IETF Activities Update
|
|
|
- Myron Nicholson
- 6 years ago
- Views:
Transcription
1 IETF Activities Update Marla Azinger ARIN XXVI OCT 2010 Atlanta, GA
2 Note This presentation is not an official IETF report There is no official IETF Liaison to ARIN or any RIR It is, however, believed to be accurate Errors are the sole responsibility of the author This presentation is not a detailed review of documents mentioned
3 Routing Area WG Active Documents: Requirements for MPLS Over a Composite Link draft-ietfrtgwg-cl-requirement-01 LFA applicability in SP networks(draft-ietf-rtgwg-lfaapplicability-00
4 IPv6 Maintenance WG (6man Active documents: A uniform format for IPv6 extension headers (draft-ietf-6man-exthdr-00 Things To Be Included in RFC 3484 Revision (draft-ietf-6man-rfc3484-revise- 00 RPL Option for Carrying RPL Information in Data-Plane Datagrams(draft-ietf- 6man-rpl-option-00 An IPv6 Routing Header for Source Routes with RPL (draft-ietf-6man-rplrouting-header-00 IPv6 UDP Checksum Considerations (draft-ietf-6man-udpzero-01 IPv6 Node Requirements RFC 4294-bis (draft-ietf-6man-node-req-bis-05.txt RFC Editor Queue: IPv6 Router Advertisement Options for DNS Configuration RFC 5006-(bis draft-ietf-6man-dns-options-bis-08 Newly published: RFC 5952 A Recommendation for IPv6 Address Text Representation (draft-ietf-6mantext-addr-representation
5 V6 Operations (V6OPS Active Drafts: IPv6 Address Assignment to End Sites (draft-ietf-v6ops-3177bis-endsites-00 Recommended Simple Security Capabilities in Customer Premises Equipment for Providing Residential IPv6 Internet Service (draft-ietf-v6opscpe-simple-security-14 An Incremental Carrier-Grade NAT (CGN for IPv6 Transition (draft-ietfv6ops-incremental-cgn-01.txt IPv6 Router Advertisement Guard (draft-ietf-v6ops-ra-guard-08 Routing Loop Attack using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations(draft-ietf-v6ops-tunnel-loops-00 Security Concerns With IP Tunneling (draft-ietf-v6ops-tunnel-securityconcerns-02 Mobile Networks Considerations for IPv6 Deployment(draft-ietf-v6opsv6-in-mobile-networks-01
6 V6OPS Continued RFC Editor Queue Basic Requirements for IPv6 Customer Edge Routers (draft-ietf-v6opsipv6-cpe-router-07 Emerging Service Provider Scenarios for IPv6 Deployment(draft-ietfv6ops-isp-scenarios-00 IESG Review Rogue IPv6 Router Advertisement Problem Statement(draft-ietf-v6opsrogue-ra-01 Newly Published: RFC 5963 IPv6 Deployment in Internet Exchange Points (IXPs (draftietf-v6ops-v6inixp
7 SHIM6 WG Active document Applicability Statement for the Level 3 Multihoming Shim Protocol (Shim6 (draft-ietf-shim6-applicability-07 Socket Application Program Interface (API for Multihoming Shim (draft-ietf-shim6-multihome-shim-api-14
8 Active Documents BEHAVE WG Stream Control Transmission Protocol (SCTP Network Address Translation (draft-ietf-behave-sctpnat-03.txt IP/ICMP Translation Algorithm (draft-ietf-behave-v6v4-xlate-23 AD Evaluation An FTP ALG for IPv6-to-IPv4 translation (draft-ietf-behaveftp64-05 IESG Processing DNS64: DNS extensions for Network Address Translation from IPv6 Clients to IPv4 Servers (draft-ietf-behave-dns AD Evaluation
9 BEHAVE WG continued RFC Editor Queue IPv6 Addressing of IPv4/IPv6 Translators (draft-ietf-behave-address-format- 10.txt Traversal Using Relays around NAT (TURN Extension for IPv6 (draft-ietfbehave-turn-ipv6-11 Traversal Using Relays around NAT (TURN Extensions for TCP Allocations (draft-ietf-behave-turn-tcp-07.txt Framework for IPv4/IPv6 Translation (draft-ietf-behave-v6v4-framework-10 Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers (draft-ietf-behave-v6v4-xlate-stateful-12 Newly Published RFC 5766 Traversal Using Relays around NAT (TURN: Relay Extensions to Session Traversal Utilities for NAT (STUN RFC 5780 NAT Behavior Discovery Using Session Traversal Utilities for NAT (STUN RFC 5769 Test Vectors for Session Traversal Utilities for NAT (STUN RFC 5928 Traversal Using Relays around NAT (TURN Resolution Mechanism
