How Did IPv6 Come About, Anyway?

This is a special two-part series article providing a distinct and critical perspective on Internet Protocol Version 6 (IPv6) and the underlying realities of its deployment. The first part gives a closer look at how IPv6 came about and the second part exposes the myths.

In January 1983, the Advanced Research Projects Agency Network (ARPANET) experienced a "flag day," and the Network Control Protocol, NCP, was turned off, and TCP/IP was turned on. Although there are, no doubt, some who would like to see a similar flag day where the world turns off its use of IPv4 and switches over to IPv6, such a scenario is a wild-eyed fantasy. Obviously, the Internet is now way too big for coordinated flag days. The transition of IPv6 into a mainstream deployed technology for the global Internet will take some years, and for many there is still a lingering doubt that it will happen at all. more»

ICANN Starts IPv6 Ball Rolling

IPv6 took a significant step forward this week with ICANN's decision to officially add the next generation protocol to its root server systems. The shift to IPv6 is perhaps the largest and most significant change to the structure of the Internet in decades - ICANN's move a signal that the revolution has officially begun. more»

Why NAT Isn't As Bad As You Thought

Please do sit down. Should the shock cause you to suddenly lose consciousness, I hereby disclaim all responsibility for any subsequent loss or injury. I'm about to defend the anthrax of the Internet: NAT. Network Address Translation is a hack to enable private IP addresses on one side of a router (inside your network) to talk to public IP addresses on the other side (on the Internet, outside your network). It really doesn't matter how it works. The consequence is that unless the router is specifically configured, outsiders can't get in uninvited. So those on the inside can't, by default, act as servers of any service to the outside world. more»

Could IP Addressing Benefit from the Introduction of Competitive Suppliers?

An article written by Paul Wilson, Director General of Asia Pacific Network Information Centre (APNIC), and Geoff Huston, Senior Internet Research Scientist at APNIC. "In recent months proposals have been made for the introduction of competition into the system of allocation of IP addresses. In particular, calls have been made for new IP address registries to be established which would compete with the existing Regional Internet address Registries (RIRs). Specific proposals have been made by Houlin Zhao of the ITU-T and by Milton Mueller of the Internet Governance Project, both of which propose that the ITU itself could establish such a registry group, operating as a collection of national registries." ...It would appear that part of the rationale for these proposals lies in the expectation that the introduction of competition would naturally lead to outcomes of "better" or "more efficient" services the address distribution function. This article is a commentary on this expectation, looking at the relationship between a competitive supply framework and the role of address distribution, and offering some perspective on the potential outcomes that may be associated with such a scenario for IP addresses, or indeed for network addresses in general. more»

DNSSEC: Once More, With Feeling!

After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I've been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period... To recap, DNSSEC is an approach to adding some "security" into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. more»

The Geography of Internet Addressing

The ITU-T has proposed a new system of country-based IP address allocations which aims to satisfy a natural demand for self-determination by countries; however, the proposal also stands to realign the Internet's frontiers onto national boundaries, with consequences which are explored here. ...we do indeed see the Internet as a single entity, and we even speak of the Internet's architecture as if there was one designer who laid out a plan and supervised its construction. But despite all appearances, the Internet landscape is indeed made up of many separate networks... This article will explore these issues, particularly in light of recent proposals to introduce new mechanisms for IP address management, a prospect which could, over time, substantially alter both the geography of the Internet, and its essential characteristics as a single cohesive network. more»

Cricket Liu Interviewed: DNS and BIND, 5th Edition

In follow-up to recent announcement on the release of the latest edition of the very popular DNS and BIND book -- often referred to as the bible of DNS -- CircleID has caught up with Cricket Liu, co-author and a world renowned authority on the Domain Name System. In this interview, Cricket Liu talks about emerging issues around DNS such as security and IPv6 support, and important new features such as internationalized domain names, ENUM (electronic numbering), and SPF (the Sender Policy Framework). "Cricket Liu: We're now seeing more frequent attacks against DNS infrastructure. ...Turns out that name servers are terrific amplifiers -- you can get an amplification factor of nearly 100x. These attacks have raised awareness of the vulnerability of Internet name servers, which is possibly the only positive result..." more»

Whither DNS?

