Just a guy in Vermont trying to connect all the dots...
Dan York
Author's posts
Oct 25
Four IPv6 Sessions Coming Up at IETF 85 in Atlanta
What’s happening with IPv6 at the 85th meeting of the Internet Engineering Task Force (IETF) coming up in Atlanta November 4-9, 2012? Which working groups will be meeting?
As noted in our recently published “Internet Society’s Rough Guide to IETF 85′s Hot Topics” there are 4 working groups meeting at IETF 85 specifically on IPv6 issues:
- v6ops (IPv6 Operations)
- 6renum (IPv6 Site Renumbering)
- 6man (IPv6 Maintenance)
- sunset4 (Sunsetting IPv4)
Descriptions and links for each group are included below. Given that IPv6 is the way forward for the Internet, you can expect IPv6-related topics to come up in working groups all across the IETF, but these four working groups are specifically focusing on aspects of IPv6.
(Text taken directly from the Internet Society’s Rough Guide to IETF 85)
v6ops (IPv6 Operations) WG
The v6ops WG continues to be active in describing operational considerations of IPv6 deployment. A couple of interesting drafts that are being discussed by the working group apply in particular to IPv6 on mobile networks:
Both have generated a lot of comment and it will be interesting to see how they proceed. There are also some proposed design guidelines for IPv6 and deployment guidelines for enterprises.
(8 November 2012, 1300-1500; 1510-1710)
6renum (IPv6 Site Renumbering) WG
The 6renum WG is chartered to perform an analysis of IPv6 site renumbering. If the analysis leads to conclusions that are also applicable to IPv4 that will be an advantage, but it is not an objective of the WG to make its outputs more widely available than IPv6. Similarly the WG is targeting enterprise networks, but the analysis may also be applicable to SOHO or other (e.g. ad-hoc) scenarios.
The working group has issued last calls on each of its 3 working group documents:
An iteration of the static problem draft has been made based on WGLC but as of today revisions have not been published on the other two. Presumably any final comments will be discussed on these documents.
Agenda: Not yet posted – check https://datatracker.ietf.org/meeting/85/agenda.html
(8 November 2012, 1730-1830)
6man (IPv6 Maintenance) WG
The 6man Working Group is charged with the maintenance, upkeep and advancement of the IPv6 protocol specifications and addressing architecture, which is especially relevant as IPv6 begins to be deployed around the world at scale this year. Reflective of that, the 6man working group has 14 working group documents currently being considered. These are likely to be discussed in Vancouver, as well as some cross items with the 6lowmpan (v6 for low power networks) WG, which is not meeting at IETF 84.
(5 November 2012, 0900-1130)
sunset4 (Sunsetting IPv4) WG
sunset4 is a new working group in the Internet Area. In short the formation of the working group is an acknowledgement that the Internet is still largely IPv4, but in the presence of address exhaustion it cannot continue to be the Internet that we know today. The Internet will transition to IPv6 but there will be an interval where the Internet’s performance degrades as more coping mechanisms are adopted and before a complete transition to IPv6. This working group hopes to develop techniques to mitigate some of that pain. The immediate activity is to evaluate various CGN (carrier-grade NAT proposals) and determine whether there is a work item around CGN that functions as a suitable IPv4 sunsetting mechanism.
As a result of discussion at IETF 84, the gap analysis document has been made a working group document:
(5 November 2012, 15200-1720)
Oct 24
Walking In Red Square – Reflections Of A Child Of The 1970s
And when the doctrine of "mutually assured destruction" meant that we didn't practice hiding under desks, as our parents might have, because we all knew that if the Soviets launched their missiles, we'd launch ours and the world as we knew it would end. (How many movies were made on this theme in the early 80s?)
Of course, the only "Russians" we really knew of were the evil villians of the James Bond movies and countless spy thrillers... or the state-sponsored "super athletes" that we saw in the Olympic Games and who we understood to be intent on showing how Communism was so much better and would triumph over Capitalism.
In many ways it was a much simpler world-view.
The Russians were the enemy.Period.
I thought of all this tonight as I strolled along through Red Square taking photos. Drinking in the magnificent beauty of St. Basil's Cathedral. Taking photos of the walls of the Kremlin. Stopping to look at Lenin's Tomb.
How could I ever have even remotely imagined that I would someday be here?
Moscow... Red Square!
Unbelievable.
