Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The difficulty of applying a hierarchically organized PKI to the decentralized world of Internet routing is being fully exposed in a new Internet-draft. The document represents a rational response to an RPKI that closely ties address resources to a handful of Internet governance institutions, nicely illustrates how governments and national security policy are influencing Internet security, and portends substantial costs for network operators and beyond if adopted widely
The team over at Renesys has once again provided a great analysis of an Internet outage in a country, this time in Sudan. In the article simply titled "Internet Blackout in Sudan", Doug Madory writes: A few hours ago, we observed a total Internet blackout in Sudan and, as we publish this blog, the Internet remains largely unavailable. By count of impacted networks, it is the largest national blackout since Egypt disconnected itself in January 2011..."
The prospect of exhaustion of the IPv4 address space is not a surprise. We've been anticipating this situation since at least 1990. But it's a "lumpy" form of exhaustion. It's not the case that the scarcity pressures for IP addresses are evidently to the same level in every part of the Internet. It's not the case that every single address is being used by an active device. A couple of decades ago we thought that an address utilisation ratio of 10% (where, for example, a block of 256 addresses would be used in a network with some 25 addressed devices) was a great achievement.
This weekend brought the great news that Google's IPv6 statistics have shown that connections over IPv6 to Google's web sites hit the 2% threshold for the first time. (You can see for yourself.) While 2% sounds tiny, as I wrote in a Deploy360 post today, the important fact here is that this represents a doubling of IPv6 traffic to Google over the past year!
There are often confused reports in the media about mobile and fixed broadband, with arguments that one could replace the other. Yet the reality is that they coexist and complement each other - perhaps even more so since one cannot manage without the other. Increasingly, devices such as smartphones, tablets and smart TVs are at the end of fixed lines, with a wireless (WiFi) connection between the fixed line and the device.
There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish.
With a goal of 270M fixed broadband lines in 2015 and near-universal service by 2020, the new "Broadband China" strategy is extraordinary. OFweek, a valuable site in Chinese, breaks the plan into three phases. The first is a full speed stage, ending in 2013, that deploys basic broadband and 3G widely. The second stage, 2014-2015, is dedicated to a further takeup and wider deployment. That will include 400,000+ LTE cell sites.
Having been a member of the Committee for this past year, I'm pleased to share that the US Federal Communications Commission (FCC) "Open Internet Advisory Committee" has published its first annual report... The report is weighty - 98pp if you kill trees to print it. The OIAC was established as part of the US FCC Open Internet activity and Open Internet Report and Order from 2010. The FCC appointed expert committee members from a broad range of commercial, academic, and not-for-profit organizations.
This post follows an earlier post about DNS amplification attacks being observed around the world. DNS Amplification Attacks are occurring regularly and even though they aren't generating headlines targets have to deal with floods of traffic and ISP infrastructure is needlessly stressed -- load balancers fail, network links get saturated, and servers get overloaded. And far more intense attacks can be launched at any time.
ICANN has, once again opened up a veritable can of worms, with their latest decision on the 'horrors' of Name Collision. While we are sure that ICANN and the Interisle Consulting Group have very good reason to make the decision that they have - delaying the delegation of several TLDs - we believe that the findings contained in Interisle's report do not give sufficient cause to delay the new gTLD program in the manner proposed by ICANN staff.
A World-Renowned Source for Internet Developments. Serving Since 2002.