http://www.potaroo.net/ A weblog of Internet Technology by Geoff Huston. en-au Copyright 1989-2013 Geoff Huston Mon, 10 June 2013 20:00:00 +1000 http://feedvalidator.org/docs/rss2.html 130 http://www.potaroo.net/ispcol/2013-06/ipv6-365.html http://www.potaroo.net/ispcol/2013-06/ipv6-365.html On the 6th June 2012 we held the World IPv6 Launch Day. Unlike the IPv6 event of the previous year, World IPv6 Day, where the aim was to switch on IPv6 on as many major online services as possible, the 2012 program was somewhat different. This time the effort was intended to encourage service providers to switch on IPv6 and leave it on. What has happened since then? Have we switched it on and left it on? Who's been doing the work? Mon, 10 June 2013 20:00:00 +1000 http://www.potaroo.net/ispcol/2013-05/cgns.html http://www.potaroo.net/ispcol/2013-05/cgns.html There are still a number of countries who have Queen Elizabeth as their titular head of state. My country, Australia, is one of those countries. It’s difficult to understand what exactly her role is these days in the context of Australian governmental matters, and I suspect even in the United Kingdom many folk share my constitutional uncertainty. Nevertheless, it’s all great theatre and rich pageantry, with great press coverage thrown in as well. In the United Kingdom every year the Queen reads a speech prepared by the government of the day, which details the legislative measures that are being proposed by the government for the coming year. Earlier this month the Queen’s speech included a reference to IP addresses. Sat, 18 May 2013 11:00:00 +1000 http://www.potaroo.net/ispcol/2013-05/thats-impossible.html http://www.potaroo.net/ispcol/2013-05/thats-impossible.html For some time now at APNIC Labs we’ve been running an experiment that is intended to measure the state of IPv6 capability across the Internet. To do this we use experiment code embedded in web sites, as well as active code embedded in an online advertisement. Across these two experimental approaches we perform a basic IPv6 capability test on between 800,000 and 1,000,000 clients each day. Such a large scale experiment is bound to produce some anomalous behaviours, but we've observed a couple of outcomes that, as far as I can tell, should just be impossible! Fri, 17 May 2013 11:00:00 +1000 http://www.potaroo.net/ispcol/2013-05/dnssec-performance.html http://www.potaroo.net/ispcol/2013-05/dnssec-performance.html There are a number of reasons that both domain name administrators and vendors of client DNS software cite for not incorporating DNSSEC signing into their offerrings. The added complexity of the name administration process when signatures are added to the mix, the challenges of maintaining current root trust keys, and the adverse consequences of DNSSEC signature validation failure have all been mentioned as reasons to hesitate. We have also heard concerns over increased overhead of using DNSSEC. These concerns come from zone administrators, authoritative name server operators and from suppliers of DNS resolver systems, and all point to a concern over the imposition of further overheads in the process of DNS name resolution when the name being resolved is DNSSEC signed. While the issues of complexity are challenging to quantify, we were interested in the issues of performance. What are the performance costs of adding DNSSEC signatures to a domain? Can we measure them? Tue, 30 April 2013 18:00:00 +1000 http://www.potaroo.net/ispcol/2013-04/primer.html http://www.potaroo.net/ispcol/2013-04/primer.html There is something badly broken in today's Internet. At first blush that may sound like a contradiction in terms. After all, the Internet is a modern day technical marvel. In just a couple of decades the Internet has not only transformed the global communications sector, but its reach has extended far further into our society, and it has fundamentally changed the way we do business, the nature of entertainment, the way we buy and sell, and even the structures of government and their engagement with citizens. In many ways the Internet has had a transformative effect on our society that is similar in scale and scope to that of the industrial revolution in the 19th century. How could it possibly be that this prodigious technology of the Internet is "badly broken?" Everything that worked yesterday is still working today isn't it? In this article I'd like to explain this situation in a little more detail and expose some cracks in the foundations of today’s Internet. Fri, 19 April 2013 10:00:00 +1000 http://www.potaroo.net/ispcol/2013-04/wtf.html