAA.

• Track those who can run IPv6 native or tunneled.

• Track validating DNS-resolvers with a domain that has a faulty DNSSEC.

From the above we were able find out that both usage of native IPv6 and DNSSEC validation have increased quite a lot this year. The native IPv6 users increased from 0.1% to 0.5% and the DNSSEC validation from 44% to 72%.

52% of all visitors were able to reach the http://[2001:b48:10:3::215]/ipv6.jpg where 74% running Teredo, 25% 6to4 and 1% native IPv6.

Unfortunately the Christmas Goat did not have the same luck as the one in 2010. By the morning of Friday, the 2nd of December, it was burned down.

The total time of the test this year was hereby limited to a short period. But with the experience from the test last year, and this year, I only need few days to get quite an accurate percentage of the use of IPv6 and DNSSEC from the visitors. This year I did a check after two days, last year I checked several times and the result was surprisingly correct after only a few days.

The operating systems used by visitors were also as expected: Windows 7, Mac OS X and different smartphones were up and Windows XP and Vista down.

Hopefully I will be back in 2012 with another update on the IPv6 — DNSSEC usage via the Christmas Goat in Gavle!

For now, a Merry Christmas and a Happy New Year to you all!

Written by Torbjörn Eklöv, CTO, Senior Network Architect, DNSSEC/IPv6

Image source: Wikipedia

Over on his own Domain Incite blog, Murphy also provides a PDF of the court document relating to the actual sale. The document includes this note about the actual addresses which I found interesting in the justification for the sale:

The Internet Addresses consist of one /16 legacy block of 65,536 IPv4 Internet Protocol Numbers (the "Internet Addresses"). Computers and their devices, to connect to the internet, require unique internet addresses. The current Internet Address pool is IPv4 (which stands for version 4) which addresses consist of 32 bits — limiting the number of available Internet Addresses to 4.3 Billion. IPv4 addresses have been depleted and availability is scarce. A new version IPv6 has emerged which will make availability almost infinite. However until IPv6 is fully transitioned, there is still a need for IPv4 addresses.

The court document also includes this indication that the sale is contingent upon approval from ARIN:

Since late 1997, internet addresses in North America are distributed and administered through the American Registry of Internet Numbers ("ARIN"). The address blocks being sold were acquired by the Debtors before ARIN's appointment, which results in the classification of the block as a "legacy block." ARIN offers various services to holders of IP Addresses including publication in their WHOIS directory and many holders of legacy IP Addresses have agreed to sign agreements with ARIN to insure compliance with ARIN policies in exchange for the services. ARIN has indicated to the Debtors that they believe that the legacy Internet Addresses fall within ARIN's jurisdiction. While the Debtors believe that this Court has the authority to authorize the sale of the Internet Addresses over any such objection by ARIN, the IA Sale contains a condition of ARIN's consent and the proposed order incorporates various protections of ARIN's rights, which moots any need to consider any of these issues.

There will be a hearing on December 20th by the bankruptcy court to approve the sale, presumably based on ARIN's consent. (Should ARIN choose NOT to give consent, it will be interesting to see what the court would then do.)

What do you think? Should ARIN give its consent and allow the sale to go forward? And given this sale at $12/address, how high do you expect the next sale to go?

Written by Dan York, Author and Speaker on Internet technologies for over 20 years

When looking at IPv6 deployment at the LIR level, we can look at the following two metrics:

• The percentage of LIRs that have IPv6 address space (currently at 47%) and;
• What percentage of LIRs has IPv6 address space that is visible in the global routing table (currently at 29%).

What these numbers don't take into account is the sizes of the LIRs. For billing purposes, LIRs are divided into size categories based on the IP address space they hold and a number of other factors. We used these size categories when producing statistics such as these. Taking this one step further we can use the size of the LIRs as a weight to normalise deployment metrics. We took the total IPv4 address space held by an LIR as a good indication for the LIR's size, and took a fresh look at IPv6 deployment metrics taking LIR size into account.

We used "treemaps" to visualise this. In the images below, each country is represented by a rectangle. The size of these rectangles is based on the number of IPv4 addresses in the country. Each of these country rectangles is again divided into smaller rectangles, each of those representing one LIR. The size of the LIR's rectangles is based on the amount of the IPv4 address space held by this LIR.

The light green rectangles represent LIRs that have an IPv6 allocation or assignment, while the black rectangles represent LIRs without IPv6 address space. Note that there are some dark green rectangles. Those represent LIRs that we know will receive IPv6 addresses from another LIR belonging to the same organisation.

In the treemap in Figure 2, light green rectangles represent LIRs that have IPv6 address space visible in the global routing table, while the black rectangles represent LIRs that have IPv6 address space that isn't yet routed.

If we look at this numerically, we see that 47% of all LIRs hold IPv6 address space. If we weigh in the size of the LIR (as described above), this is even higher: 81%. In other words: 81% of IPv4 address space in the RIPE NCC service region is held by an LIR that also holds IPv6 address space (note: This doesn't take into account those organisations that maintain multiple LIRs with one of them holding IPv6 space — the dark green fields in Figure 1).

If we look at the underlying numbers of Figure 2, we can see that 29% of LIRs have one or more IPv6 prefixes visible in the global routing table. When we apply the weighting this becomes 63%. In other words: 63% of IPv4 address space in the RIPE NCC service region is with an LIR that holds IPv6 address space that is also routed.

Having 81% of IPv4 address space with LIRs that also took the first step in deploying IPv6 is an encouraging sign. But it is in stark contrast with statistics showing IPv6 deployment at End User sites (0.39% according to Google, roughly 2% at www.ripe.net), or statistics showing IPv6 traffic (0.3% at AMS-IX). This shows that a large majority of IPv4 address space holders in the RIPE NCC service region have taken the first steps but the work towards full dual-stack deployment, and later an IPv6-only network, is far from finished.

Please refer to the background article on RIPE Labs: Interesting Graph – IPv6 per LIR.

Written by Mirjam Kuehne