governing an internet - stanford...
TRANSCRIPT
J O N P E T E R S O N O C T O B E R 2 0 1 2
W I T H M A T E R I A L B O R R O W E D F R O M G E O F F H U S T O N , O L A F K O L K M A N , A R B O R N E T W O R K S ,
H U R R I C A N E E L E C T R I C , A N D S E V E R A L I E T F P L E N A R I E S
Governing an Internet
What is the Internet?
This is a deceptively tricky question A series of tubes?
Don’t laugh at Ted Stevens
A collection of routers? The smarts to move things between tubes
An agreement of companies? Interconnection, peering, compensation
A stack of protocols? The Internet Protocol (IP), among many others?
A definition, for today
The Internet is An overlay over a diverse set of physical networks, with the
property that: any computer with an Internet Protocol address can send
arbitrary information to any other computer with an Internet Protocol address
IP is the glue that binds physical networks to applications The “waist of the hourglass”
Many different physical networks run below it Many different applications run above it
So who controls IP?
IP invented by Vint Cerf and Bob Kahn Specified in a document series called the Requests for Comment (RFCs):
IPv4 circa 1981 [RFC791] Most Internet protocols are specified in RFCs
Email, the web, Voice over IP, TCP, BGP, DNS, TLS, you name it Today, the Internet Engineering Task Force publishes standard RFCs
The standards of the Internet The IETF has change control over IP as a specification
IP addresses originally handled by Jon Postel (1943-1998) Along with domain names, when they came around Eventually, this job had to migrate to a team
The first “Internet Architect” was Dave Clark Eventually, his position was fielded out to an appointed group called the
Internet Architecture Board
IPv4, IPv6 and the Internet
You’ve probably heard that the IPv4 space is depleted The IETF developed a protocol called IPv6 with more address space
However, IPv6 has not yet become mainstream The Internet’s stakeholders invested tremendously in IPv6 Lack of adoption is a constant challenge and puzzle
The IAB is responsible for the administration of protocol parameter values managed by IANA IANA formed to carry on the work of Jon Postel (1943-1998) Maintains records for the root of the DNS, autonomous system
numbers, IP address allocation, and various related fields So who can make IPv6 happen, then?
Who to Blame?
IANA
Internet Assigned Numbers Authority
IAB
Internet Architecture Board
ICANN
Internet Corporation for Assigned Names and Numbers
Regional Internet Registries (RIRs)
ARIN, RIPE, AFRINIC, APNIC, LACNIC
Pretty much everyone
In the beginning…
IPv4 came out in the early 1980s The young Internet lived in a world of mainframes
Many user terminals leashed to one central machine on the Internet Personal microcomputers in the first generation, few modems even Internet backbone ran only to advanced research facilities
Only researchers really cared about Internet resources IPv4 uses 32-bit addresses: e.g., 134.10.2.45
Surely 4.2B addresses are enough!
"I think there is a world market for maybe five computers." – surely apocryphal remark attributed to Thomas Watson, chairman of IBM
Address Blocks and Classes
Originally, IPv4 allocated carelessly (see [RFC943]) Class A (/8)
16,777,216 IPv4 Addresses Stanford: 36.0.0.0/8 (Student body: 6000U/8000G) 1/256th of the entire IP addressing space! Famously, 1st IETF Chair Mike Corrigan had his own (21.0.0.0/8)
Class B (/16) 65,536 IPv4 Addresses Reed College: 134.10.0.0/16 (for ~1200 students) Stanford had one of these too (128.12.0.0/16)
Class C (/24) 256 IPv4 Addresses
Class D and E never saw much use (multicast) Simplified routing: easy to aggregate prefixes
Presented at the IETF in 1990 We’ve known IPv4 depletion was coming for a long time
These notes predict Class B depletion
“Imminent death of the net predicted,” but didn’t happen quite as people thought then
Growing Importance of the Internet
By the early 1990s, the Internet had grown up Jon Postel simply could not scale anymore, IANA became a discrete
entity From this point forward, only multi-stakeholder address
assignments were feasible InterNIC, RIPE NCC and APNIC all founded around 1992
ICANN created in 1998 as a successor to InterNIC ARIN formed in 1997 to administer IP addresses
Takes large blocks from IANA to distribute in North America and the Caribbean
Jon Postel originally on the board Originally covered Latin America and Africa as well
Eventually split off into LACNIC and AfriNIC
People started to care who owned which addresses Ultimately, the root of may security questions
Don’t Come Late to This Party
Most initial allocations in North America The bulk of IP addresses thus held by the developed world
