The process of adding security to various components of Internet architecture reminds me a little bit of the extensive seismic retrofitting that has been going on in California for decades. The process is slow, expensive, and occasionally intensified by a strong earthquake after which new lessons are learned. Over the past 13 years this journal has carried many articles about network security enhancements: IP Security (IPSec), Secure Sockets Layer (SSL), Domain Name System Security Extensions (DNSSEC), Wireless Network Security, and E-mail Security, to name but a few. In this issue we look at routing security again, specifically the efforts underway in the Secure Inter-Domain Routing (SIDR) Working Group of the IETF to provide a secure mechanism for route propagation in the Border Gateway Protocol (BGP). The article is by Geoff Huston and Randy Bush.
by Geoff Huston, APNIC and Randy Bush, IIJ
For many years the fundamental elements of the Internet: names and addresses, were the source of basic structural vulner-abilities in the network. With the increasing momentum behind the deployment of Domain Name System Security Extensions (DNSSEC), there is some cause for optimism that we have the elements of securing the name space now in hand, but what about addresses and routing? In this article we will look at current efforts within the Internet Engineering Task Force (IETF) to secure the use of addresses within the routing infrastructure of the Internet, and the status of current work of the Secure Inter-Domain Routing (SIDR) Working Group.
by Fred Baker, Cisco Systems
In today’s Internet, site multihoming—an edge network configuration that has more than one service provider but does not provide transit communication between them—is relatively common. Per the statistics at www.potaroo.net, almost 40,000 Autonomous Systems are in the network, of which about 5,000 seem to offer transit services to one or more customers. The rest are in terminal positions, possibly meaning three things. They could be access networks, broadband providers offering Internet access to small companies and residential customers; they could be multi-homed edge networks; or they might be networks that intend to multihome at some point in the future. The vast majority, on the order of 75 percent, are multihomed or intend to multihome. That is but one measure; you do not have to use Border Gateway Protocol (BGP) routing to have multiple upstream networks. Current estimates suggest that there is one multihomed entity per 50,000 people worldwide, and one per 18,000 in the United States.
by Phil Roberts, ISOC
On June 8, 2011, many websites around the world made their main webpage reachable over IPv6 for 24 hours, and many of those that did this left their sites IPv6-accessible afterward.
Thank you for your contribution to the March 2011 issue of The Internet Protocol Journal. Your description in “A Rough Guide to Address Exhaustion” and the article on “Transitional Myths” were very insightful into the whole issue of IPv4 to IPv6, and the issues concerning migration. Some of your thoughts on the migration hit home, as I am speaking to customers about the planning for the transition and I see a lot of “Got You” that I must now incorporate in my discussions with my customer.
The Internet Protocol Journal (IPJ) is published quarterly by Cisco Systems. The journal is not intended to promote any specific products or services, but rather is intended to serve as an informational and educational resource for engineering professionals involved in the design, development, and operation of public and private internets and intranets. The journal carries tutorial articles (“What is…?”), as well as implementation/operation articles (“How to…”). It provides readers with technology and standardization updates for all levels of the protocol stack and serves as a forum for discussion of all aspects of internetworking.