10 Secure Inter-Domain Routing (sidr Active documents: An Infrastructure to Support Secure Internet Routing (sidr-arch-11 Certificate Policy (CP for the Resource PKI (RPKI (draft-ietf-sidr-cp-13.txt A Profile for Route Origin Authorizations (ROAs (draft-ietf-sidr-roa-format-07.txt Signed Object Template for the Resource Public Key Infrastructure (draft-ietf-sidr-signedobject-01.txt CA Key Rollover in the RPKI (draft-ietf-sidr-keyroll-01 BGP Prefix Origin Validation (draft-ietf-sidr-pfx-validate-00 A Profile for Resource Certificate Repository Structure (draft-ietf-sidr-repos-struct-04 A Profile for X.509 PKIX Resource Certificates (draft-ietf-sidr-res-certs-18 A Protocol for Provisioning Resource Certificates (draft-ietf-sidr-rescerts-provisioning-06 A Profile for Algorithms and Key Sizes for use in the Resource Public Key Infrastructure(draft-ietf-sidr-rpki-algs-01 The RPKI/Router Protocol (draft-ietf-sidr-rpki-rtr-02 A Profile for Trust Anchor Material for the Resource Certificate PKI(draft-ietf-sidr-ta-04 Use Cases and interpretation of RPKI objects for issuers and relying parties (draft-ietfsidr-usecases-00 Validation of Route Origination using the Resource Certificate PKI and ROAs (draft-ietfsidr-roa-validation-06.txt Manifests for the Resource Public Key Infrastructure (draft-ietf-sidr-rpki-manifests-07.txt Securing RPSL Objects with RPKI Signatures (draft-ietf-sidr-rpsl-sig-03.txt
11 Softwire Active Docs: Gateway Initiated Dual-Stack Lite Deployment (draft-ietf-softwiregateway-init-ds-lite-00 Dual-Stack Lite Broadband Deployments Following IPv4 Exhaustion (draft-ietf-softwire-dual-stack-lite-06 IESG Processing Dynamic Host Configuration Protocol for IPv6 (DHCPv6 Option for Dual- Stack Lite (draft-ietf-softwire-ds-lite-tunnel-option-05 Newly Published RFC 5969 IPv6 Rapid Deployment on IPv4 Infrastructures (6rd -- Protocol Specification
12 DNS Operations (DNSOP Active Documents: Locally-served DNS Zones (draft-ietf-dnsop-default-local-zones-14 DNSSEC Signing Policy & Practice Statement Framework (draft-ietfdnsop-dnssec-dps-framework-02 DNSSEC Trust Anchor History Service (draft-ietf-dnsop-dnssec-trusthistory-02 DNSSEC Operational Practices, Version 2 (draft-ietf-dnsoprfc4641bis-04 I'm Being Attacked by PRISONER.IANA.ORG!(draft-ietf-dnsop-as112- under-attack-help-help-04 AS112 Nameserver Operations (draft-ietf-dnsop-as112-ops-04 DNSSEC Key Timing Considerations (draft-ietf-dnsop-dnssec-keytiming-00 Requirements for Management of Name Servers for the DNS (draftietf-dnsop-name-server-management-reqs-04
13 Operational Security Capabilities for IP Networks (OPSEC Active Documents Security Best Practices Efforts and Documents (draft-ietf-opsecefforts-12.txt Protecting The Router Control Plane (draft-ietf-opsec-protect-controlplane-03 Security Assessment of the Internet Protocol version 4 (draft-ietfopsec-ip-security-03.txt IESG Review Cryptographic Authentication Algorithm Implementation Requirements for Routing Protocols (draft-ietf-opsec-igp-cryptorequirements-02 RFC Editor Queue Issues with existing Cryptographic Protection Methods for Routing Protocols (draft-ietf-opsec-routing-protocols-crypto-issues-07.txt
14 Global Routing Operations (GROW Active Documents: Requirements for the graceful shutdown of BGP sessions (draft-ietfgrow-bgp-graceful-shutdown-requirements-04.txt BGP Monitoring Protocol (draft-ietf-grow-bmp-04 MRT routing information export format (draft-ietf-grow-mrt-11.txt Distribution of diverse BGP paths(draft-ietf-grow-diverse-bgp-pathdist-02 MRT BGP routing information export format with geo-location extensions(draft-ietf-grow-geomrt-00 Simple Virtual Aggregation (S-VA (draft-ietf-grow-simple-va-01.txt FIB Suppression with Virtual Aggregation (draft-ietf-grow-va-03.txt Auto-Configuration in Virtual Aggregation (draft-ietf-grow-va-auto- 02.txt
15 Active Documents: OPSWAG Guidelines for the use of the OAM acronym in the IETF (draft-ietfopsawg-mpls-tp-oam-def-07 An Overview of Operations, Administration, and Maintenance (OAM Mechanisms (draft-ietf-opsawg-oam-overview-01 Interesting Activity: Additional Private IPv4 Space Issues (draft-azinger-additional-privateipv4-space-issues-04 Last call IESG IANA Reserved IPv4 Prefix for IPv6 Transition draft-weil-opsawgprovider-address-space-02
16 Beijing, China IETF 79 Next IETF: Beijing, China Nov 7-12, 2010 IETF BOF WIKI summarizes recent and upcoming BOF activities: Includes (early topics that might (or might not eventually result in official BOFs Officially approved BOFs (once known: Performance Metrics for Other Layers BOF
17 References General WG info: (for WG foo? (Easiest to use Internet Drafts: IETF Daily Dose (quick tool to get an update: Upcoming meeting agenda: Upcoming BOFs Wiki:
