IPAM

With all the IPv6 fanfare and press leading up to World IPv6 Launch this past June 6th, after which things quieted down, I've been wondering, has anything happened since? According to ongoing research  conducted by the England Chapter of the Internet Society published on the RIPE NCC website , most countries worldwide have experienced higher IPv6 penetration as measured in August, 2012 vs. June, 2012. In fact, the U.S. experienced the largest percentage increase in IPv6 penetration over the period, leaping from 6.17% to 11.46%! The research project is dubbed the IPv6 Matrix Project, and full details about the project can be found on its website . In a nutshell, the system attempts an "IPv6 crawl" by looking up DNS records for the top one million websites (and then some) according to Alexa. The system uses DNS results to initiate connection attempts to email, web and time servers. The IPv6 Matrix website home page displays a world map, which I assume displays the very ...

I used the metaphor of dominos in a prior post to illustrate the close inter-relationship among IPv4 address suppliers, namely IANA, each of the Regional Internet Registries (RIRs) and Internet Service Providers (ISPs). Up til now, the "initial domino" fell with IANA depleting its available IPv4 space in early February, 2011. This event was followed only two months later by the APNIC, the RIR serving the Asia Pacific region, to fall next when it reported that it had entered the final phase of its IPv4 allocation policy with only its final /8 of IPv4 space remaining. Today, the European RIR, the RIPE NCC, announced that it too has now begun making allocations from its final /8 of IPv4 address space. The clock is ticking on IPv4 address space. Unfortunately, it's inevitable. IPv4 space will no longer be available for allocation anywhere at a time in the not too distant future. Even if you have plenty of IPv4 address space, the complexion of the Internet will continue to m...

On the heels of my most recent post asking, " How many IPv6 eyeballs are you missing? ," I now pose the analogous question for DNSSEC. Do your DNS servers receive queries requesting authenticated resource record data for your namespace? If so, and you have not signed your zones, then DNSSEC validators' requests for authentication will go unfulfilled. And their DNS caches they are attempting to protect from poisoning will go unprotected, not to mention the integrity of your DNS namespace. An attacker "impersonating" your namespace could redirect browsers to the attackers' website for example by providing DNS resolvers with falsified query answers using cache poisoning attacks such as those publicized by Dan Kaminsky . On the other hand, if hardly any resolvers (i.e., caching servers) initiating queries on the Internet even perform DNSSEC validation, signing your zones will offer value only to a small number of deployed validators and no value to non-validat...

Here's my post for the Team ARIN blog : Many organizations have expressed skepticism about deploying IPv6. But they need to understand that the issue is not how much IPv4 address space they have, but how much is available for global distribution. As IPv4 exhausts around the world over time, a new generation of web users possessing only IPv6 addresses will materialize and grow substantially. But when will this new generation of Internet users appear in numbers? Many service providers are masking an indeterminate number of these users due to the necessity of providing them access to both IPv6 and IPv4 web content. This makes it difficult to gauge IPv6 client requests on a global scale, but you can actually measure this, albeit coarsely, on your own web presence. Let’s see how. Presumably, service providers with IPv6-addressed subscribers will attempt to connect using native IPv6 end-to-end if possible, but drop back to using an IPv4-IPv6 co-existence technology suc...

I was chatting recently with Michael Vincent, an IPv6 savvy colleague, about worldwide IPv6 adoption, which despite the considerable press around World IPv6 Launch, is progressing at a snail's pace. We lamented that while World IPv6 Launch provided great publicity around IPv4 exhaustion and the need for IPv6, the focus of IPv6 launch was on IPv6 deployment for the Internet supply side , i.e., websites. It's absolutely wonderful that so many organizations have enabled IPv6 on their websites, but where are the IPv6 users, or the demand side ? As IPv4 addresses dwindle in supply, service providers will ultimately need to begin assigning IPv6 addresses to their mobile and broadband subscribers. Nevertheless despite a growing number of IPv6 Internet users, these users will expect and demand ubiquitous Internet access, which requires connectivity to IPv6 and IPv4 websites. Therefore, each service provider will need to accommodate this customer requirement by either assigning both a...

