Many developers are stuck in the world of old-school IPv4 - it's an easy and comfortable place to be! But beneath the cosy world of PHP, your network layer has been undergoing major changes that might be outside your comfort zone. IPv6, SPDY (aka HTTP/2.0) and SSL are all important technologies that you need to get to grips with, both inside and outside PHP. This talk covers the key features of these technologies and how you can use them to improve your app's availability, performance and security.
This talk was presented at the Dutch PHP conference 2015
This document discusses the transition from IPv4 to IPv6 over time. It describes several methods used for the transition, including: dual-stack which allows both IPv4 and IPv6 on devices; tunnels which allow IPv6 traffic to be carried over IPv4 networks; and network address translation protocols like NAT64 which allow translation between IPv4 and IPv6. The document outlines the progression of transition technologies from early experiments with tunnels in the 1990s to current approaches using address and port translation to share limited IPv4 addresses. Security challenges are also discussed, such as inability to inspect tunneled traffic and threats to stateful translation protocols.
2015 update: SIP and IPv6 issues - staying Happy in SIPOlle E Johansson
What's the state of SIP and IPv6?
- An update I gave at the Netnod spring Meeting 2015.
Nothing much is happening, despite the fact that we have proven real issues with dual stacks in SIP.
A presentation that tries to set an IPv6 agenda for the SIP community. VoIP and IPv6 is a natural match. If we want unified communication to be truly global and unified - we need to build solutions on IPv6 and not Ipv4.
Discussion slides for the SIP forum IPv6 task group conference call 12/12/12 covering issues with SIP DNS, SIP and locating next hop in a dual stack world and issues with Server Based ALG decisions for media paths.
This document provides an overview and agenda for a course on Introduction to IPv6 for Service Providers. The course covers IPv6 essentials such as addressing, operations, applications/services, routing protocols, and transition strategies. It discusses the rationale for adopting IPv6 including the depletion of IPv4 addresses and the need to support the growing number of internet-connected devices. The document outlines some of the key limitations of IPv4 like fragmentation and the issues with long-term reliance on Network Address Translation (NAT) to overcome the address space depletion.
Learn about IBM z/VSE Live Virtual Class 2012, that is easily extendable, Simplier routing, multicasting, has automatic configuration and Full mobile device support.
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
SIP use DNS to find a server for a specific URI, like sip:alice@example.com. With DNS a SIP service can provide failover, load balancing and much more. SIP without DNS is a broken solution. SIP and DNS rocks!
This document discusses the transition from IPv4 to IPv6 over time. It describes several methods used for the transition, including: dual-stack which allows both IPv4 and IPv6 on devices; tunnels which allow IPv6 traffic to be carried over IPv4 networks; and network address translation protocols like NAT64 which allow translation between IPv4 and IPv6. The document outlines the progression of transition technologies from early experiments with tunnels in the 1990s to current approaches using address and port translation to share limited IPv4 addresses. Security challenges are also discussed, such as inability to inspect tunneled traffic and threats to stateful translation protocols.
2015 update: SIP and IPv6 issues - staying Happy in SIPOlle E Johansson
What's the state of SIP and IPv6?
- An update I gave at the Netnod spring Meeting 2015.
Nothing much is happening, despite the fact that we have proven real issues with dual stacks in SIP.
A presentation that tries to set an IPv6 agenda for the SIP community. VoIP and IPv6 is a natural match. If we want unified communication to be truly global and unified - we need to build solutions on IPv6 and not Ipv4.
Discussion slides for the SIP forum IPv6 task group conference call 12/12/12 covering issues with SIP DNS, SIP and locating next hop in a dual stack world and issues with Server Based ALG decisions for media paths.
This document provides an overview and agenda for a course on Introduction to IPv6 for Service Providers. The course covers IPv6 essentials such as addressing, operations, applications/services, routing protocols, and transition strategies. It discusses the rationale for adopting IPv6 including the depletion of IPv4 addresses and the need to support the growing number of internet-connected devices. The document outlines some of the key limitations of IPv4 like fragmentation and the issues with long-term reliance on Network Address Translation (NAT) to overcome the address space depletion.
Learn about IBM z/VSE Live Virtual Class 2012, that is easily extendable, Simplier routing, multicasting, has automatic configuration and Full mobile device support.
SIP and DNS - federation, failover, load balancing and moreOlle E Johansson
SIP use DNS to find a server for a specific URI, like sip:alice@example.com. With DNS a SIP service can provide failover, load balancing and much more. SIP without DNS is a broken solution. SIP and DNS rocks!
Journey to IPv6 - A Real-World deployment for MobilesAPNIC
This document provides an overview of Telstra's journey to deploying IPv6 for mobiles. It discusses why IPv6 is needed due to growth in devices and traffic, and depletion of IPv4 addresses. It covers the business and technical considerations for transitioning to IPv6. The document outlines Telstra's network architectures for IPv6 including centralised CGN, 464XLAT architecture and addressing schemes. It discusses their deployment model and experiences including growth in IPv6 usage. Lessons learned around community engagement, customer support and reporting metrics are also provided.
This document discusses various strategies for transitioning from IPv4 to IPv6. It begins by establishing that IPv4 addresses are running out due to the IANA and RIR pools being depleted. It then outlines three main strategies: doing nothing and remaining IPv4-only; extending the life of IPv4 through NAT or acquiring more addresses; and implementing IPv4/IPv6 coexistence techniques like dual-stack, 6rd, or large-scale NAT. Each strategy is defined and its advantages and disadvantages are discussed. The document provides guidance on which approaches may be suitable depending on an organization's needs and infrastructure capabilities.
A quick introduction to Kamailio - the leading Open Source SIP server (based on OpenSER and SER). Kamailio is quite different than Asterisk, FreeSwitch and many other VoIP platforms - why is that and how do you start getting your head around Kamailio?
IPv6 Transition Strategies discusses various strategies available to service providers as IPv4 addresses run out, including doing nothing, extending the IPv4 network through NAT, and deploying IPv6 transition technologies. The document defines key terms like dual-stack, NAT, carrier grade NAT, and IPv6 transition methods. It then analyzes the advantages, disadvantages, and applicability of strategies like doing nothing, NAT, dual-stack networks, and IPv6 transition techniques involving tunneling or translation.
