Embed Size (px)
Citation preview
The IPv6 Challenge • Despite considerable publicity and predicMons of IPv4 address
Armageddon adopMon of IPv6 is anemic • Although IPv6 is deployed on many networks, take up by end users/
devices is slow • Carrier grade NAT seems to be the default path for IPv4 exhausMon
– RouMng vendors like it because they can sell more complex and expensive gear
– Carriers like it because they can lock in their customers
• If aSer 10 years we sMll can’t make IPv6 fly, then maybe its Mme to rethink our strategy, especially for those of who believe in the original Internet vision. Two approaches: – New business models for market adopMon – New technology
New Market AdopMon IPv6 SURFnet-‐KPN pilot
• Most future internet access will be mobile devices like iPad and iPhone
• SURFnet-‐KPN pilot will be world’s fist enterprise centric integrated LTE-‐mobile network -‐ extremely low data prices
• SURFnet “leasing /8” to KPN in exchange for pilot on naMonal wireless mobile
broadband for universiMes and students • SURFmobile will be LTE with IPv6 only with integrated campus Wifi at universiMes,
coffee shops, trains, etc • Will use IPv6 Eduroam to allow free internaMonal roaming
• Other pilots under development in UK, US, Australia, etc. Canada?? • h`p://www.blogger.com/blogger.g?blogID=8586756976616257717#editor/
target=post;postID=2782224431972329057
IPv6 alternaMve? • Most Internet traffic is not end-‐to-‐end
– 45-‐90% of traffic terminates at CDN or cloud – Major implicaMon in terms for IPv4/IPv6 desMnaMon based rouMng and
addressing
• Numeric addressing is an anachronism imposed by limitaMons of forwarding engine on routers
• Possible IPv6 alternaMves:
– Named Data Networking (NDN)– Van Jacobson – Delay Tolerant Networking (DTN) – Vint Cerf -‐ late binding of DNS + XML – XML rouMng and addressing (W3C)
• h`p://billstarnaud.blogspot.com/2011/11/named-‐data-‐networking-‐how-‐lte-‐networks.html
DNSSEC – the next IPv6? • Again, to us techies, there seems to be a clear and
compelling need for DNSSEC • Already several events of DNS cache poisoning in Brazil and
elsewhere • Is signing and delegaMng the root sufficient?
• Do we just sit back and wait for ISPs and users to adopt? • Or do we try to be more proacMve with new business
models that make life easier for end users and insMtuMons?
Netherlands pilot to deploy DNSSEC at universiMes
• Many universiMes in Netherlands starMng to outsource DNS management • SURFdomeinen is a web-‐based portal that allows DNS operators of connected
insMtuMons to: – register or migrate domain names in the following top-‐level domains
(TLDs): .nl, .com, .net, .org, .info and .eu; – manage contact details for contacts associated with registered domains; – create secondary DNS configuraMons on SURFnet name servers for their domains; – manage complete DNS zones that are then served out by SURFnet name servers. – DNSSEC support has been integrated into the managed DNS funcMonality.
• Not yet deliver a full end-‐user service due to restricMons imposed by the fact that SIDN does not yet have a process for automated submission of secure delegaMons (DS) for the .nl zone.
• h`ps://dnssec.surfnet.nl/wp-‐content/uploads/2011/01/D1c-‐DNSSEC-‐in-‐SURFdomeinen-‐end-‐report-‐v1.0.pdf
Conclusions • IPv6 and DNNSEC is hard and costly • On its own provides NO new benefits, only protecMon from possible
real and hypotheMcal negaMve externaliMes • To promote success need to link these technologies to services that
enable new capabiliMes e.g. – Low cost broadband mobile wireless – Out sourcing DNS management
• Need funding program and early adopters such as universiMes and R&E networks to promote adopMon – A sitng back and hope strategy will not work
![Research Project - - - Security of IPv6 and DNSSEC for ... · Scott Hogg and Eric Vyncke are authors of the book \IPv6 security" (published by Cisco Press) [5]. The book describes](https://img.pdfslide.net/doc/110x75/5fa7ee0e2fe831151304bc2b/research-project-security-of-ipv6-and-dnssec-for-scott-hogg-and-eric-vyncke.jpg)
