RIPE NCC Regional Meeting Minutes

Muscat 3-4 October 2011

DNS Security

Wolfgang Nagele (Global Information Infrastructure Services Manager, RIPE NCC)

Wolfgang gave an update on current issues surrounding DNS Security (DNSSEC).

An attendee asked how you would deploy DNSSEC for country code top-level domains (ccTLDs).

Wolfgang explained that technically there is no difference in deploying DNSSEC for a top-level domain (TLD) than any other domain. Once they have their domain signed, the only difference is that they have to supply their public key material to IANA just as they would have communicated any other TLD change with them before.

An attendee asked how performance would change once DNSSEC is deployed.

Wolfgang said that the RIPE NCC’s experience was that there was no major performance impact by activating DNSSEC on its resolvers. He noted that Comcast stated that their resolvers saw an increase of around 15% on their overall system load. He added that, on the other end, when signing your own domain, one has to expect to use about three to four times as much bandwidth outbound because of larger response sizes.

An attendee asked what issues arise with internationalised domain names (IDNs).

Wolfgang explained that an IDN is technically no different from any other domain name and that the difference only occurs in an application that happens to support IDNs – that is where the decoding and encoding of those names happens. So as far as DNSSEC deployment goes there is no difference at all.

RIPE Atlas and RIPEstat

Robert Kisteleki (Research and Development Manager, RIPE NCC)

Robert presented on two of the RIPE NCC’s measurement services, RIPEstat and RIPE Atlas.

Robert mentioned that there are not many RIPE Atlas probes in the Middle East region and he would be interested in hearing from people who would like to host or sponsor probes.

An attendee asked if setting an Atlas probe as a public probe changes the amount of data available.

Robert said this was not the case.

The attendee asked for more information on user-measurable instruments.

Robert said the probe would do built-in measurements once set up and that would give immediate feedback. He said user-defined measurements would allow people to measure, for example, traceroutes to a network host.

The attendee asked about the credit system and Robert said the more credits you had then the more measurements you could perform.

An attendee asked about measuring from Oman to the United Arab Emirates.

Robert said the plan was to eventually give more control on where users could measure from.

Obstacles to IPv6 Deployment

Marco Hogewoning (Trainer, RIPE NCC)

Marco gave a presentation on the factors that hold back deployment of IPv6.

An attendee asked what the security challenges were in IPv6 and were they inherited from IPv4.

Marco said that, in the fibre-to-the-home environment, a lot of the challenges are in shared layer 2 environments. He suggested using distributed hash table (DHT) mechanisms to make it secure. He said mechanisms have to be developed to account for security. He added that there was also a problem with shared LANs attracting, and although there is a solution available, it has not yet been deployed.

An attendee asked about CP devices.

Marco said newer boxes have to be bought by users, but the provider sometimes owns the CP and the ISP has to pay for it. This is a life-cycle issue – if every modem you send out is IPv6, in three years most of them will have IPv6 deployed.

World IPv6 Day Report

Robert Kisteleki (Research and Development Manager, RIPE NCC)

Robert gave an update on activities that took place and measurements taken on World IPv6 Day, which took place on 8 June 2011.

An attendee commented that the next time there is an IPv6 day, there should be more engagement with broadband ISPs. He said people should contact Robert or ISOC if they had ideas on how to do this.
Robert agreed with this and said the next IPv6 Day would include many more access networks.

An attendee asked if the access side was already part of World IPv6 Day.

Robert said the vantage points were mostly in the ISP networks but RIPE Atlas would hopefully address this next time.