The State of IPv6 Deployment

Worth Reading: Network Troubleshooting

Approach a problem with an open mind, distill the “signal from the noise”, and test your hypothesis. A well-defined problem description is essential to moving forward towards final resolution. When a sports team wins the championship (you pick your favorite activity), it is not by accident. Behind every team is a coach, who leads by experience — with a game plan. Plans are built upon communication between team members. @IPSpace

Worth Reading: Most home routers are insecure

Research conducted by the American Consumer Institute Center for Citizen Research indicates that the routers commonly found in homes are huge security vulnerabilities for consumers and their employers. The center’s analysis shows that of 186 sampled routers, 155 (83%) were found vulnerable to potential cyberattacks. @Dark Reading

Short Take: It’s always been done that way

Worth Reading: Packet level network telemetry

Continuous monitoring is an essential part of detecting security issues, misconfiguration, equipment failure, as well as performing traffic engineering. With networks growing in size, complexity, and traffic volume, the need for continuous and precise monitoring is greater than ever before. —Oliver Michel @APNIC

Worth Reading: Who do you trust?

Trust. It’s a simple word, but I think it’s at the heart of a recent social media brouhaha surrounding Apple’s recent revelations regarding “iTunes device trust scores.” —Richard Ford @Dark Reading

Worth Reading: WiFi Rebrands

According to a Wednesday press release, the new approach will name the generations in a numerical sequence relative to new advancements in Wi-Fi technology. This will make it easier for vendors to denote which standards their devices support, for service providers to explain what their network offers, and for users to understand which products work with which standards. —Conner Forrest @Tech Republic

Column

Weekend Reads ‭188A6‬

The security skills gap is real, and it is a problem. But what if you could replace the most basic security jobs with an AI? According to Gunter Ollmann @CircleID, this is possible today. The next question you might want to ask is this: if AI’s replace all the entry level positions, then how are we going to train up senior level engineers? Remember that every hiring manager wants someone with ten years of experience on a product that has only been out for two years…

US customers pay some of the highest prices for broadband in the developed world, and broadband availability is sketchy at best for millions of Americans. But instead of tackling that problem head on, the FCC is increasingly looking the other way, relying on ISP data that paints an inaccurately rosy picture of Americans’ internet access. And as long as regulators are relying on a false picture of US broadband access, actually solving the problem may be impossible. —Karl Bode @The Verge

American businesses are in for a rude awakening. Sweeping new privacy regulations, such as the EU’s landmark GDPR law and California’s Consumer Privacy Act, along with the ongoing SEC probe of Facebook’s data Continue reading

Worth Reading: Outing your Outages

How are you supposed to handle outages? What happens when everything around you goes upside down in an instant? How much communication is “too much”? Or “not enough”? And is all of this written down now instead of being figured out when the world is on fire? —Tom @Networking Nerd

Worth Reading: How Edge Computing will Impact the Enterprise

Data published at the start of 2018 reveals a prediction that spending in the edge computing sector will grow by a compound annual growth rate of more than 30 percent through 2022. That means regardless of IT professionals’ focus and the companies they work for now, their jobs paths will inevitably feature more edge computing-related elements soon. —Kayla Matthews @Information Week

Worth Reading: WPA3 brings new authentication to wireless

WPA3 is the latest version of Wi-Fi Protected Access, a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. WPA3, which was first announced earlier this year, is now available for inclusion in products. It brings two deployment models, personal and enterprise, along with a related security set called Easy Connect. —Curtis Franklin Jr. @Dark Reading

History of Networking: BGP Route Servers and the IXP

Worth Reading: Beyond Cookbook Mathematics

Most of you who are reading this have likely taken a calculus course or two, and probably some basic linear algebra/matrix theory (especially if you’re in computer science). You’ve been exposed to limits, differentiation, continuity, determinants, and linear maps. —Rachel Traylor @The Math Citadel

Worth Reading: Microservices and Networking

With the rise of so-called mode two applications, we see significantly different approaches to software architectures. Gartner defines mode two applications as exploratory, non-linear focused on agility and speed. In order to achieve this level of agility, the underlying architecture needs to be dramatically different. —Jeroen van Rotterdam @The New Stack

Short Take: BGP Peering Updates

Worth Reading: Measuring the KSK Roll

When viewed as a network infrastructure, looks can be very deceiving when looking at the DNS. It appears to be a simple collection of resolvers and servers. Clients pass their DNS name resolution queries to resolvers, who then identify and ask an appropriate authoritative name server to resolve the DNS name, and the result is passed back to the client. —Goeff Huston @potaroo

Worth Reading: The KSK Rollover

In a little over two weeks, precisely in 17 days (on 11 October 2018 at 16:00 UTC), ICANN will roll the Domain Name System Security Extensions (DNSSEC) root Key Signing Key (KSK). —Adiel A. Akplogan @CircleID

IPv6 Security Considerations

When rolling out a new protocol such as IPv6, it is useful to consider the changes to security posture, particularly the network’s attack surface. While protocol security discussions are widely available, there is often not “one place” where you can go to get information about potential attacks, references to research about those attacks, potential counters, and operational challenges. In the case of IPv6, however, there is “one place” you can find all this information: draft-ietf-opsec-v6. This document is designed to provide information to operators about IPv6 security based on solid operational experience—and it is a must read if you have either deployed IPv6 or are thinking about deploying IPv6.

The draft is broken up into four broad sections; the first is the longest, addressing generic security considerations. The first consideration is whether operators should use Provider Independent (PI) or Provider Assigned (PA) address space. One of the dangers with a large address space is the sheer size of the potential routing table in the Default Free Zone (DFZ). If every network operator opted for an IPv6 /32, the potential size of the DFZ routing table is 2.4 billion routing entries. If you thought converging on about 800,000 routes is Continue reading

Worth Reading: The Ecology of Web Browsing Engines

Early in my career when I worked at agencies and later at Microsoft on Edge, I heard the same lament over and over: “Argh, why doesn’t Edge just run on Blink? Then I would have access to ALL THE APIs I want to use and would only have to test in one browser!” Let me be clear: an Internet that runs only on Chrome’s engine, Blink, and its offspring, is not the paradise we like to imagine it to be. —Rachel Nabors @css-tricks