http://www.potaroo.net/ispcol/2013-04/wtf.html Three years ago, in September 2010, Australia held a federal election. At the time I thought that I'd never see the day when the difference in capability between a wireless and a wireline Internet would become a core policy differentiator in a national election, but that was what happened in Australia in 2010. Now, almost three years later, we seem to be having a national déjà vu moment. Yes, there is another election coming in September, and yes, once more the country’s national digital network is firmly in the sights of the politicians and it's technology is again part of the political debate. Wed, 10 April 2013 09:00:00 +1000 http://www.potaroo.net/ispcol/2013-04/dnssec-google.html http://www.potaroo.net/ispcol/2013-04/dnssec-google.html The story of DNSSEC has strong similarities to that of IPv6. Like IPv6, DNSSEC has been around for many years, but its languishing. Like IPv6, DNSSEC is most effective when everyone is using it, and the marginal returns from piecemeal adoption are extremely low. And like IPv6, the relatively low levels of deployment and use of DNSSEC does not reflect the longstanding effort to lift the visibility of the technology and concerted efforts to publicise the clear long term benefits in the use of this technology. Wed, 10 April 2013 11:00:00 +1000 http://www.potaroo.net/ispcol/2013-03/literals.html http://www.potaroo.net/ispcol/2013-03/literals.html As many who have worked with computer software would attest, software bugs come in many strange forms. This month I'd like to relate a recent experience I’ve had with one such bug that pulls together aspects of IPv6 standard specifications and interoperability. Fri, 1 March 2013 10:00:00 +1100 http://www.potaroo.net/ispcol/2013-02/wtpf.html http://www.potaroo.net/ispcol/2013-02/wtpf.html With WICT-12 over, and now the preparation for the forthcoming WTPF underway, and of course also we have the WTDC and WTISD coming up, one could be excused for thinking that that world famous, but hopelessly unintelligible cartoon character from the 80’s and 90’s, Bill the Cat has come out of retirement to work as head of Acronym Engineering at the ITU. However, no matter how unintelligible the acronyms of these meetings can get, the issue of how we come to terms with a technology-dense world is a serious matter. Too often we appear to use yesterday’s tools and techniques to address tomorrow’s issues, and take the view that if it worked in the past it should work now. I’d like to look at this approach in a little more detail here, and try and understand why WCIT was such a comprehensive failure and why the prospects for the next round of telecommunications sector meetings are not exactly looking rosy. Fri, 22 February 2013 10:00:00 +1100 http://www.potaroo.net/ispcol/2013-01/2012.html http://www.potaroo.net/ispcol/2013-01/2012.html Time for another annual roundup from the world of IP addresses. What happened in 2012 and what is likely to happen in 2013? Lets see what has changed in the past 12 months in addressing the Internet, and look at how IP address allocation information can inform us of the changing nature of the network itself. Fri, 4 January 2013 10:00:00 +1100 http://www.potaroo.net/ispcol/2012-12/stumps.html http://www.potaroo.net/ispcol/2012-12/stumps.html The problem with setting expectations is that when they are not fulfilled the fallout is generally considered to be a failure, and while everyone wants to claim parenthood of success, failure is generally an orphan. In that sense it looks like the WCIT meeting, and the International Telecommunications Regulations (ITRs) that were being revised at that conference are both looking a lot like orphans this week. Sun, 23 December 2012 14:30:00 +1100 http://www.potaroo.net/ispcol/2012-12/flat.html http://www.potaroo.net/ispcol/2012-12/flat.html No that's not a question about Australian coffee tastes and the critically important difference between a flat white and a cappuccino. This is a question about the differences in ISP retail models for broadband Internet access and the choice between a retail model of a "unlimited" flat fee that has no volume component, and a "capped" model where the service fee provides for a certain data volume and when that volume is reached either the user is exposed to an incremental fee, or the service is throttled back to a narrowband service for the remainder of the billing period. It seems that this is once more a critical question in the ISP world, and maybe this time the topic is best approached through television. Mon, 17 December 2012 10:20:00 +1100 