February 2014 archive

Google’s IPv6 Stats Pass 3% Less Than 5 Months After Passing 2%!

Wow! The pace of IPv6 deployment is rapidly accelerating! This morning Google’s IPv6 measurements crossed the 3% milestone just under five months from when the 2% milestone was crossed.  Prior to that it had taken 11 months to go from 1% to 2%.  The growth path is certainly heading in the right direction:

Google hits 3% IPv6

 

To be clear, what Google is measuring here is the percentage of users that access Google services over IPv6.  Given the range of IPv6-connected services that Google offers, including YouTube, Google+, and Gmail, these measurements do provide a good view into the amount of IPv6 deployed in access networks around the world.

What is driving this growth?  In a post on our Internet Technology Matters blog, my colleague Phil Roberts writes:

More operators in more countries are deploying IPv6 and increasing the size of their subscriber base that use the technology. You can see the list of networks that have measurable IPv6 deployments in the World IPv6 Launch. You can also look at the Google country graph of Europe to see that there are substantial deployments in Switzerland, Belgium, Romania, Germany, and France, for example. The IPv6 traffic from Belgium alone has almost doubled in the last month.

As Phil notes, we recently predicted IPv6 will get to 10% deployment this year and while that may be an aggressive prediction it is very clear that IPv6 is no longer something that will be mythically deployed “some day“.  IPv6 deployment IS happening… and more rapidly than ever!

If you haven’t been thinking about making your content available over IPv6 and/or making your network work over IPv6, now is definitely the time to do so!  Please check out our IPv6 resources and please do let us know how we can help you make the move!

FIR #742 – 2/10/14 – For Immediate Release

Quick News: Klout content sharing recommendations, Wikimedians in residence, podcasting's future, real-time access to Bitcoin cost of goods; Ragan promo; News That Fits: what does your brand sound like?, Michael Netzley's Asia report, nine things to know about using social media at work, Media Monitoring Minute from CustomScoop, listener comments, five social media tips from The Wall Street Journal, this week on the FIR Podcast Network, Dan York's report, companies apologize a lot on Twitter; music from White Denim; and more.

TDYR #095 – Are You Making It Easy For The Media To Tell Your Story?

TDYR #095 - Are You Making It Easy For The Media To Tell Your Story? by Dan York

IPv6 Time Servers (NTP)

Setting the time on computers and other Internet-connected devices is critical.  As we move to IPv6, there needs to be access to Network Time Protocol (NTP) servers available over IPv6.  The following time servers are known to work over IPv6.

NTP Host Name
Comments
2.pool.ntp.orgThe NTP Pool Project provides a global, decentralized network of time servers.  Using the NTP pool is relatively straightforward however only "2.pool.ntp.org" is available over IPv6.
ntp.eu.sixxs.net

ntp.us.sixxs.net

ntp.ap.sixxs.net
The SixXS project makes their time servers available over both IPv4 and IPv6.
ntp6a.rollernet.us

ntp6b.rollernet.us
Roller Network has publicly made two time servers available over IPv6.

We would like to make this list as comprehensive as possible.  If you know of additional NTP time servers available over IPv6 that we should include here, please leave a comment or send us a message.

TDYR #094 – The Extremely Cool Thing About Youth Curling Bonspiels Is …

TDYR #094 - The Extremely Cool Thing About Youth Curling Bonspiels Is ... by Dan York

Weekend Project: Test Out New DNSSEC Support In Dnsmasq

Dnsmasq iconIf you run your own small network and are comfortable working with Linux, Android, *BSD, Solaris or Mac OS X, here’s a great way you could help advance DNSSEC: Simon Kelley is looking for people to test the new DNSSEC functionality he included in his latest development version of dnsmasq.

If you are not familiar with dnsmasq, it is a DNS fowarder and DHCP server that is already included in many versions of Linux, including Debian, Suse, Fedora, Gentoo and others.  From the dnsmasq website:

Dnsmasq is a lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with DHCP-allocated addresses to appear in the DNS with names configured either in each host or in a central configuration file. Dnsmasq supports static and dynamic DHCP leases and BOOTP/TFTP/PXE for network booting of diskless machines.

Dnsmasq is targeted at home networks using NAT and connected to the internet via a modem, cable-modem or ADSL connection but would be a good choice for any smallish network (up to 1000 clients is known to work) where low resource use and ease of configuration are important.

