Category: About Deploy360

Jan 22

FYI: Translated Pages To Start Appearing Soon On Deploy360 Site

List of six UN languagesAs Chris noted in his recent “Onwards and Upwards” post, one of our 2015 goals for this Deploy360 site is “to translate the most useful and often referenced resources into as many languages as is practical”.  As he went on to note, we’re currently in the process of translating some of those resources into the five languages other than English used by the United Nations.  Specifically:

  • Arabic
  • Chinese (Simplified)
  • French
  • Spanish
  • Russian

I have translations back from the firm we used and expect to be moving those into place over the next couple of weeks.  I wanted to give you all a heads-up about this since the website should show a translated version of the page when you get to a page if a translation is available… and so if you have your browser defaulting to a language other than English you may be surprised when you are visiting here!

Now, to set expectations, I should note that we translated the top 25 most visited resources on the site as well as the pages for each topic and the Start Here hierarchy of pages.  It’s not the whole site, but it’s a start.

I also wanted to post this because there may be a few bumps in the process and I don’t know if there will be impacts to the user experience of visiting this site.  If you do see pages loading strangely on the site, or experience issues with using the site, please be aware that it may be because I’m working on the site.  You are also welcome to report the issues to me.  I also anticipate a chance that some of the translated URLs could change as we experiment with the best way to make the information available.

Thanks for your patience and we look forward to being able to share our information with an even larger audience in more languages!

P.S. For those curious about how we are making translations of our pages available, we are using the WPML plugin for WordPress.

Jan 01

Happy New Year! Do Your 2015 Plans Include IPv6, DNSSEC or TLS?

2015Happy New Year!  It’s 2015 … what are you going to do differently this year?  Will you get your websites working over IPv6?  Will you sign your domains with DNSSEC and enable validation?  Will you use TLS for all your websites and applications?

We’re looking forward to a great 2015. We’ll be holding ION conferences around the world, including ION Sri Lanka coming up shortly on January 18. We’ll be writing on our blog and posting video, audio, slides and more to all our various sites and services. We’ll be speaking and participating at events from ICANN, IETF and many, many more.  We’ll be helping get more BCOP documents written and doing whatever we can to improve communication between network operators and the IETF.

2015 is going to be a great year!

If you haven’t yet made technical plans for 2015, may we suggest some ideas?  How about:

  • Set up your DNS resolvers to perform DNSSEC validation – there’s a great whitepaper that shows how easy this is!
  • Join the MANRS Initiative and declare publicly that your network will help keep the Internet’s routing infrastructure clean! See the MANRS document for more info.

Why not make one of these your resolution for the year and see what can happen?

We’re here to help… check out our Start Here page to find resources that may work for you… and please let us know if you can’t find what you are looking for!

Let’s make 2015 amazing!

Nov 27

Thank You For All Your Support And Help In 2014

IPv6 TurkeyIf you are reading this message, odds are pretty good that this is just another regular Thursday for you.  In fact, it might be a quieter Thursday than usual because you are receiving fewer email messages or articles from colleagues or people you know in the USA.  Maybe you’ll get a bit more done than other Thursdays!

For those of us in the USA, though, where 3/4 of our team is located, today is our Thanksgiving holiday and we’ll be spending the time with our friends and family, probably offline enjoying their company.

As we do that, though, we also want to give thanks to all of you out there who have helped us in so many ways.  Your feedback, suggestions and assistance have helped us grow this program in so many different ways.  We could not have done all that we have done over the past three years without your help.

Thank you!

As we gear up for what will be an incredibly busy year ahead of us in 2015, we will look forward to working with so many of you again to help accelerate the deployment of key technologies that will make the Internet work faster and be more secure and resilient.

In the meantime, those of us in the US will be enjoying a day off today and tomorrow.

P.S. If you are having a slow day… why not think about getting started with IPv6, DNSSEC, securing BGP, configuring anti-spoofing or using TLS in your applications? :-)

Nov 06

Meet The Deploy360 Team at IETF 91

If you will be at IETF 91 next week in Honolulu, please do say hello to members of the Deployment & Operationalization (DO) team within the Internet Society.  We are the team behind this Deploy360 website and three of us will be there at IETF 91:

You can expect to find us in the sessions related to IPv6, DNSSEC, routing security and network operations, as well as others related to the topics we cover here on Deploy360.  If you’d like to meet with us, please send an email to deploy360@isoc.org and if you don’t know what we look like, this photo may help:

DO Team 2013

DO Team – left-to-right: Chris Grundemann, Dan York, Megan Kruse, Jan Žorž

See you in Hawaii!