The document summarizes the migration from IPv4 to IPv6. It discusses that IPv4 addresses are running out due to the increasing number of internet users and devices. IPv6 was created to support more addresses using a 128-bit system that supports up to 3.4*10^38 addresses. The key migration strategies discussed are dual stack, which supports both IPv4 and IPv6, and tunneling, which allows IPv6 packets to be sent over IPv4 networks. The advantages of IPv6 include a much larger address space, eliminating NAT, built-in IPSec support, and other security and networking improvements.
A short presentation with some things I've discovered being important in Unified Communication migration projects I've worked on. Presentation from the Uninett Telephony Workshop in Trondheim, May 2012.
The document discusses updates needed for SIP to work effectively in modern environments. It recommends: 1) requiring support for SIP Outbound and TLS/DTLS key exchange to address challenges of NAT and encryption; 2) requiring full support for Opus codec and RTCP feedback to optimize media; and 3) supporting IETF work on standards like STIR, SIPCORE, and stronger authentication. The document also outlines upcoming SIP features from the IETF and SIP Forum around improved identities, dual-stack support, and TLS in SIPConnect 2.0.
This document discusses IPv6, including:
1. An overview of IPv6, which was developed to address the limited address space of IPv4 as internet usage grew exponentially.
2. IPv6 addresses are 128-bit and represented using eight groups of four hexadecimal digits separated by colons.
3. Reasons for the development of IPv6 include supporting more devices connected to the internet and incorporating security features not available in IPv4.
This document discusses IPv6 transition and the state of IPv6 adoption. It notes that while IPv4 address exhaustion is a real issue, users do not care and prefer NAT for security. Transition requires cooperation across users, ISPs, devices and content. Statistics show rapid growth of IPv6 adoption by major networks worldwide in the last two years. Full transition to IPv6 is needed to enable unlimited connectivity for cloud/mobile internet and the internet of things going forward.
This document discusses Samba and IPv6 support in Windows Vista. It notes that while raw SMB file sharing works over IPv6 in Samba 3 and Samba 4 with some workarounds, Samba cannot currently function as an Active Directory domain controller for IPv6 clients like Vista. It recommends that further work is needed in Samba 4 to fully support IPv6, especially for Active Directory functions, to allow organizations migrating to Vista and IPv6 networks to use Samba.
IPv6 is the most recent version of the Internet Protocol (IP), and was developed by IETF to overcome the inevitable exhaustion of IPv4 addresses. In order to simplify the transition towards IPv6, the protocol iterated very little on how IPv4 operates other than offering more address space. This inadvertently produced the exact opposite of the intended effect: with no compelling new features for anyone outside of network engineering, IPv6 deployment has been hampered for decades, as developers find increasingly creative ways of efficiently using IPv4 address space rather than bearing the cost of transition.
In this talk, Fastly Network Engineer João Taveira discusses these protocol design failures and instead explain how Fastly re-architected its infrastructure around IPv6. By addressing IPv6 in a clean-slate manner, Fastly avoided perpetuating many of the mistakes of IPv4, and the resulting network architecture has the potential to significantly affect the performance, resilience, and economics of content delivery.
The document discusses the impending exhaustion of IPv4 addresses and the need to transition to IPv6. It provides background on IPv6 including that it provides 128-bit addresses to solve exhaustion, utilizes extensions to DHCPv6 for home network prefix assignment, and can be implemented via dual stack, tunneling, or translation methods. Charts show the decreasing pool of available IPv4 addresses and acceleration in depletion rates. The document argues for early adoption of IPv6 to avoid risks from delayed transition and outlines a 3-tier strategy using technologies like dual stack, 6rd, NAT64, and Dual-Stack Lite.
The document discusses IPv6 and its advantages over IPv4. Some key points:
- IPv6 addresses are 128 bits, compared to 32 bits for IPv4, allowing for virtually unlimited unique addresses. IPv6 uses unicast, multicast, and anycast but not broadcast.
- IPv6 simplifies the header format and allows for extension headers to add new features. It also eliminates checksums and performs fragmentation only at the source.
- IPv6 was designed for autoconfiguration, allowing nodes to automatically obtain addresses and other information via protocols like SLAAC and DHCPv6.
Hypes? Fanfares? Fads? Wading through the muddy IPv6 puddleAPNIC
Hypes? Fanfares? Fads? Wading through the muddy IPv6 puddle, by Sunny Yeung.
A presentation given at the APNIC 40 "Hypes? Fanfares? Fads? Wading through the muddy IPv6 puddle" session on Wed, 9 Sep 2015.
This document provides an overview of IPv6, the latest revision of the Internet Protocol. IPv6 was developed by IETF to address the problem of IPv4 address exhaustion, as IPv4 addresses were being depleted. IPv6 features a much larger 128-bit address space compared to 32-bits in IPv4, providing vastly more unique IP addresses. It also includes improvements in routing, network autoconfiguration, security, quality of service, and mobility support. The document discusses the history and development of IPv6, as well as its addressing modes, address types, headers, communication methods, and transition technologies from IPv4 to IPv6 networks.
As IPv6 address migration is catching up in all enterprise networks, we'll take a look at some of the operational best practices to migrate to and subnet IPv6 addresses.
The document discusses using JavaScript to style components instead of CSS. It describes how React allows defining styles inline but that is not ideal. The author explores using Webpack and React-style to define styles within components in JavaScript and have them automatically output to a stylesheet. This avoids separating styles across files while keeping styles tightly coupled to components. The document argues JavaScript is well-suited as a "preprocessor" for generating styles and provides examples of using variables, functions and loops to generate styles programmatically.
UX, ethnography and possibilities: for Libraries, Museums and ArchivesNed Potter
1) The document discusses how the University of York Library has used various user experience (UX) techniques like ethnographic observation and interviews to better understand user needs and behaviors.
2) Some changes implemented based on UX findings include installing hot water taps, changing hours, and adding blankets - aimed at improving the small details of user experience.
