Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011)
Upcoming SlideShare
Loading in...5
×
 

Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011)

on

  • 884 views

In a response to Bill St. Arnaud's "Dead Men Walking" presentation at the Internet Society's ION Conference in Toronto on November 14, 2011, Jacques Latour, Director of Information Technology, ...

In a response to Bill St. Arnaud's "Dead Men Walking" presentation at the Internet Society's ION Conference in Toronto on November 14, 2011, Jacques Latour, Director of Information Technology, Canadian Internet Registration Authority (CIRA), laid out why he believes there is much promise ahead for both IPv6 and DNSSEC and explained the work they have done at CIRA, their IPv6 adoption strategy, architecture guidelines and more.

A video recording of the session will be available for viewing. Details will be posted at http://www.isoc.org/do/blog/ when the video is available.

More information about the global series of ION conferences can be found at http://www.isoc.org/ion/

Statistics

Views

Total Views
884
Slideshare-icon Views on SlideShare
877
Embed Views
7

Actions

Likes
0
Downloads
4
Comments
0

2 Embeds 7

http://paper.li 6
http://a0.twimg.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011) Good Men Rising: IPv6 & DNSSEC (ION Toronto 2011) Presentation Transcript

    • Good  Men  Rising:   IPv6  &  DNSSEC    Canadian  Internet  Registra:on  Authority  (CIRA)   Jacques  Latour     ION  -­‐  Toronto     November  14,  2011    
    • About  CIRA  1.  Operate  the  .CA  Registry   §  Registrant  ßà  Registrar  ßà  Registry  à  .CA  DNS  2.  Operate  the  .CA  Top  Level  Domain   §  Root  “.”  ßà  “.CA”  ßà  2nd  Level  .CA  domains   §  Internet  Users  ßà  ISP  ßà  “.CA”  3.  Do  good  things  for  the  Canadian  Internet   §  Promote  digital  literacy,  Canadian  Internet  Forum   §  Promote  IPv6,  DNSSEC,  NTP  and  Canadian  IXPs  2   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • IPv6  Adop8on  Strategy  •  IPv6  Discovery  &  Research  •  Perform  an  IPv6  Readiness  Assessment  •  Define  IPv6  Objec:ves  (can’t  do  everything)  •  Develop  a  Project  Plan  •  Develop  a  detailed  IPv6  Architecture  &  Design  •  Development,  tes:ng  and  pilot  mode  •  Implement  in  produc:on  •  Monitor   Not  a  migra8on,  not  a  transi8on,  coexistence!  3   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • IPv6  Objec8ve  -­‐  WEB  Content   •  Not  everything  needs  to  be  IPv6  on  day  1   –  World  IPv6  Day,  June  8,  2011   •  Internet  Perimeter  &  DMZ  (www.cira.ca)   •  IT  Organiza:on   IPv6 Glue Records CIRA Secondary Registry •  Permanent   DNS Servers Primary IPv6 •  Presence   WWW IPv4 a.ca-servers.ca •  Support   c.ca-servers.ca Internet …. (j & sns-pb) m.ca-servers.ca Registry Try www.cira.ca on IPv6 Backup Orhttp://[2001:500:80:2::12]/ z.ca-servers.ca IT Corporate Operations Network 4   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • IPv6  Architecture  Guidelines   “Rules  of  engagement”  •  Keep  IPv4  as-­‐is  •  Dual  Stack   –  All  systems  par:cipa:ng  in  the  IPv6  implementa:on  must  support  a   concurrent  IPv4  and  IPv6  stack  •  No  IPv6  Tunnelling   –  Usage  of  IPv6  tunnelling  mechanisms  such  as  ISATAP,  Teredo,  6to4,   6rd  are  disabled  and  not  permibed  •  Na8ve  IPv6  Transit   –  IPv6  transit  must  support  IPv6  na:vely  without  the  use  of  tunnelling  •  No  Network  Address  Transla8on  (NAT)   –  NAT66,  NAT64  &  NAT46  technologies  not  permibed   Security  Policy  Template  available  at  www.cira.ca/knowledge-­‐centre/ipv6    5   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • IPv6  Benefits  •  It  works!  •  Some  say  it’s  old  •  I  say  it’s  new  •  Let’s  make  it  work  in  Canada!  •  Enabler  for  future  growth  •  We  have  to  think  globally  6   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • DNSSEC    •  Developed  by  propeller  heads  J  7   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • DNS  à  Safe  &  Trusted  •  Security  extensions  on  top  of  DNS  to  provide   authen:ca:on  of  DNS  data  8   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • A  PlaVorm  for  Innova8on  •  DANE  (DNS-­‐based  Authen:ca:on  of  Named  En::es)  •  Applica:on  can  use  DNSSEC  for  enhanced  security  •  A  ‘new’  technology  to  be  leveraged  9   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • CIRA  –  DNSSEC  Status  •  CIRA  ac:vely  working  on  signing  the  .CA  zone  10   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14  
    • Thank  you!  hbp://ca.movember.com/mospace/2531386  11   ION  -­‐  Toronto  -­‐  2011-­‐11-­‐14