IPv4 Conservation
Classless Interdomain Routing (CIDR) [RFC1518] Begun in September 1993 Create finer aggregation tools than just the three choices, A B or C /2 through /32, whatever fits the need Don’t allocate a /24 when a /28 will do
Reclamation became the order of the day RIRs and IANA hunted down underutilized assigned space
Hunt down “dark” address space, friend of spammers everywhere By 2000, Stanford turned in their Class A
Only took 5 /16s in return Note that MIT kept their /8 (18.0.0.0) and now has two /16s (128.30.0.0/16 and
128.31.0.0/16) as well as several /24s Neustar (founded late) really only has /24s, though we have 100+
With finer granularity came new limits BGP prefix advertisements mushroomed – far less aggregation Few namespaces can realistically achieve more than 30% allocation
What’s Actually Advertised in BGP
Conservation is Not Enough
Original assumptions of the Internet, defied Now primarily a consumer tool, not a research tool Internet became accessible through modems, then broadband
and cellular A clear path to billions of devices on the Internet Devices are always on, always connected No option other than increasing the address space
The IPng initiative Undertaken by the IETF in the early 1990s (see [RFC1550]) Led to IPv6 [RFC1883] published in December 1995, mature
version in [RFC2460] December 1998 (What happened to IPv5, anyway? See ST-II [RFC1819])
Virtues of IPv6
Plenty of addresses 340,282,366,920,938,463,463,374,607,431,768,211,456 That’s 128 bits, 340 undecillion or 3.4×1038
Grouped into /64s, blocks of 18 quintillion addresses IPv6 fixes the network prefix at 64 bits
Enough addresses in a network that they can be chosen whimsically 2001:19f0:feee::dead:beef:cafe (freenode) 2001:420:80:1:c:15c0:d06:f00d (cisco) 2620::1c18:0:face:b00c:0:1 (facebook)
IPsec built-in from the start Vint often remarks this was the greatest shortcoming of IPv4
However, a new standard can’t be introduced overnight What’s the interim strategy?
Multiplexing an IP Address
IETF created “private” address space [RFC1918] (1996) Most famously 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 Technically, the 172.16 block is 16 contiguous /16s, and the 192.168 block is 256
contiguous /24s
I remember compiling ip-masq into Slackware (Linux) in 1997 Allowed multiple computers to sit behind one modem’s Internet connection Required application-layer gateway (ALG) for sophisticated features like FTP
Today the ubiquitous home “router” is mostly a Network Address Translator (NAT) Has one public IP address on the WAN side, maps external ports to internal Private addresses served via DHCP on the WiFi/Ethernet side Your computer’s IP address has a good chance of being 192.168.0.1 If you can’t reach DHCP, then link-local autoconfiguration (169.254.0.0/16)
[RFC3927] Implements various NAT, firewall and forwarding policies, supports many sorts of
ALGs
A 3-Tier World The Home Network, or Enterprise, with private address space
The Access Network, with public address space assigned to an ISP
The Public Internet, the default-free zone of prefix routing
The Dark Bargain of NAT
Work by masking the address from which packets are sent The NAT effectively hides the addresses behind it Effectively firewalls the private network However, recipients can’t distinguish endpoints behind the NAT
NATs optimize for client-server connections Surfing, downloading, gaming
NATs interfere with asynchronous notifications A NAT opens “pinholes” only when a client on the inside sends traffic out When services on the outside want to send traffic in, you have a problem
NATs bungle rendez-vous protocols that require endpoints to know their own IP A variety of workarounds have been developed to address this These create real problems for peer-to-peer applications
Skype and BitTorrent are triumphs of engineering
Judgment Day
Ultimately, strict conservation and NATs merely delayed the inevitable
Final IPv4 IANA assignment rule invoked Feb 3 2011 At that time, the five remaining /8s held by IANA were
allocated, one each, to the RIRs As of April 2011, APNIC already ran out RIPE ran out on September 14, 2012 The rest will follow in the next couple years
Right now, ARIN & LACNIC have 3 /8s left, AFRINIC has 4
Good thing IPv6 is here to pick up the slack! Right?
16 Years Later, How is IPv6 Doing?
Still between 0.1-0.2% of Internet traffic
Not a very good return for 16 years of work IPv6 has been widely implemented
All your laptops support it, as do web servers, etc. Core routing infrastructure supports it as well Implementation, however, is not deployment
IANA distributed huge IPv6 blocks to the RIRs Some customers have taken them Neustar has about 20 IPv6 /48s – get to work using that space!