In celebration of World IPv6 Launch, we've published the results of our IPv6 survey . Evidently, people have been busy deploying IPv6 over the last twelve months! In last year's survey only 5% of respondents had deployed IPv6 on all or a portion of their networks. This year, that metric leaped to 13%. And with a 50% larger sample size, this represents quite a jump. Another 20% are engaged in the process of IPv6 deployment now and an additional 24% plan to deploy within two years. Download the survey results to get all the details!

We’ve read about it on the web, seen it on TV, watched it in movie theaters: the Mayans predicted 2012 as the end of the world! Despite rumors about the predicted end of time resulting from lack of additional space on the rock on which the calendar was carved, I personally believe this was merely the “IPv4 Internet rock”, which has reached its end as a homogeneous entity this year. The Mayans were very sophisticated in their foresight and technology, so we should not underestimate their ability to predict the end of the Internet as we know it! All kidding aside, with World IPv6 Launch, the Internet has changed forever. Over 2,500 organizations including BT have enabled IPv6 websites permanently in celebration of the launch. This “supply” of web content will be welcomed by a burgeoning population of IPv6 users, arising from insatiable global demand for IP addresses, driven by explosive rates of mobile and wireless subscriber growth, particularly in the eastern hemisphere where IPv4 ...

It’s easy to understand how one would be perplexed by the multitude of IPv6 deployment options and approaches. And depending on the extent of your network on which you plan to deploy IPv6 as well as the state of your current IPv4 network and computing environment, the task of IPv6 deployment may range from being quite straightforward to being very complicated. But to help you get started in determining where your environment lies on this complexity continuum, I’d propose the following steps to keep it SIMPLE! These steps may be iterative if you split your deployment into phases, but the same basic process should apply on each iteration: S cope - The first step is to define the scope of your IPv6 deployment. For example, are you planning to implement IPv6 on Internet-facing infrastructure only or throughout your network? You may plan to implement IPv6 throughout your network eventually but decide to deploy in phases, starting with a small, controlled portion of your network to gain e...

If you haven't yet had time to complete our annual IPv6 survey , there's still time! We have as many responses already as last year but we wanted to extend the deadline to account for some late notifications that went out last week. So you now have until May 15th at noon Eastern Daylight Time in the U.S. to complete the survey. You can enter your contact information to be eligile for a drawing for a free Apple iPad too! Make your voice heard! Survey results will be published by World IPv6 Launch on June 6th.

The 2012 edition of our IPv6 survey is now on-line! Breaking our former tri-ennial pattern, we're now going annual, since IPv6 deployment has certainly heated up! We conducting the survey over the next two weeks until May 4. The survey should only take 5-10 minutes to complete and for your trouble, you can enter your name and contact information to be entered into a drawing for a free Apple iPad. The survey is similar to last year's, which helps us look for trends, but also features a couple of new questions. One of particular interest asks about the "IPv6 density threshold" people may be waiting for to pull the trigger on deploying IPv6. This density threshold relates to the percentage of Internet users that are IPv6 within the entire Internet. It'd be interesting to see if this "IPv6 audience size" has an influence on people's planning initiatives. Thank you in advance for taking the time to complete this survey ! Results will be published in mid...

The Internet Engineering Task Force (IETF), which for all intents and purposes is the standards body of the Internet Protocol, has declared that "IPv6 is no longer considered optional." In RFC 6540 officially published late last week as an Internet Best Current Practice, the IETF cites the impending depletion of IPv4 address space with the continued growth of the Internet as drivers for widespread IPv6 deployment. While the RFC defines requirements for all developers of IP nodes, the main target seems to be consumer device vendors, many of whom have delayed implementation of IPv6. With consumers just implementing these IPv4-only devices today, they are likely to remain installed for many years, extending the IPv4 support lifecycle. Of course IPv4 will be around for quite some time, but the more of these devices that are IPv4+IPv6 instead of IPv4-only, the easier co-existence will be to manage. Among the best practices recommended, the RFC stipulates that all new "IP i...