If you have a bit of time and could help Simon out with some testing, he would greatly appreciate it – and if this can mean that we’ll be able to get DNSSEC validation happening out in so many more distributions of Linux that would be a great win for making the Internet more secure!

Please read Simon’s message and you may also want to scan the email thread to see if there are any more updates or issues found.

Kudos to Simon for making this happen – and also to Comcast for providing enough funding that Simon was able to work on this full-time for a bit to get it working.

TDYR #093 – A Great Afternoon Of Skiing, And The Sounds Of Skiing

A quick episode recorded on a ski lift and also while skiing (if you hang on to the end after I "ended" the episode).

Great Video About The Sport Of Curling In Petersham, MA!

Recently WWLP-TV22 recorded a great video segment about curling at the Petersham Curling Club as part of their “Mass Appeal” show. The video gives a great overview of the sport of curling and shows how open the sport is to anyone to participate.  (And if you are interested in trying out curling yourself, the Petersham Curling Club has open houses about curling coming up on February 8, 16 and 20!)

And if you think this looks like a great kind of club to have in Keene, please sign up to help us! (And please read our vision of what we are trying to do.)

Great Video About The Sport Of Curling In Petersham, MA!

Recently WWLP-TV22 recorded a great video segment about curling at the Petersham Curling Club as part of their “Mass Appeal” show. The video gives a great overview of the sport of curling and shows how open the sport is to anyone to participate.  (And if you are interested in trying out curling yourself, the Petersham Curling Club has open houses about curling coming up on February 8, 16 and 20!)

And if you think this looks like a great kind of club to have in Keene, please sign up to help us! (And please read our vision of what we are trying to do.)

BGP Hijacking In Iceland And Belarus Shows Increased Need for BGP Security

Want to understand better why we need to secure the Border Gateway Protocol (BGP) to make the Internet’s routing infrastructure more secure? Just read this article on Wired’s site, “Someone’s Been Siphoning Data Through a Huge Security Hole in the Internet“, or the corresponding post on the Renesys blog, “The New Threat: Targeted Internet Traffic Misdirection“.   The key point is that attackers are abusing BGP to hijack the routing of traffic off to a another network - but without the end-user having any clue that their traffic was diverted.  As noted by Jim Cowie on the Renesys blog:

What makes a Man-in-the-Middle routing attack different from a simple route hijack? Simply put, the traffic keeps flowing and everything looks fine to the recipient. The attackers keep at least one outbound path clean. After they receive and inspect the victim’s traffic, they release it right back onto the Internet, and the clean path delivers it to its intended destination. If the hijacker is in a plausible geographic location between the victim and its counterparties, they should not even notice the increase in latency that results from the interception. It’s possible to drag specific Internet traffic halfway around the world, inspect it, modify it if desired, and send it on its way. Who needs fiberoptic taps?

He goes on to illustrate with an example where traffic was diverted to an ISP in Belarus:

In February 2013, we observed a sequence of events, lasting from just a few minutes to several hours in duration, in which global traffic was redirected to Belarusian ISP GlobalOneBel. These redirections took place on an almost daily basis throughout February, with the set of victim networks changing daily. Victims whose traffic was diverted varied by day, and included major financial institutions, governments, and network service providers. Affected countries included the US, South Korea, Germany, the Czech Republic, Lithuania, Libya, and Iran.

The article shows several graphical examples of how the network traffic was routed though the Belarusian ISP, such as this one:

Renesys map of route hijackingThe Renesys blog post goes on to show examples from a second series of incidents related to an ISP in Iceland, including one where traffic from one network in Denver, Colorado, went to another network in Denver… by way of Iceland!

As both the Wired article and the Renesys post say, the attackers behind these attacks have not yet been identified, and may well never be.  This kind of attack, though, is being seen on an increased basis.

This is why we’ve opened up our new topic area on Securing BGP.  We collectively need to all work together to make the Internet’s routing infrastructure more secure and more resilient against these type of attacks.  We’ll be working over the months ahead to add more content to this site – and we could use your help finding or writing items on our “Securing BGP Content Roadmap”.   If you operate a network router, we would also encourage you to join our Routing Resiliency Survey so that we can help in the effort to collect data about what kind of BGP attacks are being seen.

We need to prevent these type of hijackings from happening – and we need your help to do so!