18 Thank you Questions?
IETF Activities Update
IETF Activities Update Marla Azinger marla.azinger@frontiercorp.com ARIN XXV APR 20, 2010 Toronto Note This presentation is not an official IETF report There is no official IETF Liaison to ARIN or any
IETF Activities Update
IETF Activities Update Marla Azinger marla.azinger@frontiercorp.com ARIN XXIV OCT 22, 2009 Note This presentation is not an official IETF report There is no official IETF Liaison to ARIN or any RIR It
Narten Thomas ARIN
IETF Activities Update Marla Azinger marla.azinger@frontiercorp.com Thomas Narten narten@usibmcom s.ibm.com ARIN XXI April 8, 2008 No ote This presentation is not an official IETF report There is no official
It is, however, believed to be
IETF Activit ties Update Marla Azinger marla.azinger@fazinger@f frontiercorp.comcom ThomasNarten narten@us.ibm.com ARIN XXII October 16, 2008 No ote This presentation is not an official IETF report There
Overview of the Resource PKI (RPKI) Dr. Stephen Kent VP & Chief Scientist BBN Technologies
Overview of the Resource PKI (RPKI) Dr. Stephen Kent VP & Chief Scientist BBN Technologies Presentation Outline The BGP security problem RPKI overiew Address & AS number allocation system Certificates
IETF Activities Update
IETF Activities Update Cathy Aronson Cathy Aronson cja@daydream.com cja@daydream.com ARIN XXVI April 2011 ARIN XXIX San Juan, Puerto Rico Report on IETF 82&83 Note This presentation is not an official
IETF Activities Update
IETF Activities Update Cathy Aronson Cathy Aronson cja@daydream.com cja@daydream.com ARIN XXVI ARIN XXVII April 2011 October 2011 San Juan, Puerto Rico Philadelphia, PA Note This presentation is not an
RPKI deployment at AFRINIC Status Update. Alain P. AINA RPKI Project Manager
RPKI deployment at AFRINIC Status Update Alain P. AINA RPKI Project Manager What is Resource Certifcation? Resource Certifcation is a security framework for verifying the association between resource holders
Introducción al RPKI (Resource Public Key Infrastructure)
Introducción al RPKI (Resource Public Key Infrastructure) Roque Gagliano rogaglia@cisco.com 4 Septiembre 2013 Quito, Equator 2011 Cisco and/or its affiliates. All rights reserved. 1 Review of problem to
Dual-Stack lite. Alain Durand. May 28th, 2009
Dual-Stack lite Alain Durand May 28th, 2009 Part I: Dealing with reality A dual-prong strategy IPv4 reality check: completion of allocation is real Today Uncertainty IPv6 reality check: the IPv4 long tail
Problem. BGP is a rumour mill.
Problem BGP is a rumour mill. We want to give it a bit more authorita We think we have a model AusNOG-03 2009 IP ADDRESS AND ASN CERTIFICATION TO IMPROVE ROUTING SECURITY George Michaelson APNIC R&D ggm@apnic.net
PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006
PKI-An Operational Perspective NANOG 38 ARIN XVIII October 10, 2006 Briefing Contents PKI Usage Benefits Constituency Acceptance Specific Discussion of Requirements Certificate Policy Certificate Policy
The RPKI and BGP Origin Validation
The RPKI and BGP Origin Validation APRICOT / New Delhi 2012.02.27 Randy Bush Rob Austein Steve Bellovin And a cast of thousands! Well, dozens :) 2012.02.27
Transition To IPv6 October 2011
Transition To IPv6 October 2011 Fred Bovy ccie #3013 fred@fredbovy.com 2011 Fred Bovy fred@fredbovy.com. Transition to IPv6 1 1st Generation: The IPv6 Pioneers Tunnels for Experimental testing or Enterprises
IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo
IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines Merike Kaeo merike@doubleshotsecurity.com Current IPv6 Deployments Don t break existing IPv4 network Securing IPv6 Can t secure something
Radware ADC. IPV6 RFCs and Compliance
Radware ADC IPV6 s and Compliance Knowledgebase Team February 2016 Scope: This document lists most of the s that relevant to IPv6. Legend: Yes supported N/A not applicable No Currently not supported Relevance:
NAT444+v6 Softwire. Shin Miyakawa, Ph.D. NTT Communications Corporation
NAT444+v6 Softwire Shin Miyakawa, Ph.D. NTT Communications Corporation miyakawa@nttv6.jp NAT444 + Softwire This is not IDEAL solution, we know There are several (maybe serious) problems However so, this
ARIN Support for DNSSEC and RPKI. ION San Diego 11 December 2012 Pete Toscano, ARIN
ARIN Support for DNSSEC and ION San Diego 11 December 2012 Pete Toscano, ARIN 2 DNS and BGP They have been around for a long time. DNS: 1982 BGP: 1989 They are not very secure. Methods for securing them
A Border Gateway Protocol 3 (BGP-3) DNS Extensions to Support IP version 6. Path MTU Discovery for IP version 6
IPv6 Standards and RFC 1195 Use of OSI IS-IS for Routing in TCP/IP and Dual Environments RFC 1267 A Border Gateway Protocol 3 (BGP-3) RFC 1305 Network Time Protocol (Version 3) Specification, Implementation
IETF IPv6 Update. Thomas Narten April 19, 2005
IETF IPv6 Update Thomas Narten narten@us.ibm.com April 19, 2005 Multi6 WG Multi6: chartered to study the question of how to multihome in IPv6 Winnowed numerous proposals down to an architecture Shim layer
ARCHITECTING THE NETWORK FOR THE MOBILE IPV6 TRANSITION. Gary Hauser Sr. Marketing Mgr. Mobility Sector Member 3GPP RAN3 WG
ARCHITECTING THE NETWORK FOR THE MOBILE IPV6 TRANSITION Gary Hauser Sr. Marketing Mgr. Mobility Sector Member 3GPP RAN3 WG ghauser@juniper.net AGENDA! The State of Standards IPv6 & Transition in Mobile!