I recently had the opportunity to preview a market analyst's brief on BT Diamond IP's DHCP/DNS/IPAM (DDI) features and benefits. Among my comments, I indicated that there was no mention of IPv4/IPv6 block management, a core IPAM function for which we are frankly unmatched. To my surprise, I was asked to elaborate about our block management features and benefits. From my perspective, for any modest sized or larger IP network, DDI starts with block management. If you have to manually type in every subnet address in your network, why not use a spreadsheet? Block management enables entry of a "root" block, such as 10.0.0.0/8, fc00::/7, 2001:db8:a87e::/48, etc. as the root block from which subnets or other "pool" blocks can be allocated. This allocation process should not require re-entry (or cut-and-paste) of a chosen subnet address; if yours does, you're little better off than using spreadsheets which likewise require manual entry. With the Diamond IP so...

It's been a year since .com was signed, which was a major step forward towards Internet community support for DNSSEC implementation given that nearly 45% of all Internet domains fall within the .com branch. I was curious how other top level domains (TLDs) were doing in this regard so I checked out the ICANN Research site for TLD signing statistics. As shown in the following summary table, 22.5% of TLDs were signed a year ago, while 29.1% are signed as of today. This 31% jump in signed TLDs represents good progress, but there's still a way to go to get to DNSSEC ubiquity in chains of trust to the root zone. March 2011 March 2012 TLDs in the root zone 306 313 TLDs signed 69 91 % TLDs signed 22.5% 29.1% Another boost to DNSSEC deployment was announced last week in the form of a pending FCC recommendation that promotes the deployment of DNSSEC planned by several major ISPs. These ISPs will be implementing DNSSEC validation on their recursive servers, which their customers ...

I am in the process of compiling questions for the 2012 rendition of BT Diamond IP's IPv6 survey. This survey is open to anyone wishing to express their opinion about the state of IPv6 and deployment plans. While I'd like to retain some of the questions from last year's survey to identify shifts or trends in opinion, there's always room for one or two additional questions. So if there's a question that's on your mind, feel free to post a comment to this blog post and I'll consider it! I'm interested in what people are thinking about what conditions would hasten their plans to deploy IPv6, so I'm planning to add a question about this from the perspective of the IPv6 user density on the Internet. What would it take for you to consider this critical mass? 1 % of Internet users being IPv6, or 10%, or even 50%? Let me know if you agree this is a good question or if you have a different metric or any additional question ideas!

In response to a recent question asking what happened to IPv5, I offer the following response. The Internet Assigned Numbers Authority (IANA) maintains a centralized repository of Internet Protocol parameters. This function is critical to assure uniqueness of parameter settings to keep the Internet Protocol operating smoothly and without ambiguity. Among the parameters maintained by IANA are the assigned values of the version field of the IP header. As you might guess, for IPv4, the version value is 4, and for IPv6, the value is 6. But as new protocols are developed within the Internet community, parameter value assignments are requested of and assigned by IANA. In the case of the IP version parameter, the value of 5 has been assigned to the Internet Stream Protocol an experimental real-time streaming protocol. In fact, the IP version parameter has not only been assigned values 4, 5 and 6, it has also been assigned values of 7, 8 and 9 as shown in the following table from IANA ...

I was fiddling with a London Underground ticket machine to purchase a "tube" (subway) ticket upon my arrival here today, and a couple on the next machine over starting asking me questions...in French. Through gestures and pointing to the ticket machine screen display, I figured out that while the screen stated the Oyster card they wished to purchase covered the tram and bus, it did not mention use on the tube. I was experiencing some screen information shortcomings myself in desiring to purchase a zones 1-3 ticket, but only 1-1, 1-2 and 1-4 were offered. So given my prior research on the Oyster card and the incompleteness of our respective ticket machine user interfaces, I assured them that they Oyster card would work for the tube as well. But this experience struck me later in the day in that we were only able to successfully communicate when we supplemented our verbal attempts at communication with gestures and visual clues. Had they rang me on my phone and asked me the s...