Granted, we were also the generation that watched as glasnost and perestroika took hold in the Soviet Union under the reins of Mikhail Gorbachev. We saw the Berlin Wall fall. We saw the opposition under Boris Yeltsin. We saw the Soviet Union dissolve and simply cease... to... exist. We saw multiple nations and economies emerge.
We watched as the story we'd been telling and retelling for so long was shattered into a million shards... to be reborn anew into new stories of new nations... of a new worldview... of new threats... of new powers.
It's been 20 years now since Russia was reborn, and no sooner do you arrive than you immediately understand that this is a vibrant market economy full of energy and full of passion. I've had the privilege of spending the last two days in a room full of technologists and business people, of marketers and politicians ... all focused on how to make the Internet more capable within Russia and the surrounding countries. To make the Internet faster, better, safer, more secure, more powerful... and more open. It's been an outstanding event where I've both learned a great deal and met some truly remarkable people.
Yet still... I am a product of my childhood.
As I went for a morning run looping down through Red Square this morning... and then walked back there tonight... I could not help but be utterly amazed by how our world has changed. How different it is today from those decades ago.
Alas, I will not get to explore more. This was my typical business trip where I took a taxi from the airport to the hotel, spent two days inside a hotel and now will leave in a few hours to go back to the airport to fly home. My morning run and evening walk were the only times I got to see anything beyond the hotel walls.
But I have learned much from this visit - and would welcome the opportunity to return.
Perhaps there was no greater sign of the change in Russia... at least for those of us grew up in the 70's and 80's and can appreciate the exquisite irony... than this, an advertisement for the latest James Bond film, prominently displayed on the sidewalk in Moscow:
Our world has indeed changed. And this is a good thing.
Oct 23
Excellent whitepaper/tutorial from SURFnet on deploying DNSSEC-validating DNS servers
How do you get started with deploying DNSSEC-validating DNS servers on your network? What kind of planning should you undertake? What are the steps you need to go through?
The team over at SURFnet in the Netherlands recently released an excellent whitepaper that goes into the importance of setting up DNSSEC validation, the requirements for using validation, the planning process you should use, etc.
As we note on our resource page about the whitepaper, the document then walks through the specific steps for setting up DNSSEC validation in three of the common DNS resolvers:
- BIND 9.x
- Unbound
- Microsoft Windows Server 2012
For us to get DNSSEC widely available we need to have DNS resolvers on networks performing the actual validation of DNS queries using DNSSEC. This guide is a great way to get started.
Have you enabled DNSSEC validation on your network?
Oct 23
Deploying DNSSEC: Validation on recursive caching name servers
Why should you deploy DNSSEC-validating DNS resolvers on your network? What kind of planning should you do to prepare? What steps do you need to do?
The team at SURFnet has published a whitepaper titled “Deploying DNSSEC: Validation on recursive caching name servers” (PDF) that answers these specific questions and much more. The document covers:
- Cost and benefits of deploying DNSSEC
- DNS architecture
- Requirements before deployment
- Planning your deployment
- Operational requirements and practices
The document then gets into specific step-by-step instructions for three of the most common DNS resolvers:
- BIND 9.x
- Unbound
- Microsoft Windows Server 2012
For people looking to deploy DNSSEC-validation within their network, this guide provides an excellent way to get started.
Oct 23
DNSSEC Training: Men and Mice
Men & Mice has worked with the Internet Systems Consortium (ISC), authors and maintains of the BIND DNS server, to provide training related to DNSSEC for several years at both conferences and in training centers all over the world. Their latest schedule of courses can be found at:
Men & Mice offers focused classes on DNSSEC and also includes DNSSEC as a component of other DNS-related classes. Men & Mice also provides IPv6 training classes.
The Internet Society Deploy360 Programme does not recommend or endorse any particular commercial providers of training. The information provided here is to assist people in finding training providers and is part of a larger effort to list all known providers of DNSSEC-related training. If you know of an additional training providers we should include, please contact us.
Oct 22
FIR #674 – 10/22/12 – For Immediate Release
New comment line; What The Plus book review is up; Mayo Clinic social media book is available; our GaggleAmp anniversary; Quick News: a new UK businiess podcast, changes to LinkedIn profiles, Gartner sees rise in fake reviews, Bodyform's sense of humor in responding to a consumer; Ragan promo; News That Fits: the rise of social mobile, Dan York's report, Media Monitoring Minute, UK refocuses online services, listener comments, TemboSocial promo, Newsweek's digital-only move and the demise of print; music from Wild Flag; and more.