NAT Tutorial. Dan Wing, IETF77, Anaheim March 21, 2010 V2.1
NAT Tutorial Dan Wing, dwing@cisco.com IETF77, Anaheim March 21, 2010 V2.1 1 Agenda NAT and NAPT Types of NATs Application Impact Application Layer Gateway (ALG) STUN, ICE, TURN Large-Scale NATs (LSN,
Securing Routing: RPKI Overview. Mark Kosters Chief Technology Officer
Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer Why are DNSSEC and RPKI important? Two of the most critical resources DNS Routing Hard to tell when resource is compromised Focus of
Route Security for Inter-domain Routing
Route Security for Inter-domain Routing Alvaro Retana (aretana@cisco.com) Distinguished Engineer, Cisco Services 3 This could happen to YOUR network 4 This could happen be happening to YOUR network 5 Agenda
RPKI and Internet Routing Security ~ The regional ISP operator view ~
RPKI and Internet Routing Security ~ The regional ISP operator view ~ APNIC 29/APRICOT 2010 NEC BIGLOBE, Ltd. (AS2518) Seiichi Kawamura 1 Agenda Routing practices of the regional ISP today How this may
IPv6 Transition Technology
www.huawei.com Transition Technology HUAWEI TECHNOLOGIES CO., LTD. Address exhaustion has occurred The address exhaustion has arrived. 4.3 billion addresses are not enough to address the humans and their
IPv6 Rapid Deployment (6rd) in broadband networks. Allen Huotari Technical Leader June 14, 2010 NANOG49 San Francisco, CA
Rapid Deployment () in broadband networks Allen Huotari Technical Leader ahuotari@cisco.com June 14, 2010 NANOG49 San Francisco, CA 1 Why IP Tunneling? IPv4 Tunnel Tunnel IPv4 IPv4 Retains end-end IP semantics
Life After IPv4 Depletion
1 Life After IPv4 Depletion Jon Worley Analyst Securing Core Internet Functions Resource Certification, RPKI Mark Kosters Chief Technology Officer 2 Core Internet Functions: Routing & DNS The Internet
Important RFCs. Guide to TCP/IP: IPv6 and IPv4, 5 th Edition, ISBN
Guide to TCP/IP: IPv6 and IPv, th Edition, ISBN 98-1309-69-8 Important RFCs This document contains two tables: Table 1 lists the RFCs mentioned in Guide to TCP/IP: IPv6 and IPv, th Edition, and Table lists
Internet Engineering Task Force (IETF) Category: Informational ISSN: February 2012
Internet Engineering Task Force (IETF) G. Huston Request for Comments: 6483 G. Michaelson Category: Informational APNIC ISSN: 2070-1721 February 2012 Abstract Validation of Route Origination Using the
2009/10/01. Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Obsoleted by RFC3596 [7] RFC 1887
![2009/10/01. Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Obsoleted by RFC3596 [7] RFC 1887](/thumbs/87/97049162.jpg "2009/10/01. Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Obsoleted by RFC3596 [7] RFC 1887")
六 年度 路 IPv6 RFC 年 871 872 六 IPv6 RFC IPv6 RFC 2009/10/01 RFC 狀 [1] RFC 1809 Using the Flow Label Field in IPv6 1995/06 [2] RFC 1881 IPv6 Address Allocation Management. 1995/12 [3] RFC 1883 Internet Protocol,
Intended status: Standards Track Expires: April 26, 2012 Y. Ma Beijing University of Posts and Telecommunications October 24, 2011
softwire Internet-Draft Intended status: Standards Track Expires: April 26, 2012 Z. Li China Mobile Q. Zhao X. Huang Y. Ma Beijing University of Posts and Telecommunications October 24, 2011 DS-Lite Intra-Domain
Shim6: Network Operator Concerns. Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI
Shim6: Network Operator Concerns Jason Schiller Senior Internet Network Engineer IP Core Infrastructure Engineering UUNET / MCI Not Currently Supporting IPv6? Many parties are going forward with IPv6 Japan
Internet Engineering Task Force (IETF) Request for Comments: 7040 Category: Informational. O. Vautrin Juniper Networks Y. Lee Comcast November 2013
Internet Engineering Task Force (IETF) Request for Comments: 7040 Category: Informational ISSN: 2070-1721 Y. Cui J. Wu P. Wu Tsinghua University O. Vautrin Juniper Networks Y. Lee Comcast November 2013
Yasuo Kashimura Senior Manager, Japan, APAC IPCC Alcatel-lucent
Yasuo Kashimura Senior Manager, Japan, APAC IPCC Alcatel-lucent Agenda 1. 1. Current status of / internet 2. 2. continuity 3. 3. continuity over network 4. 4. rapid deployment 5. 6. Wider deployment 6.
