IPv6 Deployment Case on a Korean Governmental Website, by Jean Ryu.
A presentation given at APNIC 42's Network Operations session on Tuesday, 4 October 2016.
APNIC Training Manager Tashi Phuntsho explains why securing Internet routing is so important at the first Mongolian Network Operators Group meeting in Ulaanbaatar, Mongolia from 16 to 20 September 2019.
- Japan has made progress in IPv6 adoption, with around 40% of users able to connect via IPv6, mainly through major ISPs. However, mobile operators only recently started IPv6 in mid-2016 to 2017, and content providers have been indifferent.
- Government organizations like the IPv6 Promotion Council and MIC are working with private organizations to increase IPv6 deployment through initiatives like regional summits and technical seminars. While core internet services are supported, widespread adoption across all sectors has yet to be fully realized.
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
APNIC Chief Scientist Geoff Huston gave a presentation on the challenges of IPv6 implementation at the Broadband India Forum Session on IPv6, held online on 7 October 2021
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
The document provides an introduction to internet routing, BGP hijacking, and the Resource Public Key Infrastructure (RPKI) system for securing internet routing. It discusses how BGP works and how hijacks can occur when more specific routes are announced. The document then summarizes the RPKI framework for validating route origins using Route Origin Authorizations (ROAs) and filtering routes based on their validation state. It provides examples of implementing RPKI on routers to help secure internet routing.
Welcome to the APNIC Member Gathering, MongoliaAPNIC
Services Director George Kuo presents on IPv6 deployment in the region; IPv6 in broadband networks, getting more IPv4 address space; APNIC whois data quality, and routing security at a Member Gathering in Mongolia from 13 to 14 June 2017.
APNIC deployed IPv6 across its network and services over several years using the following approach:
1) APNIC initially used its IPv6 allocation of 2001:DC0:2000::/35 and split it into /48 and /64 subnets for its network. It configured IPv6 routing and DNS services for these subnets.
2) APNIC then deployed IPv6 for its critical services like DNS, web, FTP, mail, and load balancing. This included configuring IPv6 addresses and enabling IPv6 protocols for these services.
3) APNIC later added anycast instances of its DNS services and regional whois service using cloud providers to improve availability. Lessons learned included testing services thoroughly before deployment and monitoring
APNIC Training Manager Tashi Phuntsho explains why securing Internet routing is so important at the first Mongolian Network Operators Group meeting in Ulaanbaatar, Mongolia from 16 to 20 September 2019.
- Japan has made progress in IPv6 adoption, with around 40% of users able to connect via IPv6, mainly through major ISPs. However, mobile operators only recently started IPv6 in mid-2016 to 2017, and content providers have been indifferent.
- Government organizations like the IPv6 Promotion Council and MIC are working with private organizations to increase IPv6 deployment through initiatives like regional summits and technical seminars. While core internet services are supported, widespread adoption across all sectors has yet to be fully realized.
Broadband India Forum Session on IPv6: The Post-IPocalypse InternetAPNIC
APNIC Chief Scientist Geoff Huston gave a presentation on the challenges of IPv6 implementation at the Broadband India Forum Session on IPv6, held online on 7 October 2021
BSides: BGP Hijacking and Secure Internet RoutingAPNIC
The document provides an introduction to internet routing, BGP hijacking, and the Resource Public Key Infrastructure (RPKI) system for securing internet routing. It discusses how BGP works and how hijacks can occur when more specific routes are announced. The document then summarizes the RPKI framework for validating route origins using Route Origin Authorizations (ROAs) and filtering routes based on their validation state. It provides examples of implementing RPKI on routers to help secure internet routing.
Welcome to the APNIC Member Gathering, MongoliaAPNIC
Services Director George Kuo presents on IPv6 deployment in the region; IPv6 in broadband networks, getting more IPv4 address space; APNIC whois data quality, and routing security at a Member Gathering in Mongolia from 13 to 14 June 2017.
APNIC deployed IPv6 across its network and services over several years using the following approach:
1) APNIC initially used its IPv6 allocation of 2001:DC0:2000::/35 and split it into /48 and /64 subnets for its network. It configured IPv6 routing and DNS services for these subnets.