Oct 19
“Migrating Apps To IPv6” Author And Editor Get To Meet Face-To-Face
A curious aspect of writing a book is that you never actually need to meet the people with whom you are working at a publisher. Everything can be done online with maybe an occasional phone call thrown in. Editors, production staff, publicists… all the interaction happens primarily through email.
It’s nice, though, when you do get a chance to put a face with a name. As shown below, I got a chance to catch up with Mike Loukides, the editor at O’Reilly who first approached me about the “Migrating Applications to IPv6” book project and who worked with me to make it happen:
This was at the O’Reilly Tools of Change conference back in the beginning of the year. (Excellent conferences, by the way!) I just stumbled upon the photo and thought I should post it. I still haven’t met the other editors and staff who helped me with the book, but that is indeed the way it works.
Oct 19
In Moscow for ENOG 4 Oct 23 & 24? We’ll Be There Talking About DNSSEC
Will you be in Moscow this coming week (Oct 23-24, 2012) at the Eurasia Network Operators’ Group (ENOG) 4 meeting? If so, I (Dan York) will be there to speak about DNSSEC and how it applies to network operators. My talk, titled “DNSSEC – Why Network Operators Should Care And How To Accelerate Deployment “, has the description:
Why should network operators care about DNSSEC? What advantages and opportunities can it provide? What are the best first steps an ISP can do to support DNSSEC? What are the current best operational practices for DNSSEC?
In this presentation, Dan York of the Internet Society’s Deploy360 Programme will answer these questions, discuss some new DNSSEC-related technologies such as DANE and provide some key steps that can help accelerate DNSSEC deployment within networks.
I’m very much looking forward to the event and speaking with network operators to understand how we can help them get more DNSSEC-validating DNS resolvers deployed out there. The ENOG 4 agenda is packed with good presentations so I’m looking forward to learning a good bit. Currently showing 451 attendees, too, so the opportunity is there to get some great feedback!
Thankfully, there will also be a simultaneous translation service during the sessions. I have been learning some Russian in preparation but so far only really have the very basic traveler survival phrases down. 
Should be a great event – if you are there, please do say hello!
P.S. I’m also pleased to be able to meet up with my Internet Society colleague Andrei Robachevsky as he is one of the organizers of the event (and is also fluent in Russian).
Oct 19
Walking Through Setting Up A TLSA Record for DNSSEC/DANE
In a post titled “DNSSEC and Certificates” today, Shumon Huque provides a nice walk-through of the steps needed to get set up with a TLSA record in DNS to tie a SSL/TLS certificate into the global chain-of-trust created by DNSSEC. First, though, he explains very succinctly why we should care about security issues related to current certificate authorities (CAs) and how the new DANE protocol helps address this.
He then steps through what he had to do with openssl to create the appropriate TLSA record for his existing SSL certificate (and points out the availability of Paul Wouters hash-slinger tool to make this even easier).
It’s good to see posts like this explaining the process and we’ll be looking to add tutorials like this to our site as we continue to expand our DANE coverage in the weeks and months ahead.
By the way, Shumon will be one of the speakers at our ION San Diego conference on December 11th. If you want to learn about DNSSEC and IPv6 topics and can get to San Diego, we’d definitely suggest you consider attending!
P.S. We’ve added Shumon’s site to the list of DANE test sites that developers can use to test out new DANE applications.
Oct 19
Youth Curling League Starts This Saturday at Petersham CC
It will also be the start of my second year coaching as I'm helping out with the "Little Rockers" who are between the ages of 7 and 11. (Including my now 10-year-old daughter, pictured in the photo accompanying this article.) I helped out last year and didn't realize how much fun it would be to do! On a certain level it shouldn't have been a surprise given my love of teaching, but I didn't expect how much I would enjoy it.
I'm looking forward to getting back on the ice this weekend and seeing what we can do this year with the kids.
If you are interested in learning more about the youth curling league and live in the area of north central Mass. or southwest NH, you can check out the web page about the youth curling or you can contact me directly. The Little Rockers curl every Saturday from 9:30-10:30 from now through the end of March.
We'll probably be having an Open House soon where people can come and check it out... stay tuned for more info!