Resource PKI. NetSec Tutorial. NZNOG Queenstown. 24 Jan 2018
Resource PKI NetSec Tutorial NZNOG2018 - Queenstown 24 Jan 2018 1 Fat-finger/Hijacks/Leaks Bharti (AS9498) originates 103.0.0.0/10 Dec 2017 (~ 2 days) No damage more than 8K specific routes! Google brings
Update on Resource Certification. Geoff Huston, APNIC Mark Kosters, ARIN IEPG, March 2008
Update on Resource Certification Geoff Huston, APNIC Mark Kosters, ARIN IEPG, March 2008 Address and Routing Security What we have had for many years is a relatively insecure interdomain routing system
Host-based Translation Problem Statement.
Host-based Translation Problem Statement chengang@chinamobile.com Why we need host based translation Two IP families need talk each other, otherwise there are totally separated two worlds; There exists
IPv6 Transition Strategies
IPv6 Transition Strategies Philip Smith APNIC 36 Xi an 20 th -30 th August 2013 Last updated 25 July 2013 1 Presentation Slides p Will be available on n http://thyme.apnic.net/ftp/seminars/apnic36-
RPKI Deployment Considerations: Problem Analysis and Alternative Solutions. 95 SIDR meeting
RPKI Deployment Considerations: Problem Analysis and Alternative Solutions draft-lee-sidr-rpki-deployment-01 @IETF 95 SIDR meeting fuyu@cnnic.cn Background RPKI in China CNNIC deploy a platform to provide
Resource Public Key Infrastructure (RPKI) Nurul Islam Roman, APNIC
Resource Public Key Infrastructure (RPKI) Nurul Islam Roman, APNIC Target Audience Knowledge of Internet Routing(specially BGP) Fair idea on Routing Policy No need to know Cryptography Basic knowledge
IPv6 Transition Strategies
IPv6 Transition Strategies Philip Smith MENOG 14 Dubai 1 st April 2014 Last updated 5 th March 2014 1 Presentation Slides p Will be available on n http://thyme.apnic.net/ftp/seminars/
BGP Origin Validation
BGP Origin Validation ISP Workshops These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Last updated
Problem Statement and Considerations for ROA Mergence. 96 SIDR meeting
Problem Statement and Considerations for ROA Mergence draft-yan-sidr-roa-mergence-00 @IETF 96 SIDR meeting fuyu@cnnic.cn Background RFC 6482 1/19 ROA mergence What is the ROA mergence? is a common case
IPv6 Transition Mechanisms
IPv6 Transition Mechanisms Petr Grygárek rek 1 IPv6 and IPv4 Coexistence Expected to co-exist together for many years Some IPv4 devices may exist forever Slow(?) transition of (part of?) networks to IPv6
Resource Certification
Resource Certification CISSP, science group manager RIPE NCC robert@ripe.net 1 Contents Motivation for Resource Certification (RPKI) Architecture overview Participating in RPKI Most importantly: use cases
IPv6 Multi-Prefix Environment ~ Concept, Issues, and Solutions ~
IPv6 Multi-Prefix Environment ~ Concept, Issues, and Solutions ~ APNIC Meeting 22 - IPv6 technical SIG Intec NetCore, Inc. IPv6 R&D Group Ken-ichi Kanayama What is IPv6 Multi-Prefix environment? IPv6 Multi-Prefix
Supported Standards. Class of Service Tagging for Ethernet frames. Multiple Spanning Tree Protocol. Rapid Spanning Tree Protocol
, page 1 This table lists the IEEE compliance standards. Table 1: IEEE Compliance s 802.1D MAC Bridges 802.1p Class of Service Tagging for Ethernet frames 802.1Q VLAN Tagging 802.1s Multiple Spanning Tree
IETF81 Secure IDR Rollup TREX Workshop David Freedman, Claranet
IETF81 Secure IDR Rollup TREX Workshop 2011 David Freedman, Claranet Introduction to Secure IDR (SIDR) You are in a darkened room at the IETF. You are surrounded by vendors. A lone operator stands quietly
Mapping of Address and Port (MAP) an ISPs Perspective. E. Jordan Gottlieb Principal Engineer Charter Communications
Mapping of Address and Port () an ISPs Perspective E. Jordan Gottlieb Principal Engineer Charter Communications jordan.gottlieb@charter.com Agenda What is? Benefits of in Action Algorithms in Action Deployment
RPKI Trust Anchor. Geoff Huston APNIC
RPKI Trust Anchor Geoff Huston APNIC Public Keys How can you trust a digital signature?? What if you have never met the signer and have no knowledge of them or their keys? One approach is transitive trust
Stateless automatic IPv4 over IPv6 Tunneling (SA46T)
Stateless automatic over IPv6 Tunneling () draft-matsuhira-sa46t-spec-01.txt Naoki Matsuhira Fujitsu Limited matsuhira@jp.fujitsu.com Maastricht, July 2010 1 Configuration Backbone : Stateless Automatic
Carrier Grade NAT - Observations and Recommendations. Chris Grundemann North American IPv6 Summit 11 April 2012