2) APNIC then deployed IPv6 for its critical services like DNS, web, FTP, mail, and load balancing. This included configuring IPv6 addresses and enabling IPv6 protocols for these services.
3) APNIC later added anycast instances of its DNS services and regional whois service using cloud providers to improve availability. Lessons learned included testing services thoroughly before deployment and monitoring
APNIC Chief Scientist Geoff Huston presented on the various approached used by root servers to deliver large DNS responses at the DNS-OARC 26 in Madrid from 15 to 16 May 2017.
- 22% of visible DNS resolvers are capable of making IPv6 queries, but 35% of DNS queries are actually passed to these resolvers, indicating more widespread IPv6 support.
- The top IPv6-capable resolvers are operated by companies like Google, AT&T, and Comcast, serving over 60% of queries.
- IPv6 DNS responses have a high success rate (96%) when response sizes are kept below the typical 1500 byte MTU to avoid fragmentation issues.
This document summarizes a large European service provider's plans for deploying IPv6 across its various networks, including residential, L3 MPLS VPN, and public networks. It discusses challenges around operating multivendor networks with interdependent services. The service provider is taking a dual-stack approach, initially exposing only external-facing services to IPv6. Configuration details are provided for residential broadband network elements like Juniper E320/ERX routers, covering topics like interfaces, routing, subscriber addressing, DNS servers, accounting, and LNS configuration. The goal is a transparent rollout that maintains existing IPv4 customer experiences while introducing IPv6 connectivity.
This document provides an overview of network state awareness and troubleshooting techniques. The agenda covers troubleshooting methodology, packet forwarding review, active and passive monitoring, quality of service, control plane, and routing protocol stability. It distinguishes between the control plane, which creates routing information based on aggregated data, and the data plane, which makes forwarding decisions based on packet details. Various troubleshooting tools are discussed like traceroute, interface statistics, NetFlow, and performance monitoring to analyze the network from the data plane perspective.
The document discusses various techniques for transitioning from IPv4 to IPv6, including dual stack, tunnels, and translation. Dual stack allows simultaneous support of both IPv4 and IPv6 by keeping both protocol stacks. Tunnels encapsulate IPv6 packets in IPv4 packets to carry IPv6 traffic over IPv4 networks. Translation techniques like NAT64 algorithmically translate IPv4 and IPv6 addresses to allow communication between IPv4-only and IPv6-only nodes. Newer methods like 464XLAT and DS-Lite aim to address IPv4 exhaustion by sharing public IPv4 addresses among more clients.
Rolling the Root Zone DNSSEC Key Signing Key, by Edward Lewis.
A presentation given at APNIC 42's DNS and INR Security session on Monday, 3 October 2016.
The document provides an update on IPv6 deployment globally and in Southeast Asia. It summarizes that global IPv6 end-user readiness has increased 7.69% over the last 12 months to 16.94%. Specific countries and mobile networks in India, Thailand, Vietnam, and Malaysia are highlighted as having seen large increases in IPv6 capability, with some mobile networks over 200% growth. Performance tests show IPv6 can be as fast or faster than IPv4 in some situations. Industry trends of growing mobile usage and native IPv6 support in newer devices are positive drivers for further IPv6 adoption.
The Next Generation Internet Number Registry ServicesMyNOG
This document provides an overview of registry services, including the Registration Data Access Protocol (RDAP) and the Resource Public Key Infrastructure (RPKI). RDAP is designed to replace the aging WHOIS protocol by providing structured query and response formats to enable automation. RDAP also supports access control, internationalization, redirection and extensibility. RPKI is a PKI framework that adds Internet number resource information to certificates to cryptographically validate resource ownership and authorization of routing announcements. It enables applications like route origin validation to secure the routing system. The document discusses how RDAP and RPKI work and provide benefits like improved security, automation and verification of registry data.
This document discusses IPv6 deployment in cellular networks. It notes the need to support IPv6 due to IPv4 address exhaustion and increasing number of devices and addresses per device. Dual-stack is presented as the best solution, but alternatives like IPv6-only with NAT64 are also discussed. NAT64 allows IPv6-only clients to access IPv4 content by translating IPv6 to IPv4, though it has limitations. 464XLAT provides a more robust transition technology that works better with applications using literal IPv4 addresses. The document reviews performance and deployment considerations for various IPv6 transition technologies in cellular networks.
