January 2013 archive

Next SIPit Test Event Feb 18-22 – Deadline of Feb 4 For Registration

SipitAre you a vendor of SIP-based products and services? Do you have software or hardware (or cloud-based products) that use SIP? If so, are you planning to attend the next SIPit test event planned for February 18-22, 2013, in Raleigh, North Carolina?

The SIPit events are an outstanding place to test your SIP implementations. Where else will you have so many other vendors also testing their equipment? It's a great place to go, test... and iterate your code even while you are there so that you can test again.

The registration deadline is Feb 4, 2013 for SIPit 30, so you need to act soon if you want to attend.

Olle Johansson posted a great set of slides about why you should go to SIPit:

And reaching back to 2009, here's a video interview I did with Robert Sparks about the SIPit test events:

If you are a vendor of SIP products or services, I would strongly encourage you to consider attending the next SIPit. It's a great way to make sure your SIP works as best as it can.

If you found this post interesting or useful, please consider either:

FIR #688 – 1/28/13 – For Immediate Release

Welcome new listeners, Francis Ingham interview is up, Allan Schoenberg interview is coming; today is data Protection day; Quick News: introducing Vine, social branding is key to reputation, Pope urges evangelism via Twitter, Pew says libraries still have a place; Ragan promo, News That Fits: 2013 Edelman Trust Barometer, Michael Netzley's Asia report, listener comments, Boeing communicates with customers during crisis, Dan York's report, lack of social participation could lead to disenfranchisement; music from Steph Barrak; and more.

New Internet-Draft: Balanced IPv6 Security for Residential CPE

What should the appropriate IPv6 security policy be for residential customers?  How can they get the benefits of IPv6 while still ensuring that their home networks are secure?  These are the questions pursued in a new Internet-Draft available today:


The abstract and introduction explain quite well how this applies to “customer premise equipment (CPE)”:

Internet access in residential IPv4 deployments generally consist of a single IPv4 address provided by the service provider for each home. Residential CPE then translates the single address into multiple private IPv4 addresses allowing more than one device in the home, but at the cost of losing end-to-end reachability.  IPv6 allows all devices to have a unique, global, IP address, restoring end-to-end reachability directly between any device.  Such reachability is very powerful for ubiquitous global connectivity, and is often heralded as one of the significant advantages to IPv6 over IPv4.  Despite this, concern about exposure to inbound packets from the IPv6 Internet (which would otherwise be dropped by the address translation function if they had been sent from the IPv4 Internet) remain.  This document describes firewall functionality for an IPv6 CPE which departs from the “simple security” model described in [RFC6092] .  The intention is to provide an example of a security model which allows most traffic, including incoming unsolicited packets and connections, to traverse the CPE unless the CPE identifies the traffic as potentially harmful based on a set of rules.  This model has been deployed successfully in Switzerland by Swisscom without any known security incident.

This document is applicable to off-the-shelves CPE as well to managed
Service Provider CPE.

The authors welcome comments to the draft and their email addresses can be found at the end of the document. It’s definitely a worthwhile contribution to the IPv6 security discussion and could provide useful guidance to operators seeking to understand how they should configure customer equipment to allow IPv6 yet still remain secure.

Last Day To Submit Speaking Proposals for SIPNOC2013

Sipnoc 2013Got a great idea for a talk to give to an excellent gathering of SIP/VoIP network operators? Have a new way of handling security? Have a case study you'd like to present for how you solved an operational issue?

The SIP Network Operators Conference (SIPNOC) is an outstanding event happening in Herndon, Virginia, USA, from April 22-25. It brings together network operators working with SIP / VoIP networks for several days of talks, networking (of the human kind) and education. I've gone the past two years, speaking about IPv6, and they are truly excellent conferences. Not too big, not too small... and with an extremely high quality of people both attending and speaking.

If you think you'd like to present, TODAY, January 25, 2013, is the end of the call for presentations for SIPNOC 2013. They are seeking presentations on topics such as (see the CFP for more detail):

  • Peering
  • SIP Trunking
  • Congestion Control
  • Applications/content Development
  • Interoperability
  • Call Routing
  • Security
  • Monitoring/Troubleshoooting and Operational Issues
  • Testing Considerations and Tools
  • Availability/Disaster-Recovery
  • WebRTC and SIP
  • SIP-Network Operations Center Best Practices
  • Standardization Issues and Progress
  • FoIP/T.38 Deployment
  • User-Agent Configuration
  • IPv6 Deployment Challenges
  • Emergency Services
  • Scaling and Capacity Issues
  • HD-Voice Deployment Challenges
  • Video Interop Issues

They are seeking individual talks, panel sessions, research sessions and BOFs.

