Networks

Networks / Most Commented

U.S. Complaint to WTO on China VPNs Is Itself Troubling

On 23 February, the U.S. Administration had the chutzpah to file a formal communication to the World Trade Organization (WTO) complaining about "measures adopted and under development by China relating to its cybersecurity law." However, it is the U.S. complaint that is most troubling. Here is why. The gist of the U.S. complaint is that China's newly promulgated directive on the use of VPN (Virtual Private Network) encrypted circuits from foreign nations runs afoul of... more

Enabling Privacy Is Not Harmful

The argument for end-to-end encryption is apparently heating up with the work moving forward on TLSv1.3 currently in progress in the IETF. The naysayers, however, are also out in force, arguing that end-to-end encryption is a net negative... The idea of end-to-end encryption is recast as a form of extremism, a radical idea that should not be supported by the network engineering community. Is end-to-end encryption really extremist? Is it really a threat to the social order? more

A Primer on IPv4, IPv6 and Transition

There is something badly broken in today's Internet. At first blush that may sound like a contradiction in terms. After all, the Internet is a modern day technical marvel. In just a couple of decades the Internet has not only transformed the global communications sector, but its reach has extended far further into our society, and it has fundamentally changed the way we do business, the nature of entertainment, the way we buy and sell, and even the structures of government and their engagement with citizens. In many ways the Internet has had a transformative effect on our society that is similar in scale and scope to that of the industrial revolution in the 19th century. How could it possibly be that this prodigious technology of the Internet is "badly broken?" more

DNS Changer

One fine night in November 2011 I got an opportunity to get my hands dirty, working on a project for the United States Federal Bureau of Investigation (FBI). They were planning to seize a bunch of computing assets in New York City that were being used as part of a criminal empire that we called "DNS Changer" since that was the name of the software this gang used to infect a half million or so computers. more

De Facto Rules a Boon to Rogue Players

In Ian Flemming's Thunderball M sends 007 to the Bahamas on a hunch that SPECTRE is hiding something there. Well, it's been our hunch for a while that the Bahamas "office" for the Registrar Internet.BS does not exist. Now we have confirmation of such. It has been documented in an explosive undercover expose by LegitScript that Internet.BS address as stated could not be verified, could not accept mail, and that the business itself could not actually be found in the Bahamas. more

The ISP Industry: Concentrated or Diverse?

In August 2010, we looked at the growth in RIPE NCC membership and concluded that the number of new RIPE NCC members is still growing at an amazing pace, even during the recent economic downturn... This time we are looking at the different sizes of RIPE NCC members over time. It is often claimed that there is massive consolidation happening in the ISP community, especially in times of economic difficulties like in the early 2000s and now. We were curious to find out if this is really the case. more

Will US Government Directives Spur IPv6 Adoption?

Yesterday, the National Telecommunications and Information Administration of the U.S. government hosted a workshop discussing the state of IPv6 in the United States and its impact on industry, government, and the Internet economy. I was asked to be a panelist, along with industry executives from ARIN, ISOC, ICANN, Comcast, Akamai, Verizon, Google, VeriSign, DOE, NIST, and DREN. Moderated by Aneesh Chopra, Chief Technology Officer of the United States and Vivek Kundra, Chief Information Officer of the United States, this was the first event in the past few years to truly shine a spotlight on IPv6 adoption (or lack thereof) and introduce key directives to move this issue forward. more

Up to 300 Megawatt Worth of Keepalive Messages to be Saved by IPv6?

The Time Square Ball bringing in 2008 had more than 9,500 LED bulbs displaying 16 million colours while consuming power equivalent to about ten toasters. This compares to 600 incandescent and halogen bulbs adorning last year's Ball. Easy to forget that most mobile devices used by Time Square revelers were behind IPv4 NAT's and that always on applications such as Instant Messaging, Push e-mail, VoIP or location based services tend to be electricity guzzlers. It so happens that applications that we want always to be reachable have to keep sending periodic keepalive messages to keep the NAT state active... more

The Fragile Network

One of the more persistent founding myths around the internet is that it was designed to be able to withstand a nuclear war, built by the US military to ensure that even after the bombs had fallen there would still be communications between surviving military bases. It isn't true, of course. The early days of the ARPANET, the research network that predated today's internet, were dominated by the desire of computer scientists to find ways to share time on expensive mainframe computers rather than visions of Armageddon. Yet the story survives... more