The document discusses several methods for migrating from IPv4 to IPv6 including native dual stack, DS-Lite, NAT64, and 6RD. Native dual stack allows simultaneous use of IPv4 and IPv6 but is the most complex to deploy. DS-Lite tunnels IPv4 packets over IPv6 to allow an IPv6-only access network. NAT64 provides IPv4-IPv6 translation to allow access to IPv4 servers from an IPv6 network. 6RD allows lightweight IPv6 deployment without upgrades by encapsulating IPv6 in IPv4. Each method has different impacts on the access network, subscriber edge, and home network domains.
This document provides a 12-step plan for enabling IPv6 in an Internet service provider (ISP) network. The steps include: 1) requesting IPv6 address space from registries; 2) auditing network equipment for IPv6 support; 3) training staff on IPv6; 4) enabling IPv6 with upstream providers; 5) updating security policies for IPv6; 6) monitoring IPv6 metrics; 7) developing an IPv6 addressing plan; 8) deploying IPv6 in the core network; 9) conducting IPv6 trials; 10) enabling IPv6 in the access network; 11) configuring IPv6 transition technologies; and 12) updating customer-premises equipment to support IPv6. The document compares
IPv6 is the most recent version of the Internet Protocol (IP), and was developed by IETF to overcome the inevitable exhaustion of IPv4 addresses. In order to simplify the transition towards IPv6, the protocol iterated very little on how IPv4 operates other than offering more address space. This inadvertently produced the exact opposite of the intended effect: with no compelling new features for anyone outside of network engineering, IPv6 deployment has been hampered for decades, as developers find increasingly creative ways of efficiently using IPv4 address space rather than bearing the cost of transition.
In this talk, Fastly Network Engineer João Taveira discusses these protocol design failures and instead explain how Fastly re-architected its infrastructure around IPv6. By addressing IPv6 in a clean-slate manner, Fastly avoided perpetuating many of the mistakes of IPv4, and the resulting network architecture has the potential to significantly affect the performance, resilience, and economics of content delivery.
The document discusses the World IPv6 Launch event scheduled for June 6, 2012. It notes that IPv4 addresses are exhausted, IPv6 is the replacement standard that has been available for over 15 years, and the 2012 event aims to fully transition the internet to IPv6 without the ability to rollback to prevent future growth issues due to IPv4 exhaustion. Major internet organizations are participating to ensure all content and services are fully accessible over IPv6.
APNIC Chief Scientist Geoff Huston presented on the various approached used by root servers to deliver large DNS responses at the DNS-OARC 26 in Madrid from 15 to 16 May 2017.
- 22% of visible DNS resolvers are capable of making IPv6 queries, but 35% of DNS queries are actually passed to these resolvers, indicating more widespread IPv6 support.
- The top IPv6-capable resolvers are operated by companies like Google, AT&T, and Comcast, serving over 60% of queries.
- IPv6 DNS responses have a high success rate (96%) when response sizes are kept below the typical 1500 byte MTU to avoid fragmentation issues.
This document summarizes a large European service provider's plans for deploying IPv6 across its various networks, including residential, L3 MPLS VPN, and public networks. It discusses challenges around operating multivendor networks with interdependent services. The service provider is taking a dual-stack approach, initially exposing only external-facing services to IPv6. Configuration details are provided for residential broadband network elements like Juniper E320/ERX routers, covering topics like interfaces, routing, subscriber addressing, DNS servers, accounting, and LNS configuration. The goal is a transparent rollout that maintains existing IPv4 customer experiences while introducing IPv6 connectivity.
This document provides an overview of network state awareness and troubleshooting techniques. The agenda covers troubleshooting methodology, packet forwarding review, active and passive monitoring, quality of service, control plane, and routing protocol stability. It distinguishes between the control plane, which creates routing information based on aggregated data, and the data plane, which makes forwarding decisions based on packet details. Various troubleshooting tools are discussed like traceroute, interface statistics, NetFlow, and performance monitoring to analyze the network from the data plane perspective.