3) The presentation encourages other libraries, archives and museums to try incorporating UX techniques like behavioral mapping and cognitive interviews to inform design changes that enhance services for users.
Journey to IPv6 - A Real-World deployment for MobilesAPNIC
This document provides an overview of Telstra's journey to deploying IPv6 for mobiles. It discusses why IPv6 is needed due to growth in devices and traffic, and depletion of IPv4 addresses. It covers the business and technical considerations for transitioning to IPv6. The document outlines Telstra's network architectures for IPv6 including centralised CGN, 464XLAT architecture and addressing schemes. It discusses their deployment model and experiences including growth in IPv6 usage. Lessons learned around community engagement, customer support and reporting metrics are also provided.
This document discusses various strategies for transitioning from IPv4 to IPv6. It begins by establishing that IPv4 addresses are running out due to the IANA and RIR pools being depleted. It then outlines three main strategies: doing nothing and remaining IPv4-only; extending the life of IPv4 through NAT or acquiring more addresses; and implementing IPv4/IPv6 coexistence techniques like dual-stack, 6rd, or large-scale NAT. Each strategy is defined and its advantages and disadvantages are discussed. The document provides guidance on which approaches may be suitable depending on an organization's needs and infrastructure capabilities.
A quick introduction to Kamailio - the leading Open Source SIP server (based on OpenSER and SER). Kamailio is quite different than Asterisk, FreeSwitch and many other VoIP platforms - why is that and how do you start getting your head around Kamailio?
IPv6 Transition Strategies discusses various strategies available to service providers as IPv4 addresses run out, including doing nothing, extending the IPv4 network through NAT, and deploying IPv6 transition technologies. The document defines key terms like dual-stack, NAT, carrier grade NAT, and IPv6 transition methods. It then analyzes the advantages, disadvantages, and applicability of strategies like doing nothing, NAT, dual-stack networks, and IPv6 transition techniques involving tunneling or translation.
The document summarizes the migration from IPv4 to IPv6. It discusses that IPv4 addresses are running out due to the increasing number of internet users and devices. IPv6 was created to support more addresses using a 128-bit system that supports up to 3.4*10^38 addresses. The key migration strategies discussed are dual stack, which supports both IPv4 and IPv6, and tunneling, which allows IPv6 packets to be sent over IPv4 networks. The advantages of IPv6 include a much larger address space, eliminating NAT, built-in IPSec support, and other security and networking improvements.
A short presentation with some things I've discovered being important in Unified Communication migration projects I've worked on. Presentation from the Uninett Telephony Workshop in Trondheim, May 2012.
The document discusses updates needed for SIP to work effectively in modern environments. It recommends: 1) requiring support for SIP Outbound and TLS/DTLS key exchange to address challenges of NAT and encryption; 2) requiring full support for Opus codec and RTCP feedback to optimize media; and 3) supporting IETF work on standards like STIR, SIPCORE, and stronger authentication. The document also outlines upcoming SIP features from the IETF and SIP Forum around improved identities, dual-stack support, and TLS in SIPConnect 2.0.
This document discusses IPv6, including:
1. An overview of IPv6, which was developed to address the limited address space of IPv4 as internet usage grew exponentially.
2. IPv6 addresses are 128-bit and represented using eight groups of four hexadecimal digits separated by colons.
3. Reasons for the development of IPv6 include supporting more devices connected to the internet and incorporating security features not available in IPv4.
This document discusses IPv6 transition and the state of IPv6 adoption. It notes that while IPv4 address exhaustion is a real issue, users do not care and prefer NAT for security. Transition requires cooperation across users, ISPs, devices and content. Statistics show rapid growth of IPv6 adoption by major networks worldwide in the last two years. Full transition to IPv6 is needed to enable unlimited connectivity for cloud/mobile internet and the internet of things going forward.
This document discusses Samba and IPv6 support in Windows Vista. It notes that while raw SMB file sharing works over IPv6 in Samba 3 and Samba 4 with some workarounds, Samba cannot currently function as an Active Directory domain controller for IPv6 clients like Vista. It recommends that further work is needed in Samba 4 to fully support IPv6, especially for Active Directory functions, to allow organizations migrating to Vista and IPv6 networks to use Samba.
IPv6 is the most recent version of the Internet Protocol (IP), and was developed by IETF to overcome the inevitable exhaustion of IPv4 addresses. In order to simplify the transition towards IPv6, the protocol iterated very little on how IPv4 operates other than offering more address space. This inadvertently produced the exact opposite of the intended effect: with no compelling new features for anyone outside of network engineering, IPv6 deployment has been hampered for decades, as developers find increasingly creative ways of efficiently using IPv4 address space rather than bearing the cost of transition.
In this talk, Fastly Network Engineer João Taveira discusses these protocol design failures and instead explain how Fastly re-architected its infrastructure around IPv6. By addressing IPv6 in a clean-slate manner, Fastly avoided perpetuating many of the mistakes of IPv4, and the resulting network architecture has the potential to significantly affect the performance, resilience, and economics of content delivery.
The document discusses the impending exhaustion of IPv4 addresses and the need to transition to IPv6. It provides background on IPv6 including that it provides 128-bit addresses to solve exhaustion, utilizes extensions to DHCPv6 for home network prefix assignment, and can be implemented via dual stack, tunneling, or translation methods. Charts show the decreasing pool of available IPv4 addresses and acceleration in depletion rates. The document argues for early adoption of IPv6 to avoid risks from delayed transition and outlines a 3-tier strategy using technologies like dual stack, 6rd, NAT64, and Dual-Stack Lite.
The document discusses IPv6 and its advantages over IPv4. Some key points:
- IPv6 addresses are 128 bits, compared to 32 bits for IPv4, allowing for virtually unlimited unique addresses. IPv6 uses unicast, multicast, and anycast but not broadcast.
- IPv6 simplifies the header format and allows for extension headers to add new features. It also eliminates checksums and performs fragmentation only at the source.
- IPv6 was designed for autoconfiguration, allowing nodes to automatically obtain addresses and other information via protocols like SLAAC and DHCPv6.