Carrier Grade NAT - Observations and Recommendations Chris Grundemann North American IPv6 Summit 11 April 2012 Agenda CGN Technology CGN Challenges CGN Architectures Conclusions 2 Cable Television Laboratories,
IPv6 Implementation Best Practices For Service Providers
IPv6 Implementation Best Practices For Service Providers Brandon Ross Chief Network Architect and CEO 2013 Utilities Telecom Council Network Utility Force www.netuf.net @NetUF RFC 6540 - IPv6 Support Required
IPv4/v6 Considerations Ralph Droms Cisco Systems
Title IPv4/v6 Considerations Ralph Droms Cisco Systems Agenda Motivation for IPv6 Review of IPv6 Impact of differences Tools and techniques Why IPv6? More addresses More addresses More addresses Security,
Deploy CGN to Retain IPv4 Addressing While Transitioning to IPv6
White Paper Deploy CGN to Retain Addressing While Transitioning to IPv6 The IANA ran out of addresses to allocate in February 2011, and the Regional Internet Registries (RIR) will have assigned most of
Current Status of IPv6 Standardization
Current Status of IPv6 Standardization Arifumi Matsumoto NTT Information Sharing Platform Laboratories arifumi@nttv6.net Self Introduction Arifumi Matsumoto Labs are attached to Holding Company of NTT
Internet Resource Certification and Inter- Domain Routing Security! Eric Osterweil!
Internet Resource Certification and Inter- Domain Routing Security! Eric Osterweil! Who is allowed to do what?! BGP (the Internet s inter-domain routing protocol) runs by rumor Participants assert reachability
ISP 1 AS 1 Prefix P peer ISP 2 AS 2 Route leak (P) propagates Prefix P update Route update P Route leak (P) to upstream 2 AS 3 Customer BGP Update messages Route update A ISP A Prefix A ISP B B leaks
TR-242 IPv6 Transition Mechanisms for Broadband Networks
TECHNICAL REPORT TR-242 IPv6 Transition Mechanisms for Broadband Networks Issue: 1 Issue Date: August 2012 The Broadband Forum. All rights reserved. Notice The Broadband Forum is a non-profit corporation
Securing Core Internet Functions Resource Certification, RPKI. Mark Kosters ARIN CTO
Securing Core Internet Functions Resource Certification, RPKI Mark Kosters ARIN CTO Core Internet Functions: Routing & DNS The Internet relies on two critical resources DNS: Translates domain names to
Internet-Draft Intended status: Standards Track July 4, 2014 Expires: January 5, 2015
Network Working Group M. Lepinski, Ed. Internet-Draft BBN Intended status: Standards Track July 4, 2014 Expires: January 5, 2015 Abstract BGPSEC Protocol Specification draft-ietf-sidr-bgpsec-protocol-09
Comcast IPv6 Trials NANOG50 John Jason Brzozowski
Comcast IPv6 Trials NANOG50 John Jason Brzozowski October 2010 Overview Background Goals and Objectives Trials Observations 2 Background Comcast IPv6 program started over 5 years ago Incrementally planned
IPv6 Security Vendor Point of View. Eric Vyncke, Distinguished Engineer Cisco, CTO/Consulting Engineering
IPv6 Security Vendor Point of View Eric Vyncke, evyncke@cisco.com Distinguished Engineer Cisco, CTO/Consulting Engineering 1 ARP Spoofing is now NDP Spoofing: Threats ARP is replaced by Neighbor Discovery
Case Study A Service Provider s Road to IPv6
Case Study A Service Provider s Road to IPv6 September 2010 Menog Amir Tabdili UnisonIP Consulting amir@unisonip.com The Scenario Residential Network L3 MPLS VPN Network Public Network The Scenario What
The trend of IPv4 over IPv6 techniques, use cases and experience
APRICOT 2013 @ Singapore The trend of IPv4 over IPv6 techniques, use cases and experience Japan Internet Exchange Co., Ltd. Masataka MAWATARI Copyright 2013 Japan Internet Exchange
BEHAVE Working Group
BEHAVE IETF 73 1 BEHAVE Working Group IETF 73 Minneapolis November 16-21, 2008 Session 1, Wednesday: 09:00-10:15 Session 2, Thursday: 09:00-11:30 Session 3, Friday: 13:00-15:15 Chairs: Dave Thaler, dthaler@microsoft.com
Network Configuration Example
Network Configuration Example Configuring Stateful NAT64 for Handling IPv4 Address Depletion Release NCE0030 Modified: 2017-01-23 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089
Outline. Background IETF activities Solutions & problems Next steps
Outline Background IETF activities Solutions & problems Next steps The Plan IPv4 Free Pool Size of the Internet IPv6 Deployment The Reality IPv4 Free Pool Today Size of the Internet? IPv6 Deployment Background
Securing BGP. Geoff Huston November 2007