Twenty Myths and Truths About IPv6 and the US IPv6 Transition

After hearing over 350 presentations on IPv6 from IPv6-related events in the US (seven of them), China, Spain, Japan, and Australia, and having had over 3,000 discussions about IPv6 with over a thousand well-informed people in the IPv6 community, I have come to the conclusion that all parties, particularly the press, have done a terrible job of informing people about the bigger picture of IPv6, over the last decade, and that we need to achieve a new consensus that doesn't include so much common wisdom that is simply mythical. There are many others in a position to do this exercise better than I can, and I invite them to make a better list than mine, which follows. more

Bad Journalism, IPv6, and the BBC

Here's a good way to frighten yourself: Learn about something, and then read what the press writes about it. It's astonishing how often flatly untrue things get reported as facts. I first observed this back in 1997 when I was a Democratic lawyer in the U.S. House of Representatives working on the (rather ridiculous) campaign finance investigation. (The investigating committee's conspiracy-minded chairman was famous for shotgunning pumpkins in his backyard in order to figure out exactly how Hillary snuffed Vince Foster)...More recently, I've seen the same discouraging phenomenon in reporting on technology and, in particular, the Internet. more

Scaling the Root of the DNS

The DNS is a remarkably simple system. You send it queries, and you get back answers. Within the system, you see exactly the same simplicity: The DNS resolver that receives your query may not know the answer, so it, in turn, will send queries deeper into the system and collects the answers. The query and response process is the same, applied recursively. Simple. However, the DNS is simple in the same way that Chess or Go are simple... more

Behind the Curtain: Making IPv6 Work

Wouldn't it be nice if turning on IPv6 really was 'press one button and the rest is magic' easy? For some things, it is. If you're talking about client-side, enabling an IPv4-only home service on DSL or fibre really can be this simple, because all the heavy lifting is being done inside your ISP: you're not enabling IPv6 in the network, you're turning on the last mile. It was knocking at your door and you just had to let it in. more

Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia

In Internet Draft draft-lee-dnsop-scalingroot-00.txt, I described with my coauthors a method of distributing the task of providing DNS Root Name Service both globally and universally. In this article I will explain the sense of the proposal in a voice meant to be understood by a policy-making audience who may in many cases be less technically adept than the IETF DNSOP Working Group for whom the scalingroot-00 draft was crafted. I will also apologize for a controversial observation concerning the addition of new root name servers... more

IPv6 Subnetting - The Paradigm Shift

Almost every conversation I have with folks just learning about IPv6 goes about the same way; once I'm finally able to convince them that IPv6 is not going away and is needed in their network, the questions start. One of the most practical and essential early questions that needs to be asked (but often isn't) is "how do I lay out my IPv6 subnets?" The reason this is such an important question is that it's very easy to get IPv6 subnetting wrong by doing it like you do in IPv4. more

Industry Updates

RIPE 85 News Update

Meet the Speakers of the Cyber Threat Mitigation Webinar (by IPXO)

Dormant IPv4 Addresses Can Help Mitigate Expected Network Outages

To Accelerate 5G Adoption, European Telcos Need More IP Addresses

3 Key Recommendations to Trust the Cloud More by Trusting It Less

DNS Record Contents: Are Organizations Giving Away More Than They Should?

As Global Internet Demands Skyrocket, Expert Share Advice on How to Optimize IT Infrastructure to Meet Modern-Day Challenges

IP Monetization: IP Leasing Makes the Case for Recurring Long-Term Revenue

Leasing IPv4 Addresses in the Dawn of the New Internet Era

How to Monitor IP Netblocks for Possible Targeted Attacks

Not All VPN Users Are Worth Trusting, a Lesson for Cloud Service Providers

Everything You Need to Know About IPv4 vs. IPv6

The Louisiana State Ransomware Attack: Enhancing Cyberdefense with Reverse IP Address Lookup

The Disney+ Account Hijacking: Preventing Unauthorized Network Access with Threat Intelligence Tools

InterMed Breach: How Threat Intelligence Sources Help Maintain Domain Integrity