Hypes? Fanfares? Fads? Wading through the muddy IPv6 puddleAPNIC
Hypes? Fanfares? Fads? Wading through the muddy IPv6 puddle, by Sunny Yeung.
A presentation given at the APNIC 40 "Hypes? Fanfares? Fads? Wading through the muddy IPv6 puddle" session on Wed, 9 Sep 2015.
This document provides an overview of IPv6, the latest revision of the Internet Protocol. IPv6 was developed by IETF to address the problem of IPv4 address exhaustion, as IPv4 addresses were being depleted. IPv6 features a much larger 128-bit address space compared to 32-bits in IPv4, providing vastly more unique IP addresses. It also includes improvements in routing, network autoconfiguration, security, quality of service, and mobility support. The document discusses the history and development of IPv6, as well as its addressing modes, address types, headers, communication methods, and transition technologies from IPv4 to IPv6 networks.
As IPv6 address migration is catching up in all enterprise networks, we'll take a look at some of the operational best practices to migrate to and subnet IPv6 addresses.
The document discusses using JavaScript to style components instead of CSS. It describes how React allows defining styles inline but that is not ideal. The author explores using Webpack and React-style to define styles within components in JavaScript and have them automatically output to a stylesheet. This avoids separating styles across files while keeping styles tightly coupled to components. The document argues JavaScript is well-suited as a "preprocessor" for generating styles and provides examples of using variables, functions and loops to generate styles programmatically.
UX, ethnography and possibilities: for Libraries, Museums and ArchivesNed Potter
1) The document discusses how the University of York Library has used various user experience (UX) techniques like ethnographic observation and interviews to better understand user needs and behaviors.
2) Some changes implemented based on UX findings include installing hot water taps, changing hours, and adding blankets - aimed at improving the small details of user experience.
3) The presentation encourages other libraries, archives and museums to try incorporating UX techniques like behavioral mapping and cognitive interviews to inform design changes that enhance services for users.
The document discusses designing teams and processes to adapt to changing needs. It recommends structuring teams so members can work within their competencies and across projects fluidly with clear roles and expectations. The design process should support the team and their work, and be flexible enough to change with team, organization, and project needs. An effective team culture builds an environment where members feel free to be themselves, voice opinions, and feel supported.
An immersive workshop at General Assembly, SF. I typically teach this workshop at General Assembly, San Francisco. To see a list of my upcoming classes, visit https://generalassemb.ly/instructors/seth-familian/4813
I also teach this workshop as a private lunch-and-learn or half-day immersive session for corporate clients. To learn more about pricing and availability, please contact me at http://familian1.com
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
Thinking about your sales team's goals for 2017? Drift's VP of Sales shares 3 things you can do to improve conversion rates and drive more revenue.
Read the full story on the Drift blog here: http://blog.drift.com/sales-team-tips
How to Become a Thought Leader in Your NicheLeslie Samuel
Are bloggers thought leaders? Here are some tips on how you can become one. Provide great value, put awesome content out there on a regular basis, and help others.
The document discusses Internet Protocol version 6 (IPv6). It provides objectives for a lesson on IPv6 including explaining what is driving the need for IPv6, comparing IPv4 and IPv6, comparing IPv4 and IPv6 headers, and explaining zero compression. Example addresses are given to demonstrate zero compression techniques.
The document discusses the transition from IPv4 to IPv6. It notes that IPv4 only provides 4 billion addresses, which is inadequate for today's internet-connected devices, and that IPv6 was developed to address this shortage by providing vastly more addresses. Specifically, IPv6 uses a 128-bit address scheme to allow up to 340 undecillion unique addresses. The document outlines some key advantages of IPv6, such as easier address management and autoconfiguration, as well as built-in security and support for an increasingly mobile internet.
The document discusses the transition from IPv4 to IPv6. It notes that IPv4 only provides 4 billion addresses, which is inadequate for today's internet-connected devices, and that IPv6 was developed to address this shortage by providing vastly more addresses. Specifically, IPv6 uses a 128-bit address scheme to allow up to 3.4×10^38 total addresses. The document then provides details on IPv6 addressing notation, configuration, security features, and mobility support, and notes that a full transition to IPv6 will take many years.
This document provides guidance on rapidly deploying IPv6 for ISP networks. It begins by outlining common concerns with IPv6 implementation and then provides steps to take including: starting implementation in a lab; enabling IPv6 on core infrastructure; enabling customer services in stages from easiest to hardest; and conducting a network readiness assessment. The document then provides examples of enabling IPv6 on routers and end customer connections using a simplified IPv6 addressing scheme. It discusses additional considerations like security, Linux and Windows test beds, non-networking devices, sources of help, and convincing management of the need for IPv6 deployment.
DMIEXPO - Ajay Goyal - Maximum ROI in Bulk Emailing by IPv6 – Optimum deliver...Morning Dough
Following are the main points:
1. What is the meaning, purpose and importance of IPs?
2. What is the meaning of IPv4 and IPv6?
3. What is the role of IPs in Bulk Emailing?
4. Why IPv4 is an obsolete version in Bulk Emailing?
5. How to get maximum in-boxing by sending email through IPv6?
6. How to get maximum deliverability by sending email through IPv6?
7. How to avoid spamming protection even though using 3rd party or purchased list?
8. How to ensure delivery to TLDs, even after their protection?
9. How can cost be reduced by using IPv6?
10. How to get faster deliverability (fastest) through IPv6?
11. How to get page one ranking at google SERP (Search Engine Ranking Page) while using IPv6?
12. Why IPv6 is faster than IPv4 and how does it create effect on the performance in Bulk Emailing?
IPv4, developed in 1970, was expected to meet networking needs but became insufficient as the internet grew. In 1994, IPv6 was developed with a vastly larger 128-bit address size to avoid IPv4's address exhaustion issues. While IPv4 uses 32-bit addressing and dotted decimal notation, IPv6 uses hexadecimal addresses separated by colons. IPv6 will provide enough addresses for every person on Earth multiple times and support continued growth as we transition away from IPv4.