Securing BGP Geoff Huston November 2007 Agenda An Introduction to BGP BGP Security Questions Current Work Research Questions An Introduction to BGP Background to Internet Routing The routing architecture
RPKI. Resource Pubic Key Infrastructure
RPKI Resource Pubic Key Infrastructure Purpose of RPKI RPKI replaces IRR or lives side by side? Side by side: different advantages Security, almost real time, simple interface: RPKI Purpose of RPKI Is
IETF RFCs Supported by Cisco NX-OS Unicast Features Release 6.x
IETF Supported by Cisco NX-OS Unicast Features Release 6.x BGP, page 1 First-Hop Redundancy Protocols, page 2 IP Services, page 3 IPv6, page 3 IS-IS, page 4 OSPF, page 5 RIP, page 5 BGP RFC 1997 BGP Communities
Keying & Authentication for Routing Protocols (KARP) draft-lebovitz-kmart-roadmap-03
Keying & Authentication for Routing Protocols (KARP) KARP BoF IETF76, Hiroshima, Tue, 09 Nov, 2009 Gregory M. Lebovitz, Juniper gregory.ietf@gmail.com Intellectual Property When starting a presentation
IPv4 exhaustion and the way forward. Guillermo Cicileo
IPv4 exhaustion and the way forward Guillermo Cicileo HOW ARE INTERNET ADDRESSES ASSIGNED? Allocation of Internet number resources IANA IANA (Internet Assigned Numbers Authority) actualmente bajo la responsabilidad
Dual stack lite. draft-durand-softwire-dual-stack-lite-01. A. Durand, R. Droms, B. Haberman, J. Woodya<
Dual stack lite draft-durand-softwire-dual-stack-lite-01 A. Durand, R. Droms, B. Haberman, J. Woodya< Router based scenario: Home router is provisioned with IPv6 on WAN and tunnel concentrator address;
Internet Engineering Task Force (IETF) Category: Standards Track. February 2012
Internet Engineering Task Force (IETF) Request for Comments: 6519 Category: Standards Track ISSN: 2070-1721 R. Maglione Telecom Italia A. Durand Juniper Networks February 2012 RADIUS Extensions for Dual-Stack
Why IPv6? Roque Gagliano LACNIC
Why IPv6? Roque Gagliano LACNIC Agenda Initial Concepts. IPv6 History. What is IPv6? Planning IPv6. Agenda Initial Concepts. IPv6 History. What is IPv6? Planning IPv6. Some initial concepts. IPv6 is the
RPKI Introduction. APNIC Technical Workshop July 5-6, 2018 in Beijing, China. Hosted By:
RPKI Introduction APNIC Technical Workshop July 5-6, 2018 in Beijing, China. Hosted By: 1 Content Why do we need RPKI What is RPKI How to deploy RPKI Configuration case Misdirection / Hijacking Incidents
A Multihoming based IPv4/IPv6 Transition Approach
A Multihoming based IPv4/IPv6 Transition Approach Lizhong Xie, Jun Bi, and Jianping Wu Network Research Center, Tsinghua University, China Education and Research Network (CERNET) Beijing 100084, China
IPv6 Evolution and Migration Solution
IPv6 Evolution and Migration Solution www.huawei.com HUAWEI TECHNOLOGIES CO., LTD. Contents Industry s Viewpoints to IPv6 Development IPv6 Migration Solution and Huawei IPv6 Solution Highlights The World
Discovering Provisioning Domain Names and Data
Discovering Provisioning Domain Names and Data draft-bruneau-intarea-provisioning-domains-01 B. Bruneau, P. Pfister, D. Schinazi, T. Pauly, E. Vyncke Hosts and networks are multi-homed Just a few examples
IIREF Report of IETF 97 Meeting in SEOUL, South Korea, November IETF 97 SEOUL, SOUTH KOREA NOVEMBER 13 TH TO 18 TH 2017
IETF 97 SEOUL, SOUTH KOREA NOVEMBER 13 TH TO 18 TH 2017 1 Contents 1 Executive Summary..3 2 Major discussions in different working Groups 4 2.1 IRTF HRPC Human Rights Protocol Considerations.4 2.2 OPS
Cisco Certified Network Associate ( )
Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that
ITU-T Y Framework of multi-homing in IPv6-based NGN
INTERNATIONAL TELECOMMUNICATION UNION ITU-T Y.2052 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (02/2008) SERIES Y: GLOBAL INFORMATION INFRASTRUCTURE, INTERNET PROTOCOL ASPECTS AND NEXT-GENERATION NETWORKS
Robust Inter-Domain Routing
Establishing the Technical Basis for Trustworthy Networking Robust Inter-Domain Routing Addressing Systemic Vulnerabilities in BGP Doug Montgomery (dougm@nist.gov) Manager, Internet and Scalable Systems
Security Baseline Data Model for Network Infrastructure Device draft-xia-sacm-nid-dp-security-baseline-00 draft-dong-sacm-nid-cp-security-baseline-00
Security Baseline Data Model for Network Infrastructure Device draft-xia-sacm-nid-dp-security-baseline-00 draft-dong-sacm-nid-cp-security-baseline-00 Liang Xia Guangying Zheng Yue Dong Huawei Huawei Huawei
IPV6 SIMPLE SECURITY CAPABILITIES.
