April 2012 archive

Slides: Carrier Grade NAT (CGN) Observations and Recommendations

What is Carrier Grade NAT (CGN) all about?[1] What are the problems associated with using it? What role, if any, should it play in networks during the transition from IPv4 to IPv6?

At the recent North American IPv6 Summit, Chris Grundemann of Cable Labs addressed exactly these points – and now has published a blog post with his CGN slides and some additional commentary:

Carrier Grade NAT Slides

It’s a good set of slides looking at a challenging issue. For some ISPs who are lagging behind with moving to IPv6, CGN looks like an attractive option to bypass IPv6 and just stay with IPv4.  But as Chris notes, their testing found that a good number of popular services, including VoIP and online gaming, would break or at least have degraded performance in typical CGN deployments.

Chris also notes that he is available to speak with anyone interested in learning more about CGN. Thanks to Chris for making these slides available for us all to see.


[1] CGN is also sometimes referred to as “Large Scale NAT” or “LSN”.

Friday Video – IPv6: The Internet for Generations to Come

Yes, “IPv6: The Internet for Generations to Come,” is a slickly produced Cisco marketing video… but hey, it’s well-done and talks about World IPv6 Launch on June 6, 2012!  We need more videos out there with messages like this one…

…and I mean, really, you have to love the passion of Cisco Fellow Mark Townsley in this video!

P.S. Got a suggestion for another video we should feature on a Friday afternoon? Please let us know.  We’re still looking for that “IPv6 and kittens” video that we’d like to help go viral! ;-)

DNSsexy.net – News from the DNS blogosphere

Looking for news about DNS and DNSSEC that is happening around the Internet? If so, check out:


DNSsexy is a news aggregation site built and maintained by Jan-Piet Mens that pulls together DNS-related items from a variety of blogs and news sources. Do note that this is DNS in general… so it covers a wide range of DNS topics, not just the DNSSEC we cover here.

You can view the latest news by going to the site – or by adding the aggregated RSS feed into Google Reader or whatever feed reader you use.

I’ve found it quite a useful way to stay up on the many DNS posts happening around the Internet. Thanks to Jan-Piet Mens for setting up and maintaining the site!

Today’s VUC Call All About The "FreeSWITCH Cookbook" – Noon US Eastern

Today at noon US Eastern on the VoIP Users Conference (VUC) Call for Friday, April 27th, the group will discuss the brand new "FreeSWITCH Cookbook"[1] published by PACKT Publishing. The four authors of the book, who are also leaders of the FreeSWITCH project, will apparently be joining the call.

While Asterisk generally gets most of the "open source VoIP" buzz, the folks at the FreeSWITCH project have been working away on their own solution. As they will say, FreeSWITCH performs a different role than Asterisk and is used in different contexts.

FreeSWITCH has become quite a powerful platform and I'm looking forward to learning more about what is going on with the project right now.

You can join the live call via SIP, Skype or the regular old PSTN. There is also an IRC backchannel that gets heavy usage during the call. It will be recorded so you can always listen later.

As noted on the VUC page for today's call, the show will also be simulcast in video using Google+ video and YouTube. If you are interested in joining the video side of the call, please follow the instructions on the page.

[1] In full disclosure, this is an affiliate link with Amazon and if you actually purchase the book I receive a tiny amount of money. If you think this influences what I write here, you clearly haven't been reading my site. :-)

If you found this post interesting or useful, please consider either:

Comcast Formally Launches IPv6 Home Networking Pilot

This is huge! In a pair of blog posts today Comcast formally launched its IPv6 “Home Networking Pilot”:

As I explained in an earlier post about this impending launch, support for home networks is a critical step for getting IPv6 more widely deployed, particularly as we collectively prepare for World IPv6 Launch on June 6, 2012. As Jason Livingood explains in his post (my emphasis added in bold):

