Category: automation

Mar 25

Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW)

Jen Linkova at IETF 92Today’s third day of IETF 92 turns out to be a quieter one for the topics we cover here on Deploy360.  The big activity will be in the first of two IPv6 Operations (v6OPS) working group sessions.  There will also be a reboot of the SUNSET4 working group and what should be an interesting discussion about “route leaks” in the GROW working group.  Here’s what our day looks like…

NOTE: If you are unable to attend IETF 92 in person, there are multiple ways to participate remotely.

In the 0900-1130 CDT block this morning, we’re not actively tracking any of the listed working groups as they don’t tie directly into our Deploy360 topics. However the BESS session about BGP-enabled services could be interesting, as could the SPUD BOF looking at what are barriers to implementing new transport protocols on the Internet (more info in the SPUD overview presentation).

After lunch from 1300-1500 CDT in the International Room will be the first of two IPv6 Operations (v6OPS) sessions (the second being tomorrow) with a packed agenda looking at design choices for IPv6 networks, IPv6 deployment case studies / lessons learned and more.  As IPv6 deployment continues to grow month over month, incorporating feedback from that deployment process back into the standards process is an essential part of ensuring continued growth.

In the 1520-1620 CDT block over in the Gold Room, the IPv6 discussion will continue in the SUNSET4 working group that is chartered to document and explore how well things will work in an IPv6-only environment when IPv4 is no longer available (i.e. IPv4 has “sunsetted”).  As noted in the SUNSET4 agenda, the working group has had a loss of momentum and will be looking today at how to restart efforts to move work items along.

Simultaneously over in the Parisian Room the Global Routing Operations (GROW) working group will be looking at how to improve the operations of the Internet’s global routing infrastructure.  As my colleague Andrei Robachevsky wrote in his Rough Guide to IETF 92 post:

In general, the focus of the GROW WG is on operational problems associated with the global routing system, such as routing table growth, the effects of interactions between interior and exterior routing protocols, and the effect of operational policies and practices on the global routing system, its security and resilience.

One of these items, which originally emerged in the SIDR WG and is now being discussed in the GROW WG, is so-called “route-leaks.” Simply speaking, this describes a violation of “valley-free” routing when, for example, a multi-homed customer “leaks” an announcement from one upstream provider to another one. Since usually customer announcements have the highest priority, if no precautions are taken this results in traffic from one provider to another bypassing the customer – potential for a staged MITM attack. But this is an explanation in layman terms, and the group was working on nailing down the definition and the problem statement, see https://datatracker.ietf.org/doc/draft-ietf-grow-route-leak-problem-definition/.

This issue of “route leaks” is one that comes up repeatedly and is causing problems on the global Internet. For instance, yesterday DynResearch tweeted about a route hijack of Google’s site by Belarus Telecom – now I don’t know if that was an actual “route leak”, but it’s the kind of routing issue we do see often on the Internet… which is why this class of issues needs to be identified and solutions proposed.

And just because we really want to be in three places at once… over in the Venetian Room during this same 1520-1620 time block will be the “Automated Certificate Management Environment (ACME)” BOF looking at ways to automate management of TLS certificates. As the agenda indicates, the session is primarily about discussing draft-barnes-acme and the efforts being undertaken as part of the Let’s Encrypt initiative.  The ideas are intriguing and proposals that help automate the security of the Internet can certainly help reduce the friction for regular users.

After all of that is over we’ll be joining in for the Operations and Administrative Plenary from 1640-1910 CDT.  You can view a live video stream of the plenary at http://www.ietf.org/live/    And then… we’ll be getting ready for Day 4…

For some more background, please read these Rough Guide posts from Andrei, Phil and I:

Relevant Working Groups:

For more background on what is happening at IETF 92, please see our “Rough Guide to IETF 92″ posts on the ITM blog:

If you are at IETF 92 in Dallas, please do feel free to say hello to our Chris Grundemann. And if you want to get started with IPv6, DNSSEC or one of our other topics, please visit our “Start Here” page to find resources appropriate to your type of organization.

Image: a photo by Olaf Kolkman of Jen Linkova at IETF 92. Part of a larger set of IETF 92 photos Olaf has published.

The post Deploy360@IETF92, Day 3: IPv6 Operations, Sunset4, ACME and Global Internet Routing (GROW) appeared first on Internet Society.

Mar 18

Registration Operations Workshop This Sunday Before IETF92 To Talk About EPP, Encryption, DNS

Registration Operations WorkshopHow can operators of registries such as top-level domains (TLDs) make their operations more efficient and more secure?  What can operators learn from each other?  And what are some of the larger initiatives happening that may affect registry operators?

These are all the kinds of questions that will be discussed this coming Sundary, March 22, 2015, at the 2nd Registration Operations Workshop (ROW) happening at the Fairmont Dallas Hotel on the Sunday before IETF 92 starts.  The ROW workshop is not affiliated with the IETF but has worked with the IETF to use a room at the same venue.  There’s a website where you can learn more at:

http://www.regiops.net/

and Scott Hollenbeck wrote about the call for participation for the event back in February on CircleID. Scott subsequently provided an update to the provreg mailing list (about the Extensible Provisioning Protocol (EPP)) where he outlined the agenda for Sunday’s workshop that will include:

  • A discussion of the new RFC 7451 about registering extensions to EPP.
  • Richard Barnes of Mozilla will focus on the Let’s Encrypt initiative and the Automatic Certificate Management Environment (ACME) protocol.
  • Olafur Gudmundsson of CloudFlare and Jacques Latour of CIRA will focus on a proposal for a new registry access model to update delegation information.

All of those topics are interesting, but this last topic is of particular importance to us here at Deploy360 as it relates to the challenges for automating DNSSEC within the current DNS registration model. Specifically the inability of DNS operators to update the DS record in a TLD registry. This lack of automation may have played a role in the recent HBO NOW problem with misconfigured DNS records – and regardless is clearly a point that needs to be fixed.  Olafur and Jacques will be discussing this issue and seeking input on what can be done.

If you are interested in these topics you can visit the ROW website to register and attend on Sunday.  Remote attendance is possible (for instance, I will be doing so).  You just need to register on the ROW website and they will send you the info about how to participate remotely.

I think this is a great initiative to increase communication between operators who interact with registration systems and I would encourage you to check it out and participate if you can.  Any way we can increase the automation that helps make the Internet more secure is a good thing!

Aug 30

Blog Chronicles A Couple’s Automation Of Their Home Using IPv6

Interested in how IPv6 could be used in home automation? Nathalie Trenaman and her soon-to-be-husband have started a blog at http://ipv6athome.blogspot.nl/ where they are documenting their work automating their home with IPv6:

Our adventures in IPv6 home automation

Nathalie, an IPv6 trainer, wrote back in April about why she was starting upon this path. It has been fun to read about their adventures, and hey, wouldn’t we all like to ping our front door over IPv6? (Okay, we would!)

We wish them all the best on this journey and look forward to reading future updates about more IPv6 automation in their home!