archive-org.com » ORG » I » IEPG.ORG

Total: 69

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • IEPG Meeting - 23 August 1993
    of Dante Inc the Unisource provider the X 25 and IP Unidata service and the EMPB service which is being offered in a CUG configuration within Europe to national academic and research providers Production turnover of the trial service is anticipated to occur in September 1993 EBONE is still undertaking the role of a pan European IP backbone providing a policy free European service and providing operational support and coordination services to a number of connecting trans Atlantic T1 IP links Potential connectivity issues between Europanet and EBONE were discussed and the overall operational coordination with respect to routing was highlighted Specification of European interconnection is a prerequisite for further activity relating to coordinated European routing and coordinated global Internet routing 5 CIDR BGP4 Deployment Report by Guy Almes The status of BGP deployment on the NSFNET by ANS was reported ANS will be deploying CIDR routing tables with GateD routing in October Overheads are attached The basic message to providers is CIDR Default or Die Other issues highlighted include the difficulty in attempting dis aggregation of aggregated routes which implies that providers not using Default to implicitly collect aggregated routes should deploy CIDR in synchronisation with each other the increased operational costs associated with partial CIDR deployment and the role of the registry to generate accurate aggregation routing configurations BGP4 issues will be further examined within the scope of the IETF and the deployment issues will be examined at the forthcoming US Regional Techs meeting 6 Multicast and the MBONE Report by Steve Deering Steve Deering was invited to attend the meeting to report on the MBONE and associated issues Slide summary is attached The nature of the use of the infrastructure by high bandwidth UDP audio and video flows on both a local and global scale were discussed and recent problems with uncontrolled signal generators were highlighted Some solution directions were highlighted with refinement of the routing tools tree pruning within DVMRP and token based control of signal generation Overall global low control is controlled by a single TTL control structure which is a somewhat crude tool to use to exercise resource control Development of more specific control protocols for multicast is being developed within the IETF The potential efficiencies of multicast for data transfer were highlighted and applications which implement reliable data transfer within a multicast environment were discussed Further discussion of these issues is being undertaken within the email protected mailing list 7 CLNP Routing Coordination Report by Richard Colella Richard highlighted a lack of coordination activities within the internet deployed NSAP space an issue which has become more visible with the growth of the TUBA pilot deployment project Richard noted the need for Internet Registries to register and maintain registered NSAP addresses which can assist in both the current techniques of static routing of CLNP traffic and the generation of router configuration tables to underlie future intentions to move to dynamic routing within this area The NSAP structuring was also discussed with noting that the

    Original URL path: http://www.iepg.org/august1993/index.html (2016-04-25)
    Open archived version from archive


  • Scanning in 1.0.0.0/8
    of movies by George Michalson to accompany the presention on traffic in 1 0 0 0 8 Background mpeg slowscan trim mpeg addresswalk trim mpeg udpexplosion trim mpeg slomo mpeg

    Original URL path: http://www.iepg.org/2010-07-ietf78/movies.html (2016-04-25)
    Open archived version from archive


