IPv6: Extinction, Evolution or Revolution?

For some years now the general uptake of IPv6 has appeared to be "just around the corner". Yet the Internet industry has so far failed to pick up and run with this message, and it continues to be strongly reluctant to make any substantial widespread commitment to deploy IPv6. Some carriers are now making some initial moves in terms of migrating their internet infrastructure over to a dual protocol network, but for many others it's a case of still watching and waiting for what they think is the optimum time to make a move. So when should we be deploying IPv6 services? At what point will the business case for IPv6 have a positive bottom line? It's a tough question to answer, and while advice of "sometime, probably sooner than later" is certainly not wrong, it's also entirely unhelpful as well! more»

Whither DNS?

The Domain Name System is often though of as an integral part of the Internet. Without it, how can you ever locate anything? Well, quite easily, thank you very much. DNS is used implicitly for many services, such as web browsing. It also includes explicit extensions for a few applications such as e-mail. (I'm talking here about DNS the system, not DNS the technology that can be re-purposed to things like ENUM.) But the most notable thing about DNS is its receding importance... more»

DNSSEC: Once More, With Feeling!

After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more»

Comments on an IP Address Trading Market

With IPv4 addresses becoming scarcer, there has been talk that a trading market will develop. The idea is that those holding addresses they do not really need will sell them for a profit. More alarming is that there have been a few articles about how the Regional Internet Registries (RIR) are contemplating creating such a market so that they can regulate it, conceding that it will happen anyway and taking the "if you can't be 'em, join 'em" attitude. This is all a bit disturbing. Maybe I'm naïve, but it's a little unclear to me how an unsanctioned trading market could really operate without the RIRs at least being aware... more»

Could IP Addressing Benefit from the Introduction of Competitive Suppliers?

An article written by Paul Wilson, Director General of Asia Pacific Network Information Centre (APNIC), and Geoff Huston, Senior Internet Research Scientist at APNIC. "In recent months proposals have been made for the introduction of competition into the system of allocation of IP addresses. In particular, calls have been made for new IP address registries to be established which would compete with the existing Regional Internet address Registries (RIRs). Specific proposals have been made by Houlin Zhao of the ITU-T and by Milton Mueller of the Internet Governance Project, both of which propose that the ITU itself could establish such a registry group, operating as a collection of national registries." ...It would appear that part of the rationale for these proposals lies in the expectation that the introduction of competition would naturally lead to outcomes of "better" or "more efficient" services the address distribution function. This article is a commentary on this expectation, looking at the relationship between a competitive supply framework and the role of address distribution, and offering some perspective on the potential outcomes that may be associated with such a scenario for IP addresses, or indeed for network addresses in general. more»

Letting DNS Loose

RFID tags, UPC codes, International characters in email addresses and host names, and a variety of other identifiers could all go into DNS, and folks have occasionally proposed doing just that. Its really just a question of figuring out how to use the DNS -- its ready to carry arbitrary identifiers. And by the way, this isn't a new idea, see RFC 1101 for proof, although even earlier I designed the DNS in the early 1980s to allow it to be so, but it seemed too far fetched to document for a while. ...I was in Geneva for a WSIS meeting of CTOs, and was surprised that the various organizations (ITU, ICANN, ISOC) haven't figured out that they need each other to make this technology work, rather than asserting ownership. more»

Map of the Internet: The IPv4 Space of 2006

An intersecting representation of the IP Address space on a plane using a fractal mapping that preserves grouping... Section of the map also shows the blocks sold directly to corporations and governments in the 1990's before the RIRs took over allocation. more»

NAT: Just Say No

Fueled by the lack of public IP addresses, 70% of Fortune 1000 companies have been forced to deploy NATs (Source: Center for Next Generation Internet). NATs are also found in hundreds of thousands of small business and home networks where several hosts must share a single IP address. It has been so successful in slowing the depletion of IPv4 addresses that many have questioned the need for IPv6 in the near future. However, such conclusions ignore the fact that a strategy based on avoiding a crisis can never provide the long-term benefits that solving the underlying problems that precipitated the crisis offers. more»

Thoughts on IPv6 Day

Jeff Pulver proposed an interesting idea called IPv6 Day... In geeks term, we call this a 'flag day'. The last time we have a flag day was 1st Jan 1983 when Internet moved from NCP (Network Control Protocol) to IPv4. So why not do it for IPv6? more»

Developing Internet Standards: How Can the Engineering Community and the Users Meet?