The Domain Name System is often though of as an integral part of the Internet. Without it, how can you ever locate anything? Well, quite easily, thank you very much. DNS is used implicitly for many services, such as web browsing. It also includes explicit extensions for a few applications such as e-mail. (I'm talking here about DNS the system, not DNS the technology that can be re-purposed to things like ENUM.) But the most notable thing about DNS is its receding importance... more»

URLs, IP Numbers, and Speech

There's a great fight going on right now in Philadelphia...The case is about a Pennsylvania statute [PDF] that mandates that Pennsylvania ISPs remove access to sites that the AG believes contain child pornography. Now, child pornography is abhorrent and any ISP will cooperate in taking down such sites that it is hosting. But the problem is that in complying with the statute with respect to sites the ISPs don't themselves host, ISPs are (rationally) using either IP blocking ("null routing") or "domain poisoning" techniques, both of which (particularly the IP number blocking) result in rendering inaccessible millions of perfectly legal sites. more»

Addressing the Future Internet

What economic and social factors are shaping our future needs and expectations for communications systems? This question was the theme of a joint National Science Foundation (NSF) and Organisation for Economic Co Operation and Development (OECD) workshop, held on the 31st January of this year. The approach taken for this workshop was to assemble a group of technologists, economists, industry, regulatory and political actors and ask each of them to consider a small set of specific questions related to a future Internet. Thankfully, this exercise was not just another search for the next "Killer App", nor a design exercise for IP version 7. It was a valuable opportunity to pause and reflect on some of the sins of omission in today's Internet and ask why, and reflect on some of the unintended consequences of the Internet and ask if they were truly unavoidable consequences... more»

Blacklisting Under Wrong Assumptions

If you analyze the relay of spam- and malware-containing email circulating on the Internet purely through your mail server logs (running the Unix command "tail"), a large proportion seem to come from Asia Pacific hosts, especially those from mainland China. Therefore, many less-experienced systems administrators have simply blocked the access from subnets of Chinese or Asian origin, effectively destroying the fabric of the Internet -- messaging. If administrators took pains to analyze these supposedly Asian spam messages by analyzing the full Internet headers, they would have realized that the Asian servers were merely used by the real spammers as open relays, or perhaps as zombie hosts previously infected with the mass mailing worms through the exploitation of operating system vulnerabilities.  more»

Address Policies

When does an experiment in networking technology become a public utility? Does it happen on a single date, or is it a more gradual process of incremental change? And at what point do you change that way in which resources are managed to admit a broader of public interests? And how are such interests to be expressed in the context of the network itself, in terms of the players, their motivation and the level of common interest in one network? While many may be of the view that this has already happened some years ago in the case of the Internet, when you take a global perspective many parts of the globe are only coming to appreciate the significant role of the Internet in the broader context of enablers of national wealth. more»

Lights Going Out on the Internet? Not Just Yet

In his article titled, "End of Life Announcement", John Walker (author of the Speak Freely application) makes a few arguments about Network Address Translation (NAT) that are simply not true: "There are powerful forces, including government, large media organisations, and music publishers who think this situation is just fine. In essence, every time a user--they love the word "consumer"--goes behind a NAT box, a site which was formerly a peer to their own sites goes dark, no longer accessible to others on the Internet, while their privileged sites remain. The lights are going out all over the Internet. ...It is irresponsible to encourage people to buy into a technology which will soon cease to work." more»

Map of the Internet: The IPv4 Space of 2006

An intersecting representation of the IP Address space on a plane using a fractal mapping that preserves grouping... Section of the map also shows the blocks sold directly to corporations and governments in the 1990's before the RIRs took over allocation. more»

Putting a Spammer in Jail

The country's first criminal trial about spam ended in Leesburg, Virginia earlier this month with a conviction of Jeremy Jaynes, better known under his nom de spam of Gavin Stubberfield. I was an expert witness for the prosecution, the Commonwealth of Virginia. The case was brought under Virginia's state anti-spam law, not the weaker Federal CAN-SPAM act... more»