For now, we can keep them We’re not greedy: the DoD took a /16, 9 trillion /64s
Few last-mile providers offer IPv6, however Most access it through tunneling (IPv6 over IPv4) to the IPv6 backbone Worse still, many places that do use IPv6 NAT it to IPv4 to reach the
Internet
Is Time Running Out? Yes!
Transition Strategy
We’ve spent more than a decade struggling with this We can’t simply turn off IPv4
Far too much deployment, and no central authority
Most transition strategies thus depend on dual stack Implement both IPv4 and IPv6, let hosts acquire one of each address Try IPv6 first, and only if it fails fall back to IPv4 [RFC3484]
However, dual stack turns out not to be so simple How do you know if you have a “good” IPv6 address? For that matter, the same goes for IPv4
We know 169.254.0.1 is usually “bad,” but what about 192.168.0.1? Sometimes your Linksys router is up, but Verizon is down…
But the bigger problem isn’t technical…
What can you buy for
$11.25
An IPv4 Address, Apparently
Nortel sold 666,624 IPv4 addresses to Microsoft for $7.5M in March, 2011 $11.25 per address Dec 2011 – Borders Books sells a /16 for $12 per address
Did Nortel own those addresses? What did they pay for them originally? Protip: Stanford did not pay $188,743,680 for 36.0.0.0/8 Now IPv4 is a business of speculation
The domain name business has long been this way I remember writing to InterNIC for a domain back in 1993 First come first serve, no money changed hands Five years later you could flip domains for millions
Economic Fundamentals
Not a coincidence to see this sale so soon after Judgment Day Supply and demand, scarcity drives cost
Once something has a value, the entities that own it will protect that value Incentive to keep IPv4 in use and worth the money The more scarce IPv4 becomes, the more these costs will go
up, and the more these incentives to keep it around will grow
Cost of transitioning to IPv6 thus includes writing off the value of IPv4 resources
Commodities Markets
Addrex, Accuro, IPv4Marketplace, tradeipv4
Specialize in moving blocks, often large ones /8s have been advertised
for sale on these sites!
Snapshot date: Oct 4
Valuable Enough to Steal
Ownership of address blocks has never been strongly coupled to their advertising If you are a carrier, you advertise the routes you are paid to advertise,
typically Hence “dark” blocks became favorites of hackers and spammers
Dark blocks are allocated but not advertised legitimately
This is a significant weakness in the global Internet Hackers have advertised routes for large blocks just to eavesdrop on
a single user’s communications
Impossible to authenticate in the absence of some authority of assignment Greater diversity in assignment over the years has made this harder
Resource Public Key Infrastructure (RPKI)
Certify assignment of address blocks Build a root of authority in IANA that delegates through the RIRs to
individual assignees
Next step: only propagate routes from certified sources Build capabilities into the routing system to verify these properties
The simplest: that the owner of an address block has authorized a particular AS to advertise its routes (the ROA)
Ultimately, the goal is to accept BGP advertisements only if they are signed and authorized
This has real implications for the commodities market Now, must ARIN issue a new cert to the new owner?
Building it in to IPv6 from the start Not that conservation is a worry, but hijacking and spoofing always is
Delegation and Authorization
Improves Security, but…
Mostly defends value of IPv4 While important to protect IPv6 from route hijacking,
squatting is not a practical concern there
Does preserving the value of v4 inherently harm v6? Operational overhead could become significant
As with DNSSEC, chains of validation can be required Certification from IANA -> RIR -> LIR -> customer
Once these becomes part of BGP, that will bring new challenges BGP PATH attribute validation (through eBGP exchanges)
Failure modes for DNSSEC teach us to be cautious Anything prone to brittleness will be turned off
An Innovator’s Dilemma
Say you need a lot of IP addresses Perhaps an Asian mobile carrier, adding ~15M subs/year That’s a /8 worth, enough to exhaust 10.0.0.0/8
Why not deploy greenfield IPv6? Virtually all of the Internet today is on IPv4 Your IPv6 would exist in an isolated island To reach IPv4, you’d need a 6-to-4, a type of NAT
Deploying a 6-to-4 that scales to 10Ms or 100Ms is expensive How do the costs per port compare to $11.25?