  • ZSK rather than periodic off line access There is an issue of the interplay between TTL and signature lifetime There is a timing problem with sig expiration of already cached keys ie is there TTL adjustment or deliberate use of signatures that exceed the TTL The se approach is to have 3 ZSKs and pre publishing to alleviate this caching issue Thereby you always have this other valid sitting in the background ULA C no slides Reference to ULA work previously in IPv6 WG Paul Vixie represented the motivation for ULA C as being access to the reverse DNS zone my note this is not an accurate representation of the motivation of ULA C it s a potential byproduct of the uniqueness properties of ULA Cs Paul has proposed a changed version of ULA C s that has RIR numbered ULA address blocks Questions ULA C and the need for explicit bits to denote RIR What is the interplay between PA PI and ULA C has been any demonstrated case that could not be met with PI PA Evidently none so far although a later comment noted that ULA L is already in use Network weather map Looking at visualization efforts to overlay network operational status with maps of various forms Google maps has an interface that permits arbitrary overlays and in this case there is a java application that performs dynamic network discovery and then generates overlay data for google maps Trying to live in a dual stack world Enterprise perspective of a Research Network in Switzerland SWITCH They have had extensive experience of IPv6 Most of the EU Research networks are dual stacked on their backbones at this stage but with continuing very small customer update of the IPv6 service There is a steady effort in dual stacking servers and related service delivery Commented that a lot of the IPv6 traffic statistics are NNTP related There remain firewall filter issues and they are looking at a stopgap solution that generates equivalent local IPv6 rules from local IPv4 filters and DNS information Extending IPFIX protocol for better QoS monitoring Uses passive monitoring hardware the extended IPFIX flow records with statistics for intensity intervals and sizes in order to research delivered QoS NRO Report no notes IPv4 Depletion and Migration to IPv6 Note that IPv4 space is diminishing and there are projections that point to 2010 2012 as being the time that we anticipate depletion of further available addresses in IPv4 BUT noted that demand for IPv4 continues and IPv6 migration is No to Slow However exhaustion of the Ipv4 pool is inevitable and this presentation sees the migration to IPv6 as inevitable Some RIRs have issued advisory notices and created educational material as part of outreach There is the activity in facilitating IPv6 deployment in industry policy and administrative actions are underway in the RIRs and implementing Ipv6 accessible services ARIN is also being active in evaluation on IPv4 resource requests to undertake a conversation with the application over

    Original URL path: http://www.iepg.org/2007-07-ietf69/notes.txt (2016-04-25)
    Open archived version from archive

  • IEPG Meeting Notes
    is a problem There was some uncertainty about what these two terms meant Is this an inherant problem or a solution vector This may have implications whe considering mobilty protential growth There was some discussion about the timelines of scaling criticality It does not appear to be an event time but rather a potential for cost escalation for network operators The workshop report is being prepared and some consensus as to the nature of the issue here is being gathered The IAB may work on the architectural aspects of the locator id split 2 IPv6 routing scaling issues Vince Fuller The problem is that scaling remains an issue with Ipv6 it shares the same routing technology base as IPv4 without any noteable difference in the IPv6 routing and addressing approach The ROAD effort in the early 1990s saw issues with exhaustion of Class B nets the explosive growth of the routing table and the eventual exhaustion of the 32 bit IPv4 space The resolution of these issues saw CIDR and strong address aggregation in routing as a short term mediation and IPv6 The CIDR short term mediation has been effective for over a decade and no further substantive work on routing was done since The overloaded semantics of addressing does not combine ease of deployment and use with strong compression of the routing space The scaling problem may not become obvious for a further time interval here However the trends of update rates and processing and peak processing rates for reasonable convergence performance imply concern over the 3 5 year window for routing on deployed and deployable routers Also projections of parallel IPv4 Ipv6 routing deployments indicate potential to see routing tables of the order of 0 4M to 0 6M entries if this were the case today and projections

    Original URL path: http://www.iepg.org/november2006/notes.html (2016-04-25)
    Open archived version from archive


  • estimate impact of routing changes in the SPT and individual prefix reaschability test version of the software Deploying 5 000 IPv6 sites Jordi Palet Martinez Consulintel deployment of a poblic network for the Catalonian region of Spain questions on the use of FFPROXY and availability of linksys code to support IPv6 the use of VLANs in the trial and the degree of functionality of V4 V6 http proxies Internet Number

    Original URL path: http://www.iepg.org/november2004/iepg.txt (2016-04-25)
    Open archived version from archive


