Category: Routing

Jan 01

Your New Year’s Resolution for 2014 – Does It Include IPv6, DNSSEC or BGP Security?

2014Happy New Year! Welcome to 2014! We’re VERY excited for this next year and look forward to bringing you another year of the best in real-world deployment information to help you make your networks better, faster, more complete and more secure!  We’ll be continually adding more resources about IPv6, DNSSEC and routing security - and we may add in some more topics, too!  We’ll be holding ION conferences around the world. We’ll be writing on our blog and posting video, audio, slides and more to all our various sites and services. We’ll be speaking and participating at events from ICANN, IETF and many, many more.

We’re looking forward to 2014 being a great year!

How about you?  What are your plans for 2014?  Have you made a New Year’s Resolution yet?  If so, does it include IPv6, DNSSEC or BGP security?

If not, we’d encourage you to consider one of these as a goal for 2014:

  • Implement IPv6 within your office (or home) network. View our IPv6 resources for ideas.
  • Set up your DNS resolvers to perform DNSSEC validation – there’s a great whitepaper that shows how easy this is!

Those are just a few thoughts… we could keep on going, but you get the idea – let’s make 2014 the year that IPv6 and DNSSEC get deployed!

What are you going to do?  And how can we help you?

Happy New Year!

Nov 26

Operate an Internet Router? Join our “Router Resilience Survey” To Help Make The Internet More Secure

Routing Resiliency SurveyDo you operate a router connecting your network to the rest of the Internet?  Would you like to help us understanding how resilient and secure the Internet’s routing infrastructure is? If so, please visit our new “Routing Resiliency Survey” at:

https://www.internetsociety.org/rrs/

and read more about the new project at:

New Internet Society Project Aims to Learn: Is Your Internet Routing Secure and Resilient?

The cool thing is that as a participant in the project you’ll receive a basic level of performance monitoring from BGPmon who is partnering with the Internet Society on this survey.  You’ll also receive the report when the 6-month survey is complete and you’ll help gain insight into questions such as:

  • What happens with the prefixes your routers announce elsewhere in the global Internet?
  • How will your network be impacted by routing misconfigurations?
  • How safe and resilient is the overall global routing infrastructure?

Participating in this survey will greatly help us – and the rest of the Internet community – understand better exactly what kind of threats and attacks are being seen out within the Internet’s routing infrastructure. As you can read on the RRS page, the time commitment should be minimal and all data will be anonymized – plus, as mentioned above, you’ll get to see reports related to your own routers.

Please do check it out and help us if you can!  (Thanks!)

Nov 05

Deploy360@IETF88: Day 2 – SIDR, DNSOP, 6tisch, 6lo and the IPv6 Briefing Panel

IETF LogoDay 2 at IETF88 includes the primary sessions this week about DNSSEC (in DNSOP) as well as secure routing (SIDR).  There are also two working groups focusing on IPv6 in various network configurations (6lo and 6tisch).  Do note that the meeting of the GROW working group was canceled for today.

The other big event happening in just a few hours is the “Internet Society @ IETF Briefing Panel: IPv6 – What Does Success Look Like?” where we will be live-streaming out what looks like will be an outstanding discussion about the state of IPv6 deployment today and where it will be going.  The session starts at 11:45am Pacific time (19:45 UTC).

For more information about these sessions today, we’d encourage you to read our “Rough Guide to IETF88″ documents about:

Information about the four sessions today, including the links for the audio streams, the slides and the Jabber chat rooms, is:

For these sessions and all the others, the “tools-style agenda” for IETF 88 provides many helpful links for remote participants.

If you’d like to meet with the Deploy360 team here at IETF88, please see our post about where we’ll be at IETF88.

