Networks / Most Viewed

Internet to ITU: Stay Away from My Network

An ITU document entitled "Beyond Internet Governance" crossed my desk earlier this week. Given that I had absolutely nothing better to do, I decided to give it a read. The audacity of the ITU Secretariat is nothing less than shocking. It has been a long while since I read such a self-serving, narrow-minded and inaccurate document. The backbone of the ITU's contention rests on the premise that something called the Next Generation Network and the contention that this network will act as one big bug fix for all the problems created by current inter-networking technology. more

Exposing 9 Myths About IPv6

This is a special two-part series article providing a distinct and critical perspective on Internet Protocol Version 6 (IPv6) and the underlying realities of its deployment. The first part gives a closer look at how IPv6 came about. This part exposes the myths.

Good as all this is, these attributes alone have not been enough so far to propel IPv6 into broad-scale deployment, and consequently there has been considerable enthusiasm to discover additional reasons to deploy IPv6. Unfortunately, most of these reasons fall into the category of myth, and in looking at IPv6 it is probably a good idea, as well as fair sport, to expose some of these myths as well. more

The Cybersecurity Act of 2009

Four senators (Rockefeller, Bayh, Nelson, and Snowe) have recently introduced S.773, the Cybersecurity Act of 2009. While there are some good parts to the bill, many of the substantive provisions are poorly thought out at best. The bill attempts to solve non-problems, and to assume that research results can be commanded into being by virtue of an act of Congress. Beyond that, there are parts of the bill whose purpose is mysterious, or whose content bears no relation to its title. more

NXDOMAIN Substitution: Good or Evil?

It might seem a little strange, but in the current economics of the market in registration of DNS names it appears that the set of names that are not "visible," or at least not associated with any dedicated network service point, represents a far larger set, and has a far higher total value to the DNS name registration industry, than the set of network-visible service endpoint domain names. In other words, there appears to be a larger and more valuable market for names that do not exist than for names that do. more

DPI is Not a Four-Letter Word!

As founder and CTO of Ellacoya Networks, a pioneer in Deep Packet Inspection (DPI), and now having spent the last year at Arbor Networks, a pioneer in network-based security, I have witnessed first hand the evolution of DPI. It has evolved from a niche traffic management technology to an integrated service delivery platform. Once relegated to the dark corners of the central office, DPI has become the network element that enables subscriber opt-in for new services, transparency of traffic usage and quotas, fairness during peak busy hours and protection from denial of service attacks, all the while protecting and maintaining the privacy of broadband users. Yet, DPI still gets a bad rap... more

Anycast, Unicast, or Both?

A long time ago in an Internet far away, nobody paid for DNS services. Not directly at least. We either ran our own servers, or got DNS service as part of our IP transit contract, or traded services with others. In ~1990 I was the operator of one of the largest name servers in existence (UUCP-GW-1.PA.DEC.COM) and I exchanged free DNS secondary service with UUNET. Two thousand zones seemed like a lot of zones back then -- little did we dream that there would some day be a billion or so DNS zones world wide. more

On the Time Value of Security Features in DNS

There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish. more

8 Reasons Why Cybersecurity Strategy and Business Operations are Inseparable

In modern society, there is one fact that is unquestionable: The hyper-connectivity of the digital economy is inescapable. A financial institution without an online presence or omni-channel strategy will cease to be competitive. Universities (for-profit or non-profit) must develop and continuously evolve their online learning capabilities if they are to stay relevant. Online retailers are quickly outpacing and rendering their 'brick-and-mortar' counterparts irrelevant. more

Measuring IPv6 - Country by Country

Some years ago a report was published that ranked countries by the level of penetration of broadband data services. You can find the current version of that report at the OECD web site. This ranking of national economies had an electrifying impact on this industry and upon public policies for broadband infrastructure in many countries. Perhaps this happened because there were some real surprises lurking in the numbers at the time. more

Up to 300 Megawatt Worth of Keepalive Messages to be Saved by IPv6?

The Time Square Ball bringing in 2008 had more than 9,500 LED bulbs displaying 16 million colours while consuming power equivalent to about ten toasters. This compares to 600 incandescent and halogen bulbs adorning last year's Ball. Easy to forget that most mobile devices used by Time Square revelers were behind IPv4 NAT's and that always on applications such as Instant Messaging, Push e-mail, VoIP or location based services tend to be electricity guzzlers. It so happens that applications that we want always to be reachable have to keep sending periodic keepalive messages to keep the NAT state active... more

The IoT Needs a Paradigm Shift from Security to Safety of Connected Devices

Building IoT ventures from scratch by prototyping hardware devices and their backend systems as well as working for a large company that tries to sell IoT devices itself, we learned a lot about the pitfalls and problems concerning security in the IoT. Nearly every connected device out there proved to be vulnerable to attacks. Researchers showed that it's possible to remotely take control over autonomous vehicles, implanted medical devices were manipulated, voting machines compromised and of course all sorts of other "smart" devices... more

Removing Need at RIPE

I recently attended RIPE 66 where Tore Anderson presented his suggested policy change 2013-03, "No Need -- Post-Depletion Reality Adjustment and Cleanup." In his presentation, Tore suggested that this policy proposal was primarily aimed at removing the requirement to complete the form(s) used to document need. There was a significant amount of discussion around bureaucracy, convenience, and "liking" (or not) the process of demonstrating need. Laziness has never been a compelling argument for me and this is no exception. more

The Internet: Missing the Light

Today's Internet is wonderful for solving hard problems such as connecting to Amazon to buy goods or for using Netflix. Amazon and Netflix, among others, demonstrate what is possible if you put in enough effort. Yet if we are to understand the Internet we need to look beyond those applications to the simplest application such as sending one bit of information from a light switch to a light fixture. more

Network Protocols and Their Use

In June, I participated in a workshop, organized by the Internet Architecture Board, on the topic of protocol design and effect, looking at the differences between initial design expectations and deployment realities. These are my impressions of the discussions that took place at this workshop. ... In this first part of my report, I'll report on the case studies of two protocol efforts and their expectations and deployment experience. more

IPv6 and Transitional Myths

I attended the RIPE 61 meeting this month, and, not unexpectedly for a group that has some interest in IP addresses, the topic of IPv4 address exhaustion, and the related topic of the transition of the network to IPv6 has captured a lot of attention throughout the meeting. One session I found particularly interesting was one on the transition to IPv6, where folk related their experiences and perspectives on the forthcoming transition to IPv6. I found the session interesting, as it exposed some commonly held beliefs about the transition to IPv6, so I'd like to share them here, and discuss a little about why I find them somewhat fanciful. more