Aug 28

Watch LIVE Now! AfPIF Lightning Talks On IXP Toolkit, Deploy360, More

AfPIF LogoRight NOW in Dakar, Senegal, the last session of the African Peering and Interconnection Forum (AfPIF) 2014 is happening.  As we wrote previously, our Chris Grundemann is there – and he will actually be speaking during this “Lightning Talk” session about what we are doing here with Deploy360 in general and in particular with our Best Current Operational Practices (BCOP) efforts.  You can watch live at:

http://new.livestream.com/internetsociety/AfPIF2014Day3

It will also be archived for later viewing.

Right now our Internet Society colleague Jane Coffin is talking about the IXP Toolkit that has been developed to help with the creation of Internet Exchange Points (IXPs) (see our IXP page for our resources to help).

The list of speakers will be:

  • IXP Toolkit (Jane Coffin, ISOC)
  • IPv6 Webinars (Kevin Chege, ISOC)
  • Peering in Kenya (Barry Macharia, KIXP)
  • The successful implementation of an IXP and its evolution (Adelard Kenese, Burundix)
  • DO Base (Chris Grunderman, ISOC)
  • Business Intelligence Application (Elaud Kutiwa)

Each is to do a short 5-10 minute presentation.

If you want to see more, you can watch live RIGHT NOW!  :-)

Aug 08

Goodbye and Thanks To Our Summer 2014 Intern, Andrew McConachie

Andrew McConachieAll good things must come to an end, it seems, and so we must bid goodbye today to our summer intern, Andrew McConachie.  It seems only a short while since Andrew joined our team in May, but in that time he’s done a huge amount of work for our team.

Here’s a quick list of some of the ways he contributed over the past  three months:

  • He helped us a great deal with getting some of the new IPv6 case studies and other information together for the World IPv6 Launchiversary back in June.
  • He also developed some scripts that helped analyze our site and find all the “resource” pages we have published that weren’t linked from other pages, allowing us to then make all the pages flow better together.

He also did a good bit of work behind the scenes, too, in some ways you wouldn’t know, including:

  • Helping us test some new tools for issue and project tracking.

… and many other ways.  We were quite impressed by Andrew’s ability to jump into some of our topics that are admittedly a bit off the regular IT path and rapidly come up to speed to the point where he could write very well about them.

And now as he heads off for a couple of weeks of enjoying the summer before he heads back to the Berkeley School of Information we do wish him all the best!

You may still see him around here from time to time, though… a couple more of his posts are scheduled to appear and he may contribute from time to time in the future.  Meanwhile, you can also keep up with him through his blog and open source software.

Thanks, Andrew, for a great summer of work and for your passion around keeping the Internet open – best wishes with whatever lies ahead!

P.S. If you would be interested in being an intern with our program in the future, please contact our director, Chris Grundemann.

Jul 18

Meet The Deploy360 Team at IETF 90 Next Week In Toronto

IETF LogoIf you are going to be at IETF 90 next week (July 12-16, 2014) in Toronto, please do find us and say hello! Three of our DO team members will be there: Megan Kruse, Jan Žorž and myself (Dan York).

You can expect to find us in many or most of the sessions related to DNSSEC, IPv6, Routing/BGP and TLS.  We’ve outlined many of those sessions in these three “Rough Guide to IETF 90″ blog posts on the Internet Technology Matters blog:

If you go into each of those posts you’ll see information about what is being discussed and then the list of relevant working groups and other sessions.  We’ll also be at the ISOC@IETF session, the Cryptech briefing, the Technical Plenary and other sessions outlined by Phil Roberts in his overview post.

Please do say hello… and if you would like to set up a specific time to meet with us please send an email to deploy360@isoc.org.  You can also follow us on Twitter, Facebook and/or Google+ to see our updates from IETF 90.

Jun 16

What Shall We Call Our New Topic Area On “Anti-Spoofing” Of IP Addresses?

question markWe need your help.  We are struggling with what to name the new topic area we are planning to launch related to preventing the “spoofing” of IP addresses.

In routing security circles this topic is generally referred to as “anti-spoofing” and we’ve talked about it ourselves that way such as in our report on an anti-spoofing panel at RIPE66 and the associated videos and whitepapers.  But that name has a couple of problems I’ll talk about below.

First, for some context, back in January 2014 we announced that we were changing how we covered the general topic of “routing resiliency and security”.  Rather than one broad – and vague – topic on “Routing”, our plan was to launch smaller focused topic ares – and with that announcement we  launched our “Securing BGP” topic.