Oct 30

4 Sessions About Routing Resiliency/Security At IETF 88 Next Week

IETF LogoNext week at IETF 88 in Vancouver the topic of routing resiliency/security will be covered in a variety of different working groups.  Our colleague Andrei Robachevsky outlined what will be covered in a post on the “Internet Technology Matters (ITM)” blog: Rough Guide to IETF 88: Routing Resilience.   We’re looking forward to those sessions and you can expect to find me in most of them.  My particular interest is in what is happening within SIDR right now, but in truth all of them should be interesting.

I’d strongly suggest reading Andrei’s post to understand what’s going to be going on with routing.  Here are the relevant working groups and times.

NOTE: If you are not going to be in Vancouver next week, there are multiple ways that you can participate remotely in these working groups, including audio streams and Jabber chat rooms.

Oct 22

Video/Slides: Mark Townsley On IPv6 In The Homenet (RIPE67)

Mark Townsley at RIPE 67How can we raise the bar in home networking? How can we make home network configuration simpler and easier? How can we more effectively route packets in a home network? How can we do this in an environment when the IPv4 address pool is declining?

In this great presentation at RIPE67, Mark Townsley talks about the efforts in the “Homenet” working group within the IETF with these goals in mind:

  • Networks shall have ample IP address space
  • Routers shall know where to send packets
  • Names resolve to addresses
  • Human touch is not required

Mark walks through the problems Homenet is trying to solve in terms of home routing, how it relates to IPv6, and how this all works.  Mark is an enjoyable presenter and I think you’ll find this presentation quite educational and useful!

The video of Mark’s talk is available from the RIPE67 site, as are Mark’s excellent slides.

Jul 25

“Rough Guide To IETF 87″ Now Available – IPv6, DNSSEC, Routing and much, much more…

IETF LogoNext week is the 87th meeting of the Internet Engineering Task Force (IETF), taking place this time in Berlin, Germany, and it will be an incredibly busy week as something like 1,200-1,500 engineers gather in a hotel meeting space to debate and discuss various topics and create the open standards that power the Internet.  There are many different working groups meeting during the week and the IETF 87 agenda can seem a bit overwhelming.  To help with that, as we’ve done in the past, the Internet Society has published our “Rough Guide to IETF 87″ available at:

http://www.internetsociety.org/rough-guide-ietf87

This document reflects our (Internet Society) interests and what we see as the important topics related to the technology priorities we have an an organization.  The working groups and events listed are ones where we have Internet Society staff participating or where the topic being covered is one of our priorities.

For instance, within our team here at Deploy360, we’ll be there in Berlin at the working groups related to:

  • IPv6
  • DNSSEC
  • Routing resiliency and security

Most of which, but not all, are captured in the Rough Guide.  As we noted in an earlier post about DNSSEC activities, there are two groups focused on DNSSEC and DANE that are of great interest to us.  There are a wide number of IPv6-related groups in which we’ll be participating and several groups related to routing resiliency and security.

If you are reading this page here on our Deploy360 site, hopefully the Rough Guide will help you understand where we will be spending our time.

There are, of course, a great many other working groups meeting next week at IETF 87 that are doing outstanding work in Internet infrastructure, applications, routing, security, real-time communications, network operations and so much more.  The full agenda for IETF 87 is an amazing list of all the great open standards work happening across the IETF!

NOTE: If you unable to attend IETF 87 in Berlin in person, there are numerous methods of remote participation that you will allow you to listen to what is going on and to provide comments.

Jun 25

Video: IP-Spoofing / Routing Best Practices Panel at RIPE 66

Can we stop the spoofing of IP addresses? Is the problem serious enough to warrant high-level attention? Are there best practices for routing that the larger community should be engaging in? What are the real challenges with stopping IP spoofing? These are the questions addressed in a recent post by our colleague Andrei Robachevsky, “Can we stop IP-spoofing in the Internet?” and a corresponding panel at the RIPE 66 event in Dublin, Ireland, in mid-May.

If you are are interested in this topic of how we increase the security and resiliency of routing, we highly recommend both reading Andrei’s article and listening to the panel presentation from Dublin. (Click on the image below to go to the RIPE66 page where you can view the video.)

ripe66-video

Slides are also available but they were primarily used to frame the introduction to the panel. The real content is in the panel discussion itself.