The document discusses various techniques for transitioning from IPv4 to IPv6, including dual stack, tunnels, and translation. Dual stack allows simultaneous support of both IPv4 and IPv6 by keeping both protocol stacks. Tunnels encapsulate IPv6 packets in IPv4 packets to carry IPv6 traffic over IPv4 networks. Translation techniques like NAT64 algorithmically translate IPv4 and IPv6 addresses to allow communication between IPv4-only and IPv6-only nodes. Newer methods like 464XLAT and DS-Lite aim to address IPv4 exhaustion by sharing public IPv4 addresses among more clients.
Rolling the Root Zone DNSSEC Key Signing Key, by Edward Lewis.
A presentation given at APNIC 42's DNS and INR Security session on Monday, 3 October 2016.
The document provides an update on IPv6 deployment globally and in Southeast Asia. It summarizes that global IPv6 end-user readiness has increased 7.69% over the last 12 months to 16.94%. Specific countries and mobile networks in India, Thailand, Vietnam, and Malaysia are highlighted as having seen large increases in IPv6 capability, with some mobile networks over 200% growth. Performance tests show IPv6 can be as fast or faster than IPv4 in some situations. Industry trends of growing mobile usage and native IPv6 support in newer devices are positive drivers for further IPv6 adoption.
The Next Generation Internet Number Registry ServicesMyNOG
This document provides an overview of registry services, including the Registration Data Access Protocol (RDAP) and the Resource Public Key Infrastructure (RPKI). RDAP is designed to replace the aging WHOIS protocol by providing structured query and response formats to enable automation. RDAP also supports access control, internationalization, redirection and extensibility. RPKI is a PKI framework that adds Internet number resource information to certificates to cryptographically validate resource ownership and authorization of routing announcements. It enables applications like route origin validation to secure the routing system. The document discusses how RDAP and RPKI work and provide benefits like improved security, automation and verification of registry data.
This document discusses IPv6 deployment in cellular networks. It notes the need to support IPv6 due to IPv4 address exhaustion and increasing number of devices and addresses per device. Dual-stack is presented as the best solution, but alternatives like IPv6-only with NAT64 are also discussed. NAT64 allows IPv6-only clients to access IPv4 content by translating IPv6 to IPv4, though it has limitations. 464XLAT provides a more robust transition technology that works better with applications using literal IPv4 addresses. The document reviews performance and deployment considerations for various IPv6 transition technologies in cellular networks.
The document discusses several methods for migrating from IPv4 to IPv6 including native dual stack, DS-Lite, NAT64, and 6RD. Native dual stack allows simultaneous use of IPv4 and IPv6 but is the most complex to deploy. DS-Lite tunnels IPv4 packets over IPv6 to allow an IPv6-only access network. NAT64 provides IPv4-IPv6 translation to allow access to IPv4 servers from an IPv6 network. 6RD allows lightweight IPv6 deployment without upgrades by encapsulating IPv6 in IPv4. Each method has different impacts on the access network, subscriber edge, and home network domains.
This document provides a 12-step plan for enabling IPv6 in an Internet service provider (ISP) network. The steps include: 1) requesting IPv6 address space from registries; 2) auditing network equipment for IPv6 support; 3) training staff on IPv6; 4) enabling IPv6 with upstream providers; 5) updating security policies for IPv6; 6) monitoring IPv6 metrics; 7) developing an IPv6 addressing plan; 8) deploying IPv6 in the core network; 9) conducting IPv6 trials; 10) enabling IPv6 in the access network; 11) configuring IPv6 transition technologies; and 12) updating customer-premises equipment to support IPv6. The document compares
IPv6 is the most recent version of the Internet Protocol (IP), and was developed by IETF to overcome the inevitable exhaustion of IPv4 addresses. In order to simplify the transition towards IPv6, the protocol iterated very little on how IPv4 operates other than offering more address space. This inadvertently produced the exact opposite of the intended effect: with no compelling new features for anyone outside of network engineering, IPv6 deployment has been hampered for decades, as developers find increasingly creative ways of efficiently using IPv4 address space rather than bearing the cost of transition.
