Recent Articles

 

DNS OARC 27

October 2017

The DNS OARC meetings are an instance of a meeting that concentrates on the single topic of the DNS, and in this case it delves as deep as anyone is prepared to go! It's two days where too much DNS is barely enough! More...

 


Not Rolling the KSK

October 2017

Until a few days ago the intention was to roll the KSK of the root zone of the DNS on the 11th October, altering the root to trust used by DNSSEC for all DNSSEC-validating DNS resolvers. However, earlier this week, ICANN announced the postponement of this key roll. More...

 


An Opinion in Defence of NATs

September 2017

Network Address Translation has often been described as an unfortunate aberration in the evolution of the Internet, and one that will be expunged with the completion of the transition of IPv6. I think that this view, which appears to form part of today’s conventional wisdom about the Internet unnecessarily vilifies NATs. In my opinion, NATs are far from being an aberration, and instead I see them as an informative step in the evolution of the Internet, particularly as they relate to possibilities in the evolution of name-based networking. Here’s why. More...

 


IPv6 Fragmentation Extension Headers, Part 2

August 2017

It would be useful to understand the larger picture of IPv6 Extension Header drop rate. What would be interesting to measure is the packet drop rate when sending fragmented packets to IPv6 end hosts. More...

 


IPv6, Large UDP Packets and the DNS

August 2017

It appears that rather than effecting a slight improvement from IPv4, the manner of fragmentation handling in IPv6 appears to be significantly worse than IPv4. Little wonder that there have been calls from time to time to completely dispense with packet fragmentation in IPv6, as the current situation with IPv6 appears to be worse than either no fragmentation or the IPv4-style of fragmentation. More...

 


Notes from IETF 99 – The Other Bits

July 2017

After pulling out the notes from the IEPG meeting and aspects of the DNS, here are the rest of the items that I personally found to be of interest at IETF 99 last week. More...

 


Notes from IETF 99 – DNS Activity

July 2017

Interest in the DNS appears to come in pronounced surges. Its quiet for a few years, then there is a furious burst of activity. If the activity at the recent IETF meeting is any indication, we appear to be in the middle of a burst of activity. More...

 


Notes from IETF 99 – The IEPG Meeting

July 2017

Many years ago the IEPG had a role in allowing network operators to talk to other operators about what they were seeing and what they were thinking about. Those days are long since over, and today the IEPG meetings present an opportunity for an eclectic set of diehards to listen to an equally eclectic collection of presentations that wander over much of the topics of today's Internet, without any particular common theme or filter. More...

 


More Specifics in BGP

June 2017

The number of more specific advertisements in the IPv4 Internet is more than 50% of all advertisements, and the comparable picture in IPv6 has more specific advertisements approaching 40% of all network advertisements. It is tempting to label this use of more specifics as part of the trashing of the Internet commons. Individual networks optimise their position by large scale advertising of more specifics, which in turn, creates an incremental cost on all other networks in terms of increased BGP table size and increased overhead of processing BGP updates. The question I’d like to look at here is whether these more specific advertisements represent a significant imposition on everyone else, or whether they are simply unavoidable. More...

 


DNS OARC 26

May 2017

OARC 26 was held in May in Madrid. Here are my impressions of the meeting, drawn from some presentations that I found to be of personal interest. More...

 


RIPE 74

May 2017

RIPE 74 was held in May in Budapest, and as usual it was a meeting that mixed a diverse set of conversations and topics into a very busy week. Here are my impressions of the meeting drawn from a number of presentations that I found to be of personal interest. More...

 


BBR TCP

May 2017

TCP is the workhorse of the Internet Protocol suite. It's the protocol that tries to take a unreliable datagram service and transform it into a reliable data stream. But that's not all. We also want it to operate efficiently over all types of network paths from bits to gigabits per second. Google has recently announced a new form of TCP control algorithm, called BBR, and in this article I'll take a closer look at BBR and what it it trying to achieve. More...

 


Up!

April 2017

Far from being a vibrant environment with an array of competitive offerings, the activity of providing so-called "last mile" Internet access appears to have been reduced to an environment where, in many markets, a small number of access providers appear to operate in a manner that resembles a cosy cartel, strenuously resisting the imposition of harsher strictures of true competition. Mobile access continues to operate at a distinct price premium and the choices for broadband wireline access are all too often limited to just one or two providers. Is there another option? If we looked up into the sky are there potential services that could alter this situation? More...