The second focused topic area we want to launch is about steps that network operators and others can do to prevent the spoofing of IP addresses on their networks – and how this can help with prevention of distributed denial-of-service (DDoS) attacks.  Essentially we want to promote the validation of source IP addresses through using tools such as network ingress filtering.  Those who are aware of IETF RFCs/BCPs will know this as BCP 38 and BCP 84.  (And yes, there are the cynics out there who say that getting people to implement BCP 38 is right up there with seeing unicorns and with getting people to deploy IPv6, but hey, we are collectively making some progress with IPv6!  Unicorns are still not walking around, though.)

The simple answer (and where we might end up) would be to call this new topic area: “anti-spoofing“.  But if you look at our other topic areas, they are all technologies that can be deployed:

Okay… so “Securing BGP” is a bit squishy and not as specific as the others, but still, it is about a technology.  All of the topic area names are also short and easy to add to menus.  They all yield nice easy URLs of the form “/deploy360/<topic>/”.

The problems we have with “anti-spoofing” include:

  • “anti-spoofing” … of WHAT?   A web search will show that outside of the routing community the same term is used for efforts against the spoofing of Caller ID, email messages, face recognition, GPS signals, and more.  Many of the results seem to be about spoofing of IP addresses, but not all.
  • It does not reference a technology.

What we are really talking about is preventing the spoofing of source IP addresses inside of a network and the prevention of those spoofed addresses from leaving a network.  We are seeking validation of the original IP address.  However, calling it “IP Spoofing” speaks to the thing we want to prevent, rather than the technology or standards that we want to see deployed.  We want the topic name to reflect what we want people to deploy.

We tried a number of different names:

  • Anti-spoofing
  • Source Address Validation
  • IP Address Source Validation
  • IP Anti-spoofing
  • Ingress Filtering
  • Preventing IP Spoofing
  • Preventing IP Address Spoofing
  • Preventing IP Address Fraud
  • IP Address Validation
  • Stop Spoofing
  • Stop IP Address Spoofing
  • Illegitimate Traffic
  • BCP 38  (or BCP 84)
  • DDoS Prevention

We didn’t find any of those particularly appealing.  Keep in mind that the topic name needs to appear in a number of places on the Deploy360 website including the home page graphic slide, the navigation menus, sidebars, categories, etc.  It also needs to fit in with the other topic areas mentioned earlier.

We thought about “Ingress Filtering”, because that is the technology we ultimately want deployed – but that name is probably even less familiar to people than “anti-spoofing” and just seemed too long.

We toyed with “DDoS Prevention”, as that is really the end goal, and quite frankly would have some SEO/publicity value given the increased reports of DDoS attacks in the news.  But as our summer intern so aptly put it, that “sounds like we are on a crusade” and is also too broad.  We realized that if we open up a topic area on “DDoS Prevention” it is much more than source address validation – we could wind up getting into global load balancers, CDNs and so many other approaches.  And maybe that’s a good thing – but our goal right now is to get out deployment information related to why network operators should deploy source address validation to help the overall resiliency of the Internet.

And so here we are… we want to start promoting some of the tools and methods network operators can use to prevent IP address spoofing.  We want to do this because it is a way to make the Internet more secure and more resilient – and also in part to support some of the other Internet Society efforts underway such as the Routing Resiliency Survey.  We want to be able to talk here on the Deploy360 blog about why is is important to do this.

But we’re struggling with the name because “anti-spoofing” doesn’t seem to fit well with our other names. We’re looking for something specific, short and ideally focused on the technology we want to see deployed.

What do you think?  What should we call this new topic area?  Should we just go with “anti-spoofing”?  Or “ingress filtering”? Or “DDoS Prevention”?  Or one of the other names here? Do any of you have some idea for another name that we’ve missed here?

Any suggestions, ideas and feedback would be greatly appreciated as we’re kind of sitting here spinning our wheels while we try to sort out what name would work best.

Please leave a comment here on the blog or on Twitter, Facebook, Google+ or any of the other social networks where we post this.  Or just send us an email at deploy360@isoc.org if you share your thoughts privately with us.  We’d greatly appreciate any comments BY THIS FRIDAY, JUNE 20, 2014, as we’re trying to move ahead with this topic area soon.

Many thanks!

UPDATE: We’ve had a couple of suggestions coming in already:

Please do keep them coming!

Mar 12

On The 25th Anniversary Of The Web, Let Us Keep It Open And Make It More Secure

Web 25th AnniversaryCan we even begin to count the ways the “Web” has affected all of our lives? Today is the 25th Anniversary of the proposal that led to the creation of the World Wide Web. Over at Webat25.org, Tim Berners-Lee, the W3C and the World Wide Web Foundation are celebrating this milestone with greetings from people all around the world, including Internet Society President and CEO Kathy Brown, who recorded a video greeting, as well as IETF Chair Jari Arkko and IAB Chair Russ Housely.  The WebAt25 effort is also promoting an active campaign on Twitter using the #web25 hashtag and is encouraging people everywhere to get more involved with efforts to ensure the Web remains an open platform for creativity, innovation and collaboration.

