Dead Men Walking: IPv6 & DNSSEC (ION Toronto 2011)

Dead Men Walking: IPv6 and DNSSEC Bill.St.Arnaud@gmail.com ION -‐ Toronto November 14, 2011

The IPv6 Challenge •  Despite considerable publicity and predicMons of IPv4 address Armageddon adopMon of IPv6 is anemic •  Although IPv6 is deployed on many networks, take up by end users/ devices is slow •  Carrier grade NAT seems to be the default path for IPv4 exhausMon –  RouMng vendors like it because they can sell more complex and expensive gear –  Carriers like it because they can lock in their customers •  If aSer 10 years we sMll can’t make IPv6 ﬂy, then maybe its Mme to rethink our strategy, especially for those of who believe in the original Internet vision. Two approaches: –  New business models for market adopMon –  New technology

New Market AdopMon IPv6 SURFnet-‐KPN pilot •  Most future internet access will be mobile devices like iPad and iPhone •  SURFnet-‐KPN pilot will be world’s fist enterprise centric integrated LTE-‐mobile network -‐ extremely low data prices •  SURFnet “leasing /8” to KPN in exchange for pilot on naMonal wireless mobile broadband for universiMes and students •  SURFmobile will be LTE with IPv6 only with integrated campus Wifi at universiMes, coffee shops, trains, etc •  Will use IPv6 Eduroam to allow free internaMonal roaming •  Other pilots under development in UK, US, Australia, etc. Canada?? •  h`p://www.blogger.com/blogger.g?blogID=8586756976616257717#editor/ target=post;postID=2782224431972329057

IPv6 alternaMve? •  Most Internet traﬃc is not end-‐to-‐end –  45-‐90% of traﬃc terminates at CDN or cloud –  Major implicaMon in terms for IPv4/IPv6 desMnaMon based rouMng and addressing •  Numeric addressing is an anachronism imposed by limitaMons of forwarding engine on routers •  Possible IPv6 alternaMves: –  Named Data Networking (NDN)– Van Jacobson –  Delay Tolerant Networking (DTN) – Vint Cerf -‐ late binding of DNS + XML –  XML rouMng and addressing (W3C) •  h`p://billstarnaud.blogspot.com/2011/11/named-‐data-‐networking-‐how-‐ lte-‐networks.html

DNSSEC – the next IPv6? •  Again, to us techies, there seems to be a clear and compelling need for DNSSEC •  Already several events of DNS cache poisoning in Brazil and elsewhere •  Is signing and delegaMng the root suﬃcient? •  Do we just sit back and wait for ISPs and users to adopt? •  Or do we try to be more proacMve with new business models that make life easier for end users and insMtuMons?

Netherlands pilot to deploy DNSSEC at universiMes •  Many universiMes in Netherlands starMng to outsource DNS management •  SURFdomeinen is a web-‐based portal that allows DNS operators of connected insMtuMons to: –  register or migrate domain names in the following top-‐level domains (TLDs): .nl, .com, .net, .org, .info and .eu; –  manage contact details for contacts associated with registered domains; –  create secondary DNS conﬁguraMons on SURFnet name servers for their domains; –  manage complete DNS zones that are then served out by SURFnet name servers. –  DNSSEC support has been integrated into the managed DNS funcMonality. •  Not yet deliver a full end-‐user service due to restricMons imposed by the fact that SIDN does not yet have a process for automated submission of secure delegaMons (DS) for the .nl zone. •  h`ps://dnssec.surfnet.nl/wp-‐content/uploads/2011/01/D1c-‐DNSSEC-‐in-‐ SURFdomeinen-‐end-‐report-‐v1.0.pdf

Conclusions •  IPv6 and DNNSEC is hard and costly •  On its own provides NO new beneﬁts, only protecMon from possible real and hypotheMcal negaMve externaliMes •  To promote success need to link these technologies to services that enable new capabiliMes e.g. –  Low cost broadband mobile wireless –  Out sourcing DNS management •  Need funding program and early adopters such as universiMes and R&E networks to promote adopMon –  A sitng back and hope strategy will not work

http://www.internetsociety.org	13
http://paper.li	12
http://a0.twimg.com	2

Dead Men Walking: IPv6 & DNSSEC (ION Toronto 2011)

by Internet Society on Dec 02, 2011

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 27

Statistics

Dead Men Walking: IPv6 & DNSSEC (ION Toronto 2011) Presentation Transcript