But surely you can reach some services natively over IPv6? Not *everything* needs to go through a NAT, right?
Applications and IPv6
Web browsers look up names in the DNS to find addresses In the IPv4 world, an A record will contain the IP address For IPv6, the new AAAA (“quad-A”) record delivers it
If your resolver has an IPv6 address, should you prefer a AAAA? Depends on whether or not your IPv6 address can actually route to the
web site Some endpoints autoconfigure with an IPv6 address, or receive a v6
address from a home network that has no v6 connectivity You should not prefer these over private IPv4 addresses that are actually
routable thanks to a NAT No real way to know if you can route without trying
The result: brokenness Best case, delay for a timeout until reverting to IPv4 Worst case, never reverts
A “Solution”: IPv6 DNS whitelisting
Unhappy Eyeballs
How much of this brokenness exists? Early 2011 estimate vary, but somewhere less than one percent
Might not sound like much, but out of two billion hosts? Enough for Google to implement its whitelist
Brokenness reported in several devices Opera web browser Mac OS X when interacting with certain Windows boxes Various legacy hardware
Some “fast-fallback” schemes have been developed Try IPv6 and IPv4 via TCP in parallel, start HTTP on IPv6 if it
responds, etc. Browsers starting to implement these
How can we measure how bad this problem really is?
World IPv6 Day
June 8, 2011 – a day to test IPv6 Facebook, Google, Yahoo!, over 1000 other
participating sites turned on IPv6 for their web sites
A Brief Spike in Deployment
From under 0.5% of web sites, to around 3% supporting IPv6 on that day
Quickly turned off, however!
Facebook v6 Day traffic No units, so, they must be tiny
Much of this observed traffic was undoubtedly testing scripts
Reported about 1M IPv6 users overall
Traffic quickly peters out, actually around COB on June 8
Indefinite Coexistence?
So, apparently we’re still not getting much adoption How to stimulate adoption in such an entrenched, complex,
decentralized system is a profoundly difficult question A core question of Internet governance
Stakeholders are nervous Everyone in the alphabet soup of “coordination” is uncertain DoD attempted to promote IPv6 by requiring it for their product
certification They introduced that requirement in 2005, backed out in 2009
IETF rethinking mid-term needs, though still committed to IPv6 United Nations (ITU-T) wants to be its own RIR
Want to avoid address shortages in the developing world More strategically, wants to compete with ARIN/RIPE and the IETF
Much second-guessing about transition strategies today
Imminent Death of IPv6 Predicted?
No one has a better idea than IPv6 The key is adoption by the access network
Two problems: Access networks own (and value) existing IPv4 space Access networks want to provide service differentiation, and like the
flow-awareness of their NATs
The superiority of the technology alone will not overcome market forces There are plenty of alternatives to TCP and UDP (SCTP, DCCP, etc)
but few see any real use Hardest thing for the IETF to accept
But there are still some reasons for hope…
IPv6 support after World IPv6 Day Steadily more networks advertising IPv6 prefixes
This did not decline after IPv6 Day (the blue line), but nor did IPv6 Day accelerate it
Growth, and total share, is still marginal
1.3% uptick in two months
Glimmers of Hope
Some real deployments began in second half of 2011 Comcast in the USA (Nov 2011), KDDI in Japan, free.fr in France
Comcast now (as of September) at around 2% IPv6 traffic v6 Deployment then around 3.4% in France, 1.5% in Japan
Average out .fr and .jp, and v6 deployment may be 0.1% of the Internet
Reported v6 Day brokenness in .jp was high, 0.25% Telstra (.au) made its backbone fully dual-stack (Sep
2011) Islands of IPv6 deployed behind NATs could converge
through a backbone With enough network effect, may reach a tipping point
2012: The World IPv6 Launch on June 6, 2012 More than a few hours’ experience might help Turn it on and keep it on!
AMSIX IPv6 today
Total IPv6 volumes – close to double
Google hits via IPv6 (2009-2012)
Governing an Internet
Even making the necessary shift to IPv6 is a difficult undertaking Lots of stakeholders today argue that the Internet has
outgrown its hobbyist roots “Responsible adults” (e.g., the United Nations) should take
over now
Similar problems in domain name administration The recent crop of new TLDs also controversial ICANN increasingly autonomous and
The challenge: How do we evolve the Internet while preserving the qualities
that made it successful?
S L E E P W E L L T H E I N T E R N E T W I L L S T I L L B E H E R E
W H E N Y O U W A K E U P
The End