http://www.potaroo.net/ispcol/2012-11/sandy.html http://www.potaroo.net/ispcol/2012-11/sandy.html The Internet has managed to collect its fair share of mythology, and one of the more persistent myths is that from its genesis in a cold war US think tank in the 1960's the Internet was designed with remarkable ability to "route around damage.” Whether the story of this cold war think tank is true or not, the capability of the Internet to route around damage was put to the test when superstorm Sandy made landfall at the same point where more than 20 major trans-Atlantic submarine cables make their landfall. In the ensuing blackout and tidal surge in New York just how well did the global Internet fare? Fri, 30 November 2012 15:00:00 +1100 http://www.potaroo.net/ispcol/2012-11/counting-ipv6dns.html http://www.potaroo.net/ispcol/2012-11/counting-ipv6dns.html At the recent ARIN XXX meeting in October 2012 I listened to a debate on a policy proposal concerning the reservation of a pool of IPv4 addresses to address critical infrastructure. This term is intended to cover a variety of applications, including use by public Internet Exchanges and authoritative nameservers for various top level domains. As far as I can tell, the assumptions behind this policy proposal includes the assumption that a top level authoritative nameserver will need to use IPv4 for the foreseeable future, so that an explicit reserved pool of these IPv4 addresses needs to be maintained for use by the authoritative nameservers for these domain names. But it this really the case? If you set up an authoritative DNS nameserver for a domain name where all the nameservers were only reachable using IPv6, then what is the visibility of this nameserver? What proportion of the Internet's user base could still access the name if access to the authoritative nameservers was restricted to only IPv6? Sat, 27 October 2012 22:55:00 +1100 http://www.potaroo.net/ispcol/2012-11/nanog56.html http://www.potaroo.net/ispcol/2012-11/nanog56.html NANOG held its 56th meeting in Dallas on October 21 through 24. The following are my impressions of the presentations at this meeting. Sat, 27 October 2012 22:54:00 +1100 http://www.potaroo.net/ispcol/2012-10/counting-dnssec-2.html http://www.potaroo.net/ispcol/2012-10/counting-dnssec-2.html This is a followup article to Counting DNSSEC that reflects some further examination of the collected data. This time I'd like to describe some additional thoughts about the experiment, and some revised results in our efforts to count just how much DNSSEC is being used out there. Sun, 21 October 2012 15:00:00 +1100 http://www.potaroo.net/ispcol/2012-10/counting-dnssec-2.html http://www.potaroo.net/ispcol/2012-10/counting-dnssec-2.html This is a followup article to Counting DNSSEC that reflects some further examination of the collected data. This time I'd like to describe some additional thoughts about the experiment, and some revised results in our efforts to count just how much DNSSEC is being used out there. Sun, 21 October 2012 15:00:00 +1100 http://www.potaroo.net/ispcol/2012-10/nordunet-report.html http://www.potaroo.net/ispcol/2012-10/nordunet-report.html I was able to attend NORDUnet 2012 in September of this year as an invited speaker. This is a brief report of my impressions of this meeting. Thu, 10 October 2012 09:40:00 +1100 http://www.potaroo.net/ispcol/2012-10/counting-dnssec.html http://www.potaroo.net/ispcol/2012-10/counting-dnssec.html At the Nordunet 2012 conference in September, a presentation included the assertion that "more than 80% of domains could use DNSSEC if they so chose." This is an interesting claim that speaks to a very rapid rise in the deployment of DNSSEC in recent years, and it raises many questions about the overall status of DNSSEC deployment in today's Internet. The question now is: how is all this playing out in the world of the DNS? How many DNS zones are DNSSEC-signed? To what extent are Internet user's able to trust in the integrity of DNS name resolution? How many Internet users use DNS resolvers that perform DNSSEC validation? Lets try and answer these questions. Sat, 22 September 2012 17:33:00 +0200 http://www.potaroo.net/ispcol/2012-09/telecommsandip.html http://www.potaroo.net/ispcol/2012-09/telecommsandip.html In recent times we've covered a lot of ground in terms of the evolution of telecommunications services, riding on the back of the runaway success of the Internet. We've taken the computer and applied a series of transformational changes in computing power and size, battery technology and radio systems to create a surprising result. We've