The document provides an overview of IPv6 addressing and configuration. It describes:
- Three key features of IPv6 addressing - unicast, multicast, and anycast addresses. IPv6 uses link-local and global unicast addresses.
- Methods for configuring IPv6 addresses, including static configuration of link-local and global unicast addresses, as well as dynamic configuration using stateless address autoconfiguration (SLAAC) and stateful DHCPv6.
- Router advertisement and router solicitation messages used in the dynamic configuration processes, and how these messages can specify use of SLAAC, SLAAC with stateful DHCP, or stateful DHCP alone.
This document provides an overview of IPv6, the latest revision of the Internet Protocol. IPv6 was developed by IETF to address the problem of IPv4 address exhaustion, as IPv4 addresses were being depleted. IPv6 features a much larger 128-bit address space compared to 32-bits in IPv4, providing vastly more unique IP addresses. It also includes improvements in routing, network autoconfiguration, security, quality of service, and mobility support. The document discusses the history and development of IPv6, its addressing modes and types, headers, communication methods, transitioning from IPv4, routing, and the future of IPv6.
This chapter discusses IPv6, the next-generation Internet protocol. IPv6 was created to address the impending exhaustion of IPv4 addresses as the number of internet-connected devices grows rapidly. IPv6 uses 128-bit addresses compared to 32-bit addresses in IPv4. It supports various address types including unicast, multicast, and anycast. IPv6 also introduces mechanisms for address autoconfiguration and tunneling to support transition from IPv4 to IPv6.
This chapter discusses IPv6, the next-generation Internet protocol. IPv6 was created to address the impending exhaustion of IPv4 addresses as the number of internet-connected devices grows rapidly. IPv6 uses 128-bit addresses compared to 32-bit addresses in IPv4. It supports various address types including unicast, multicast, and anycast. IPv6 also introduces mechanisms for address autoconfiguration and supports tunneling techniques for transitioning to IPv6, such as 6to4 tunnels.
This document provides information about IPv6 addressing and describes a lab exercise to help identify different types of IPv6 addresses. The lab has three parts: 1) Identify types of IPv6 addresses based on address prefixes, 2) Examine a host's IPv6 network settings to find its link-local address, 3) Practice abbreviating IPv6 addresses using defined rules. Key points covered include the structure of IPv6 addresses, common address types like link-local and global unicast, and how to compress addresses using techniques like omitting leading zeros and replacing runs of zeros with "::".
This document provides an overview of IPv4 and IPv6. It discusses that IPv4 uses 32-bit addresses and is running out of available addresses, while IPv6 uses 128-bit addresses providing vastly more address space. IPv6 was developed to replace IPv4 and improves on areas like security, quality of service, and mobility. The document compares features of IPv4 and IPv6 such as address syntax, header fields, and configuration methods.
IPv6 is a better protocol than IPv4 for today's Internet for several reasons:
1) It has a 128-bit address space providing an enormous number of addresses, eliminating the risk of running out that exists with IPv4. This is enough addresses to assign each atom on Earth while having additional addresses remaining.
2) It has built-in security features like IPSec that were initially designed for IPv6, making it safer than IPv4 over the Internet where hackers can potentially access any system.
3) It supports seamless mobility so a user can roam while connected applications are unaware, seeing the user always at their home address.
what/why/how of IPv6 || 2002:3239:43c3::1Anshu Prateek
IPv6 is the successor to IPv4 and was developed to address the problem of IPv4 running out of addresses. IPv6 implements a new 128-bit addressing system that provides many more addresses than IPv4. Transitioning to IPv6 is important for businesses to allow for personalized content, targeted advertising, and to avoid issues with widespread network address translation. Individuals and organizations can obtain IPv6 access through their ISP's native implementation, by using tunneling services like Tunnelbroker.net, or via protocols like 6to4 and Teredo that tunnel IPv6 traffic over IPv4 networks.
The document provides an overview of IPv6 implementation including key features like larger address space, simplified headers, and auto-configuration. It discusses IPv6 addressing modes like unicast, multicast, and anycast. Special address types and the IPv6 header are also explained. Methods for transitioning from IPv4 to IPv6 like dual stack routers and tunneling are covered. IPv6 routing protocols and basic configuration are also summarized.
Internet Protocol version 6 (IPv6) is the latest version of the
Internet Protocol (IP), the communications protocol that
provides an identification and location system for computers
on networks and routes traffic across the Internet.
IPv4 & IPv6 are not designed to be interoperable, complicating
the transition to IPv6. However, several IPv6 transition
mechanisms have been devised to permit communication
between IPv4 and IPv6 hosts.
A very small introduction to IP version 6 presented by Michael Dabydeen to the 2nd Year Students in the CSI 2103 class at the University of Guyana Berbice Campus, on Wednesday Nov 7th, 2012
This document provides an introduction and overview of IPv6, including:
- IPv6 is the next generation internet protocol that will replace IPv4, providing a vastly larger address space and additional features.
- The key reasons for adopting IPv6 are that IPv4 addresses are running out due to the exponential growth of internet-connected devices, while IPv6 supports 128-bit addresses providing trillions of times more addresses.
- IPv6 addresses are 128-bit compared to 32-bit IPv4 addresses, written in hexadecimal format divided into eight groups, and features include improved security, mobility, and traffic routing capabilities.
9 in the Maths for I.T Digital Learning sessions - This time the theme is the Hexadecimal number system.
Tasks incorporated include the following;
Hex to Binary
Binary to Hex
and more...
Understandable and user-friendly way to master the Hex way of working.
Similar to Modern networking for php developers - Dutch PHP conference 2015 (20)
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
3. IPv6
Starting at the bottom of the stack. How many of you are using IPv6 already? How many of you have deployed IPv6-only servers?
We’re all familiar with IPv4 that has formed the foundation of the internet since 1978. IPv4 has served us very well, but it’s showing its age and has various shortcomings,
one of which is rapidly becoming a problem. The IETF was well aware where this was going, and set about designing a replacement, and IPv6 was finally ratified in 1998.
Yes, 1998! You’re not as bleeding edge as you might have thought!