Just as with our standalone computer support for IPv6, customer home networking is also native dual stack. This means that eligible customers will be provisioned with IPv6 addresses in addition to their IPv4 address. We maintain our commitment to the goal of a seamless transition to IPv6 and strongly believe that native dual stack is the best approach for our customers. We also believe that this strategy will over time will meaningfully differentiate our service from our competitors in a way that customers will greatly appreciate. Our native dual stack Xfinity Internet service will provide customers with direct IPv4 and IPv6 access, without the need to use a tunnel, proxy, network address translator, or other inefficient, outdated, and error-prone middlebox. That means customer Internet access will continue to be direct and fast. And because middlebox solutions are not used, customers avoid the risk that certain applications slow down, fail to work, or experience other annoying errors. Since two of the main reasons customers buy our Xfinity Internet service is reliability and the speed — and this approach ensures that we maintain both while other ISPs may face challenges doing so over time — we think our strategic approach to IPv6 will be a winner in the marketplace in the coming years.

John Jason Brzozowski hits a similar note in his post:

Native dual stack support remains central to Comcast deployment of IPv6, which means that customers who are enabled with IPv6 for home networking will be provisioned with IPv6 in addition to IPv4. This approach allows us to avoid the near term use of other types of transition technologies like tunnel and large scale Network Address Translation (NAT). Our experience and industry best practices continue to suggest that native dual stack offers the best path to a seamless IPv6 transition and an optimal customer experience, which is paramount to Comcast.

John Jason also makes a key point that not all home routers currently fully support IPv6 and directs customers to Comcast’s MyDeviceInfo site for the current list of devices Comcast has tested with IPv6.

As Jason Livingood explains, this initial launch will occur in a few of Comcast’s pilot markets but then will be expanded as rapidly as possible to other Comcast subscribers.

For us as an industry this is outstanding news… and many congratulations to Jason, John Jason and their teams!

Now lets see the rest of the ISPs out there join Comcast in providing this level of IPv6 support!

FreeBSD IPv6 Performance Analysis Project Brings Parity With IPv4

FreeBSD Foundation LogoThe FreeBSD Foundation posted this week about the completion of a “IPv6 Performance Analysis Project” that had as its main goal closing the gap between IPv4 and IPv6 in terms of performance.

Bjoern Zeeb was awarded a grant to perform this work earlier this year and has maintained a “Benchmarking and results” page showing his work and progress.  As noted in the article:

With IPv6, TCP performance is now basically on par with IPv4 in the offloading case, allowing 10 Gbps line speed connections. This is a huge step forward.  UDP throughput has increased and is closer to the level of IPv4. Changes to locking allowing better parallelism, which is a step in the right direction.

In the FreeBSD Foundation report, Zeeb is quoted as saying “This will help to keep the resource usage at the same level as traffic patterns shift towards IPv6.”  This is indeed a concern. As more traffic shifts to IPv6, particularly with the impending World IPv6 Launch on June 6, 2012, network administrators will want to see the same level of performance in their servers on IPv6 as there is in IPv4.

Kudos to the FreeBSD team for recognizing this issue and undertaking the work – and congrats to Bjoern Zeeb and any others involved on bringing about performance parity in FreeBSD between IPv6 and IPv4.  Great news to hear!

Looking for IPv6 Training or Courseware? Check Out RIPE NCC’s Offerings

Interested in taking training classes about IPv6?Looking for IPv6-related courseware? Or IPv6 exercises you can use in your own training classes?

As we’ve now noted in our resource directory, RIPE NCC, the Regional Internet Registry (RIR) for the European region, offers an IPv6 training course available to RIPE NCC members – and offers IPv6 courseware available to all.

You can see the outline for the RIPE NCC IPv6 training class at:


RIPE NCC members can attend any of their upcoming courses happening throughout the region.

If you are NOT a member of the RIPE NCC, their IPv6 training courseware available to all for free at:


The slides they use are there and are updated periodically. They also provide a number of exercise worksheets that can be used in training classes as well as a very handy IPv6 Subnetting Card and a very useful guide on “Preparing an IPv6 Addressing Plan.

Additionally, RIPE NCC provides an e-learning page with a few video case studies relating to IPv6 as well as a list of other IPv6-related resources.

Check it all out… and we greatly appreciate RIPE NCC making their material available to all!

Nic.at Publishes DNSSEC Report With .AT Statistics, Info

dot at reportThis month the folks at Nic.at, the Austrian registry, published an interesting “.at report” that was entirely devoted to DNSSEC and was full of statistics and charts.