Please visit our new Routing Resiliency/Security area to learn more about this general topic of how to make the Internet’s routing infrastructure more resilient and secure.

 

May 14

Watch LIVE Today – RIPE66 Panel On Routing Resiliency

RIPE 66 Logo

In about 90-ish minutes, during the session block from 16:00-17:30 local time in Dublin, Ireland, our Internet Society colleague Andrei Robachevsky will be co-moderating a panel about routing resiliency and anti-spoofing of routes and IP addresses. You can watch and listen live at:

https://ripe66.ripe.net/live/main/

As noted in the RIPE 66 Meeting Plan, the panel comes after two talks related to DNS security (that also look quite interesting).  The session block starts at 16:00 – we expect the panel will probably start somewhere between 16:30 – 17:00.

A description of the panel is:

Panel: Seven Years of Anti-Spoofing: What Happened Since the RIPE Task Force and What Still Needs to be Done
Tuesday, 14 May, in the 16:00-17:30 block
This panel of network operators, security experts and vendors to dive into the issue of spoofed IP addresses and how they contribute to Distributed Denial-of-Service (DDoS) attacks. Given that there are known mitigation approaches such as BCP 38, why are DDoS attacks still so common? What can the larger operator community be doing to combat IP spoofing?

This session is extremely relevant to the new Routing Resiliency/Security section of the site that we are seeking to build out, so we’ll definitely be listening to the conversations and feedback.

FYI, if you would like to reach either Jan Zorz or I to meet with us while we are here at RIPE66, please send us an email at deploy360@isoc.org.

May 10

RIPE66 Next Week: Sessions on IPv6, DNS and Routing

RIPE 66 LogoNext week in Dublin, Ireland, the RIPE 66 Meeting will take place from May 13-17 and a number of Internet Society technical staff will be onsite including two of us from Deploy360: Jan Zorz and myself (Dan York).  The meeting plan has a great number of topics of interest, but two in particular that we’ll be tracking include:

Best Current Operational Practices – Efforts from the Internet Society
Monday, 13 May 16:00-17:00 (Irish Standard Time – currently UTC+1)
Jan will be speaking about the work he has been doing to explore how information from the operations community can best be made more widely available – and asking for feedback from those attending.

Panel: Seven Years of Anti-Spoofing: What Happened Since the RIPE Task Force and What Still Needs to be Done
Tuesday, 14 May 16:00-17:00
Our Internet Society colleague Andrei Robachevsky along with Benno Overeinder of NLnet Labs will be moderating this panel of network operators, security experts and vendors to dive into the issue of spoofed IP addresses and how they contribute to Distributed Denial-of-Service (DDoS) attacks.   Given that there are known mitigation approaches such as BCP 38, why are DDoS attacks still so common? What can the larger operator community be doing to combat IP spoofing?

This last session is extremely relevant to the new Routing Resiliency/Security section of the site that we are seeking to build out, so we’ll definitely be listening to the conversations and feedback.

Naturally we’ll also be paying attention to these working group sessions:

The event will be streamed live and as soon as we have that information we’ll update this post.

We’re very much looking forward to the RIPE 66 event – if you are going to be there please do say hello!

Apr 08

Comments? Our “Routing Content Roadmap” Is Now Available

We want your comments and feedback!  Back in December we announced our new section on routing resiliency/security. Since that time we have been talking to many people about what we can offer to help people make their routing infrastructure more resilient. We’ve come up with our list of what content we now think we need to add and posted it to our site:

http://www.internetsociety.org/deploy360/roadmap/routing/

Now we would like to hear from you. What do you think of this list? Is this the content we should be adding?  Are there additional other resources we should be adding?

We are planning to start writing these resources soon, so we’d love to hear from you soon. Please send us email or complete our feedback form to let us know your thoughts. Thanks!