IPV6 SIMPLE SECURITY CAPABILITIES. 50 issues from RFC 6092 edited by J. Woodyatt, Apple Presentation by Olle E. Johansson, Edvina AB. ABSTRACT The RFC which this presentation is based upon is focused on
Some Lessons Learned from Designing the Resource PKI
Some Lessons Learned from Designing the Resource PKI Geoff Huston Chief Scientist, APNIC May 2007 Address and Routing Security The basic security questions that need to be answered are: Is this a valid
A PKI For IDR Public Key Infrastructure and Number Resource Certification
A PKI For IDR Public Key Infrastructure and Number Resource Certification AUSCERT 2006 Geoff Huston Research Scientist APNIC If You wanted to be Bad on the Internet And you wanted to: Hijack a site Inspect
Tutorial: IPv6 Technology Overview Part II
Tutorial: IPv6 Technology Overview Part II Speaker: Byju Pularikkal, Cisco Systems, Inc Date: 01/30/2011 1 DOCSIS = Data-Over-Cable Service Interface Specification CMTS = Cable Modem Termination System
6RD. IPv6 Rapid Deployment. Version Fred Bovy. Chysalis6 6RD 1-1
6RD IPv6 Rapid Deployment Version 1.0 2012 Fred Bovy. Chysalis6 6RD 1-1 About the Author Fred Bovy 15 years experience in IPv6 IPv6 Forum Certified Gold Engineer IPv6 Forum Certified Gold Trainer 7 years
Secure Routing with RPKI. APNIC44 Security Workshop
Secure Routing with RPKI APNIC44 Security Workshop Misdirection / Hijacking Incidents YouTube Incident Occurred 24 Feb 2008 (for about 2 hours) Pakistan Telecom announced YT block Google (AS15169) services
Securing Internet Infrastructure: Route Origin Security using RPKI at ARIN. Mark Kosters CTO
Securing Internet Infrastructure: Route Origin Security using RPKI at ARIN Mark Kosters CTO What is RPKI? Resource Public Key Infrastructure Attaches digital certificates to network resources AS Numbers
CCNA Routing and Switching (NI )
CCNA Routing and Switching (NI400+401) 150 Hours ` Outline The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that is
Resource Certification. Alex Band, Product Manager DENIC Technical Meeting
Resource Certification Alex Band, Product Manager DENIC Technical Meeting Internet Routing Routing is non-hierarchical, open and free Freedom comes at a price: - You can announce any address block on your
IPv6 implementation in a multi-vendor network.
IPv6 implementation in a multi-vendor network. Roque Gagliano www.antel.com.uy Agenda motivation. first experience. backbone deployment. addressing. routing. multi-vendor environment. conclusion / next
Planning for Information Network
Planning for Information Network Lecture 7: Introduction to IPv6 Assistant Teacher Samraa Adnan Al-Asadi 1 IPv6 Features The ability to scale networks for future demands requires a limitless supply of
Securing BGP: The current state of RPKI. Geoff Huston Chief Scientist, APNIC
Securing BGP: The current state of RPKI Geoff Huston Chief Scientist, APNIC Incidents What happens when I announce your addresses in BGP? All the traffic that used to go to you will now come to me I can
Athanassios Liakopoulos Slovenian IPv6 Training, Ljubljana, May 2010
Introduction ti to IPv6 (Part A) Athanassios Liakopoulos (aliako@grnet.gr) Slovenian IPv6 Training, Ljubljana, May 2010 Copy Rights This slide set is the ownership of the 6DEPLOY project via its partners
Experiences in Setting Up Automatic Home Networking. Jari Arkko Ericsson Research
Experiences in Setting Up Automatic Home Networking Jari Arkko Ericsson Research 1 Background This is NOT about home gateway routers And NOT about ISPs and their IPv6 services But it IS about IPv6 networks