The driver for this focused report was the DNSSEC signing of the .at domain on February 29, 2012. This report, one of a series of regular reports from nic.at, first discusses the signing of the .at domain and provides some global statistics about DNSSEC adoption.

The report then covers some stats about DNSSEC implementation at domain name registrars supporting .AT domains which shows there is definitely room for growth. Only 14 .AT registrars currently support DNSSEC… but that to me is actually good news because there are no .AT registrars listed on either our Deploy360 list of DNSSEC registrars nor on ICANN’s list – so obviously it sounds like there are a few more registrars we can add!

I found one set of statistics about registrar plans of interest, in part for the interesting difference between two of the questions:

DNSSEC statistics

Here 51% believe that DNSSEC will prevail as an additional security measure… but only 23% viewed DNSSEC as significant for them as a registrar. (I would say some education is necessary there, eh?)

Also, only 15% have received customer requests about DNSSEC. (Clearly, we as consumers need to be contacting registrars – and encouraging people we know to contact registrars – to increase this percentage!)

I also found the question about whether DNSSEC was a paid option or not to be intriguing:

There is a rather different approach of the six questioned .at-registrars that offer DNSSEC-compliant nameserver services: half of them charge fees, one registrar actively promotes DNSSEC without additional fees, and one third offers DNSSEC for free without any active promotion.

It will be interesting to see over time how these different business models continue. I appreciated the fact that Nic.at’s partner list has a “Partner Search” tab where you can check a box for “supports DNSSEC” to see only the DNSSEC-enabled registrars. Unfortunately in a very brief scan of the actual partner sites I couldn’t find mentions of DNSSEC in their web pages… but I didn’t do a very deep look.

The report goes on to provide a timeline for the .AT signing and some other information and interviews.  Nic.at also provides a couple of sections of their site related to DNSSEC:

Congratulations to the Nic.at team for the signing of the .AT zone and it’s great to see a focused newsletter like this helping educate people about what is going on with DNSSEC. It will be great to see the growth of signed .AT domains as this word gets out and as more registrars support DNSSEC and make it easier for domain name holders to sign their domains.




T-Mobile Completes IPv6 Deployment on US Network

In an email message on Monday, T-Mobile’s Cameron Byrne let people interested in IPv6 know that IPv6 deployment was now complete on T-Mobile’s U.S. network:


The IPv6 network deployment is now complete, with a few outstanding service caveats (MMS is still an issue, …) that we will continue to work on.

We will no longer be doing any white listing since all T-Mobile customers in all of T-Mobile’s coverage area can now access the APN epc.tmobile.com using IPv6 PDP on phones that work with IPv6.

Regarding phone that work with IPv6, we are continuing to push the
manufacturers to support IPv6, and we are seeing some positive signs as
Android 4.0 updates are now being tested with IPv6.

In the meantime, the Samsung Galaxy Nexus (UMTS) remains the best bet
for what is available now.

The news spread through the tech world yesterday in large part through an ExtremeTech article, “IPv6 now deployed across entire T-Mobile US network,” that received good traffic through social networks. The discussion on Hacker News raised the question of why the IPv6 was limited to certain phones, and a look in the T-Mobile IPv6 setup instructions and FAQ provided this answer:

4. My phone is not listed above, will it work with IPv6?

  • No, most phones do not have the Android radio firmware (RIL) that allows the phone to support IPv6 on the mobile interface.  T-Mobile USA is encouraging all handset phone manufacturers to support IPv6.  If more phones become available, we will update this site.

It’s interesting to note that it is a device limitation (of not having the correct firmware) and it is great to see that T-Mobile is working with handset vendors to encourage support of IPv6.  I’d note in the first email message I quoted the part about Android 4.0 updates being tested with IPv6.

The T-Mobile IPv6 site also references a number of known issues and provides some info about how they are making IPv4 content available over the IPv6 network.

All this is definitely great to see!  If you are a T-Mobile USA user with a Samsung Galaxy Nexus it’s definitely worth checking it out to see how the IPv6 network works.

P.S. I would love to do so myself but sadly T-Mobile’s coverage is still rather sparse in the woods of southwestern New Hampshire that I call home…