Even if you just have an idea for a session, I'd encourage you to submit a proposal so that the SIPNOC 2013 Program Committee will know of your interest and can reach out to you for more details. More info about the process can be found on the CFP page.

If you aren't interested in speaking, but are now intrigued by SIPNOC and would like to be learning from all the excellent sessions, you can go to the SIPNOC 2013 main page and find out information about how to register and attend.

If you work at or for a telecom/network operator who is involved with SIP and VoIP, I highly recommend SIPNOC as a conference you should attend - you'll learn a huge amount and make great connections.

P.S. I have no affiliation with SIPNOC other than being a speaker there in the past. SIPNOC is a production of the SIP Forum, a great group of people focused on advancing the deployment and interoperability of communications products and services based on SIP.

If you found this post interesting or useful, please consider either:

TED Video: Shawn Achor on the happy secret to better work

I enjoyed this presentation very much... and it's interesting to think about the processes he describes toward the end that relate to "rewiring our brains" to focus on the positive and to move us toward more happiness:

One Image To Show The Incredible Importance Of Sharing Web Pages Versus PDFs

So you have that report, infographic or other document as a PDF, right? And now you want to get that massively shared out in social media, right? So that everyone can see your document and learn from it?

Do you...

  1. Start distributing the link to the PDF and ask people to share it?
  2. Wrap the PDF in a basic web page, share THAT link and ask people to share it?

If you answered #1, read on for why you should think of #2.

This morning the World Economic Forum (happening this week in Davos, Switzerland) published an excellent infographic about the Internet as "The Innovation Engine" outlining a series of recommendations for leaders with regard to key Internet issues.

The only problem was that they only published the document as a PDF file on their site. The link that was being sent around was just for the PDF.

Links to PDF files do not "share" very well in social media!

Thankfully, someone on our (Internet Society, my employer) Communications team was able to put up a simple web page that provided a nicer link for sharing.

Notice the difference in the image of my Facebook NewsFeed this morning:

Sharing a pdf vs a web page

The first link, from LACNIC, was for the PDF-only link. It has a URL you can't understand and just the domain name listed. No preview image. No title. No text. Sure, I can know from the status update text what the link is about... but the "link preview" doesn't grab me in and make me want to click it.

The second link, from the Internet Society Comms Team, is to the web page wrapping the PDF. Note here it has a preview image. It has a title. It has some descriptive text. This "link preview" provides enough information that I may want to click on it right away without even reading the Facebook status update.

Ultimately, both links bring you to the same PDF file. The difference is that the second link is to a web page that provides enough "meta" information that the social network can use that information to build a "link preview". While my example here shows Facebook, it works similarly on Google+ and probably works the same way on other social networks.

Note, too, that the web page wrapping the PDF is nothing special. It's a very basic page with a preview image of the PDF, a couple paragraphs of text, a title and the link to the PDF.

That's it.

But that's all that's needed to provide a much better sharing experience when that link is passed around in social networks.

Something to think about the next time you are looking to share out a PDF of a image, infographic, report or other document. Wrap it in a simple web page and your sharing will be much more effective!

If you found this post interesting or useful, please consider either:

RFC 6841 Outlines How To Write DNSSEC Policies and Practice Statements

Back in July 2012, we wrote about “How To Write a DNSSEC Practice Statement (DPS)” and referenced an Internet-Draft that explained the process.  We’re very pleased to see that that I-D was just published this month as a formal RFC:

RFC 6841 – A Framework for DNSSEC Policies and DNSSEC Practice Statements

As the abstract says:

This document presents a framework to assist writers of DNS Security Extensions (DNSSEC) Policies and DNSSEC Practice Statements, such as domain managers and zone operators on both the top level and secondary level, who are managing and operating a DNS zone with Security Extensions implemented.

In particular, the framework provides a comprehensive list of topics that should be considered for inclusion into a DNSSEC Policy definition and Practice Statement.

It’s well worth a read not only if you are an operator of a Top-Level-Domain (TLD) or one of the newgTLDs (all of whom are mandated to support DNSSEC), but also if you are with an enterprise/company that is considering hosting all the DNSSEC-signing for your domains yourself.