Dark Reading reported this morning that the ufc.com, coach.com and coachfactory.com domains were hijacked using DNS attacks earlier this week. The attack was performed by hacking the DNS servers authoritative for these zones and re-pointing web addresses to the attacker's site. Anyone attempting to access UFC's or Coach's websites was unwittingly directed to the imposter's site. Apparently these domains were targeted due to their organizations' support of SOPA/PIPA anti-piracy bills. The attack was detected by a sudden large influx of web traffic at the attacker's hosting provider. Administrators monitoring the attacked domains' web resources would have noticed a corresponding drop in traffic, which is one way to detect such an attack. Had these zones been signed via DNSSEC, perhaps this attack impact would have been minimized. This would have been the case if a) the attacker was unable to "re-sign" each zone after modifying it, which would have ...

Global Times, a leading English news periodical in China, reported last week that the number of Internet uses in China surpassed half a billion by the end of last (calendar) year, according to the China Network Information Center. According to the report, China now counts 513 million Internet users, up from about 457 million at the end of 2010, about 12% growth. The question I've been trying to answer is how many of these 513 million users have IPv6 addresses vs. IPv4 addresses? As yet I have been unsuccessful in answering my own question. But I've found that Mike Leber from Hurricane Electric publishes a daily Global IPv6 Deployment Progress Report . This report lists the TLDs with IPv6 (surprisingly only 85.9% have IPv6 addressable name servers today), a summary of A and AAAA records for "next level domains" for each TLD, a summary of advertised autonomous systems (ASes) for IPv6 networks, top websites available over IPv6 and more. The top websites statistic is ...

What better time to unveil the IPv6 Resource Center at BT Diamond IP than immediately following the announcement about the World IPv6 Launch! We've amassed a variety of material on IPv6 that hopefully enables people to learn about IPv6, in whatever media they prefer - video, audio, webcast, or reading with white papers and books. World IPv6 Launch is not a deadline to implement IPv6. It's another means of publicizing the need to consider IPv6 deployment - is it right for you and when? IPv4 space is pretty much gone in Asia so as new IP address consumers in that part of the world comprising over 60% of the world's population begin using broadband and wireless devices, IPv6 address use on the Internet will grow. The homogeneous IPv4 Internet of today will evolve to a mixed IPv4-IPv6 Internet. How rapidly and to what proportion IPv6 will permeate this mix is unclear. But it makes sense to track this over time and to be ready should the IPv6 density reach a level where subs...

The Internet Society announced today that several major Internet companies have agreed to transform last year's World IPv6 Day success to a deeper commitment with World IPv6 launch! The World IPv6 Launch is scheduled for June 6, 2012. Last year's event was a one-day "test flight" for IPv6. This year's launch promises a permanent enabling of IPv6 for not only major ISPs and websites, but also home networking equipment providers, which extends IPv6 to the "last mile" to residences. The goal is to enable IPv6 for enough end users so that at least 1% of wireline residential subscribers' connections to participating websites to use IPv6 by June 6. This may not sound like much but 1% of an estimated 500 million is 5 million users which is substantial. This is an exciting time for Internet companies. The industry is moving deeper into IPv6. Are you ready?

As of today, ICANN has opened the application process for new gTLDs! Applications for new generic top level domains are now being accepted through April 12, 2012. This is the first time that internationalized domain name (IDN) based gTLD applications are being accepted. Today sub-gTLD domain names may be defined in internationalized format and several country code TLDs (ccTLDs) have been in production for some time, but this is the first time that gTLDs may be defined. So what's the big deal? Depending on what gTLDs are accepted, organizations may desire to register subdomains beneath new gTLDs in ASCII or IDN format. Considering that every marketing message from an organization includes a website address, advertisting a fully native lanugage URL (and of course content!) may facilitate marketing communications with audiences in certain parts of the world. For example, if your organization is attempting to reach or attract residents in India and a new gTLD is created using the nat...