  • in ad campaign posters in store on vending machines etc graph of access count shows flat load then spikes during campaign then lift to new higher level History of IPv4 and ASN Allocations George Michaelson Visualization of the history of the IPv4 and ASN deployment using assignement data and matching it with BGP routing data presented in the format of a movie of daily snapshots spanning the past two decades Role of Routing Registries in Securing Routing Larry Blunk Noted that the current protection is link level security There is work progressing on data validity checks but it was noted that there are concerns on costs and it is apparnet that many ISPs are not keen Within the IETF the RPSEC WG is progressing but it still appears that it is a long way off The question posed is what can be done in interim MERIT irdb has 41 mirrors no formal presence authority The database contains some 304 000 routes 203 200 unique and 116 000 actually routed Historical security has been based on IRR filtering statics hand maintained and max prefix limits and coarse aggregates The filtering issues include incompleteness performance issues handling the filterlist lack of dynamism toolkit uncompilable with modern C and the PM can t handle RIPE syntax The V6 IRR should be more simple less legacy far fewer prefixes RPSLng nearly cooked but still requires some process work An approach can use the IRR data combined with BGP data such as route views or RIS to notice anomolous behaviour alert people eg RIPEs MyASN service GRADUS commercial need better IRR security mirroring signatures certs etc Brian Carpenter isps really not interested in security Larry it could be the additional workload here Discussion on embedding eg auto traps when misconfig Discussion on why there is

    Original URL path: http://www.iepg.org/august2004/notes.html (2016-04-25)
    Open archived version from archive

  • Meeting Notes - November 2003 IEPG Meeting
    to do something have to be told by their respective communities 2 SIARI by Pablo Allen German Valdez LACNIC Sistema Interactivo de Analisis de Recursos de Internet Internet Resources Analysis Interactive System Tool to perform analysis of information in an interactive way based on OLAP and multi dimensional models Java or HTML local or remote execution updated daily http lacnic net en siari html demonstration of entering interface Client server platform diagram Cubes repositories between users and db Dimensions variables to be analysed date country resources client member prefix CIDR Measures quantitative criteria to measure the variables allocation number amount of IPs number of class Cs amount of clients demonstration of java interface an interesting abstraction model different levels questions email protected Q is the code available A only the system is 3 Lame Delegation Control LACNIC Frederico Neves Current procedures accept delegation only on correct configured servers Check correct delegations weekly lame delegations every 2 days report in WHOIS output report to contacts twice a month for lame delegations lasting more than a week Lame definition executes a non recursive SOA query to delegated servers checks for non auth answers unknown domain name unknown host servfail query connection refused not soa cname soa version Concept of multizone lameness If an entity has a 20 delegated to it and one 24 is lame then the whole 20 is considered lame as far as the Registry is concerned as the Registry db only has the 20 sample of whois output Statistics of lameness 3 12 2002 45 2 lame 26 6 2003 34 9 lame 6 11 2003 26 7 lame now a breakout of specific problems Graph of amount of lame delegations going down over last few years taking into account overall number of delegations going up Q whats the increase in the graph A multizone lame tagging one or more large servers went lame Q The multizone thing is a registry thing not directly DNS A more coordination of the measurement terms needed Next steps Community policy enforcing the removal of lame delegations Check NS records correctness and glue absence avoids excessive requeries Possibly adopt or work to define a standard for lame delegation Q Are the RIRs talking about definitions A Yes but we haven t taken it much beyond RIPE45 in May Barcelona A A lot of it is specific to the way each RIR operates its database 4 DNS Report George Michaelson APNIC 1 min tcpdump sample every 15 min 24 7 Map to ccTLD of registry object known limitations to accuracy of source attribution Measure src dst ccTLD volumes types samples not retained 4 points of samples brisbane japan hongkong IPv4 and IPv6 relative volume trends log scale v4 is relatively flatlined v6 is relatively small but growing Q what are the interesting points in the time IPv6 specific A some of the fuzziness is due to really low query rate Most of the peaks tend to be coincide with major conferences or Bill Manning walking the tree Q Does v6 mean queries on v6 transport A Yes Q Bruce Do you have mapping of which tree v4 or v6 comes in on which transport A Not measuring that yet v6 queries has a slight upward trend but has a long way to go DNS view of attacks in the net Downshift in number of queries when shifted delegation model from step to flat Spike up when the worms got released in July August Curious peak of Mexico in June 2003 possible an attack incident somewhere 5 IP Address Hijacking An ARIN perspective Ray Plzak ARIN Definition of Hijacking Individuals targeting mainly legacy IP address blocks to make unauth changes to reg records in WHOIS Then gives illusion that the individual now has some authority over the resource records Affected includes IPs and ASNs Effects Implications Misleads net ops compromises consistency and trustworthyness of whois db creates liability issues increased workload slower response times increased costs staffing legal fees Current status apr oct 2003 110 incidents opened reported to or discovered by ARIN 11 no evidence 84 reverted reverted reclaimed or returned 15 under investigation 1 8 48 16s 45 24s 4 direct allocations 1 reassignment This is mostly legacy space so this problem will occur with other RIRs as ERX continues Typical hijacking MO flowchart Identify target not routed stale POCs no POCs Identify associated domain information Name expired Yes register domain name No register similar domain name May incorporate Make incremental changes POC ORG Netmod Route Network They don t take steps which requires extensive documentation easier to deal with them legally if they do What is ARIN doing Identified patterns used by hijackers to uncover unauth db changes Monitor hijacked mail list Not used as official channel of reporting ARIN may investigate things seen there but formally expects people to explicitly report to ARIN Research every reported or discovered hijacking Document and track every case Working with law enforcement agencies Developed modified processes and procedures Developed new database status attribute that can lock down records RIR coordination Q Do you have a policy of handing out information regarding investigations A We have NDAs and follow them Must have a valid legal reason for seeing info What is ARIN not doing Reporting all incidents to law enforcement agencies Disclosing investigation details to the general public NDAs Possible actions Require additional verification info tax ID raised seal corporation documents Pursue legal options Revise the registration services agreement add AUP clause strengthen transfer clause Display WHOIS historical change log this is a good idea Stronger validation software bi annual whois data validation re registration more stringent authentication authorisation and accountability Possible actions legacy records seperate registration database Registry of Legacy Resources RLR contains all legacy records update options no updates permitted without joining an RIR or validated updates within the RLR to NS and POC records on a fee for service basis Legacy space holders encouraged to move their records into the RIR system over