In this talk, Fastly Network Engineer João Taveira discusses these protocol design failures and instead explain how Fastly re-architected its infrastructure around IPv6. By addressing IPv6 in a clean-slate manner, Fastly avoided perpetuating many of the mistakes of IPv4, and the resulting network architecture has the potential to significantly affect the performance, resilience, and economics of content delivery.
The document discusses the World IPv6 Launch event scheduled for June 6, 2012. It notes that IPv4 addresses are exhausted, IPv6 is the replacement standard that has been available for over 15 years, and the 2012 event aims to fully transition the internet to IPv6 without the ability to rollback to prevent future growth issues due to IPv4 exhaustion. Major internet organizations are participating to ensure all content and services are fully accessible over IPv6.
The document discusses moving to IPv6 and provides information about regional internet registries and their role in managing IP addresses and other internet number resources. It outlines the history of IPv4 and IPv6, noting that IPv6 was developed in the 1990s in anticipation of IPv4 address depletion. The document urges migrating to IPv6 now because IPv4 addresses have been depleted, IPv6 offers more addresses and performance benefits. It provides a checklist for organizations to develop an IPv6 deployment plan, including obtaining IPv6 address space, enabling IPv6 connectivity, upgrading systems and software, and training staff.
1) IPv6 address allocation has been steadily increasing and the core networks of the internet are becoming more IPv6 ready, however more work is still needed in regional and local networks.
2) While some major websites and DNS servers have IPv6 capabilities, most enterprises and local content providers still need to enable IPv6 for their online resources.
3) End user IPv6 readiness is growing but still low on average worldwide, with some economies and networks showing more progress than others in deploying IPv6 access technologies.
IPv6 Deployment: Why and Why not? - HostingCon 2013APNIC
This document summarizes a presentation on IPv6 deployment. It discusses the status of IPv4 address exhaustion, statistics on IPv6 adoption by transit providers, content providers, and end users worldwide. It also examines considerations around IPv6 security. Network operators are presented with three choices: do nothing and rely solely on IPv4, prolong IPv4 usage through NAT and address transfers, or deploy IPv6 through dual-stack or transition technologies. Each option has advantages and disadvantages relating to costs, network impacts, and addressing future needs.
This document provides an overview of IPv6 deployment and discusses reasons for and against adopting IPv6. It summarizes the status of IPv4 address exhaustion and reviews IPv6 readiness statistics globally and for various networks. The document outlines choices for network operators regarding IPv6 adoption, including doing nothing, prolonging IPv4 through NAT or address trading, or deploying IPv6. It also discusses IPv6 security considerations and issues specific to IPv6.
The document summarizes a presentation given by APNIC staff on expanding Internet use through the IPv6 transition. It discusses how IPv4 addresses are nearly exhausted, the growing need for IPv6, APNIC's role in supporting IPv6 deployment, and a survey finding most organizations in the region are not fully prepared for IPv6. It calls for groups to develop IPv6 transition plans, work with APNIC for resources and training, and deploy IPv6 on networks and services to sustain operations after IPv4 exhaustion.
This presentation describes the impending depletion of Internet Protocol version 4 (IPv4) and the importance of adopting the next version of the Internet Protocol, Internet Protocol version 6 (IPv6). This issue impacts everyone and must be understood and acted upon to ensure the continued growth and operation of the Internet. More educational materials from ARIN are available at: https://www.arin.net/knowledge/general.html
APNIC Senior Trainer Tashi Phuntsho gives an update on IPv6 deployment in Bhutan and the region, noting that the true driver for IPv6 adoption is the mobile Internet.
The document discusses the depletion of IPv4 addresses and the need to migrate to IPv6. It makes the following key points:
1) IPv4 addresses are being depleted as major networks and internet service providers continue to add new customers and require more contiguous blocks of addresses.
2) Migration to IPv6 is necessary for applications and services that will require ongoing availability of contiguous IP address blocks.
3) The document calls for action from enterprises, internet service providers, equipment vendors, and content providers to begin supporting both IPv4 and IPv6 now to ensure interconnectivity as more networks transition to IPv6-only.