As our Leslie Daigle wrote in an excellent Internet Technology Matters post today, the Web is a prime example of how “permission-less innovation” enables the creation of new services that run on the Internet and also of both the global nature of the Internet and the value of open standards.

For us here at the Deploy360 Programme, our use of the Web is the critical cornerstone of our efforts to accelerate the deployment of key Internet technologies… even as most of the protocols (IPv6, DNSSEC, BGP) we promote are actually part of the underlying Internet infrastructure that makes services like the Web possible. Without the Web, we would not be able to bring you all the resources and news we bring you here, nor would we be able to share it with you through web-based social media. It is critical for our work.

On this day, we  join with the W3C, World Wide Web Foundation and so many others in celebrating this 25th anniversary and the amazing success of the Web. As we do so, though, we know that for the Web and other Internet services to prosper they need to not only continue to be as open as they have been in the past, but they also need to be more secure to protect the privacy and security of information. That is why we’ve worked so hard getting DNSSEC deployed more widely,  recently opened our new “TLS for Applications” topic area, and why we’re looking for your help to build more content to help application developers, website designers and many more people understand how to make the Web and other services more secure.

Thank you, Tim Berners-Lee, for the proposal 25 years ago that led to the creation of the World Wide Web, and for everything you’ve done to keep the Web open to all. We look forward to joining with people around the world to continue to keep the Web – and the Internet – open for all!

Feb 28

Introducing A New Deploy360 Topic: TLS for Applications

TLSHow can we help make it easier for developers to learn how to add TLS (SSL) support to their applications?   If you’ve been following our work here at Deploy360 for a while, you know that part of our attention is focused on accelerating the deployment of DNSSEC and of technologies that help in securing BPG and Internet routing.

With DNSSEC, a great bit of our focus has been on the enormous potential of the DANE protocol to help make Internet connections using Transport Layer Security (TLS) more secure.  You already use TLS probably every day with your web browser… although you may know it more by its older name of “Secure Sockets Layer (SSL)”.  Any time you go to a website with a “https” at the beginning of a URL, or if you see a “lock” icon in many browsers, you are using TLS.   Any app developer using TLS is a great candidate to be using DANE.

But how do we get more developers using TLS to encrypt their connections and secure the data sent over those connections?

Around the time we were thinking about this, a new working group was launched within the IETF called “Using TLS in Applications (UTA)”.  This working group is chartered to create a set of “best practices” guides to help application developers know how to implement TLS in the best way possible to defend against attacks such as those outlined in draft-sheffer-uta-tls-attacks.  You can find out more about the UTA Working Group, including how to join the public mailing list, at these links:

It seemed to us that these documents being created within the UTA group were ones that should be shared widely.  I put some ideas forward on the UTA mailing list and received positive responses – and so we’re launching this new section of Deploy360 to help get that information out.  As the UTA working group publishes documents we’ll try to do what we can to help more developers and network operators learn about those documents.

To that end, I’ll also note that the UTA working group will be meeting this coming Friday, March 7, from 0900-1130 UTC at the IETF 89 meeting in London.  I wrote about this in my article yesterday about the DNS-related activities happening at IETF 89.  You can join the session remotely to listen in, so if this is of interest to you please do join.

Now, our “TLS for Applications” section here on Deploy360 will not be ONLY about the documents coming out of the UTA working group. We’ll also be finding the best documents and tutorials related to TLS that we can find out there on the Internet.  We’ve put up a content roadmap identifying the types of documents we intend to add to the site.

We’d love to hear your feedback about this new section of Deploy360. Do you see this as something that will be helpful to you?

How You Can Help

We need your help!  In order to provide the best possible resources to help application developers expand their use of TLS, we need to hear from you!  We need your feedback to help us know how we can best help you.  A few specific requests:

1. Read through our pages and content roadmap - Please take a look at our “TLS for Applications” page to understand what we are trying to do, and also please take a look at our content roadmap for BGP.  Are the current resources listed helpful?  Is the way we have structured the information helpful?  Will the resources we list on our roadmap help you make your routers more secure?

2. Send us suggestions – If you know of a tutorial, video, case study, site or other resource we should consider adding to the site, please let us know. We have a list of many resources that we are considering, but we are always looking for more.

3. Volunteer – If you are very interested in this topic and would like to actively help us on an ongoing basis, please fill out our volunteer form and we’ll get you connected to what we are doing.

4. Help us spread the word – As we publish resources and blog posts relating to adding TLS to applications, please help us spread those links through social networks so that more people can learn about the topic.

Thank you!  Working together we can make the Internet more secure!