4. Dutch PHP Conference 2015 Marcus Bointon
IPv6 Features
• Streamlined protocol headers - bigger but simpler
• Stateless autoconfiguration
• Built-in security (IPSec)
• Jumbograms
• Unicast / Multicast / Anycast
• More stuff that you don’t need to care about…
• 128-bit addresses
Protocol headers were made simpler to improve router efficiency - smaller routing tables.
Stateless autoconfiguration means devices can self-assign addresses without fear of clashes, finds gateways automatically, DHCP6 is more flexible
IPSec support is built-in
Jumbograms to reduce overhead on large transfers - up to 4Gb in a packet
Various ways of telling it to distribute packets to one or more addresses in a group. Anycast is something like a built-in CDN.
Loads more stuff that’s all buried in your stack that, as a PHP dev, you don’t need to care about
But the big, big thing you do need to know is that it replaces IPv4’s 32-bit addresses with 128-bit addresses
If you don’t think in binary, you might be thinking - that’s only 4 times bigger, surely we need more than that?
6. Dutch PHP Conference 2015 Marcus Bointon
So how big is that?
• If you used a 0.25mm pixel to display each available
address, how big an area would you need to display
them all?
• IPv4: about the size of a tennis court
• IPv6: 100,000 times the size of the solar system
It’s hard to get a grip on how big a number that is, so let’s relate it to something we might be able to comprehend.
OK, so maybe that’s not so easy to comprehend, but at least you get the idea that it’s very, very big.
If it’s any consolation, it’s much less than the number of ways you can order a pack of cards (10^67)!
7. Dutch PHP Conference 2015 Marcus Bointon
IPv6 Address Allocation
• Just like IPv4, but bigger
• Your ISP will probably give you a /64 subnet
• So you have 4 billion internets to pick your own
addresses from!
• Great for virtual hosting, SSL, docker containers
ISPs are allocated address blocks in much the same way as for IPv4, and they will allocate them to you in a similar way, but instead of being given say, 1 IP per server,
they can afford to be a bit more generous, and assign you whole net blocks from which you can choose your own addresses.
Security benefit: so many addresses, address scanning becomes useless.
8. Dutch PHP Conference 2015 Marcus Bointon
IPv6 Notation
• We’ve got very used to IPv4’s decimal dotted-quad
pattern: 192.168.0.1
• That’s just not practical for IPv6
• Hexadecimal for greater density
• Colons to delimit 16-bit chunks
• Square brackets to wrap
• [2001:0000:0000:EF22:0000:1234:5678:0001]
One common practical problem with IPv6 is how you write it down. It’s new and different.
A full-length IPv6 address using the IPv4 8-bit decimal notation would be up to 63 characters long.
Using hex takes it down to 39, and we’ll see that can be shortened further.
CIDR: Classless Inter-Domain Routing
We need the square brackets to limit the start and end of the address, so that it doesn’t get confused with the common port number notation in URLs.
9. Dutch PHP Conference 2015 Marcus Bointon
IPv6 Notation Shortcuts
• It’s all about the zeros
• Replace one sequence of one or more 0000 chunks
with a double-colon
• Collapse other 0000 chunks to 0
• Strip leading zeros: 0023 -> 23
• 2001:0000:0000:EF22:0000:1234:5678:0001
• 2001::EF22:0:1234:5678:1
Even with those changes, IPv6 addresses are a bit of a mouthful.
10. Dutch PHP Conference 2015 Marcus Bointon
Familiar Addresses
• IPv4 Localhost: 127.0.0.1
• IPv6 localhost:
[0000:0000:0000:0000:0000:0000:0000:0001]
• Becomes simply: [::1]
• All addresses: [::], just like 0.0.0.0
• Link-local addresses [FE80…]
• Network: [2001::EF22:0:1234:5678:0/96]
Link-local addresses are only valid for 1 hop, so only exist within a single network.
11. Dutch PHP Conference 2015 Marcus Bointon
IPv6 in PHP
• PHP and all host OSs have full IPv6 support
• PHP shows support in phpinfo()
• Provide IPv6 addresses in square brackets for
network functions
• e.g. fsockopen(‘tcp://[fe80::1]', 80…);
• Change validations to allow IPv6:
FILTER_VAR_IPV6, FILTER_FLAG_NO_PRIV_RANGE
All this IPv6 goodness is actually pretty simple in PHP - all the underlying systems support it, so you just need to make your app OK with it.
12. Dutch PHP Conference 2015 Marcus Bointon
IPv6 in MySQL
• If you’re using strings for storing IPs, stop now!
• UNSIGNED INT for IPv4
• Use MySQL 5.6
• Use VARBINARY(16) for an elegant, unified solution for both
IPv4 and IPv6 in the same field
• Convert to / from strings with INET6_ATON and
INET6_NTOA
• Similar PHP functions inet_ntop and inet_pton, with one
function wrapper needed
MySQL itself has supported IPv6 connections for years, but storing IPv6 addresses in binary fields was only added fairly recently.
There is no integer field type big enough, so need to use binary, and varbinary allows efficient storage of mixed IPv4 and IPv6
13. Dutch PHP Conference 2015 Marcus Bointon
Convert IPv4 or IPv6 from MySQL binary
format to a string
http://php.net/inet-ntop
This little snippet is needed to handle MySQL’s binary format, so I added it to the PHP docs page.
14. Dutch PHP Conference 2015 Marcus Bointon
Deploying IPv6
• Servers need IPv6 addresses - ISP must support it
• or you can tunnel until they do
• Clients need IPv6 connections too
• Name servers on IPv6
• AAAA records in your DNS
• Reverse DNS for mail servers
• Check other sources - CDNs too
Most decent hosting providers already have IPv6 - Amazon EC2 doesn’t support it for servers, but does for ELB load balancers.
You can tunnel IPv6 over IPv4 connections - SixXS and Hurricane Electric’s tunnelbroker.net provide it as a service.
Realistically you don’t want to be messing about with non-native support; use an ISP with a clue.
Lots of domestic broadband does not - they are all waiting for the last possible moment…
All 4G mobiles support IPv6 by definition, and Apple is requiring IPv6 support for iOS 9 apps.