If you want examples of what these DPS documents look like, we maintain a list of DNSSEC Practice Statements that includes documents from many of the major TLDs.  (And we’re always open to adding more if you have a published DPS online.  Just let us know.)

New “Internet Of Things Consortium” Launched

Earlier this month at the Consumer Electronics Show (CES) in Las Vegas, a new “Internet of Things Consortium” was announced bringing together 10 companies with the stated goal of fostering and supporting the growth of Internet-connected devices for consumers.  The consortium has a website now visible at iofthings.org.

The term “Internet of Things” has been around for some time (Wikipedia dates the first use to 1999) and is generally used to refer to the networks of devices and objects that we are connecting to the Internet and that are using the Internet for communication.  Sensor networks are an example.  Another is connected homes where lights, appliances and even power outlets might all be connected.  A number of the companies involved with this consortium make game consoles, televisions and other entertainment devices that would be connected to a home network and on out to the public Internet.

All of these devices are ultimately connected to the Internet – and communicating often amongst themselves in so-called “machine-to-machine” or “m2m” connections.

Now, this new Internet Of Things Consortium is not the first or only such consortium out there.  There are other alliances and groups that are working on promoting open standards for connected homes and devices.  But it’s great to see another group of companies working in this space. The CEO of Ube, one of the participants, was quoted in a TechCrunch article as saying in part this:

“The successful adoption of [machine-to-machine] and connected home technologies is dependent on open standards for the provisioning and control of millions of headless devices.”


Here at Deploy360 we’ve been interested in the “Internet of Things” for a long time because to bring all the billions of devices (and power outlets!) onto the Internet, we’re going to need more IP addresses than what we can get with IPv4.  I queried the new consortium about their IPv6 support and the consortium chairman Jason Johnson came back with this response:

We should absolutely support IPv6 – or there won’t be billions of devices with IP addresses.

That’s exactly right… and I look forward to seeing what they do in this regard and helping them if they need it.

Some out there regard the “Internet Of Things” as marketing hype… but the reality is that we are connecting more and more devices to the Internet.  It is happening today – and we’re going to need IPv6 to make it all work!



ENISA Report On Secure Routing And Network Resiliency

What is the state of our routing infrastructure and what can be done to make it more secure and resilient?

In July 2010, the European Network and Information Security Agency (ENISA) published a report on this topic called:

It begins with a paragraph that I think will resonate with most of us:

Reliable communications networks and services are now critical for public welfare and economic stability. Intentional attacks on the Internet, disruptions due to physical phenomena, software and hardware failures, and human mistakes all affect the proper functioning of public communications networks. Such disruptions reveal the increased dependence of our society on these networks and their services. A vital part of reliable communication networks is the routing infrastructure.

The report goes on at great length to report on the result of a survey of network operators within the European Union about the use of – or plans to use – secure routing technologies within their networks.  The report is quite useful in the background that it first provides around routing security concerns and some of the proposed solutions.  It then goes into a detailed analysis of the survey results.

While the data is now close to three years old (the interviews were in March/April 2010), many of the points are quite similar to more recent analyses.  A key point I noticed was this:

Overall, the lack of available knowledge and skills in routing security is recognised as a major barrier hindering further improvements in routing security, as became clear both from the online survey and the interviews.

Addressing this point by helping promote more awareness and education around routing security / resiliency is a primary aspect of our new Routing section here on Deploy360!

Overall the report makes for good reading if you are looking to understand more about the topic or “routing resiliency / security.”  There has been a good bit of progress made within some of the working groups mentioned since the time of the report, but the report still provides a solid foundation and background.

Slides: Early DNSSEC Deployment Observations from Ed Lewis

What have we seen in terms of DNSSEC deployment around the world? Are there general trends or themes we can understand? Can we dive a bit deeper into some of the algorithms used in DNSSEC signatures?

In an October 2012 presentation to NANOG 56, Ed Lewis of Neustar dug into all these questions and more.  The slides make for interesting reading, particularly some of the details about which crypto algorithms were used and what key lengths were used.   He also looked at the frequency of key changes, key rollover processes and included a whole section on NSEC/NSEC3 records.

All in all an interesting set of data and some good recommendations around guidance that is needed for the industry.  Well worth your time to scan through the slide deck if you are interested in statistics around DNSSEC deployment.