There is currently a discussion going on between Milton Mueller and Patrik Fältström over the deployment of DNSSEC on the root servers. I think the discussion exemplifies the difficult relation between those who develop standards and those who use them. On the one hand, Milton points out that the way the signing of the root zone will be done will have a great influence on the subjective trust people and nation states will have towards the system. On the other hand, Patrik states that "DNSSEC is just digital signatures on records in this database". Both are right, of course, but they do not speak the same language... more»

Address Policies

When does an experiment in networking technology become a public utility? Does it happen on a single date, or is it a more gradual process of incremental change? And at what point do you change that way in which resources are managed to admit a broader of public interests? And how are such interests to be expressed in the context of the network itself, in terms of the players, their motivation and the level of common interest in one network? While many may be of the view that this has already happened some years ago in the case of the Internet, when you take a global perspective many parts of the globe are only coming to appreciate the significant role of the Internet in the broader context of enablers of national wealth. more»

Up to 300 Megawatt Worth of Keepalive Messages to be Saved by IPv6?

The Time Square Ball bringing in 2008 had more than 9,500 LED bulbs displaying 16 million colours while consuming power equivalent to about ten toasters. This compares to 600 incandescent and halogen bulbs adorning last year's Ball. Easy to forget that most mobile devices used by Time Square revelers were behind IPv4 NAT's and that always on applications such as Instant Messaging, Push e-mail, VoIP or location based services tend to be electricity guzzlers. It so happens that applications that we want always to be reachable have to keep sending periodic keepalive messages to keep the NAT state active... more»

Twenty Myths and Truths About IPv6 and the US IPv6 Transition

After hearing over 350 presentations on IPv6 from IPv6-related events in the US (seven of them), China, Spain, Japan, and Australia, and having had over 3,000 discussions about IPv6 with over a thousand well-informed people in the IPv6 community, I have come to the conclusion that all parties, particularly the press, have done a terrible job of informing people about the bigger picture of IPv6, over the last decade, and that we need to achieve a new consensus that doesn't include so much common wisdom that is simply mythical. There are many others in a position to do this exercise better than I can, and I invite them to make a better list than mine, which follows. more»

Bad Journalism, IPv6, and the BBC

Here's a good way to frighten yourself: Learn about something, and then read what the press writes about it. It's astonishing how often flatly untrue things get reported as facts. I first observed this back in 1997 when I was a Democratic lawyer in the U.S. House of Representatives working on the (rather ridiculous) campaign finance investigation. (The investigating committee's conspiracy-minded chairman was famous for shotgunning pumpkins in his backyard in order to figure out exactly how Hillary snuffed Vince Foster)...More recently, I've seen the same discouraging phenomenon in reporting on technology and, in particular, the Internet. more»

Fight Spam With the DNS, Not the CIA

It seems like spam is in the news every day lately, and frankly, some of the proposed solutions seem either completely hare-brained or worse than the problem itself. I'd like to reiterate a relatively modest proposal I first made over a year ago: Require legitimate DNS MX records for all outbound email servers.

MX records are one component of a domain's Domain Name System (DNS) information. They identify IP addresses that accept inbound email for a particular domain name. To get mail to, say, linux.com, a mail server picks an MX record from linux.com's DNS information and attempts to deliver the mail to that IP address. If the delivery fails because a server is out of action, the delivering server may work through the domain's MX records until it finds a server that can accept the mail. Without at least one MX record, mail cannot be delivered to a domain.
 more»