    Original URL path: http://www.iepg.org/november2003/notes.html (2016-04-25)
    Open archived version from archive


  • respond in TCP and UDP SOE email is functional correct glue records when parent needs glue For se zone the outcomes in May 2003 were lame delegations proliferating 41 followed by missing A 14 non TCP responders 14 no email response There is a definite problem here with lame delegations The root zone 268 entries 93 zones have at least 1 NS record that does not respond to a TCP query 68 zones have 1 lame name server delegation 35 zones have a MNAME that does not respond to mail and various other smaller numbers of zones with other errors Of course DNS will work as long as at least one server responds If one server does not respond is this an error Is this check applying too strict a ruleset of errors Conversation did note that there should be some cleanup of terminology in the DNS specifications as to what is an error in DNS configurations such as slightly lame There was also a question as to the specification of a timeout as distinct from no response It was noted that this was the default timers as used in the DNS resolver code The issue of error is one where the DNS will still work in the case of many forms of such records DNSMON Daniel Karrenberg http dnsmon ripe net There are a large number of poor measurements out there Better measurements are needed from multiple points using real DNS traffic This exercise is to measure DNS server quality The system measures real queries from multiple sources and the response times are measures together with the server instance ID anycast load balancing exposure SOA and server software version Later answers are queried less frequently What is not measured is the DNS service itself nor the effects of very

    Original URL path: http://www.iepg.org/july2003/notes.html (2016-04-25)
    Open archived version from archive



  •