Dead Men Walking: IPv6 & DNSSEC (ION Toronto 2011)
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Dead Men Walking: IPv6 & DNSSEC (ION Toronto 2011)

on

  • 1,103 views

If after 10 years we still can't make IPv6 fly, is it time to rethink our strategy? That was one of the questions posed in this presentation by consultant Bill St. Arnaud as part of a panel on IPv6 ...

If after 10 years we still can't make IPv6 fly, is it time to rethink our strategy? That was one of the questions posed in this presentation by consultant Bill St. Arnaud as part of a panel on IPv6 and DNSSEC at the Internet ON (ION) Conference in Toronto on November 14, 2011. St. Arnaud examined the issues around deployment of IPv6, examined alternatives and talked about some successes - and then gave DNSSEC a similar treatment before giving his conclusions about what we need to do to move deployment forward.

A video recording of the session will be available for viewing. Details will be posted at http://www.isoc.org/do/blog/ when the video is available.

More information about the global series of ION conferences can be found at http://www.isoc.org/ion/

Statistics

Views

Total Views
1,103
Views on SlideShare
1,076
Embed Views
27

Actions

Likes
0
Downloads
2
Comments
0

3 Embeds 27

http://www.internetsociety.org 13
http://paper.li 12
http://a0.twimg.com 2

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Dead Men Walking: IPv6 & DNSSEC (ION Toronto 2011) Presentation Transcript

  • 1. Dead  Men  Walking:   IPv6  and  DNSSEC  Bill.St.Arnaud@gmail.com   ION  -­‐  Toronto     November  14,  2011  
  • 2. The  IPv6  Challenge  •  Despite  considerable  publicity  and  predicMons    of  IPv4  address   Armageddon  adopMon  of  IPv6  is  anemic    •  Although  IPv6  is  deployed  on  many  networks,  take  up  by  end  users/ devices  is  slow    •  Carrier  grade  NAT  seems  to  be  the  default  path  for  IPv4  exhausMon   –  RouMng  vendors  like  it  because  they  can  sell  more  complex  and  expensive   gear   –  Carriers  like  it  because  they  can  lock  in  their  customers    •  If  aSer  10  years  we  sMll  can’t  make  IPv6  fly,  then  maybe  its  Mme  to  rethink   our  strategy,  especially  for  those  of  who  believe  in  the  original  Internet   vision.    Two  approaches:   –  New  business  models  for  market  adopMon   –  New  technology  
  • 3. New  Market  AdopMon  IPv6   SURFnet-­‐KPN  pilot  •  Most  future  internet  access  will  be  mobile  devices  like  iPad  and  iPhone  •  SURFnet-­‐KPN  pilot  will  be  world’s  fist  enterprise  centric  integrated  LTE-­‐mobile   network    -­‐  extremely  low  data  prices    •  SURFnet  “leasing  /8”  to  KPN  in  exchange  for  pilot  on  naMonal  wireless  mobile   broadband  for  universiMes  and  students    •  SURFmobile  will  be  LTE  with  IPv6  only  with  integrated  campus  Wifi  at  universiMes,   coffee  shops,  trains,  etc    •  Will  use  IPv6  Eduroam  to  allow  free  internaMonal  roaming  •  Other  pilots  under  development  in  UK,  US,  Australia,  etc.    Canada??    •  h`p://www.blogger.com/blogger.g?blogID=8586756976616257717#editor/ target=post;postID=2782224431972329057  
  • 4. IPv6  alternaMve?  •  Most  Internet  traffic  is  not  end-­‐to-­‐end   –  45-­‐90%  of  traffic  terminates  at  CDN  or  cloud   –  Major  implicaMon  in  terms  for  IPv4/IPv6  desMnaMon  based  rouMng  and   addressing    •  Numeric  addressing  is  an  anachronism  imposed  by  limitaMons  of   forwarding  engine  on  routers    •  Possible    IPv6  alternaMves:   –  Named  Data  Networking    (NDN)–  Van  Jacobson   –  Delay  Tolerant  Networking  (DTN)  –  Vint  Cerf  -­‐  late  binding  of  DNS  +  XML   –  XML  rouMng  and  addressing  (W3C)    •  h`p://billstarnaud.blogspot.com/2011/11/named-­‐data-­‐networking-­‐how-­‐ lte-­‐networks.html  
  • 5. DNSSEC  –  the  next  IPv6?  •  Again,  to  us  techies,  there  seems  to  be  a  clear  and   compelling  need  for  DNSSEC    •  Already  several  events  of  DNS  cache  poisoning  in  Brazil  and   elsewhere    •  Is  signing  and  delegaMng  the  root  sufficient?  •  Do  we  just  sit  back  and  wait  for  ISPs  and  users  to  adopt?    •  Or  do  we  try  to  be  more  proacMve  with  new  business   models  that  make  life  easier  for  end  users  and  insMtuMons?  
  • 6. Netherlands  pilot  to  deploy  DNSSEC  at   universiMes  •  Many  universiMes  in  Netherlands  starMng  to  outsource  DNS  management    •  SURFdomeinen  is  a  web-­‐based  portal  that  allows  DNS  operators  of  connected   insMtuMons  to:   –  register  or  migrate  domain  names  in  the  following  top-­‐level  domains   (TLDs):  .nl,  .com,  .net,  .org,  .info  and  .eu;   –  manage  contact  details  for  contacts  associated  with  registered  domains;   –  create  secondary  DNS  configuraMons  on  SURFnet  name  servers  for  their  domains;   –  manage  complete  DNS  zones  that  are  then  served  out  by  SURFnet  name  servers.   –  DNSSEC  support  has  been  integrated  into  the  managed  DNS  funcMonality.    •  Not  yet  deliver  a  full  end-­‐user  service  due  to  restricMons  imposed  by  the  fact  that   SIDN  does  not  yet  have  a  process  for  automated  submission  of  secure  delegaMons   (DS)  for  the  .nl  zone.  •  h`ps://dnssec.surfnet.nl/wp-­‐content/uploads/2011/01/D1c-­‐DNSSEC-­‐in-­‐ SURFdomeinen-­‐end-­‐report-­‐v1.0.pdf  
  • 7. Conclusions  •  IPv6  and  DNNSEC  is  hard  and  costly    •  On  its  own  provides  NO  new  benefits,  only  protecMon  from  possible   real  and  hypotheMcal  negaMve  externaliMes    •  To  promote  success  need  to  link  these  technologies  to  services  that   enable  new  capabiliMes    e.g.   –  Low  cost  broadband  mobile  wireless   –  Out  sourcing  DNS  management  •  Need  funding  program  and  early  adopters  such  as  universiMes  and   R&E  networks  to  promote  adopMon   –  A  sitng  back  and  hope  strategy  will  not  work