Name servers need to be on IPv6 too or your lookups will happen over 4 even if your servers are on 6
It’s simpler if you use your ISP’s or registrar’s name servers as you don’t need glue records
Don’t forget to add them to your SPF record, create mail server reverse entries.
Your pages may be deployed from IPv6, but sub-elements may not - javascript, css, images etc.
15. Dutch PHP Conference 2015 Marcus Bointon
Testing IPv6
• `ip addr`, `ping6`, `dig aaaa`
• IPv6 addresses work in /etc/hosts
• https://www.mythic-beasts.com/ipv6/health-check
• Chrome/Firefox plugins for connection status
Mythic Beasts is a great ISP - some excellent IPv6 advice on their blog
Chrome extension called “IPvFoo”.
16. SSL / TLS
How many of you are using SSL already?
Jumping ahead a little, how many of you are using HSTS?
17. Dutch PHP Conference 2015 Marcus Bointon
No excuses not to run SSL any more
• Free certs available (Startcom & letsencrypt.org)
• Not significantly slower
• Required for SPDY…
• but not for HTTP/2
• Google will rank you higher!
• It’s essentially a requirement for iOS 9 apps
letsencrypt.org will be providing free certs from September 2015.
HTTP/2 not needing SSL is really a red herring, still no excuse
iOS 9 introduces “App Transport Security”, which is TLSv1.2, SHA256 and FS-only ciphers
18. Dutch PHP Conference 2015 Marcus Bointon
SSL has had a rough year
• Heartbleed - OpenSSL bugs
• POODLE - SSLv3 holes, RC4
• Logjam - weak export ciphers & DH params
• The upside - quality and awareness increased
Heartbleed was a really big deal, exposing random data in both clients and servers, led to a massive rewrite of OpenSSL by the OpenBSD developers, released as
LibreSSL, which will be in OS X 10.11.
We’ve known that SSLv3 was bad for a long time - POODLE was the last nail in its coffin.
RC4 was often favoured as a solution to a vulnerability known as BEAST, but this only affects older implementations or SSLv3 and TLS1.0.
Be aware that there are other attacks (like CRIME and BREACH), and there will probably be a new one tomorrow.
19. Dutch PHP Conference 2015 Marcus Bointon
Get the right certificate
• 2048-bit key
• SHA2 signature
• Extra names with SAN
• Wildcards make admin easier
• Issuing certificates is technically trivial
• …but administratively hard
SHA2 isn’t a fixed size, but SHA256 is common.
Can go bigger than 2048-bit keys, but diminishing returns, good for 20 years yet.
You don’t need to limit yourself to a single name per certificate. Most CAs will sell you a multi-name (Server Alternate Name) or wildcard cert which you can use for
multiple services. You can usually change or add new names of no extra charge. EV certs can’t be wildcards, but can use SAN.
SAN requires SNI support in clients if you want to use several names on one IP - SNI support is an HTTP/2 requirement.
Generating certificates is technically trivial - it takes a couple of seconds to create and sign a new cert and can be completely automated, yet it may take days (if a CA is
doing its job properly) with a manual process to verify that an applicant is who they say they are. Yet weirdly, most CAs charge for generation, not verification.
StartCom is the only CA I’ve found that prices based on this fact - charging only for validation, not cert generation. Once you have verified who you are, you can have as
many certs as you like for no extra cost.
20. Dutch PHP Conference 2015 Marcus Bointon
What to look for in a good config
• Redirect to secure site
• Ciphers that offer forward secrecy - DHE, ECDHE
• Use at least 2048-bit DH params for DHE
• At least TLS v 1.0
• SSL session caching
• Staple CA certs for OCSP
• HTTP Strict Transport Security (HSTS)
Forward secrecy means that captured traffic can’t be decrypted later even if an attacker gets hold of your private key.
TLS is simply the new name for SSL, a continuation of the same standards. 1.0 should be your minimum target now that SSLv3 is out, higher if your user base can take it.
Diffie-Hellman Ephemeral keys are used in key exchange with forward secrecy, and it’s vital that this is done very securely, so use at least 2048 bits. HTTP/2 requires
support of at least 4096 bits.
OCSP stapling saves a DNS lookup, TCP round-trips and an SSL handshake by bundling your CA’s certificate.
HSTS lets browsers know that everything you serve from your domain, and possibly all subdomains, should be secure. Helps avoid broken URLs, downgrade attacks,
cookie hijacking, MITM attacks, security warnings, reduces redirects.
21. Dutch PHP Conference 2015 Marcus Bointon
Testing SSL config
• Click the padlock!
• openssl s_client
• Qualys SSL Labs: https://www.ssllabs.com/ssltest/
• sslyze
• Config generator: https://mozilla.github.io/server-
side-tls/ssl-config-generator/
• Prefab configs: https://github.com/ioerror/duraconf
Test on a command line with the openssl client - lets you do all kinds of useful things - generating keys, verifying signatures, testing connections, generating DH
parameters etc.
Fantastic service by Qualys - examines what settings your server allows, how efficient it is, and also shows which clients can connect to it and how securely.
Windows XP & Java 6 compatibility might stop you getting an A+ rating.
sslyze offers similar testing from a command line.
Because there some very common configs, there are some ready-to-roll examples available and a nice config generator from mozilla for apache, nginx, haproxy, ELB.
Bear in mind that if you’re only serving a small range of client types, for example iOS 9, you can restrict settings heavily to make it more secure, for example by only
allowing TLSv1.2.
22. Dutch PHP Conference 2015 Marcus Bointon
HTTPS in PHP
• It’s been supported for years
• Certificates verified by default in PHP 5.6
• Override with ssl stream context properties
• HSTS is great, but…
• You may need to provide secure proxies
• Consider relative-protocol URLs deprecated
PHP 5.6 verifies certificates by default. Python and Ruby shared the same problem for many years. Some were campaigning for years to get this changed, but it was
never going to be smooth!
HSTS can break things like Wordpress plugins that load their own resources.
Relative Protocol URLs have a somewhat chequered history anyway - it’s common to run into certificate mismatches, domains that don’t provide SSL on the same
hostname (google did this) etc, can’t work where there is no page context.
