IPv4 Markets |
Sponsored by |
I did a 2 hour interview on October 23rd with John Curran, Board Chair of ARIN the North American Regional Internet Routing Registry for the last decade. I now understand what is at stake with IPv6. Outside of a key core group of network engineers I think darn few people do understand. And not all of them agree on how the scenario plays out though virtually all say the situation is very serious. John believes that it is huge. It is as big as Y2K except no one knows a precise date by which everything has to be done...
There is currently a discussion going on between Milton Mueller and Patrik Fältström over the deployment of DNSSEC on the root servers. I think the discussion exemplifies the difficult relation between those who develop standards and those who use them. On the one hand, Milton points out that the way the signing of the root zone will be done will have a great influence on the subjective trust people and nation states will have towards the system. On the other hand, Patrik states that "DNSSEC is just digital signatures on records in this database". Both are right, of course, but they do not speak the same language...
DNS rebinding attacks are real and can be carried out in the real world. They can penetrate through browsers, Java, Flash, Adobe and can have serious implications for Web 2.0-type applications that pack more code and action onto the client. Such an attack can convert browsers into open network proxies and get around firewalls to access internal documents and services. It requires less than $100 to temporarily hijack 100,000 IP addresses for sending spam and defrauding pay-per-click advertisers. Everyone is at risk and relying on network firewalls is simply not enough. In a paper released by Stanford Security Lab, "Protecting Browsers from DNS Rebinding Attacks," authors Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh provide ample detail about the nature of this attack as well as strong defenses that can be put in place in order to help protect modern browsers.
ARIN has just released a statement on the future of addressing policy. Specifically addressing the future of IPv4 addressing. What ARIN does is to emphasize the current policies and say they will be enforced even stronger than today if needed. I.e. there is no announcement of a change in policy.
Last month's column looked at the exhaustion of the IPv4 unallocated address pool and the state of preparedness in the Internet to grapple with this issue... There has been a considerable volume of discussion in various IPv6 and address policy forums across the world about how we should respond to this situation in terms of development of address distribution policies. Is it possible to devise address management policies that might both lessen some of the more harmful potential impacts of this forthcoming hiatus in IPv4 address supply, and also provide some impetus to industry to move in the originally intended direction to transition into an IPv6 network?
My friend Kurtis writes in his blog some points he has been thinking of while discussing "when we run out of IPv4 addresses". In reality, as he points out so well, we will not run out. It will be harder to get addresses. It is also the case that unfortunately people that push for IPv6 claim IPv6 will solve all different kinds of problem. Possibly also the starvation problems in the world...
Funny how some topics seem sit on a quiet back burner for years, and then all of a sudden become matters of relatively intense attention. Over the past few weeks we've seen a number of pronouncements on the imminent exhaustion of the IP version 4 address pools. Not only have some of the Regional Internet Registries (RIRs) and some national registry bodies made public statements on the topic, we've now seen ICANN also make its pronouncement on this topic... Why the sudden uptake of interest in this topic? I suspect that a small part of this may be my fault!
ZDNet UK has an article on IPv6 and what may slow down its deployment. Jay Daley, from Nominet points out to the fact that the current IPv6 allocation policy used by RIPE NCC is geared towards ISPs. This is a complaint I have heard time and time again. Under the current policy, you have to show to RIPE NCC that you are going to allocate 200 address blocks to your customers before you are allocated a /32 block. Obviously, a large corporate network cannot afford to renumber every time it switches ISPs...
The IPv6 Portal reports on a paper titled "The Choice: IPV4 Exhaustion or Transition to IPv6", written by Jordi Palet, warning that organizations must start planning for IPv6 now or "be aware that some already have, and you are beginning to be at a disadvantage." From the report: "This is going to affect the business of existing Internet Service Providers (ISPs) and to a greater extent, at a certain point in time, the creation of new ISPs. As a consequence if may have a deeper impact in developing regions (Africa, Asia and Latin America/Caribbean) where the penetration of the Internet is not yet so widespread."
NetworkWorld is running an article today that talks about the announcement from ARIN (the American Registry for Internet Numbers) of the ARIN Board resolution calling upon ARIN to no longer be "neutral" in the IPv4 vs IPv6 space and instead work to actively encourage migration to IPv6... Until now, ARIN and the other RIRs have generally been fairly neutral in the IPv4 versus IPv6 debate and have not shown a preference in allocation, but this announcement from ARIN shows the first signs of change.