The document discusses the depletion of IPv4 addresses and the need to migrate to IPv6. It makes the following key points:
1) IPv4 addresses are being depleted as seen by utilization and trend data, so migration to IPv6 is necessary to ensure ongoing availability of contiguous IP address blocks.
2) All stakeholders - enterprises, internet service providers, equipment vendors, and content providers - need to begin supporting both IPv4 and IPv6 now to ensure full interoperability during the transition and avoid being unable to connect to an IPv6-only internet in the future.
3) Specifically, enterprises should make their services reachable over IPv6, ISPs should begin connecting customers with both IPv4 and IPv6
1) IPv4 addresses are running out as the number of internet devices grows exponentially. IPv6 is needed to support continued growth.
2) IPv6 is already deployed on large networks like Google and Verizon Wireless and works well, with over 50% of traffic delivered via IPv6 to some sites.
3) IPv6-only networks can support all applications, including those requiring IPv4 like Skype, through technologies like NAT64 and 464XLAT address translation which allow IPv6-only devices to access IPv4 internet resources.
23rd PITA AGM and Conference: Key business drivers for IPv6APNIC
Senior Internet Resource Analyst Elly Tawhai gives a presentation on the key drivers for IPv6, covering how IPv6 enables the sustainable growth of the Internet, and the possibility for new services and business opportunities on large-scale IP installations.
7 September 2017 - At ION Conference Durban, South Africa, Andrew Alston on how Liquid Telecom deployed IPv6 and how other organizations can do the same.
This document provides an overview of IPv6 and the transition from IPv4. It discusses how IPv4 addresses are exhausted, issues with NAT as a solution, and the benefits of IPv6 which provides vastly more addresses. Dual stack is presented as the best approach, allowing devices to communicate over both IPv4 and IPv6. Challenges to IPv6 adoption are outlined such as network equipment and software support. IPv6 deployment statistics for some Latin American countries are provided, showing low levels of adoption. The role of LACNIC in training and resources to support the IPv6 transition in the region is also summarized.
Tony Smith presented on the status of IPv6 deployment globally and in the Asia Pacific region based on various statistics. He found that IPv6 deployment is varied among regions, economies, and network operators, with some being more active than others. Statistics showed growth of IPv6 adoption in countries like China, Hong Kong, Japan, Singapore, and Taiwan due to initiatives by governments and private sectors working together. Mobile networks were also shifting to IPv6 to support growth in mobile broadband usage. Continuous information sharing and collaboration between stakeholders was key to supporting current and future Internet growth.
The document discusses the need for higher education institutions to deploy IPv6, as IPv4 addresses are depleting. It recommends that IPv6 support is no longer optional for IP-capable nodes. It provides examples of how US federal agencies deployed IPv6 and the costs of deploying versus not deploying IPv6. The presentation discusses addressing plans, security considerations, staff training, and transition technologies like dual stack that institutions can use to deploy IPv6. Real-world case studies of successful IPv6 deployments are also presented.
IPv6 session and survey report from IPv6 + content providers session in JANOG 35APNIC
This document summarizes an IPv6 session and survey from the JANOG 35 meeting in Japan. The session discussed why content providers are reluctant to deploy IPv6. A survey of NOG members found that while many infrastructure providers support IPv6, uptake by customers and content is still low. For IPv6 to become widely used, respondents felt that content must be served over both IPv6 and IPv4, and actual communication between endpoints using IPv6 is needed, not just access network support. The document concludes that continued efforts are needed to further IPv6 deployment.
IPV6 Deployment for Broadband Internet by Azura Mat SalimMyNOG
Telekom Malaysia (TM) has been deploying IPv6 since 2004 to prepare for IPv4 address exhaustion. In 2011, TM accelerated its IPv6 implementation by forming a steering committee and focusing on network infrastructure, operations, IT systems, products, and training. Currently, TM has over 100 IPv6 peering partners globally and provides dual-stack broadband Internet using PPPoE and DHCPv6 with delegated IPv6 prefixes. While IPv6 traffic is still less than 1% of TM's total traffic, the number of dual-stack subscribers is growing steadily as more users acquire IPv6-compatible devices. TM's deployment strategy is to push IPv6 configurations gradually without forcing migration and provide education to address common user misconceptions
Similar to IPv6 Deployment Case on a Korean Governmental Website (20)
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
IPv6 Deployment Case on a Korean Governmental Website
1.