23. SPDY & HTTP/2
How many of you are using SPDY?
How many of you are using HTTP/2?
As Ben Ramsey’s talk yesterday gave a thorough grounding on the background of HTTP/2, I’m skipping that.
24. Dutch PHP Conference 2015 Marcus Bointon
HTTP Potted History
• HTTP/0.9 - 1991
• HTTP/1.0 - 1996, RFC1945
• HTTP/1.1 - 1997, RFC2068, RFC732x
• SPDY - 2009
• HTTP/2 - 2015, RFC7540
• http://http2.github.io/http2-spec
0.9 only had GET!
1.0 added https, HEAD and POST, basic auth
1.1 proxies, caching, lots of new verbs
Later RFCs nailed things down a little harder, but the version remained unchanged
Google announced SPDY in 2009 as a means of addressing some of the shortcomings of HTTP, making use of their unique position as both site and browser maker,
something that they have continued to do.
SPDY became a public testbed for what was to eventually evolve into HTTP/2 - so HTTP/2 isn’t really all new.
25. Dutch PHP Conference 2015 Marcus Bointon
What’s in SPDY?
• It’s a tunnel for HTTP and HTTPS requests
• It’s a binary protocol
• Streamlines, combines, simplifies and compresses
HTTP requests and responses
• Reduces latency & overhead
• No app changes necessary
No more telnet into your web server :(
26. Dutch PHP Conference 2015 Marcus Bointon
What’s in HTTP/2?
• Compatibility with HTTP/1.1
• HPACK header compression
• Multiple prioritised streams within a single
connection - reduced TCP & SSL overhead
• Server can decide how to bundle resources
dynamically
• Real server push
Google’s intention was that SPDY would form the basis of HTTP/2, so the differences are evolutionary.
Also binary protocol, but curl and wget already speak HTTP/2.
Header compression helps reduce the impact of ever-expanding headers, cookies etc. HPACK rather than gzip to mitigate CRIME attacks.
Multiple streams within a single TCP connection - reduces setup time, latency - especially with SSL. HTTP/1.1 had pipelining, but it was strictly first-in/first-out and was
thus subject to head-of-line blocking.
Prioritisation means it could interrupt a large image download to sneak past an important ajax response.
Potential for pre-emptive push of related assets - when you request the page, you get all the CSS and JS with it, perhaps images too.
Could be done adaptively without pre-configuration, by watching what clients do - but we’re not there yet.
Server push is not just an illusion this time! TCP sockets are expected to stay open for long periods.
27. Dutch PHP Conference 2015 Marcus Bointon
HTTP/2 Client Support
• SPDY is everywhere
• HTTP/2 is getting there
• Even IE!
• Safari on OS X and iOS will get HTTP/2 in next
versions
• curl & libcurl
• No explicit support in PHP
Both SPDY and HTTP/2 have seen rapid uptake by web client developers - supported in all major browsers.
SPDY requires TLS, but HTTP/2 does not, however, nearly all the client implementations (that grew from SPDY) require it, so it’s a de-facto standard.
HTTP/2 will be in Safari 8.1 on OS X on 10.11 and iOS 9, but it’s already in Chrome for iOS.
Not a big deal for PHP as it will inherit client access through libcurl, and PHP rarely runs as a server.
28. Dutch PHP Conference 2015 Marcus Bointon
HTTP/2 Server Support
• Not in Apache or Nginx yet, but SPDY is
• Is in IIS & LiteSpeed
• H2O and nghttp2 can proxy
• Use SPDY for now
• Expect everything important by year end
Apache and nginx have excellent SPDY support, but no HTTP/2.
Nghttp2 library being used to add HTTP/2 support to various things, including an experimental apache module called mod_h2.
HTTP/2 will be in nginx by year-end.
H2O is a simple but very fast HTTP/2 server that you can use as a reverse proxy - no fastcgi support yet.
SPDY is a nice easy upgrade if you’re not using it already, but it won’t be around for long - Google has said it will be removed from Chrome next year.
29. Dutch PHP Conference 2015 Marcus Bointon
What to change for HTTP/2?
• Nothing!
• New anti-patterns
• Domain sharding
• Pre-combining CSS, JS assets, image sprites
• Not using TLS
• It’s going to get a lot better
Just like SPDY, you can treat it as mostly plug & play.
But there are current common practices that actively work against HTTP/2’s abilities.
Though HTTP/2 doesn’t strictly require TLS, the overhead it adds is “paid for” by the ALPN TLS extension that's as a way of upgrading a an HTTP/1.1 connection to
HTTP/2 without using the HTTP/2 upgrade mechanism. Also, all client implementations require TLS, so it’s academic.
It will get much better as new web server features evolve to take advantage of HTTP/2’s abilities.
30. Dutch PHP Conference 2015 Marcus Bointon
Testing SPDY & HTTP/2
• curl, wget, wireshark
• Browser extensions to show connection type
• Look at Google, twitter
• Chrome net internals:
• chrome://net-internals/#http2
• Benchmark it! It’s supposed to be faster!
Chrome extension called “HTTP/2 and SPDY indicator”
31. Dutch PHP Conference 2015 Marcus Bointon
The future
• Fix shortcomings of TCP
• QUIC
• Packetzoom
• DNSSec
• BlockChain
• PHP7!
TCP can be horribly inefficient, especially on busy, unreliable networks - like mobiles. Much of HTTP/2 is to reduce the impact of this overhead.
Latency is the defining factor in network performance.
QUIC is Google’s low-overhead reimagining of TCP built on UDP, so it works with all current stacks, already in Chrome, used on Google sites.
Packetzoom is doing the same thing, but using a whole new IP protocol tuned for mobile
DNS has a whole raft of security problems that are largely addressed by DNSSec, but it’s complex and being slow to gain traction. IPv6 increases the value of DNS
servers to attackers. Witness BT internet redirecting google searches to an insecure site!
Bitcoin’s BlockChain just seems to be popping up everywhere; it’s bound to get used for something significant soon!
Most of these are independent of PHP as they’re handled by lower-level servers
But we’re all looking forward to PHP7!