ISP Column - July 2014 A column on things Internet Some Internet Measurements At APNIC Labs we’ve been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP. The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. For example, is the level of IPv6 deployment in, say Western Europe higher or lower than in Eastern Asia? Which countries in Western Europe are leading in IPv6 deployment? And which ISPs in these countries? The motivation behind the measurement reports described here is to use a uniform presentation format that describes measurements relating to the current level of IPv6 deployment, the current level of DNSSEC use, and the size of BGP advertisements. IPv6 Deployment Statistics The first of these is the data relating to the uptake of IPv6. The entry point for the tool is a world map, coloured by the level of IPv6 adoption on a country-by-country basis. Clicking on any country will lead to a per country view of the collected data, with a view of our measurements of IPv6 use over time. This per-country view also displays a list of all the networks (Autonomous Systems) that are registered as being located within that country, and its possible to drill down to a detailed view of each network’s progress over time with IPv6 deployment. The starting point URL is: http://stats.labs.apnic.net/ipv6 By default, the map is coloured using the percent of users in each country who are capable of performing an end-to-end session using IP6. Capable relates to the ability of a user to successfully perform an object retrieval where the object is only available using IPv6. There is a second option to display the IPv6 Preference level, where in this case the data reflects the percent of users within that country who, when given a dual stack object, prefer to fetch the dual stack object using IPv6. Conventionally one would expect the two measurements to be closely coupled, but on some platforms the implementation of the happy eyeballs dual stack algorithm (see http://www.potaroo.net/ispcol/2012-05/notquite.html) has the result that on some platforms IPv4 is sometimes preferred in a dual stack context. The second set of reports is a per-country display: e.g: http://stats.labs.apnic.net/IPv6/AU This is a time series display of the percent of the users of this country who are capable of using IPv6, and who prefer to use IPv6 in dual stack contexts. This page also has a table of Autonomous Systems (ASNs) for this country, and reports on figures for IPv6 capable and preferred users for each ASN. These figures are an average of the daily numbers over the past 90 days. In order to understand the relative context of these per-ASN figures, the number of sample points over the past 90 days is also displayed. (The numbers for ASNs with less than 50 samples over this 90 day period are not displayed.) This sample count is an approximate indicator of the relative size of each network. Each ASN is a link to a per-ASN display page. The third set of reports are per-ASN displays: e.g.: http://stats.labs.apnic.net/IPv6/AS7922 This page shows the relative numbers of users who demonstrate their IPv6 capability on a day-by day basis who appear to be located within this particular network service provider (or ASN). The time series display allows for the daily measurements for this ASN to be compared against the per-country totals, to illustrate how this network compares to the national average. All of these reports are updated daily. DNSSEC Use There is a similar collection of reports for the level of use of DNSSEC across the Internet. An end user is believed to use DNSSEC if the user’s DNS resolvers fetch the DNSSEC signature additional data for the name (by including the relevant DNSSEC options in the DNS query) and also fetch the DNSSEC resource records for the domain name. The experiment also checks the user’s ability to fetch an object with a domain name that is validly signed using DNSSEC, and checks that the user will refuse to fetch an object that uses a domain name that is invalidly signed. The Internet-wide view can be found at: http://stats.labs.apnic.net/dnssec The coloring scheme for this world map is that of the relative count of users within each country who have been observed to perform DNSSEC-validation when resolving domain names. Clicking on any country brings up a report of DNSSEC use over time within that country. (e.g.: http://stats.labs.apnic.net/dnssec/se) This per-country report tracks both the relative number of users in that country who are believed to exclusively use DNS resolvers that perform DNSSEC validation, and also tracks the estimated relative number of users whose DNS queries are passed through to Google’s public DNS service (https://developers.google.com/speed/public-dns/). The reason for the inclusion of the report on use of Google’s Public DNS service is that Google announced in early 2013 that it’s public DNS service would henceforth perform DNSSEC validation. The extent to which this single action has influenced the global figure for DNSSEC validation is illustrated by this metric. The second component of this country report is the map of the geographic region in which the country is located, to give a general view of the context of the level of DNSSEC use in this country as compared to its regional neighbours. The third component of the country report is a list of individual networks in the country (listed by ASN), the percentage of users within that network who are thought to be using DNSSEC-validating DNS resolvers, the percentage of users who are throughout to be directing their DNS queries to the Google Public DNS service, and the final column indicates the number of sample points gathered for this AS over the past 90 days. Obviously the higher this final number, the higher the level of credibility that can be ascribed to the first two percentages, and the larger the network is in terms of number of users. The third set of DNSSEC reports are the per-ASN reports, that provide the level of DNSSEC use within each ASN. (e.g. http://stats.labs.apnic.net/dnssec/AS7922). The graphed view displays the daily DNSSEC-validation ratio for users from this network, together with the ratio of users who have their queries passed to Google’s Public DNS. To place this per-network numbers in some context, the figures for the entire country are also plotted. BGP The last of these is a report on the inter-domain routing status, as seen through the Border Gateway Protocol (BGP). The starting point is a graph of a time series of the number of IPv4 and IPv4 route objects, together with the number of visible ASNs. This series is assembled using daily data points. The Internet-wide view of the routing system is at: http://stats.labs.apnic.net/bgp Again, there are breakdowns into regions, and into countries. The per-country view also displays a more detailed view of the routing measurements at 5 minute intervals, extending back over the most recent 60 days. (e.g. http://stats.labs.apnic.net/bgp/fr). Similarly with the IPv6 and DNSSEC reports, there are per-AS views, using a similar URL name scheme (e.g. http://stats.labs.apnic.net/BGP/as1221). Disclaimer The above views do not necessarily represent the views of the Asia Pacific Network Information Centre. About the Author GEOFF HUSTON is the Chief Scientist at APNIC, the Regional Internet Registry serving the Asia Pacific region. www.potaroo.net