2. National Internet Registry of Korea
• KrNIC
- ccTLD service and DNS (.kr, .한국)
- IP allocations v4&v6
- IDRC
- IPv6 Promotion & Support
• KrCert/CC
• and many more
http://kisa.or.kr
3. • Current IPv6 commercial services in Korea
- LTE mobile service (Sep 2014~), more than 6 million IPv6 devices
- CATV service (Dec 2015~), 60,000 IPv6 subscribers
- B2B, B2C internet, …?
- KISA is providing IPv6 internet connection for free of charge
• But nearly no contents…
6. • Trial IPv6 (dual stack) deployment on a mobile website of Korean
ministry – MSIP – for a month
• Korean governmental websites are being operated in the integrated
data center called NCIS
• Very sensitive and careful regarding service stability
‐ We decided not to change IPv4 systems at all and configure a new IPv6
based test network for the trial service
7. • Fixed line IPv6 internet service is not being provided yet…
Governmental
Data Center
IPv6
Internet
IPv4 ISP
IPv4 ISP
IPv4 ISP
6to4 Tunnel
9. • Resource synchronization (DB, etc)
• Some components without IPv6 support…
‐ Security equipments
‐ And softwares
10. • Some companies have announced that IPv6 performs better than
IPv4 in specific environments
• Could we expect reliable and fast IPv6 connection as well?
17. • The trial service was reliable enough
- no connection failure or user complaint
• However, IPv6 connection was notably slower than IPv4
- We found that in many cases, web browsers firstly tried to access the
website by IPv6, and then fallback to IPv4 because they weren’t able to
make the connection until the Happy Eyeball time limit…
• What makes this difference? Why IPv6 is slower and unreliable?
18. • Comparison of the number of BGP paths of IPv4 and IPv6
nearly no path!
(APNIC vizAS)
20. • We can hardly find IPv6 native paths in Korea
- A vast majority of IPv6 paths are 6in4/6to4 tunnel connected to KISA
- Moreover the difference in the number of BGP paths is enormous
- It’s difficult to fairly compare IPv6 and IPv4 in this situation, but it’s our
circumstance anyway
• Which factors does influence on the performance?
- The number of BGP paths? Transition technologies? NAT middle boxes?
Protocol itself? What else?
- Which are the factors we can control and which are the ones we can’t?
- That is to say, what can we do in order to improve this situation?
21. • We’re trying to arrange and persuade the top-tier ISPs’ IPv6 BGP
peering to make more IPv6 paths
• Currently the connection failure of IPv6 may possibly happen because
of too few paths
‐ Web browsers have Happy Eyeball fortunately, but there’re another
applications without fallback algorithms (which means higher risk)
• How shall we help the contents providers avoid these kind of
business risks and get rid of their anxieties of deploying IPv6?
‐ Fast fallback algorithm for all environments?
22. IPv6 Only
IPv4/IPv6
Dual Stack
IPv6 Only
eNodeB SGW PGW
L3 SW PE
NAT64
PE PE
Core RT
L2 SW L3 SW
NAT64
PECore RT
DNS
DNS64
DNS
DNS64
Core RT
IPv4
IPv6
u Packet Generator
u Frame Size Control
u Throughput Control
u IPv4/IPv6 Packet mix control
u traceroute
u Hop Count Check
u Hop by Hop Response Time
Check
u ping
u Response Time Check
u Web Browser
u Happy Eyeball check
u Round Trip Time check
u Wireshark
u Packet analysis
u Throughput Check
u Delay Check
u Frame Loss Check
u Round Trip Time Check
u Hop Count & route pachCheck
u Address Translation Performance Check
u DNS Response Time Check
u Top 100 Web Service Response
u Web Image Download Time
u File Download Time
u Video/Audio Streaming
u Game Contents Download
u VoIP