 


ARIN 39 Report

April 2017

Having just spent two and a half days at an ARIN Public Policy Meeting, I’d like to share some of my impressions of the meeting, and the state of address policy in the region served by ARIN. More...

 


IETF 98 Report

April 2017

The IETF meetings are relatively packed events lasting over a week, and it’s just not possible to attend every session. Inevitably each attendee follows their own interests and participates in Working Group sessions that are relevant and interesting to them. I do much the same when I attend IETF meetings. The IETF met for IETF 98 in Chicago at the end of March, and from the various sessions I attended here are a few personal impressions that I would like to share here. More...

 


The Internet's Gilded Age

March 2017

The rise of the Internet has heralded rapid changes in our society. The opportunities presented by a capable and ubiquitous communications system and a global transportation network have taken some corporations from the multinational to the status of truly global mega-corporation. There are a handful of large scale winners in this space and many losers. But this is not the first time we’ve witnessed a period of rapid technological and social change. More...

 


The Root of the DNS

February 2017

Few parts of the Domain Name System are filled with such levels of mythology as its root server system. Here I’d like to try and explain what it is all about and ask the question whether the system we have is still adequate, or if it’s time to think about some further changes. More...

 


NANOG 69

February 2017

NANOG 69 was held in Washington DC in early February. Here’s my notes from the meeting. More...

 


Addressing 2016

January 2017

Time for another annual roundup from the world of IP addresses. Let’s see what has changed in the past 12 months in addressing the Internet, and look at how IP address allocation information can inform us of the changing nature of the network itself.More...

 


BGP in 2016

January 2017

Once more its time report on the experience with the inter-domain routing system over the past year, looking in some detail at some metrics from the routing system that can show the essential shape and behaviour of the underlying interconnection fabric of the Internet. More...

 


A Postscript to the Leap Second

January 2017

The inexorable progress of time clocked past the New Year and at 23:59:60 on the 31st December 2016 UTC the leap second claimed another victim. This time Cloudflare described how the Leap Second caused some DNS failures in Cloudflare’s infrastructure. What's going on here? It should not have been a surprise, yet we still see failing systems. More...

 


Let's Encrypt with DANE

December 2016

For many years we’ve seen Domain Name certificates priced as a luxury add-on, costing many times more than the original name registration fees. Let’s Encrypt has broken that model and now basic security is now freely available to anyone. But the CA model itself is not all that robust, and there are still some critical vulnerabilities that can be exploited by a well-resourced attacker. Adding DANE TSLA records to the DNS signed zone, and equipping user applications, such as browsers, with an additional DNS lookup to fetch and validate the TLSA record is a small step, but a significant improvement to the overall security picture. More...

 


Leaving it to the Last Second

December 2016

Thanks to the moon, the earth's rate of rotation is slowing down. To compensate, we periodically adjust Universal Coordinated Time. On Saturday 31st December 2016, the last minute of 2016 will be extended to be 61 seconds long, creating the the timestamp 24:59:60. Previous leap seconds have not gone completely smoothly, and there is no particular reason to think that much will have changed for this leap second. More...

 


Scoring the Root Server System, Pt2 - A Sixth Star?

December 2016

In November I wrote about some simple tests that I had undertaken on the DNS Root nameservers. The tests looked at the way the various servers responded when they presented a UDP DNS response that was larger than 1,280 octets. I awarded each of the name servers up to five stars depending on how that managed to serve such large responses in IPv4 and IPv6. I'd like to return to this topic by looking at one further aspect of DNS server behaviour, namely the way in which servers handle large UDP responses over IPv6. More...

 


Scoring the Root Server System

November 2016

The process of rolling the DNS Root’s Key Signing Key of the DNS has now started. During this process there will be a period where the root zone servers’ response to a DNS query for the DNSKEY resource record of the root zone will grow from the current value of 864 octets to 1,425 octets. Does this present a problem? Let’s look at the DNS Root Server system and score it on how well it can cope with large responses. It seems that awarding stars is the current Internet way, so let’s see how many stars we’ll give to the Root Server System for their handling of large responses. More...

 


RIPE73

November 2016

RIPE held its 73rd meeting in Madrid in the last week of October. Here are a few of my takeaways from that meeting. More...

 


BGP Large Communities

November 2016

IPv4 addresses are not the only Internet number resource that has effectively run out in recent times. Another pool of Internet numbers under similar consumption pressures has been the numbers that are intended to uniquely identify each network in the Internet’s inter-domain routing space. These are Autonomous System numbers. More...

