Archive

Category Archives for "Potaroo blog"

NANOG 83

The network operations community is cautiously heading back into a mode of in-person meetings and the NANOG meeting at the start of November was a hybrid affair with a mix of in-person and virtual participation, both by the presenters and the attendees. I was one of the virtual mob, and these are my notes from the presentations I found to be of personal interest.

On DNS Openness

How open is the DNS market? This is q question that is not just about barriers to competitive entry for new providers into the market. There is more to this question about the use of markets as a signalling mechanism across a diverse collection of intertwined producers and consumers. How effective is the market as a signalling mechanism across these entities? Is the market providing clear signals that allows orchestration of activity to support the evolution of a coherent and robust service? Is the market-driven evolution of the delivered product or service one that is chaotic and periodically disrupted?

DNSSEC with RSA-4096 keys

The role of cryptography is to keep one step ahead of advances in computing capability. One response is to keep using the same algorithm, but extend the key lengths. Here we look at the viability of DNSSEC when we use a 4,096-bit RSA key.

Learning from Facebook’s Mistakes

On October 4th Facebook managed to achieve one of the more impactful of outages of the entire history of the Internet, assuming that the metric of "impact" is how many users one can annoy with a single outage. What can we as an industry learn from this outage to ensure that we can avoid a recurrence of such a widespread outage in other important and popular service platforms?

IAB Workshop on Measuring Network Quality for End Users

The telephone network had a single task: make human voice conversations work well. IP networks have a more challenging objective: make all kinds of digital transactions work well. From first player shooter games, though video streaming and web transactions through to human conversations. Make 'em all work well. This topic has become one of those long-standing sagas in IETF folklore, and another chapter of the evolving story was written at a recent IAB Workshop on Measuring Network Quality for End Users. Here's my impressions of this workshop.

Regulating Big Tech. This Time, for sure!

There is a growing unease within the US and elsewhere over the extraordinary rise of these technology giants, not just in monetary terms but in terms of their social power as well. There is a growing sentiment that the current situation looks like it will never be adequately corrected by just competitive pressures within market itself. Some further forms of regulatory intervention will be needed to force a fundamental realignment of these players. In so doing, it appears that regulators appear to be finally catching up with the online world in the US, in Europe and in China.

TLS with a side of DANE

These are some notes I took from the DNS OARC meeting held in September 2021. This was a short virtual meeting, but for those of us missing a fix of heavy-duty DNS, it was very welcome in any case!

Running Code

There was a discussion in a working group session at the recent IETF 111 meeting over a proposal that the working group should require at least two implementations of a draft before the working group would consider the document ready. What's going on here?

Some not-DNS Topics at IETF 111

It may be surprising to the DNSphiles out there but there really are other topics that are discussed at IETF meetings not directly related to the DNS! These are some notes I took on the topic of current activities in some of the active IETF areas that are not DNS topics.

DNS at IETF 111

IETF 111 was held virtually in July 2020. These are some notes I took on the topic of current activities in the area of the Domain Name System and its continuing refinement at IETF 111.

Outage Reporting

With so many enterprises all over the Internet forced to make a choice between just a handful of viable content distribution platforms for their content and services then nobody should be surprised when a single platform's outage has massive service impact. But that's not what's prompted me to write this note. It's Akamai's report of the incident that I found unusual.

Another Portent of the Decline and Fall of the Telco

The Swedish carrier group Telia has recently announced the sale of its international wholesale business to Polhelm Infra, an infrastructure investment manager jointly owned by a number of Swedish pension funds. Why would a telco operator sell off what was a core part of its operation to a pension fund?

A Survey on Securing Inter-Domain Routing: Part 1 – BGP: Design, Threats and Security Requirements

The Border Gateway Protocol (BGP) is the Internet’s inter-domain routing protocol, and after some thirty years of operation BGP is now one of the more venerable of the Internet’s core” protocols. One of the major ongoing concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet continues to be vulnerable to various forms of attack. In Part 1 of this study, we will look at the design of BGP, the threat model and the requirements from a security framework for BGP.

DNSSEC with EdDSA

The world of cryptographic algorithms is one that constantly evolves and increasing key sizes in the venerable RSA crypto algorithm is a source of concern for DNSSEC. The response to this escalation in key sizes is to look at alternative forms of public-key algorithms which have a higher cryptographic “density”, using elliptic curve cryptography. Here we will look at the level of Internet support provided for a recent crypto offering, the Edwards curve algorithm Ed25519.

DNS Centrality

How did we get to here? How did a network technology such as the Internet, which was designed to pass control away from the central network to the connected devices succumb to unprecedented levels of centrality?
1 5 6 7 8 9 18