Deploy360 @ ENOG 14

Our colleague Jan Žorž from the Deploy360 team will be presenting at the 14th Eurasia Network Operators Groups (ENOG 14) on 9-10 October 2017 in Minsk, Belarus. This is being preceded by workshops on Best Practices in IPv6 BGP and DNSSEC Operations.

Jan will be talking about his real life experiences with NAT64/DNS64 and will be demonstrating the NAT64check tool on Monday evening (17.00-18.15). Following after his talk is a BoF on the Internet-of-Things (18.30-19.30), which is also sure to include discussions about the importance of IPv6 to scale the expected many billions of devices in future.

We’d also like to highlight the Cloudflare update on IPv6, DNS, DNSSEC, CA certs from Martin Levy (Cloudflare) on the Tuesday (10.00-11.30), who seems to be managing to cover just about all the Deploy360 topics in one talk. And for routing security, Kirill Malevanov, (Selectel) will be discussing his experiences of IPv4 prefix hijacking.

More Information

• Programme and logistical details
• Registration

The post Deploy360 @ ENOG 14 appeared first on Internet Society.

RFC 8215: Local-Use IPv4/IPv6 Translation Prefix published

RFC 8215 “Local-Use IPv4/IPv6 Translation Prefix” was recently published, reserving the IPv6 prefix 64:ff9b:1::/48 for local use within domains enabling IPv4/IPv6 translation mechanisms.

This allows the coexistence of multiple IPv4/IPv6 translation mechanisms in the same network, without requiring the use of a Network-Specific Prefix assigned from an allocated global unicast address space.

The well-known prefix 64:ff9b::/96 was originally reserved by RFC6052 for IPv4/IPv6 translation, but several new translation mechanisms such as those in RFCs 6146 and 7915 have subsequently been defined that target different use cases. It’s therefore possible that a network operator may wish to make use of several of these simultaneously, hence why a larger address space has been defined to accommodate this.

The shortest translation prefix being deployed in a live network was observed as being a /64, hence /48 was chosen as being on a 16-bit boundary whilst being able to accommodate multiple instances of /64.

If you’re interested in finding out more about IPv4/IPv6 translation mechanisms, there’s a few Deploy360 blogs on NAT64 and 464XLAT amongst others.

The post RFC 8215: Local-Use IPv4/IPv6 Translation Prefix published appeared first on Internet Society.

DPRIVE experimental service debuts @ IETF 99

The IETF is not only a place to discuss the development of Internet protocols, but also offers a place for developers and operators to ‘eat their own dog food’ on the meeting network. And given that the IETF DPRIVE Working Group has published some RFC specifications over the past year, the most recent IETF 99 in Prague provided a timely opportunity to run an experimental DNS-over-TLS service.

DNS queries and responses are currently transmitted over the Internet entirely in the clear, and whilst DNSSEC is able to authenticate a response from a DNS server, it does not actually encrypt the transmitted information. The aim of DPRIVE is therefore to add mechanisms to provide confidentiality to DNS transactions and address concerns about pervasive monitoring using TLS or DTLS to encrypt queries and responses between DNS clients and servers.

Some information about how the experimental DNS-over-TLS service was set-up on the IETF network can be found on the IETF99 Experiments page, but the DNS Privacy Project offers a list of experimental servers supporting both IPv4 and IPv6 if you want to try this out yourself. You also can check out their up status.

The post DPRIVE experimental service debuts @ IETF 99 appeared first on Internet Society.

NAT64check proves popular

We’ve already mentioned this a few times this year, but we’ve just published an more in-depth article about NAT64check over on the RIPE Labs and APNIC websites.

NAT64check is a tool developed by the Internet Society, Go6, SJM Steffann and Simply Understand that allows you to enter the URL of a particular website, and then run tests over IPv4, IPv6 and NAT64 in order to check whether the website is actually reachable in each case, whether identical web pages are returned, and whether all the resources such as images, stylesheets and scripts load correctly. The rationale behind NAT64check is also explained, how it works, and how you can use it.

If you just want to take a look at the tool, then please go to either https://nat64check.go6lab.si/ or https://nat64check.ipv6-lab.net/, type the URL you wish to check into the box at the top of the page, and the result should be returned within a few seconds. It’s simple and easy, and will help you identify what needs to be done to make your website accessible with IPv6.

Deploy360 also want to help you deploy IPv6, so please take a look at our Start Here page to learn more.

The post Continue reading