 


The Death of Transit?

October 2016

I was struck at a recent NANOG meeting just how few presentations looked at the ISP space and the issues relating to ISP operations and how many were looking at the data centre environment. If the topics that we use to talk to each other are any guide, then this is certainly an environment which appears to be dominated today by data centre design and the operation of content distribution networks. And it seems that the ISP function, and particularly the transit ISP function is waning. It’s no longer a case of getting users to content, but getting content to users. Does this mean that the role of transit for the Internet’s users is now over? More...

 


DNS DDOS

October 2016

The recent attacks on the DNS infrastructure operated by DYN in October 2016 have generated a lot of comment in recent days. Indeed, it’s not often that the DNS itself has been prominent in the mainstream of news commentary, and in some ways this DNS DDOS prominence is for all the wrong reasons! I’d like to speculate a bit on what this attack means for the DNS and what we could do to mitigate the recurrence of such attacks. More...

 


NANOG 68

October 2016

NANOG held its 68th meeting in Dallas in October. Here's what I found memorable and/or noteworthy from this meeting. More...

 


A Brief History of the IANA

October 2016

October 2016 marks a milestone in the story of the Internet. At the start of the month the United States Government let its residual oversight arrangements with ICANN (the Internet Corporation for Assigned Names and Numbers) over the operation of the Internet Assigned Numbers Authority (IANA) lapse. It seems like a good time to look back at the path taken to get to where the IANA is today. More...

 


DNS OARC 25

October 2016

DNS OARC is the place to share research, experiences and data primarily concerned with the operation of the DNS in the Internet. Here are some highlights for me from the most recent meeting, held in October 2016 in Dallas. More...

 


IPv6 and the DNS

October 2016

We often think of the Internet as the web, or even these days as just a set of apps. When we look at the progress with the transition to IPv6 we talk about how these apps are accessible using IPv6 and mark this as progress. But the Internet is more than just these services. There is a whole substructure of support and if we are thinking about an IPv6 Internet then everything needs to change. So here I want to look at perhaps the most critical of these hidden infrastructure elements - the Domain Name System. How are we going with using IPv6 in the DNS? More...

 


DNSSEC and ECDSA

October 2016

The 'traditional' cryptographic algorithm used to generate digital signatures in secure DNS (DNSSEC) has been RSA. But maybe its time to look around at a "denser" algorithm that can offer comparable cryptographic strength using much smaller digital keys. Are we ready to use ECDSA in DNSSEC? More...

 


DDOS Attackers - Who and Why?

September 2016

Bruce Schneier's recent blog post, "Someone is Learning How to Take Down the Internet" reported that the incidence of DDOS attacks is on the rise. The obvious question I have when reading these reports is "Who is behind these attacks, and why are they doing it?" More...

 


Binding to an IPv6 Subnet

September 2016

In the original framework of the IP architecture, hosts had network interfaces, and network interfaces had single IP addresses. These days, many operating systems allow a configuration to add additional addresses to network interfaces by enumerating these additonal addresses. But can we bind a network interface to an entire subnet of IP addresses without having to enumerate each and every individual address? More...

 


IPv6 Performance - Revisited

August 2016

Every so often I hear the claim that some service or other has deliberately chosen not to support IPv6, and the reason cited is not because of some technical issue, or some cost or business issue, but simply because the service operator is of the view that IPv6 offers an inferior level service as compared to IPv4, and by offering the service over IPv6 they would be exposing their clients to an inferior level of performance of the service. But is this really the case? More...

 


IETF 96

July 2016

The IETF meetings are relatively packed events lasting over a week, and it’s just not possible to attend every session. From the various sessions I attended here are a few personal impressions that I took away from the meeting that I would like to share with you. More...

 


Hosts vs Networks

July 2016

There are a number of ways to view the relationship between hosts and the network in the Internet. One view is that this is an example of two sets of cooperating entities that share a common goal: hosts and the network both want content to be delivered. Another view is that hosts and networks have conflicting objectives. This was apparent in a couple of sessions at the recent IETF 96 Meeting. More...

 


One Second Warning

July 2016

The Earth Orientation Centre is the bureau that looks after Universal Coordinated Time, and each six months they release a bulletin about their intentions for the next Universal Time correction window. This month they announced a leap second to be scheduled for midnight UTC 31 December 2016. More...