managed to put advanced computation power in a form factor that fits in the palm of my hand, and couple it with a communications capability that can manage data flows of tens if not hundreds of megabits per second. All in a device that has as few as two buttons! But a few clouds that have strayed into this otherwise sunny story of technological wonder. Sat, 1 September 2012 16:30:00 +0700 http://www.potaroo.net/ispcol/2012-08/leapingseconds.html http://www.potaroo.net/ispcol/2012-08/leapingseconds.html The tabloid press are never lost for a good headline, but this one in particular caught my eye: "Global Chaos as moment in time kills the Interwebs". I'm pretty sure that "global chaos" is somewhat over the top, but there was a problem happening on the 1st of July this year, and yes, it impacted the Internet in various ways, as well as many other enterprises who rely on IT systems. And yes, the problem had a lot to do with time and how we measure it. Thu, 19 July 2012 06:00:00 +1000 http://www.potaroo.net/ispcol/2012-07/carriagevcontent.html http://www.potaroo.net/ispcol/2012-07/carriagevcontent.html Does anyone remember the Internet before Google? And no, using Google to ask about the pre-Google Internet is not going to work all that well! For those of you who can recall the Internet of around 2000, do you also recall what debates were raging at the time? Let me give you a hand in answering that question. One big debate at the time was all about the relationship between the carriage service operators and the content providers, and, as usual, it was all about money. The debate was about who owed who money, and how much. Ten years later and it seems that nothing much has changed. Sun, 8 July 2012 10:00:00 +1000 http://www.potaroo.net/ispcol/2012-07/allyourpackets.html http://www.potaroo.net/ispcol/2012-07/allyourpackets.html On the 18th June, it was reported on an Australian users' forum, Whirlpool, that whenever a Telstra mobile data service user contacted a web site, then some 250 ms later the same web site URL was fetched from a different source address. It appeared that somehow this third party was stalking the mobile data user, visiting all the same web sites as the user, in every case shortly after the user. Thu, 28 June 2012 15:00:00 +0200 http://www.potaroo.net/ispcol/2012-07/v6report.html http://www.potaroo.net/ispcol/2012-07/v6report.html Some years ago a report was published that ranked countries by the level of penetration of broadband data services. You can find the current version of that report at the OECD web site.This ranking of national economies had an electrifying impact on this industry and upon public policies for broadband infrastructure in many countries. Perhaps this happened because there were some real surprises lurking in the numbers at the time. Tue, 26 June 2012 06:00:00 +1000 http://www.potaroo.net/ispcol/2012-06/berec.html http://www.potaroo.net/ispcol/2012-06/berec.html I presented at a OECD/BEREC workshop that was held on the 20th June in Brussels, and I'd like to share some personal impressions and opinions from this workshop about the state of the regulatory conversation about interconnection in the Internet. Fri, 21 June 2012 17:00:00 +1000 http://www.potaroo.net/ispcol/2012-07/itrs.html http://www.potaroo.net/ispcol/2012-07/itrs.html It's been a quarter of a century since the world's governments convened to draft up a common set of regulations about the conduct of international telecommunications. In December of 2012 the world's governments will convene to reconsider these regulations, to hopefully sign an updated set of regulations. This time around, this activity is generating considerable levels of public interest. Congressional hearings in the United States have been held, and various pronouncements of intent from various governmental, regional, and industry groups have been made. The level of interest in international telecommunications is high, and the diversity of views about what should be expressed in a revised set of regulations is also evident. Thu, 21 June 2012 11:00:00 +1000 http://www.potaroo.net/ispcol/2012-06/noqos.html http://www.potaroo.net/ispcol/2012-06/noqos.html When we take the public Internet and look at QoS there is an glaring credibility gap: we can't build it, and applications can't use it. If you really think that the network itself is the problem and QoS is the answer, then there is always another, very simple, response: get more bandwidth. That's as true now as it was almost twenty years ago. Nothing has changed. So why revisit this topic now? Thu, 14 June 2012 16:30:00 +1000