January 2014 archive
First “Middle East DNS Forum” Happening Feb 3-4 in Dubai – Live Video Stream Available (Featured Blog)
What are DNSSEC and DANE all about? What advantages do they have? What tools are out there to help? Back in October I spoke at the ENOG 6 event in Kiev, Ukraine, about DNSSEC deployment trends and also the opportunities with the DANE protocol to build an additional secure layer of trust in TLS/SSL certificates. The video is available for viewing and the slides are also available online:
It was a great session and I had a good number of questions from people in the room. Now.. the question is… how can we help YOU deploy DNSSEC?
Soooo… if you are in North America and have NOT started planning for a migration of your network to IPv6, now would be a REALLY good time to start doing so! The news comes today from the American Registry for Internet Numbers (ARIN) that they have now started allocating IPv4 addresses from their last contiguous block of IPv4 addresses.
Now, this doesn’t mean that ARIN is out of IPv4 addresses… but it’s getting really close! Per ARIN’s IPv4 Countdown Plan page, they only have 1.42 /8s left. Basically, they have 104.x.x.x to allocate out to Internet service providers (ISPs) and then a number of other smaller ranges and then…
Boom. That’s it!
There will be no more *new* IPv4 addresses available in the US, Canada and many Caribbean and North Atlantic islands.
Existing IPv4 addresses will continue to work just fine, of course, but any new networks or devices seeking to be connected to the public Internet are going to have to re-use existing IPv4 addresses via ugly NAT arrangements – or go IPv6. So… mobile operators looking to expand and add on more devices. All the companies looking to bring a zillion more appliances and devices onto the Internet via the “Internet of Things”. Any expansions into new geographic areas.
We’ve been saying for years that we’d be running out IPv4 addresses… but now it’s actually happening in North America! (and also in the European and Asia Pacific regions)
It’s time to get going with IPv6! What are you waiting for? And how can we help you?
How Do We Get More Network Operator Feedback Into IETF Standards? Please Take This Survey (Featured Blog)
Wow! I had no idea that the amazing “Scotties Tournament of Hearts” was happening this year so close to us up in Montreal, Quebec!
From Saturday, February 1, 2014, through Sunday, February 9, you’ll have the opportunity to watch some of the best women’s curling teams out there competing in this annual Canadian curling championship. Given the Canadian love of curling, the competition is fierce and so the teams that make it into the “Scotties” play at an unbelievable level of the sport. They typically make shots that I could only dream of someday making!
Alas, I don’t think that I’ll be able to make it up to Montreal this year, but if you can it would be an amazing experience to see these curling teams in action! No news on their site or their Facebook page about a live video stream but perhaps we’ll see more about that closer to the time of the event.
How can we help network operators ensure that their usage of the Border Gateway Protocol (BGP) is as secure as possible? How can we help enterprises who operate their own routing infrastructure make sure that they are keeping their own networks secure? How can we help network operators at all levels make sure they are doing their part to keep the Internet’s routing infrastructure as secure and resilient as possible?
A year ago we launched the “Routing” topic on Deploy360 to explore these kind of questions. We’ve written many articles about routing resiliency and featured panels about improving routing resiliency/security at our ION conferences, such as a recent session at ION Toronto.
However, as we went around speaking with people about the need to make the Internet’s routing infrastructure more resilient and secure, one extremely important bit of feedback we received from people was that our topic here on Deploy360 of “Routing” was far too broad. It wasn’t as specific as our areas on IPv6 and DNSSEC, and that provided multiple challenges both in terms of creating a logical flow of providing deployment information and also in finding resources and/or people to create new materials.
We’ve listened to all that feedback and are changing how we address the overall routing resiliency topic. Instead of one massive topic, we’re going to be breaking the area down into several smaller topics that we will be rolling out over the course of 2014.
Today we’re pleased to announce the first new topic area, Securing BGP, where we will be focusing on the tools, services and technologies that can help make BGP routing more secure. We’ll be talking about not only basic “good hygiene” for routing but also specific tools that can help secure BGP such as prefix filtering, ACLs, RPKI, BGPSEC and much more. We have created a set of initial pages related to the topic which will be populating with more content over the weeks and months ahead:
Perhaps more importantly we have outlined a content roadmap for the resources related to securing BGP that we want to add to the site and are now actively looking for resources that are out there now that we can point to – or identifying authors who can write some of the resources that don’t yet exist. Naturally we’ll be adding blog posts related to securing BGP to our Deploy360 blog – and you can expect sessions related to securing BGP to appear at our future ION conferences.
How You Can Help
We need your help! In order to provide the best possible resources to help network operators secure their use of BGP, we need to hear from you! We need your feedback to help us know that we are helping you make your network more secure. A few specific requests:
1. Read through our pages and content roadmap – Please take a look through our “Securing BPG” set of pages, and also please take a look at our content roadmap for BGP. Are the current resources listed helpful? Is the way we have structured the information helpful? Will the resources we list on our roadmap help you make your routers more secure?
2. Send us suggestions – If you know of a report, whitepaper, tutorial, video, case study, site or other resource we should consider adding to the site, please let us know. We have a list of many resources that we are considering, but we are always looking for more.
3. Volunteer – If you are very interested in this topic and would like to actively help us on an ongoing basis, please fill out our volunteer form and we’ll get you connected to what we are doing.
4. Help us spread the word – As we publish resources and blog posts relating to securing BGP, please help us spread those links through social networks so that more people can learn about the topic.